Session Initiation Protocol Attacks and Challenges

In recent years, Session Initiation Protocol (SIP) has become widely used in current internet protocols. It is a text-based protocol much like Hyper Text Transport Protocol (HTTP) and Simple Mail Transport Protocol (SMTP). SIP is a strong enough signaling protocol on the internet for establishing, maintaining, and terminating session. In this paper the areas of security and attacks in SIP are discussed. We consider attacks from diverse related perspectives. The authentication schemes are compared, the representative existing solutions are highlighted, and several remaining research challenges are identified. Finally, the taxonomy of SIP threat will be presented

A Multi-Factor Homomorphic Encryption based Method for Authenticated Access to IoT Devices

Authentication is the first defence mechanism in many electronic systems, including Internet of Things (IoT) applications, as it is essential for other security services such as intrusion detection. As existing authentication solutions proposed for IoT environments do not provide multi-level authentication assurance, particularly for device-to-device authentication scenarios, we recently proposed the M2I (Multi-Factor Multi-Level and Interaction based Authentication) framework to facilitate multi-factor authentication of devices in device-to-device and device-to-multiDevice interactions. In this paper, we extend the framework to address group authentication. Two Many-to-One (M2O) protocols are proposed, the Hybrid Group Authentication and Key Acquisition (HGAKA) protocol and the Hybrid Group Access (HGA) protocol. The protocols use a combination of symmetric and asymmetric cryptographic primitives to facilitate multifactor group authentication. The informal analysis and formal security verification show that the protocols satisfy the desirable security requirements and are secure against authentication attacks

Green Bitcoin: Global Sound Money

Modern societies have adopted government-issued fiat currencies many of which exist today mainly in the form of digits in credit and bank accounts. Fiat currencies are controlled by central banks for economic stimulation and stabilization. Boom-and-bust cycles are created. The volatility of the cycle has become increasingly extreme. Social inequality due to the concentration of wealth is prevalent worldwide. As such, restoring sound money, which provides stored value over time, has become a pressing issue. Currently, cryptocurrencies such as Bitcoin are in their infancy and may someday qualify as sound money. Bitcoin today is considered as a digital asset for storing value. But Bitcoin has problems. The first issue of the current Bitcoin network is its high energy consumption consensus mechanism. The second is the cryptographic primitives which are unsafe against post-quantum (PQ) attacks. We aim to propose Green Bitcoin which addresses both issues. To save energy in consensus mechanism, we introduce a post-quantum secure (self-election) verifiable coin-toss function and novel PQ secure proof-of-computation primitives. It is expected to reduce the rate of energy consumption more than 90 percent of the current Bitcoin network. The elliptic curve cryptography will be replaced with PQ-safe versions. The Green Bitcoin protocol will help Bitcoin evolve into a post-quantum secure network.Comment: 16 page

SecureSurgiNET:a framework for ensuring security in telesurgery

The notion of surgical robotics is actively being extended to enable telesurgery, where both the surgeon and patient are remotely located and connected via a public network, which leads to many security risks. Being a safety-critical application, it is highly important to make telesurgery robust and secure against active and passive attacks. In this article, we propose the first complete framework, called SecureSurgiNET, for ensuring security in telesurgery environments. SecureSurgiNET is primarily based on a set of well-established protocols to provide a fool-proof telesurgical robotic system. For increasing the efficiency of secured telesurgery environments, the idea of a telesurgical authority is introduced that ensures the integrity, identity management, authentication policy implementation, and postoperative data security. An analysis is provided describing the security and throughput of Advanced Encryption Standard during the intraoperative phase of SecureSurgiNET. Moreover, we have tabulated the possible attacks on SecureSurgiNET along with the devised defensive measures. Finally, we also present a time complexity analysis of the SecureSurgiNET through simulations. © The Author(s) 2019

Synchronization of multi-carrier CDMA signals and security on internet.

by Yooh Ji Heng.Thesis (M.Phil.)--Chinese University of Hong Kong, 1996.Includes bibliographical references (leaves 119-128).Appendix in Chinese.Chapter I --- Synchronization of Multi-carrier CDMA Signals --- p.1Chapter 1 --- Introduction --- p.2Chapter 1.1 --- Spread Spectrum CDMA --- p.4Chapter 1.1.1 --- Direct Sequence/SS-CDMA --- p.5Chapter 1.1.2 --- Frequency Hopping/SS-CDMA --- p.5Chapter 1.1.3 --- Pseudo-noise Sequence --- p.6Chapter 1.2 --- Synchronization for CDMA signal --- p.7Chapter 1.2.1 --- Acquisition of PN Sequence --- p.7Chapter 1.2.2 --- Phase Locked Loop --- p.8Chapter 2 --- Multi-carrier CDMA --- p.10Chapter 2.1 --- System Model --- p.11Chapter 2.2 --- Crest Factor --- p.12Chapter 2.3 --- Shapiro-Rudin Sequence --- p.14Chapter 3 --- Synchronization and Detection by Line-Fitting --- p.16Chapter 3.1 --- Unmodulated Signals --- p.16Chapter 3.2 --- Estimating the Time Shift by Line-Fitting --- p.19Chapter 3.3 --- Modulated Signals --- p.22Chapter 4 --- Matched Filter --- p.23Chapter 5 --- Performance and Conclusion --- p.27Chapter 5.1 --- Line Fitting Algorithm --- p.27Chapter 5.2 --- Matched Filter --- p.28Chapter 5.3 --- Conclusion --- p.30Chapter II --- Security on Internet --- p.31Chapter 6 --- Introduction --- p.32Chapter 6.1 --- Introduction to Cryptography --- p.32Chapter 6.1.1 --- Classical Cryptography --- p.33Chapter 6.1.2 --- Cryptanalysis --- p.35Chapter 6.2 --- Introduction to Internet Security --- p.35Chapter 6.2.1 --- The Origin of Internet --- p.35Chapter 6.2.2 --- Internet Security --- p.36Chapter 6.2.3 --- Internet Commerce --- p.37Chapter 7 --- Elementary Number Theory --- p.39Chapter 7.1 --- Finite Field Theory --- p.39Chapter 7.1.1 --- Euclidean Algorithm --- p.40Chapter 7.1.2 --- Chinese Remainder Theorem --- p.40Chapter 7.1.3 --- Modular Exponentiation --- p.41Chapter 7.2 --- One-way Hashing Function --- p.42Chapter 7.2.1 --- MD2 --- p.43Chapter 7.2.2 --- MD5 --- p.43Chapter 7.3 --- Prime Number --- p.44Chapter 7.3.1 --- Listing of Prime Number --- p.45Chapter 7.3.2 --- Primality Testing --- p.45Chapter 7.4 --- Random/Pseudo-Random Number --- p.47Chapter 7.4.1 --- Examples of Random Number Generator --- p.49Chapter 8 --- Private Key and Public Key Cryptography --- p.51Chapter 8.1 --- Block Ciphers --- p.51Chapter 8.1.1 --- Data Encryption Standard (DES) --- p.52Chapter 8.1.2 --- International Data Encryption Algorithm (IDEA) --- p.54Chapter 8.1.3 --- RC5 --- p.55Chapter 8.2 --- Stream Ciphers --- p.56Chapter 8.2.1 --- RC2 and RC4 --- p.57Chapter 8.3 --- Public Key Cryptosystem --- p.58Chapter 8.3.1 --- Diffie-Hellman --- p.60Chapter 8.3.2 --- Knapsack Algorithm --- p.60Chapter 8.3.3 --- RSA --- p.62Chapter 8.3.4 --- Elliptic Curve Cryptosystem --- p.63Chapter 8.3.5 --- Public Key vs. Private Key Cryptosystem --- p.64Chapter 8.4 --- Digital Signature --- p.65Chapter 8.4.1 --- ElGamal Signature Scheme --- p.66Chapter 8.4.2 --- Digital Signature Standard (DSS) --- p.67Chapter 8.5 --- Cryptanalysis to Current Cryptosystems --- p.68Chapter 8.5.1 --- Differential Cryptanalysis --- p.68Chapter 8.5.2 --- An Attack to RC4 in Netscapel.l --- p.69Chapter 8.5.3 --- "An Timing Attack to Diffie-Hellman, RSA" --- p.71Chapter 9 --- Network Security and Electronic Commerce --- p.73Chapter 9.1 --- Network Security --- p.73Chapter 9.1.1 --- Password --- p.73Chapter 9.1.2 --- Network Firewalls --- p.76Chapter 9.2 --- Implementation for Network Security --- p.79Chapter 9.2.1 --- Kerberos --- p.79Chapter 9.2.2 --- Privacy-Enhanced Mail (PEM) --- p.80Chapter 9.2.3 --- Pretty Good Privacy (PGP) --- p.82Chapter 9.3 --- Internet Commerce --- p.83Chapter 9.3.1 --- Electronic Cash --- p.85Chapter 9.4 --- Internet Browsers --- p.87Chapter 9.4.1 --- Secure NCSA Mosaic --- p.87Chapter 9.4.2 --- Netscape Navigator --- p.89Chapter 9.4.3 --- SunSoft HotJava --- p.91Chapter 10 --- Examples of Electronic Commerce System --- p.94Chapter 10.1 --- CyberCash --- p.95Chapter 10.2 --- DigiCash --- p.97Chapter 10.3 --- The Financial Services Technology Consortium --- p.98Chapter 10.3.1 --- Electronic Check Project --- p.99Chapter 10.3.2 --- Electronic Commerce Project --- p.101Chapter 10.4 --- FirstVirtual --- p.103Chapter 10.5 --- Mondex --- p.104Chapter 10.6 --- NetBill --- p.106Chapter 10.7 --- NetCash --- p.108Chapter 10.8 --- NetCheque --- p.111Chapter 11 --- Conclusion --- p.113Chapter A --- An Essay on Chinese Remainder Theorem and RSA --- p.115Bibliography --- p.11