Bloom Filters in Adversarial Environments

Many efficient data structures use randomness, allowing them to improve upon deterministic ones. Usually, their efficiency and correctness are analyzed using probabilistic tools under the assumption that the inputs and queries are independent of the internal randomness of the data structure. In this work, we consider data structures in a more robust model, which we call the adversarial model. Roughly speaking, this model allows an adversary to choose inputs and queries adaptively according to previous responses. Specifically, we consider a data structure known as "Bloom filter" and prove a tight connection between Bloom filters in this model and cryptography. A Bloom filter represents a set $S$ of elements approximately, by using fewer bits than a precise representation. The price for succinctness is allowing some errors: for any $x \in S$ it should always answer `Yes', and for any $x \notin S$ it should answer `Yes' only with small probability. In the adversarial model, we consider both efficient adversaries (that run in polynomial time) and computationally unbounded adversaries that are only bounded in the number of queries they can make. For computationally bounded adversaries, we show that non-trivial (memory-wise) Bloom filters exist if and only if one-way functions exist. For unbounded adversaries we show that there exists a Bloom filter for sets of size $n$ and error $\varepsilon$, that is secure against $t$ queries and uses only $O(n \log{\frac{1}{\varepsilon}}+t)$ bits of memory. In comparison, $n\log{\frac{1}{\varepsilon}}$ is the best possible under a non-adaptive adversary

Secure Intelligent Vehicular Network Including Real-Time Detection of DoS Attacks in IEEE 802.11P Using Fog Computing

VANET (Vehicular ad hoc network) has a main objective to improve driver safety and traffic efficiency. Intermittent exchange of real-time safety message delivery in VANET has become an urgent concern, due to DoS (Denial of service), and smart and normal intrusions (SNI) attacks. Intermittent communication of VANET generates huge amount of data which requires typical storage and intelligence infrastructure. Fog computing (FC) plays an important role in storage, computation, and communication need. In this research, Fog computing (FC) integrates with hybrid optimization algorithms (OAs) including: Cuckoo search algorithm (CSA), Firefly algorithm (FA) and Firefly neural network, in addition to key distribution establishment (KDE), for authenticating both the network level and the node level against all attacks for trustworthiness in VANET. The proposed scheme which is also termed “Secure Intelligent Vehicular Network using fog computing” (SIVNFC) utilizes feedforward back propagation neural network (FFBP-NN). This is also termed the firefly neural, is used as a classifier to distinguish between the attacking vehicles and genuine vehicles. The proposed scheme is initially compared with the Cuckoo and FA, and the Firefly neural network to evaluate the QoS parameters such as jitter and throughput. In addition, VANET is a means whereby Intelligent Transportation System (ITS) has become important for the benefit of daily lives. Therefore, real-time detection of all form attacks including hybrid DoS attacks in IEEE 802.11p, has become an urgent attention for VANET. This is due to sporadic real-time exchange of safety and road emergency message delivery in VANET. Sporadic communication in VANET has the tendency to generate enormous amount of message. This leads to the RSU (roadside unit) or the CPU (central processing unit) overutilization for computation. Therefore, it is required that efficient storage and intelligence VANET infrastructure architecture (VIA), which include trustworthiness is desired. Vehicular Cloud and Fog Computing (VFC) play an important role in efficient storage, computations, and communication need for VANET. This dissertation also utilizes VFC integration with hybrid optimization algorithms (OAs), which also possess swarm intelligence including: Cuckoo/CSA Artificial Bee Colony (ABC) Firefly/Genetic Algorithm (GA), in additionally to provide Real-time Detection of DoS attacks in IEEE 802.11p, using VFC for Intelligent Vehicular network. Vehicles are moving with certain speed and the data is transmitted at 30Mbps. Firefly FFBPNN (Feed forward back propagation neural network) has been used as a classifier to also distinguish between the attacked vehicles and the genuine vehicle. The proposed scheme has also been compared with Cuckoo/CSA ABC and Firefly GA by considering Jitter, Throughput and Prediction accuracy

Design, modeling, and simulation of secure X.509 certificate revocation

TLS communication over the internet has risen rapidly in the last seven years (2015--2022), and there were over 156M active SSL certificates in 2022. The state-of-the-art Public Key Infrastructure (PKI), encompassing protocols, computational resources, and digital certificates, has evolved for 24 years to become the de-facto choice for encrypted communication over the Internet even on newer platforms such as mobile devices and Internet-of-Things (IoT) (despite being low powered with computational constraints). However, certificate revocation is one sub-protocol in TLS communication that fails to meet the rising scalability demands and remains open to exploitation. In this dissertation, the standard for X.509 revocation is systematically reviewed and critically evaluated to identify its limitations and assess their impact on internet security. Because of fragmented revocation information and limited scalability, even the latest version of the X.509 revocation standard is susceptible to Man-in-the-Middle (MiTM) attacks. Blockchain technology can provide a decentralized and peer-to-peer distributed ledger to enable a unified, tamper-proof platform for X.509 certificate authorities to collaborate securely in a trustless environment. To understand blockchain technology\u27s capabilities and limitations in distributing X.509 revocation information, different blockchain platforms are explored and compared in terms of scalability, degree of decentralization, and cost of operation. Moreover, the unification of the revocation lists leads to a massive expansion in the number of revoked certificates to query by a verifying client thus increasing the latency during revocation lookup. And, to minimize revocation-status lookup times, cryptographic constructions and approximate set-membership data structures are prototyped and analyzed. The key contributions of this dissertation are twofold: 1) the novel design of a secure and robust system for distributing X.509 certificate revocation information; and, 2) the prototype, experimentation, and optimization of cascading XOR filter, fuse filter, and cuckoo filter for quick lookup with zero false positives (and zero false negatives). The Secure Certificate Revocation as a Peer Service (SCRaaPS) is designed using the Lightweight Mining consensus algorithm-based Scrybe blockchain protocol to store and distribute certificate revocation lists. And, the cascading fuse filter (demonstrating the highest space efficiency and fastest build time) is applied to minimize the revocation lookup time with zero false positives