Survey on security issues in file management in cloud computing environment

Cloud computing has pervaded through every aspect of Information technology in past decade. It has become easier to process plethora of data, generated by various devices in real time, with the advent of cloud networks. The privacy of users data is maintained by data centers around the world and hence it has become feasible to operate on that data from lightweight portable devices. But with ease of processing comes the security aspect of the data. One such security aspect is secure file transfer either internally within cloud or externally from one cloud network to another. File management is central to cloud computing and it is paramount to address the security concerns which arise out of it. This survey paper aims to elucidate the various protocols which can be used for secure file transfer and analyze the ramifications of using each protocol.Comment: 5 pages, 1 tabl

A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201

A Look Back at "Security Problems in the TCP/IP Protocol Suite"

About fifteen years ago, I wrote a paper on security problems in the TCP/IP protocol suite. In particular, I focused on protocol-level issues, rather than implementation flaws. It is instructive to look back at that paper, to see where my focus and my predictions were accurate, where I was wrong, and where dangers have yet to happen. This is a reprint of the original paper, with added commentary

{SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users

{SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users

COMPARISON OF FILE TRANSFER PROTOCOLS

Za pristup podatkovnim (datotečnim) resursima sustava, na korisničkoj razini upotrebljavaju se za to izgrađene namjenske aplikacije. Takav aplikativni softver može se izvršavati lokalno na računalu korisnika i na udaljenom aplikacijskom poslužitelju. U oba slučaja komunikacija korisnika s podatkovnim (datotečnim) poslužiteljem odvija se korištenjem mrežnih resursa. Mrežni resursi predstavljaju najsporije komponente u radu sustava. Aplikativni softver za komunikaciju s datotečnim poslužiteljem može koristiti različite mrežne protokole. U ovom radu analizirani su protokoli za prijenos datoteka na aplikacijskom sloju. Objašnjeni su korišteni sigurnosni mehanizmi u analiziranim protokolima. Izvršeno je mjerenje vremena i brzine prijenosa datoteka u LAN mreži na brzinama 10 Mbps, 100 Mbps i 1 Gbps, te u nezaštićenoj i zaštićenoj (VPN) WAN mreži. Pokazano je da su protokoli koji koriste sigurnosne mehanizme sporiji od protokola koji ne koriste sigurnosne mehanizme. Također je pokazano da korištenje FTP HTTPS sigurnog protokola predstavlja optimalno rješenje – visoka razina sigurnosti i ne značajno manja brzina.To access the system data (file) resources, specially built software is used at the user level. This software can be run locally on the user computer and remotely on the remote application server. In both cases, communication with the database server (file server) takes place using network resources. Network resources are the slowest component in the system. Software that communicates with the file server can use different network protocols. This paper analyzes different file transfer protocols at the application layer of the OSI model. Security mechanisms used in the analyzed protocols are explained. Timing and speed of transferring files in the LAN at the speeds of 10Mbps, 100Mbps and 1Gbps, and the unprotected and protected (VPN), WAN network were measured and noted. It is shown that the protocols that use security mechanisms are slower than those that do not use security mechanisms. It is also shown that the use of FTP HTTPS secure protocol is an optimal solution - high level of security and non-significantly lower speed

External Media Announcement Approach For Media Resource Function Processor

Announcement application service is a multimedia service in IMS which plays media (audio/video) announcements to the User Equipment (UE). This thesis studies Media Resource Function Processor (MRFP), a key network component in IMS which is responsible for the announcement application service. This thesis looks into the MRFP architecture and tries to find a feasible and alternative approach to handle media announcements. The factors this thesis concentrates on are: (1) primarily, the limited availability of memory to store the media announcements within the MRFP, and (2) the possibility to reduce the number of Digital Signal Processors (DSPs) reserved for playing announcements. For a possible solution to the above mentioned research questions, this thesis proposes an external announcement approach to provide the announcement service.This is studied by using a separate server outside the MRFP node to store all the media announcement files. In this thesis, the external announcement approach is studied by using three different protocols - RTSP, HTTP or FTP as the interface between the MRFP node and the external server. The impact on the software architecture of MRFP due to the external announcement approach is studied. Also, a prototype is built to test the performance of the external announcement approach in an emulated Wide Area Network (WAN) environment. One other key area of study made in this thesis is to use the existing limited MRFP memory as a cache. The number of requests made to the external server to fetch the announcement files can be decreased by implementing an effective caching algorithm in the MRFP, which improves the performance. The study made shows that Greedy Dual-Size Popularity (GDSP) algorithm can be a relevant and very effective caching mechanism in MRFP. Through this work, it is demonstrated that an effective announcement service can be achieved in MRFP by using an external server

Auto-configuration of Critical Network Infrastructure

Until the turn of the millennia, many electricity, water and gas supply plant operators used analogue serial cabling to communicate between highly customised systems to control and manage their plants. Since then, cost reductions and increased flexibility have become possible through the use of COTS (Commodity-Off-The- Shelf) equipment. These have radically changed communication between critical infrastructure devices, but have also introduced risks to the domain; one example being the major incident at a German steel mill in 2014 [14]. Donna F. Dodson, Chief of CyberSecurity at NIST has stated that “There’s an increase in free tools available focusing on industrial control systems. And greater hacker interest.” A common strategy to mitigate these risks is the extensive use of firewalls. Firewalls are not as simple as they appear. Efficient and reliable firewall security requires expertise in arcane, vendor-dependent configuration languages [15] and even then, configuration errors are common [97, 128, 129]. It is easy to complain about short-term thinking in firewall designers, but, at a deeper level the problem is that current approaches conflate multiple concerns: i.e., they incorporate network, protocol and hardware dependent details into security policy, in an unsystematised manner. In this thesis we tackle this problem. We begin by building a mathematically rigorous foundation for the design of security policies that separates divergent concerns. The formal foundations allow security administrators to reason about their network security; for instance to (i) show that certain types of traffic flows are impossible; and (ii) compare their security to industry best practices to check it complies and so on. In particular, we design our policy framework with Supervisory Control And Data Acquisition (SCADA) networks in mind; these networks control the distributed assets of many critical infrastructure plants. In doing so, we consider the requirements of a security policy specification that are general in nature as well as specific to a SCADA network context. An example requirement is verifiability: a property that increases transparency in the framework and provides security administrators assurance of expected security outcome. Lack of verifiability in current firewall configuration platforms contribute to the broken-by-design networks found in practice. Moreover, we apply design principles derived from real SCADA case studies [97] and industry best-practices [21,117], to develop simple policy specification features that are easy to administer correctly. We demonstrate the use of these specification features through a prototype implementation that creates secure-by-design networks. In enabling security by design, we (i) prevent policy emergence: i.e., implicit definition of policy as a result of many small decisions with complex interactions; and (ii) support rigorous verification: from policy consistency and best-practice compliance checks to pre-deployment verification, we only allow deploying policies that deliver the expected security outcome; and (iii) protect proactively: security can’t be purely reactive, placing pre-verified security controls prior to a cyber attack can prevent significant, expensive damage to system infrastructure.Thesis (Ph.D.) -- University of Adelaide, School of Mathematical Sciences, 201