SAFIUS - A secure and accountable filesystem over untrusted storage

We describe SAFIUS, a secure accountable file system that resides over an untrusted storage. SAFIUS provides strong security guarantees like confidentiality, integrity, prevention from rollback attacks, and accountability. SAFIUS also enables read/write sharing of data and provides the standard UNIX-like interface for applications. To achieve accountability with good performance, it uses asynchronous signatures; to reduce the space required for storing these signatures, a novel signature pruning mechanism is used. SAFIUS has been implemented on a GNU/Linux based system modifying OpenGFS. Preliminary performance studies show that SAFIUS has a tolerable overhead for providing secure storage: while it has an overhead of about 50% of OpenGFS in data intensive workloads (due to the overhead of performing encryption/decryption in software), it is comparable (or better in some cases) to OpenGFS in metadata intensive workloads.Comment: 11pt, 12 pages, 16 figure

A novel deep-learning based approach to DNS over HTTPS network traffic detection

Domain name system (DNS) over hypertext transfer protocol secure (HTTPS) (DoH) is currently a new standard for secure communication between DNS servers and end-users. Secure sockets layer (SSL)/transport layer security (TLS) encryption should guarantee the user a high level of privacy regarding the impossibility of data content decryption and protocol identification. Our team created a DoH data set from captured real network traffic and proposed novel deep-learning-based detection models allowing encrypted DoH traffic identification. Our detection models were trained on the network traffic from the Czech top-level domain maintainer, Czech network interchange center (CZ.NIC), and successfully applied to the identification of the DoH traffic from Cloudflare. The reached detection model accuracy was near 95%, and it is clear that the encryption does not prohibit the DoH protocol identification

Secure Communication using Identity Based Encryption

Secured communication has been widely deployed to guarantee confidentiality and\ud integrity of connections over untrusted networks, e.g., the Internet. Although\ud secure connections are designed to prevent attacks on the connection, they hide\ud attacks inside the channel from being analyzed by Intrusion Detection Systems\ud (IDS). Furthermore, secure connections require a certain key exchange at the\ud initialization phase, which is prone to Man-In-The-Middle (MITM) attacks. In this paper, we present a new method to secure connection which enables Intrusion Detection and overcomes the problem of MITM attacks. We propose to apply Identity Based Encryption (IBE) to secure a communication channel. The key escrow property of IBE is used to recover the decryption key, decrypt network traffic on the fly, and scan for malicious content. As the public key can be generated based on the identity of the connected server and its exchange is not necessary, MITM attacks are not easy to be carried out any more. A prototype of a modified TLS scheme is implemented and proved with a simple client-server application. Based on this prototype, a new IDS sensor is developed to be capable of identifying IBE encrypted secure traffic on the fly. A deployment architecture of the IBE sensor in a company network is proposed. Finally, we show the applicability by a practical experiment and some preliminary performance measurements

e-DoX:DEPED Student Grade Records Management System with Implementation of Advanced Encryption Standard and PKI Infrastructure

This study entitled e-DoX: DEPED Student Grade Records Management System with Implementation of Advanced Encryption Standard and PKI Infrastructure for the Department of Education in the Province of Cavite is an online based application designed to aid private and public schools in submission of reports on promotions composed of Form 18-A, Form 18-E1 and Form 18-E2 to the Division Office of the Department of Education in the province of Cavite. The system would also be eliminating factors such as transportation and storage to maximize time allotment for the evaluation of the submitted reports. In this study Advanced Encryption Standard and Public and Private Infrastructure was implemented in e-DoX to secure digital data into an undecipherable format that are sent by the schools in Cavite to DEPED application. This data is typically scrambled by using hashing algorithms, which convert data into a secret scrambled encryption format. This is the reason AES and PKI was implemented because it has the highest defined level for data encryption and security that will secure important data such as the student grade records of the schools in Cavite.The study covers all of the underlying plans and designs that were considered and executed in order to accomplish the research project. This includes collective plans and blueprints right from the conceptualization of the research project, data gathering on the existing system, knowledge requirements on different technologies included in the system, design and development of the system, up to the software evaluation. The researcher used Prototyping as the method for development. This type of approach of developing the software is used for people who are usually not good at specifying their requirements, nor can tell properly about what they expect from the software. This type of System Development Method is employed when it is very difficult to obtain exact requirements from the client. While making the model, user keeps giving feedbacks from time to time and based on it, a prototype is made. The findings of this project based on all of the results gathered during the software evaluation phase were carefully tabulated and analyzed by the proponent to come up with the best possible conclusion and recommendations for the betterment of the research project. The research project during the evaluation phase received an overall strongly acceptable remark from the respondents