264 research outputs found
Improve the Onion Routing Performance and Security with Cryptographic Algorithms
Onion Routing and Cryptographic Algorithms are two essential components of online privacy and secure data transmission. Onion Routing is a technique used to protect internet users' anonymity by routing their communication through a network of servers, while Cryptographic Algorithms are used to encrypt and decrypt data to ensure its confidentiality. As technology advances, there is a need to consider the development of new cryptographic algorithms for TOR to ensure its continued effectiveness. The combination of Onion Routing and Cryptographic Algorithms has proven to be an effective way to protect online privacy and security. This paper aims to explore the benefits of combining Onion Routing and Cryptographic Algorithms and to propose a hybrid symmetric and hashing algorithm technique to transmit data securely. By the end of this paper, researchers will have a comprehensive understanding of the Onion Routing and Cryptographic Algorithms, their implementation in TOR, and the limitations and risks associated with using such tools
Social-context based routing and security in delay tolerant networks
Delay Tolerant Networks (DTNs) were originally intended for interplanetary communications and have been applied to a series of difficult environments: wireless sensor networks, unmanned aerial vehicles, and short-range personal communications. There is a class of such environments in which nodes follow semi-predictable social patterns, such as wildlife tracking or personal devices. This work introduces a series of algorithms designed to identify the social patterns present in these environments and apply this data to difficult problems, such as efficient message routing and content distribution. Security is also difficult in a mobile environment. This is especially the case in the event that a large portion of the network is unreliable, or simply unknown. As the network size increases nodes have difficulty in securely distributing keys, especially using low powered nodes with limited keyspace. A series of multi-party security algorithms were designed to securely transmit a message in the event that the sender does not have access to the destinations public key. Messages are routed through a series of nodes, each of which partially decrypts the message. By encrypting for several proxies, the message can only be intercepted if all those nodes have been compromised. Even a highly compromised network has increased security using this algorithm, with a trade-off of reduced delivery ratio and increased delivery time -- Abstract, page iv
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
Ein analytisches Framework zur Bewertung der ZuverlÀssigkeit und Security von fortschrittlichen Netzwerk Systemen
Today, anonymous networks such as The Onion Routing (Tor) have been designed to ensure anonymity, privacy and censorship prevention, which have become major concerns in modern society. Although the Tor network provides layered encryption and traffic tunneling against eavesdropping attacks, the jamming attacks and their impact on the network and network services can not be efficiently handled today. Moreover, to defy modern censorship, it is not enough just to use the Tor network to hide the client's identity and the message content as the censorship has become a type of jamming attack, which prevents users from connecting to the censored network nodes by blocking or jamming (Tor) traffic. In network security, the main tools to protect privacy and anonymity as well as integrity and service reliability against eavesdropping and jamming, respectively, are diversity, randomness, coding or encryption and over-provisioning, all less exploit in traditional networks. This thesis provides radical new network concepts to address the needs of traditional networks for privacy, anonymity, integrity, and reliability; and designs \emph{advanced network systems} based on parallel transmission, random routing, erasure coding and redundant configurations as tools to offer diversity, randomness, coding and over-provisioning. Since the network systems designed in this thesis can not be evaluated with existing analytical models due to their rather complex configurations, the main focus of this work is a development of novel analytical approaches for evaluation of network performance, reliability and security of these systems and to show their practicality. The provided analysis is based on combinatorics, probability and information theory. In contrast to current reliability models, the analysis in this thesis takes into account the sharing of network components, heterogeneity of software and hardware, and interdependence between failed components. The significant property of the new security analysis proposed is the ability to assess the level of privacy, anonymity, integrity and censorship success when multiple jamming and eavesdropping adversaries reside in the network.Derzeit werden anonyme Internet Kommunikationssysteme, wie The Onion Routing (Tor), verwendet, um die AnonymitĂ€t, die PrivatsphĂ€re und die Zensurfreiheit der Internetnutzer zu schĂŒtzen. Obwohl das Tor-Netzwerk einen Schutz vor Lauschangriffe (Eavesdropping) bietet, kann ein beabsichtigtes Stören (Jamming) der Ăbertragung und den daraus resultierenden Auswirkungen auf die Netzwerkfunktionen derzeit nicht effektiv abgewehrt werden. Auch das moderne Zensurverfahren im Internet stellt eine Art des Jammings dar. Deswegen kann das Tor Netzwerk zwar die IdentitĂ€t der Tor-Nutzer und die Inhalte ihrer Nachrichten geheim halten, die Internetzensur kann dadurch nicht verhindert werden. Um die Netzwerksicherheit und insbesondere AnonymitĂ€t, PrivatsphĂ€re und IntegritĂ€t zusammen mit der VerfĂŒgbar.- und ZuverlĂ€ssigkeit von Netzwerkservices zu gewĂ€hrleisten, sind DiversitĂ€t, Zufallsprinzip, Codierung (auch VerschlĂŒsselung) und eine Ăberversorgung, die in den konventionellen Netzwerksystemen eher sparsam angewendet werden, die wichtigsten Mittel gegen Security-Angriffe. Diese Arbeit befasst sich mit grundlegend neuen Konzepten fĂŒr Kommunikationsnetze, die einen Schutz der AnonymitĂ€t und der PrivatsphĂ€re im Internet bei gleichzeitiger Sicherstellung von IntegritĂ€t, VerfĂŒgbarkeit und ZuverlĂ€ssigkeit ermöglichen. Die dabei verwendeten Konzepte sind die parallele DatenĂŒbertragung, das Random Routing, das Erasure Coding und redundante Systemkonfigurationen. Damit sollen DiversitĂ€t, Zufallsprinzip, Codierung und eine Ăberversorgung gewĂ€hrleistet werden. Da die entwickelten Ăbertragungssysteme komplexe Strukturen und Konfigurationen aufweisen, können existierende analytische Modelle nicht fĂŒr eine fundierte Bewertung angewendet werden. Daher ist der Schwerpunkt dieser Arbeit neue analytische Verfahren fĂŒr eine Bewertung von unterschiedlichen Netzwerkleistungsparametern, ZuverlĂ€ssigkeit und Security zu entwickeln und die Praxistauglichkeit der in der Arbeit aufgefĂŒhrten neuen Ăbertragungskonzepte zu beurteilen. Im Gegensatz zu existierenden ZuverlĂ€ssigkeitsmodellen berĂŒcksichtigt der analytische Ansatz dieser Arbeit die Vielfalt von beteiligten Netzwerkkomponenten, deren komplexe ZusammenhĂ€nge und AbhĂ€ngigkeiten im Fall eines Ausfalls
SPATA: Strong Pseudonym based AuthenTicAtion in Intelligent Transport System
Intelligent Transport System (ITS) is generally deployed to improve road safety, comfort, security, and traffic efficiency. A robust mechanism of authentication and secure communication is required to protect privacy and conditional resolution of pseudonyms to revoke malicious vehicles. In a typical ITS framework, a station can be a vehicle, Road Side Unit (RSU), or a server that can participate in communication. During authentication, the real identity of an Intelligent Transport System-Station (ITSS), referred to as a vehicleÄĆ should not be revealed in order to preserve its privacy. In this paper, we propose a Strong Pseudonym based AutenTicAtion (SPATA) framework for preserving the real identity of vehicles. The distributed architecture of SPATA allows vehicles to generate pseudonyms in a very private and secure way. In the absence of a distributed architecture, the privacy cannot be preserved by storing information regarding vehicles in a single location. Therefore, the concept of linkability of certificates based on single authority is eliminated. This is done by keeping the real identity to pseudonym mappings distributed. Furthermore, the size of the Certificate Revocation List (CRL) is kept small, as only the most recent revoked communication pseudonyms are kept in the CRL. The privacy of the vehicle is preserved during the revocation and resolution phase through the distributed mechanism. Empirical results show that SPATA is a lightweight framework with low computational overhead, average latency, overhead ratio, and stable delivery ratio, in both sparse and dense network scenarios
Security and Privacy of IP-ICN Coexistence: A Comprehensive Survey
Internet usage has changed from its first design. Hence, the current Internet
must cope with some limitations, including performance degradation,
availability of IP addresses, and multiple security and privacy issues.
Nevertheless, to unsettle the current Internet's network layer i.e., Internet
Protocol with ICN is a challenging, expensive task. It also requires worldwide
coordination among Internet Service Providers , backbone, and Autonomous
Services. Additionally, history showed that technology changes e.g., from 3G to
4G, from IPv4 to IPv6 are not immediate, and usually, the replacement includes
a long coexistence period between the old and new technology. Similarly, we
believe that the process of replacement of the current Internet will surely
transition through the coexistence of IP and ICN. Although the tremendous
amount of security and privacy issues of the current Internet taught us the
importance of securely designing the architectures, only a few of the proposed
architectures place the security-by-design. Therefore, this article aims to
provide the first comprehensive Security and Privacy analysis of the
state-of-the-art coexistence architectures. Additionally, it yields a
horizontal comparison of security and privacy among three deployment approaches
of IP and ICN protocol i.e., overlay, underlay, and hybrid and a vertical
comparison among ten considered security and privacy features. As a result of
our analysis, emerges that most of the architectures utterly fail to provide
several SP features including data and traffic flow confidentiality,
availability and communication anonymity. We believe this article draws a
picture of the secure combination of current and future protocol stacks during
the coexistence phase that the Internet will definitely walk across
Distributed Key Generation and Its Applications
Numerous cryptographic applications require a trusted authority to hold a secret. With a plethora of malicious attacks over the Internet, however, it is difficult to establish and maintain such an authority in online systems. Secret-sharing schemes attempt to solve this problem by distributing the required trust to hold and use the secret over multiple servers; however, they still require a trusted {\em dealer} to choose and share the secret, and have problems related to single points of failure and key escrow. A distributed key generation (DKG) scheme overcomes these
hurdles by removing the requirement of a dealer in secret sharing. A (threshold) DKG scheme achieves this using a complete distribution of the trust among a number of servers such that any subset of servers of size greater than a given threshold can reveal or use the shared secret, while
any smaller subset cannot. In this thesis, we make contributions to DKG in the computational security setting and describe three applications of it.
We first define a constant-size commitment scheme for univariate polynomials over finite fields and use it to reduce the size of broadcasts required for DKG protocols in the synchronous communication model by a linear factor. Further, we observe that the existing (synchronous) DKG protocols do not provide a liveness guarantee over the Internet and design the first DKG protocol for use over the Internet. Observing the necessity of long-term stability, we then present proactive security and group modification protocols for our DKG system. We also demonstrate the practicality of our DKG protocol over the Internet by testing our implementation over PlanetLab.
For the applications, we use our DKG protocol to define IND-ID-CCA secure distributed private-key generators (PKGs) for three important identity-based encryption (IBE) schemes: Boneh and Franklin's BF-IBE, Sakai and Kasahara's SK-IBE, and Boneh and Boyen's BB1-IBE.
These IBE schemes cover all three important IBE frameworks: full-domain-hash IBEs, exponent-inversion IBEs and commutative-blinding IBEs respectively, and our distributed PKG constructions can easily be
modified for other IBE schemes in these frameworks. As the second application, we use our distributed PKG for BF-IBE to define an onion routing circuit construction mechanism in the identity-based setting,
which solves the scalability problem in single-pass onion routing circuit construction without hampering forward secrecy. As the final application, we use our DKG implementation to design a threshold signature architecture for quorum-based distributed hash tables and use it to define two robust communication protocols in these peer-to-peer systems
Distributed Performance Measurement and Usability Assessment of the Tor Anonymization Network
While the Internet increasingly permeates everyday life of individuals around
the world, it becomes crucial to prevent unauthorized collection and abuse of
personalized information. Internet anonymization software such as Tor is an
important instrument to protect online privacy. However, due to the
performance overhead caused by Tor, many Internet users refrain from using it.
This causes a negative impact on the overall privacy provided by Tor, since it
depends on the size of the user community and availability of shared
resources. Detailed measurements about the performance of Tor are crucial for
solving this issue. This paper presents comparative experiments on Tor latency
and throughput for surfing to 500 popular websites from several locations
around the world during the period of 28 days. Furthermore, we compare these
measurements to critical latency thresholds gathered from web usability
research, including our own user studies. Our results indicate that without
massive future optimizations of Tor performance, it is unlikely that a larger
part of Internet users would adopt it for everyday usage. This leads to fewer
resources available to the Tor community than theoretically possible, and
increases the exposure of privacy-concerned individuals. Furthermore, this
could lead to an adoption barrier of similar privacy-enhancing technologies
for a Future Internet. View Full-Tex
- âŠ