QUANTUM SECURE COMMUNICATION USING POLARIZATION HOPPING MULTI-STAGE PROTOCOLS

This dissertation presents a study of the security and performance of a quantum communication system using multi-stage multi-photon tolerant protocols. Multi-stage protocols are a generalization of the three-stage protocol proposed in 2006 by Subhash Kak. Multi-stage protocols use “Polarization Hopping,” which is the process of changing the polarization state at each stage of transmission. During the execution of a multi-stage protocol, the message transfer always starts by encoding a bit of information in a polarization state; for example, bit 0 is encoded using state |0⟩ and bit 1 is encoded using state|1⟩ whereas, on the channel, the state of polarization is given by α|├ 0⟩┤+β|├ 1⟩┤. In the following α and β are restricted to the real numbers i.e., the polarization stays on the equator of the Poincare sphere. A transformation applied by one communicating party at a given stage will result in new values of α and β. This dissertation analyzes the security of multi-stage, multi-photon tolerant protocols and proposes an upper bound on the average number of photons per pulse in the cases where Fock states and the cases where coherent states are used in the implementation of the three-stage protocol. The derived average number of photons is the maximum limit at which the three-stage protocol can operate at a quantum secure level while operating in a multi-photon domain. In addition, this dissertation studies the vulnerability of the multi-stage protocol to the Trojan horse attack, Photon Number splitting attack (PNS), Amplification attack, as well as the man-in-the middle attack. Moreover, this dissertation proposes a modified version of the multi-stage protocol. This modified version uses an initialization vector and implements a chaining mode between consecutive implementations of the protocol. The modified version is proposed in the case of the three-stage protocol and named a key/message expansion four variables three-stage protocol. The proposed nomenclature is based on the fact that an additional variable is added to secure the three-stage protocol. The introduction of this additional variable has the potential to secure the multi-stage protocol in the multi-photon regime. It results in the eavesdropper having a set of simultaneous equations where the number of variables exceeds the number of equations. The dissertation also addresses the performance of the multi-stage, multi-photon tolerant protocol. An average photon number of 1.5 photon/stage is used to calculate the maximum achievable distance and key transfer rates while using the single-stage protocol over fiber optic cables. We compute the increase in distance as well as data transfer rate while using the single-stage protocol. Channel losses as well as the detector losses are accounted for. Finally, an application of the multi-stage protocol in IEEE 802.11 is proposed. This application provides wireless networks with a quantum-level of security. It proposes the integration of multi-stage protocols into the four-way handshake of IEEE 802.11

Security technologies for wireless access to local area networks

In today’s world, computers and networks are connected to all life aspects and professions. The amount of information, personal and organizational, spread over the network is increasing exponentially. Simultaneously, malicious attacks are being developed at the same speed, which makes having a secure network system a crucial factor on every level and in any organization. Achieving a high protection level has been the goal of many organizations, such as the Wi-Fi Alliance R , and many standards and protocols have been developed over time. This work addresses the historical development of WLAN security technologies, starting from the oldest standard, WEP, and reaching the newly released standard WPA3, passing through the several versions in between,WPA, WPS, WPA2, and EAP. Along with WPA3, this work addresses two newer certificates, Enhanced OpenTM and Easy ConnectTM. Furthermore, a comparative analysis of the previous standards is also presented, detailing their security mechanisms, flaws, attacks, and the measures they have adopted to prevent these attacks. Focusing on the new released WPA3, this work presents a deep study on both WPA3 and EAP-pwd. The development of WPA3 had the objective of providing strong protection, even if the network’s password is considered weak. However, this objective was not fully accomplished and some recent research work discovered design flaws in this new standard. Along with the above studies, this master thesis’ work builds also a network for penetration testing using a set of new devices that support the new standard. A group of possible attacks onWi-Fi latest security standards was implemented on the network, testing the response against each of them, discussing the reason behind the success or the failure of the attack, and providing a set of countermeasures applicable against these attacks. Obtained results show that WPA3 has overcome many of WPA2’s issues, however, it is still unable to overcome some major Wi-Fi vulnerabilities.No mundo de hoje, os computadores e as redes estão conectados praticamente a todos os aspectos da nossa vida pessoal e profissional. A quantidade de informações, pessoais e organizacionais, espalhadas pela rede está a aumentar exponencialmente. Simultaneamente, também os ataques maliciosos estão a aumentar à mesma velocidade, o que faz com que um sistema de rede seguro seja um fator crucial a todos os níveis e em qualquer organização. Alcançar altos níveis de proteção tem sido o objetivo de trabalho de muitas organizações, como a Wi-Fi Alliance R , tendo muitos standards e protocolos sido desenvolvidos ao longo do tempo. Este trabalho aborda o desenvolvimento histórico das tecnologias de segurança para WLANs, começando pelo standard mais antigo, WEP, e acabando no recém-chegado WPA3, passando pelas várias versões intermedias, WPA, WPS, WPA2 e EAP. Juntamente com o WPA3, este trabalho aborda os dois certificados mais recentes, Enhanced OpenTM e Easy ConnectTM. Além disso, também é apresentada uma análise comparativa dos standards anteriores, detalhando os seus principais mecanismos de segurança, falhas, ataques a que são susceptíveis e medidas adotadas para evitar esses ataques. Quanto ao novo WPA3 e EAP-pwd, este trabalho apresenta um estudo aprofundado sobre os seus modos "Personal" e "Enterprise". O desenvolvimento do WPA3 teve por objetivo fornecer proteção forte, mesmo que a password de rede seja considerada fraca. No entanto, esse objetivo não foi totalmente alcançado e alguma investigação realizada recentemente detectou falhas de desenho nesse novo padrão. Juntamente com os estudo dos standards acima referidos, o trabalho realizado para esta tese de mestrado também constrói uma rede para testes de penetração usando um conjunto de novos dispositivos que já suportam o novo standard. São aplicados vários ataques aos mais recentes padrões de segurança Wi-Fi, é testada a sua resposta contra cada um deles, é discutindo o motivo que justifica o sucesso ou a falha do ataque, e são indicadas contramedidas aplicáveis a esses ataques. Os resultados obtidos mostram que o WPA3 superou muitos dos problemas do WPA2 mas que, no entanto, ainda é incapaz de superar algumas das vulnerabilidades presentes nas redes Wi-Fi.First, I would like to express my deepest appreciation to those who gave me the possibility to complete my study and get my Master degree, the Aga Khan Foundation, who has supported me financiall

Towards end-to-end security in internet of things based healthcare

Healthcare IoT systems are distinguished in that they are designed to serve human beings, which primarily raises the requirements of security, privacy, and reliability. Such systems have to provide real-time notifications and responses concerning the status of patients. Physicians, patients, and other caregivers demand a reliable system in which the results are accurate and timely, and the service is reliable and secure. To guarantee these requirements, the smart components in the system require a secure and efficient end-to-end communication method between the end-points (e.g., patients, caregivers, and medical sensors) of a healthcare IoT system. The main challenge faced by the existing security solutions is a lack of secure end-to-end communication. This thesis addresses this challenge by presenting a novel end-to-end security solution enabling end-points to securely and efficiently communicate with each other. The proposed solution meets the security requirements of a wide range of healthcare IoT systems while minimizing the overall hardware overhead of end-to-end communication. End-to-end communication is enabled by the holistic integration of the following contributions. The first contribution is the implementation of two architectures for remote monitoring of bio-signals. The first architecture is based on a low power IEEE 802.15.4 protocol known as ZigBee. It consists of a set of sensor nodes to read data from various medical sensors, process the data, and send them wirelessly over ZigBee to a server node. The second architecture implements on an IP-based wireless sensor network, using IEEE 802.11 Wireless Local Area Network (WLAN). The system consists of a IEEE 802.11 based sensor module to access bio-signals from patients and send them over to a remote server. In both architectures, the server node collects the health data from several client nodes and updates a remote database. The remote webserver accesses the database and updates the webpage in real-time, which can be accessed remotely. The second contribution is a novel secure mutual authentication scheme for Radio Frequency Identification (RFID) implant systems. The proposed scheme relies on the elliptic curve cryptography and the D-Quark lightweight hash design. The scheme consists of three main phases: (1) reader authentication and verification, (2) tag identification, and (3) tag verification. We show that among the existing public-key crypto-systems, elliptic curve is the optimal choice due to its small key size as well as its efficiency in computations. The D-Quark lightweight hash design has been tailored for resource-constrained devices. The third contribution is proposing a low-latency and secure cryptographic keys generation approach based on Electrocardiogram (ECG) features. This is performed by taking advantage of the uniqueness and randomness properties of ECG's main features comprising of PR, RR, PP, QT, and ST intervals. This approach achieves low latency due to its reliance on reference-free ECG's main features that can be acquired in a short time. The approach is called Several ECG Features (SEF)-based cryptographic key generation. The fourth contribution is devising a novel secure and efficient end-to-end security scheme for mobility enabled healthcare IoT. The proposed scheme consists of: (1) a secure and efficient end-user authentication and authorization architecture based on the certificate based Datagram Transport Layer Security (DTLS) handshake protocol, (2) a secure end-to-end communication method based on DTLS session resumption, and (3) support for robust mobility based on interconnected smart gateways in the fog layer. Finally, the fifth and the last contribution is the analysis of the performance of the state-of-the-art end-to-end security solutions in healthcare IoT systems including our end-to-end security solution. In this regard, we first identify and present the essential requirements of robust security solutions for healthcare IoT systems. We then analyze the performance of the state-of-the-art end-to-end security solutions (including our scheme) by developing a prototype healthcare IoT system

Applications of graph theory to wireless networks and opinion analysis

La teoría de grafos es una rama importante dentro de la matemática discreta. Su uso ha aumentado recientemente dada la conveniencia de los grafos para estructurar datos, para analizarlos y para generarlos a través de modelos. El objetivo de esta tesis es aplicar teoría de grafos a la optimización de redes inalámbricas y al análisis de opinión. El primer conjunto de contribuciones de esta tesis versa sobre la aplicación de teoría de grafos a redes inalámbricas. El rendimiento de estas redes depende de la correcta distribución de canales de frecuencia en un espacio compartido. Para optimizar estas redes se proponen diferentes técnicas, desde la aplicación de heurísticas como simulated annealing a la negociación automática. Cualquiera de estas técnicas requiere un modelo teórico de la red inalámbrica en cuestión. Nuestro modelo de redes Wi-Fi utiliza grafos geométricos para este propósito. Los vértices representan los dispositivos de la red, sean clientes o puntos de acceso, mientras que las aristas representan las señales entre dichos dispositivos. Estos grafos son de tipo geométrico, por lo que los vértices tienen posición en el espacio, y las aristas tienen longitud. Con esta estructura y la aplicación de un modelo de propagación y de uso, podemos simular redes inalámbricas y contribuir a su optimización. Usando dicho modelo basado en grafos, hemos estudiado el efecto de la interferencia cocanal en redes Wi-Fi 4 y mostramos una mejora de rendimiento asociada a la técnica de channel bonding cuando se usa en regiones donde hay por lo menos 13 canales disponibles. Por otra parte, en esta tesis doctoral hemos aplicado teoría de grafos al análisis de opinión dentro de la línea de investigación de SensoGraph, un método con el que se realiza un análisis de opinión sobre un conjunto de elementos usando grafos de proximidad, lo que permite manejar grandes conjuntos de datos. Además, hemos desarrollado un método de análisis de opinión que emplea la asignación manual de aristas y distancias en un grafo para estudiar la similaridad entre las muestras dos a dos. Adicionalmente, se han explorado otros temas sin relación con los grafos, pero que entran dentro de la aplicación de las matemáticas a un problema de la ingeniería telemática. Se ha desarrollado un sistema de votación electrónica basado en mixnets, secreto compartido de Shamir y cuerpos finitos. Dicha propuesta ofrece un sistema de verificación numérico novedoso a la vez que mantiene las propiedades esenciales de los sistemas de votación

The Proceedings of 14th Australian Information Security Management Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia

The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fourteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Fifteen papers were submitted from Australia and overseas, of which ten were accepted for final presentation and publication. We wish to thank the reviewers for kindly volunteering their time and expertise in support of this event. We would also like to thank the conference committee who have organised yet another successful congress. Events such as this are impossible without the tireless efforts of such people in reviewing and editing the conference papers, and assisting with the planning, organisation and execution of the conferences. To our sponsors also a vote of thanks for both the financial and moral support provided to the conference. Finally, thank you to the administrative and technical staff, and students of the ECU Security Research Institute for their contributions to the running of the conference

Deployment and Implementation Aspects of Radio Frequency Fingerprinting in Cybersecurity of Smart Grids

Smart grids incorporate diverse power equipment used for energy optimization in intelligent cities. This equipment may use Internet of Things (IoT) devices and services in the future. To ensure stable operation of smart grids, cybersecurity of IoT is paramount. To this end, use of cryptographic security methods is prevalent in existing IoT. Non-cryptographic methods such as radio frequency fingerprinting (RFF) have been on the horizon for a few decades but are limited to academic research or military interest. RFF is a physical layer security feature that leverages hardware impairments in radios of IoT devices for classification and rogue device detection. The article discusses the potential of RFF in wireless communication of IoT devices to augment the cybersecurity of smart grids. The characteristics of a deep learning (DL)-aided RFF system are presented. Subsequently, a deployment framework of RFF for smart grids is presented with implementation and regulatory aspects. The article culminates with a discussion of existing challenges and potential research directions for maturation of RFF.publishedVersio

Telecommunications Networks

This book guides readers through the basics of rapidly emerging networks to more advanced concepts and future expectations of Telecommunications Networks. It identifies and examines the most pressing research issues in Telecommunications and it contains chapters written by leading researchers, academics and industry professionals. Telecommunications Networks - Current Status and Future Trends covers surveys of recent publications that investigate key areas of interest such as: IMS, eTOM, 3G/4G, optimization problems, modeling, simulation, quality of service, etc. This book, that is suitable for both PhD and master students, is organized into six sections: New Generation Networks, Quality of Services, Sensor Networks, Telecommunications, Traffic Engineering and Routing