AUTENTIKASI JARINGAN SENSOR NIRKABEL UNTUK MENGHADAPI SERANGAN DoS BERBASIS PKC

Komunikasi broadcast pada jaringan sensor nirkabel (JSN) sangat efisien dan berdampak besar pada seluruh node sensor. Alasan tersebut mendasari pemanfaatan node sensor terutama pada proses diseminasi data, kode, pemeliharaan, menjalankan perintah atau query maupun sinkronisasi. Kondisi ini diikuti dengan rawannya keamanan yang dapat mengganggu ketersediaan komunikasi pada JSN. Oleh karena itu dibutuhkan proses autentikasi pengguna untuk memastikan apakah pengguna valid. Pemanfaatan digital signature untuk autentikasi memiliki keamanan yang tinggi akan tetapi harus diimbangi dengan komputasi yang tinggi. Kekurangan ini dimanfaatkan peretas untuk mengirimkan signature palsu dalam jumlah besar sehingga node sensor akan sibuk memverifikasi dan proses ini dikenal dengan serangan Denial of Service (DoS) berbasis Public Key Cryptography (PKC). Berbagai metode filter dikembangkan untuk mengatasi masalah ini. Mekanisme ini memiliki komputasi rendah dan bersifat mendampingi proses verifikasi signature bukan menggantinya. Skema puzzle merupakan salah satu filter dengan komputasi rendah namun dapat diandalkan dalam mengatasi serangan DoS berbasis PKC akan tetapi memiliki kelemahan pada delay yang tinggi dalam mencari solusi puzzle pada sisi pengirim. Berkembangnya berbagai aplikasi pendukung yang akan mengakses node sensor secara langsung meningkatkan keragaman dan skalabilitas pada JSN. Sedangkan node sensor memiliki keterbatasan dalam sumber daya terutama pada ruang penyimpanan dan kemampuan komputasi. Oleh karena itu, penelitian ini mengajukan skema puzzle dinamis pada JSN menggunakan Multiuser-Dynamic Cipher Puzzle (M-DCP) yang dilengkapi dengan TinySet. Skema ini bertujuan untuk mengurangi waktu pemrosesan dan dapat dimanfaatkan oleh banyak pengguna atau pengirim dengan kebutuhan ruang penyimpanan pada JSN yang rendah. M-DCP memanfaatkan fungsi ambang untuk membatasi jumlah iterasi hash. Hasil percobaan menunjukkan bahwa fungsi ambang eksponensial dapat menurunkan delay pada sisi pengirim hingga 94% dengan peluang ditemukannya solusi hingga 1-(1.738x10-13). Sedangkan pemanfaatan TinySet yang telah diregularisasi bisa menghemat ruang penyimpanan hingga 77% dibandingkan dengan Counting Bloom Filter (CBF). Pemanfaatan skema ini berdampak pada meningkatnya komputasi pada proses verifikasi. Peningkatan ini bernilai hingga 36% dibandingkan dengan Bloom Filter based Authentication (BAS) atau pada implementasinya membutuhkan waktu tidak lebih dari 0.5 detik. Performansi yang didapatkan diimbangi dengan meningkatnya keamanan terutama pada autentikasi, confidentiality dan ketahanan terhadap serangan DoS berbasis PKC. Hal ini dibuktikan dengan peningkatan kompleksitas serangan menggunakan brute force hingga 1.86x10137 trial yang didapatkan dari proses autentikasi menggunakan Elliptic Curve Digital Signature Algorithm (ECDSA), proses enkripsi menggunakan Rivest Cipher 5 (RC5) dan proses pembuatan puzzle menggunakan DCP. Kata kunci: autentikasi, DoS, jaringan sensor nirkabel, multiuser, skema puzzl

Self-adjusting advertisement of cache indicators with bandwidth constraints

Cache advertisements reduce the access cost by allowing users to skip the cache when it does not contain their datum. Such advertisements are used in multiple networked domains such as 5G networks, wide area networks, and information-centric networking. The selection of an advertisement strategy exposes a trade-off between the access cost and bandwidth consumption. Still, existing works mostly apply a trial-and-error approach for selecting the best strategy, as the rigorous foundations required for optimizing such decisions is lacking.Our work shows that the desired advertisement policy depends on numerous parameters such as the cache policy, the workload, the cache size, and the available bandwidth. In particular, we show that there is no ideal single configuration. Therefore, we design an adaptive, self-adjusting algorithm that periodically selects an advertisement policy. Our algorithm does not require any prior information about the cache policy, cache size, or work-load, and does not require any apriori configuration. Through extensive simulations, using several state-of-the-art cache policies, and real workloads, we show that our approach attains a similar cost to that of the best static configuration (which is only identified in retrospect) in each case

Access Strategies for Network Caching

Having multiple data stores that can potentially serve content is common in modern networked applications. Data stores often publish approximate summaries of their content to enable effective utilization. Since these summaries are not entirely accurate, forming an efficient access strategy to multiple data stores becomes a complex risk management problem. This paper formally models this problem as a cost minimization problem, while taking into account both access costs, the inaccuracy of the approximate summaries, as well as the penalties incurred by failed requests. We introduce practical algorithms with guaranteed approximation ratios and further show that they are optimal in various settings. We also perform an extensive simulation study based on real data and show that our algorithms are more robust than existing heuristics. That is, they exhibit near-optimal performance in various settings, whereas the efficiency of existing approaches depends upon system parameters that may change over time, or be otherwise unknown

Combining Shamir & Additive Secret Sharing to Improve Efficiency of SMC Primitives Against Malicious Adversaries

Secure multi-party computation provides a wide array of protocols for mutually distrustful parties be able to securely evaluate functions of private inputs. Within recent years, many such protocols have been proposed representing a plethora of strategies to securely and efficiently handle such computation. These protocols have become increasingly efficient, but their performance still is impractical in many settings. We propose new approaches to some of these problems which are either more efficient than previous works within the same security models or offer better security guarantees with comparable efficiency. The goals of this research are to improve efficiency and security of secure multi-party protocols and explore the application of such approaches to novel threat scenarios. Some of the novel optimizations employed are dynamically switching domains of shared secrets, asymmetric computations, and advantageous functional transformations, among others. Specifically, this work presents a novel combination of Shamir and Additive secret sharing to be used in parallel which allows for the transformation of efficient protocols secure against passive adversaries to be secure against active adversaries. From this set of primitives we propose the construction of a comparison protocol which can be implemented under that approach with a complexity which is more efficient than other recent works for common domains of interest. Finally, we present a system which addresses a critical security threat for the protection and obfuscation of information which may be of high consequence.Comment: arXiv admin note: text overlap with arXiv:1810.0157