Behavioral pattern analysis of secure migration and communications in eCommerce using cryptographic protocols on a mobile MAS platform

Mobile Multi-Agent Systems (MAS) systems can be used with real success in a growing number of eCommerce applications nowadays. Security has been identified as numerous times by different researchers as a top criterion for the acceptance of mobile agent adoption. In this paper we present an in-depth analysis of behavior patterns of a mobile MAS platform when using different cryptographic protocols to assure communication and migration integrity and confidentiality. Different use case sceneries of eCommerce applications as well as many other aspects have been studied, such as overhead, different communication patterns, different loads and bandwidth issues. This work is also extensible to other mobile and non-mobile MAS platforms. The results obtained can be used and should be taken into account by designers and implementers of secure mobile and also non-mobile agent platforms and agents.European Union TeleCARE IST-2000-2760

MobiVPN: Towards a Reliable and Efficient Mobile VPN

abstract: A Virtual Private Network (VPN) is the traditional approach for an end-to-end secure connection between two endpoints. Most existing VPN solutions are intended for wired networks with reliable connections. In a mobile environment, network connections are less reliable and devices experience intermittent network disconnections due to either switching from one network to another or experiencing a gap in coverage during roaming. These disruptive events affects traditional VPN performance, resulting in possible termination of applications, data loss, and reduced productivity. Mobile VPNs bridge the gap between what users and applications expect from a wired network and the realities of mobile computing. In this dissertation, MobiVPN, which was built by modifying the widely-used OpenVPN so that the requirements of a mobile VPN were met, was designed and developed. The aim in MobiVPN was for it to be a reliable and efficient VPN for mobile environments. In order to achieve these objectives, MobiVPN introduces the following features: 1) Fast and lightweight VPN session resumption, where MobiVPN is able decrease the time it takes to resume a VPN tunnel after a mobility event by an average of 97.19\% compared to that of OpenVPN. 2) Persistence of TCP sessions of the tunneled applications allowing them to survive VPN tunnel disruptions due to a gap in network coverage no matter how long the coverage gap is. MobiVPN also has mechanisms to suspend and resume TCP flows during and after a network disconnection with a packet buffering option to maintain the TCP sending rate. MobiVPN was able to provide fast resumption of TCP flows after reconnection with improved TCP performance when multiple disconnections occur with an average of 30.08\% increase in throughput in the experiments where buffering was used, and an average of 20.93\% of increased throughput for flows that were not buffered. 3) A fine-grained, flow-based adaptive compression which allows MobiVPN to treat each tunneled flow independently so that compression can be turned on for compressible flows, and turned off for incompressible ones. The experiments showed that the flow-based adaptive compression outperformed OpenVPN's compression options in terms of effective throughput, data reduction, and lesser compression operations.Dissertation/ThesisDoctoral Dissertation Computer Science 201

Proposed Framework for Securing Mobile Banking Applications from Man in the Middle Attacks

Mobile phone banking and payments continues to not only be a popular way of transacting business but it also seems to evolve rapidly. Despite its popularity however there seem to be some very genuine concerns on the security issues revolving around it, particularly in regard to man in the middle attacks. This paper seeks to propose a secure framework for communication between a mobile device and the back end server for protecting mobile banking applications from man-in-the-middle attacks without introducing further threats to the communication channel. Keywords: Defense- in-depth, Security, man in the middle attack, secure framework, bank serve

Security Investigation on Remote Access Methods of Virtual Private Network

Remote access is one of the prevalent business trends in today2019;s computing pervasive business environments. The ease of access to internal private networks over the internet by telecommuter devices has given birth too many security threats to the endpoint devices. The application client software and data at rest on the endpoint of remote access methods such as: Tunneling, Portal, Desktop Applications and Direct Access do not offer protection for the communication between the VPN gateway and internal resources. This paper, therefore investigate the security pitfalls of remote access for establishing virtual private network methods. To address these challenges, a remote access method to secure endpoint communication is proposed. The study adopted investigative research design by use of empirical review on the security aspect of the current state VPN Remote Access methods. This necessitates the review of the research article on the current state and related works which leads to critiques and offer proposed solution to remote access endpoint VPN. The scope of this study is limited to secure virtual private network endpoint data communication. In this paper, an investigation of these access technologies given

Mitigating real-time relay phishing attacks against mobile push notification based two-factor authentication systems

This paper explores how existing push notification based two-factor authentication systems are susceptible to real-time man-in-the-middle relay attacks and proposes a system for mitigating such attacks. A fully functional reference system of the proposed mitigation was built and compared to an existing push notification two-factor authentication system while undergoing a real-time man-in-the-middle relay attack. The reference systems used cloud infrastructure for hosting, an Apple iPhone as the notification receiver, and Apple’s push notification service to send notifications. A publicly available tool for conducting real-time man-in-the-middle relay attacks was used to conduct the attacks. The results of the tests were recorded and contrasted to show how existing implementations fail to identify such attacks and how the proposed system could. It is recommended that the existing push notification two-factor authentication providers implement additional measures to protect users against real-time man-in-the-middle relay attacks while appropriately weighing key usability issues. While the proposed mitigation system is shown to prevent such attacks, it has usability drawbacks that should be considered

Dual-factor Authentication in Virtual Private Networks

Import 22/07/2015Cílem této diplomové práce je návrh a realizace dvoufaktorové autentizace ve virtuálních privátních sítích pomocí USB tokenu a hesla. Pro praktickou realizaci navržených řešení je použit software OpenVPN a strongSwan. Nachází se zde kompletní návod na instalaci a práci s USB tokenem. K vytvoření a práci s certifikáty je využit nástroj Easy RSA a software XCA. U navržených řešení jsou uvedeny jednotlivé konfigurace a konfigurační soubory. Dále je popsáno ověření funkčnosti dvoufaktorové autentizace a připojení klientů z operačních systémů Ubuntu a Windows. Ověření funkčnosti je doplněno o výpisy sestavených spojení. Na závěr jsou mezi sebou jednotlivá řešení srovnána.The goal of this master thesis is proposal and realization of dual-factor authentication in virtual private networks using USB token and password. Practical realization of proposed solutions is going to be made using OpenVPN and strongSwan software. Complete instructions for installation and operation of USB token is described here. Easy RSA tool and XCA software are used to create the certificates. Proposed solutions are listed with configurations and configuration files. They are followed by a description of verification of functionality of dual-factor authentication and connection of clients from Ubuntu and Windows operating systems. Verification is accompanied by listing of compiled connections. In the end each solutions are compared.440 - Katedra telekomunikační technikyvýborn