Evaluation of Cryptography Usage in Android Applications

Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we downloaded 49 Android applications from the Google Play marketplace and performed static and dynamic analysis in an attempt to detect possible cryptographic misuses. The results showed that 87.8 % of the applications present some kind of misuse, while for the rest of them no cryptography usage was detected during the analysis. Finally, we suggest countermeasures, mainly intended for developers, to alleviate the issues identified by the analysis

Distributed key management in microgrids

Security for smart industrial systems is prominent due to the proliferation of cyber threats threatening national critical infrastructures. Smart grid comes with intelligent applications that can utilize the bidirectional communication network among its entities. Microgrids are small-scale smart grids that enable Machine-to-Machine (M2M) communications as they can operate with some degree of independence from the main grid. In addition to protecting critical microgrid applications, an underlying key management scheme is needed to enable secure M2M message transmission and authentication. Existing key management schemes are not adequate due to microgrid special features and requirements. We propose the Micro sElf- orgaNiSed mAnagement (MENSA), which is the first hybrid key management and authentication scheme that combines Public Key Infrastructure (PKI) and Web-of-Trust concepts in micro- grids. Our experimental results demonstrate the efficiency of MENSA in terms of scalability and swiftness

Questioning the feasibility of UMTS-GSM interworking attacks

Recently, Ahmadian et al. (Security enhancements against UMTS-GSM interworking attacks, Elsevier, Amsterdam, 2010) presented and analyzed three different attacks that can be performed in UMTS-GSM interworking networks: (a) a real-time eavesdropping attack, (b) an offline eavesdropping attack, and (c) an impersonation attack. In this letter we question the feasibility of these attacks. In particular, we pinpoint and analyze that these attacks are based on some erroneous and misleading assumptions that the authors have made regarding the security functionality of the UMTS-GSM interworking networks. Based on this analysis, we deduce that these three attacks cannot be performed. © 2011 Springer Science+Business Media, LLC

Study and design of routing mechanisms for sensor networks

Τhis thesis deals with the optimization of the users’ authentication procedure in 4th generation mobile networks. Overall, two different problems are studied. The first problem deals with the authentication latency and the associated burden of multi-pass authentications. A novel mechanism called security binding is proposed that reduces the authentication delay of multi-pass authentications in a simple yet effective and secure manner. The focal point of the proposed mechanism is its generic application in multi-pass authentications regardless of the underlying network or protocol. The performance improvement of the proposed mechanism is evaluated through extensive simulations and mathematical modeling. The second problem copes with the false synchronization issue incurred in the users’ authentication procedure. An analytical model based on a four-dimensional markov chain is developed to investigate the impact of various network parameters on the system performance. The mathematical model facilitates the dynamic adaptation of the network parameters achieving an optimal tradeoff between security and performance.Στην παρούσα διδακτορική διατριβή μελετήθηκαν δυο ξεχωριστά προβλήματα που αφορούν τη βελτιστοποίηση της διαδικασίας αυθεντικοποίησης των χρηστών στα ασύρματα δίκτυα 4ης γενιάς. Στο πρώτο πρόβλημα μελετήθηκαν οι πολύ-διελευσικές διαδικασίες αυθεντικοποίησης και οι αρνητικές συνέπειες τους, οι οποίες σχετίζονται με την καθυστέρηση που ενδέχεται να συναντήσουν οι χρήστες κατά τη διάρκεια της αυθεντικοποίησης τους. Προτάθηκε ένας πρωτότυπος μηχανισμός, ο οποίος μειώνει την εκτέλεση των περιττών λειτουργιών της πολύ-διελευσικής αυθεντικοποίησης, χωρίς όμως να υποβαθμίζει το επίπεδο ασφάλειας. Το σημείο αναφοράς του προτεινόμενου μηχανισμού είναι η γενική του εφαρμογή σε διαδικασίες πολύ-διελευσικής αυθεντικοποίησης, ανεξάρτητα από το υποκείμενο δίκτυο και τα πρωτόκολλα. Η απόδοση του προτεινόμενου μηχανισμού αποτιμάται τόσο μέσω προσομοίωσης όσο και μέσω θεωρητικής ανάλυσης. Στο δεύτερο πρόβλημα μελετήθηκε το φαινόμενο των εσφαλμένων συγχρονισμών, το οποίο παρατηρείται κατά τη διαδικασία αυθεντικοποίησης των χρηστών στα ασύρματα δίκτυα 4ης γενιάς. Το πρόβλημα αναλύεται με την ανάπτυξη ενός αναλυτικού μοντέλου, το οποίο βασίζεται σε μια μαρκοβιανή αλυσίδα με τέσσερεις διαστάσεις. Η ποιοτική ανάλυση του μαθηματικού μοντέλου επιτρέπει τη δυναμική προσαρμογή των δικτυακών παραμέτρων επιτυγχάνοντας έτσι τη χρυσή τομή μεταξύ απόδοσης και ασφάλειας

A generic mechanism for efficient authentication in B3G networks

A user in Beyond 3rd Generation (B3G) networks in order to get access to the network services must perform a multi-pass authentication procedure, which includes two or three sequential authentications steps. These multiple authentication steps include a redundant repetition of the same or similar authentication functions, which impose an unnecessary authentication overhead. This paper proposes a security binding mechanism, which reduces the execution of the redundant authentication functions of multi-pass authentications in a simple yet effective and secure manner. To achieve this, the proposed mechanism authenticates a user in the second and third step of a multi-pass authentication, by using the user's authentication credentials of the initial step. The focal point of the security binding mechanism is its generic application in multi-pass authentications, regardless of the underlying network architecture or protocols. To prove this, we have selected to present and analyze the application of the proposed mechanism in two different B3G scenarios (i.e., 3G-WLAN and WiMAX), resulting in the improved authentication procedures. A security analysis of the improved procedures has been carried out to identify possible attacks and propose security measures to eliminate them. Moreover, a simulation model has been developed to estimate and compare the performance of the improved 3G-WLAN authentication procedure to that of the legacy 3G-WLAN authentication. Simulation results show that the improved procedure presents better performance than its legacy counterpart. © 2009 Elsevier Ltd. All rights reserved

Security architectures for B3G mobile networks

This paper analyzes the security architectures employed in the interworking model that integrates third-generation (3G) mobile networks and Wireless Local Area Networks (WLANs), materializing Beyond 3G (B3G) networks. Currently, B3G networks are deployed using two different access scenarios (i.e., WLAN Direct Access and WLAN 3GPP IP Access), each of which incorporates a specific security architecture that aims at protecting the involved parties and the data exchanged among them. These architectures consist of various security protocols that provide mutual authentication (i.e., user and network authentication), as well as confidentiality and integrity services to the data sent over the air interface of the deployed WLANs and specific parts of the core network. The strengths and weaknesses of the applied security measures are elaborated on the basis of the security services that they provide. In addition, some operational and performance issues that derives from the application of these measures in B3G networks are outlined. Finally, based on the analysis of the two access scenarios and the security architecture that each one employs, this paper presents a comparison of them, which aims at highlighting the deployment advantages of each scenario and classifying them in terms of: a) security, b) mobility, and c) reliability. © 2007 Springer Science+Business Media, LLC

One-pass EAP-AKA authentication in 3G-WLAN integrated networks

The incorporation of Wireless Local Area Networks (WLANs) within the third generation (3G) networks materializes the next generation of mobile/wireless systems, named 3G-WLANs integrated networks. This paper proposes an improved authentication procedure for the 3G-WLANs integrated networks that enables a WLAN user to get access to the 3G packet switched services or to the public Internet through the 3G public land mobile network. The proposed procedure reduces significantly the authentication overhead compared to the legacy one, without compromising the provided security services. A security analysis of the proposed authentication procedure is elaborated that ensures the correctness of the authentication procedure, the provision of advanced security services and the elimination of possible attacks that may threaten the proposed authentication procedure. In addition, an energy cost analysis is carried out that compares the energy consumption induced by the legacy and the proposed authentication procedures. Finally, a communication cost analysis is provided that estimates the cost improvement of the proposed over the legacy authentication procedure. © 2008 Springer Science+Business Media, LLC