Secure Communication using Identity Based Encryption

Secured communication has been widely deployed to guarantee confidentiality and\ud integrity of connections over untrusted networks, e.g., the Internet. Although\ud secure connections are designed to prevent attacks on the connection, they hide\ud attacks inside the channel from being analyzed by Intrusion Detection Systems\ud (IDS). Furthermore, secure connections require a certain key exchange at the\ud initialization phase, which is prone to Man-In-The-Middle (MITM) attacks. In this paper, we present a new method to secure connection which enables Intrusion Detection and overcomes the problem of MITM attacks. We propose to apply Identity Based Encryption (IBE) to secure a communication channel. The key escrow property of IBE is used to recover the decryption key, decrypt network traffic on the fly, and scan for malicious content. As the public key can be generated based on the identity of the connected server and its exchange is not necessary, MITM attacks are not easy to be carried out any more. A prototype of a modified TLS scheme is implemented and proved with a simple client-server application. Based on this prototype, a new IDS sensor is developed to be capable of identifying IBE encrypted secure traffic on the fly. A deployment architecture of the IBE sensor in a company network is proposed. Finally, we show the applicability by a practical experiment and some preliminary performance measurements

IPv4/IPv6 Handoff on Lock-Keeper for High Flexibility and Security

Abstract-In response to the emerging deployment of IPv6 on network devices, this paper proposes the integration of IPv6 on Lock-Keeper, an implementation of a high level security system for preventing online attacks. It is designed to permit the secure data exchange over physically separated networks in an IPv4-based environment. A new intercommunication module is added to manage IPv4/IPv6 handoff inside the LockKeeper, which provides several benefits. First, the LockKeeper gains the flexibility to work in IPv4/IPv6 environments. Second, an application layer gateway to bridge IPv4 and IPv6 networks is achieved. Third, the IP-layer protocol isolation is realized inside the Lock-Keeper to enhance the security of the protected network by exchanging data between physically separated networks using different IP protocols