Search results for: password guessing attacks.

Authors: Pyae Pyae Hun

Abstract:

Secure electronic payment system is presented in this paper. This electronic payment system is to be secure for clients such as customers and shop owners. The security architecture of the system is designed by RC5 encryption / decryption algorithm. This eliminates the fraud that occurs today with stolen credit card numbers. The symmetric key cryptosystem RC5 can protect conventional transaction data such as account numbers, amount and other information. This process can be done electronically using RC5 encryption / decryption program written by Microsoft Visual Basic 6.0. There is no danger of any data sent within the system being intercepted, and replaced. The alternative is to use the existing network, and to encrypt all data transmissions. The system with encryption is acceptably secure, but that the level of encryption has to be stepped up, as computing power increases. Results In order to be secure the system the communication between modules is encrypted using symmetric key cryptosystem RC5. The system will use simple user name, password, user ID, user type and cipher authentication mechanism for identification, when the user first enters the system. It is the most common method of authentication in most computer system.

Keywords: A 128-bit block cipher, Microsoft visual basic 6.0, RC5 encryption /decryption algorithm and TCP/IP protocol.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2323

Authors: Chien-Wei Hung, Fu-Hau Hsu, Chuan-Sheng Wang, Chia-Hao Lee

Abstract:

Nowadays, the abuse of keyloggers is one of the most widespread approaches to steal sensitive information. In this paper, we propose an On-Screen Prompts Approach to Keyloggers (OSPAK) and its analysis, which is installed in public computers. OSPAK utilizes a canvas to cue users when their keystrokes are going to be logged or ignored by OSPAK. This approach can protect computers against recoding sensitive inputs, which obfuscates keyloggers with letters inserted among users' keystrokes. It adds a canvas below each password field in a webpage and consists of three parts: two background areas, a hit area and a moving foreground object. Letters at different valid time intervals are combined in accordance with their time interval orders, and valid time intervals are interleaved with invalid time intervals. It utilizes animation to visualize valid time intervals and invalid time intervals, which can be integrated in a webpage as a browser extension. We have tested it against a series of known keyloggers and also performed a study with 95 users to evaluate how easily the tool is used. Experimental results made by volunteers show that OSPAK is a simple approach.

Keywords: Authentication, computer security, keylogger, privacy, information leakage.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 714

Authors: Altab Hossain, Ataur Rahman, Jakir Hossen, A.K.M. P. Iqbal, SK. Hasan

Abstract:

The measurement of aerodynamic forces and moments acting on an aircraft model is important for the development of wind tunnel measurement technology to predict the performance of the full scale vehicle. The potentials of an aircraft model with and without winglet and aerodynamic characteristics with NACA wing No. 65-3- 218 have been studied using subsonic wind tunnel of 1 m × 1 m rectangular test section and 2.5 m long of Aerodynamics Laboratory Faculty of Engineering (University Putra Malaysia). Focusing on analyzing the aerodynamic characteristics of the aircraft model, two main issues are studied in this paper. First, a six component wind tunnel external balance is used for measuring lift, drag and pitching moment. Secondly, Tests are conducted on the aircraft model with and without winglet of two configurations at Reynolds numbers 1.7×105, 2.1×105, and 2.5×105 for different angle of attacks. Fuzzy logic approach is found as efficient for the representation, manipulation and utilization of aerodynamic characteristics. Therefore, the primary purpose of this work was to investigate the relationship between lift and drag coefficients, with free-stream velocities and angle of attacks, and to illustrate how fuzzy logic might play an important role in study of lift aerodynamic characteristics of an aircraft model with the addition of certain winglet configurations. Results of the developed fuzzy logic were compared with the experimental results. For lift coefficient analysis, the mean of actual and predicted values were 0.62 and 0.60 respectively. The coreelation between actual and predicted values (from FLS model) of lift coefficient in different angle of attack was found as 0.99. The mean relative error of actual and predicted valus was found as 5.18% for the velocity of 26.36 m/s which was found to be less than the acceptable limits (10%). The goodness of fit of prediction value was 0.95 which was close to 1.0.

Keywords: Wind tunnel; Winglet; Lift coefficient; Fuzzy logic.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1845

Authors: Sanjay Kanade, Danielle Camara, Dijana Petrovska-Delacretaz, Bernadette Dorizzi

Abstract:

In this paper, a two factor scheme is proposed to generate cryptographic keys directly from biometric data, which unlike passwords, are strongly bound to the user. Hash value of the reference iris code is used as a cryptographic key and its length depends only on the hash function, being independent of any other parameter. The entropy of such keys is 94 bits, which is much higher than any other comparable system. The most important and distinct feature of this scheme is that it regenerates the reference iris code by providing a genuine iris sample and the correct user password. Since iris codes obtained from two images of the same eye are not exactly the same, error correcting codes (Hadamard code and Reed-Solomon code) are used to deal with the variability. The scheme proposed here can be used to provide keys for a cryptographic system and/or for user authentication. The performance of this system is evaluated on two publicly available databases for iris biometrics namely CBS and ICE databases. The operating point of the system (values of False Acceptance Rate (FAR) and False Rejection Rate (FRR)) can be set by properly selecting the error correction capacity (ts) of the Reed- Solomon codes, e.g., on the ICE database, at ts = 15, FAR is 0.096% and FRR is 0.76%.

Keywords:

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2048

Authors: Omid Mirmotahari, Yngvar Berg

Abstract:

In this paper we promote the Ultra Low Voltage (ULV) NAND gate to replace either partly or entirely the encryption block of a design to withstand power analysis attack.

Keywords: Differential Power Analysis (DPA), Low Voltage (LV), Ultra Low Voltage (ULV), Floating-Gate (FG), supply current analysis.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1913

Authors: Karim Abouelmehdi, Loubna Dali, Elmoutaoukkil Abdelmajid, Hoda Elsayed Eladnani Fatiha, Benihssane Abderahim

Abstract:

The security of cloud services is the concern of cloud service providers. In this paper, we will mention different classifications of cloud attacks referred by specialized organizations. Each agency has its classification of well-defined properties. The purpose is to present a high-level classification of current research in cloud computing security. This classification is organized around attack strategies and corresponding defenses.

Keywords: Cloud computing, security, classification, risk.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2031

Authors: Rawan I. Zaghloul, Enas F. Al-Rawashdeh

Abstract:

In this paper a simple watermarking method for color images is proposed. The proposed method is based on watermark embedding for the histograms of the HSV planes using visual cryptography watermarking. The method has been proved to be robust for various image processing operations such as filtering, compression, additive noise, and various geometrical attacks such as rotation, scaling, cropping, flipping, and shearing.

Keywords: Histogram, HSV image, Visual Cryptography, Watermark.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1927

Authors: P. Vazan, P. Tanuska, M. Kebisek, S. Duchovicova

Abstract:

The paper deals with communication standards for control and production system. The authors formulate the requirements for communication security protection. The paper is focused on application protocols of the industrial networks and their basic classification. The typical attacks are analysed and the safety protection, based on requirements for specific industrial network is suggested and defined in this paper.

Keywords: Application protocols, communication standards, industrial networks.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1969

Authors: Audrey Heffron, Casserleigh, Jarrett Broder, Brad Skillman

Abstract:

Traditionally, terror groups have been formed by ideologically aligned actors who perceive a lack of options for achieving political or social change. However, terrorist attacks have been increasingly carried out by small groups of actors or lone individuals who may be only ideologically affiliated with larger, formal terrorist organizations. The formation of these groups represents the inverse of traditional organizational growth, whereby structural de-evolution within issue-based organizations leads to the formation of small, independent terror cells. Ideological franchising – the bypassing of formal affiliation to the “parent" organization – represents the de-evolution of traditional concepts of organizational structure in favor of an organic, independent, and focused unit. Traditional definitions of dark networks that are issue-based include focus on an identified goal, commitment to achieving this goal through unrestrained actions, and selection of symbolic targets. The next step in the de-evolution of small dark networks is the miniorganization, consisting of only a handful of actors working toward a common, violent goal. Information-sharing through social media platforms, coupled with civil liberties of democratic nations, provide the communication systems, access to information, and freedom of movement necessary for small dark networks to flourish without the aid of a parent organization. As attacks such as the 7/7 bombings demonstrate the effectiveness of small dark networks, terrorist actors will feel increasingly comfortable aligning with an ideology only, without formally organizing. The natural result of this de-evolving organization is the single actor event, where an individual seems to subscribe to a larger organization-s violent ideology with little or no formal ties.

Keywords: Organizational de-evolution, single actor, small group, terrorism.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2216

Authors: Salim Istyaq

Abstract:

As we know, number of Internet users are increasing drastically. Now, people are using different online services provided by banks, colleges/schools, hospitals, online utility, bill payment and online shopping sites. To access online services, text-based authentication system is in use. The text-based authentication scheme faces some drawbacks with usability and security issues that bring troubles to users. The core element of computational trust is identity. The aim of the paper is to make the system more compliable for the imposters and more reliable for the users, by using the graphical authentication approach. In this paper, we are using the more powerful tool of encoding the options in graphical QR format and also there will be the acknowledgment which will send to the user’s mobile for final verification. The main methodology depends upon the encryption option and final verification by confirming a set of pass phrase on the legal users, the outcome of the result is very powerful as it only gives the result at once when the process is successfully done. All processes are cross linked serially as the output of the 1st process, is the input of the 2nd and so on. The system is a combination of recognition and pure recall based technique. Presented scheme is useful for devices like PDAs, iPod, phone etc. which are more handy and convenient to use than traditional desktop computer systems.

Keywords: Graphical Password, OTP, QR Codes, Recognition based graphical user authentication, usability and security.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1620

Authors: Kamran Hameed, Adeel Mumtaz, S.A.M. Gilani

Abstract:

In this paper, we start by first characterizing the most important and distinguishing features of wavelet-based watermarking schemes. We studied the overwhelming amount of algorithms proposed in the literature. Application scenario, copyright protection is considered and building on the experience that was gained, implemented two distinguishing watermarking schemes. Detailed comparison and obtained results are presented and discussed. We concluded that Joo-s [1] technique is more robust for standard noise attacks than Dote-s [2] technique.

Keywords: Digital image, Copyright protection, Watermarking, Wavelet transform.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2603

Authors: M. Ketcham, S. Vongpradhip

Abstract:

In this paper, an innovative watermarking scheme for audio signal based on genetic algorithms (GA) in the discrete wavelet transforms is proposed. It is robust against watermarking attacks, which are commonly employed in literature. In addition, the watermarked image quality is also considered. We employ GA for the optimal localization and intensity of watermark. The watermark detection process can be performed without using the original audio signal. The experimental results demonstrate that watermark is inaudible and robust to many digital signal processing, such as cropping, low pass filter, additive noise.

Keywords: Intelligent Audio Watermarking, GeneticAlgorithm, DWT Domain.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2010

Authors: Ahmed Abou Elfarag, A. Baith M., Hassan H. Alkhishali

Abstract:

With the turn of this century, many researchers started showing interest in Embedded Firewall (EF) implementations. These are not the usual firewalls that are used as checkpoints at network gateways. They are, rather, applied near those hosts that need protection. Hence by using them, individual or grouped network components can be protected from the inside as well as from external attacks. This paper presents a study of EF-s, looking at their architecture and problems. A comparative study assesses how practical each kind is. It particularly focuses on the architecture, weak points, and portability of each kind. A look at their use by different categories of users is also presented.

Keywords: Embedded Firewall (EF), Network Interface Card (NIC), Virtual Machine Software (VMware), Virtual Firewall (VF).

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1666

Authors: I. Oloyede

Abstract:

The COVID-19 dataset is obtained by extracting weather, longitude, latitude, ISO3666, cases and death of coronavirus patients across the globe. The data were extracted for a period of eight day choosing uniform time within the specified period. Then mapping of cases and deaths with reverence to continents were obtained. Bayesian Geostastical modelling was carried out on the dataset. The study found out that countries in the tropical region suffered less deaths/attacks compared to countries in the temperate region, this is due to high temperature in the tropical region.

Keywords: COVID-19, Bayesian, geostastical modelling, prior, posterior.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 404

Authors: Y. Cifuentes, L. Beltrán, L. Ramírez

Abstract:

The availability to deploy mobile applications for health care is increasing daily thru different mobile app stores. But within these capabilities the number of hacking attacks has also increased, in particular into medical mobile applications. The security vulnerabilities in medical mobile apps can be triggered by errors in code, incorrect logic, poor design, among other parameters. This is usually used by malicious attackers to steal or modify the users’ information. The aim of this research is to analyze the vulnerabilities detected in mobile medical apps according to risk factor standards defined by OWASP in 2014.

Keywords: mHealth apps, OWASP, protocols, security vulnerabilities, risk factors.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 4344

Authors: S. Raja Ratna, R. Ravi

Abstract:

Wireless networks are built upon the open shared medium which makes easy for attackers to conduct malicious activities. Jamming is one of the most serious security threats to information economy and it must be dealt efficiently. Jammer prevents legitimate data to reach the receiver side and also it seriously degrades the network performance. The objective of this paper is to provide a general overview of jamming in wireless network. It covers relevant works, different jamming techniques, various types of jammers and typical prevention techniques. Challenges associated with comparing several anti-jamming techniques are also highlighted.

Keywords: Channel, Cryptography, Frequency, Jamming, Legitimate, Security, Wavelength.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 3114

Authors: H. Gorine, M. Ramadan Elmezughi

Abstract:

In this paper, we investigate security issues and challenges facing researchers in wireless sensor networks and countermeasures to resolve them. The broadcast nature of wireless communication makes Wireless Sensor Networks prone to various attacks. Due to resources limitation constraint in terms of limited energy, computation power and memory, security in wireless sensor networks creates different challenges than wired network security. We will discuss several attempts at addressing the issues of security in wireless sensor networks in an attempt to encourage more research into this area.

Keywords: Malicious nodes, network security, soft encryption, threats, wireless sensor networks.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1829

Authors: Sandeep P. Abhang, Girish V. Chowdhay

Abstract:

This paper proposes a Wavelength Division Multiplexing (WDM) technology based Storage Area Network (SAN) for all type of Disaster recovery operation. It considers recovery when all paths failure in the network as well as the main SAN site failure also the all backup sites failure by the effect of natural disasters such as earthquakes, fires and floods, power outage, and terrorist attacks, as initially SAN were designed to work within distance limited environments[2]. Paper also presents a NEW PATH algorithm when path failure occurs. The simulation result and analysis is presented for the proposed architecture with performance consideration.

Keywords: SAN, WDM, FC, Ring, IP, network load, iSCSI, miles, disaster.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1901

Authors: Stefan Rass

Abstract:

Quantum cryptography offers a way of key agreement, which is unbreakable by any external adversary. Authentication is of crucial importance, as perfect secrecy is worthless if the identity of the addressee cannot be ensured before sending important information. Message authentication has been studied thoroughly, but no approach seems to be able to explicitly counter meet-in-the-middle impersonation attacks. The goal of this paper is the development of an authentication scheme being resistant against active adversaries controlling the communication channel. The scheme is built on top of a key-establishment protocol and is unconditionally secure if built upon quantum cryptographic key exchange. In general, the security is the same as for the key-agreement protocol lying underneath.

Keywords: Meet-in-the-middle attack, quantum key distribution, quantum networks, unconditionally secure authentication.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1872

Authors: Kemal Bicakci, Yusuf Uzunay

Abstract:

It is well-known that in wireless local area networks, authenticating nodes by their MAC addresses is not secure since it is very easy for an attacker to learn one of the authorized addresses and change his MAC address accordingly. In this paper, in order to prevent MAC address spoofing attacks, we propose to use dynamically changing MAC addresses and make each address usable for only one session. The scheme we propose does not require any change in 802.11 protocols and incurs only a small performance overhead. One of the nice features of our new scheme is that no third party can link different communication sessions of the same user by monitoring MAC addresses therefore our scheme is preferable also with respect to user privacy.

Keywords: Authentication, MAC address spoofing, security, wireless networks.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2538

Authors: Amel Ltifi, Ahmed Zouinkhi, Med Salim Bouhlel

Abstract:

Spontaneous networks such as VANET are in general deployed in an open and thus easily accessible environment. Therefore, they are vulnerable to attacks. Trust management is one of a set of security solutions dedicated to this type of networks. Moreover, the strong mobility of the nodes (in the case of VANET) makes the establishment of a trust management system complex. In this paper, we present a concept of ‘Active Vehicle’ which means an autonomous vehicle that is able to make decision about trustworthiness of alert messages transmitted about road accidents. The behavior of an “Active Vehicle” is modeled using Petri Nets.

Keywords: Component, active vehicle, cooperation, petri nets, trust management, VANET.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1083

Authors: E. Golden Julie, E. Sahaya Rose Vigita, S. Tamil Selvi

Abstract:

Wireless sensor network is vulnerable to a wide range of attacks. Recover secrecy after compromise, to develop technique that can detect intrusions and able to resilient networks that isolates the point(s) of intrusion while maintaining network connectivity for other legitimate users. To define new security metrics to evaluate collaborative intrusion resilience protocol, by leveraging the sensor mobility that allows compromised sensors to recover secure state after compromise. This is obtained with very low overhead and in a fully distributed fashion using extensive simulations support our findings.

Keywords: WSN security, intrusion resilience, compromised sensors, mobility.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1715

Authors: Long Jye Sheu, Horng-Shing Chiou, Wei Ching Chen

Abstract:

We propose a new perspective on speech communication using blind source separation. The original speech is mixed with key signals which consist of the mixing matrix, chaotic signals and a random noise. However, parts of the keys (the mixing matrix and the random noise) are not necessary in decryption. In practice implement, one can encrypt the speech by changing the noise signal every time. Hence, the present scheme obtains the advantages of a One Time Pad encryption while avoiding its drawbacks in key exchange. It is demonstrated that the proposed scheme is immune against traditional attacks.

Keywords: one time pad, blind source separation, independentcomponent analysis, speech encryption.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1523

Authors: Libor Zachoval, Daire O Broin, Oisin Cawley

Abstract:

E-learning platforms, such as Blackboard have two major shortcomings: limited data capture as a result of the limitations of SCORM (Shareable Content Object Reference Model), and lack of incorporation of Artificial Intelligence (AI) and machine learning algorithms which could lead to better course adaptations. With the recent development of Experience Application Programming Interface (xAPI), a large amount of additional types of data can be captured and that opens a window of possibilities from which online education can benefit. In a corporate setting, where companies invest billions on the learning and development of their employees, some learner behaviours can be troublesome for they can hinder the knowledge development of a learner. Behaviours that hinder the knowledge development also raise ambiguity about learner’s knowledge mastery, specifically those related to gaming the system. Furthermore, a company receives little benefit from their investment if employees are passing courses without possessing the required knowledge and potential compliance risks may arise. Using xAPI and rules derived from a state-of-the-art review, we identified three learner behaviours, primarily related to guessing, in a corporate compliance course. The identified behaviours are: trying each option for a question, specifically for multiple-choice questions; selecting a single option for all the questions on the test; and continuously repeating tests upon failing as opposed to going over the learning material. These behaviours were detected on learners who repeated the test at least 4 times before passing the course. These findings suggest that gauging the mastery of a learner from multiple-choice questions test scores alone is a naive approach. Thus, next steps will consider the incorporation of additional data points, knowledge estimation models to model knowledge mastery of a learner more accurately, and analysis of the data for correlations between knowledge development and identified learner behaviours. Additional work could explore how learner behaviours could be utilised to make changes to a course. For example, course content may require modifications (certain sections of learning material may be shown to not be helpful to many learners to master the learning outcomes aimed at) or course design (such as the type and duration of feedback).

Keywords: Compliance Course, Corporate Training, Learner Behaviours, xAPI.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 521

Authors: Othman O. Khalifa, Abdulrazzag Aburas, A. Al Bagul, Meftah Hrairi, Muhammad Shahril bin Shahbuddin, Harman bin Mat Kasa

Abstract:

Cellular communication is being widely used by all over the world. The users of handsets are increasing due to the request from marketing sector. The important aspect that has to be touch in this paper is about the security system of cellular communication. It is important to provide users with a secure channel for communication. A brief description of the new GSM cellular network architecture will be provided. Limitations of cellular networks, their security issues and the different types of attacks will be discussed. The paper will go over some new security mechanisms that have been proposed by researchers. Overall, this paper clarifies the security system or services of cellular communication using GSM. Three Malaysian Communication Companies were taken as Case study in this paper.

Keywords: GSM, Security systems, SIM CARD, IMSI, Authentication.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2441

Authors: C. P. Autry, A.W. Roscoe

Abstract:

Authentication protocols based on public key infrastructure (PKI) and trusted third party (TTP) are no longer adequate for industrial scale IoT networks thanks to issues such as low compute and power availability, the use of widely distributed and commercial off-the-shelf (COTS) systems, and the increasingly sophisticated attackers and attacks we now have to counter. For example, there is increasing concern about nation-state-based interference and future quantum computing capability. We have examined this space from first principles and have developed several approaches to group and point-to-point authentication for IoT that do not depend on the use of a centralised client-server model. We emphasise the use of quantum resistant primitives such as strong cryptographic hashing and the use multi-factor authentication.

Keywords: Authentication, enterprise IoT cybersecurity, public key infrastructure, trusted third party.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 421

Authors: Eric Filiol

Abstract:

This paper presents a protocol aiming at proving that an encryption system contains structural weaknesses without disclosing any information on those weaknesses. A verifier can check in a polynomial time that a given property of the cipher system output has been effectively realized. This property has been chosen by the prover in such a way that it cannot been achieved by known attacks or exhaustive search but only if the prover indeed knows some undisclosed weaknesses that may effectively endanger the cryptosystem security. This protocol has been denoted zero-knowledge-like proof of cryptanalysis. In this paper, we apply this protocol to the Bluetooth core encryption algorithm E0, used in many mobile environments and thus we suggest that its security can seriously be put into question.

Keywords: Bluetooth encryption, Bluetooth security, Bluetoothprotocol, Stream cipher, Zero-knowledge, Cryptanalysis

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1520

Authors: M. Junaid , Muid Mufti, M. Umar Ilyas

Abstract:

IEEE has recently incorporated CCMP protocol to provide robust security to IEEE 802.11 wireless LANs. It is found that CCMP has been designed with a weak nonce construction and transmission mechanism, which leads to the exposure of initial counter value. This weak construction of nonce renders the protocol vulnerable to attacks by intruders. This paper presents how the initial counter can be pre-computed by the intruder. This vulnerability of counter block value leads to pre-computation attack on the counter mode encryption of CCMP. The failure of the counter mode will result in the collapse of the whole security mechanism of 802.11 WLAN.

Keywords: Information Security, Cryptography, IEEE 802.11i, Computer security, Wireless LAN

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2639

Authors: Zeeshan Furqan, Shahabuddin Muhammad, Ratan Guha

Abstract:

IEEE has designed 802.11i protocol to address the security issues in wireless local area networks. Formal analysis is important to ensure that the protocols work properly without having to resort to tedious testing and debugging which can only show the presence of errors, never their absence. In this paper, we present the formal verification of an abstract protocol model of 802.11i. We translate the 802.11i protocol into the Strand Space Model and then prove the authentication property of the resulting model using the Strand Space formalism. The intruder in our model is imbued with powerful capabilities and repercussions to possible attacks are evaluated. Our analysis proves that the authentication of 802.11i is not compromised in the presented model. We further demonstrate how changes in our model will yield a successful man-in-the-middle attack.

Keywords: authentication, formal analysis, formal verification, security.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1474

Authors: Malaw Ndiaye, Karim Konate

Abstract:

Smart contracts are computer protocols that facilitate, verify, and execute the negotiation or execution of a contract, or that render a contractual term unnecessary. Blockchain and smart contracts can be used to facilitate almost any financial transaction. Thanks to these smart contracts, the settlement of dividends and coupons could be automated. Smart contracts have become lucrative and profitable targets for attackers because they can hold a great amount of money. Smart contracts, although widely used in blockchain technology, are far from perfect due to security concerns. Although a series of attacks are listed, there is a lack of discussions and proposals on improving security. This survey takes stock of smart contract security from a more comprehensive perspective by correlating the level of vulnerability and systematic review of security levels in smart contracts.

Keywords: Blockchain, bitcoin, smart Contract, criminal smart contract, security.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 442