337 resultados para 802.11 security protocols
Resumo:
Handover performance is critical to support real-time traffic applications in wireless network communications. The longer the handover delay is, the longer an Mobile Node (MN) is prevented from sending and receiving any data packet. In real-time network communication applications, such as VoIP and video-conference, a long handover delay is often unacceptable. In order to achieve better handover performance, Fast Proxy Mobile IPv6 (FPMIPv6) has been standardised as an improvement to the original Proxy Mobile IPv6 (PMIPv6) in the Internet Engineering Task Force (IETF). The FPMIPv6 adopts a link layer triggering mechanism to perform two modes of operation: predictive and reactive modes. Using the link layer triggering, the handover performance of the FPMIPv6 can be improved in the predictive mode. However, an unsuccessful predictive handover operation will lead to activation of a reactive handover. In the reactive mode, MNs still experience long handover delays and a large amount of packet loss, which significantly degrade the handover performance of the FPMIPv6. Addressing this problem, this thesis presents an Enhanced Triggering Mechanism (ETM) in the FPMIPv6 to form an enhanced FPMIPv6 (eFPMIPv6). The ETM reduces the most time consuming processes in the reactive handover: the failed Handover Initiate (HO-Initiate) delay and bidirectional tunnel establishment delay. Consequently, the overall handover performance of the FPMIPv6 is enhanced in the eFPMIPv6. To show the advantages of the proposed eFPMIPv6, a theoretical analysis is carried out to mathematically model the performance of PMIPv6, FPMIPv6 and eFPMIPv6. Extensive case studies are conducted to validate the effectiveness of the presented eFPMIPv6 mechanism. They are carried out under various scenarios with changes in network link delay, traffic load, number of hops and MN moving velocity. The case studies show that the proposed mechanism ETM reduces the reactive handover delay, and the presented eFPMIPv6 outperforms the PMIPv6 and FPMIPv6 in terms of the overall handover performance.
Resumo:
Wi-Fi is a commonly available source of localization information in urban environments but is challenging to integrate into conventional mapping architectures. Current state of the art probabilistic Wi-Fi SLAM algorithms are limited by spatial resolution and an inability to remove the accumulation of rotational error, inherent limitations of the Wi-Fi architecture. In this paper we leverage the low quality sensory requirements and coarse metric properties of RatSLAM to localize using Wi-Fi fingerprints. To further improve performance, we present a novel sensor fusion technique that integrates camera and Wi-Fi to improve localization specificity, and use compass sensor data to remove orientation drift. We evaluate the algorithms in diverse real world indoor and outdoor environments, including an office floor, university campus and a visually aliased circular building loop. The algorithms produce topologically correct maps that are superior to those produced using only a single sensor modality.
Resumo:
Nth-Dimensional Truncated Polynomial Ring (NTRU) is a lattice-based public-key cryptosystem that offers encryption and digital signature solutions. It was designed by Silverman, Hoffstein and Pipher. The NTRU cryptosystem was patented by NTRU Cryptosystems Inc. (which was later acquired by Security Innovations) and available as IEEE 1363.1 and X9.98 standards. NTRU is resistant to attacks based on Quantum computing, to which the standard RSA and ECC public-key cryptosystems are vulnerable to. In addition, NTRU has higher performance advantages over these cryptosystems. Considering this importance of NTRU, it is highly recommended to adopt NTRU as part of a cipher suite along with widely used cryptosystems for internet security protocols and applications. In this paper, we present our analytical study on the implementation of NTRU encryption scheme which serves as a guideline for security practitioners who are novice to lattice-based cryptography or even cryptography. In particular, we show some non-trivial issues that should be considered towards a secure and efficient NTRU implementation.
Resumo:
The privacy of efficient tree-based RFID authentication protocols is heavily dependent on the branching factor on the top layer. Indefinitely increasing the branching factor, however, is not a viable option. This paper proposes the alternate-tree walking scheme as well as two protocols to circumvent this problem. The privacy of the resulting protocols is shown to be comparable to that of linear-time protocols, where there is no leakage of information, whilst reducing the computational load of the database by one-third of what is required of tree-based protocols during authentication. We also identify and address a limitation in quantifying privacy in RFID protocols.
Resumo:
The evolution of classic power grids to smart grids creates chances for most participants in the energy sector. Customers can save money by reducing energy consumption, energy providers can better predict energy demand and environment benefits since lower energy consumption implies lower energy production including a decrease of emissions from plants. But information and communication systems supporting smart grids can also be subject to classical or new network attacks. Attacks can result in serious damage such as harming privacy of customers, creating economical loss and even disturb the power supply/demand balance of large regions and countries. In this paper, we give an overview about the German smart measuring architecture, protocols and security. Afterwards, we present a simulation framework which enables researchers to analyze security aspects of smart measuring scenarios.
Resumo:
The Transport Layer Security (TLS) protocol is the most widely used security protocol on the Internet. It supports negotiation of a wide variety of cryptographic primitives through different cipher suites, various modes of client authentication, and additional features such as renegotiation. Despite its widespread use, only recently has the full TLS protocol been proven secure, and only the core cryptographic protocol with no additional features. These additional features have been the cause of several practical attacks on TLS. In 2009, Ray and Dispensa demonstrated how TLS renegotiation allows an attacker to splice together its own session with that of a victim, resulting in a man-in-the-middle attack on TLS-reliant applications such as HTTP. TLS was subsequently patched with two defence mechanisms for protection against this attack. We present the first formal treatment of renegotiation in secure channel establishment protocols. We add optional renegotiation to the authenticated and confidential channel establishment model of Jager et al., an adaptation of the Bellare--Rogaway authenticated key exchange model. We describe the attack of Ray and Dispensa on TLS within our model. We show generically that the proposed fixes for TLS offer good protection against renegotiation attacks, and give a simple new countermeasure that provides renegotiation security for TLS even in the face of stronger adversaries.
Resumo:
Whether by using electronic banking, by using credit cards, or by synchronising a mobile telephone via Bluetooth to an in-car system, humans are a critical part in many cryptographic protocols daily. We reduced the gap that exists between the theory and the reality of the security of these cryptographic protocols involving humans, by creating tools and techniques for proofs and implementations of human-followable security. After three human research studies, we present a model for capturing human recognition; we provide a tool for generating values called Computer-HUman Recognisable Nonces (CHURNs); and we provide a model for capturing human perceptible freshness.
Resumo:
This research introduces a general methodology in order to create a Coloured Petri Net (CPN) model of a security protocol. Then standard or user-defined security properties of the created CPN model are identified. After adding an attacker model to the protocol model, the security property is verified using state space method. This approach is applied to analyse a number of trusted computing protocols. The results show the applicability of proposed method to analyse both standard and user-defined properties.
Resumo:
At NDSS 2012, Yan et al. analyzed the security of several challenge-response type user authentication protocols against passive observers, and proposed a generic counting based statistical attack to recover the secret of some counting based protocols given a number of observed authentication sessions. Roughly speaking, the attack is based on the fact that secret (pass) objects appear in challenges with a different probability from non-secret (decoy) objects when the responses are taken into account. Although they mentioned that a protocol susceptible to this attack should minimize this difference, they did not give details as to how this can be achieved barring a few suggestions. In this paper, we attempt to fill this gap by generalizing the attack with a much more comprehensive theoretical analysis. Our treatment is more quantitative which enables us to describe a method to theoretically estimate a lower bound on the number of sessions a protocol can be safely used against the attack. Our results include 1) two proposed fixes to make counting protocols practically safe against the attack at the cost of usability, 2) the observation that the attack can be used on non-counting based protocols too as long as challenge generation is contrived, 3) and two main design principles for user authentication protocols which can be considered as extensions of the principles from Yan et al. This detailed theoretical treatment can be used as a guideline during the design of counting based protocols to determine their susceptibility to this attack. The Foxtail protocol, one of the protocols analyzed by Yan et al., is used as a representative to illustrate our theoretical and experimental results.
Resumo:
The Australasian Information Security Conference (AISC) 2011 was held on 18th-19th January 2011 in Perth, Australia, as a part of the Australasian Computer Science Week 2011. AISC grew out of the Australasian Information Security Workshop and officially changed the name to Australasian Information Security Conference in 2008. The main aim of the AISC is to provide a venue for Australasian and other researchers to present their work on all aspects of information security and promote collaboration between academic and industrial researchers working in this area.
Resumo:
In this paper, the security of two recent RFID mutual authentication protocols are investigated. The first protocol is a scheme proposed by Huang et al. [7] and the second one by Huang, Lin and Li [6]. We show that these two protocols have several weaknesses. In Huang et al.’s scheme, an adversary can determine the 32-bit secret password with a probability of 2−2 , and in Huang-Lin-Li scheme, a passive adversary can recognize a target tag with a success probability of 1−2−4 and an active adversary can determine all 32 bits of Access password with success probability of 2−4 . The computational complexity of these attacks is negligible.
Resumo:
In this work, we examine unbalanced computation between an initiator and a responder that leads to resource exhaustion attacks in key exchange protocols. We construct models for two cryp-tographic protocols; one is the well-known Internet protocol named Secure Socket Layer (SSL) protocol, and the other one is the Host Identity Protocol (HIP) which has built-in DoS-resistant mechanisms. To examine such protocols, we develop a formal framework based on Timed Coloured Petri Nets (Timed CPNs) and use a simulation approach provided in CPN Tools to achieve a formal analysis. By adopting the key idea of Meadows' cost-based framework and re¯ning the de¯nition of operational costs during the protocol execution, our simulation provides an accurate cost estimate of protocol execution compar- ing among principals, as well as the percentage of successful connections from legitimate users, under four di®erent strategies of DoS attack.
