Visible to the public Biblio

Filters: Author is Naik, N.  [Clear All Filters]
2019-10-15
Toradmalle, D., Singh, R., Shastri, H., Naik, N., Panchidi, V..  2018.  Prominence Of ECDSA Over RSA Digital Signature Algorithm. 2018 2nd International Conference on 2018 2nd International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC). :253–257.

Digital signatures are replacing paper-based work to make life easier for customers and employees in various industries. We rigorously use RSA and Elliptic Curve Cryptography (ECC) for public key cryptographic algorithms. Nowadays ECDSA (Elliptical Curve Digital Signature Algorithm) gaining more popularity than the RSA algorithm because of the better performance of ECDSA over RSA. The main advantage of ECC over RSA is ECC provides the same level of security with less key size and overhead than RSA. This paper focuses on a brief review of the performance of ECDSA and RSA in various aspects like time, security and power. This review tells us about why ECC has become the latest trend in the present cryptographic scenario.

2019-05-01
Naik, N., Shang, C., Shen, Q., Jenkins, P..  2018.  Vigilant Dynamic Honeypot Assisted by Dynamic Fuzzy Rule Interpolation. 2018 IEEE Symposium Series on Computational Intelligence (SSCI). :1731–1738.

Dynamic Fuzzy Rule Interpolation (D-FRI) offers a dynamic rule base for fuzzy systems which is especially useful for systems with changing requirements and limited prior knowledge. This suggests a possible application of D-FRI in the area of network security due to the volatility of the traffic. A honeypot is a valuable tool in the field of network security for baiting attackers and collecting their information. However, typically designed with fewer resources they are not considered as a primary security tool for use in network security. Consequently, such honeypots can be vulnerable to many security attacks. One such attack is a spoofing attack which can cause severe damage to the honeypot, making it inefficient. This paper presents a vigilant dynamic honeypot based on the D-FRI approach for use in predicting and alerting of spoofing attacks on the honeypot. First, it proposes a technique for spoofing attack identification based on the analysis of simulated attack data. Then, the paper employs the identification technique to develop a D-FRI based vigilant dynamic honeypot, allowing the honeypot to predict and alert that a spoofing attack is taking place in the absence of matching rules. The resulting system is capable of learning and maintaining a dynamic rule base for more accurate identification of potential spoofing attacks with respect to the changing traffic conditions of the network.

Naik, N., Jenkins, P., Kerby, B., Sloane, J., Yang, L..  2018.  Fuzzy Logic Aided Intelligent Threat Detection in Cisco Adaptive Security Appliance 5500 Series Firewalls. 2018 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE). :1-8.

Cisco Adaptive Security Appliance (ASA) 5500 Series Firewall is amongst the most popular and technically advanced for securing organisational networks and systems. One of its most valuable features is its threat detection function which is available on every version of the firewall running a software version of 8.0(2) or higher. Threat detection operates at layers 3 and 4 to determine a baseline for network traffic, analysing packet drop statistics and generating threat reports based on traffic patterns. Despite producing a large volume of statistical information relating to several security events, further effort is required to mine and visually report more significant information and conclude the security status of the network. There are several commercial off-the-shelf tools available to undertake this task, however, they are expensive and may require a cloud subscription. Furthermore, if the information transmitted over the network is sensitive or requires confidentiality, the involvement of a third party or a third-party tool may place organisational security at risk. Therefore, this paper presents a fuzzy logic aided intelligent threat detection solution, which is a cost-free, intuitive and comprehensible solution, enhancing and simplifying the threat detection process for all. In particular, it employs a fuzzy reasoning system based on the threat detection statistics, and presents results/threats through a developed dashboard user interface, for ease of understanding for administrators and users. The paper further demonstrates the successful utilisation of a fuzzy reasoning system for selected and prioritised security events in basic threat detection, although it can be extended to encompass more complex situations, such as complete basic threat detection, advanced threat detection, scanning threat detection, and customised feature based threat detection.

2019-02-08
Naik, N., Jenkins, P., Cooke, R., Yang, L..  2018.  Honeypots That Bite Back: A Fuzzy Technique for Identifying and Inhibiting Fingerprinting Attacks on Low Interaction Honeypots. 2018 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE). :1-8.
The development of a robust strategy for network security is reliant upon a combination of in-house expertise and for completeness attack vectors used by attackers. A honeypot is one of the most popular mechanisms used to gather information about attacks and attackers. However, low-interaction honeypots only emulate an operating system and services, and are more prone to a fingerprinting attack, resulting in severe consequences such as revealing the identity of the honeypot and thus ending the usefulness of the honeypot forever, or worse, enabling it to be converted into a bot used to attack others. A number of tools and techniques are available both to fingerprint low-interaction honeypots and to defend against such fingerprinting; however, there is an absence of fingerprinting techniques to identify the characteristics and behaviours that indicate fingerprinting is occurring. Therefore, this paper proposes a fuzzy technique to correlate the attack actions and predict the probability that an attack is a fingerprinting attack on the honeypot. Initially, an experimental assessment of the fingerprinting attack on the low- interaction honeypot is performed, and a fingerprinting detection mechanism is proposed that includes the underlying principles of popular fingerprinting attack tools. This implementation is based on a popular and commercially available low-interaction honeypot for Windows - KFSensor. However, the proposed fuzzy technique is a general technique and can be used with any low-interaction honeypot to aid in the identification of the fingerprinting attack whilst it is occurring; thus protecting the honeypot from the fingerprinting attack and extending its life.
2018-02-14
Naik, N., Jenkins, P., Newell, D..  2017.  Choice of suitable Identity and Access Management standards for mobile computing and communication. 2017 24th International Conference on Telecommunications (ICT). :1–6.
Enterprises have recognised the importance of personal mobile devices for business and official use. Employees and consumers have been freely accessing resources and services from their principal organisation and partners' businesses on their mobile devices, to improve the efficiency and productivity of their businesses. This mobile computing-based business model has one major challenge, that of ascertaining and linking users' identities and access rights across business partners. The parent organisation owns all the confidential information about users but the collaborative organisation has to verify users' identities and access rights to allow access to their services and resources. This challenge involves resolving how to communicate users' identities to collaborative organisations without sending their confidential information. Several generic Identity and Access Management (IAM) standards have been proposed, and three have become established standards: Security Assertion Markup Language (SAML), Open Authentication (OAuth), and OpenID Connect (OIDC). Mobile computing and communication have some specific requirements and limitations; therefore, this paper evaluates these IAM standards to ascertain suitable IAM to protect mobile computing and communication. This evaluation is based on the three types of analyses: comparative analysis, suitability analysis and security vulnerability analysis of SAML, OAuth and OIDC.
Naik, N., Jenkins, P..  2017.  Securing digital identities in the cloud by selecting an apposite Federated Identity Management from SAML, OAuth and OpenID Connect. 2017 11th International Conference on Research Challenges in Information Science (RCIS). :163–174.
Access to computer systems and the information held on them, be it commercially or personally sensitive, is naturally, strictly controlled by both legal and technical security measures. One such method is digital identity, which is used to authenticate and authorize users to provide access to IT infrastructure to perform official, financial or sensitive operations within organisations. However, transmitting and sharing this sensitive information with other organisations over insecure channels always poses a significant security and privacy risk. An example of an effective solution to this problem is the Federated Identity Management (FIdM) standard adopted in the cloud environment. The FIdM standard is used to authenticate and authorize users across multiple organisations to obtain access to their networks and resources without transmitting sensitive information to other organisations. Using the same authentication and authorization details among multiple organisations in one federated group, it protects the identities and credentials of users in the group. This protection is a balance, mitigating security risk whilst maintaining a positive experience for users. Three of the most popular FIdM standards are Security Assertion Markup Language (SAML), Open Authentication (OAuth), and OpenID Connect (OIDC). This paper presents an assessment of these standards considering their architectural design, working, security strength and security vulnerability, to cognise and ascertain effective usages to protect digital identities and credentials. Firstly, it explains the architectural design and working of these standards. Secondly, it proposes several assessment criteria and compares functionalities of these standards based on the proposed criteria. Finally, it presents a comprehensive analysis of their security vulnerabilities to aid in selecting an apposite FIdM. This analysis of security vulnerabilities is of great significance because their improper or erroneous deployme- t may be exploited for attacks.