Visible to the public Biblio

Filters: Keyword is replay attack  [Clear All Filters]
A., Jesudoss, M., Mercy Theresa.  2019.  Hardware-Independent Authentication Scheme Using Intelligent Captcha Technique. 2019 IEEE International Conference on Electrical, Computer and Communication Technologies (ICECCT). :1—7.

This paper provides hardware-independent authentication named as Intelligent Authentication Scheme, which rectifies the design weaknesses that may be exploited by various security attacks. The Intelligent Authentication Scheme protects against various types of security attacks such as password-guessing attack, replay attack, streaming bots attack (denial of service), keylogger, screenlogger and phishing attack. Besides reducing the overall cost, it also balances both security and usability. It is a unique authentication scheme.

Nishida, Kanata, Nozaki, Yusuke, Yoshikawa, Masaya.  2019.  Security Evaluation of Counter Synchronization Method for CAN Against DoS Attack. 2019 IEEE 8th Global Conference on Consumer Electronics (GCCE). :166–167.
MAC using a counter value in message authentication for in-vehicle network prevents replay attack. When synchronization deviation of the counter value occurs between the sender and receiver, a message cannot be authenticated correctly because the generated MACs are different. Thus, a counter synchronization method has been proposed. In addition, injection and replay attack of a synchronization message for the synchronization method have been performed. However, DoS attack on the synchronization method has not been conducted. This study performs DoS attack in order to evaluate security of the synchronization method. Experimental results reveal the vulnerability of the synchronization method against DoS attack.
Joseph, Justin, Bhadauria, Saumya.  2019.  Cookie Based Protocol to Defend Malicious Browser Extensions. 2019 International Carnahan Conference on Security Technology (ICCST). :1—6.
All popular browsers support browser extensions. They are small software module for customizing web browsers. It provides extra features like user interface modifications, ad blocking, cookie management and so on. As features increase, security becomes more difficult. The impact of malicious browser extensions is also enormous. More than 1 million Chrome users got affected by extensions from Chrome store itself. [1] The risk further increases with offline extension installations. The privileges browser extensions have, pave the path for many kinds of attacks. Replay attack and session hijacking are two of these attacks we are dealing here. Here we propose a defence system based on dynamic encrypted cookies to defend these attacks. We use cookies as token for continuous authentication, which protects entire communication. Static cookies are prone for session hijacking, and therefore we use dynamic cookies which are sealed with encryption. It also protects from replay attack by changing itself, making previous message obsolete. This essentially solves both of the problems.
Lastinec, Jan, Keszeli, Mario.  2019.  Analysis of Realistic Attack Scenarios in Vehicle Ad-Hoc Networks. 2019 7th International Symposium on Digital Forensics and Security (ISDFS). :1–6.

The pace of technological development in automotive and transportation has been accelerating rapidly in recent years. Automation of driver assistance systems, autonomous driving, increasing vehicle connectivity and emerging inter-vehicular communication (V2V) are among the most disruptive innovations, the latter of which also raises numerous unprecedented security concerns. This paper is focused on the security of V2V communication in vehicle ad-hoc networks (VANET) with the main goal of identifying realistic attack scenarios and evaluating their impact, as well as possible security countermeasures to thwart the attacks. The evaluation has been done in OMNeT++ simulation environment and the results indicate that common attacks, such as replay attack or message falsification, can be eliminated by utilizing digital signatures and message validation. However, detection and mitigation of advanced attacks such as Sybil attack requires more complex approach. The paper also presents a simple detection method of Sybil nodes based on measuring the signal strength of received messages and maintaining reputation of sending nodes. The evaluation results suggest that the presented method is able to detect Sybil nodes in VANET and contributes to the improvement of traffic flow.

Kalaivani, S., Vikram, A., Gopinath, G..  2019.  An Effective Swarm Optimization Based Intrusion Detection Classifier System for Cloud Computing. 2019 5th International Conference on Advanced Computing Communication Systems (ICACCS). :185–188.
Most of the swarm optimization techniques are inspired by the characteristics as well as behaviour of flock of birds whereas Artificial Bee Colony is based on the foraging characteristics of the bees. However, certain problems which are solved by ABC do not yield desired results in-terms of performance. ABC is a new devised swarm intelligence algorithm and predominately employed for optimization of numerical problems. The main reason for the success of ABC algorithm is that it consists of feature such as fathomable and flexibility when compared to other swarm optimization algorithms and there are many possible applications of ABC. Cloud computing has their limitation in their application and functionality. The cloud computing environment experiences several security issues such as Dos attack, replay attack, flooding attack. In this paper, an effective classifier is proposed based on Artificial Bee Colony for cloud computing. It is evident in the evaluation results that the proposed classifier achieved a higher accuracy rate.
Avila, J, Prem, S, Sneha, R, Thenmozhi, K.  2018.  Mitigating Physical Layer Attack in Cognitive Radio - A New Approach. 2018 International Conference on Computer Communication and Informatics (ICCCI). :1-4.

With the improvement in technology and with the increase in the use of wireless devices there is deficiency of radio spectrum. Cognitive radio is considered as the solution for this problem. Cognitive radio is capable to detect which communication channels are in use and which are free, and immediately move into free channels while avoiding the used ones. This increases the usage of radio frequency spectrum. Any wireless system is prone to attack. Likewise, the main two attacks in the physical layer of cognitive radio are Primary User Emulation Attack (PUEA) and replay attack. This paper focusses on mitigating these two attacks with the aid of authentication tag and distance calculation. Mitigation of these attacks results in error free transmission which in turn fallouts in efficient dynamic spectrum access.

Kazemi, M., Delavar, M., Mohajeri, J., Salmasizadeh, M..  2018.  On the Security of an Efficient Anonymous Authentication with Conditional Privacy-Preserving Scheme for Vehicular Ad Hoc Networks. Iranian Conference on Electrical Engineering (ICEE). :510–514.

Design of anonymous authentication scheme is one of the most important challenges in Vehicular Ad hoc Networks (VANET). Most of the existing schemes have high computational and communication overhead and they do not meet security requirements. Recently, Azees et al. have introduced an Efficient Anonymous Authentication with Conditional Privacy-Preserving (EAAP) scheme for VANET and claimed that it is secure. In this paper, we show that this protocol is vulnerable against replay attack, impersonation attack and message modification attack. Also, we show that the messages sent by a vehicle are linkable. Therefore, an adversary can easily track the vehicles. In addition, it is shown that vehicles face with some problems when they enter in a new Trusted Authority (TA) range. As a solution, we propose a new authentication protocol which is more secure than EAAP protocol without increasing its computational and communication overhead.

Shi, Z., Chen, J., Chen, S., Ren, S..  2017.  A lightweight RFID authentication protocol with confidentiality and anonymity. 2017 IEEE 2nd Advanced Information Technology, Electronic and Automation Control Conference (IAEAC). :1631–1634.

Radio Frequency IDentification(RFID) is one of the most important sensing techniques for Internet of Things(IoT) and RFID systems have been applied to various different fields. But an RFID system usually uses open wireless radio wave to communicate and this will lead to a serious threat to its privacy and security. The current popular RFID tags are some low-cost passive tags. Their computation and storage resources are very limited. It is not feasible for them to complete some complicated cryptographic operations. So it is very difficult to protect the security and privacy of an RFID system. Lightweight authentication protocol is considered as an effective approach. Many typical authentication protocols usually use Hash functions so that they require more computation and storage resources. Based on CRC function, we propose a lightweight RFID authentication protocol, which needs less computation and storage resources than Hash functions. This protocol exploits an on-chip CRC function and a pseudorandom number generator to ensure the anonymity and freshness of communications between reader and tag. It provides forward security and confidential communication. It can prevent eavesdropping, location trace, replay attack, spoofing and DOS-attack effectively. It is very suitable to be applied to RFID systems.

Beevi, L. S., Merlin, G., MoganaPriya, G..  2016.  Security and privacy for smart grid using scalable key management. 2016 International Conference on Electrical, Electronics, and Optimization Techniques (ICEEOT). :4716–4721.

This paper focuses on the issues of secure key management for smart grid. With the present key management schemes, it will not yield security for deployment in smart grid. A novel key management scheme is proposed in this paper which merges elliptic curve public key technique and symmetric key technique. Based on the Needham-Schroeder authentication protocol, symmetric key scheme works. Well known threats like replay attack and man-in-the-middle attack can be successfully abolished using Smart Grid. The benefits of the proposed system are fault-tolerance, accessibility, Strong security, scalability and Efficiency.

M. Vahidalizadehdizaj, L. Tao.  2015.  "A new mobile payment protocol (GMPCP) by using a new key agreement protocol (GC)". 2015 IEEE International Conference on Intelligence and Security Informatics (ISI). :169-172.

According to the advancement of mobile devices and wireless network technology, these portable devices became the potential devices that can be used for different types of payments. Recently, most of the people would rather to do their activities by their cellphones. On the other hand, there are some issues that hamper the widespread acceptance of mobile payment among people. The traditional ways of mobile payment are not secure enough, since they follow the traditional flow of data. This paper is going to suggest a new protocol named Golden Mobile Pay Center Protocol that is based on client centric model. The suggested protocol downgrade the computational operations and communications that are necessary between the engaging parties and achieves a completely privacy protection for the engaging parties. It avoids transaction repudiation among the engaging parties and will decrease replay attack s risk. The goal of the protocol is to help n users to have payments to each others'. Besides, it will utilize a new key agreement protocol named Golden Circle that is working by employing symmetric key operations. GMPCP uses GC for generating a shared session key between n users.

Alshammari, H., Elleithy, K., Almgren, K., Albelwi, S..  2014.  Group signature entanglement in e-voting system. Systems, Applications and Technology Conference (LISAT), 2014 IEEE Long Island. :1-4.

In any security system, there are many security issues that are related to either the sender or the receiver of the message. Quantum computing has proven to be a plausible approach to solving many security issues such as eavesdropping, replay attack and man-in-the-middle attack. In the e-voting system, one of these issues has been solved, namely, the integrity of the data (ballot). In this paper, we propose a scheme that solves the problem of repudiation that could occur when the voter denies the value of the ballot either for cheating purposes or for a real change in the value by a third party. By using an entanglement concept between two parties randomly, the person who is going to verify the ballots will create the entangled state and keep it in a database to use it in the future for the purpose of the non-repudiation of any of these two voters.

Izu, T., Sakemi, Y., Takenaka, M., Torii, N..  2014.  A Spoofing Attack against a Cancelable Biometric Authentication Scheme. Advanced Information Networking and Applications (AINA), 2014 IEEE 28th International Conference on. :234-239.

ID/password-based authentication is commonly used in network services. Some users set different ID/password pairs for different services, but other users reuse a pair of ID/password to other services. Such recycling allows the list attack in which an adversary tries to spoof a target user by using a list of IDs and passwords obtained from other system by some means (an insider attack, malwares, or even a DB leakage). As a countermeasure agains the list attack, biometric authentication attracts much attention than before. In 2012, Hattori et al. proposed a cancelable biometrics authentication scheme (fundamental scheme) based on homomorphic encryption algorithms. In the scheme, registered biometric information (template) and biometric information to compare are encrypted, and the similarity between these biometric information is computed with keeping encrypted. Only the privileged entity (a decryption center), who has a corresponding decryption key, can obtain the similarity by decrypting the encrypted similarity and judge whether they are same or not. Then, Hirano et al. showed the replay attack against this scheme, and, proposed two enhanced authentication schemes. In this paper, we propose a spoofing attack against the fundamental scheme when the feature vector, which is obtained by digitalizing the analogue biometric information, is represented as a binary coding such as Iris Code and Competitive Code. The proposed attack uses an unexpected vector as input, whose distance to all possible binary vectors is constant. Since the proposed attack is independent from the replay attack, the attack is also applicable to two revised schemes by Hirano et al. as well. Moreover, this paper also discusses possible countermeasures to the proposed spoofing attack. In fact, this paper proposes a countermeasure by detecting such unexpected vector.