Visible to the public Biblio

Found 151 results

Filters: Keyword is cryptographic protocols  [Clear All Filters]
2019-11-12
Dreier, Jannik, Hirschi, Lucca, Radomirovic, Sasa, Sasse, Ralf.  2018.  Automated Unbounded Verification of Stateful Cryptographic Protocols with Exclusive OR. 2018 IEEE 31st Computer Security Foundations Symposium (CSF). :359-373.

Exclusive-or (XOR) operations are common in cryptographic protocols, in particular in RFID protocols and electronic payment protocols. Although there are numerous applications, due to the inherent complexity of faithful models of XOR, there is only limited tool support for the verification of cryptographic protocols using XOR. The Tamarin prover is a state-of-the-art verification tool for cryptographic protocols in the symbolic model. In this paper, we improve the underlying theory and the tool to deal with an equational theory modeling XOR operations. The XOR theory can be freely combined with all equational theories previously supported, including user-defined equational theories. This makes Tamarin the first tool to support simultaneously this large set of equational theories, protocols with global mutable state, an unbounded number of sessions, and complex security properties including observational equivalence. We demonstrate the effectiveness of our approach by analyzing several protocols that rely on XOR, in particular multiple RFID-protocols, where we can identify attacks as well as provide proofs.

2019-10-30
Ghose, Nirnimesh, Lazos, Loukas, Li, Ming.  2018.  Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks. 2018 IEEE Symposium on Security and Privacy (SP). :819-835.
In this paper, we address the fundamental problem of securely bootstrapping a group of wireless devices to a hub, when none of the devices share prior associations (secrets) with the hub or between them. This scenario aligns with the secure deployment of body area networks, IoT, medical devices, industrial automation sensors, autonomous vehicles, and others. We develop VERSE, a physical-layer group message integrity verification primitive that effectively detects advanced wireless signal manipulations that can be used to launch man-in-the-middle (MitM) attacks over wireless. Without using shared secrets to establish authenticated channels, such attacks are notoriously difficult to thwart and can undermine the authentication and key establishment processes. VERSE exploits the existence of multiple devices to verify the integrity of the messages exchanged within the group. We then use VERSE to build a bootstrapping protocol, which securely introduces new devices to the network. Compared to the state-of-the-art, VERSE achieves in-band message integrity verification during secure pairing using only the RF modality without relying on out-of-band channels or extensive human involvement. It guarantees security even when the adversary is capable of fully controlling the wireless channel by annihilating and injecting wireless signals. We study the limits of such advanced wireless attacks and prove that the introduction of multiple legitimate devices can be leveraged to increase the security of the pairing process. We validate our claims via theoretical analysis and extensive experimentations on the USRP platform. We further discuss various implementation aspects such as the effect of time synchronization between devices and the effects of multipath and interference. Note that the elimination of shared secrets, default passwords, and public key infrastructures effectively addresses the related key management challenges when these are considered at scale.
2019-10-23
Szalachowski, Pawel.  2018.  (Short Paper) Towards More Reliable Bitcoin Timestamps. 2018 Crypto Valley Conference on Blockchain Technology (CVCBT). :101-104.

Bitcoin provides freshness properties by forming a blockchain where each block is associated with its timestamp and the previous block. Due to these properties, the Bitcoin protocol is being used as a decentralized, trusted, and secure timestamping service. Although Bitcoin participants which create new blocks cannot modify their order, they can manipulate timestamps almost undetected. This undermines the Bitcoin protocol as a reliable timestamping service. In particular, a newcomer that synchronizes the entire blockchain has a little guarantee about timestamps of all blocks. In this paper, we present a simple yet powerful mechanism that increases the reliability of Bitcoin timestamps. Our protocol can provide evidence that a block was created within a certain time range. The protocol is efficient, backward compatible, and surprisingly, currently deployed SSL/TLS servers can act as reference time sources. The protocol has many applications and can be used for detecting various attacks against the Bitcoin protocol.

Chen, Jing, Yao, Shixiong, Yuan, Quan, He, Kun, Ji, Shouling, Du, Ruiying.  2018.  CertChain: Public and Efficient Certificate Audit Based on Blockchain for TLS Connections. IEEE INFOCOM 2018 - IEEE Conference on Computer Communications. :2060-2068.

In recent years, real-world attacks against PKI take place frequently. For example, malicious domains' certificates issued by compromised CAs are widespread, and revoked certificates are still trusted by clients. In spite of a lot of research to improve the security of SSL/TLS connections, there are still some problems unsolved. On one hand, although log-based schemes provided certificate audit service to quickly detect CAs' misbehavior, the security and data consistency of log servers are ignored. On the other hand, revoked certificates checking is neglected due to the incomplete, insecure and inefficient certificate revocation mechanisms. Further, existing revoked certificates checking schemes are centralized which would bring safety bottlenecks. In this paper, we propose a blockchain-based public and efficient audit scheme for TLS connections, which is called Certchain. Specially, we propose a dependability-rank based consensus protocol in our blockchain system and a new data structure to support certificate forward traceability. Furthermore, we present a method that utilizes dual counting bloom filter (DCBF) with eliminating false positives to achieve economic space and efficient query for certificate revocation checking. The security analysis and experimental results demonstrate that CertChain is suitable in practice with moderate overhead.

2019-10-15
Detken, K., Jahnke, M., Humann, M., Rollgen, B..  2018.  Integrity and Non-Repudiation of VoIP Streams with TPM2.0 over Wi-Fi Networks. 2018 IEEE 4th International Symposium on Wireless Systems within the International Conferences on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS-SWS). :82–87.
The complete digitization of telecommunications allows new attack scenarios, which have not been possible with legacy phone technologies before. The reason is that physical access to legacy phone technologies was necessary. Regarding internet-based communication like voice over the internet protocol (VoIP), which can be established between random nodes, eavesdropping can happen everywhere and much easier. Additionally, injection of undesirable communication like SPAM or SPIT in digital networks is simpler, too. Encryption is not sufficient because it is also necessary to know which participants are talking to each other. For that reason, the research project INTEGER has been started with the main goals of providing secure authentication and integrity of a VoIP communication by using a digital signature. The basis of this approach is the Trusted Platform Module (TPM) of the Trusted Computing Group (TCG) which works as a hardware-based trusted anchor. The TPM will be used inside of wireless IP devices with VoIP softphones. The question is if it is possible to fulfill the main goals of the project in wireless scenarios with Wi-Fi technologies. That is what this contribution aims to clarify.
2019-10-08
Kim, S., Jin, S., Lee, Y., Park, B., Kim, H., Hong, S..  2018.  Single Trace Side Channel Analysis on Quantum Key Distribution. 2018 International Conference on Information and Communication Technology Convergence (ICTC). :736–739.

The security of current key exchange protocols such as Diffie-Hellman key exchange is based on the hardness of number theoretic problems. However, these key exchange protocols are threatened by weak random number generators, advances to CPU power, a new attack from the eavesdropper, and the emergence of a quantum computer. Quantum Key Distribution (QKD) addresses these challenges by using quantum properties to exchange a secret key without the risk of being intercepted. Recent developments on the QKD system resulted in a stable key generation with fewer errors so that the QKD system is rapidly becoming a solid commercial proposition. However, although the security of the QKD system is guaranteed by quantum physics, its careless implementation could make the system vulnerable. In this paper, we proposed the first side-channel attack on plug-and-play QKD system. Through a single electromagnetic trace obtained from the phase modulator on Alice's side, we were able to classify the electromagnetic trace into four classes, which corresponds to the number of bit and basis combination in the BB84 protocol. We concluded that the plug-and-play QKD system is vulnerable to side-channel attack so that the countermeasure must be considered.

Rahman, M. S., Hossam-E-Haider, M..  2019.  Quantum IoT: A Quantum Approach in IoT Security Maintenance. 2019 International Conference on Robotics,Electrical and Signal Processing Techniques (ICREST). :269–272.

Securing Internet of things is a major concern as it deals with data that are personal, needed to be reliable, can direct and manipulate device decisions in a harmful way. Also regarding data generation process is heterogeneous, data being immense in volume, complex management. Quantum Computing and Internet of Things (IoT) coined as Quantum IoT defines a concept of greater security design which harness the virtue of quantum mechanics laws in Internet of Things (IoT) security management. Also it ensures secured data storage, processing, communication, data dynamics. In this paper, an IoT security infrastructure is introduced which is a hybrid one, with an extra layer, which ensures quantum state. This state prevents any sort of harmful actions from the eavesdroppers in the communication channel and cyber side, by maintaining its state, protecting the key by quantum cryptography BB84 protocol. An adapted version is introduced specific to this IoT scenario. A classical cryptography system `One-Time pad (OTP)' is used in the hybrid management. The novelty of this paper lies with the integration of classical and quantum communication for Internet of Things (IoT) security.

2019-10-02
Wang, S., Zhu, S., Zhang, Y..  2018.  Blockchain-Based Mutual Authentication Security Protocol for Distributed RFID Systems. 2018 IEEE Symposium on Computers and Communications (ISCC). :00074–00077.

Since radio frequency identification (RFID) technology has been used in various scenarios such as supply chain, access control system and credit card, tremendous efforts have been made to improve the authentication between tags and readers to prevent potential attacks. Though effective in certain circumstances, these existing methods usually require a server to maintain a database of identity related information for every tag, which makes the system vulnerable to the SQL injection attack and not suitable for distributed environment. To address these problems, we now propose a novel blockchain-based mutual authentication security protocol. In this new scheme, there is no need for the trusted third parties to provide security and privacy for the system. Authentication is executed as an unmodifiable transaction based on blockchain rather than database, which applies to distributed RFID systems with high security demand and relatively low real-time requirement. Analysis shows that our protocol is logically correct and can prevent multiple attacks.

Cherneva, V., Trahan, J..  2019.  A Secure and Efficient Parallel-Dependency RFID Grouping-Proof Protocol. 2019 IEEE International Conference on RFID (RFID). :1–8.

In this time of ubiquitous computing and the evolution of the Internet of Things (IoT), the deployment and development of Radio Frequency Identification (RFID) is becoming more extensive. Proving the simultaneous presence of a group of RFID tagged objects is a practical need in many application areas within the IoT domain. Security, privacy, and efficiency are central issues when designing such a grouping-proof protocol. This work is motivated by our serial-dependent and Sundaresan et al.'s grouping-proof protocols. In this paper, we propose a light, improved offline protocol: parallel-dependency grouping-proof protocol (PDGPP). The protocol focuses on security, privacy, and efficiency. PDGPP tackles the challenges of including robust privacy mechanisms and accommodates missing tags. It is scalable and complies with EPC C1G2.

Sharma, V., Vithalkar, A., Hashmi, M..  2018.  Lightweight Security Protocol for Chipless RFID in Internet of Things (IoT) Applications. 2018 10th International Conference on Communication Systems Networks (COMSNETS). :468–471.

The RFID based communication between objects within the framework of IoT is potentially very efficient in terms of power requirements and system complexity. The new design incorporating the emerging chipless RFID tags has the potential to make the system more efficient and simple. However, these systems are prone to privacy and security risks and these challenges associated with such systems have not been addressed appropriately in the broader IoT framework. In this context, a lightweight collision free algorithm based on n-bit pseudo random number generator, X-OR hash function, and rotations for chipless RFID system is presented. The algorithm has been implemented on an 8-bit open-loop resonator based chipless RFID tag based system and is validated using BASYS 2 FPGA board based platform. The proposed scheme has been shown to possess security against various attacks such as Denial of Service (DoS), tag/reader anonymity, and tag impersonation.

2019-09-23
Eugster, P., Marson, G. A., Poettering, B..  2018.  A Cryptographic Look at Multi-party Channels. 2018 IEEE 31st Computer Security Foundations Symposium (CSF). :31–45.
Cryptographic channels aim to enable authenticated and confidential communication over the Internet. The general understanding seems to be that providing security in the sense of authenticated encryption for every (unidirectional) point-to-point link suffices to achieve this goal. As recently shown (in FSE17/ToSC17), however, the security properties of the unidirectional links do not extend, in general, to the bidirectional channel as a whole. Intuitively, the reason for this is that the increased interaction in bidirectional communication can be exploited by an adversary. The same applies, a fortiori, in a multi-party setting where several users operate concurrently and the communication develops in more directions. In the cryptographic literature, however, the targeted goals for group communication in terms of channel security are still unexplored. Applying the methodology of provable security, we fill this gap by defining exact (game-based) authenticity and confidentiality goals for broadcast communication, and showing how to achieve them. Importantly, our security notions also account for the causal dependencies between exchanged messages, thus naturally extending the bidirectional case where causal relationships are automatically captured by preserving the sending order. On the constructive side we propose a modular and yet efficient protocol that, assuming only point-to-point links between users, leverages (non-cryptographic) broadcast and standard cryptographic primitives to a full-fledged broadcast channel that provably meets the security notions we put forth.
Moon, J., Lee, Y., Yang, H., Song, T., Won, D..  2018.  Cryptanalysis of a privacy-preserving and provable user authentication scheme for wireless sensor networks based on Internet of Things security. 2018 International Conference on Information Networking (ICOIN). :432–437.
User authentication in wireless sensor networks is more complex than normal networks due to sensor network characteristics such as unmanned operation, limited resources, and unreliable communication. For this reason, various authentication protocols have been presented to provide secure and efficient communication. In 2017, Wu et al. presented a provable and privacy-preserving user authentication protocol for wireless sensor networks. Unfortunately, we found that Wu et al.'s protocol was still vulnerable against user impersonation attack, and had a problem in the password change phase. We show how an attacker can impersonate an other user and why the password change phase is ineffective.
2019-09-11
Xi, W., Suo, S., Cai, T., Jian, G., Yao, H., Fan, L..  2019.  A Design and Implementation Method of IPSec Security Chip for Power Distribution Network System Based on National Cryptographic Algorithms. 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). :2307–2310.

The target of security protection of the power distribution automation system (the distribution system for short) is to ensure the security of communication between the distribution terminal (terminal for short) and the distribution master station (master system for short). The encryption and authentication gateway (VPN gateway for short) for distribution system enhances the network layer communication security between the terminal and the VPN gateway. The distribution application layer encryption authentication device (master cipher machine for short) ensures the confidentiality and integrity of data transmission in application layer, and realizes the identity authentication between the master station and the terminal. All these measures are used to prevent malicious damage and attack to the master system by forging terminal identity, replay attack and other illegal operations, in order to prevent the resulting distribution network system accidents. Based on the security protection scheme of the power distribution automation system, this paper carries out the development of multi-chip encapsulation, develops IPSec Protocols software within the security chip, and realizes dual encryption and authentication function in IP layer and application layer supporting the national cryptographic algorithm.

Wang, D., Ma, Y., Du, J., Ji, Y., Song, Y..  2018.  Security-Enhanced Signaling Scheme in Software Defined Optical Network. 2018 10th International Conference on Communication Software and Networks (ICCSN). :286–289.

The communication security issue is of great importance and should not be ignored in backbone optical networks which is undergoing the evolution toward software defined networks (SDN). With the aim to solve this problem, this paper conducts deep analysis into the security challenge of software defined optical networks (SDON) and proposes a so-called security-enhanced signaling scheme of SDON. The proposed scheme makes full advantage of current OpenFIow protocol with some necessary extensions and security improvement, by combining digital signatures and message feedback with efficient PKI (Public Key Infrastructure) in signaling procedure of OpenFIow interaction. Thus, this security-enhanced signaling procedure is also designed in details to make sure the end-to-end trusted service connection. Simulation results show that this proposed approach can greatly improve the security level of large-scale optical network for Energy Internet services with better performance in term of connection success rate performance.

2019-09-09
Dholey, M. K., Saha, M. K..  2018.  A Security Mechanism in DSR Routing for MANET. 2018 2nd International Conference on Trends in Electronics and Informatics (ICOEI). :921-925.

Mobile Ad-hoc Network (MANET) is an autonomous collection of mobile nodes and communicate among them in their radio range. It is an infrastructure less, bandwidth constraint multi-hop wireless network. A various routing protocol is being evolved for MANET routing and also provide security mechanism to avoid security threads. Dynamic Source Routing (DSR), one of the popular reactive routing protocols for MANET, establishes path between source to destination before data communication take place using route request (RREQ) and route reply (RREP) control messages. Although in [1] authors propose to prevent route diversion due to a malicious node in the network using group Diffie-Hellman (GDH) key management applied over source address, but if any intermediate trusted node start to misbehave then there is no prevention mechanism. Here in this paper, we applied Hash function scheme over destination address to identify the misbehaving intermediate node that can provide wrong destination address. The path information towards the destination sent by the intermediate node through RREP is exactly for the intended required destination or not, here we can identified according to our proposed algorithm and pretend for further data transmission. Our proposed algorithm proves the authenticity of the destination and also prevent from misbehaving intermediate nodes.

Kumar, M., Bhandari, R., Rupani, A., Ansari, J. H..  2018.  Trust-Based Performance Evaluation of Routing Protocol Design with Security and QoS over MANET. 2018 International Conference on Advances in Computing and Communication Engineering (ICACCE). :139-142.

Nowadays, The incorporation of different function of the network, as well as routing, administration, and security, is basic to the effective operation of a mobile circumstantial network these days, in MANET thought researchers manages the problems of QoS and security severally. Currently, each the aspects of security and QoS influence negatively on the general performance of the network once thought-about in isolation. In fact, it will influence the exceptionally operating of QoS and security algorithms and should influence the important and essential services needed within the MANET. Our paper outlines 2 accomplishments via; the accomplishment of security and accomplishment of quality. The direction towards achieving these accomplishments is to style and implement a protocol to suite answer for policy-based network administration, and methodologies for key administration and causing of IPsec in a very MANET.

2019-08-26
Gupta, D. S., Biswas, G. P., Nandan, R..  2018.  Security weakness of a lattice-based key exchange protocol. 2018 4th International Conference on Recent Advances in Information Technology (RAIT). :1–5.

A key exchange protocol is an important primitive in the field of information and network security and is used to exchange a common secret key among various parties. A number of key exchange protocols exist in the literature and most of them are based on the Diffie-Hellman (DH) problem. But, these DH type protocols cannot resist to the modern computing technologies like quantum computing, grid computing etc. Therefore, a more powerful non-DH type key exchange protocol is required which could resist the quantum and exponential attacks. In the year 2013, Lei and Liao, thus proposed a lattice-based key exchange protocol. Their protocol was related to the NTRU-ENCRYPT and NTRU-SIGN and so, was referred as NTRU-KE. In this paper, we identify that NTRU-KE lacks the authentication mechanism and suffers from the man-in-the-middle (MITM) attack. This attack may lead to the forging the authenticated users and exchanging the wrong key.

2019-06-10
Hmouda, E., Li, W..  2018.  Detection and Prevention of Attacks in MANETs by Improving the EAACK Protocol. SoutheastCon 2018. :1–7.

Mobile Ad Hoc Networks are dynamic in nature and have no rigid or reliable network infrastructure by their very definition. They are expected to be self-governed and have dynamic wireless links which are not entirely reliable in terms of connectivity and security. Several factors could cause their degradation, such as attacks by malicious and selfish nodes which result in data carrying packets being dropped which in turn could cause breaks in communication between nodes in the network. This paper aims to address the issue of remedy and mitigation of the damage caused by packet drops. We proposed an improvement on the EAACK protocol to reduce the network overhead packet delivery ratio by using hybrid cryptography techniques DES due to its higher efficiency in block encryption, and RSA due to its management in key cipher. Comparing to the existing approaches, our simulated results show that hybrid cryptography techniques provide higher malicious behavior detection rates, and improve the performance. This research can also lead to more future efforts in using hybrid encryption based authentication techniques for attack detection/prevention in MANETs.

2019-05-20
Sutradhar, M. R., Sultana, N., Dey, H., Arif, H..  2018.  A New Version of Kerberos Authentication Protocol Using ECC and Threshold Cryptography for Cloud Security. 2018 Joint 7th International Conference on Informatics, Electronics Vision (ICIEV) and 2018 2nd International Conference on Imaging, Vision Pattern Recognition (icIVPR). :239–244.

Dependency on cloud computing are increasing day by day due to its beneficial aspects. As day by day we are relying on cloud computing, the securities issues are coming up. There are lots of security protocols but now-a-days those protocol are not secured enough to provide a high security. One of those protocols which were once highly secured, is Kerberos authentication protocol. With the advancement of technology, Kerberos authentication protocol is no longer as secured as it was before. Many authors have thought about the improvement of Kerberos authentication protocol and consequently they have proposed different types of protocol models by using a renowned public key cryptography named RSA cryptography. Though RSA cryptography is good to some extent but this cryptography has some flaws that make this cryptography less secured as well as less efficient. In this paper, we are combining Elliptic Curve Cryptography (ECC) as well as Threshold Cryptography to create a new version of Kerberos authentication protocol. Our proposed model will provide secure transaction of data which will not only be hard to break but also increase memory efficiency, cost efficiency, and reduce the burden of computation.

Dey, H., Islam, R., Arif, H..  2019.  An Integrated Model To Make Cloud Authentication And Multi-Tenancy More Secure. 2019 International Conference on Robotics,Electrical and Signal Processing Techniques (ICREST). :502–506.

Cloud Computing is an important term of modern technology. The usefulness of Cloud is increasing day by day and simultaneously more and more security problems are arising as well. Two of the major threats of Cloud are improper authentication and multi-tenancy. According to the specialists both pros and cons belong to multi-tenancy. There are security protocols available but it is difficult to claim these protocols are perfect and ensure complete protection. The purpose of this paper is to propose an integrated model to ensure better Cloud security for Authentication and multi-tenancy. Multi-tenancy means sharing of resources and virtualization among clients. Since multi-tenancy allows multiple users to access same resources simultaneously, there is high probability of accessing confidential data without proper privileges. Our model includes Kerberos authentication protocol to enhance authentication security. During our research on Kerberos we have found some flaws in terms of encryption method which have been mentioned in couple of IEEE conference papers. Pondering about this complication we have elected Elliptic Curve Cryptography. On the other hand, to attenuate arose risks due to multi-tenancy we are proposing a Resource Allocation Manager Unit, a Control Database and Resource Allocation Map. This part of the model will perpetuate resource allocation for the users.

Kurera, C., Navoda, D..  2018.  Node-to-Node Secure Data Transmission Protocol for Low-power IoT Devices. 2018 18th International Conference on Advances in ICT for Emerging Regions (ICTer). :1–7.

Through the internet and local networks, IoT devices exchange data. Most of the IoT devices are low-power devices, meaning that they are designed to use less electric power. To secure data transmission, it is required to encrypt the messages. Encryption and decryption of messages are computationally expensive activities, thus require considerable amount of processing and memory power which is not affordable to low-power IoT devices. Therefore, not all secure transmission protocols are low-power IoT devices friendly. This study proposes a secure data transmission protocol for low-power IoT devices. The design inherits some features in Kerberos and onetime password concepts. The protocol is designed for devices which are connected to each other, as in a fully connected network topology. The protocol uses symmetric key cryptography under the assumption of that the device specific keys are never being transmitted over the network. It resists DoS, message replay and Man-of-the-middle attacks while facilitating the key security concepts such as Authenticity, Confidentiality and Integrity. The designed protocol uses less number of encryption/decryption cycles and maintain session based strong authentication to facilitate secure data transmission among nodes.

F, A. K., Mhaibes, H. Imad.  2018.  A New Initial Authentication Scheme for Kerberos 5 Based on Biometric Data and Virtual Password. 2018 International Conference on Advanced Science and Engineering (ICOASE). :280–285.

Kerberos is a third party and widely used authentication protocol, in which it enables computers to connect securely using a single sign-on over an insecure channel. It proves the identity of clients and encrypts all the communications between them to ensure data privacy and integrity. Typically, Kerberos composes of three communication phases to establish a secure session between any two clients. The authentication is based on a password-based scheme, in which it is a secret long-term key shared between the client and the Kerberos. Therefore, Kerberos suffers from a password-guessing attack, the main drawback of Kerberos. In this paper, we overcome this limitation by modifying the first initial phase using the virtual password and biometric data. In addition, the proposed protocol provides a strong authentication scenario against multiple types of attacks.

Frolov, A. B., Vinnikov, A. M..  2018.  Modeling Cryptographic Protocols Using the Algebraic Processor. 2018 IV International Conference on Information Technologies in Engineering Education (Inforino). :1–5.

We present the IT solution for remote modeling of cryptographic protocols and other cryptographic primitives and a number of education-oriented capabilities based on them. These capabilities are provided at the Department of Mathematical Modeling using the MPEI algebraic processor, and allow remote participants to create automata models of cryptographic protocols, use and manage them in the modeling process. Particular attention is paid to the IT solution for modeling of the private communication and key distribution using the processor combined with the Kerberos protocol. This allows simulation and studying of key distribution protocols functionality on remote computers via the Internet. The importance of studying cryptographic primitives for future IT specialists is emphasized.

Ma, Y., Ning, H..  2018.  The improvement of wireless LAN security authentication mechanism based on Kerberos. 2018 International Conference on Electronics Technology (ICET). :392–397.

In order to solve the problem of vulnerable password guessing attacks caused by dictionary attacks, replay attacks in the authentication process, and man-in-the-middle attacks in the existing wireless local area network in terms of security authentication, we make some improvements to the 802.1X / EAP authentication protocol based on the study of the current IEEE802.11i security protocol with high security. After introducing the idea of Kerberos protocol authentication and applying the idea in the authentication process of 802.1X / EAP, a new protocol of Kerberos extensible authentication protocol (KEAP) is proposed. Firstly, the protocol introduces an asymmetric key encryption method, uses public key encryption during data transmission, and the receiver uses the corresponding private key for decryption. With unidirectional characteristics and high security, the encryption can avoid password guessing attacks caused by dictionary attacks as much as possible. Secondly, aiming at the problem that the request message sent from the client to the authentication server is vulnerable to replay attacks, the protocol uses a combination of the message sequence number and the random number, and the message serial number is added to the request message sent from the client to the authentication server. And establish a list database for storing message serial number and random number in the authentication server. After receiving a transfer message, the serial number and the random number are extracted and compared with the values in the list database to distinguish whether it is a retransmission message. Finally, the protocol introduces a keychain mechanism and uses an irreversible Hash function to encrypt the final authentication result, thereby effectively solving the man-in-the-middle attack by the pretender. The experiment uses the OPNET 14.5 simulation platform to model the KEAP protocol and simulate simulation attacks, and compares it with the current more common EAP-TLS authentication protocol. Experimental results show that the average traffic of the KEAP protocol is at least 14.74% higher than the EAP-TLS authentication protocol, and the average bit error rate is reduced by at least 24.00%.

Celia, L., Cungang, Y..  2018.  (WIP) Authenticated Key Management Protocols for Internet of Things. 2018 IEEE International Congress on Internet of Things (ICIOT). :126–129.

The Internet of Things (IoT) provides transparent and seamless incorporation of heterogeneous and different end systems. It has been widely used in many applications such as smart homes. However, people may resist the IOT as long as there is no public confidence that it will not cause any serious threats to their privacy. Effective secure key management for things authentication is the prerequisite of security operations. In this paper, we present an interactive key management protocol and a non-interactive key management protocol to minimize the communication cost of the things. The security analysis show that the proposed schemes are resilient to various types of attacks.