No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
The TLS protocol version 1.0
... [10] Server authentication, data confidentiality, optional client authentication, and data integrity are among the security features offered. [11], [12] A related protocol known as Transport Layer Security (TLS) version 1.0 was first established by the Internet Engineering Task Force (IETF) in 1995 [Dierks and Allen(1999) [13]]. The two protocols that offer the highest security for online transactions are SSL and TLS, by far. ...
... [10] Server authentication, data confidentiality, optional client authentication, and data integrity are among the security features offered. [11], [12] A related protocol known as Transport Layer Security (TLS) version 1.0 was first established by the Internet Engineering Task Force (IETF) in 1995 [Dierks and Allen(1999) [13]]. The two protocols that offer the highest security for online transactions are SSL and TLS, by far. ...
In recent years, the emergence of the Internet and E-commerce has steered significant growth in digital transactions. Businesses today need mobile wallets, credit and debit cards, and e-cash to digitize payments. Digital payment systems are in transition and promise amazing advancements, but they also pose many risks and as the number of online transactions is increasing tremendously, we need a security system that follows all security norms. In this paper, we study digital transaction systems and evaluate various components of E-commerce platforms to address the security of these services. We evaluate the attributes that affect the security of digital payment processes and identify several barriers that hinder their performance to propose a simplified payment mechanism for micro-payments that eliminates the double payment problem.
... Multi-hop message routing between multiple Web services is commonly used to achieve scalability and also to bridge different protocols. Some technologies such as TLS/SSL -Transport Layer Security/Secure Sockets Layer were initially developed to guarantee the confidentiality between two parties (Dierks and Allen, 1999), (Freier et al., 1996), but they do not provide end-to-end security. To address this challenge, diverse security principles must be applied to different contexts, taking into account both point-to-point and end-to-end settings, as well as the associated considerations concerning the privacy of user information shared in this process. ...
... The most used of these technologies is SSL (Secure Sockets Layer) (Freier et al., 1996) that was developed by Netscape to ensure confidentiality and authentication in HTTP (Hypertext Transfer Protocol) interactions, so that the algorithms used are negotiated between the two participants of the communication. On the other hand, TLS (Transport Layer Security) (Dierks and Allen, 1999) is an extended version of SSL, adopted as an Internet standard and widely used in most Web browsers and e-commerce applications. In this section, the SSL and TLS protocols are referenced only as SSL since they basically operate the same way. ...
When deployed as infrastructure components of real-time business processes, service computing applications we rely on for our daily activities elicit the proper addressing of performance and dependability issues. While recent developments in service-oriented architectures have come a long way in many aspects, ranging from semantics and ontologies to frameworks and design processes, performance and dependability remains a research demanding field.
Performance and Dependability in Service Computing: Concepts, Techniques and Research Directions highlights current technological trends and related research issues in dedicated chapters without restricting their scope. This book focuses on performance and dependability issues associated with service computing and these two complementary aspects, which include concerns of quality of service (QoS), real-time constraints, security, reliability and other important requirements when it comes to integrating services into real-world business processes and critical applications.
... O roteamento entre múltiplos Serviços Web é comumente utilizado para obter escalabilidade e também para agir como uma ponte entre diferentes protocolos. Tecnologias como o TLS/SSL [Dierks e Allen 1999, Freier et al. 1996] permitem garantir a confidencialidade entre duas partes, porém não proporcionam segurança fim-a-fim, uma vez que a mensagem, para atingir o destinatário final, passa por diversos nós intermediários a nível de aplicação. Se a cifragem for empregada somente na camada de transporte, nós intermediários terão reveladas as informações que passam por eles, de forma proposital ou através das lacunas existentes entre uma sessão segura e outra. ...
... A XML Encryption (XMLEnc) [Imamura et al. 2002] visa prover segurança fim-a-fim para aplicações que necessitem realizar troca de dados de forma segura. Diferentemente dos protocolos TLS/SSL [Dierks e Allen 1999, Freier et al. 1996, que só garantem a confidencialidade dos dados durante a sessão estabelecida entre duas partes, a XMLEnc garante confidencialidade persistente, garantindo assim a confidencialidade dos dados mesmo depois do término da sessão. ...
... Transport Layer Security (TLS) [30][31] [32] is one of the most frequently used security standards for network communication. Its most common usage is for securing sessions between a web server and a web browser [33]. ...
... The main distinction between the TLS and SSL protocols is a question of who authored and who controlled them. SSL was initially proprietary from Netscape; TLS has always been an open standard created by the Internet Engineering Task Force since version 1.0 [30] [33]. Both protocols use X.509 [34] certificate standards, issued by an entity known as a Certificate Authority (CA). ...
Performance analysis for devices in Internet of Things (IoT) environments is an important consideration, especially with their increasing integration in technological solutions, worldwide. The Single Board Computers (SBCs) of the Raspberry Pi Foundation have been widely accepted by the community, and hence, they have been incorporated in numerous IoT projects. To ease their integration, it is essential to assess their network performance. In this paper, we made an empirical performance evaluation of one of the most popular network protocols for IoT environments, named the Message Queuing Telemetry Transport (MQTT) protocol, on Raspberry Pi. To do so, we set up two different testbeds scenarios and assessed the performance with benchmarks. At the software level, we focused on Mosquitto, a popular open-source MQTT broker implementation and client library. Our principal metric is the transmission time, but we also investigated the throughput. In our experiments, we varied several parameters, such as the size of the payload of the published messages, the WiFi bandwidth, the QoS level, the security level (MQTT vs. MQTT with TLS), and the hardware for the clients and broker. We focus mainly on packet sizes ranging from 100 to 25,000 bytes. We also investigate how these low-cost devices handle a TCP SYN flood attack. In the research work presented within this paper, we aim to guide developers, researchers, network administrators, and hobbyists who plan to use these low-cost devices in an MQTT or IoT network by showing the performance that they should expect according to different Raspberry Pi options.
... At a high level, this comes in the form of explicit strategic plans [290,296]. These documents lay out the specific countries and topics which are deemed to be worth the resource investment as well as those of interest but are an "Accepted Risk" for which resources should not be allocated 11 . ...
... Despite the recognized importance of forward secrecy, many TLS implementations that use it also take various cryptographic shortcuts that weaken its intended benefits in exchange for better performance. Ephemeral value reuse, session ID resumption [11], and session ticket resumption [92] are all commonly deployed performance enhancements that work by maintaining secret cryptographic state for periods longer than the lifetime of a connection. While these mechanisms reduce computational overhead for the server and latency for clients, they also create important caveats to the security of forward-secret ciphers. ...
Nation-state intelligence agencies have long attempted to operate in secret, but recent revelations have drawn the attention of security researchers as well as the general public to their operations. The scale, aggressiveness, and untargeted nature of many of these now public operations were not only alarming, but also baffling as many were thought impossible or at best infeasible at scale. The security community has since made many efforts to protect end-users by identifying, analyzing, and mitigating these now known operations. While much-needed, the security community's response has largely been reactionary to the oracled existence of vulnerabilities and the disclosure of specific operations. Nation-State Attackers, however, are dynamic, forward-thinking, and surprisingly agile adversaries who do not rest on their laurels and are continually advancing their efforts to obtain information. Without the ability to conceptualize their actions, understand their perspective, or account for their presence, the security community's advances will become antiquated and unable to defend against the progress of Nation-State Attackers. In this work, we present and discuss a model of Nation-State Attackers that can be used to represent their attributes, behavior patterns, and world view. We use this representation of Nation-State Attackers to show that real-world threat models do not account for such highly privileged attackers, to identify and support technical explanations of known but ambiguous operations, and to identify and analyze vulnerabilities in current systems that are favorable to Nation-State Attackers.
... It uses various authentication mechanisms based on the user's and network's specific needs. • Transport Layer Security (TLS) [33]: TLS is a cryptographic protocol that secures data transmission between the UE and network elements. It ensures privacy and integrity during communication. ...
The Internet of Things (IoT) has revolutionized connected devices, with applications in healthcare, data analytics, and smart cities. For time-sensitive applications, 5G wireless networks provide ultra-reliable low-latency communication (URLLC) and fog computing offloads IoT processing. Integrating 5G and fog computing can address cloud computing’s deficiencies, but security challenges remain, especially in Authentication and Key Agreement aspects due to the distributed and dynamic nature of fog computing. This study presents an innovative mutual Authentication and Key Agreement protocol that is specifically tailored to meet the security needs of fog computing in the context of the edge–fog–cloud three-tier architecture, enhanced by the incorporation of the 5G network. This study improves security in the edge–fog–cloud context by introducing a stateless authentication mechanism and conducting a comparative analysis of the proposed protocol with well-known alternatives, such as TLS 1.3, 5G-AKA, and various handover protocols. The suggested approach has a total transmission cost of only 1280 bits in the authentication phase, which is approximately 30% lower than other protocols. In addition, the suggested handover protocol only involves two signaling expenses. The computational cost for handover authentication for the edge user is significantly low, measuring 0.243 ms, which is under 10% of the computing costs of other authentication protocols.
... To maintain quality in industrial sectors, vital parameters are collected and monitored using the IoT as a platform. In addition, IoT is used in green building and smart construction projects for energy administration and usage control [57,58]. IoT sensor boards are utilized in these situations to identify and record environmental elements including humidity, temperature, and light. ...
The integration of IoT (Internet of Things) in the energy sector has the potential to transform the way it generates, distributes, and consumes energy. IoT can enable real-time monitoring, control, and optimization of energy systems, leading to improved efficiency, reliability, and sustainability. This work is an attempt to provide an in-depth analysis of the integration of the IoT in the energy sector, examining the characteristics of IoT, its components, and protocols. It also explores the architecture of IoT, the latest advancements and challenges in the field of IoT, including the IoT communications model, IoT sensor boards, and the current challenges facing the industry and related security threats, and also provides suggestions for solutions to address IoT vulnerabilities. The work further delves into IoT in the energy sector aspect and explores the latest advancements and challenges in the field of IoT, including IoT in energy generation, smart cities, smart grids, smart buildings, and intelligent transportation. Additionally, the work explores the challenges of applying IoT in the energy sector discusses future trends in IoT in the energy sector, and aims to provide a detailed understanding of the latest developments and challenges of IoT in the energy sector, as well as its potential impact on the future of the industry. The work critically analyzes securing IoT devices and offers practical solutions to mitigate risks associated with IoT vulnerabilities. This work serves as a valuable resource for researchers, policymakers, and practitioners interested in understanding the impact of IoT on energy security.
Graphical Abstract
Taxonomy of the study.
... Multiple server instances are deployed in containers which are accessible using a proxy layer like HAProxy [23] bundled with Keepalived [24] to achieve high-availability and load balancing. We also use TLS encryption [25] and user authentication and authorization for enhancing the Web server security. More information on the deployment is offered in the relevant sub-section. ...
The recent shift towards digitalization in traditional sectors like logistics and transportation has unlocked new avenues for gaining valuable insights and streamlining operations. This transformation is facilitated by the abundance and specificity of data now available, including fleet IoT data, transactional documents, and event notifications. These businesses leave a substantial digital footprint, ripe for analysis when combined with external data sources. However, harnessing this information requires robust computing infrastructure and adaptable software capable of handling vast amounts of data. In this paper, we introduce IW-NET BDA, a big-data analytics framework built on open-source technologies to address the storage and processing demands of massive datasets from various origins. Developed within the framework of the EU-funded research and innovation project IW-NET (Innovation driven Collaborative European Inland Waterways Transport Network), our system caters to the logistics domain but offers a versatile IT service backbone due to its agnostic design, focusing on infrastructure-as-a-service provision. Furthermore, it allows for the development and deployment of applications that encapsulate business logic, thus tailored to specific business needs. In the subsequent sections, we delve into the design principles, architectural components, and deployment possibilities of IW-NET BDA. Additionally, we present two illustrative use cases: firstly, the automated detection of areas of interest and vessel activity tracking for insightful geo-temporal data analytics along the River Weser corridor; secondly, the utilization of recurrent neural networks to forecast water levels in the Danube River corridor. These examples highlight the adaptability and efficacy of IW-NET BDA in tackling diverse challenges across different contexts, underscoring its versatility and utility.
... In order to guard against security threats and attacks, security measures must be included into the IoT architecture at every tier. Many IoT systems use Secure Socket Layer (SSL) and Datagram Transport Layer Security (DTLS) as two cryptographic protocols to provide security solutions [31,32]. Furthermore, IoT system is more vulnerable to security assaults when communication takes place through wireless technologies. ...
Since more and more aspects of life are rapidly becoming digital, the notion of the Internet of Things is rapidly gaining ground in research and practical implementation. The expanding scholarly interest has led to a fragmented and broken literary environment. This essay discusses crucial but little-examined research issues related to the Internet of Things and strategic management. With a focus on the commercial application of the IoT and associated research, we use an exploratory research approach. We also thoroughly review the literature in the areas of the IoT, strategic management, and sustainable growth strategy. We notably conduct in-depth one-on-one interviews to determine IoT intrinsic innovative features in order to examine the process of linking these traits to innovation-driving channels. Significant theoretical and practical repercussions follow from the results. The research results provide suggestions for creating effective innovation in reaction to the IoT sector for long-term viability.
... In order to guard against security threats and attacks, security measures must be included into the IoT architecture at every tier. Many IoT systems use Secure Socket Layer (SSL) and Datagram Transport Layer Security (DTLS) as two cryptographic protocols to provide security solutions [31,32]. Furthermore, IoT system is more vulnerable to security assaults when communication takes place through wireless technologies. ...
... This capability can be exploited with limited access to the broker or intermediate network devices, or even remotely, by using other attacks like Distributed Denial-of-Service or flooding against a network device in the path of the packet flow (for delaying packets, for example). Some of these vulnerabilities can be exploited with an older version of TLS protocol itself 11 : for example, SSL used a vulnera-ble Message Authentication Code until TLS [9]; vulnerabilities in TLS HMAC implementations are still found years after the standard [19]. ...
Security and dependability of devices are paramount for the IoT ecosystem. Message Queuing Telemetry Transport protocol (MQTT) is the de facto standard and the most common alternative for those limited devices that cannot leverage HTTP. However, the MQTT protocol was designed with no security concern since initially designed for private networks of the oil and gas industry. Since MQTT is widely used for real applications, it is under the lens of the security community, also considering the widespread attacks targeting IoT devices. Following this direction research, in this paper we present an empirical security evaluation of several widespread implementations of MQTT system components, namely five broker libraries and three client libraries. While the results of our research do not capture very critical flaws, there are several scenarios where some libraries do not fully adhere to the standard and leave some margins that could be maliciously exploited and potentially cause system inconsistencies.
... Threats and attacks attempting to breach the lower layer encryption protection (e.g. TLS and IPSec [4][11]) are not discussed in this document. ...
This paper describes an attack-directed approach to test SIP authentication vulnerabilities in session establishment and user registration. This approach aims to exercise the known areas of weakness including the inherent vulnerabilities in SIP specification and the implementation vulnerabilities caused by programmers' negligence. By using this approach and a self-made testing tool, we have successfully identified a number of vulnerabilities in a popular open source SIP implementation, namely VOCAL. This effective approach can also be used to test any other SIP implementations.
... A first issue regards confidentiality. The basic approach consists of using TLS to establish secure channels [56]. However, it has a negative impact on performance and energy consumption [57]. ...
The demand for privacy in the current digital era is continuously growing. This is particularly true in the context of IoT, in which huge amounts of data are handled. Communication anonymity is a fundamental requirement when high privacy levels should be guaranteed. On the other hand, very little attention has been devoted to this problem in the past scientific literature, when referring to MQTT, which is the de-facto standard for IoT communication. In this paper, we try to cover this gap. Specifically, we propose a new protocol, called MQTT-A, which extends the MQTT bridging mechanism to support the anonymity of both publishers and subscribers. This task is accomplished through the P2P collaboration of intermediate bridge brokers, which forward the requests of clients so that the final broker cannot understand the actual source/destination. Moreover, an anonymity-preserving topic discovery mechanism is provided, which allows clients to discover available topics and associated brokers, preventing client identification. Importantly, all the MQTT-A messages are exchanged by leveraging standard MQTT primitives and the bridging mechanism natively offered by MQTT. This allows us not to require changes in the standard MQTT infrastructure. To validate the performance of our solution, we performed a deep experimental campaign by deploying the bridge brokers on cloud platforms in various countries of the world. The experimental validation shows that, the price of latency we have to pay because of the trade-off with anonymity is quite reasonable. Moreover, no significant impact on goodput occurs in the case of good network conditions.
... Security methods must be entrenched at all coating of IoT construction for fear that freedom dangers and attacks [32]. Several codes are grown and capably redistributed on all tier of ideas channel to guarantee the safety and solitude in IoT located orders [33,34]. Secure version of http and Transport Layer Security, Security (Protocol tcp / ip) are two cryptographic contracts that are established between route and demand coating to establish in business responses in various IoT techniques. ...
The Internet of things is a new revolution that has shifted people's lifestyles from conventional to high-tech. Smart cities, smart homes, pollution management, energy conservation, smart transportation and smart industries are examples of IoT-driven developments. A lot of critical research studies and inspections have existed exhausted order to improve the electronics through IoT. However, there are still plenty of challenges and issues that need to be focused on to reach the full potential of IoT. These challenges and issues must be thought-out from miscellaneous facets of IoT to a degree uses, challenges, permissive sciences, friendly and referring to practices or policies that do not negatively affect the environment impacts etc. The main aim of this review paper is to debate various challenges and key issues of IoT, construction and use of rules. Moreover, this paper shed some light on the existing information and pictorial representations of different facets of IoT. Moreover, the significance of substantial dossier and allure reasoning concerned to IoT has been explored. This paper would help the researchers and analyst to appreciate and allure towards the IoT.
... Contudo as informações trocadas entre o usuário, através de um navegador web, e o ZoneMinder ainda estão susceptíveis a interceptação. Por estar rodando sobre o servidor web Apache, pode-se fazer uso dos protocolos SSL/TLS [Freier et al. 1996, Dierks andAllen 1999] para garantir assim a confidencialidade dos dados. No ZoneMinder os fluxos de vídeo são de baixa resolução, 320x240 pixels a uma taxa de 4 quadros por segundo, o que sugere que o uso do SSL/TLS não influenciará o desempenho da aplicação. ...
Os sistemas de vigilância, formados por circuitos internos de TV, não são mais exclusividade de grandes empresas e estão cada vez mais presentes em residências e condomínios. O ZoneMinder é um projeto de código aberto que roda em um computador pessoal e permite ao usuário monitorar câmeras de vigilância através de um navegador web. Os telefones inteligentes estão mais populares e podem realizar tarefas que antes só se imaginava realizar em computadores de mesa. Este trabalho apresenta o DroidMinder, um aplicativo para dispositivos móveis munidos do sistema Android, que permite monitorar câmeras de vigilância conectadas a um servidor ZoneMinder.
... In fact, the development history of research on stock price forecasting is closely related to the iterations of information technology, with the earliest research on stock price forecasting dating back to the late 20th century, when Lo and Mackinlay demonstrated that stock prices do not follow the nonrandom walk theory, thus corroborating the predictability of stock market prices [1]. en Allen et al. [2] used genetic algorithms to achieve the capture of stock price trends through historical trading data. Kim proposed support vector machines (SVMs) for stock price research [3] and in subsequent studies further studied stock price fluctuations using multilayer perceptrons [4]. ...
As an important part of financial market, stock market price volatility analysis has been the focus of academic and industry attention. Candlestick chart, as the most widely used indicator for evaluating stock market price volatility, has been intensively studied and explored. With the continuous development of computer technology, the stock market analysis method based on candlestick chart is gradually changed from manual to intelligent algorithm. However, how to effectively use stock market graphical indicators to analyze stock market price fluctuations has been pending solution, and deep learning algorithms based on structured data such as deep neural networks (DNN) and recurrent neural networks (RNNs) always have the problems of making it difficult to capture the laws and low generalization ability for stock market graphical indicators data processing. Therefore, this paper proposes a quantification method of stock market candlestick chart based on Hough variation, using the graph structure embedding method to represent candlestick chart features and multiple attention graph neural network for stock market price fluctuation prediction. The experimental results show that the proposed method can interpret the candlestick chart features more accurately and has superiority performance over state-of-the-art deep learning methods, including SVM, CNN, LSTM, and CNN-LSTM. Relative to these algorithms, the proposed method achieves an average performance improvement of 20.51% in terms of accuracy and further achieves at least 26.98% improvement in strategy returns in quantitative investment experiments.
... Like the SSL protocol [35], our IBE-Signal scheme contains parts of the SESSION and the CONNECTION. e SESSION part refers to a collection of parameters and encryption keys generated through a handshake between two communicating parties. ...
The Signal Protocol is one of the most popular privacy protocols today for protecting Internet chats and supports end-to-end encryption. Nevertheless, despite its many advantages, the Signal Protocol is not resistant to Man-In-The-Middle (MITM) attacks because a malicious server can distribute the forged identity-based public keys during the user registration phase. To address this problem, we proposed the IBE-Signal scheme that replaced the Extended Triple Diffie–Hellman (X3DH) key agreement protocol with enhanced Identity-Based Encryption (IBE). Specifically, the adoption of verifiable parameter initialization ensures the authenticity of system parameters. At the same time, the Identity-Based Signature (IBS) enables our scheme to support mutual authentication. Moreover, we proposed a distributed key generation mechanism that served as a risk decentralization to mitigate IBE’s key escrow problem. Besides, the proposed revocable IBE scheme is used for the revocation problem. Notably, the IND-ID-CPA security of the IBE-Signal scheme is proven under the random oracle model. Compared with the existing schemes, our scheme provided new security features of mutual authentication, perfect forward secrecy, post-compromise security, and key revocation. Experiments showed that the computational overhead is lower than that of other schemes when the Cloud Privacy Centers (CPCs) number is less than 8.
... Transport Layer Security 1.0 [188] was the successor to the original SSL [189] protocols used to secure Internet traffic, and has been updated since its inception to the (now) widely supported TLS 1.2 [160] and the most-recent TLS version 1.3 [23] (published in 2018). ...
This thesis explores ideas connected with the cybersecurity of, and secure communications for, Internet of Things (IoT) devices; and introduces a number of original elements of research — including the Secure Remote Update Protocol (SRUP), a protocol developed to provide a mechanism for secure Command and Control messages. The work introduces cybersecurity concepts and background, IoT networking protocols and Command and Control messaging, before moving on to describe the original research. The design and concept of SRUP is described in detail, along with a scheme to support the use of dynamic identity in the context of the IoT. Techniques to establish device identity are then described, followed by an examination of the security features of SRUP. An open-source implementation of SRUP is then introduced, alongside a discussion on the way this has been optimized for ease of use by non-specialist developers. A concept to enable the controlled sharing of information and requests between Command and Control networks using SRUP is then described, along with a discussion on how this approach could be adopted to help to address the problem of short-term provision of access to IoT systems by guest users. Finally an experimental assessment of the protocol in simulated real-world conditions is described and measurements of the performance overhead associated with using SRUP, with inexpensive low-power hardware, are discussed and analysed. These results show that the use of the SRUP protocol, in comparison to an insecure implementation, added an additional processing delay of between 42.92ms and 51.60ms to the end-to-end message propagation — depending on the specific hardware in use. The thesis concludes with a summary of the research, and some recommendations for follow-on work.
... In 1999, the TLSv1.0 [4] was released and was based on the deprecated SSL Protocol, which was followed in 2006 by the TLSv1.1 [6], in 2008 by TLSv1.2 [14] and, in 2018, the latest was released, the TLSv1. 3 [13]. ...
Currently, there are several security-related standards and recommendations concerning Domain Name System (DNS) and Hypertext Transfer Protocol (HTTP) services, that are highly valuable for governments and their services, and other public or private organizations. This is also the case of Higher Education Institutions (HEIs). However, since these institutions have administrative autonomy, they present different statuses and paces in the adoption of these web-related security services.This paper presents an overview regarding the implementation of security standards and recommendations by the Portuguese HEIs. In order to collect these results, a set of scripts were developed and executed. Data were collected concerning the security of the DNS and HTTP protocols, namely, the support of Domain Name System Security Extensions (DNSSEC), HTTP main configurations and redirection, digital certificates, key size, algorithms and Secure Socket Layer (SSL)/Transport Layer Security (TLS) versions used.The results obtained allow to conclude that there are different progresses between HEIs. In particular, only 11.7% of HEIs support DNSSEC, 14.4% do not use any SSL certificates, 74.8% use a 2048 bits encryption key, and 81.1% use the Rivest-Shamir-Adleman (RSA) algorithm. Also, 6.3% of HEIs still negotiate with the vulnerable SSLv3 version.KeywordsDNSSECHTTPHigher educationAcademicInstitutionsSSLSecurity
... In the prototype, we implemented a plain-text protocol in which attackers can eavesdrop on the message exchange (loss of confidentiality) and even inject or modify messages. However, this problem can be solved trivially by using widely studied and deployed protocols such as TLS [19]. ...
State-of-the-art Earthquake Early Warning systems rely on a network of sensors connected to a fusion center in a client–server paradigm. The fusion center runs different algorithms on the whole data set to detect earthquakes. Instead, we propose moving computation to the edge, with detector nodes that probe the environment and process information from nearby probes to detect earthquakes locally. Our approach tolerates multiple node faults and partial network disruption and keeps all data locally, enhancing privacy. This paper describes our proposal’s rationale and explains its architecture. We then present an implementation that uses Raspberry, NodeMCU, and the Crowdquake machine learning model.
... Although these processes authenticated through a secured channel, it remains unprotected one. The secure protocol SSL/TLS [1] for transmitting private data over the web is well-known in academic research, but most current commercial websites still rely on the relatively weak protection mechanism of user validation through plaintext password and user ID. The attackers such as phishing, shoulder-surfing and Trojan viruses attempt to illegally obtain sensitive data, such as passwords and debit card details, by concealed as a reliable person in an electronic communication. ...
Abstract: Privacy preserving data mining (PPDM) refers to the part of data mining used to safeguard sensitive
information illegal disclosure. Discrimination is the detrimental process of people based on their association with a
certain classes or groups. Direct discrimination restricts a certain group of working class based on sensitive reasons.
Indirect discrimination restricts a certain group of working class based on non sensitive ones. Both direct and indirect
discrimination can be prevented using data transformation methods such as rule protection and rule generalization.
Balanced iterative reducing and clustering using hierarchies (BIRCH) algorithm is used for analyzing discrimination
datasets based on eligible criteria. In this paper, privacy can be enhanced using differentiated virtual password schemes
and anonymization techniques. We provide a differentiated virtual password that applies user-specified randomized linear
generation functions to protect user passwords. We provide an anonymization algorithm that processes inferring
approach to prevent attacks in discrimination environment. We are evaluating these methods on Adult dataset and provide
metrics for proposed methods that impact on information loss and data quality in data mining.
Keywords: Classification, Rule protection, Rule generalization, Birch algorithm, differentiated virtual passwords,
Secret little functions, Inferring algorithm, Privacy, Codebooks
... TLS improves the SSL version 3 protocol that provides transport-level security over TCP [41]. TLS consists of a Record Protocol that acts as an envelope for Application Data [42]. ...
Network-based intrusion detections become more difficult as Internet traffic is mostly encrypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.
... TLS is the successor of SSL with backward compatibility with SSL, which was firstly published in RFC 2246 [37] in 1999. The current up-to-date version of TLS is TLS 1.3, defined in RFC 8446 [38]. ...
Recently, a majority of security operations centers (SOCs) have been facing a critical issue of increased adoption of transport layer security (TLS) encryption on the Internet, in network traffic analysis (NTA). To this end, in this survey article, we present existing research on NTA and related areas, primarily focusing on TLS-encrypted traffic to detect and classify malicious traffic with deployment scenarios for SOCs. Security experts in SOCs and researchers in academia can obtain useful information from our survey, as the main focus of our survey is NTA methods applicable to malware detection and family classification. Especially, we have discussed pros and cons of three main deployment models for encrypted NTA: TLS interception, inspection using cryptographic functions, and passive inspection without decryption. In addition, we have discussed the state-of-the-art methods in TLS-encrypted NTA for each component of a machine learning pipeline, typically used in the state-of-the-art methods.
... Using the middle-person attack to NSPK, we have described how to use our sequence diagrams to help users comprehend why the attack is doable for NSPK. One piece of our future work is to graphically animate state machines that formalize other authentication protocols with SMGA, such as TLS [5]. ...
... Transport-Layer-Security (TLS) was first introduced in Allen and Dierks (1999) and continually expanded in Dierks and Rescorla (2006), Rescorla and Dierks (2008) and Rescorla (2018) as a protocol to secure the communication between two parties via the World Wide Web. The identification of the counterparty relies on X.509 certificates (described in Housley et al. (1999)) which contains key material and a human-readable name established in the DNS to allow end users to easily recognize the party they are interacting with. ...
Consortia blockchain networks face the issue of expanding their systems to new members. Onboarding processes are often cumbersome, as they require identifying the new participant, manually setting up rights, exchanging key material, and adding information about the new member to the consensus smart contract. Besides that, these processes are time-consuming and scale poorly. Identifying the members might be faulty as the pre-existing members might be deceived by malicious parties claiming to be someone else. This paper proposes a novel methodology to allow the onboarding of new parties without time-intensive off-chain processes. We establish identities of new consortia members by utilizing TLS certificates bound to publicly known domain names. With this identity scheme in place, the network operators can define rules such as only specific parties are allowed to join the network, e.g., only owners of *.edu domains. This methodology scales well, provides for extensive ruling and monitoring, and helps consortia blockchains to grow faster.
... This capability can be exploited with limited access to the broker or intermediate network devices, or even remotely, by using other attacks like Distributed Denial-of-Service or flooding against a network device in the path of the packet flow (for delaying packets, for example). Some of these vulnerabilities can be exploited with an older version of TLS protocol itself 11 : for example, SSL used a vulnerable Message Authentication Code until TLS [24]; vulnerabilities in TLS HMAC implementations are still found years after the standard [25]. ...
Security and dependability of devices are paramount for the IoT ecosystem. Message Queuing Telemetry Transport protocol (MQTT) is the de facto standard and the most common alternative for those limited devices that cannot leverage HTTP. However, the MQTT protocol was designed with no security concern since initially designed for private networks of the oil and gas industry. Since MQTT is widely used for real applications, it is under the lens of the security community, also considering the widespread attacks targeting IoT devices. Following this direction research, in this paper we present an empirical security evaluation of several widespread implementations of MQTT system components, namely five broker libraries and three client libraries. While the results of our research do not capture very critical flaws, there are several scenarios where some libraries do not fully adhere to the standard and leave some margins that could be maliciously exploited and potentially cause system inconsistencies.
... Although some model checking experiments were not completed because of the state space explosion problem, some characteristics of NSLPK have been proved [12], guaranteeing that the characteristics are invariant properties of NSLPK. One piece of our future work is to graphically animate state machines that formalize other authentication protocols, such as TLS [13], with SMGA. ...
... Important standards include but are not limited to IPv4 (RFC-791, Postel, 1981b), IPv6 (first version RFC-8200, Deering & Hinden, 2017), DNS (first version RFC-1034, Mockapetris, 1987a), Transmission Control Protocol (TCP) (first version RFC-793, Postel, 1981c), UDP (first version RFC-768, Postel, 1980), BGP (first version RFC-1654, Rekhter & Li, 1994) and Internet Control Message Protocol (ICMP) (first version RFC-791, Postel, 1981b). The IETF also standardize several higher level protocols, such as HTTP for transferring hypertext (first version in RFC-2068, Fielding et al., 1997, and Secure Sockets Layer (SSL) and Transport Layer Security (TLS) for securing TCP connections (for TLS v1.0 RFC-2246, Dierks & Allen, 1999), but not web-protocols and web-standards such as HTML or JavaScript. Note that some higher level protocols, such as HTTPS, are combinations of other protocols, in this case HTTP running over either SSL or TLS. ...
At ASIACRYPT 2022, Benedikt, Fischlin, and Huppert proposed the quantum herding attacks on iterative hash functions for the first time. Their attack needs exponential quantum random access memory (qRAM), more precisely \(2^{0.43n}\) quantum accessible classical memory (QRACM). As the existence of large qRAM is questionable, Benedikt et al. leave an open question on building low-qRAM quantum herding attacks.
In this paper, we answer this open question by building a quantum herding attack, where the time complexity is slightly increased from Benedikt et al.’s \(2^{0.43n}\) to ours \(2^{0.46n}\), but it does not need qRAM anymore (abbreviated as no-qRAM). Besides, we also introduce various low-qRAM or no-qRAM quantum attacks on hash concatenation combiner, hash XOR combiner, Hash-Twice, and Zipper hash functions.
The expansion of high-speed broadband access networks, with an increasing growth in the number of connected households has brought a new set of concerns related to aspects such as management, services and security, with potential consequences for communication operators, clients and third-parties. The considerable number of residential customers served by broadband networks that lack the necessary technical knowledge to manage their equipment and infrastructure, in a self-sufficient manner, together with the high bandwidth available for each permanent connection, contribute to a scenario that conventional centralized operator security and management models are unable to deal with. This thesis addresses these issues in the perspective of the operator management infrastructure, by proposing a management framework for devices and services based on a different operation paradigm in which the operator is able to extend its influence to the customer premises LAN, instead of remaining confined to its own infrastructure. This has the benefit of relieving the users from the LAN configuration and management burden, while allowing operators to deliver a better service, by easing diagnostics and configuration procedures. In this perspective, several related aspects will be addressed in the form of application scenarios, always in an integrated perspective orthogonal to the proposed management framework, namely:
• Device management: in order to integrate the heterogeneous device and management standards ecosystem of the residential network in the scope of the operator management infrastructure. By bridging both worlds, operators are able to extend their reach into the customers’ premises networks, managing all sorts of devices and services while relieving users from such burden and improving service quality.
• Exploration of new service paradigms: another aspect which is addressed in the scope of this thesis has to do with researching and evaluating new service paradigms for leveraging the benefits of broadband environments. Those value-added proposals are conceived as complementary to the existing operators’ connectivity and service portfolio, being proposed in the form of managed services.
• New security models: the specific nature of broadband network environments, together with its increasing household penetration ratio has contributed to create and/or increase a number of security issues which are growing to the point of becoming a serious threat, with repercussions at several levels, from service degradation to compromising personal information. In this perspective, a distributed security model based on the concept of shared security is proposed, bringing together operators and users in an effort to detect and fight the potential menaces which threaten modern broadband environments.
Not only these topics are of particular concern in the scope of broadband access networks, but they are also becoming increasingly relevant with the inclusion of other factors such as the introduction of integrated broadband services over IP (such as triple-play) and the expansion of the customer base. As such, his thesis proposes to contribute to this discussion by proposing innovative models for security, services and management in the context of broadband access networks.
In this chapter, we explore the potential of the Internet of Things (IoT), in making various aspects of smart cities more accessible and applicable. The IoT serves as the underlying foundation of smart cities and delve into its concept, applications, benefits, and advancements within the context of sustainable smart cities. In addition, we discussed different IoT technologies, highlighting their potential integration and application in smart cities. Finally, we explore the future development of technology in smart cities, addressing open issues, and research challenges that need to be addressed.
In the wake of the COVID-19 pandemic, a rapid digital transformation has taken place in the mental healthcare sector, with a marked shift towards telehealth services on web and mobile platforms. This transition, while advantageous in many ways, raises critical questions regarding data security and user privacy given the sensitive nature of the information exchanged. To evaluate these concerns, we undertook a rigorous security and privacy examination of 48 web services and 39 mobile applications specific to mental healthcare, utilizing tools such as MobSF, RiskInDroid, AndroBugs, SSL Labs, and Privacy Check. We also delved into privacy policies, manually evaluating how user data is acquired, disseminated, and utilized by these services. Our investigation uncovered that although a handful of mental healthcare web services comply with expert security protocols, including SSL certification and solid authentication strategies, they often lack crucial privacy policy provisions. In contrast, mobile applications exhibit deficiencies in security and privacy best practices, including underdeveloped permission modeling, absence of superior encryption algorithms, and exposure to potential attacks such as Janus, Hash Collision, and SSL Security. This research underscores the urgency to bolster security and privacy safeguards in digital mental healthcare services, concluding with pragmatic recommendations to fortify the confidentiality and security of healthcare data for all users.KeywordsSecurity and Privacy AnalysisWeb ServicesMobile ApplicationsMental HealthcareTelehealth
The Transport Layer Security (TLS) 1.0 protocol has been formally verified with CafeInMaude Proof Generator (CiMPG) and Proof Assistant (CiMPA), where CafeInMaude is the second major implementation of CafeOBJ, a direct successor of OBJ3, a canonical algebraic specification language. The properties concerned are the secrecy property of pre-master secrets and the correspondence (or authentication) property from both server and client points of view. We need to use several lemmas to formally verify that TLS 1.0 enjoys the properties. CiMPG takes proof scores written in CafeOBJ and infers proof scripts that can be checked by CiMPA. Proof scores are prone to human errors and CiMPG can be regarded as a proof score checker in that if the proof scripts inferred by CiMPG from proof scores are successfully executed with CiMPA, it is guaranteed that no human error is lurking in the proof scores. We have used the existing proof scores to show that TLS 1.0 enjoys the two properties. We needed to revise the proof scores so that CiMPG can handle them. Through the revision process, we discovered that one additional lemma is required for the revised proof scores. There are about 20 proof scores and each proof score is large. It is not reasonable to handle all proof scores at the same time with CiMPG. Thus, we handled each proof score one by one with CiMPG. There is one proof score that it took a long time to handle with CiMPG. For that proof score, we handled each induction case one by one to reduce the time taken. We describe how to revise the existing proof scores, how to find the new lemma, the lemma, how to handle each proof score one by one, and how to handle each induction case one by one as tips on checking existing large proof scores with CiMPG and CiMPA.
Dans ce travail, nous analysons des certificats SSL/TLS X.509 (utilisant le chiffrement RSA et provenant de centaines de millions de matériels connectés) à la recherche d'anomalies et étendons notamment les travaux de Hastings, Fried et Heninger (2016). Notre étude a été réalisée sur trois bases de données provenant de l'EFF (2010-2011), de l'ANSSI (2011-2017) et de Rapid7 (2017-2021). Plusieurs vulnérabilités affectant des matériels de fabricants connus furent détectées : modules de petites tailles (strictement inférieures à 1024 bits), modules redondants (utilisés par plusieurs entités), certificats invalides mais toujours en usage, modules vulnérables à l'attaque ROCA ainsi que des modules dits «PGCD-vulnérables» (c'est-à-dire des modules ayant des facteurs communs). Pour la base de données de Rapid7, dénombrant près de 600 millions de certificats (et incluant ceux des matériels récents), nous avons identifié 1,550,382 certificats dont les modules sont PGCD-vulnérables, soit 0.27% du nombre total. Cela a permis de factoriser 14,765 modules de 2048 bits ce qui, à notre connaissance, n'a jamais été fait.En analysant certains modules PGCD-vulnérables, on a pu rétro-concevoir de façon partielle le générateur de modules (de 512 bits) utilisé par certaines familles de pare-feux, ce qui a permis la factorisation instantanée de 42 modules de 512 bits, correspondant aux certificats provenant de 8,817 adresses IPv4.Après avoir constaté que la plupart des modules factorisés avaient été générés par la bibliothèque OpenSSL, on a analysé les codes sources et les méthodes en charge du processus de génération de clefs RSA de plusieurs versions de cette bibliothèque (couvrant la période 2005 à 2021). À travers des expérimentations sur des plateformes à base de processeurs ARM, où l'on s'est mis quasiment dans les mêmes conditions que les matériels vulnérables identifiés, on a réussi à remonter aux causes de la PGCD-vulnérabilité.
O IDXP usa o formato IDMEF e propõe autenticação dos parceiros de comunicação, integridade e confidencialidade por meio do protocolo BEEP. O objetivo do trabalho é propor a integração do IDMEF com um modelo XML de assinatura digital de conteúdo, denominada variante IDMEF, proporcionando segurança da mensagem com o uso de qualquer protocolo de comunicação. Como resultado, o artigo discute uma análise comparativa entre o protocolo IDXP e a variante proposta.
A disseminação das redes sem fio tem impulsionado o desenvolvimento de novas tecnologias e padrões. Entretanto, com esta evolução surgiram problemas em áreas críticas, como segurança. Este trabalho propõe melhorias na segurança em redes sem fio seguindo o padrão IEEE 802.11. Nele é proposta uma forma de integração do modelo de autenticação/autorização não hierárquico SPKI ao ambiente de rede IEEE 802.11, fazendo também uso dos protocolos de segurança EAP e TLS.
This stranded addresses an important need in the context of extending the use of ICT to the rural masses in Sri Lanka as English is the only language supported in text messaging at present. This makes this facility (which is both economical and easy) somewhat hard to be used by non-English speaking persons. For micro (single proprietor), medium scale as well as non-English literate persons, the limitation of text messaging in English only has become a barrier. It should be noted that countries such as China, Korea and Thailand have been successful in implementing their local languages in mobile phones.
This research offers an analytical view of the issue and importance of multiple language SMS capabilities as well as outlines the new possibilities and expansions in this area. Considering Asian, and in particular, complex fonts, it examines a range of possible input mechanisms incorporating characters on to a simple virtual keypad, designed as representative of all existing mobile handsets. The work is based on the recent SLS1134 Singhala Unicode standard. Language encoding, including the generalized standard UTF-8 Unicode and many other optimized coding mechanisms for Sinhala and Tamil are evaluated along with the statistical data, in order to come up with a comfortable and universal configuration. The outcome of the research is aimed at proving an add-on standard to the GSM/SMS and SLS1134, giving operators as well as manufactures the ability to standardize and use the most suitable as well as interoperable implementation.
Some of this work is still being carried out, and this document outlines the present achievement and issues.
Thus, this document proposes to establish appropriate standards for text messaging in local languages within the GSM standard. It also aims to present a protocol and standardization for the native language support features, multiple language support for text messaging, mainly focused on Singhala and Tamil, present layered physical format standards for a keypad layout and a layered hierarchical model of implementation as well as a migration and transitional framework for manufacturers, users and operators
https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/4632
Quantum computers are expected to break modern public key cryptography owing to Shor’s algorithm. As a result, these cryptosystems need to be replaced by quantum-resistant algorithms, also known as post-quantum cryptography (PQC) algorithms. The PQC research field has flourished over the past two decades, leading to the creation of a large variety of algorithms that are expected to be resistant to quantum attacks. These PQC algorithms are being selected and standardized by several standardization bodies. However, even with the guidance from these important efforts, the danger is not gone: there are billions of old and new devices that need to transition to the PQC suite of algorithms, leading to a multidecade transition process that has to account for aspects such as security, algorithm performance, ease of secure implementation, compliance and more. Here we present an organizational perspective of the PQC transition. We discuss transition timelines, leading strategies to protect systems against quantum attacks, and approaches for combining pre-quantum cryptography with PQC to minimize transition risks. We suggest standards to start experimenting with now and provide a series of other recommendations to allow organizations to achieve a smooth and timely PQC transition. Standards and recommendations for transitioning organizations to quantum-secure cryptographic protocols are outlined, including a discussion of transition timelines and the leading strategies to protect systems against quantum attacks.
In recent times people have started focusing more on healthy and purposeful lifestyle. People have started yoga and meditation and started following spiritual gurus. Many people are looking for a spiritually transforming experience that influences many facets of their consumer behavior. This has given rise to establishment of brands such as Patanjali, Sri Sri Tattva and Isha as there is a lot of affinity by the people towards spirituality and they find a sense of credibility in the products endorsed by spiritual gurus. Spiritual gurus are the new face to the FMCG sector the sale of their products and services are increasing with a rapid pace in India. The product sold by these gurus are so popular that they are giving tough competition to giant MNCs and domestic companies that have been deep-rooted in India for several decades. In this paper, we are trying to analyse the influence of spiritual gurus on the FMCG products endorsed by them on the customer purchase intention. The purpose of this study is to find out the factors that influence the customer purchase intention and to analyse the significance of these factors on customer purchase intention.Data is collected through primary and secondary methods. The research paper attempts to weave through the maze of literature available about the factors influencing the customer purchase intention regarding FMCG products endorsed by spiritual gurus as a part of secondary method of data collection. Primary method was carried out by conducting a survey with the people of all age groups who have either used the products endorsed by spiritual gurus or have an intent to use them in future; they were asked to fill a form which had set of questionnaires. Multiple regression analysis is conducted and the major predictors which greatly influences customer purchase intention are; affordability, purity, personality of the spiritual leader, durability and advertisement. Marketers can use these variables to accurately market the products for the target customers through spiritualism as a context to improve upon their products.
SSL and TLS are two secure protocols for creating secure connections over the Internet. X.509 certificate validation is important for security and needs to be performed before an SSL/TLS connection is established. Some advanced testing techniques, such as frankencert , have revealed, through randomly mutating Internet accessible certificates, that there exist unexpected, sometimes critical, validation differences among different SSL/TLS implementations. Despite these efforts, X.509 certificate validation still needs to be thoroughly tested as this work shows.
This paper tackles this challenge by proposing transcert , a coverage-directed technique to much more effectively test real-world certificate validation code. Our core insight is to (1) leverage easily accessible Internet certificates as seed certificates, and (2) use code coverage to direct certificate mutation towards generating a set of diverse certificates. The generated certificates are then used to reveal discrepancies, thus potential flaws, among different certificate validation implementations.
We implement transcert and evaluate it against frankencert , NEZHA , and RFCcert (three advanced fuzzing techniques) on five widely used SSL/TLS implementations. The evaluation results clearly show the strengths of transcert — during 10,000 iterations, transcert reveals 71 unique validation differences, 12 ×, 1.4 ×, and 7 × as many as those revealed by frankencert , NEZHA and RFCcert , respectively; it also supplements RFCcert in conformance testing of the SSL/TLS implementations against 120 validation rules, 85 of which are exclusively covered by transcert -generated certificates. We identify 17 root causes of validation differences, all of which have been confirmed and eleven have never been reported previously. The transcert -generated X.509 certificates also reveal that the primary goal of certificate chain validation is stated ambiguously in the widely-adopted PKI standard RFC 5280.
Prof. Martin Hellman presents no shortcut solutions to the Data Encryption Standard; the time-memory tradeoff is just one of many key-message exhaustion techniques. Therefore when he says, ¿DES is only marginally secure today and will be totally insecure within ten years,¿ he is totally wrong.
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intended recipient. Only he can decipher the message, since only he knows the corresponding decryption key.
A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n , of two large secret prime numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d = 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n .
Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
PKCS #6: RSA Extended Certificate Syntax Standard
- Rsa Laboratories
RSA Laboratories, "PKCS #6: RSA Extended Certificate Syntax
Standard," version 1.5, November 1993.
Secure Hash Standard
NIST FIPS PUB 180-1, "Secure Hash Standard," National
Institute of Standards and Technology, U.S. Department of Commerce,
DRAFT, 31 May 1994. [TCP] ISI for DARPA, RFC 793: Transport Control
Protocol, September 1981.
- J Postel
- J Reynolds
J. Postel and J. Reynolds, RFC 854/5, May, 1993. [X509] CCITT.
Recommendation X.509: "The Directory -Authentication Framework".