RFID systems are one of the important techniques that have been used in modern technologies; these
systems rely heavily on default and random passwords. Due to the increasing use of RFID in various
industries, security and privacy issues should be addressed carefully as there is no efficient way to achieve
security in this technology. Some active tags are low cost and basic tags cannot use standard cryptographic
operations where the uses of such techniques increase the cost of these cards. This paper sheds light on the
weaknesses of RFID system and identifies the threats and countermeasures of possible attacks. For the
sake of this paper, an algorithm was designed to ensure and measure the strength of passwords used in the
authentication process between tag and reader to enhance security in their communication and defend
against brute-force attacks. Our algorithm is design by modern techniques based on entropy, password
length, cardinality, Markov-model and Fuzzy Logic
DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...IJCNCJournal
After tightening up network perimeter for dealing with external threats, organizations have woken up to the
threats from inside Local Area Networks (LAN) over the past several years. It is thus important to design
and implement LAN security strategies in order to secure assets on LAN by filtering traffic and thereby
protecting them from malicious access and insider attacks. Banking Financial Services and Insurance
(BFSI) industry is one such segment that faces increased risks and security challenges. The typical
architecture of this segment includes several thousands of users connecting from various branches over
Wide Area Network (WAN) links crossing national and international boundaries with varying network
speed to access data center resources. The objective of this work is to deploy LAN security solution to
protect the data center located at headquarters from the end user machines. A LAN security solution should
ideally provide Network Access Control (NAC) along with cleaning (securing) the traffic going through it.
Traffic cleaning itself includes various features like firewall, intrusion detection/prevention, traffic anomaly
detection, validation of asset ownership etc. LANenforcer (LE) is a device deployed in front of the data
center such that the traffic from end-user machines necessarily passes through it so that it can enforce
security. The goal of this system is to enhance the security features of a LANenforcer security system with
Intrusion Prevention System (IPS) to enable it to detect and prevent malicious network activities. IPS is
plugged into the packet path based on the configuration in such a way that the entire traffic passes through
the IPS on LE.
Security Technique and Congestion Avoidance in Mesh Networkijtsrd
Security in wireless network is one of the prime concern in todays Information Age, where information is an asset not only to an organisation but also to an individual. Security to a great extent is able to protect the network from various unauthorized attacks. On the other side implementation of security mechanisms also causes an overhead in terms of increased load in the network. Further the increased load in the network paves path to congestion which degrades the performance of the wireless network. In this paper we try to highlight various challenges pertaining to security in mesh networks and the ways of reducing security threats. We propose an improved version of AODV which has a congestion avoidance mechanism. We also use a security technique called PGP for enhanced security of Mesh network. Mankiran Kaur | Jagjit Kaur"Security Technique and Congestion Avoidance in Mesh Network" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-1 | Issue-6 , October 2017, URL: http://www.ijtsrd.com/papers/ijtsrd4690.pdf http://www.ijtsrd.com/engineering/computer-engineering/4690/security-technique-and-congestion-avoidance-in-mesh-network/mankiran-kaur
DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...IJCNCJournal
After tightening up network perimeter for dealing with external threats, organizations have woken up to the
threats from inside Local Area Networks (LAN) over the past several years. It is thus important to design
and implement LAN security strategies in order to secure assets on LAN by filtering traffic and thereby
protecting them from malicious access and insider attacks. Banking Financial Services and Insurance
(BFSI) industry is one such segment that faces increased risks and security challenges. The typical
architecture of this segment includes several thousands of users connecting from various branches over
Wide Area Network (WAN) links crossing national and international boundaries with varying network
speed to access data center resources. The objective of this work is to deploy LAN security solution to
protect the data center located at headquarters from the end user machines. A LAN security solution should
ideally provide Network Access Control (NAC) along with cleaning (securing) the traffic going through it.
Traffic cleaning itself includes various features like firewall, intrusion detection/prevention, traffic anomaly
detection, validation of asset ownership etc. LANenforcer (LE) is a device deployed in front of the data
center such that the traffic from end-user machines necessarily passes through it so that it can enforce
security. The goal of this system is to enhance the security features of a LANenforcer security system with
Intrusion Prevention System (IPS) to enable it to detect and prevent malicious network activities. IPS is
plugged into the packet path based on the configuration in such a way that the entire traffic passes through
the IPS on LE.
Security Technique and Congestion Avoidance in Mesh Networkijtsrd
Security in wireless network is one of the prime concern in todays Information Age, where information is an asset not only to an organisation but also to an individual. Security to a great extent is able to protect the network from various unauthorized attacks. On the other side implementation of security mechanisms also causes an overhead in terms of increased load in the network. Further the increased load in the network paves path to congestion which degrades the performance of the wireless network. In this paper we try to highlight various challenges pertaining to security in mesh networks and the ways of reducing security threats. We propose an improved version of AODV which has a congestion avoidance mechanism. We also use a security technique called PGP for enhanced security of Mesh network. Mankiran Kaur | Jagjit Kaur"Security Technique and Congestion Avoidance in Mesh Network" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-1 | Issue-6 , October 2017, URL: http://www.ijtsrd.com/papers/ijtsrd4690.pdf http://www.ijtsrd.com/engineering/computer-engineering/4690/security-technique-and-congestion-avoidance-in-mesh-network/mankiran-kaur
Hybrid Intrusion Detection System using Weighted Signature Generation over An...Editor IJMTER
To provide security to network we use existing Intrusion Detection System(IDS) for
identification of known attack with low false alarm,but it is not working when unknown attacks
occurs so to identify unknown attacks we use Anomaly based IDS(ADS) with high false alarm.
HIDS is the combination of IDS and ADS with their advantages for identification of known as well
as unknown attack.IDS used signature based model to identify known attack and ADS used anomaly
based model for identification of unknown attack.HIDS used internet episode rules for identify
known as well as unknown attacks.
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIESIJNSA Journal
In this paper, we examined the effect on network performance of the various strategies an attacker could adopt to launch Man-In The Middle (MITM) attacks on the wireless network, such as fleet or random strategies. In particular, we're focusing on some of those goals for MITM attackers - message delay, message dropping. According to simulation data, these attacks have a significant effect on legitimate nodes in the network, causing vast amounts of infected packets, end-to-end delays, and significant packet loss.
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFAIJNSA Journal
Intrusion Detection & Prevention Systems generally aims at detecting / preventing attacks against Information systems and networks. The basic task of IDPS is to monitor network & system traffic for any malicious packets/patterns and hence to prevent any unwarranted incidents which leads the systems to insecure state. The monitoring is done by checking each packet for its validity against the signatures formulated for identified vulnerabilities. Since, signatures are the heart & soul of an Intrusion Detection and Prevention System (IDPS), we, in this paper, discuss two methodologies we adapted in our research effort to improve the current Intrusion Detection and Prevention (IDP) systems. The first methodology RUDRAA is for formulating, verifying & validating the potential signatures to be used with IDPS. The second methodology DSP-FED is aimed at processing the signatures in less time with our proposed fast elimination method using DFA. The research objectives of this project are 1) To formulate & process potential IPS signatures to be used with Intrusion prevention system. 2) To propose a DFA based approach for signature processing which, upon a pattern match, could process the signatures faster else could eliminate it efficiently if not matched
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Both mobile operators and cybercriminals make heavy use of the SS7 protocol on previous-generation networks.
SS7 is old and vulnerable to attacks, yet will underpin the advanced networks of tomorrow. Learning more about SS7 is mission-critical for securing increasingly complex environments.
Watch the webinar to learn all about the ins and outs of SS7 for a smooth transition to 5G!
Our premium SS7 Security Analysis Report serves as a valuable knowledge base for cybersecurity specialists and network experts as they prepare for the security challenges of 2020. To access the report, go to: https://positive-tech.com/research/ss7-network-security-analysis-2020/
A Performance Analysis of Chasing Intruders by Implementing Mobile AgentsCSCJournals
An Intrusion Detection System in network fetches the intrusions information from systems by using Mobile Agents aid. Intrusion Detection System detects intrusions based on the collected information and routes the intrusion. The intelligent decisions on communications, permit agents to gain their goals more efficiently and provide more survivability and security of an agent system. The proposed model showed a formal representation of information assurance in agent messaging over a dynamic network by probability of redundant routes. The proposed Intrusion Detection System, chase intruders and collect information by the Mobile Agents. Our propose architecture is an information exchange method and chasing intrusion along with a method by implementing Mobile Agents.
In this abstract, we analyze the state of the art of end-to-end security Instant Messaging applications.
This includes the applications' network architectures, current and future challenges, and potential legal and social impact.
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
Due to extensive growth of the Internet and increasing availability of tools and methods for intruding and attacking
networks, intrusion detection has become a critical component of network security parameters. TCP/IP protocol suite is the defacto
standard for communication on the Internet. The underlying vulnerabilities in the protocols is the root cause of intrusions. Therefor
Intrusion detection system becomes an important element in network security that controls real time data and leads to huge
dimensional problem. Processing large number of packets and data in real time is very difficult and costly. Therefor data preprocessing
is necessary to remove redundant and unwanted information from packets and clean network data. Here, we are focusing on
two important aspects of intrusion detection; one is accuracy and other is performance. The layered approach of TCP/IP model can be
applied to packet pre-processing to achieve early and faster intrusion detection. Motivation for the paper comes from the large impact
data preprocessing has on the accuracy and capability of anomaly-based NIPS. In this paper it is demonstrated that high attack
detection accuracy can be achieved by using layered approach for data preprocessing in Internet. To reduce false positive rate and to
increase efficiency of detection, the paper proposed framework for preprocessing in intrusion prevention system. We experimented
with real time network traffic as well as he KDDcup99 dataset for our research.
The intention behind writing this paper on this subject is to anticipate IT students or novice in the field of data communication and network security about spoofing attacks, how vulnerable and the prevention from the attacks. Nowadays, several malicious attacks and contents are found on the internet. So, to overcome the probability of risk, it is must be implemented to prevent the end user from these. IP address spoofing is basically a technique to alter spoof the packets of original source address in the header section intended to compromise or retrieve sensitive information from another trusted host or a machine. The meaning of spoofing is to provide the false information, in the area network security and it comprises of many types which includes IP ADDRESS SPOOFING E MAIL SPOOFING WEB SPOOFING ARP ADDRESS RESOLUTION PROTOCOL SPOOFING Mr. Satish Bharadwaj | Prof. Abhijit Desai "IP Spoofing" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33246.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/33246/ip-spoofing/mr-satish-bharadwaj
Mobile operators across the globe have already started to roll out their 5G. It is here to stay and so security should be kept it mind ensuring the industry learns from the lessons of previous generous networks.
In 2020 our PT Telecom Attack Discovery (PT TAD) 5G-ready next-generation signaling firewall scored no. 1 on the security market.* Want to find out the reasons behind this accolade, then watch the record of our webinar to learn about an effective approach towards signaling security in the era of 5G.
During the live session Positive Technologies’ experts - Kirill Puzankov, Product Manager and Jimmy Jones, security telecoms expert:
explained how to implement security for Core networks quickly, efficiently and with fewer efforts
showed a demo on how telecom operators could withstand an attack or malicious actions using our next-generation Telecom Attack Discovery signaling Firewall
provided statistics and key trends in signaling security.
* According to ROCCO Signalling Firewall Vendor Performance Report 2020. https://positive-tech.com/research/rocco-report-2020/
Follow us on LinkedIn to keep up with our upcoming webinars and events: https://www.linkedin.com/company/positive-tech/
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...IJCNCJournal
Radio Frequency IDentification (RFID) and Wireless Sensor Networks (WSN) are the two most prominent wireless technologies for implementing a complete smart environment for the Internet of Things (IoT). Both RFID and WSN are resource constraint devices, which forces us to go for lightweight cryptography for security purposes. Security in terms of confidentiality, integrity, authentication, authorization, and
availability. Key management is one of the major constraints for resource constraint mobile sensor devices. This work is an extension of the work done by Kumar et al. using efficient error prediction and limit of agreement for anomaly score. This work ensures cryptographic property, availability, in RFID-WSN
integrated network through outlier detection mechanism for 50 to 5000 nodes network. Through detection ratios and anomaly scores system is tested against outliers. The proposed outlier detection mechanism identifies the inliers and outliers through anomaly score for protection against Denial-of-Service (DoS)
attack. Intruders can be detected in few milliseconds without giving any conflict to the access rights. In terms of throughput, a minimum improvement of 6.2% and a maximum of 219.9% is observed for the proposed protocol as compared to Kumar et al. Protocol and in terms of percentage of Packet Delivery Ratio (PDR), a minimum improvement of 8.9% and a maximum of 19.5% is observed for the proposed protocol as compared
to Kumar et al. protocol.
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...IJNSA Journal
In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs. However, security is one of the significant challenges for sensor network because of their deployment in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor network from external attacks, intrusion detection system needs to be introduced. Though intrusion prevention mechanism is one of the major and efficient methods against attacks, but there might be some attacks for which prevention method is not known. Besides preventing the system from some known attacks, intrusion detection system gather necessary information related to attack technique and help in the development of intrusion prevention system. In addition to reviewing the present attacks available in wireless sensor network this paper examines the current efforts to intrusion detection
system against wireless sensor network. In this paper we propose a hierarchical architectural design based intrusion detection system that fits the current demands and restrictions of wireless ad hoc sensor network. In this proposed intrusion detection system architecture we followed clustering mechanism to build a four level hierarchical network which enhances network scalability to large geographical area and use both anomaly and misuse detection techniques for intrusion detection. We introduce policy based detection mechanism as well as intrusion response together with GSM cell concept for intrusion detection architecture.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Nowadays mobile networks are the most dynamic part of critical communication infrastructures and the key instrument used to perform daily activities ranging from voice and text messaging to providing signaling for emergency services and critical infrastructure.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
In recent years, wireless sensor network (WSN) is used in several application areas resembling observance, tracking, and dominant in IoTs. for several applications of WSN, security is a crucial demand. However, security solutions in WSN disagree from ancient networks because of resource limitation and process constraints. This paper analyzes security solutions: TinySec, IEEE 802.15.4, SPINS, MiniSEC, LSec, LLSP, LISA, and LISP in WSN. This paper additionally presents characteristics, security needs, attacks, cryptography algorithms, and operation modes. This paper is taken into account to be helpful for security designers in WSNs.
Very often a lot of vehicles carry the illegal or very valuable goods and they do not have owner’s permission to unload them. In such situations, it is proposed to monitor vehicle transit via GPS tracking system. To guarantee appropriate and well-timed reaction to the interfering vehicle introductions, containers are well-appointed with the mobile GPS device and GSM modem. Furthermore door opening sensor is fixed secretly in the container. GPS device preoccupies the synchronization of container and transmissions of the information to the chief server via GSM network at static pauses. The employer can associate to the graphic user interface and monitor container traffic along with door status (was opened or not) with any computer, linked to the Internet & GSM network. Whether or not the door is opened, the alert, self-possessed of exact time, organizes and sent to the user’s mobile number.
Keywords: GPS, microcontroller, PIC 18, sensor.
With a growing selection of antenna choices and sensor ICs, SMARTRAC’s sensor tag and inlay family offers state-of-the-art products with great flexibility to accurately measure moisture and temperature conditions in industrial, healthcare and many other applications.
Sensor inlays and tags are passive UHF inlays equipped with RFMicron’s Magnus® IC family. These RFID sensor inlays offer great performance, and are a perfect choice where moisture and temperature detection is an important requirement. Their specific antenna design acts as a resistor/inductor/capacitor (RLC) tuned circuit to enable an antenna to sense its environment. The antenna converts environmental data into an impedance change, and the sensor tag IC translates this into a sensor code, as it dynamically matches antenna impedance to die impedance.
These single-chip sensor inlay and tag solutions are cost-efficient and easy to implement, and work on different surface materials ranging from textiles to metal parts to construction materials. They can be deployed where active or semi-active sensors are not practical, and involve no battery maintenance, costs or problems with product lifetime or recycling. Delivery formats are dry and wet to suit all converting-industry needs.
Hybrid Intrusion Detection System using Weighted Signature Generation over An...Editor IJMTER
To provide security to network we use existing Intrusion Detection System(IDS) for
identification of known attack with low false alarm,but it is not working when unknown attacks
occurs so to identify unknown attacks we use Anomaly based IDS(ADS) with high false alarm.
HIDS is the combination of IDS and ADS with their advantages for identification of known as well
as unknown attack.IDS used signature based model to identify known attack and ADS used anomaly
based model for identification of unknown attack.HIDS used internet episode rules for identify
known as well as unknown attacks.
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIESIJNSA Journal
In this paper, we examined the effect on network performance of the various strategies an attacker could adopt to launch Man-In The Middle (MITM) attacks on the wireless network, such as fleet or random strategies. In particular, we're focusing on some of those goals for MITM attackers - message delay, message dropping. According to simulation data, these attacks have a significant effect on legitimate nodes in the network, causing vast amounts of infected packets, end-to-end delays, and significant packet loss.
DYNAMIC IDP SIGNATURE PROCESSING BY FAST ELIMINATION USING DFAIJNSA Journal
Intrusion Detection & Prevention Systems generally aims at detecting / preventing attacks against Information systems and networks. The basic task of IDPS is to monitor network & system traffic for any malicious packets/patterns and hence to prevent any unwarranted incidents which leads the systems to insecure state. The monitoring is done by checking each packet for its validity against the signatures formulated for identified vulnerabilities. Since, signatures are the heart & soul of an Intrusion Detection and Prevention System (IDPS), we, in this paper, discuss two methodologies we adapted in our research effort to improve the current Intrusion Detection and Prevention (IDP) systems. The first methodology RUDRAA is for formulating, verifying & validating the potential signatures to be used with IDPS. The second methodology DSP-FED is aimed at processing the signatures in less time with our proposed fast elimination method using DFA. The research objectives of this project are 1) To formulate & process potential IPS signatures to be used with Intrusion prevention system. 2) To propose a DFA based approach for signature processing which, upon a pattern match, could process the signatures faster else could eliminate it efficiently if not matched
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Both mobile operators and cybercriminals make heavy use of the SS7 protocol on previous-generation networks.
SS7 is old and vulnerable to attacks, yet will underpin the advanced networks of tomorrow. Learning more about SS7 is mission-critical for securing increasingly complex environments.
Watch the webinar to learn all about the ins and outs of SS7 for a smooth transition to 5G!
Our premium SS7 Security Analysis Report serves as a valuable knowledge base for cybersecurity specialists and network experts as they prepare for the security challenges of 2020. To access the report, go to: https://positive-tech.com/research/ss7-network-security-analysis-2020/
A Performance Analysis of Chasing Intruders by Implementing Mobile AgentsCSCJournals
An Intrusion Detection System in network fetches the intrusions information from systems by using Mobile Agents aid. Intrusion Detection System detects intrusions based on the collected information and routes the intrusion. The intelligent decisions on communications, permit agents to gain their goals more efficiently and provide more survivability and security of an agent system. The proposed model showed a formal representation of information assurance in agent messaging over a dynamic network by probability of redundant routes. The proposed Intrusion Detection System, chase intruders and collect information by the Mobile Agents. Our propose architecture is an information exchange method and chasing intrusion along with a method by implementing Mobile Agents.
In this abstract, we analyze the state of the art of end-to-end security Instant Messaging applications.
This includes the applications' network architectures, current and future challenges, and potential legal and social impact.
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
Due to extensive growth of the Internet and increasing availability of tools and methods for intruding and attacking
networks, intrusion detection has become a critical component of network security parameters. TCP/IP protocol suite is the defacto
standard for communication on the Internet. The underlying vulnerabilities in the protocols is the root cause of intrusions. Therefor
Intrusion detection system becomes an important element in network security that controls real time data and leads to huge
dimensional problem. Processing large number of packets and data in real time is very difficult and costly. Therefor data preprocessing
is necessary to remove redundant and unwanted information from packets and clean network data. Here, we are focusing on
two important aspects of intrusion detection; one is accuracy and other is performance. The layered approach of TCP/IP model can be
applied to packet pre-processing to achieve early and faster intrusion detection. Motivation for the paper comes from the large impact
data preprocessing has on the accuracy and capability of anomaly-based NIPS. In this paper it is demonstrated that high attack
detection accuracy can be achieved by using layered approach for data preprocessing in Internet. To reduce false positive rate and to
increase efficiency of detection, the paper proposed framework for preprocessing in intrusion prevention system. We experimented
with real time network traffic as well as he KDDcup99 dataset for our research.
The intention behind writing this paper on this subject is to anticipate IT students or novice in the field of data communication and network security about spoofing attacks, how vulnerable and the prevention from the attacks. Nowadays, several malicious attacks and contents are found on the internet. So, to overcome the probability of risk, it is must be implemented to prevent the end user from these. IP address spoofing is basically a technique to alter spoof the packets of original source address in the header section intended to compromise or retrieve sensitive information from another trusted host or a machine. The meaning of spoofing is to provide the false information, in the area network security and it comprises of many types which includes IP ADDRESS SPOOFING E MAIL SPOOFING WEB SPOOFING ARP ADDRESS RESOLUTION PROTOCOL SPOOFING Mr. Satish Bharadwaj | Prof. Abhijit Desai "IP Spoofing" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33246.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/33246/ip-spoofing/mr-satish-bharadwaj
Mobile operators across the globe have already started to roll out their 5G. It is here to stay and so security should be kept it mind ensuring the industry learns from the lessons of previous generous networks.
In 2020 our PT Telecom Attack Discovery (PT TAD) 5G-ready next-generation signaling firewall scored no. 1 on the security market.* Want to find out the reasons behind this accolade, then watch the record of our webinar to learn about an effective approach towards signaling security in the era of 5G.
During the live session Positive Technologies’ experts - Kirill Puzankov, Product Manager and Jimmy Jones, security telecoms expert:
explained how to implement security for Core networks quickly, efficiently and with fewer efforts
showed a demo on how telecom operators could withstand an attack or malicious actions using our next-generation Telecom Attack Discovery signaling Firewall
provided statistics and key trends in signaling security.
* According to ROCCO Signalling Firewall Vendor Performance Report 2020. https://positive-tech.com/research/rocco-report-2020/
Follow us on LinkedIn to keep up with our upcoming webinars and events: https://www.linkedin.com/company/positive-tech/
AVAILABILITY ASPECTS THROUGH OPTIMIZATION TECHNIQUES BASED OUTLIER DETECTION ...IJCNCJournal
Radio Frequency IDentification (RFID) and Wireless Sensor Networks (WSN) are the two most prominent wireless technologies for implementing a complete smart environment for the Internet of Things (IoT). Both RFID and WSN are resource constraint devices, which forces us to go for lightweight cryptography for security purposes. Security in terms of confidentiality, integrity, authentication, authorization, and
availability. Key management is one of the major constraints for resource constraint mobile sensor devices. This work is an extension of the work done by Kumar et al. using efficient error prediction and limit of agreement for anomaly score. This work ensures cryptographic property, availability, in RFID-WSN
integrated network through outlier detection mechanism for 50 to 5000 nodes network. Through detection ratios and anomaly scores system is tested against outliers. The proposed outlier detection mechanism identifies the inliers and outliers through anomaly score for protection against Denial-of-Service (DoS)
attack. Intruders can be detected in few milliseconds without giving any conflict to the access rights. In terms of throughput, a minimum improvement of 6.2% and a maximum of 219.9% is observed for the proposed protocol as compared to Kumar et al. Protocol and in terms of percentage of Packet Delivery Ratio (PDR), a minimum improvement of 8.9% and a maximum of 19.5% is observed for the proposed protocol as compared
to Kumar et al. protocol.
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...IJNSA Journal
In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs. However, security is one of the significant challenges for sensor network because of their deployment in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor network from external attacks, intrusion detection system needs to be introduced. Though intrusion prevention mechanism is one of the major and efficient methods against attacks, but there might be some attacks for which prevention method is not known. Besides preventing the system from some known attacks, intrusion detection system gather necessary information related to attack technique and help in the development of intrusion prevention system. In addition to reviewing the present attacks available in wireless sensor network this paper examines the current efforts to intrusion detection
system against wireless sensor network. In this paper we propose a hierarchical architectural design based intrusion detection system that fits the current demands and restrictions of wireless ad hoc sensor network. In this proposed intrusion detection system architecture we followed clustering mechanism to build a four level hierarchical network which enhances network scalability to large geographical area and use both anomaly and misuse detection techniques for intrusion detection. We introduce policy based detection mechanism as well as intrusion response together with GSM cell concept for intrusion detection architecture.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Nowadays mobile networks are the most dynamic part of critical communication infrastructures and the key instrument used to perform daily activities ranging from voice and text messaging to providing signaling for emergency services and critical infrastructure.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
In recent years, wireless sensor network (WSN) is used in several application areas resembling observance, tracking, and dominant in IoTs. for several applications of WSN, security is a crucial demand. However, security solutions in WSN disagree from ancient networks because of resource limitation and process constraints. This paper analyzes security solutions: TinySec, IEEE 802.15.4, SPINS, MiniSEC, LSec, LLSP, LISA, and LISP in WSN. This paper additionally presents characteristics, security needs, attacks, cryptography algorithms, and operation modes. This paper is taken into account to be helpful for security designers in WSNs.
Very often a lot of vehicles carry the illegal or very valuable goods and they do not have owner’s permission to unload them. In such situations, it is proposed to monitor vehicle transit via GPS tracking system. To guarantee appropriate and well-timed reaction to the interfering vehicle introductions, containers are well-appointed with the mobile GPS device and GSM modem. Furthermore door opening sensor is fixed secretly in the container. GPS device preoccupies the synchronization of container and transmissions of the information to the chief server via GSM network at static pauses. The employer can associate to the graphic user interface and monitor container traffic along with door status (was opened or not) with any computer, linked to the Internet & GSM network. Whether or not the door is opened, the alert, self-possessed of exact time, organizes and sent to the user’s mobile number.
Keywords: GPS, microcontroller, PIC 18, sensor.
With a growing selection of antenna choices and sensor ICs, SMARTRAC’s sensor tag and inlay family offers state-of-the-art products with great flexibility to accurately measure moisture and temperature conditions in industrial, healthcare and many other applications.
Sensor inlays and tags are passive UHF inlays equipped with RFMicron’s Magnus® IC family. These RFID sensor inlays offer great performance, and are a perfect choice where moisture and temperature detection is an important requirement. Their specific antenna design acts as a resistor/inductor/capacitor (RLC) tuned circuit to enable an antenna to sense its environment. The antenna converts environmental data into an impedance change, and the sensor tag IC translates this into a sensor code, as it dynamically matches antenna impedance to die impedance.
These single-chip sensor inlay and tag solutions are cost-efficient and easy to implement, and work on different surface materials ranging from textiles to metal parts to construction materials. They can be deployed where active or semi-active sensors are not practical, and involve no battery maintenance, costs or problems with product lifetime or recycling. Delivery formats are dry and wet to suit all converting-industry needs.
Apresentação sobre Indústria 4.0 demonstrando as tecnologias mais utilizadas, os conceitos, as aplicações, exemplos de utilização, abrangência no dia a dia e perfil do profissional desejado pelas indústrias.
IMAGE BASED RECOGNITION - RECENT CHALLENGES AND SOLUTIONS ILLUSTRATED ON APPL...mlaij
In this paper, problems and solutions for the automatic recognition of miscellaneous materials, especially
bulk materials are discussed. The fact that many materials, especially natural materials, have a strong
phenotypic variability resulting in high intra-class and low inter-class variability of the calculated features
poses a complex recognition problem. The recognition of components of a wheat sample or the
classification of mineral aggregates serves as an example to demonstrate different aspects in segmentation,
feature extraction, classifier design and complexity assessment. We present a technique for the
segmentation of highly overlapping and touching objects into single object images, a proposal for feature
selection and classifier parameter optimization, as well as a method to visualise the complexity of a highdimensional
recognition problem in a three-dimensional space. Every step of the pattern recognition
process needs to be optimized carefully with special attention to the risk of overfitting. Modern processors
and the application of field-programmable gate arrays as well as the outsourcing of processing steps to the
graphic processing unit speed up the calculation and make real-time computation possible also for highly
complex recognition problems such as the quality assurance of bulk materials.
A HYBRID APPROACH COMBINING RULE-BASED AND ANOMALY-BASED DETECTION AGAINST DD...IJNSA Journal
We have designed a hybrid approach combining rule-based and anomaly-based detection against DDoS
attacks. In the approach, the rule-based detection has established a set of rules and the anomaly-based
detection use one-way ANOVA test to detect possible attacks. We adopt TFN2K (Tribe Flood, the Net 2K)
as an attack traffic generator and monitor the system resource of the victim like throughput, memory
utilization, CPU utilization consumed by attack traffic. Target users of the proposed scheme are data
center administrators. The types of attack traffic have been analysed and by that we develop a defense
scheme. The experiment has demonstrated that the proposed scheme can effectively detect the attack traffic.
AN APPORACH FOR SCRIPT IDENTIFICATION IN PRINTED TRILINGUAL DOCUMENTS USING T...ijaia
In this work, we review the outcome of texture features for script classification. Rectangular White Space
analysis algorithm is used to analyze and identify heterogeneous layouts of document images. The texture
features, namely the color texture moments, Local binary pattern (LBP) and responses of Gabor, LM-filter,
S-filter, R-filter are extracted, and combinations of these are considered in the classification. In this work,
a probabilistic neural network and Nearest Neighbor are used for classification. To corrabate the
adequacy of the proposed strategy, an experiment was operated on our own data set. To study the effect of
classification accuracy, we vary the database sizes and the results show that the combination of multiple
features vastly improves the performance.
MODELING, IMPLEMENTATION AND PERFORMANCE ANALYSIS OF MOBILITY LOAD BALANCING ...IJCNCJournal
We propose in this paper a simulation implementation of Self-Organizing Networks (SON) optimization
related to mobility load balancing (MLB) for LTE systems using ns-3 [1]. The implementation is achieved
toward two MLB algorithms dynamically adjusting handover (HO) parameters based on the Reference
Signal Received Power (RSRP) measurements. Such adjustments are done with respect to loads of both an
overloaded cell and its cells’ neighbours having enough available resources enabling to achieve load
balancing. Numerical investigations through selected key performance indicators (KPIs) of the proposed
MLB algorithms when compared with another HO algorithm (already implemented in ns-3) based on A3
event [2] highlight the significant MLB gains provided in terms global network throughput, packet loss rate
and the number of successful HO without incurring significant overhead.
FLEXIBLE VIRTUAL ROUTING FUNCTION DEPLOYMENT IN NFV-BASED NETWORK WITH MINIMU...IJCNCJournal
In a conventional network, most network devices, such as routers, are dedicated devices that do not
have much variation in capacity. In recent years, a new concept of Network Functions
Virtualisation (NFV) has come into use. The intention is to implement a variety of network functions
with software on general-purpose servers and this allows the network operator to select any
capabilities and locations of network functions without any physical constraints.
This paper focuses on the deployment of NFV-based routing functions which are one of critical
virtual network functions, and present the algorithm of virtual routing function allocation that
minimize the total network cost. In addition, this paper presents the useful allocation policy of
virtual routing functions, based on an evaluation with a ladder-shaped network model. This policy
takes the ratio of the cost of a routing function to that of a circuit and traffic distribution in the
network into consideration. Furthermore, this paper shows that there are cases where the use of
NFV-based routing functions makes it possible to reduce the total network cost dramatically, in
comparison to a conventional network, in which it is not economically viable to distribute smallcapacity
routing functions
A FRAMEWORK FOR INTEGRATING USABILITY PRACTICES INTO SMALL-SIZED SOFTWARE DEV...ijseajournal
Usability now appears to be a highly important attribute for software quality; it is a critical factor that
needs to be considered by every software-development organization when developing software to improve
customer satisfaction and increase competition in the market. There exists a lack of a reference model or
framework for small-sized software-development organizations to indicate which usability practices should
be implemented, and where in the system-development life cycle they need to be considered. We offer
developers who have the objective of integrating usability practices into their development life cycle a
framework that characterizes 10 selected user-centered design (UCD) methods in relation to five relevant
criteria based on some ISO factors that have an effect on the selection of methods (ISO/TR16982). The
selection of the methods for inclusion in the framework responds to these organizations’ needs; and we
selected basic methods that are recommended, cost-effective, simple to plan and apply, and easy to learn by
developers; and which can be applied when time, resources, skills, and expertise are limited. We favor
methods that are generally applicable across a wide range of development environments. The selected
methods are organized in the framework according to the stages in the development process where they
might be applied. The only requirement for the existing development life cycle is that it to be based on an
iterative approach.
COLOR IMAGE ENCRYPTION BASED ON MULTIPLE CHAOTIC SYSTEMSIJNSA Journal
This paper proposed a novel color image encryption scheme based on multiple chaotic systems. The
ergodicity property of chaotic system is utilized to perform the permutation process; a substitution
operation is applied to achieve the diffusion effect. In permutation stage, the 3D color plain-image matrix
is converted to a 2D image matrix, then two generalized Arnold maps are employed to generate hybrid
chaotic sequences which are dependent on the plain-image’s content. The generated chaotic sequences are
then applied to perform the permutation process. The encryption’s key streams not only depend on the
cipher keys but also depend on plain-image and therefore can resist chosen-plaintext attack as well as
known-plaintext attack. In the diffusion stage, four pseudo-random gray value sequences are generated by
another generalized Arnold map. The gray value sequences are applied to perform the diffusion process by
bitxoring operation with the permuted image row-by-row or column-by-column to improve the encryption
rate. The security and performance analysis have been performed, including key space analysis, histogram
analysis, correlation analysis, information entropy analysis, key sensitivity analysis, differential analysis
etc. The experimental results show that the proposed image encryption scheme is highly secure thanks to its
large key space and efficient permutation-substitution operation, and therefore it is suitable for practical
image and video encryption
This paper presents a review & performs a comparative evaluation of few known machine learning
algorithms in terms of their suitability & code performance on any given data set of any size. In this paper,
we describe our Machine Learning ToolBox that we have built using python programming language. The
algorithms used in the toolbox consists of supervised classification algorithms such as Naïve Bayes,
Decision Trees, SVM, K-nearest Neighbors and Neural Network (Backpropagation). The algorithms are
tested on iris and diabetes dataset and are compared on the basis of their accuracy under different
conditions. However using our tool one can apply any of the implemented ML algorithms on any dataset of
any size. The main goal of building a toolbox is to provide users with a platform to test their datasets on
different Machine Learning algorithms and use the accuracy results to determine which algorithms fits the
data best. The toolbox allows the user to choose a dataset of his/her choice either in structured or
unstructured form and then can choose the features he/she wants to use for training the machine We have
given our concluding remarks on the performance of implemented algorithms based on experimental
analysis
MODEL DRIVEN WEB APPLICATION DEVELOPMENT WITH AGILE PRACTICESijseajournal
Model driven development is an effective method due to its benefits such as code transformation, increasing
productivity and reducing human based error possibilities. Meanwhile, agile software development
increases the software flexibility and customer satisfaction by using iterative method. Can these two
development approaches be combined to develop web applications efficiently? What are the challenges and
what are the benefits of this approach? In this paper, we answer these two crucial problems; combining
model driven development and agile software development results in not only fast development and
easiness of the user interface design but also efficient job tracking. We also defined an agile model based
approach for web applications whose implementation study has been carried out to support the answers we
gave these two crucial problems.
OPTIMIZATION OF NEURAL NETWORK ARCHITECTURE FOR BIOMECHANIC CLASSIFICATION TA...ijaia
Electromyogram signals (EMGs) contain valuable information that can be used in man-machine interfacing between human users and myoelectric prosthetic devices. However, EMG signals are
complicated and prove difficult to analyze due to physiological noise and other issues. Computational
intelligence and machine learning techniques, such as artificial neural networks (ANNs), serve as powerful
tools for analyzing EMG signals and creating optimal myoelectric control schemes for prostheses. This
research examines the performance of four different neural network architectures (feedforward, recurrent,
counter propagation, and self organizing map) that were tasked with classifying walking speed when given
EMG inputs from 14 different leg muscles. Experiments conducted on the data set suggest that self
organizing map neural networks are capable of classifying walking speed with greater than 99% accuracy.
GAME THEORY BASED INTERFERENCE CONTROL AND POWER CONTROL FOR D2D COMMUNICATIO...IJCNCJournal
With the current development of mobile communication services, people need personal communication of
high speed, excellent service, high quality and low latency,however, limited spectrum resources become
the most important factor to hamper improvement of cellular systems. As big amount of data traffic will
cause greater local consumption of spectrum resources, future networks are required to have appropriate
techniques to better support such forms of communication. D2D (Device-to-device) communication
technology in a cellular network makes full use of spectrum resources underlaying, reduces the load of the
base station, minimizes transmit power of the terminals and the base stations, thereby enhances the overall
throughput of the networks. Due to the use of multiplexing D2D UE (User equipment) resources and
spectrum, and the interference caused by the sharing of resources between adjacent cells, it has become a
major factor affecting coexisting of cellular subscribers and D2D users. When D2D communication
multiplexes the uplink resources, the base-stations are easily to be disturbed; when the downlink resources
are multiplexed, the users of downlink are susceptible to interference. In order to build a high-efficient
mobile network, we can meet the QoS requirements by controlling the power to suppress the interference
between the base station and a terminal user.
PREDICTING STUDENT ACADEMIC PERFORMANCE IN BLENDED LEARNING USING ARTIFICIAL ...ijaia
Along with the spreading of online education, the importance of active support of students involved in
online learning processes has grown. The application of artificial intelligence in education allows
instructors to analyze data extracted from university servers, identify patterns of student behavior and
develop interventions for struggling students. This study used student data stored in a Moodle server and
predicted student success in course, based on four learning activities - communication via emails,
collaborative content creation with wiki, content interaction measured by files viewed and self-evaluation
through online quizzes. Next, a model based on the Multi-Layer Perceptron Neural Network was trained to
predict student performance on a blended learning course environment. The model predicted the
performance of students with correct classification rate, CCR, of 98.3%.
EVALUATION OF A NEW INCREMENTAL CLASSIFICATION TREE ALGORITHM FOR MINING HIGH...mlaij
Abstract—A new model for online machine learning process of high speed data stream is proposed, to
minimize the severe restrictions associated with the existing computer learning algorithms. Most of the
existing models have three principle steps. In the first step, the system would create a model incrementally.
In the second step the time taken by the examples to complete a prescribed procedure with their arrival
speed is computed. In the third and final step of the model the size of memory required for computation is
predicted in advance. To overcome these restrictions we proposed this new data stream classification
algorithm, where the data can be partitioned into stream of trees. In this algorithm, the new data set can be
updated with the existing tree. This algorithm, called incremental classification tree algorithm, is proved to
be an excellent solution for processing larger data streams. In this paper, we present the experimental
results of our new algorithm and prove that our method would eradicate the problems of the existing
method.
Digital Disruption Proposal: FridgePilot Lewis Hill
Original idea for disruptive digital proposal-
FridgePilot will enable today’s consumers to eat better, save money and save time.
FridgePilot’s secret ingredient is that it communicates with RFID sensors on food packaging: silently and wirelessly updating your app with the information you need to have more taste and less waste.
ENERGY CONSUMPTION IMPROVEMENT OF TRADITIONAL CLUSTERING METHOD IN WIRELESS S...IJCNCJournal
In the traditional clustering routing protocol of wireless sensor network, LEACH protocol (Low Energy
Adaptive Clustering Hierarchy) is considered to have many outstanding advantages in the implementation
of the hierarchy according to low energy adaptive cluster to collect and distribute the data to the base
station. The main objective of LEACH is: To prolong life time of the network, reduce the energy
consumption by each node, using the data concentration to reduce bulletins in the network. However, in the
case of large network, the distance from the nodes to the base station is very different. Therefore, the
energy consumption when becoming the host node is very different but LEACH is not based on the
remaining energy to choose the host node, which is based on the number of times to become the host node
in the previous rounds. This makes the nodes far away from the base station lose power sooner.
In this paper, we give a new routing protocol based on the LEACH protocol in order to improve operating
time of sensor network by considering energy issues and distance in selecting the cluster-head (CH), at that
time the nodes with high energy and near the base station (BS) will have a greater probability of becoming
the cluster-head than the those in far and with lower energy.
Radio Frequency Identification RFID tags generally belong to a single domain system which is called has RFID single domain system. Till date, most of the researches in the RFID single domain system have been authentication protocol against a variety of attacks. This topic generally describes about the security and privacy mechanism in RFID multi domain which is further divided into three sub topics that is RFID forehand system security, RFID backhand system security and RFID inter domain system security. Pawankumar Tanavarappu ""A Security Framework in RFID"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-2 , February 2020,
URL: https://www.ijtsrd.com/papers/ijtsrd30217.pdf
Paper Url : https://www.ijtsrd.com/computer-science/computer-network/30217/a-security-framework-in-rfid/pawankumar-tanavarappu
A research survey rfid security & privacy issuecsandit
“Information security and privacy” is one of the major challenges in the communication world
of IT as each and every information we pass need to be secured enough to the extent that it
doesn’t hurt anyone’s privacy. In trace and track world RFID play a pivotal role. We cannot
track people as it causes a privacy risk. Migration of data to cloud also comes under threat as
many things cannot be control over there. A trusted database is needed which can maintain and
enforce the privacy policy. In order to cater all these requirements, a secure, cheap and
complex computation encryption-decryption algorithm is required to meet this challenge.
This paper is based on the research survey of previous and current security and privacy
techniques used for securing RFID tag and reader communication and their impact on real
world.
A RESEARCH SURVEY: RFID SECURITY & PRIVACY ISSUEcscpconf
“Information security and privacy” is one of the major challenges in the communication world
of IT as each and every information we pass need to be secured enough to the extent that it
doesn’t hurt anyone’s privacy. In trace and track world RFID play a pivotal role. We cannot
track people as it causes a privacy risk. Migration of data to cloud also comes under threat as
many things cannot be control over there. A trusted database is needed which can maintain and
enforce the privacy policy. In order to cater all these requirements, a secure, cheap and
complex computation encryption-decryption algorithm is required to meet this challenge.
This paper is based on the research survey of previous and current security and privacy
techniques used for securing RFID tag and reader communication and their impact on real
world.
Radio Frequency Identification RFID is a programmed innovation and helps machines or PCs to distinguish objects, record metadata or control singular focus through radio waves. Associating RFID reader to the terminal of Internet, the reader can distinguish, track and screen the articles appended with labels all inclusive, consequently, and progressively, if necessary. This is the supposed Internet of Things IOT . Radio Frequency Identification RFID is an innovation that utilizes correspondence through electromagnetic waves to trade information between a terminal and an electronic label joined to an article, with the end goal of ID and tracking Sapna Yadav | Pratibha Jha ""RFID Technology: An Overview"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-3 , April 2019, URL: https://www.ijtsrd.com/papers/ijtsrd23247.pdf
Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/23247/rfid-technology-an-overview/sapna-yadav
IoT is referred as Internet of objects and wireless sensor networks and RFID are enabled in the fields of education, health, agriculture and entertainment. The IoT is the development production of the computer science and communication technology. The vulnerable nature of IoT is related to the security and privacy issues. The user may face as the consequence of the spread of IoT technology. The survey is focused on security loopholes arising out of the information exchange technologies used in IoT. Data analytics utilizes IoT and Big Data and it faces security challenges to protect their important data. In 2020, the wide amount of data could be generated by using the technologies of IoT and Big Data. The purpose of this survey is to analyze the vulnerable security issues and risk involved in each layer of the IoT as per to our knowledge the first survey with some goals. Dr. E. J. Thomson Fedrik | A. Vinitha | B. Vanitha ""Review on Vulnerabilities of IoT Security"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd24020.pdf
Paper URL: https://www.ijtsrd.com/computer-science/computer-network/24020/review-on-vulnerabilities-of-iot-security/dr-e-j-thomson-fedrik
Internet of Things and its Enabling Technologies - RFIDSwetha Kogatam
The Internet of Things (IoT) is the interconnection of uniquely identifiable embedded computing devices within the existing Internet infrastructure.infrastructure is one such technology which enables the Internet of things.When the RFID readers abides by appropriate communication protocols and are connected to the terminal of Internet, the readers distributed throughout the world can identify, track and monitor the objects attached with tags globally, automatically, and in real time, if needed. This is the so-called Internet of Things (IOT).
A Novel RFID Readers Employee Management SystemIJMTST Journal
Radio Frequency Identification (RFID) is a new generation of Auto Identification and Data collection technology which helps to automate business processes and allows identification of large number of tagged objects using radio waves. RFID based Employee Management System (EMS) would allow complete hands-free access control, monitoring the whereabouts of employee and record the attendance of the employee as well. The access tag can be read up to 5 (~16 feet) meters from the RFID reader, which usually eliminates the need to handle the tag or to walk very close to the reader. This freedom is particularly important to handicapped workers, staff carrying packages. The proposed system is based on UHF RFID readers, supported with antennas at gate and transaction sections, and employee identification cards containing RFID transponders which are able to electronically store information that can be read / written even without the physical contact with the help of radio medium. This paper presents the experiments conducted to set up RFID based EMS.
Trust Metric-Based Anomaly Detection Via Deep Deterministic Policy Gradient R...IJCNCJournal
Addressing real-time network security issues is paramount due to the rapidly expanding IoT jargon. The erratic rise in usage of inadequately secured IoT- based sensory devices like wearables of mobile users, autonomous vehicles, smartphones and appliances by a larger user community is fuelling the need for a trustable, super-performant security framework. An efficient anomaly detection system would aim to address the anomaly detection problem by devising a competent attack detection model. This paper delves into the Deep Deterministic Policy Gradient (DDPG) approach, a promising Reinforcement Learning platform to combat noisy sensor samples which are instigated by alarming network attacks. The authors propose an enhanced DDPG approach based on trust metrics and belief networks, referred to as Deep Deterministic Policy Gradient Belief Network (DDPG-BN). This deep-learning-based approach is projected as an algorithm to provide “Deep-Defense” to the plethora of network attacks. Confidence interval is chosen as the trust metric to decide on the termination of sensor sample collection. Once an enlisted attack is detected, the collection of samples from the particular sensor will automatically cease. The evaluations and results of the experiments highlight a better detection accuracy of 98.37% compared to its counterpart conventional DDPG implementation of 97.46%. The paper also covers the work based on a contemporary Deep Reinforcement Learning (DRL) algorithm, the Actor Critic (AC). The proposed deep learning binary classification model is validated using the NSL-KDD dataset and the performance is compared to a few deep learning implementations as well.
Trust Metric-Based Anomaly Detection via Deep Deterministic Policy Gradient R...IJCNCJournal
Addressing real-time network security issues is paramount due to the rapidly expanding IoT jargon. The erratic rise in usage of inadequately secured IoT- based sensory devices like wearables of mobile users, autonomous vehicles, smartphones and appliances by a larger user community is fuelling the need for a trustable, super-performant security framework. An efficient anomaly detection system would aim to address the anomaly detection problem by devising a competent attack detection model. This paper delves into the Deep Deterministic Policy Gradient (DDPG) approach, a promising Reinforcement Learning platform to combat noisy sensor samples which are instigated by alarming network attacks. The authors propose an enhanced DDPG approach based on trust metrics and belief networks, referred to as Deep Deterministic Policy Gradient Belief Network (DDPG-BN). This deep-learning-based approach is projected as an algorithm to provide “Deep-Defense” to the plethora of network attacks. Confidence interval is chosen as the trust metric to decide on the termination of sensor sample collection. Once an enlisted attack is detected, the collection of samples from the particular sensor will automatically cease. The evaluations and results of the experiments highlight a better detection accuracy of 98.37% compared to its counterpart conventional DDPG implementation of 97.46%. The paper also covers the work based on a contemporary Deep Reinforcement Learning (DRL) algorithm, the Actor Critic (AC). The proposed deep learning binary classification model is validated using the NSL-KDD dataset and the performance is compared to a few deep learning implementations as well.
Review of the Introduction and Use of RFIDEditor IJCATR
We live in an age where technology is an integral part of human daily life. The aim of the technology is secure, accurate,
correct use of time for mankind and nature brings it may also have disadvantages and challenges. In this paper we describe the RFID
technology. Today, this technology in hospitals, shops, airports, tracking birds are used. It can be used in hospital intensive care unit
for monitoring and remote patient care, which causes it to print patients and physicians are not required to comply with very close
distance, the result of which can cause safety Patients and physicians should be. The security technology implementation is a
challenge. This paper introduces the applications, the challenges we have this technology.
Similar to ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH AND MARKOV MODEL (20)
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH AND MARKOV MODEL
1. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
DOI: 10.5121/ijnsa.2016.8402 19
ENHANCE RFID SECURITY AGAINST BRUTE FORCE
ATTACK BASED ON PASSWORD STRENGTH AND
MARKOV MODEL
Dr. Adwan Yasin1
and Fadi AbuAlrub2
1
Computer Science Department, Arab American University
Jenin - Palestine
2
Computer Science Department, Arab American University
Jenin - Palestine
ABSTRACT
RFID systems are one of the important techniques that have been used in modern technologies; these
systems rely heavily on default and random passwords. Due to the increasing use of RFID in various
industries, security and privacy issues should be addressed carefully as there is no efficient way to achieve
security in this technology. Some active tags are low cost and basic tags cannot use standard cryptographic
operations where the uses of such techniques increase the cost of these cards. This paper sheds light on the
weaknesses of RFID system and identifies the threats and countermeasures of possible attacks. For the
sake of this paper, an algorithm was designed to ensure and measure the strength of passwords used in the
authentication process between tag and reader to enhance security in their communication and defend
against brute-force attacks. Our algorithm is design by modern techniques based on entropy, password
length, cardinality, Markov-model and Fuzzy Logic.
KEYWORDS
RFID, brute-force attack, Markov-model, entropy, fuzzy logic.
1. INTRODUCTION
IN order to achieve security and privacy protection in the RFID system, we studied
the RFID environment concerning how it works, its key components as well as
threats and countermeasures of this technology in order to determine the attacks that
still need for further research. [1][2]
Due to the limited size and cost of RFID systems, commonly used encryption
techniques do not meet the desired security requirements. Thus; it is important to
develop a new technique that enhances the security of RFID communication.
When the password is weak, it can be broken easily by hackers by using brute-force
attack. The aim of this paper is to develop a new algorithm that generates strong
passwords which can withstand brute-force attacks and tests the strength of
generated passwords, and to integrate this algorithm with other authentication
algorithms to enhance the security of RFID communication.
2. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
20
1.1 PROBLEM STATEMENT
Although most of the focus in RFID technology is on privacy, we should be more aware
about information security issues in this technology. The weakness interest in
information security in RFID technology makes it easy to access sensitive
information that use this technology, which is an opportunity for manipulation, and
theft of critical information through eavesdrop the communication between the tag
and the reader. [1][3]
Due to the growing cost of existing encryption techniques, this will add to the cost of
RFID systems which makes the design of new algorithms to ensure data security a
challenge, and the unsafe communication channels which provide a non-secure
environment for the exchange of information between the tag and the reader, it is
necessary to protect these channels with a new low-cost encryption technology. And
the use of non-cryptography based authentication with a random number doesn’t
provide enough security. [3][5]
In this paper, we will study different RFID attacks and the countermeasures for these
attacks. We will also categorize the attacks and the countermeasure actions to select one
of the most dangerous attacks that are not covered completely with security controls to
enhance security on RFID based on the chosen attack.
2. RFID SYSTEM OVERVIEW
2.1 RFID TECHNOLOGY
RFID stands for Radio Frequency Identification that uses radio waves to transmit the
identification as a unique serial number for an object wirelessly. RFID is deemed one of
the most widespread technologies that use radio waves to track, classify, detect and
uniquely identify a variety of objects (i.e., merchandise, people, and assets), it doesn’t
need line-of-sight scanning as it uses waves. RFID uses serial number to identify the
objects with its full information; it stores the object on a microchip that is connected to
an antenna (this combination called tags). [1]
2.2 RFID ENVIRONMENT
RFID environment consists of the following components as shown in Figure 1: [1]
Figure 1. RFID System Components
3. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
21
1. RFID Tags
There are two main kinds of RFID Tags: [1]
• Passive Tags
• Active Tags which have larger memories up to 128 KB.[20]
2. RFID Reader
3. RFID Middleware
4. Electronic Product Code (EPC): A unique code for objects stored in RFID tags
memory, matching the same functionality of barcode numbering scheme (UPC).
This code is a 96-bit number as in Figure 2.
Figure 2. EPC Tags [21]
2.3 HOW DOES RFID WORK?
RFID tag store a unique identity code in its read-only or rewrites internal memory
depending on type and application. The reader identifies the tag through the magnetic
field frequencies. After authentication is done, the tag sends its unique serial and all
information to the reader who, in turn, sends these data to the application side through
middleware. The middleware is an interface between readers, tags, application and
database. When tags send their identification to the reader and the system will match
tags’ code with the corresponding data existing in the database. The result determines if
the next processing will be accepted or rejected as shown in Figure 3. [1]
Figure 3. RFID Communications
4. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
22
2.4 RFID LAYERS COMMUNICATION
It’s very important to understand the communication process between RFID components
through the system. In order to do that, we should understand the OSI model for RFID
system.
The OSI model is the model that is responsible for data communication through the
system; it consists of logical layers that define the requirements of communication
between tag and reader.
Figure 4. RFID Layers Communication [4]
3. RFID THREATS AND SECURITY ATTACKS
With the widespread usage of RFID, the big challenges to RFID applications in- creased,
therefore; security and privacy protection become important. RFID applications are
exposed to different types of malicious attacks ranging from passive eavesdropping to
active interference. In order to understand RFID attacks; it’s important to understand and
summarize RFID weaknesses. This part explains and classifies the most important RFID
attacks and their countermeasures. [4]
RFID threats come in these main layers: physical, network transport, application,
Multilayer layer and Strategic Layer, classified based on their (integrity, confidentiality,
and availability) as shown in Table 1. [7]
Table 1. Major RFID Threats [4]
Physical Layer Network-
transport layer
Application
layer
Multilayer
Attacks
Strategic
Layer
Temporarily
disabling tag and
permanently
disabling tag.
Eavesdropping(or
Skimming)
Tag
modification
Man in Middle
Attack
Privacy
Threats
Spoofing Replay
Cloning Denial of Service
Attack
Impersonation Cryptography
Attacks
Traffic Analysis
5. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
23
4. RFID ATTACK CATEGORIZATION BY CIA
There are many attacks on RFID systems and these attacks can be classified based on
integrity, availability and confidentiality as shown in Table 2.
Table 2. RFID Attack Categorization by CIA
5. RFID IMPACTS AND COUNTERMEASURES
Institutions put the necessary measures for achieving security and privacy. Risk
management is one of the best means of calculating the risk in order to develop the
necessary countermeasures for the risk prevention. Risks are calculated by assessing the
threats as well as their impact on the institution, vulnerability and the likelihood. Note
that the impacts of threats are related to CIA principle. In this section, we will discuss
the effects of each threat and the appropriate countermeasure for each. [2]
It’s important to analyze threat countermeasures when the organization determines the
threats. We have already checked some other papers and calculated the number of
countermeasures for each threat in order to focus our research on the threats that do not
have adequate countermeasures as shown in Table 3. [2]
Reviewing the effects of RFID threats with CIA principle, we became able to determine
which threat to focus on based on concerning relative importance of these threats for the
institution. Depending on the results shown in Table 3, we chose cryptography attacks
and focused on brute force attack due to the lack of its countermeasures. [2]
6. CRYPTOGRAPHIC ATTCAKS
In this attack, the attacker breaks these algorithms and tries to get the data that is
stored in a tag. Brute force attack is mostly used in cryptography to break the
encrypted algorithms.
6.1 BRUTE-FORCE ATTACK
Brute-force attack is an attack where software or tools are used to guess password and
get access to sensitive data, in this attack, series of all possible passwords are sent in an
6. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
24
attempt to guess the used password and obtain access. To protect our data against this
attack, the password used should be powerful enough. When the strength of password
increased, it will take more time to guess it. In addition to using a strong password,
powerful encryption can be used at the same time to provide a very high level of security
for your data. [10][13]
There are many things to take into consideration in this kind of attack: a group of
passwords to test, how fast the hacker can check whether potential passwords are valid or
not, how long it would take the hacker to break the password as well as the possible rate of
success for breaking a specific password.[11]
The feasibility of brute force relies on the domain of input characters of the password
and the length of the password. Table 4 shows the number of possible passwords for a
given password length and character set, as well as how long it would take to crack
passwords of that type.[12]
When we create the password we use the following collections:
Numbers (0 to 9); that leaves us with 10 numbers. Characters (A-Z or a-z); 26 for
upper-case letters and 26 for lower-case letters, so that the total is 52. Special
Symbols (! @,., #, $, %, ˆ,& , and more) that are about 32.
The formula used to count the number of combinations to try is: Total
Combinations = Possible character password length
Table 4. RFID Cracking Time
7. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
25
7. RELATED WORK
The authors in paper [5] proposed an algorithm to ensure the security of authentication
between RFID tag and reader without the need to use costly encryption techniques, and
they are adopted in the design of the algorithm on matrix multiplication.
The algorithm assumes that each tag and reader stores a square matrix, and each of
them stores one matrix and the inverse of the matrix which exist in the other end
of the same size. The tag and the reader share the key K. With the knowledge that
the selected key and matrices are generated randomly by both the tag and the
reader. [5][6]
The algorithm description is shown in Figure 6.
Figure 6. Secure Tag Identification Algorithms [5]
7.1 ALGORITHM LIMITATIONS
The proposed algorithm uses a key and matrix of size 24 bytes which is fairly small, and
makes it possible for a hacker to guess each of the key and the matrix using a brute force
attack. Generating multiple keys in each phase and store these keys in RFID tags
consume their resources taking in consideration the limitation in their memory. [5][6]
The keys and matrices are generated randomly with small size and using brute-force
techniques an intruder can easily guess these keys and matrices used in this algorithm.
Data Security violates are strongly related to randomness. Weak random numbers
and impairment in the authentication protocol allows any key of a cryptographic
RFID to be found in a matter of seconds. [14]
Given that random numbers are used to secure our information, it will come as no
surprise that the performance and characteristics of random number generators have a
robust impact on security. To put it simply, attackers don’t crack encryption, they rob
or guess keys. Poor quality or insufficient quantities of random numbers have the
8. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
26
effect of creating that much easier, decreasing security to well below its designed level
and making the overall system vulnerable. [15]
8. CONTRIBUTION
The algorithm used in paper [5] was taken and improved in this paper because it does
not meet the security requirements necessary for the process of encryption between
RFID tag and reader due to the use of weak key and matrices; which are small in size
and lacks complexity giving by this a possibility for hackers to guess passwords and
matrices using brute-force attack.
Thus, the idea here is to improve the previous algorithm by generating strong passwords
according to the best practices so that they would be unbreakable and integrated into the
former algorithm in order to increase its strength against brute-force attack.
The resilience of a password against brute-force attack can be determined based on
three parameters cardinality, length, and entropy. The current minimum key length
used in the previous algorithm is eight characters, so it should equal 32 characters or
more.
And as an example by choosing a cardinality of 92 constructed as in Figure 7, and by
using a password of 8 characters long, we calculated the entropy using equation
number (1), and got a result of 52.4 bits entropy. This entropy measures the number of
guesses the hacker need to break a password using a brute-force attack as follows: [17]
[19]
Entropy = (1)
Where C is cardinality and L is password length.
8.1 WHAT MAKES FOR A SECURE RANDOM GENERATOR?
One of the important parameters to explore is entropy density. Entropy is a measure of
the randomness of data. For a given throughput, lower entropy might result in keys that
are less random, making them more vulnerable to hacking. [15]
8.2 ADDRESSING BRUTE-FORCE ATTACK USING STRONG PASSWORD
One of the effective methods to resist the brute-force attack is to use a strong password
policy by reviewing the previous algorithm criticized earlier for using a randomly
generated key and lacking strength. Strong passwords which are long and consist of
symbols and letters help overcoming brute force attack. [16][6]
As there is no precise description of strong password, there are some rules to follow in
order to ensure generating a strong password that can resist brute-force:
• Passwords must consist of twelve characters at least.
• Passwords should have both capital and small letters.
9. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
27
• Passwords must contain numeric characters.
• Passwords should include punctuation.
One of the methods used to resist brute-force attack is to delay it by increasing the
number of failed attempts to break the password, with this delay we can have indications
of an attack and, therefore; take the necessary measures to resist it. [16]
8.3 PASSWORD ENTROPY
Entropy is a quality indicator for passwords and high entropy can give a better quality.
The entropy only establishes the boundary for the amount of guesses needed to crack the
password. Thus we can estimate the number of attempts used by a hacker to guess the
password. [17][19]
The entropy bits of a password measured in bits is:
• The base-2 logarithm of number of estimation to find the password.
• On average, an assailant should try half of potential passwords before finding the
correct one.
For example a password that consists of 8 characters with upper and lowercase
characters and numbers aregiven in the following equation:
E =
By using this formula it’s evident that increasing the length is more important than increasing
the cardinality of a password. If we use the formula to test this by using the two
passwords:”A13F=; 54d!” and”IhaveAOldHorse123”. The first password, if we use Table 5,
will have a cardinality of 92 and a length of 10, while the other password has a cardinality of
62 and a length of 17.
8.4 PASSWORD CARDINALITY
Entropy will show the passwords variation expressed as bits. It’s calculated by a formula
provided by Shannon (1948). Where C stands for the password cardinality which is the
amount of different elements in a set by using the values in Table 5 for the cardinality
and L stand for the length of the password and the formula is: [19]
10. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
28
Table 5. Cardinality
Figure 7. Cardinality Values [26]
8.5 MEASURING THE STRENGTH OF PASSWORDS
Measuring the strength of password is one of the important means to ensure the security
of passwords. Current means used to measure the strength of passwords do not provide
sufficient accuracy due to applying simple rules. Based on what has been explained
earlier, we have proposed a new way to measure the strength of passwords with high
accuracy using Marko-models. [18][23]
There are many algorithms and websites that evaluate the strength of passwords but
they are weak due to following simple rules such as requiring to use small and capital
letters and symbols which lead to the generation of weak passwords. [18][23]
Entropy is one of the important measures used to measure the strength of passwords and
evaluate their resistance against brute-force attack. It assesses the strength of password
and it is approved by the National Institute of Standards and Technology (NIST). [23]
Strength of passwords can be defined with the extent of necessary power needed to guess
and break passwords, thus; it is necessary to increase the strength of passwords in order
to increase the time needed to break them and reduce the possibility of being guessed at
all. From here we can define the entropy as the average number of possible passwords to
guess in order to reach the correct password. [18][23]
A password checker function f(x) can be defined as follows: [18][23]
f(x) = (2)
UC + LC + D + S = 26+26+10+30 = 92
UC + LC + D = 26+ 26 + 10 = 62
UC + LC + S = 26 + 26 + 30 = 82
UC + D + S = 26 + 26 + 30 = 66
..... and so on
11. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
29
Where P(x) is the probabilities.
Through this equation we can classify the password as”optimal” as the password has the
same order both when using this equation and an optimal password guessing attack.
Consequently we can classify the strength of passwords based on the time necessary to
guess the password. [23]
Comparing the results to the extent of password strength through the use of three
important sites to guess passwords which are: NIST, Google and Microsoft password
checkers. With the knowledge that each of these sites has its specific methodology to
assess the strength of passwords as shown in Table 6. [23]
Guessing is one of the standards used to determine the strength of the passwords by
setting the time needed to break the passwords and recognize them. They assess the
strength of passwords through computing the probabilities necessary to guess the a
particular password then comparing the results with the previously mentioned password
checker web sites, as shown in Table 6. [23]
Table 6. A Short List of Passwords as Scored by our Markov-Model [18]
Password Ideal Markov NIST MS Google
password 9.09 9.25 21 1 1
password1 11.52 11.83 22.5 2 1
Password1 16.15 17.08 28.5 3 1
P4ssw0rd 22.37 21.67 27 3 1
naeemha 21.96 28.42 19.5 1 0
dkriouh N/A 42.64 19.5 1 0
2GWapWis N/A 63.67 21 3 4
Wp8E&NCc N/A 67.15 27 3 4
8.6 ESTIMATING PASSWORD PROBABILITIES WITH MARKOV MODELS
Markov models proved its strength in the field of information security in general and
password security in particular. [24]
The power of Markov models based on the extent of the accuracy of calculation of
guessing passwords depending on well-known password corpus and generating
an n-gram used to calculate the probabilities of new generated passwords. This
helps us access to the most accurate results in the evaluation of of these models
strength in guessing passwords depending on a large database of frequently used
passwords. [24]
For example, suppose that we have D, E, and F. If training data shows that D is the most
probably starting character, E is the character most likely to follow D, and F is the
character most likely to follow E, then the first guess will be DEF. If the next-most-
probable character to follow E is D, the second guess will be DED, and so on. [22]
12. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
30
Goal: Guess passwords and estimate the password probabilities from real password data
(e.g. RockYou list). Several very large password datasets have been made publicly
available through leaks: the Rockyou dataset, which contains a set of 32 million
passwords. [18]
Markov assumption: these subjunctive probabilities can be approximated by a short
history, e.g., for 3-grams (history 2):
P(password) = P(pa).P(s/pa).P(s/as).P(w/ss).P(d/sw)
8.7 ESTIMATING PASSWORD PROBABILITIES WITH MARKOV MODELS
By using the n-gram used by Markov-model, the likelihood of the following character in
a string based on a prefix of length n. Hence for a given string c1,...,cm we can write:
[24]
P(c1,. . .,cm) = (ci|ci-n+1,…,ci-1) (3)
In n-gram we generate the counts of count(x1,..., xn), and the conditional probabilities
can be computed as follows: [18]
P(ci|ci-n+1,..,ci-1)=count(ci-n+1,…,ci-1,ci) / count(ci-n+1,..,ci-1,ci) (4)
n-gram database
Password Count
aaaaa 17988
aaaab 340
aaaac 303
…..
passa 1129
passb 225
…..
passw 97963
…..
zzzzz 0
Figure 8. Conditional Probability Examples
For instance: To compute the probability of the (password) with n = 5 is calculated as
shown below: P(password) = P(p)P(a/p)P(s/pa). . . P(d/swor)
p(o/assw) = count(asswo)/count(assw) = 98450/101485 = 0.97.
p(w/pass) = count(passw)/count(pass*) = 97963/114218
0.86.
13. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
31
And the probability is: P(password) = 0.0016, where the result of (password) from
RockYou database is 0.0018. [18]
And familiarized them with Table 6 compared to the results to guess passwords using
Markov model compared to the results from other famous password databases and
deduce from the table over the accuracy of the results using Markov model. [23][24]
8.8 PROPOSED WORK AND DISCUSSION
Our proposed algorithm checks the strength of generated random password based on
these parameters: length, entropy and cardinality and on an additional level of security
using Markov model which measures password strength by calculating the “guess
probability” (GP) for the password. Through this algorithm, we can put weak passwords
in a black list to easily ignore them when created another time without repeating the
previous calculations and this will save time.
Using a password of 8 characters long and a composite password which includes
symbols, numbers,... etc. Let us suppose that the value of cardinality is 92, and by
applying the entropy equation, we got a final result 52.4, and according to the
password standards we note that short passwords can be guessed easily and thus it is
necessary to increase the length of the password to be more than 32 characters
according to RFID tag features and the password should be as complex as possible.
In our algorithm, we proposed a password with a length of 32 characters and an
optimal password cardinality with a score of 92 and by applying the entropy equation
we got a result 208.7, so that our conditions will be password length >=32,
cardinality>=92, entropy >=208.7 and the “guess probability” (GP) should be over a
specific threshold. The resulting score indicates the strength of generated passwords, if it
is classified as weak passwords we put it in a black list to be ignored next time
before check and we regenerate another password, while if it is classified as strong
password we accept it.
Our proposed algorithm checks the strength of the generated password as shown in
Figure 9. In our system we chooses an active tag and the reader generates a password
based on our proposed algorithm which generates a password bigger than or equal to
32 bit and check if the password doesn’t exist in the black list, it computes the
cardinality depending on the structure of generated password. After that, the
algorithm computes the entropy which is a measurement to estimate the strength of
password to resist brute-force attack based on the value of cardinality and the length
of generated password, then the algorithm computes the probability based on Markova
model which indicates the strength of generated passwords, the proposed algorithm
should be greater than a specific threshold. Finally, by aggregating the two results
(entropy and guess probability) the final result shows the strength of password: If it is
strong it will be used in the authentication process. If not, the algorithm will add it to
a blacklist and regenerates a new password.
In order to aggregating the two results (entropy and guess probability), we suggest to use
Mamdani Fuzzy logic model. This can be done by applying two-input one-output model
which takes (entropy and guess probability) as input while the output will be the
prediction result for their composition. In fuzzy logic, we classify the inputs into
membership functions classified to (LOW, MEDIUM, HIGH) and the outputs can be
14. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
32
classified as (LOW, MEDIUM, HIGH) and through defuzzification, this model gives us a
crisp values which determines the strength of password as shown in Figure 13. [25][26]
We also proposed a mechanism to fill the matrix based on Electronic Product Code
(EPC), which contains a decimal and a hexadecimal code. In order to fill the matrix, we
used the object class part and the serial number part and excluded zeros from both of
them. Then converted the hexadecimal numbers to decimal format and filled all the
decimal numbers to the matrix as shown in Figure 10.
Figure 9. Proposed Algorithm
Figure 10. Proposed Mechanism to Fill the Matrix
15. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
33
8.9 ALGORITHM DESCRIPTION
Our enhanced algorithm enhances the security issues of the authentication process
between RFID tag and reader. This algorithm requires that both tag and reader store
two square matrices and share a key K as follows:
The tag: stores M1 and M 2−1, where M 2−1
is the inverses of M2.
The reader: stores M2 and M1−1, where M1−1
is the inverses of M1.
Database: stores information about the tags and each of the tags’ information was
indexed with a unique number X which equals to the multiplication of K and M1 (KM1).
The key K: is generated using our algorithm and a new key is generated for every
identification session.
The matrices: M1, M2, M 1−1
, M 2−1
, and the matrices are filled from EPC code as
discussed before.
In the previous algorithm, both of the matrices and the key are generated randomly
which still can be guessed through a brute-force attack. In our algorithm, on the other
hand, we used a new algorithm to generate a strong key and a mechanism that fills the
matrix making it more complicated and difficult for a hacker to guess.
The identification composes of two phases:
First phase: Tag identification. It happens when the reader send a SYNC message to the
tag and starts a session, the tag then replies with ACKN message which is X=KM1, note
that each tag is indexed in the database with a unique number X. While the tag replies, a
timer starts, and when the reader extradites a unique number X, it communicates with the
database through middleware to get the tag’s information identified by X.
Second phase: the reader authentication. In this phase the reader tries to authenticate
itself to the tag and through this process it generates a new key using our algorithm and
sends it back to the tag. While the reader makes new authentication, it generates a new
key and instead to send the whole keys back to the tag and to save the tag resources, the
reader uses XOR to get a small one key instead of all generated keys and multiply the
Knew with the matrix M2. And to obtain a new key the reader uses Xnew such that
Knew XnewM 1−1
. Then the reader sends both Y and Z resulting from the
multiplication of the new key with M2 to the tag which accepts and stores the new
key in their memory to be used in a new identification and authentication phases, and
at this time the tag stops the timer and the tag and so on.
In case of failure of the reader to be authenticated to the tag, the tag will stop the
connection until reset and it can create one authentication at a session time.
The proposed algorithm is shown in Figure 11 and Figure 12.
16. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
34
Figure 11. Propose Model for Secure Tag Identification Algorithm
Figure 12. Proposed Secure Tag Identification Algorithm
17. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
35
Figure 13. Mamdani Fuzzy Logic Model to Measure Password Strength
9. CONCLUSION AND FUTURE WORK
It can be positively concluded that our algorithm ensures RFID authentication
security against brute-force attack. The algorithm prevents generated passwords that
fail even a single condition. In order to be accepted, a password should pass all
conditions of length, cardinality, and entropy and Markov probability. Our future
work will be on the implementation part of the proposed algorithm by analyzing the
results and comparing them with such algorithms.
18. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
36
Table 3. RFID Threats and Countermeasures for all Layers
REFERENCES
[1] Mandeep Kaur, Manjeet Sandhu, Neeraj Mohan and Parvinder S. Sandhu, (2011) ” RFID Technology
Principles, Advantages, Limitations & Its Applications”, International Journal of Computer and
Electrical Engineering, Vol.3, No.1, 151-157 ISSN: 1793-8163, February, 2011. DOI:
10.7763/IJCEE.2011.V3.306
[2] Nidhi Chauhan, (2014) ” Vulnerability and Countermeasures of RFID System”, International Journal
of Engineering and Technical Research (IJETR) ISSN: 2321-0869, Volume-2, Issue-9, September
2014
[3] Dong-Her Shih, Chin-Yi Lin and Binshan Lin, (2005) “RFID tags: Privacy and security aspects”,
International Journal of Mobile Communications Vol.3 (3):214-230. January 2005. DOI: 10.1504/
ijmc.2005.006581
[4] Gursewak Singh, Rajveer Kaur, Himanshu Sharma, (2013) ”Various Attacks and their
Countermeasure on all Layers of RFID System”, International Journal of Emerging Science and
Engineering (IJESE) ISSN: 23196378, Volume-1, Issue-5, March 2013
20. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
38
[25] Arshdeep Kaur, Amrit Kaur, (2012) ” Comparison of Mamdani-Type and Sugeno-Type Fuzzy
Inference Systems for Air Conditioning System”, International Journal of Soft Computing and
Engineering (IJSCE) ISSN: 2231-2307, Volume-2, Issue-2, May 2012. DOI: 10.1109/
icacea.2015.7164799
[26] Poonam , Surya Prakash Tripathi and Praveen Kumar Shukla, (2012) ” Uncertainty Handling using
Fuzzy Logic in Rule Based Systems”, International Journal of Advanced Science and Technology
Vol. 45, August, 2012
AUTHORS’ PROFILES
Dr. Adwan Yasin PH.D Computer System Engineering /Computer security /Kiev National
Technical University of Ukraine, 1996. Master degree in computer System Engineering-
Donetsk Polytechnic institute, Ukraine, 1992. An associate professor former Dean of the
Engineering and Information Technology Faculty of the Arab American University of Jenin,
Palestine. Previously he worked as Chair Person of Computer Science Department- AAUJ,
Assistant professor of the computer Science Department -The Arab American University-
Palestine. Assistant professor of the computer & Information System Department,
Philadelphia University- Jordan. Assistant professor of the Computer science department,
Zarka Private University- Jordan. He has many publications in the fields of computer
networking and security in different international journals. His research interests Computer
Security, Computer Architecture and Computer Networks.
Fadi K M AbuAlrub received his BS in telecommunication technology from Arab
American University in Palestine, Ramallah, in 2006. He is currently working with State
Audit and Administrative Control Bureau as a software engineer and IT auditor since 2008,
and currently pursuing his Master of Computer Science from Arab American University,
Jenin, Palestine. His researches interest includes computer networking, information security,
artificial intelligence, RFID technology and data mining.