The document summarizes a research paper that proposes a method to prevent replay attacks in the Kerberos authentication protocol using triple passwords. The key aspects of the proposed method are:
1) Three passwords are stored on the Authentication Server and two passwords are sent to the Ticket Granting Server encrypted with a shared key.
2) The Ticket Granting Server sends one password to the Application Server encrypted with a shared key and the service ticket encrypted with the password received from the Authentication Server.
3) This prevents replay attacks because the attacker would not know the passwords to decrypt messages at different stages of authentication.
Comparative analysis of authentication and authorization security in distribu...eSAT Journals
Abstract In this paper different types of processes of authentication and authorization analyzed individually in a comparative way. Some time it may be seen that one process is complementary with another process so comparative analysis can detect why they are complement. Bringing a best output such as low cost, saving time, high confidentiality, adaptability etc are the results of this paper. This thesis has concluded with some recommendations that several security processes of authentication and authorization might be suitable for some in distributed system to replace the wired processes. Keywords: Authentication security, Authorization security, Access control, Security in distributed system
: While conventional cryptographic security mechanisms are essential to the overall problem, of securing wireless networks, the wireless medium is a powerful source of domain-specific information, that can complement and enhancetraditional security mechanisms . In this work a security paradigms, which exploit physical layer properties of the wireless medium, can enhance confidentiality and authentication services.In essence using the physical layer information available , we are able to continuously authenticate packets at the same layer. However ,this form of security is only possible through physical layer security mechanisms. An approach where wireless devices, interested in establishing a secret key, sample the link signature space in a physical area to collect and combine uncorrelated measurements channel based secrecy algorithms ,based on ITS key derivation protocol, in order to improve existing wireless security system had been laid down and modified as appropriate algorithms.
Comparative analysis of authentication and authorization security in distribu...eSAT Journals
Abstract In this paper different types of processes of authentication and authorization analyzed individually in a comparative way. Some time it may be seen that one process is complementary with another process so comparative analysis can detect why they are complement. Bringing a best output such as low cost, saving time, high confidentiality, adaptability etc are the results of this paper. This thesis has concluded with some recommendations that several security processes of authentication and authorization might be suitable for some in distributed system to replace the wired processes. Keywords: Authentication security, Authorization security, Access control, Security in distributed system
: While conventional cryptographic security mechanisms are essential to the overall problem, of securing wireless networks, the wireless medium is a powerful source of domain-specific information, that can complement and enhancetraditional security mechanisms . In this work a security paradigms, which exploit physical layer properties of the wireless medium, can enhance confidentiality and authentication services.In essence using the physical layer information available , we are able to continuously authenticate packets at the same layer. However ,this form of security is only possible through physical layer security mechanisms. An approach where wireless devices, interested in establishing a secret key, sample the link signature space in a physical area to collect and combine uncorrelated measurements channel based secrecy algorithms ,based on ITS key derivation protocol, in order to improve existing wireless security system had been laid down and modified as appropriate algorithms.
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Editor IJMTER
In this paper the signature of a person is taken as input which is encrypted using
hierarchical visual cryptography. By using HVC the input signature will be divided into four shares.
From that any three are taken to generate key share. Another fragmentation should handover to the
authenticated server. The authenticated server should maintain the generated key and fourth
fragmentation. Only the authorized user can be accessed. If the receiver identifies the fourth
fragmentation and decrypt they got message by using HVC. It is insecure process because anybody
can hack the decrypted message easily. For the secure process the authenticated server generate a
password while transferring a message. The authenticated person can only able to got that message.
The authenticated server checks whether the person should be authorized user or not, while starting
their conversation. It provides more security and challenged for the hackers.
Efficient and Secure Single Sign on Mechanism for Distributed NetworkIJERA Editor
Distributed network act as core part to access the various services which are available in the network. But the security related to distributed network is main concern. In this paper single sign-on SSO mechanism is introduced which gives access to all services by allowing to sign on only once by users. In this mechanism once user logs in to the Trusted Authority Center TAC then application or services which are register to trusted center will automatically verifies the user’s credentials details and these credentials like password or digital signature will be only one for all applications or services. Unlike all other previous mechanisms where in, if user wants to have access multiple services then for every service distinct user credentials (username, password) must be required. SSO act as single authentication window to user for admittance multiple service providers in networks. Previously introduced technique based SSO technology proved to be secure over well-designed SSO system, but fails to provide security during communication. So here emphasis is given on authentication as open problem and on to refining the already proposed SSO process. And to do this along with RSA algorithm which was used in previous SSO process, we will be using MAC algorithm, which is intended to provide secured pathway for communication over distributed network.TAC i.e. Trusted Authority Center is used for sending token integrated with private and shared public key to user.
Confident Technologies provide out-of-band, multifactor authentication using a highly secure and easy-to-use, image-based approach. Learn more at www.confidenttechnologies.com
An Enhanced Security System for Web Authentication IJMER
Web authentication has low security in these days. Todays, For Authentication purpose,
Textual passwords are commonly used; however, users do not follow their requirements. Users tend to
choose meaningful words from dictionaries, which make textual passwords easy tobreak and vulnerable
to dictionary or brute force attacks. Also, Textual passwords can be identified by 3rd
party software’s.
Many available graphicalpasswords have a password space that is less than or equal to the textual
passwordspace. Smart cards or tokens can be stolen.There are so many biometric authentications have
been proposed; however, users tend to resistusing biometrics because of their intrusiveness and the effect
on their privacy. Moreover,biometrics cannot be evoked.In this paper, we present and evaluate our
contribution,i.e., the OTP and 3-D password. A one-time password (OTP) is a password that isvalid for
only one login session or transaction. OTPs avoid a number of shortcomingsthat are associated with
traditional (static) passwords. The most important shortcoming that is addressed by OTPs is that, in
contrast to static passwords, they are not vulnerable to replay attacks. It means that a potential intruder
who manages to record an OTPthat was already used to log into a service or to conduct a transaction
will not be able toabuse it, since it will be no longer valid. The 3-D password is a multifactor
authenticationscheme. To be authenticated, we present a 3-D virtual environment where the
usernavigates and interacts with various objects. The sequence of actions and interactionstoward the
objects inside the 3-D environment constructs the user’s 3-D password.
In this paper, we consider ‘secure attribute based system with short ciphertext’ is a tool for implementing fine-grained access control over encrypted data, and is conceptually similar to traditional access control methods such as Role-Based Access Control. However, current ‘secure attribute based system with short ciphertext’ schemes suffer from the issue of having long decryption keys, in which the size is linear to and dependent on the number of attributes.Ciphertext-Policy ABE (CP-ABE) provides a scalable way of encrypting data such that the encryptor defines the attribute set that the decryptor needs to possess in order to decrypt the ciphertext. We propose a novel ‘secure attribute based system with short ciphertext’ scheme with constant-size decryption keys independent of the number of attributes. We found that the size can be as small as 672 bits.
Abstract: In an online security, authentication plays a crucial role in shielding resources against unauthorized and illegal use of information. Authentication processes may differ from simple password based authentication system to complex, costly and computation strengthened authentication systems. In recent days, increasing security has always been an important issue since Internet and Web Development came into actuality. Text based password is not enough to counter such problems, which is also an obsolete approach now. Consequently, this demands the need for something more secure along with being more user-friendly. Therefore, we have strained to rise the security by involving a multiple level security tactic, involving Text based using Cryptography, Grid Authentication and Image Based Password. The cryptography technique is very essential for the text based password while encrypting it with the principle of substitution method like Caesar Cipher. Session passwords are also necessary for eliminating the time factor attacks such as Brute Force attack. Grid Authentication makes the system more dynamic due ever changing nature. Image based authentication makes the system more user friendly, reliable and secure.Keywords: Cryptography, Grid Authentication, Image Based Password, Shoulder Attack.
Title: Multilevel Security and Authentication System
Author: Pratik Anap, Sanjay Gholap, Prasad Anpat, Abhijit Bhapkar
International Journal of Recent Research in Mathematics Computer Science and Information Technology
ISSN 2350-1022
Paper Publications
Unlimited Length Random Passwords for Exponentially Increased SecurityIJCSEA Journal
Presented herein is a new method of exponentially strengthening user defined passwords against cracking. The enhanced security is achieved by injecting random strings of random length at random positions in the password string before encrypting and passing the ciphertext resulting after encryption over a network to its destination. Discussed also in detail is how the randomly injected strings are separated and the original password is extracted from the ciphertext. Also explained is how the method can be applied to any other confidential information such as credit and debit card information and cryptocurrency data.
Lightning Talk #9: How UX and Data Storytelling Can Shape Policy by Mika Aldabaux singapore
How can we take UX and Data Storytelling out of the tech context and use them to change the way government behaves?
Showcasing the truth is the highest goal of data storytelling. Because the design of a chart can affect the interpretation of data in a major way, one must wield visual tools with care and deliberation. Using quantitative facts to evoke an emotional response is best achieved with the combination of UX and data storytelling.
Content personalisation is becoming more prevalent. A site, it's content and/or it's products, change dynamically according to the specific needs of the user. SEO needs to ensure we do not fall behind of this trend.
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Editor IJMTER
In this paper the signature of a person is taken as input which is encrypted using
hierarchical visual cryptography. By using HVC the input signature will be divided into four shares.
From that any three are taken to generate key share. Another fragmentation should handover to the
authenticated server. The authenticated server should maintain the generated key and fourth
fragmentation. Only the authorized user can be accessed. If the receiver identifies the fourth
fragmentation and decrypt they got message by using HVC. It is insecure process because anybody
can hack the decrypted message easily. For the secure process the authenticated server generate a
password while transferring a message. The authenticated person can only able to got that message.
The authenticated server checks whether the person should be authorized user or not, while starting
their conversation. It provides more security and challenged for the hackers.
Efficient and Secure Single Sign on Mechanism for Distributed NetworkIJERA Editor
Distributed network act as core part to access the various services which are available in the network. But the security related to distributed network is main concern. In this paper single sign-on SSO mechanism is introduced which gives access to all services by allowing to sign on only once by users. In this mechanism once user logs in to the Trusted Authority Center TAC then application or services which are register to trusted center will automatically verifies the user’s credentials details and these credentials like password or digital signature will be only one for all applications or services. Unlike all other previous mechanisms where in, if user wants to have access multiple services then for every service distinct user credentials (username, password) must be required. SSO act as single authentication window to user for admittance multiple service providers in networks. Previously introduced technique based SSO technology proved to be secure over well-designed SSO system, but fails to provide security during communication. So here emphasis is given on authentication as open problem and on to refining the already proposed SSO process. And to do this along with RSA algorithm which was used in previous SSO process, we will be using MAC algorithm, which is intended to provide secured pathway for communication over distributed network.TAC i.e. Trusted Authority Center is used for sending token integrated with private and shared public key to user.
Confident Technologies provide out-of-band, multifactor authentication using a highly secure and easy-to-use, image-based approach. Learn more at www.confidenttechnologies.com
An Enhanced Security System for Web Authentication IJMER
Web authentication has low security in these days. Todays, For Authentication purpose,
Textual passwords are commonly used; however, users do not follow their requirements. Users tend to
choose meaningful words from dictionaries, which make textual passwords easy tobreak and vulnerable
to dictionary or brute force attacks. Also, Textual passwords can be identified by 3rd
party software’s.
Many available graphicalpasswords have a password space that is less than or equal to the textual
passwordspace. Smart cards or tokens can be stolen.There are so many biometric authentications have
been proposed; however, users tend to resistusing biometrics because of their intrusiveness and the effect
on their privacy. Moreover,biometrics cannot be evoked.In this paper, we present and evaluate our
contribution,i.e., the OTP and 3-D password. A one-time password (OTP) is a password that isvalid for
only one login session or transaction. OTPs avoid a number of shortcomingsthat are associated with
traditional (static) passwords. The most important shortcoming that is addressed by OTPs is that, in
contrast to static passwords, they are not vulnerable to replay attacks. It means that a potential intruder
who manages to record an OTPthat was already used to log into a service or to conduct a transaction
will not be able toabuse it, since it will be no longer valid. The 3-D password is a multifactor
authenticationscheme. To be authenticated, we present a 3-D virtual environment where the
usernavigates and interacts with various objects. The sequence of actions and interactionstoward the
objects inside the 3-D environment constructs the user’s 3-D password.
In this paper, we consider ‘secure attribute based system with short ciphertext’ is a tool for implementing fine-grained access control over encrypted data, and is conceptually similar to traditional access control methods such as Role-Based Access Control. However, current ‘secure attribute based system with short ciphertext’ schemes suffer from the issue of having long decryption keys, in which the size is linear to and dependent on the number of attributes.Ciphertext-Policy ABE (CP-ABE) provides a scalable way of encrypting data such that the encryptor defines the attribute set that the decryptor needs to possess in order to decrypt the ciphertext. We propose a novel ‘secure attribute based system with short ciphertext’ scheme with constant-size decryption keys independent of the number of attributes. We found that the size can be as small as 672 bits.
Abstract: In an online security, authentication plays a crucial role in shielding resources against unauthorized and illegal use of information. Authentication processes may differ from simple password based authentication system to complex, costly and computation strengthened authentication systems. In recent days, increasing security has always been an important issue since Internet and Web Development came into actuality. Text based password is not enough to counter such problems, which is also an obsolete approach now. Consequently, this demands the need for something more secure along with being more user-friendly. Therefore, we have strained to rise the security by involving a multiple level security tactic, involving Text based using Cryptography, Grid Authentication and Image Based Password. The cryptography technique is very essential for the text based password while encrypting it with the principle of substitution method like Caesar Cipher. Session passwords are also necessary for eliminating the time factor attacks such as Brute Force attack. Grid Authentication makes the system more dynamic due ever changing nature. Image based authentication makes the system more user friendly, reliable and secure.Keywords: Cryptography, Grid Authentication, Image Based Password, Shoulder Attack.
Title: Multilevel Security and Authentication System
Author: Pratik Anap, Sanjay Gholap, Prasad Anpat, Abhijit Bhapkar
International Journal of Recent Research in Mathematics Computer Science and Information Technology
ISSN 2350-1022
Paper Publications
Unlimited Length Random Passwords for Exponentially Increased SecurityIJCSEA Journal
Presented herein is a new method of exponentially strengthening user defined passwords against cracking. The enhanced security is achieved by injecting random strings of random length at random positions in the password string before encrypting and passing the ciphertext resulting after encryption over a network to its destination. Discussed also in detail is how the randomly injected strings are separated and the original password is extracted from the ciphertext. Also explained is how the method can be applied to any other confidential information such as credit and debit card information and cryptocurrency data.
Lightning Talk #9: How UX and Data Storytelling Can Shape Policy by Mika Aldabaux singapore
How can we take UX and Data Storytelling out of the tech context and use them to change the way government behaves?
Showcasing the truth is the highest goal of data storytelling. Because the design of a chart can affect the interpretation of data in a major way, one must wield visual tools with care and deliberation. Using quantitative facts to evoke an emotional response is best achieved with the combination of UX and data storytelling.
Content personalisation is becoming more prevalent. A site, it's content and/or it's products, change dynamically according to the specific needs of the user. SEO needs to ensure we do not fall behind of this trend.
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
By David F. Larcker, Stephen A. Miles, and Brian Tayan
Stanford Closer Look Series
Overview:
Shareholders pay considerable attention to the choice of executive selected as the new CEO whenever a change in leadership takes place. However, without an inside look at the leading candidates to assume the CEO role, it is difficult for shareholders to tell whether the board has made the correct choice. In this Closer Look, we examine CEO succession events among the largest 100 companies over a ten-year period to determine what happens to the executives who were not selected (i.e., the “succession losers”) and how they perform relative to those who were selected (the “succession winners”).
We ask:
• Are the executives selected for the CEO role really better than those passed over?
• What are the implications for understanding the labor market for executive talent?
• Are differences in performance due to operating conditions or quality of available talent?
• Are boards better at identifying CEO talent than other research generally suggests?
The impact of innovation on travel and tourism industries (World Travel Marke...Brian Solis
From the impact of Pokemon Go on Silicon Valley to artificial intelligence, futurist Brian Solis talks to Mathew Parsons of World Travel Market about the future of travel, tourism and hospitality.
We’re all trying to find that idea or spark that will turn a good project into a great project. Creativity plays a huge role in the outcome of our work. Harnessing the power of collaboration and open source, we can make great strides towards excellence. Not just for designers, this talk can be applicable to many different roles – even development. In this talk, Seasoned Creative Director Sara Cannon is going to share some secrets about creative methodology, collaboration, and the strong role that open source can play in our work.
The Six Highest Performing B2B Blog Post FormatsBarry Feldman
If your B2B blogging goals include earning social media shares and backlinks to boost your search rankings, this infographic lists the size best approaches.
Each technological age has been marked by a shift in how the industrial platform enables companies to rethink their business processes and create wealth. In the talk I argue that we are limiting our view of what this next industrial/digital age can offer because of how we read, measure and through that perceive the world (how we cherry pick data). Companies are locked in metrics and quantitative measures, data that can fit into a spreadsheet. And by that they see the digital transformation merely as an efficiency tool to the fossil fuel age. But we need to stretch further…
Secure cloud transmission protocol (SCTP) was proposed to achieve strong authentication and secure
channel in cloud computing paradigm at preceding work. SCTP proposed with its own techniques to attain
a cloud security. SCTP was proposed to design multilevel authentication technique with multidimensional
password generations System to achieve strong authentication. SCTP was projected to develop multilevel
cryptography technique to attain secure channel. SCTP was proposed to blueprint usage profile based
intruder detection and prevention system to resist against intruder attacks. SCTP designed, developed and
analyzed using protocol engineering phases. Proposed SCTP and its techniques complete design has
presented using Petrinet production model. We present the designed SCTP petrinet models and its
analysis. We discussed the SCTP design and its performance to achieve strong authentication, secure
channel and intruder prevention. SCTP designed to use in any cloud applications. It can authorize,
authenticates, secure channel and prevent intruder during the cloud transaction. SCTP designed to protect
against different attack mentioned in literature. This paper depicts the SCTP performance analysis report
which compares with existing techniques that are proposed to achieve authentication, authorization,
security and intruder prevention.
Secure cloud transmission protocol (SCTP) was proposed to achieve strong authentication and secure
channel in cloud computing paradigm at preceding work. SCTP proposed with its own techniques to attain
a cloud security. SCTP was proposed to design multilevel authentication technique with multidimensional
password generations System to achieve strong authentication. SCTP was projected to develop multilevel
cryptography technique to attain secure channel. SCTP was proposed to blueprint usage profile based
intruder detection and prevention system to resist against intruder attacks. SCTP designed, developed and
analyzed using protocol engineering phases. Proposed SCTP and its techniques complete design has
presented using Petrinet production model. We present the designed SCTP petrinet models and its
analysis. We discussed the SCTP design and its performance to achieve strong authentication, secure
channel and intruder prevention. SCTP designed to use in any cloud applications. It can authorize,
authenticates, secure channel and prevent intruder during the cloud transaction. SCTP designed to protect
against different attack mentioned in literature. This paper depicts the SCTP performance analysis report
which compares with existing techniques that are proposed to achieve authentication, authorization,
security and intruder prevention.
Secure cloud transmission protocol (SCTP) was proposed to achieve strong authentication and secure channel in cloud computing paradigm at preceding work. SCTP proposed with its own techniques to attain a cloud security. SCTP was proposed to design multilevel authentication technique with multidimensional password generations System to achieve strong authentication. SCTP was projected to develop multilevel
cryptography technique to attain secure channel. SCTP was proposed to blueprint usage profile based intruder detection and prevention system to resist against intruder attacks. SCTP designed, developed and analyzed using protocol engineering phases. Proposed SCTP and its techniques complete design has presented using Petrinet production model. We present the designed SCTP petrinet models and its analysis. We discussed the SCTP design and its performance to achieve strong authentication, secure channel and intruder prevention. SCTP designed to use in any cloud applications. It can authorize,
authenticates, secure channel and prevent intruder during the cloud transaction. SCTP designed to protect against different attack mentioned in literature. This paper depicts the SCTP performance analysis report which compares with existing techniques that are proposed to achieve authentication, authorization, security and intruder prevention.
Secure cloud transmission protocol (SCTP) was proposed to achieve strong authentication and secure channel in cloud computing paradigm at preceding work. SCTP proposed with its own techniques to attain a cloud security. SCTP was proposed to design multilevel authentication technique with multidimensional
password generations System to achieve strong authentication. SCTP was projected to develop multilevel cryptography technique to attain secure channel. SCTP was proposed to blueprint usage profile based
intruder detection and prevention system to resist against intruder attacks. SCTP designed, developed and analyzed using protocol engineering phases. Proposed SCTP and its techniques complete design has presented using Petrinet production model. We present the designed SCTP petrinet models and its analysis. We discussed the SCTP design and its performance to achieve strong authentication, secure
channel and intruder prevention. SCTP designed to use in any cloud applications. It can authorize,
authenticates, secure channel and prevent intruder during the cloud transaction. SCTP designed to protect against different attack mentioned in literature. This paper depicts the SCTP performance analysis report
which compares with existing techniques that are proposed to achieve authentication, authorization, security and intruder prevention.
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
Cloud computing refers to a type of networked computing whereby an application can be run on connected
servers instead of local servers. Cloud can be used to store data, share resources and also to provide
services. Technically, there is very little difference between public and private cloud architecture. However,
the security and privacy of the data is a very big issue when sensitive data is being entrusted to third party
cloud service providers. Thus encryption with a fine grained access control is inevitable to enforce security
in clouds. Several techniques implementing attribute based encryption for fine grained access control have
been proposed. Under such approaches, the key management overhead is a little bit high in terms of
computational complexity. Also, secret sharing mechanisms have added complexity. Moreover, they lack
mechanisms to handle existence of traitors. Our proposed approach addresses these requirements and
reduces the overhead of the key management as well as secret sharing by using efficient algorithms and
protocols. Also, a traitor tracing technique is introduced into the cloud computing two layer encryption
environment.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Encrypted Query Processing Based Log Management in the Cloud for Improved Pot...Editor IJCATR
To address privacy concerns current implementation allows access to log records that are indirectly identified by upload-tag
values. We plan to propose a practical homomorphic encryption schemes that will allow encryption of log records in such a way that
the logging cloud can execute some queries on the encrypted logs without breaching confidentiality or privacy. Anonymous network
implement the anonymity of users and provide privacy. In this paper implement the anonymous of user by implementing anonymous
tag generation. CryptDB is a system that provides practical and provable confidentiality in the face of these attacks for applications
backed by databases. It works by executing queries over encrypted data using a collection of efficient aware encryption schemes.. It
greatly reduces the communication overhead between a log monitor and the logging cloud needed to answer queries on logs.
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...IJERA Editor
In this paper, SMCSaaS is proposed to secure email system based on Web Service and Cloud Computing
Model. The model offers end-to-end security, privacy, and non-repudiation of PKI without the associated
infrastructure complexity. The Proposed Model control risks in Cloud Computing like Insecure Application
Programming Interfaces, Malicious Insiders, Data Loss Shared Technology Vulnerabilities, or Leakage,
Account, Service, Traffic Hijacking and Unknown Risk Profile
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
Cloud computing refers to a type of networked computing whereby an application can be run on connected servers instead of local servers. Cloud can be used to store data, share resources and also to provide services. Technically, there is very little difference between public and private cloud architecture. However, the security and privacy of the data is a very big issue when sensitive data is being entrusted to third party cloud service providers. Thus encryption with a fine grained access control is inevitable to enforce security in clouds. Several techniques implementing attribute based encryption for fine grained access control have been proposed. Under such approaches, the key management overhead is a little bit high in terms of computational complexity. Also, secret sharing mechanisms have added complexity. Moreover, they lack mechanisms to handle existence of traitors. Our proposed approach addresses these requirements and reduces the overhead of the key management as well as secret sharing by using efficient algorithms and protocols. Also, a traitor tracing technique is introduced into the cloud computing two layer encryption environment.
Vehicle Ad Hoc Networks (VANETs) have become a viable technology to improve traffic flow and safety on the roads. Due to its effectiveness and scalability, the Wingsuit Search-based Optimised Link State Routing Protocol (WS-OLSR) is frequently used for data distribution in VANETs. However, the selection of MultiPoint Relays (MPRs) plays a pivotal role in WS-OLSR's performance. This paper presents an improved MPR selection algorithm tailored to WS-OLSR, designed to enhance the overall routing efficiency and reduce overhead. The analysis found that the current OLSR protocol has problems such as redundancy of HELLO and TC message packets or failure to update routing information in time, so a WS-OLSR routing protocol based on improved-MPR selection algorithm was proposed. Firstly, factors such as node mobility and link changes are comprehensively considered to reflect network topology changes, and the broadcast cycle of node HELLO messages is controlled through topology changes. Secondly, a new MPR selection algorithm is proposed, considering link stability issues and nodes. Finally, evaluate its effectiveness in terms of packet delivery ratio, end-to-end delay, and control message overhead. Simulation results demonstrate the superior performance of our improved MR selection algorithm when compared to traditional approaches.
A Novel Medium Access Control Strategy for Heterogeneous Traffic in Wireless ...IJCNCJournal
So far, Wireless Body Area Networks (WBANs) have played a pivotal role in driving the development of intelligent healthcare systems with broad applicability across various domains. Each WBAN consists of one or more types of sensors that can be embedded in clothing, attached directly to the body, or even implanted beneath an individual's skin. These sensors typically serve asingle application. However, the traffic generated by each sensor may have distinct requirements. This diversity necessitates a dual approach: tailored treatment based on the specific needs of each traffic typeand the fulfillment of application requirements, such asreliability and timeliness. Never the less, the presence of energy constraints and the unreliable nature of wireless communications make QoS provisioning under such networks a non-trivial task. In this context, the current paper introduces a novel Medium AccessControl (MAC) strategy for the regular traffic applications of WBANs, designed to significantly enhance efficiency when compared to the established MAC protocols IEEE 802.15.4 and IEEE 802.15.6, with a particular focus on improving reliability, timeliness, and energy efficiency.
May_2024 Top 10 Read Articles in Computer Networks & Communications.pdfIJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
A Topology Control Algorithm Taking into Account Energy and Quality of Transm...IJCNCJournal
The efficient use of energy in wireless sensor networks is critical for extending node lifetime. The network topology is one of the factors that have a significant impact on the energy usage at the nodes and the quality of transmission (QoT) in the network. We propose a topology control algorithm for software-defined wireless sensor networks (SDWSNs) in this paper. Our method is to formulate topology control algorithm as a nonlinear programming (NP) problem with the objective to optimizing two metrics, maximum communication range, and desired degree. This NP problem is solved at the SDWSN controller by employing the genetic algorithm (GA) to determine the best topology. The simulation results show that the proposed algorithm outperforms the MaxPower algorithm in terms of average node degree and energy expansion ratio.
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...IJCNCJournal
The integration of artificial intelligence technology with a scalable Internet of Things (IoT) platform facilitates diverse smart communication services, allowing remote users to access services from anywhere at any time. The multi-server environment within IoT introduces a flexible security service model, enabling users to interact with any server through a single registration. To ensure secure and privacy preservation services for resources, an authentication scheme is essential. Zhao et al. recently introduced a user authentication scheme for the multi-server environment, utilizing passwords and smart cards, claiming resilience against well-known attacks. This paper conducts cryptanalysis on Zhao et al.'s scheme, focusing on denial of service and privacy attacks, revealing a lack of user-friendliness. Subsequently, we propose a new multi-server user authentication scheme for privacy preservation with fuzzy commitment over the IoT environment, addressing the shortcomings of Zhao et al.'s scheme. Formal security verification of the proposed scheme is conducted using the ProVerif simulation tool. Through both formal and informal security analyses, we demonstrate that the proposed scheme is resilient against various known attacks and those identified in Zhao et al.'s scheme.
Advanced Privacy Scheme to Improve Road Safety in Smart Transportation SystemsIJCNCJournal
In -Vehicle Ad-Hoc Network (VANET), vehicles continuously transmit and receive spatiotemporal data with neighboring vehicles, thereby establishing a comprehensive 360-degree traffic awareness system. Vehicular Network safety applications facilitate the transmission of messages between vehicles that are near each other, at regular intervals, enhancing drivers' contextual understanding of the driving environment and significantly improving traffic safety. Privacy schemes in VANETs are vital to safeguard vehicles’ identities and their associated owners or drivers. Privacy schemes prevent unauthorized parties from linking the vehicle's communications to a specific real-world identity by employing techniques such as pseudonyms, randomization, or cryptographic protocols. Nevertheless, these communications frequently contain important vehicle information that malevolent groups could use to Monitor the vehicle over a long period. The acquisition of this shared data has the potential to facilitate the reconstruction of vehicle trajectories, thereby posing a potential risk to the privacy of the driver. Addressing the critical challenge of developing effective and scalable privacy-preserving protocols for communication in vehicle networks is of the highest priority. These protocols aim to reduce the transmission of confidential data while ensuring the required level of communication. This paper aims to propose an Advanced Privacy Vehicle Scheme (APV) that periodically changes pseudonyms to protect vehicle identities and improve privacy. The APV scheme utilizes a concept called the silent period, which involves changing the pseudonym of a vehicle periodically based on the tracking of neighboring vehicles. The pseudonym is a temporary identifier that vehicles use to communicate with each other in a VANET. By changing the pseudonym regularly, the APV scheme makes it difficult for unauthorized entities to link a vehicle's communications to its real-world identity. The proposed APV is compared to the SLOW, RSP, CAPS, and CPN techniques. The data indicates that the efficiency of APV is a better improvement in privacy metrics. It is evident that the AVP offers enhanced safety for vehicles during transportation in the smart city.
April 2024 - Top 10 Read Articles in Computer Networks & CommunicationsIJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
Malware is one of the threats to security of computer networks and information systems. Since malware instances are available sufficiently, there is increased interest among researchers on usage of Artificial Intelligence (AI). Of late AI-enabled methods such as machine learning (ML) and deep learning paved way for solving many real-world problems. As it is a learning-based approach, accumulated training samples help in improving thequality of training and thus leveraging malware detection accuracy. Existing deep learning methods are focusing on learning-based malware detection systems. However, there is need for improving the state of the art through ensemble approach. Towards this end, in this paper we proposed a framework known as Deep Ensemble Framework (DEF) for automatic malware detection. The framework obtains features from training samples. From given malware instance a grayscale image is generated. There is another process to extract the opcode sequences. Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) techniques are used to obtain grayscale image and opcode sequence respectively. Afterwards, a stacking ensemble is employed in order to achieve efficient malware detection and classification. Malware samples collected fromthe Internet sources and Microsoft are used for theempirical study. An algorithm known as Ensemble Learning for Automatic Malware Detection (EL-AML) is proposed to realize our framework. Another algorithm named Pre-Process is proposed to assist the EL-AML algorithm for obtaining intermediate features required by CNN and LSTM.Empirical study reveals that our framework outperforms many existing methods in terms of speed-up and accuracy.
High Performance NMF Based Intrusion Detection System for Big Data IOT TrafficIJCNCJournal
With the emergence of smart devices and the Internet of Things (IoT), millions of users connected to the network produce massive network traffic datasets. These vast datasets of network traffic, Big Data are challenging to store, deal with and analyse using a single computer. In this paper we developed parallel implementation using a High Performance Computer (HPC) for the Non-Negative Matrix Factorization technique as an engine for an Intrusion Detection System (HPC-NMF-IDS). The large IoT traffic datasets of order of millions samples are distributed evenly on all the computing cores for both storage and speedup purpose. The distribution of computing tasks involved in the Matrix Factorization takes into account the reduction of the communication cost between the computing cores. The experiments we conducted on the proposed HPC-IDS-NMF give better results than the traditional ML-based intrusion detection systems. We could train the HPC model with datasets of one million samples in only 31 seconds instead of the 40 minutes using one processor), that is a speed up of 87 times. Moreover, we have got an excellent detection accuracy rate of 98% for KDD dataset.
A Novel Medium Access Control Strategy for Heterogeneous Traffic in Wireless ...IJCNCJournal
So far, Wireless Body Area Networks (WBANs) have played a pivotal role in driving the development of intelligent healthcare systems with broad applicability across various domains. Each WBAN consists of one or more types of sensors that can be embedded in clothing, attached directly to the body, or even implanted beneath an individual's skin. These sensors typically serve asingle application. However, the traffic generated by each sensor may have distinct requirements. This diversity necessitates a dual approach: tailored treatment based on the specific needs of each traffic typeand the fulfillment of application requirements, such asreliability and timeliness. Never the less, the presence of energy constraints and the unreliable nature of wireless communications make QoS provisioning under such networks a non-trivial task. In this context, the current paper introduces a novel Medium AccessControl (MAC) strategy for the regular traffic applications of WBANs, designed to significantly enhance efficiency when compared to the established MAC protocols IEEE 802.15.4 and IEEE 802.15.6, with a particular focus on improving reliability, timeliness, and energy efficiency.
A Topology Control Algorithm Taking into Account Energy and Quality of Transm...IJCNCJournal
The efficient use of energy in wireless sensor networks is critical for extending node lifetime. The network topology is one of the factors that have a significant impact on the energy usage at the nodes and the quality of transmission (QoT) in the network. We propose a topology control algorithm for software-defined wireless sensor networks (SDWSNs) in this paper. Our method is to formulate topology control algorithm as a nonlinear programming (NP) problem with the objective to optimizing two metrics, maximum communication range, and desired degree. This NP problem is solved at the SDWSN controller by employing the genetic algorithm (GA) to determine the best topology. The simulation results show that the proposed algorithm outperforms the MaxPower algorithm in terms of average node degree and energy expansion ratio.
Multi-Server user Authentication Scheme for Privacy Preservation with Fuzzy C...IJCNCJournal
The integration of artificial intelligence technology with a scalable Internet of Things (IoT) platform facilitates diverse smart communication services, allowing remote users to access services from anywhere at any time. The multi-server environment within IoT introduces a flexible security service model, enabling users to interact with any server through a single registration. To ensure secure and privacy preservation services for resources, an authentication scheme is essential. Zhao et al. recently introduced a user authentication scheme for the multi-server environment, utilizing passwords and smart cards, claiming resilience against well-known attacks. This paper conducts cryptanalysis on Zhao et al.'s scheme, focusing on denial of service and privacy attacks, revealing a lack of user-friendliness. Subsequently, we propose a new multi-server user authentication scheme for privacy preservation with fuzzy commitment over the IoT environment, addressing the shortcomings of Zhao et al.'s scheme. Formal security verification of the proposed scheme is conducted using the ProVerif simulation tool. Through both formal and informal security analyses, we demonstrate that the proposed scheme is resilient against various known attacks and those identified in Zhao et al.'s scheme.
Advanced Privacy Scheme to Improve Road Safety in Smart Transportation SystemsIJCNCJournal
In -Vehicle Ad-Hoc Network (VANET), vehicles continuously transmit and receive spatiotemporal data with neighboring vehicles, thereby establishing a comprehensive 360-degree traffic awareness system. Vehicular Network safety applications facilitate the transmission of messages between vehicles that are near each other, at regular intervals, enhancing drivers' contextual understanding of the driving environment and significantly improving traffic safety. Privacy schemes in VANETs are vital to safeguard vehicles’ identities and their associated owners or drivers. Privacy schemes prevent unauthorized parties from linking the vehicle's communications to a specific real-world identity by employing techniques such as pseudonyms, randomization, or cryptographic protocols. Nevertheless, these communications frequently contain important vehicle information that malevolent groups could use to Monitor the vehicle over a long period. The acquisition of this shared data has the potential to facilitate the reconstruction of vehicle trajectories, thereby posing a potential risk to the privacy of the driver. Addressing the critical challenge of developing effective and scalable privacy-preserving protocols for communication in vehicle networks is of the highest priority. These protocols aim to reduce the transmission of confidential data while ensuring the required level of communication. This paper aims to propose an Advanced Privacy Vehicle Scheme (APV) that periodically changes pseudonyms to protect vehicle identities and improve privacy. The APV scheme utilizes a concept called the silent period, which involves changing the pseudonym of a vehicle periodically based on the tracking of neighboring vehicles. The pseudonym is a temporary identifier that vehicles use to communicate with each other in a VANET. By changing the pseudonym regularly, the APV scheme makes it difficult for unauthorized entities to link a vehicle's communications to its real-world identity. The proposed APV is compared to the SLOW, RSP, CAPS, and CPN techniques. The data indicates that the efficiency of APV is a better improvement in privacy metrics. It is evident that the AVP offers enhanced safety for vehicles during transportation in the smart city.
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
Malware is one of the threats to security of computer networks and information systems. Since malware instances are available sufficiently, there is increased interest among researchers on usage of Artificial Intelligence (AI). Of late AI-enabled methods such as machine learning (ML) and deep learning paved way for solving many real-world problems. As it is a learning-based approach, accumulated training samples help in improving thequality of training and thus leveraging malware detection accuracy. Existing deep learning methods are focusing on learning-based malware detection systems. However, there is need for improving the state of the art through ensemble approach. Towards this end, in this paper we proposed a framework known as Deep Ensemble Framework (DEF) for automatic malware detection. The framework obtains features from training samples. From given malware instance a grayscale image is generated. There is another process to extract the opcode sequences. Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) techniques are used to obtain grayscale image and opcode sequence respectively. Afterwards, a stacking ensemble is employed in order to achieve efficient malware detection and classification. Malware samples collected fromthe Internet sources and Microsoft are used for theempirical study. An algorithm known as Ensemble Learning for Automatic Malware Detection (EL-AML) is proposed to realize our framework. Another algorithm named Pre-Process is proposed to assist the EL-AML algorithm for obtaining intermediate features required by CNN and LSTM.Empirical study reveals that our framework outperforms many existing methods in terms of speed-up and accuracy.
High Performance NMF based Intrusion Detection System for Big Data IoT TrafficIJCNCJournal
With the emergence of smart devices and the Internet of Things (IoT), millions of users connected to the network produce massive network traffic datasets. These vast datasets of network traffic, Big Data are challenging to store, deal with and analyse using a single computer. In this paper we developed parallel implementation using a High Performance Computer (HPC) for the Non-Negative Matrix Factorization technique as an engine for an Intrusion Detection System (HPC-NMF-IDS). The large IoT traffic datasets of order of millions samples are distributed evenly on all the computing cores for both storage and speedup purpose. The distribution of computing tasks involved in the Matrix Factorization takes into account the reduction of the communication cost between the computing cores. The experiments we conducted on the proposed HPC-IDS-NMF give better results than the traditional ML-based intrusion detection systems. We could train the HPC model with datasets of one million samples in only 31 seconds instead of the 40 minutes using one processor), that is a speed up of 87 times. Moreover, we have got an excellent detection accuracy rate of 98% for KDD dataset.
IoT Guardian: A Novel Feature Discovery and Cooperative Game Theory Empowered...IJCNCJournal
Cyber intrusion attacks increasingly target the Internet of Things (IoT) ecosystem, exploiting vulnerable devices and networks. Malicious activities must be identified early to minimize damage and mitigate threats. Using actual benign and attack traffic from the CICIoT2023 dataset, this WORK aims to evaluate and benchmark machine-learning techniques for IoT intrusion detection. There are four main phases to the system. First, the CICIoT2023 dataset is refined to remove irrelevant features and clean up missing and duplicate data. The second phase employs statistical models and artificial intelligence to discover novel features. The most significant features are then selected in the third phase based on cooperative game theory. Using the original CICIoT2023 dataset and a dataset containing only novel features, we train and evaluate a variety of machine learning classifiers. On the original dataset, Random Forest achieved the highest accuracy of 99%. Still, with novel features, Random Forest's performance dropped only slightly (96%) while other models achieved significantly lower accuracy. As a whole, the work contributes substantial contributions to tailored feature engineering, feature selection, and rigorous benchmarking of IoT intrusion detection techniques. IoT networks and devices face continuously evolving threats, making it necessary to develop robust intrusion detection systems.
Enhancing Traffic Routing Inside a Network through IoT Technology & Network C...IJCNCJournal
IoT networking uses real items as stationary or mobile nodes. Mobile nodes complicate networking. Internet of Things (IoT) networks have a lot of control overhead messages because devices are mobile. These signals are generated by the constant flow of control data as such device identity, geographical positioning, node mobility, device configuration, and others. Network clustering is a popular overhead communication management method. Many cluster-based routing methods have been developed to address system restrictions. Node clustering based on the Internet of Things (IoT) protocol, may be used to cluster all network nodes according to predefined criteria. Each cluster will have a Smart Designated Node. SDN cluster management is efficient. Many intelligent nodes remain in the network. The network design spreads these signals. This paper presents an intelligent and responsive routing approach for clustered nodes in IoT networks. An existing method builds a new sub-area clustered topology. The Nodes Clustering Based on the Internet of Things (NCIoT) method improves message transmission between any two nodes. This will facilitate the secure and reliable interchange of healthcare data between professionals and patients. NCIoT is a system that organizes nodes in the Internet of Things (IoT) by grouping them together based on their proximity. It also picks SDN routes for these nodes. This approach involves selecting one option from a range of choices and preparing for likely outcomes problem addressing limitations on activities is a primary focus during the review process. Predictive inquiry employs the process of analyzing data to forecast and anticipate future events. This document provides an explanation of compact units. The Predictive Inquiry Small Packets (PISP) improved its backup system and partnered with SDN to establish a routing information table for each intelligent node, resulting in higher routing performance. Both principal and secondary roads are available for use. The simulation findings indicate that NCIoT algorithms outperform CBR protocols. Enhancements lead to a substantial 78% boost in network performance. In addition, the end-to-end latency dropped by 12.5%. The PISP methodology produces 5.9% more inquiry packets compared to alternative approaches. The algorithms are constructed and evaluated against academic ones.
IoT Guardian: A Novel Feature Discovery and Cooperative Game Theory Empowered...IJCNCJournal
Cyber intrusion attacks increasingly target the Internet of Things (IoT) ecosystem, exploiting vulnerable devices and networks. Malicious activities must be identified early to minimize damage and mitigate threats. Using actual benign and attack traffic from the CICIoT2023 dataset, this WORK aims to evaluate and benchmark machine-learning techniques for IoT intrusion detection. There are four main phases to the system. First, the CICIoT2023 dataset is refined to remove irrelevant features and clean up missing and duplicate data. The second phase employs statistical models and artificial intelligence to discover novel features. The most significant features are then selected in the third phase based on cooperative game theory. Using the original CICIoT2023 dataset and a dataset containing only novel features, we train and evaluate a variety of machine learning classifiers. On the original dataset, Random Forest achieved the highest accuracy of 99%. Still, with novel features, Random Forest's performance dropped only slightly (96%) while other models achieved significantly lower accuracy. As a whole, the work contributes substantial contributions to tailored feature engineering, feature selection, and rigorous benchmarking of IoT intrusion detection techniques. IoT networks and devices face continuously evolving threats, making it necessary to develop robust intrusion detection systems.
** Connect, Collaborate, And Innovate: IJCNC - Where Networking Futures Take ...IJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
Enhancing Traffic Routing Inside a Network through IoT Technology & Network C...IJCNCJournal
IoT networking uses real items as stationary or mobile nodes. Mobile nodes complicate networking. Internet of Things (IoT) networks have a lot of control overhead messages because devices are mobile. These signals are generated by the constant flow of control data as such device identity, geographical positioning, node mobility, device configuration, and others. Network clustering is a popular overhead communication management method. Many cluster-based routing methods have been developed to address system restrictions. Node clustering based on the Internet of Things (IoT) protocol, may be used to cluster all network nodes according to predefined criteria. Each cluster will have a Smart Designated Node. SDN cluster management is efficient. Many intelligent nodes remain in the network. The network design spreads these signals. This paper presents an intelligent and responsive routing approach for clustered nodes in IoT networks. An existing method builds a new sub-area clustered topology. The Nodes Clustering Based on the Internet of Things (NCIoT) method improves message transmission between any two nodes. This will facilitate the secure and reliable interchange of healthcare data between professionals and patients. NCIoT is a system that organizes nodes in the Internet of Things (IoT) by grouping them together based on their proximity. It also picks SDN routes for these nodes. This approach involves selecting one option from a range of choices and preparing for likely outcomes problem addressing limitations on activities is a primary focus during the review process. Predictive inquiry employs the process of analyzing data to forecast and anticipate future events. This document provides an explanation of compact units. The Predictive Inquiry Small Packets (PISP) improved its backup system and partnered with SDN to establish a routing information table for each intelligent node, resulting in higher routing performance. Both principal and secondary roads are available for use. The simulation findings indicate that NCIoT algorithms outperform CBR protocols. Enhancements lead to a substantial 78% boost in network performance. In addition, the end-to-end latency dropped by 12.5%. The PISP methodology produces 5.9% more inquiry packets compared to alternative approaches. The algorithms are constructed and evaluated against academic ones.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Francesca Gottschalk - How can education support child empowerment.pptx
Ijcnc050205
1. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.2, March 2013
REPLAY ATTACK PREVENTION IN KERBEROS
AUTHENTICATION PROTOCOL USING TRIPLE
PASSWORD
Gagan Dua1, Nitin Gautam2, Dharmendar Sharma3, Ankit Arora4
1
Department of Computer Engineering, National Institute of Technology,
Kurukshetra, India
dua.gagan@outlook.com
2
Department of Computer Engineering, Raj Kumar Goel Institute of Technology,
Ghaziabad, India
nitin.04it@hotmail.com
3
Department of Computer Engineering, Satyug Darshan Technical Campus,
Faridabad, India
d.sharma000@gmail.com
4
Department of Computer Engineering, RIMT-Institute of Engineering & Technology,
Mandi Gobindgarh, India
cankit087@gmail.com
ABSTRACT
Replay attack and password attacks are serious issues in the Kerberos authentication protocol. Many ideas
have been proposed to prevent these attacks but they increase complexity of the total Kerberos
environment. In this paper we present an improved method which prevents replay attacks and password
attacks by using Triple password scheme. Three passwords are stored on Authentication Server and
Authentication Server sends two passwords to Ticket Granting Server (one for Application Server) by
encrypting with the secret key shared between Authentication server and Ticket Granting server. Similarly,
Ticket Granting Server sends one password to Application Server by encrypting with the secret key shared
between TGS and application server. Meanwhile, Service-Granting-Ticket is transferred to users by
encrypting it with the password that TGS just received from AS. It helps to prevent Replay attack.
KEYWORDS
Kerberos Protocol, Password Attack, Authentication Server, Replay Attack, Ticket Granting Server,
Application Server
1. INTRODUCTION
Security in today’s world is a major concern. As networks grow, they provide more and more
services. Providing these services to the user in a secure way is an issue. Attackers can easily gain
information during its transmission across the network and then gain unauthorized access to the
servers, to whom they are not able to access. For example, in a distributed environment, nodes or
computer are distributed across the network, users want to access services that are stored on
servers and servers are distributed. So, in this scenario, servers should be able to authenticate all
requests for services. Authentication is a way of ensuring that no one can access the system
without providing the way that he has access right. Therefore, instead of each server check
DOI : 10.5121/ijcnc.2013.5205 59
2. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.2, March 2013
request for services, Kerberos provides a central server which does the task of authentication. If
an authorized user gains access to the resources, he may either gain access to secret information
or may damage resources such as Information stored in the database. Therefore, security is
needed at all places in today world from protecting computer resources to the protection of a
nation. But security involves implementation of measures to protect attacks. But it does not mean
that an attack ill never occur. For example, preventing an outside attacks doesn’t’ mean that you
are secure, attacks may occur from inside of organization. Researchers have proved that many
attacks occur from inside of the organization. Therefore, it is necessary to provide security inside
of an organization. Authentication protocol is one of the most classical single sign-on protocols.
A single sign-on system means that a user can access all services from the application servers
after only sign on one time in a multiple application systems. Kerberos V5 is being used at
present but there are lots of replay and password attack problems in it [1]. Kerberos V5 was
designed to overcome some of the deficiencies of Kerberos V4, but it can’t guarantee to avoid
replay and password attack. This paper provides triple layer of security. If an attacker successes in
gaining access to the ticket-granting-ticket (TGT) and obtaining Ticket-granting-service from
Ticket Granting Server (TGS), he will not be able to perform replay attack because authentication
server will ask the Ticket-Granting-Service provider (user) about the password.
2. RELATED WORK
Many schemes have been proposed to prevent replay attack in Kerberos authentication protocol.
Jian [2] proposed an optimized way to prevent password attack and replay attack in single Sign-
on system. Multiple databases were added to provide the authentication and authorization in order
to prevent replay attack. In this approach, Authentication Server sends Ticket-Granting-Ticket to
user as well as to Ticket- Granting-Server (TGS).Similarly; TGS sends Service-Granting-Ticket
to both Client and Application server. TGS and Application server, each has their own database.
They store these tickets in their database and if attacker replays Ticket-Granting-Ticket (TGT) or
Service-Granting-Ticket, they can easily detect whether this is an attack or not
A dynamic double password based sign-on protocol was proposed [3]. That protocol makes use of
two passwords that are needed during the user registration and log files concept was used. Log
file contained the details when a particular user visited to a server which could be a authentication
server, Ticket Granting Server or Application Server. Application server generates log file and
forwards to authentication server even after responding the user. Authentication server passes this
log file to clients. Similarly, Authentication server also passes its log file. Therefore, a user can
make a judgment on security of password through auditing log files and allowed to modifying the
password. So, if an attacker has captured a password, client can easily change it by looking and
analyzing at the log files.
In [4], a concept is provided to prevent replay attack in Kerberos by using a freshness which
makes use of new Symbolic Model Verifier.
Location based Kerberos authentication protocol is described in [5]. In this approach server
captures P(Y) code off all the client in the network and it assigns ticket granting ticket to the
client by encrypting session key( used for communication between TGS and client) and TGT
with the P(Y) code of user. After receiving this message, client accepts its P(Y) code using GPS
and decrypts the message. So, if an attacker is able to capture the message, then he will not be
able to decrypt the message because P(Y) code length is in several of gigabits. It will result in the
failure of the ticket due to time synchronization problems. Here, user physical location is added as
an additional message into the Kerberos protocol, which helps to determine physical location of
the message provider. Server sends (TGT) to client by encrypting session key with the hash value
60
3. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.2, March 2013
of user physical location. So, even if an attacker captures a message, he will have to break two
phase security to get session ticket and in this process, ticket time may expire.
Capturing user physical location and adding it as a new authentication factor into the Kerberos
Protocol method [7] was proposed to prevent replay attack. It used N-BAN logic (modified
version of BAN logic [6]) to apply on the modified Kerberos protocol.
Benjamin [8] proposes a method for the inspection of replay attacks on Kerberos authentication
protocol in which the protocol was specified by using the Object-Z.
Modified Symbolic Model verifier [9] approach was presented to find problems with respect to
the replay attack.
Some basic principles [10] were defined which are necessary to be used while designing the
cryptography protocols. Five different strategies are presented. By using these strategies it is
possible to design cryptographic protocols which show robustness against different classes of
replay attacks.
A new protocol for key distribution was proposed [11] after analysing the security flaws with
different protocols that are currently used for the authentication as well as for key distribution.
This proposed model is based on using symmetric keys.
This paper is further organized into the following sections: Section III provides an overview
about the Kerberos authentication protocol. The Section IV provides some limitations about
Kerberos authentication protocol. In section V, we proposed our new method to prevent replay
attack in Kerberos environment which makes use of three passwords from the users and look how
this architecture provides protection against password and replay attack.
3. OVERVIEW OF KERBEROS PROTOCOL
Kerberos is an authentication protocol which is used to authenticate users in the distributed
environment. Using Kerberos authentication protocol, a client can authenticate itself to multiple
servers using its password which is also known as the long term secret key. Client receives
Ticket-Granting-Ticket (TGT) from the Authentication Server (AS) and this ticket can be used for
multiple services that a client needed. Therefore, client stores this Ticket-Granting-Ticket in its
database. Then, it requests for Service-Granting-Ticket and stores it in its database[12].An
advantage of storing Service-Granting-Ticket in database is that client will not have to re-enter
password every time when he has to access the application server such as email server. A
Kerberos environment consists of Key Distribution Center (KDC), a number of clients and
Application Servers. Key Distribution Center (KDC) consists of authentication server (AS) and
Ticket Granting Server (TGS). An AS issues Ticket-Granting-Tickets to the user after the
verification and TGS issues Service-Granting-Tickets to the user. If a client wishes to
authenticate herself to application server, then Kerberos will perform this task in three phases as:
1. Whenever a user logs on to a workstation, the client process running in the workstation
sends a message to the Authentication Server. Authentication Server checks in the
database whether username and password are correct. If all is correct, then Authentication
Server (AS) sends a Ticket-Granting-Ticket to the user and also a session key so that user
can communicate with the server. Same copy of session key is also included in the ticket
that AU issues to the client. Ticket-Granting-Ticket and session key are encrypted using a
key generated from the user password. Because message sent by the AU to client is
encrypted using key generated from user password, only authorized user reads the
61
4. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.2, March 2013
message. Client decrypts the message and gets Ticket-Granting-Ticket that is to be used
for communication with the Ticket Granting Server (TGS).
2. Now, Client presents this Ticket-Granting-Ticket (TGT) to the Ticket Granting Server
along with an authenticator. Authenticator simply includes the ID of the user on client
and also a timestamp. As compared to a ticket, an authenticator has very short life time.
Since, Ticket-Granting-Ticket (TGT) is encrypted with a secret key that is shared
between Authentication Server and Ticket Granting Server (TGS). Only TGS can decrypt
the message. After decrypting the message it gets a session key which is used to decrypt
authenticator received from the user. Now, TGS checks the sender details by comparing
TGT with the details in the authenticator and incoming packet network address. If all
details are verified, TGS issues a Service-Granting-Ticket to the client and it is encrypted
using the secret key shared between TGS and application server.TGS also generates a
session key to be shared between client and application server for secure communication.
TGS sends this session key to Server by encrypting it in the ticket and also to the client
by encrypting the message with the session key that was shared between client and TGS.
3. In the third step, client presents this ticket to the server along with an authenticator. Client
encrypts the message by using session key that was sent by the TGS. Server then uses
that session key to encrypt the message from the client. If all credentials of the user are
correct, then application server will issue a response to the client in case if a mutual
authentication is required [13].
Figure 1 shows basic Kerberos architecture. Here, directions of arrows show how data will flow
in the Kerberos environment. Meaning of each number is:
Figure1. Basic Kerberos Architecture
1. Request for Ticket-Granting-Ticket
2. Ticket-Granting-Ticket + Session Key
3. Request for Service Granting Ticket
62
5. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.2, March 2013
4. Service-Granting-Ticket + Session Key
5. Request Service
6. Provide Service authentication
Meaning of the terms used in the figure is described in the table1 which is given below:
Table1: Meaning of the terms used in Figure1
These six steps form basic Kerberos architecture. The main problem with Kerberos
Authentication protocol is of replay attack. Replay attack is an attack in which attacker captures
messages transmitting through the channel, modifies it and replay back on the transmitting
channel [14]. So, it is necessary to prevent the replay attack especially when two parties need
secure communication over the internet.
4. KERBEROS LIMITATIONS
Although Kerberos is being widely used, but it has a number of limitations which are described
below:
1. Kerberos authentication protocol requires continuous availability of the key distribution
server (KDC). If KDC fails, then the entire Kerberos environment will fail.
2. User must choose strong password. A selection of weak password could result in the
password or replay attack. An attacker can easily break weak password and gain access to
the services stores on the server.
3. System clocks of the clients, Authentication server, key distribution Center and client
should match; otherwise timely attack can be easily performed on the Kerberos protocol.
Kerberos makes use of KDC (Key Distribution Center), KDC uses Kerberos database where
details of all the users are stored. An attacker can perform an attack on this database and may gain
access to the database [15, 16(P 87)].
5. PROPOSED MODIFICATIONS TO THE KERBEROS PROTOCOL
The main problem with the Kerberos Authentication Protocol is that of replay and password
attack. Problem arises when Authentication Server (AS) sends Ticket-Granting-Ticket (TGT) to
the client process running in the user. Kerberos V5 even can’t avoid the replay attack. An attacker
can capture all the messages transmitting from the Authentication Server (AS) to the user and
apply all possible combination on the messages that he has captured. After applying all the
possible combination of the captured messages, an attacker presents TGT to the Ticket-Granting-
63
6. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.2, March 2013
Server (TGS). TGS checks that this is a valid authenticator, so it passes Service-Granting-Ticket
to the attacker and attacker may gain unauthorized access to the services stored on the
Application Server (which is V in our Figure1).
The proposed Kerberos authentication protocol is shown in Figure 2. In this modified Kerberos
protocol, Ticket-Grating-Server (TGS) presents Session Key to the server by encrypting them
encrypting them with the hash of user password.AS passes two passwords to the TGS and TGS
further passes one password to the Application Server V.
Our Proposed architecture works as follows:
First, a user logs on his workstation and enters the password. If there is the new user then
he will have to enter three passwords to complete his registration. After entering the
passwords, the client process running in the workstation sends a message to the
Authentication Server. This message consists of the Ticket request that client process
requires for communication with the Application server (V).Authentication Server checks
in the database whether user credentials are correct. If these are correct, then
Authentication Server sends Ticket-Granting-Ticket to the client process. Authentication
server stores three passwords in its database.
After responding to the user, Authentication Server sends two user passwords to the TGS.
Client presents Ticket-Granting-Ticket to the TGS along with an authenticator. Here, it
may possible that this ticket and authenticator came from the attacker. TGS decrypts the
TGT and gets session key which will be used for further communication with the client
and also it gets user passwords by decrypting message received from AS with its secret
key.
TGS produces Service-Granting-Ticket and session key to be shared between client and
Application Server. It encrypts the session key with the user password that it received
from the AS. This is very important step because only the valid user will be able to
decrypt the message. If that message to TGS came from the attacker, he will not able to
continue furthest communication. TGS also sends user password to the server by
encrypting it with the secret key that is shared between the TGS and Application Server.
Client finally presents Service-Granting-Ticket to the Application Server V; it will also
send an authenticator by encrypting it with the session key that it just received from the
TGS. Server will receive the message and cheek the credentials of the client with the help
of authenticator that it received from the client. To enhance the security, server will ask
from the user about the password. If this is the client who just sent message to server, he
will immediately tell his password to server by encrypting it with the session key shared
between client and the Application Server. Using session key here is more advantageous
because whenever user will login to his workstation, it will be changed every time.
Server will set a timer at its side and it is used for the detection of any attack. If password
from the client does not arrive within the specified time, then it will send a message to
TGS to tell him that the ticket you just issued had been gained by the attacker.
64
7. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.2, March 2013
Figure2. Proposed Kerberos Architecture
Table2 below shows various Kerberos messages that are used in this proposed method. These
messages are divided into different categories:
1. Messages for obtaining Ticket-Granting-Ticket
2. Messages for obtaining Service-Granting-Ticket
3. Client-Server Messages to obtain Service
Let us now describe the step-by-step working of our proposed algorithm:
(1) During step1 of the algorithm client sends a message to the AS. When client logs on first
time on the workstation, then he will have to enter three passwords. These passwords will
be stored in a database that will be maintained at the AS. Thereafter client will have to
enter only one password. Every time, a user logs on to his workstation, its credentials are
checked against the information maintained at AS. If user credentials are correct, then a
process running in the user workstation will send a message to the AS. This message
consists of the identification of the client and the Server with which the client wants to
communicate.
(2.1) At this step AS sends TGT to the client. It also sends the session key (Kc,tgs) that will be
used for communication between the AS and TGS and this session key (Kc,tgs) is
encrypted with the user password (Kc1) so that only the authorized user can get the
session key.
(2.2) At this step of the algorithm, AS presents two of the passwords (Kc2, kc3) from its
database to the Application server V. As you can see, these passwords are encrypted
with the secret key (Ktgs) that is known only to the AS and TGS.
65
8. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.2, March 2013
Table2. Proposed Kerberos Messages exchange
(3) Because authorized user knows the password, so it gets the session key by decrypting the
message, in this step, client generates an authenticator that consists of network address
from where message came as well as the timestamp value and this authenticator is
encrypted with the session key (kc,tgs). Client presents this authenticator with the TGT
that it received from AS in step 2.1
(4.1) After receiving the ticket in step3, first TGS decrypts it using its private key (Ktgs). After
decryption, it gets the session key (Kc,tgs). Using this session key, TGS decrypts the
authenticator. Now, TGS produces the Service-Granting-Ticket which is encrypted with
the secret key (Kv) shared between TGS and V. TGS also produces the session key (kc,v)
that is sent to the user by encrypting with the user password (Kc2) that TGS received from
AS in step 2.2. This is very important step because if an attacker gains success in
capturing the TGT, h will not be able to replay further messages to the Application Server
(V) because only the authorized user knows the password (Kc2). This step prevents the
replay attack.
(4.2) At this step, TGS sends kc3 (user password) to V by encrypting it with the secret key Kv
66
9. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.2, March 2013
that is shared between the TGS and Application server V. After receiving this message,
Application Server (V) decrypts it using the Kv that is private to V. Sending of this
password will help in detection of attacks such as replay of messages and gaining access
to the user passwords.
(5) Client presents Service-Granting Ticket as well as authenticator to the Server V. At this step,
it may possible that Ticket came from an authorized person or from attacker.
(6) To verify identity of the sender, server asks about the password (Kc3) from the user who sent
the message. As Server V sends a message to the user asking about the password, it sets up a
timer. We can see this message will be encrypted with the session key Kc,v.
(7) If sender is the authorized party, it will immediately tell password to the server and this
password will be sent to the server by encrypting it with the session key (Kc,v).Client will
also send timestamp value indicating the time at which this response was generated.
(8) If sender is confirmed that message came from legitimate client, it will provide response to
the client by incrementing timestamp by 1.this is necessary in case a client required a mutual
authentication. Mutual authentication is requires in which server have also to prove his/her
identity to the user. As we can see that Server V provides incremented value of the
timestamp {T5+1} to the user because client sent timestamp value T5 in the step5 to the
Server V.
(9) If server does not receives the response before its timer gets off, it will be conformed that the
Service-Granting-Ticket came from an attacker. So, Application Server (V) sends an alert
message to the AS informing it about the address from where attack occurred.
(10) Now, TGS further informs to AS about the attack and now, it is the responsibility of the
Authentication Server to inform about the attack. If user password has been compromised,
then AS will inform about this to the user.
So, this architecture can detect whether user password has been compromised. Replay of
messages can also be detected by this architecture.
5.1 How this Architecture prevents from the attacks
Suppose an attacker has applied all the possible combinations and made an guess of the session
key Kc,tgs. Let us look how messages can be replayed by the attacker.
Attack1. When attacker captures the session key: Kc,tgs
Suppose an attacker has captured the session key (Kc,tgs), then he can easily replay messages to the
TGS by hacking the client location. Now, question is that how TGS prevents from this attacker.
Instead of encrypting the session key Kc,v (that is to be shared between the client and Application
Server V) with the Kc,tgs (that has captured or guessed by the attacker), TGS sends it by
encrypting it with the user password (Kc2) that is known only to the user. So, if this ticket was
generated from the attacker, he will not be able to use the service from the Application Server (or
will not be able to replay messages to the Application Server V) because attacker does not know
the user password (Kc2).
67
10. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.2, March 2013
Attack2. When attacker have guessed user password: Kc2
Second problem is that how this architecture prevents from the attack that can occur when an
attacker has made guessed of the user password Kc2. (note that if an attacker has made an guess of
the user password Kc2, then he can easily get access to the session key Kc,v that is to be shared
between the client and application server).
If attacker has access to Kc2, then he can easily perform replay attack on the Application Server.
Our architecture can easily prevent this attack. Now, it is the responsibility of the Server V to
detect the presence of replay attacker.
Suppose, in step 5 it was the attacker who replayed an message to the Application server, Now,
server will ask about the Kc3. An attacker does not know Kc3. Server will use timer to get the
response within the specified time.
So, as we can see our architecture provides triple layer of security. First level of security is
provided by Kc,tgs. This session key will be renewed every time user requires access to a new
service that is stored on a different Application server. Second level of security is provided by the
user password Kc2 stored in the database at TGS. Third level of security is provided by the kc3
which has already been forwarded to the Application server during step 4.2 of the algorithm.
5.2 Advantages of the Proposed Architecture
(i) Provides protection against replay attacks
(ii) It provides triple layer of protection.
(iii) Password attack protection
5.3 Limitation of the Proposed Architecture
(i) When a new user logs on the workstation, then he will have to enter three passwords and
these passwords will be stored at the TGS.
5.4 Comparison with the Figure1
Kerberos architecture shown in the figure1 is the basic Kerberos architecture. Replay and
password attacks can easily be performed in the architecture shown in figure1. Architecture
shown in the figure1 also provides only single level of protection by using session keys that are
renewed every time user logs on to the workstation and requests for service.
But our architecture provides protection against replay as well as against password attack. Our
architecture provides triple level of security as compared with the single level of security. If a
user password has been compromised then architecture shown in figure1 does not address this
issue. Bur using our architecture, user can be informed about the attack and user can take
necessary steps for making change in the password.
6. CONCLUSION
Security is necessary in all aspects of fields. Kerberos provides third party authentication but
many replay attacks occurred on Kerberos. The approach used in this paper attempts to prevent
replay attack by using three passwords, a new user must enter these passwords that will be stored
68
11. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.2, March 2013
on the Authentication Server. If an attacker gains access to TGT, then he can easily replay them
to the TGS, but not to the Application Server (V). The reason for this is that attacker does not
know the password to get session key used for communication with the Server V. So, we have to
prevent attacks from taking unauthorized take control from system even if he has gain access to
session key and the ticket. The approach used in our proposed architecture provides protection
against replay and password attack.
7. REFERENCES
[1] William Stallings, Cryptography and network security principles and practices (4th ed., Pearson
Prentice Hall, 2006).
[2] Yang Jian, An Improved Scheme of Single Sign-on Protocol, Fifth International Conference on
Information Assurance and Security, PP. 495-498, IEEE 2009
[3] Yang Jian, An Improved Scheme of Single Sign-on Protocol Based on Dynamic Double Password,
International Conference on Environmental Science and Information Application Technology, IEEE
2009. PP. 572-575.
[4] S. Adyanthaya, S. Rukmangada, A. Tiwari and S. Singh, Modeling Freshness Concept to overcome
Replay Attack in Kerberos Protocol using NuSMV, International Conference on Computer &
Communication Technology IEEE-2010
[5] Abdelmajid, N.T., Hossain M.A, Shepherd S, Mahmoud K, Location-Based Kerberos Authentication
Protocol, IEEE International Conference on Social Computing / IEEE International Conference on
Privacy, Security, Risk and Trust IEEE-2010
[6] Kai Fan, Hui Li, Yue Wang, Security Analysis of the Kerberos protocol using BAN logic, Fifth
International Conference on Information Assurance and Security, PP 467-470, IEEE 2009
[7] Abdelmajid, N.T., Hossain M.A., Shepherd, S., Mahmoud, K., Improved Kerberos Security Protocol
Evaluation using Modified BAN Logic, 10th International Conference on Computer and Information
Technology (CIT), PP 1610-1615, IEEE 2010
[8] Benjamin W. Long, Colin J. Fidge, Formally Analyzing a Security Protocol for Replay Attacks,
Proceedings of the 2006 Australian Software Engineering Conference (ASWEC’06) IEEE.
[9] Punit Mundra, Shobhit Shukla, Madhavi Sharma, Radhika M Pai and Sanjay Singh, Modeling and
Verification of Kerberos Protocol using Symbolic Model Verifier, International Conference on
Communication Systems and Network Technologies, PP 651-654, IEEE 2011
[10] Tuomas Aura, Strategies against Replay Attacks, PP 59-68, IEEE 1997
[11] Junhong Li, Design of Authentication Protocols Preventing Replay Attacks, 2009 International
Conference on Future BioMedical Information Engineering, PP 362-365, IEEE 2009.
[12] Eric Cole, Ronald L. Krutz, James Conley, Brian Reisman, Mitch Ruebush, Network security
Fundamentals (John Wiley & Sons, ISBN 978-0-470-10192-6, 2008)
[13] B. Clifford Neuman, Theodore Ts‘o, Kerberos: An Authentication Service for Computer Networks,
IEEE Communications Magazine September 1994
[14] Paul Syverson, A Taxonomy of Replay Attacks, IEEE 1994.
[15] Steven M. Bellovin, Michael Merritt, Limitations of the Kerberos Authentication System, In Proc.
Winter Usenix Conf., pages 253–267, Dallas TX (USA), Jan. 1991.
[16] Ronald L. Krutz, Russell Dean Vines, The CISSP® Prep Guide: Gold Edition (Published by Wiley
Publishing, Inc., Indianapolis, Indiana 2003).
69
12. International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.2, March 2013
Authors
Gagan Dua is working as Assistant Professor in the Department of Computer Engineering at National
Institute of Technology, Kurukshetra. He completed the Masters in Computer Science & Engineering from
Jaypee University of Information Technology, Solan in 2012. He received the Bachelor’s Degree in
Computer Science & Engineering in 2009. His research interest includes Network Security, Parallel and
Distributed Computing and Microprocessor.
Nitin Gautam is working as Assistant Professor in the Department of Computer Engineering at Raj Kumar
Goel Institute of Technology, Ghaziabad. He completed the Masters in Computer Science & Engineering
from Jaypee University of Information Technology, Solan in 2012. He received the Bachelor’s Degree in
Information Technology in 2009. His research interest includes Security and Scheduling in Wireless Sensor
networks.
Dharmendar Sharma is working as Assistant Professor in the Department of Computer Engineering at
Satyug Darshan Technical Campus, Faridabad, He completed the Masters in Computer Science &
Engineering from Jaypee University of Information Technology, Solan in 2012. He received the Bachelor’s
Degree in Information Technology in 2009. His research interest includes Data Mining and Data
Warehousing.
Ankit Arora is an M.Tech. Student in the Department of Computer Engineering at RIMT Institute of
Engineering & Technology, Mandi Gobindgarh, He received the Bachelor’s Degree in Computer Science &
Engineering in 2009. His research interest includes Networks and parallel Algorithms.
70