Security Analysis of the Access Control Solution of NDN Using BAN Logic

2020 ◽  
Vol 25 (3) ◽  
pp. 1162-1173 ◽  
Author(s):  
Yuan Fei ◽  
Huibiao Zhu ◽  
Phan Cong Vinh
Keyword(s):  
Access Control ◽  
Security Analysis ◽  
Ban Logic ◽  
Control Solution

scholarly journals Balancing Access Control and Privacy for Data Deduplication via Functional Encryption

2020 ◽  
Vol 2020 ◽  
pp. 1-11
Author(s):  
Bo Mi ◽  
Ping Long ◽  
Yang Liu ◽  
Fengtian Kuang
Keyword(s):  
Access Control ◽  
Security Analysis ◽  
Functional Encryption ◽  
Data Deduplication ◽  
Paper Briefly ◽  
Storage Security ◽  
Redundancy Removal ◽  
Proof Of Ownership ◽  
Learning With Errors ◽  
And Storage

Data deduplication serves as an effective way to optimize the storage occupation and the bandwidth consumption over clouds. As for the security of deduplication mechanism, users’ privacy and accessibility are of utmost concern since data are outsourced. However, the functionality of redundancy removal and the indistinguishability of deduplication labels are naturally incompatible, which bring about a lot of threats on data security. Besides, the access control of sharing copies may lead to infringement on users’ attributes and cumbersome query overheads. To balance the usability with the confidentiality of deduplication labels and securely realize an elaborate access structure, a novel data deduplication scheme is proposed in this paper. Briefly speaking, we drew support from learning with errors (LWE) to make sure that the deduplication labels are only differentiable during the duplication check process. Instead of authority matching, the proof of ownership (PoW) is then implemented under the paradigm of inner production. Since the deduplication label is light-weighted and the inner production is easy to carry out, our scheme is more efficient in terms of computation and storage. Security analysis also indicated that the deduplication labels are distinguishable only for duplication check, and the probability of falsifying a valid ownership is negligible.

Improvement and Security Analysis on Symmetric Key Authentication Protocol Needham-Schroeder

2014 ◽  
Vol 513-517 ◽  
pp. 1289-1293 ◽  
Author(s):  
Si Min Liu ◽  
Jun Yao Ye ◽  
Ying Lian Wang
Keyword(s):  
Security Analysis ◽  
Authentication Protocol ◽  
Ban Logic ◽  
Replay Attack ◽  
Symmetric Key

This paper researched on Needham-Schroeder symmetric key authentication protocol based on BAN logic. It pointed out the flaw of the protocol which can be used by replay attack and improved the protocol by adding nonce in the transferred message. Then it listed the improved NS authentication protocol. Finally, this paper proved the improved protocol successful and available with BAN logic.

scholarly journals A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach

Sensors ◽  
2019 ◽  
Vol 19 (20) ◽  
pp. 4455 ◽  
Author(s):  
Figueroa-Lorenzo ◽  
Añorga ◽  
Arrizabalaga
Keyword(s):  
Performance Analysis ◽  
Access Control ◽  
Control Systems ◽  
Security Analysis ◽  
Control Model ◽  
Transport Layer ◽  
Role Based Access Control ◽  
Access Control Model ◽  
Modbus Protocol ◽  
Role Based

Industrial Control Systems (ICS) and Supervisory Control systems and Data Acquisition (SCADA) networks implement industrial communication protocols to enable their operations. Modbus is an application protocol that allows communication between millions of automation devices. Unfortunately, Modbus lacks basic security mechanisms, and this leads to multiple vulnerabilities, due to both design and implementation. This issue enables certain types of attacks, for example, man in the middle attacks, eavesdropping attacks, and replay attack. The exploitation of such flaws may greatly influence companies and the general population, especially for attacks targeting critical infrastructural assets, such as power plants, water distribution and railway transportation systems. In order to provide security mechanisms to the protocol, the Modbus organization released security specifications, which provide robust protection through the blending of Transport Layer Security (TLS) with the traditional Modbus protocol. TLS will encapsulate Modbus packets to provide both authentication and message-integrity protection. The security features leverage X.509v3 digital certificates for authentication of the server and client. From the security specifications, this study addresses the security problems of the Modbus protocol, proposing a new secure version of a role-based access control model (RBAC), in order to authorize both the client on the server, as well as the Modbus frame. This model is divided into an authorization process via roles, which is inserted as an arbitrary extension in the certificate X.509v3 and the message authorization via unit id, a unique identifier used to authorize the Modbus frame. Our proposal is evaluated through two approaches: A security analysis and a performance analysis. The security analysis involves verifying the protocol's resistance to different types of attacks, as well as that certain pillars of cybersecurity, such as integrity and confidentiality, are not compromised. Finally, our performance analysis involves deploying our design over a testnet built on GNS3. This testnet has been designed based on an industrial security standard, such as IEC-62443, which divides the industrial network into levels. Then both the client and the server are deployed over this network in order to verify the feasibility of the proposal. For this purpose, different latencies measurements in industrial environments are used as a benchmark, which are matched against the latencies in our proposal for different cipher suites.

Sign in / Sign up

Export Citation Format

Share Document