Advanced Authentication Protocol for Software-Defined Networks

Software-Defined Networking (SDN) is being widely implemented by critical infrastructure networks, however providing security features still a challenge. In this work, we present SafeFlow an Automatic Trust Negotiation Protocol for SDN, a first line of defense and fine-grained authentication protocol, in order to deny the access of OpenFlow switches without valid digital credentials. Traditional security approaches based on identity or capabilities do not solve the problem of establishing trust between strangers. One alternative approach to mutual trust establishment is Trust Negotiation, the bilateral exchange of digital credentials to establish trust gradually. The proposed protocol describes Trust Negotiation in OpenFlow protocol, probable extension to the OpenFlow handshake protocol. In this paper, we describe the implementation of SafeFlow. The proposed protocol ensures the security of the infrastructure itself, as there are also other proposals for developing security application on OpenFlow network infrastructure.

Download Full-text

Stateless Multiparty Trust Negotiation Protocol for Distributed Systems

2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C) ◽

10.1109/qrs-c.2018.00090 ◽

2018 ◽

Cited By ~ 1

Author(s):

Maha Ali Allouzi ◽

Javed Khan

Keyword(s):

Distributed Systems ◽

Trust Negotiation ◽

Negotiation Protocol

Download Full-text

Attribute-Guard: Attribute-Based Flow Access Control Framework in Software-Defined Networking

Security and Communication Networks ◽

10.1155/2020/6302739 ◽

2020 ◽

Vol 2020 ◽

pp. 1-18 ◽

Cited By ~ 1

Author(s):

Xianwei Zhu ◽

ChaoWen Chang ◽

Qin Xi ◽

ZhiBin Zuo

Keyword(s):

Access Control ◽

Software Defined Networking ◽

Authentication Protocol ◽

Network Characteristics ◽

Fine Grained ◽

Control Framework ◽

Data Plane ◽

Data Validity ◽

The One ◽

Matching Field

Software-defined networking (SDN) decouples the control plane from the data plane, offering flexible network configuration and management. Because of this architecture, some security features are missing. On the one hand, because the data plane only has the packet forwarding function, it is impossible to effectively authenticate the data validity. On the other hand, OpenFlow can only match based on network characteristics, and it is impossible to achieve fine-grained access control. In this paper, we aim to develop solutions to guarantee the validity of flow in SDN and present Attribute-Guard, a fine-grained access control and authentication scheme for flow in SDN. We design an attribute-based flow authentication protocol to verify the legitimacy of the validity flow. The attribute identifier is used as a matching field to define a forwarding control. The flow matching based on the attribute identifier and the flow authentication protocol jointly implement fine-grained access control. We conduct theoretical analysis and simulation-based evaluation of Attribute-Guard. The results show that Attribute-Guard can efficiently identify and reject fake flow.

Download Full-text

Beyond Welfare Chauvinism and Deservingness. Rationales of Belonging as a Conceptual Framework for the Politics and Governance of Migrants’ Rights

Journal of Social Policy ◽

10.1017/s0047279420000379 ◽

2020 ◽

pp. 1-23

Author(s):

EMMA CARMEL ◽

BOŻENA SOJKA

Keyword(s):

Conceptual Framework ◽

Social Exclusion ◽

Social Protection ◽

Small Scale ◽

Fine Grained ◽

Interpretive Analysis ◽

Alternative Approach ◽

Migrants Rights ◽

The Uk

Abstract This article argues that the politics and governance of migrants’ rights needs to be reframed. In particular, the terms “welfare chauvinism”, and deservingness should be replaced. Using a qualitative transnational case study of policymakers in Poland and the UK, we develop an alternative approach. In fine-grained and small-scale interpretive analysis, we tease out four distinct “rationales of belonging” that mark out the terms and practices of social membership, as well as relative positions of privilege and subordination. These rationales of belonging are: temporal-territorial, ethno-cultural, labourist, and welfareist. Importantly, these rationales are knitted together by different framings of the transnational contexts, within which the politics and governance of migration and social protection are given meaning. The rationales of belonging do not exist in isolation, but, in each country, they qualify each other in ways that imply different politics and governance of migrants’ rights. Taken together, these rationales of belonging generate transnational projects of social exclusion, as well as justifications for migrant inclusion stratified by class, gender and ethnicity.

Download Full-text

Fighting Invasive Infrastructures

Environment and Society ◽

10.3167/ares.2018.090104 ◽

2018 ◽

Vol 9 (1) ◽

pp. 40-56 ◽

Cited By ~ 7

Author(s):

Anne Spice

Keyword(s):

Indigenous Peoples ◽

Oil And Gas ◽

Critical Infrastructure ◽

Oil And Gas Industry ◽

Human Relations ◽

Gas Industry ◽

Indigenous Resistance ◽

Environmental Destruction ◽

Alternative Approach ◽

Indigenous Land

In the settler colonial context of so-called Canada, oil and gas projects are contemporary infrastructures of invasion. This article tracks how the state discourse of “critical infrastructure” naturalizes the environmental destruction wrought by the oil and gas industry while criminalizing Indigenous resistance. I review anthropological work to analyze the applicability of the concept of infrastructure to Indigenous struggles against resource extraction. Drawing on fieldwork conducted in Indigenous land defense movements against pipeline construction, I argue for an alternative approach to infrastructure that strengthens and supports the networks of human and other-than-human relations that continue to make survival possible for Indigenous peoples.

Download Full-text

A Negotiation Protocol for Fine-Grained Accountable Resource Provisioning and Sharing in e-Science

Journal of Grid Computing ◽

10.1007/s10723-020-09515-1 ◽

2020 ◽

Vol 18 (3) ◽

pp. 471-490

Author(s):

Zeqian Meng ◽

John Brooke ◽

Junyi Han ◽

Rizos Sakellariou

Keyword(s):

Resource Sharing ◽

Resource Provisioning ◽

Use Cases ◽

Computational Experiments ◽

Negotiation Protocol ◽

Science Gateway ◽

Fine Grained ◽

Collaboration Model ◽

Sharing Rules ◽

Increasing Demand

Abstract With the increasing demand for dynamic and customised resource provisioning for computational experiments in e-Science, solutions are required to mediate different participants’ varied demands for such resource provision. This paper presents a novel negotiation protocol based on a new collaboration model. The protocol allows e-Scientists, the manager of an e-Scientist’s collaboration, and resource providers to reach resource provisioning agreements. By considering the manager of an e-Scientist collaboration for negotiation decisions, the protocol enables fine-grained accountable resource provision on a per job basis for e-Scientist collaborations, without binding the e-Scientist collaboration to resource providers. A testbed built with the protocol is also presented, making use of a production e-Science gateway, use cases, and infrastructures. The testbed is experimentally evaluated, via designed scenarios and comparison with existing production tools. It demonstrates that the proposed negotiation protocol can facilitate accountable resource provision per job, based on resource sharing rules defined and managed by e-Scientist collaborations.

Download Full-text

Toward a Human-Centric Approach to Cybersecurity

Ethics & International Affairs ◽

10.1017/s0892679418000618 ◽

2018 ◽

Vol 32 (4) ◽

pp. 411-424 ◽

Cited By ~ 6

Author(s):

Ronald J. Deibert

Keyword(s):

National Security ◽

Critical Infrastructure ◽

World Politics ◽

Relative Advantage ◽

Access To Information ◽

Freedom Of Association ◽

Realist Theory ◽

Planetary Scale ◽

Alternative Approach ◽

The Individual

AbstractA “national security–centric” approach currently dominates cybersecurity policies and practices. Derived from a realist theory of world politics in which states compete with each other for survival and relative advantage, the principal cybersecurity threats are conceived as those affecting sovereign states, such as damage to critical infrastructure within their territorial jurisdictions. As part of a roundtable on “Competing Visions for Cyberspace,” this essay presents an alternative approach to cybersecurity that is derived from the tradition of “human security.” Rather than prioritizing territorial sovereignty, this approach prioritizes the individual, and views networks as part of the essential foundation for the modern exercise of human rights, such as access to information, freedom of thought, and freedom of association. The foundational elements of a human-centric approach to cybersecurity are outlined and contrasted with the prevailing trends around national security–centric practices. A human-centric approach strives for indivisible network security on a planetary scale for the widest possible scope of human experience, and seeks to ensure that such principles are vigorously monitored and defended by multiple and overlapping forms of independent oversight and review.

Download Full-text

A Multi-User, Single-Authentication Protocol for Smart Grid Architectures

Sensors ◽

10.3390/s20061581 ◽

2020 ◽

Vol 20 (6) ◽

pp. 1581

Author(s):

Ahmed S. Alfakeeh ◽

Sarmadullah Khan ◽

Ali Hilal Al-Bayatti

Keyword(s):

Smart Grid ◽

Demand Response ◽

Security Analysis ◽

Authentication Protocol ◽

Wireless Channel ◽

Public Key ◽

Sensitive Information ◽

Session Key ◽

Fine Grained ◽

Smart Grid System

In a smart grid system, the utility server collects data from various smart grid devices. These data play an important role in the energy distribution and balancing between the energy providers and energy consumers. However, these data are prone to tampering attacks by an attacker, while traversing from the smart grid devices to the utility servers, which may result in energy disruption or imbalance. Thus, an authentication is mandatory to efficiently authenticate the devices and the utility servers and avoid tampering attacks. To this end, a group authentication algorithm is proposed for preserving demand–response security in a smart grid. The proposed mechanism also provides a fine-grained access control feature where the utility server can only access a limited number of smart grid devices. The initial authentication between the utility server and smart grid device in a group involves a single public key operation, while the subsequent authentications with the same device or other devices in the same group do not need a public key operation. This reduces the overall computation and communication overheads and takes less time to successfully establish a secret session key, which is used to exchange sensitive information over an unsecured wireless channel. The resilience of the proposed algorithm is tested against various attacks using formal and informal security analysis.

Download Full-text

Four-way handshake protocol for authenticating in multiple mix-zones

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.4.13039 ◽

2018 ◽

Vol 7 (2.4) ◽

pp. 200

Author(s):

T Senthil Kumar ◽

S Prabhakaran ◽

V Prashanth

Keyword(s):

Mobile Devices ◽

Data Sharing ◽

Mobile Networks ◽

Personal Information ◽

Side Information ◽

Authentication Protocol ◽

Zone Model ◽

Authentication Protocols ◽

Online Data ◽

Handshake Protocol

Authentication is the process of verifying that the users who they claim to be or not, it is based on identity and credentials. Most of the attacks can be reduced using authentication process. Authentication is important because as the amount of online data sharing has increased, threats and fraud in a large amount are also increased, a changing of the guard which provides security to mobile devices is needed for which authentication is necessary. Privacy of user’s location is important in mobile networks, there are several strategies to protect the personal information (i.e., their location). In previous work it is introduced that the mix zone model which will change the old pseudonyms to new pseudonyms and anonymizes user’s identity by restricting the position where users can be located. Later work, even in the multiple mix-zones model, attackers can attack by using side information (like footprints, navigation etc.). So, we need an authentication protocol while two mix-zones or user-services are communicating. We came across different authentication protocols like PAP, CHAP, and EAP. In this paper, a four-way handshake protocol is implemented for providing authentication while multiple mix-zones are communicating. A four-way handshake authentication protocol i.e., WPA-PSK protocol for verification. WPA-PSK is applied in such a way that both STA(supplicant) and AP(authenticator) can check that they are re-agreeing on a non-forged RSN and IE, therefore they are using the most secure available protocols.

Download Full-text

The Nature of Unnaturalness in Religious Representations: Negation and Concept Combination

Journal of Cognition and Culture ◽

10.1163/156853703321598572 ◽

2003 ◽

Vol 3 (1) ◽

pp. 41-68 ◽

Cited By ~ 7

Author(s):

Bradley Franks

Keyword(s):

Cognitive Anthropology ◽

Fine Grained ◽

Plausible Account ◽

Complex Approach ◽

Alternative Approach ◽

Powerful Means ◽

Concept Combination ◽

Anthropological Approach ◽

Detailed Nature

AbstractThe cognitive anthropological approach has provided a powerful means of beginning to understand religious representations. I suggest that two extant approaches, despite their general plausibility, may not accurately characterise the detailed nature of those representations. A major source of this inaccuracy lies in the characterisation of negation of ontological properties, which gives rise to broader questions about their ontological determinacy and counter-intuitiveness. I suggest that a more plausible account may be forthcoming by allowing a more complex approach to the representations, deriving from understanding their nature as concept combinations. Such an account also suggests an alternative approach to the role of deference in religious representations. In sum, the empirical and theoretical implications of a more fine-grained analysis of religious representations suggest a vindication of the cognitive anthropology approach to integrating culture and cognition.

Download Full-text

Inscriptions from Crete

The Journal of Hellenic Studies ◽

10.2307/623946 ◽

1896 ◽

Vol 16 ◽

pp. 178-187

Author(s):

John L. Myres

Keyword(s):

Fourth Century ◽

First Line ◽

The West ◽

Fine Grained ◽

The Third ◽

Individual Letter ◽

Original Length ◽

Side Face ◽

Short Tour

The inscriptions which follow were copied during a short tour in the west of Crete during July and August, 1893. So far as I know they are unpublished, but I trust I shall be pardoned if I have missed any previous notice of any of them. I saw and verified all those published in B.C.H. xiii. 68 ff. and that in the Syllogos at Retimo, id. 47. The type used below is selected so as to represent each individual letter as nearly as possible, without regard to the conventional printers' alphabets. The result is an apparent mixture of incongruous forms, which is however largely duo to the very irregular lettering actually in use in the remoter parts of Crete in the later Greek periods.1. On a block of fine-grained blue marble, the base of a stele: 31 cm. high, 40 broad, and 46 long: the back and left side broken: original length at least 70 cm., for the socket for the stele is 22 cm. distant from the perfect (right) side face, and is continued to the left beyond the break. The inscription consists of four elegiac couplets; the first line is cut close to the upper edge of the stone, and is consequently much effaced. The letters average 10 mm. in height and breadth, and are of the third or late fourth century.

Download Full-text