scholarly journals Towards the Security Analysis of the Five Most Prominent IPv4aaS Technologies

2020 ◽  
Vol 13 (2) ◽  
pp. 85-98
Author(s):  
Ameen Al-Azzawi
Keyword(s):  
Information Disclosure ◽  
Denial Of Service ◽  
Security Analysis ◽  
Short Introduction ◽  
Security Issues ◽  
Dual Stack

This paper surveys the five most important technologies for IPv4aaS (IPv4-as-a-Service), namely 464XLAT, DS-Lite (Dual-Stack Lite), lw4o6 (Lightweight 4over6), MAP-E and MAP-T. The aim of our effort is to identify the potential security issues within these technologies. We plan to perform their security analysis following the STRIDE approach, which stands for spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege. We give a short introduction for the method. Within the five IPv4aaS technologies, we focus on 464XLAT, its architecture and operation. We construct a DFD diagram suitable for its security analysis according to the STRIDE methodology, thus making the first steps towards finding its potential vulnerabilities and seeking for their mitigations.

scholarly journals P2PEdge: A Decentralised, Scalable P2P Architecture for Energy Trading in Real-Time

Energies ◽  
2021 ◽  
Vol 14 (3) ◽  
pp. 606
Author(s):  
Jan Kalbantner ◽  
Konstantinos Markantonakis ◽  
Darren Hurley-Smith ◽  
Raja Naeem Akram ◽  
Benjamin Semal
Keyword(s):  
Information Disclosure ◽  
Denial Of Service ◽  
Security Analysis ◽  
Security And Privacy ◽  
Energy Market ◽  
Billing Data ◽  
Distributed Ledger ◽  
Proposed Model ◽  
Multi Agent ◽  
Resolution Processes

Current Peer-to-Peer (P2P) energy market models raise serious concerns regarding the confidentiality and integrity of energy consumption, trading and billing data. While Distributed Ledger Technology (DLT) systems (e.g., blockchain) have been proposed to enhance security, an attacker could damage other parts of the model, such as its infrastructure: an adversarial attacker could target the communication between entities by, e.g., eavesdropping or modifying data. The main goal of this paper is to propose a model for a decentralised P2P marketplace for trading energy, which addresses the problem of developing security and privacy-aware environments. Additionally, a Multi-Agent System (MAS) architecture is presented with a focus on security and sustainability. In order to propose a solution to DLT’s scalability issues (i.e., through transaction confirmation delays), off-chain state channels are considered for the energy negotiation and resolution processes. Additionally, a STRIDE (spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege) security analysis is conducted within the context of the proposed model to identify potential vulnerabilities.

scholarly journals A Security Analysis on OpenSIPS

2020 ◽  
pp. 77
Author(s):  
Gandeva Bayu Satrya ◽  
Muhammad Caesara Nicovandia
Keyword(s):  
Denial Of Service ◽  
Security Analysis ◽  
Security System ◽  
Test Results ◽  
Long Distance ◽  
Security Issues ◽  
Internet Telephony ◽  
Security Problem ◽  
Streaming Services ◽  
Private Network

IP Telephony, Internet Telephony, Digital Phone or often also called VoIP (Voice Over Internet Protocol) is a technology that allows long-distance voice conversations with the Internet. The increasing number of VoIP users and other IP-based multimedia streaming services naturally raises security issues. Many users are likely to lose their privacy in communication. To overcome this security problem a security system must be implemented. Implementing a security system will use VPN Gateway using SSL and TLS encryption on the VoIP server. The VPN Gateway method is used to build a private network so that only certain users can use the private network. The TLS method is used to secure a user signaling session to the server. From the test results obtained that the VoIP server that uses VPN Gateway and TLS on the server can overcome the attacks e.g., eavesdropping, attacking authentication, teardown session, and denial of service.

Provably Secure Authentication Approach for Data Security in Cloud Using Hashing, Encryption, and Chebyshev-Based Authentication

2022 ◽  
Vol 16 (1) ◽  
pp. 0-0
Keyword(s):  
Data Security ◽  
Security Analysis ◽  
Data Communication ◽  
Computation Time ◽  
Computational Time ◽  
Security Issues ◽  
Authentication Mechanism ◽  
Cloud Server ◽  
Secure Authentication ◽  
Provably Secure

Secure and efficient authentication mechanism becomes a major concern in cloud computing due to the data sharing among cloud server and user through internet. This paper proposed an efficient Hashing, Encryption and Chebyshev HEC-based authentication in order to provide security among data communication. With the formal and the informal security analysis, it has been demonstrated that the proposed HEC-based authentication approach provides data security more efficiently in cloud. The proposed approach amplifies the security issues and ensures the privacy and data security to the cloud user. Moreover, the proposed HEC-based authentication approach makes the system more robust and secured and has been verified with multiple scenarios. However, the proposed authentication approach requires less computational time and memory than the existing authentication techniques. The performance revealed by the proposed HEC-based authentication approach is measured in terms of computation time and memory as 26ms, and 1878bytes for 100Kb data size, respectively.

scholarly journals A Secure Ciphertext Retrieval Scheme against Insider KGAs for Mobile Devices in Cloud Storage

2018 ◽  
Vol 2018 ◽  
pp. 1-7 ◽  
Author(s):  
Run Xie ◽  
Chanlian He ◽  
Dongqing Xie ◽  
Chongzhi Gao ◽  
Xiaojun Zhang
Keyword(s):  
Cloud Computing ◽  
Mobile Devices ◽  
Data Privacy ◽  
Security Analysis ◽  
Data Retrieval ◽  
Sensitive Data ◽  
Encrypted Data ◽  
Security Issues ◽  
Efficiency Comparison ◽  
Cloud Servers

With the advent of cloud computing, data privacy has become one of critical security issues and attracted much attention as more and more mobile devices are relying on the services in cloud. To protect data privacy, users usually encrypt their sensitive data before uploading to cloud servers, which renders the data utilization to be difficult. The ciphertext retrieval is able to realize utilization over encrypted data and searchable public key encryption is an effective way in the construction of encrypted data retrieval. However, the previous related works have not paid much attention to the design of ciphertext retrieval schemes that are secure against inside keyword-guessing attacks (KGAs). In this paper, we first construct a new architecture to resist inside KGAs. Moreover we present an efficient ciphertext retrieval instance with a designated tester (dCRKS) based on the architecture. This instance is secure under the inside KGAs. Finally, security analysis and efficiency comparison show that the proposal is effective for the retrieval of encrypted data in cloud computing.

scholarly journals Vulnerability and risk assessment for operating system (OS) with framework STRIDE: comparison between VulnOS and Vulnix

2021 ◽  
Vol 23 (3) ◽  
pp. 1643
Author(s):  
Adityas Widjajarto ◽  
Muharman Lubis ◽  
Vreseliana Ayuningtyas
Keyword(s):  
Information Disclosure ◽  
Risk Estimation ◽  
Rapid Development ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Easy Access ◽  
Case Scenario ◽  
Worst Case ◽  
Network Function ◽  
The World

<p><span lang="EN-US">The rapid development of information technology has made security become extremely. Apart from easy access, there are also threats to vulnerabilities, with the number of cyber-attacks in 2019 showed a total of 1,494,281 around the world issued by the </span><span lang="EN-US">national cyber and crypto agency (BSSN) honeynet project. Thus, vulnerability analysis should be conducted to prepare worst case scenario by anticipating with proper strategy for responding the attacks. Actually, vulnerability is a system or design weakness that is used when an intruder executes commands, accesses unauthorized data, and carries out denial of service attacks. The study was performed using the AlienVault software as the vulnerability assessment. The results were analysed by the formula of risk estimation equal to the number of vulnerability found related to the threat. Meanwhile, threat is obtained from analysis of sample walkthroughs, as a reference for frequent exploitation. The risk estimation result indicate the 73 (seventy three) for the highest score of 5 (five) type risks identified while later on, it is used for re-analyzing based on the spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of prvilege (STRIDE) framework that indicated the network function does not accommodate the existing types of risk namely spoofing.</span></p>

scholarly journals Efficient Multifactor Two-Server Authenticated Scheme under Mobile Cloud Computing

2018 ◽  
Vol 2018 ◽  
pp. 1-14 ◽  
Author(s):  
Ziyi Han ◽  
Li Yang ◽  
Shen Wang ◽  
Sen Mu ◽  
Qiang Liu
Keyword(s):  
Cloud Computing ◽  
Information Disclosure ◽  
Mobile Cloud Computing ◽  
User Authentication ◽  
High Reliability ◽  
Security Analysis ◽  
Security Requirements ◽  
Mobile Payment ◽  
Mobile Cloud ◽  
User Privacy

Because the authentication method based on username-password has the disadvantage of easy disclosure and low reliability and the excess password management degrades the user experience tremendously, the user is eager to get rid of the bond of the password in order to seek a new way of authentication. Therefore, the multifactor biometrics-based user authentication wins the favor of people with advantages of simplicity, convenience, and high reliability. Now the biometrics-based (especially the fingerprint information) authentication technology has been extremely mature, and it is universally applied in the scenario of the mobile payment. Unfortunately, in the existing scheme, biometric information is stored on the server side. As thus, once the server is hacked by attackers to cause the leakage of the fingerprint information, it will take a deadly threat to the user privacy. Aiming at the security problem due to the fingerprint information in the mobile payment environment, we propose a novel multifactor two-server authenticated scheme under mobile cloud computing (MTSAS). In the MTSAS, it divides the authentication method and authentication means; in the meanwhile, the user’s biometric characteristics cannot leave the user device. Thus, MTSAS avoids the fingerprint information disclosure, protects user privacy, and improves the security of the user data. In the same time, considering user actual requirements, different authentication factors depending on the privacy level of authentication are chosen. Security analysis proves that MTSAS has achieved the authentication purpose and met security requirements by the BAN logic. In comparison with other schemes, the result shows that MTSAS not only has the reasonable computational efficiency, but also keeps the superior communication cost.

Potential Security Issues in a Peer-to-Peer Network from a Database Perspective

2011 ◽  
pp. 131-144
Author(s):  
Sridhar Asvathanarayanan
Keyword(s):  
Denial Of Service ◽  
Database Security ◽  
Vital Role ◽  
Peer To Peer ◽  
Peer Networks ◽  
Distributed Denial Of Service ◽  
Security Issues ◽  
Peer Network ◽  
Peer To Peer Networks ◽  
Peer To Peer Network

Computing strategies have constantly undergone changes, from being completely centralized to client-servers and now to peer-to-peer networks. Databases on peer-to-peer networks offer significant advantages in terms of providing autonomy to data owners, to store and manage the data that they work with and, at the same time, allow access to others. The issue of database security becomes a lot more complicated and the vulnerabilities associated with databases are far more pronounced when considering databases on a peer-to-peer network. Issues associated with database security in a peer-to-peer environment could be due to file sharing, distributed denial of service, and so forth, and trust plays a vital role in ensuring security. The components of trust in terms of authentication, authorization, and encryption offer methods to ensure security.

A Mutual Authentication Protocol with Resynchronisation Capability for Mobile Satellite Communications

2013 ◽  
pp. 35-51
Author(s):  
Ioana Lasc ◽  
Reiner Dojen ◽  
Tom Coffey
Keyword(s):  
Denial Of Service ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Service Condition ◽  
Satellite Communications ◽  
Authentication Protocol ◽  
Security Protocol ◽  
New Type ◽  
Mobile Satellite ◽  
Mutual Authentication Protocol

Many peer-to-peer security protocols proposed for wireless communications use one-time shared secrets for authentication purposes. This paper analyses online update mechanisms for one-time shared secrets. A new type of attack against update mechanisms, called desynchronisation attack, is introduced. This type of attack may lead to a permanent denial of service condition. A case study demonstrates the effectiveness of desynchronisation attacks against a security protocol for mobile satellite communications. A new mutual authentication protocol for satellite communications, incorporating a resynchronisation capability, is proposed to counter the disruptive effects of desynchronisation attacks. The new protocol has an esynchronisation phase that is initiated whenever desynchronisation is suspected. Thus, the possibility of causing permanent denial of service conditions by mounting desynchronisation attacks is eliminated. A security analysis of the proposed protocol establishes its resistance against attacks like replay attacks, dictionary attacks, and desynchronisation attacks.

Internet Crime

Cyber Crime ◽  
2013 ◽  
pp. 1-13
Author(s):  
Tejaswini Herath ◽  
H. Raghav Rao ◽  
Shambhu Upadhyaya
Keyword(s):  
Information Security ◽  
Denial Of Service ◽  
Computer Training ◽  
The Internet ◽  
Internet Crime ◽  
Security Issues ◽  
Internet Users ◽  
Computing Skills ◽  
Use Of The Internet ◽  
And Gender

It is estimated that over 1 billion people now have access to the Internet. This unprecedented access and use of Internet by individuals around the world, however, is accompanied by malicious and mischievous activities online. With the traditional crimes such as fraud, identity theft, and harassment now being committed with the use of the Internet, and networked home computers being exploited to carry out attacks such as denial of service, spamming, phishing and virus/worm propagation, it has become important to investigate security and privacy issues as they pertain to individual Internet users. To date very little is known about what characteristics of internet users affect their computing and on-line behaviors as they relate to security online. While some attention has been paid to understand the security issues affecting corporations, research investigating security issues as they relate to home users is still in infancy. Drawing from disciplines such as criminology, sociology, consumer fraud, and information security, this study seeks to find the role of computing skills and computer training, social influence, and gender on person’s vulnerability to Internet crimes. Our findings are significant and shed light in this important area of Internet crime contributing to the information security literature.

Internet Crime

2009 ◽  
pp. 433-445
Author(s):  
Tejaswini Herath
Keyword(s):  
Information Security ◽  
Denial Of Service ◽  
Computer Training ◽  
The Internet ◽  
Internet Crime ◽  
Security Issues ◽  
Internet Users ◽  
Computing Skills ◽  
Use Of The Internet ◽  
And Gender

It is estimated that over 1 billion people now have access to the Internet. This unprecedented access and use of Internet by individuals around the world, however, is accompanied by malicious and mischievous activities online. With the traditional crimes such as fraud, identity theft, and harassment now being committed with the use of the Internet, and networked home computers being exploited to carry out attacks such as denial of service, spamming, phishing and virus/worm propagation, it has become important to investigate security and privacy issues as they pertain to individual Internet users. To date very little is known about what characteristics of internet users affect their computing and on-line behaviors as they relate to security online. While some attention has been paid to understand the security issues affecting corporations, research investigating security issues as they relate to home users is still in infancy. Drawing from disciplines such as criminology, sociology, consumer fraud, and information security, this study seeks to find the role of computing skills and computer training, social influence, and gender on person’s vulnerability to Internet crimes. Our findings are significant and shed light in this important area of Internet crime contributing to the information security literature.

Sign in / Sign up

Export Citation Format

Share Document