libInterMAC: Beyond Confidentiality and Integrity in Practice

Boldyreva et al. (Eurocrypt 2012) defined a fine-grained security model capturing ciphertext fragmentation attacks against symmetric encryption schemes. The model was extended by Albrecht et al. (CCS 2016) to include an integrity notion. The extended security model encompasses important security goals of SSH that go beyond confidentiality and integrity to include length hiding and denial-of-service resistance properties. Boldyreva et al. also defined and analysed the InterMAC scheme, while Albrecht et al. showed that InterMAC satisfies stronger security notions than all currently available SSH encryption schemes. In this work, we take the InterMAC scheme and make it fully ready for use in practice. This involves several steps. First, we modify the InterMAC scheme to support encryption of arbitrary length plaintexts and we replace the use of Encrypt-then-MAC in InterMAC with modern noncebased authenticated encryption. Second, we describe a reference implementation of the modified InterMAC scheme in the form of the library libInterMAC. We give a performance analysis of libInterMAC. Third, to test the practical performance of libInterMAC, we implement several InterMAC-based encryption schemes in OpenSSH and carry out a performance analysis for the use-case of file transfer using SCP. We measure the data throughput and the data overhead of using InterMAC-based schemes compared to existing schemes in OpenSSH. Our analysis shows that, for some network set-ups, using InterMAC-based schemes in OpenSSH only moderately affects performance whilst providing stronger security guarantees compared to existing schemes.

Download Full-text

An Attribute-Based Searchable Encryption Scheme for Non-Monotonic Access Structure

Handbook of Research on Intrusion Detection Systems - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2242-4.ch013 ◽

2020 ◽

pp. 263-283 ◽

Cited By ~ 1

Author(s):

Mamta ◽

Brij B. Gupta

Keyword(s):

Access Control ◽

Searchable Encryption ◽

Access Structure ◽

Encryption Scheme ◽

Security Model ◽

Secret Key ◽

Fine Grained ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Encryption Schemes

Attribute based encryption (ABE) is a widely used technique with tremendous application in cloud computing because it provides fine-grained access control capability. Owing to this property, it is emerging as a popular technique in the area of searchable encryption where the fine-grained access control is used to determine the search capabilities of a user. But, in the searchable encryption schemes developed using ABE it is assumed that the access structure is monotonic which contains AND, OR and threshold gates. Many ABE schemes have been developed for non-monotonic access structure which supports NOT gate, but this is the first attempt to develop a searchable encryption scheme for the same. The proposed scheme results in fast search and generates secret key and search token of constant size and also the ciphertext components are quite fewer than the number of attributes involved. The proposed scheme is proven secure against chosen keyword attack (CKA) in selective security model under Decisional Bilinear Diffie-Hellman (DBDH) assumption.

Download Full-text

A Performance Analysis of Identity-Based Encryption Schemes

Trusted Systems - Lecture Notes in Computer Science ◽

10.1007/978-3-642-32298-3_19 ◽

2012 ◽

pp. 289-303 ◽

Cited By ~ 6

Author(s):

Pengqi Cheng ◽

Yan Gu ◽

Zihong Lv ◽

Jianfei Wang ◽

Wenlei Zhu ◽

...

Keyword(s):

Performance Analysis ◽

Identity Based Encryption ◽

Encryption Schemes ◽

Identity Based ◽

A Performance

Download Full-text

Comparison of QoS Performance Over WLAN, VoIP4 and VoIP6

International Research Journal of Management IT and Social Sciences ◽

10.21744/irjmis.v2i11.80 ◽

2015 ◽

Vol 2 (11) ◽

pp. 42

Author(s):

Esra Musbah Mohammed Musbah ◽

Khalid Hamed Bilal ◽

Amin Babiker A. Nabi Mustafa

Keyword(s):

Performance Analysis ◽

Internet Protocol ◽

Voice Over Internet Protocol ◽

Ip Network ◽

Qos Parameters ◽

Software Program ◽

Jitter Delay ◽

Qos Performance ◽

Delay Variation ◽

A Performance

VoIP stands for voice over internet protocol. It is one of the most widely used technologies. It enables users to send and transmit media over IP network. The transition from IPv4 to IPv6 provides many benefits for internet IPv6 is more efficient than IPv4. This paper presents a performance analysis of VoIP over WLAN using IPv4 and IPv6 and OPNET software program to simulate the protocols and to investigate the QoS parameters such as jitter, delay variation, packet send, and packet received and throughputs for IP4 and IP6 and compare between them.

Download Full-text

A performance analysis of batch fluidized bed drying of two pharmaceutical powders by desirability approach

Drying Technology ◽

10.1080/07373937.2020.1861460 ◽

2020 ◽

pp. 1-22

Author(s):

Amel Zammouri ◽

Nourhene Boudhrioua Mihoubi ◽

Nabil Kechaou

Keyword(s):

Performance Analysis ◽

Fluidized Bed ◽

Pharmaceutical Powders ◽

Desirability Approach ◽

Fluidized Bed Drying ◽

A Performance

Download Full-text

Practical Performance Analysis and Device Selection for Photovoltaic Multilevel Inverters Installations

2019 International Conference on Innovative Trends in Computer Engineering (ITCE) ◽

10.1109/itce.2019.8646707 ◽

2019 ◽

Cited By ~ 1

Author(s):

Doaa Ramadan ◽

Mokhtar Aly ◽

Emad M. Ahmed

Keyword(s):

Performance Analysis ◽

Multilevel Inverters ◽

Device Selection ◽

Practical Performance ◽

Selection For

Download Full-text

HAPS-based Relaying for Integrated Space-Air-Ground Networks with Hybrid FSO/RF Communication : A Performance Analysis

IEEE Transactions on Aerospace and Electronic Systems ◽

10.1109/taes.2021.3050663 ◽

2021 ◽

pp. 1-1

Author(s):

Swaminathan R ◽

Shubha Sharma ◽

Narendra Vishwakarma ◽

As Madhukumar

Keyword(s):

Performance Analysis ◽

Rf Communication ◽

A Performance

Download Full-text

A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN

EURASIP Journal on Wireless Communications and Networking ◽

10.1186/s13638-021-01957-9 ◽

2021 ◽

Vol 2021 (1) ◽

Author(s):

Shanshan Yu ◽

Jicheng Zhang ◽

Ju Liu ◽

Xiaoqing Zhang ◽

Yafeng Li ◽

...

Keyword(s):

Ensemble Learning ◽

Denial Of Service ◽

Attack Detection ◽

Coarse Grained ◽

Communication Overhead ◽

Detection Scheme ◽

Fine Grained ◽

Ddos Attack ◽

Network Status ◽

Ddos Attack Detection

AbstractIn order to solve the problem of distributed denial of service (DDoS) attack detection in software-defined network, we proposed a cooperative DDoS attack detection scheme based on entropy and ensemble learning. This method sets up a coarse-grained preliminary detection module based on entropy in the edge switch to monitor the network status in real time and report to the controller if any abnormality is found. Simultaneously, a fine-grained precise attack detection module is designed in the controller, and a ensemble learning-based algorithm is utilized to further identify abnormal traffic accurately. In this framework, the idle computing capability of edge switches is fully utilized with the design idea of edge computing to offload part of the detection task from the control plane to the data plane innovatively. Simulation results of two common DDoS attack methods, ICMP and SYN, show that the system can effectively detect DDoS attacks and greatly reduce the southbound communication overhead and the burden of the controller as well as the detection delay of the attacks.

Download Full-text