The Experts below are selected from a list of 114 Experts worldwide ranked by ideXlab platform
K. Norrman M. Baugher, D. Mcgrew, M. Naslund, E. Carrara - One of the best experts on this subject based on the ideXlab platform.
-
The Secure Real-time Transport Protocol (SRTP)
IETF RFC 3711, 2004Co-Authors: K. Norrman M. Baugher, D. Mcgrew, M. Naslund, E. CarraraAbstract:This document describes the Secure Real-time Transport Protocol (SRTP), a profile of the Real-time Transport Protocol (RTP), which can provide confidentiality, message authentication, and Replay Protection to the RTP traffic and to the control traffic for RTP, the Real-time Transport Control Protocol (RTCP).
Matrawy Ashraf - One of the best experts on this subject based on the ideXlab platform.
-
Securing RPL using Network Coding: The Chained Secure Mode (CSM)
2021Co-Authors: Raoof Ahmed, Lung Chung-horng, Matrawy AshrafAbstract:As the de facto routing protocol for many Internet of Things (IoT) networks nowadays, and to assure the confidentiality and integrity of its control messages, the Routing Protocol for Low Power and Lossy Networks (RPL) incorporates three modes of security: the Unsecured Mode (UM), Preinstalled Secure Mode (PSM), and the Authenticated Secure Mode (ASM). While the PSM and ASM are intended to protect against external routing attacks and some Replay attacks (through an optional Replay Protection mechanism), recent research showed that RPL in PSM is still vulnerable to many routing attacks, both internal and external. In this paper, we propose a novel secure mode for RPL, the Chained Secure Mode (CSM), based on the concept of intraflow Network Coding (NC). The CSM is designed to enhance RPL resilience and mitigation capability against Replay attacks while allowing the integration with external security measures such as Intrusion Detection Systems (IDSs). The security and performance of the proposed CSM were evaluated and compared against RPL in UM and PSM (with and without the optional Replay Protection) under several routing attacks: the Neighbor attack (NA), Wormhole (WH), and CloneID attack (CA), using average packet delivery rate (PDR), End-to-End (E2E) latency, and power consumption as metrics. It showed that CSM has better performance and more enhanced security than both the UM and PSM with the Replay Protection, while mitigating both the NA and WH attacks and significantly reducing the effect of the CA in the investigated scenarios.Comment: 10 pages, 20 figures, 2 tables, Submitted to IEEE IoT Journal for review. This is an significantly extended version of arXiv:2006.00310 which was published in NCA 2020 (available at IEEExplore
-
Introducing Network Coding to RPL: The Chained Secure Mode (CSM)
2020Co-Authors: Raoof Ahmed, Lung Chung-horng, Matrawy AshrafAbstract:As the de facto routing protocol for many Internet of Things (IoT) networks nowadays, and to assure the confidentiality and integrity of its control messages, the Routing Protocol for Low Power and Lossy Networks (RPL) incorporates three modes of security: the Unsecured Mode (UM), Preinstalled Secure Mode (PSM), and the Authenticated Secure Mode (ASM). While the PSM and ASM are intended to protect against external routing attacks and some Replay attacks (through an optional Replay Protection mechanism), recent research showed that RPL in PSM is still vulnerable to many routing attacks, both internal and external. In this paper, we propose a novel secure mode for RPL, the Chained Secure Mode (CSM), based on the concept of intra-flow Network Coding. The main goal of CSM is to enhance RPL resilience against Replay attacks, with the ability to mitigate some of them. The security and performance of a proof-of-concept prototype of CSM were evaluated and compared against RPL in UM and PSM (with and without the optional Replay Protection) in the presence of Neighbor attack as an example. It showed that CSM has better performance and more enhanced security compared to both the UM and PSM with the Replay Protection. On the other hand, it showed a need for a proper recovery mechanism for the case of losing a control message.Comment: 8 pages, 12 figures, 1 table, submitted to The 19th IEEE International Symposium on Network Computing and Applications (NCA 2020) for revie
-
Introducing Network Coding to RPL: The Chained Secure Mode (CSM)
2020Co-Authors: Raoof Ahmed, Lung Chung-horng, Matrawy AshrafAbstract:The current standard of Routing Protocol for Low Power and Lossy Networks (RPL) incorporates three modes of security: the Unsecured Mode (UM), Preinstalled Secure Mode (PSM), and the Authenticated Secure Mode (ASM). While the PSM and ASM are intended to protect against external routing attacks and some Replay attacks (through an optional Replay Protection mechanism), recent research showed that RPL in PSM is still vulnerable to many routing attacks, both internal and external. In this paper, we propose a novel secure mode for RPL, the Chained Secure Mode (CSM), based on the concept of intraflow Network Coding. The main goal of CSM is to enhance RPL resilience against Replay attacks, with the ability to mitigate some of them. The security and performance of a proof-of-concept prototype of CSM were evaluated and compared against RPL in UM and PSM (with and without the optional Replay Protection) in the presence of Neighbor attack as an example. It showed that CSM has better performance and more enhanced security compared to both the UM and PSM with the Replay Protection. On the other hand, it showed a need for a proper recovery mechanism for the case of losing a control message.Comment: 4 pages, 6 figures, 1 table, Accepted at The 19th IEEE International Symposium on Network Computing and Applications (NCA 2020
Kankar S. Dasgupta - One of the best experts on this subject based on the ideXlab platform.
-
Optimizing the Replay Protection at the Link Layer Security Framework in Wireless Sensor Networks
arXiv: Cryptography and Security, 2012Co-Authors: Devesh C. Jinwala, Dhiren R. Patel, Sankita J. Patel, Kankar S. DasguptaAbstract: Abstract—Ensuring communications security in Wireless Sensor Networks (WSNs) is very vital because the security protocols therein, should be devised to work at the link layer. Theoretically, any link layer security protocol must support three vital security attributes viz. Confidentiality, Message Integrity and Replay Protection. However, in order to ensure lesser overhead, Replay Protection is often not incorporated as part of the link layer security framework. We argue here, that it is essential to implement Replay Protection at the link layer only and devise a simple scheme to do so. We first survey the common approaches to ensuring Replay Protection in conventional networks. We also implement the conventional algorithms for Replay Protection using the link layer framework for WSNs viz. TinySec as the underlying platform. Subsequently analyzing their limitations, we propose a novel Bloom-filter based Replay Protection algorithm for unicast communications. We show that our algorithm is better than the other contemporary approaches for ensuring Replay Protection in unicast communications in the WSNs.
-
flexisec a configurable link layer security architecture for wireless sensor networks
arXiv: Cryptography and Security, 2012Co-Authors: Devesh C. Jinwala, Dhiren R. Patel, Kankar S. DasguptaAbstract:Ensuring communications security in Wireless Sensor Networks (WSNs) indeed is critical; due to the criticality of the resources in the sensor nodes as well as due to their ubiquitous and pervasive deployment, with varying attributes and degrees of security required. The proliferation of the next generation sensor nodes, has not solved this problem, because of the greater emphasis on low-cost deployment. In addition, the WSNs use data-centric multi-hop communication that in turn, necessitates the security support to be devised at the link layer (increasing the cost of security related operations), instead of being at the application layer, as in general networks. Therefore, an energy-efficient link layer security framework is necessitated. There do exists a number of link layer security architectures that offer some combinations of the security attributes desired by different WSN applications. However, as we show in this paper, none of them is responsive to the actual security demands of the applications. Therefore, we believe that there is a need for investigating the feasibility of a configurable software-based link layer security architecture wherein an application can be compiled flexibly, with respect to its actual security demands. In this paper, we analyze, propose and experiment with the basic design of such configurable link layer security architecture for WSNs. We also experimentally evaluate various aspects related to our scheme viz. configurable block ciphers, configurable block cipher modes of operations, configurable MAC sizes and configurable Replay Protection. The architecture proposed is aimed to offer the optimal level of security at the minimal overhead, thus saving the precious resources in the WSNs.
-
Replay Protection at the link layer security in wireless sensor networks
Computer Science and Information Engineering, 2009Co-Authors: Devesh C. Jinwala, Dhiren R. Patel, Sankita J. Patel, Kankar S. DasguptaAbstract:Replay Protection is one of the three vital security attributes, desirable in a link layer security protocol for a Wireless Sensor Network (WSN). Whether to implement Replay Protection at the link layer or at the application layer, in the WSNs, remains a debatable issue. For, the popular WSN link security framework TinySec does not offer Replay Protection, whereas MiniSec at the other extreme, implements two different link layer anti-Replay schemes separately, for unicast and broadcast communications.In this paper, we argue that anti-Replay must be implemented at the link layer in WSNs. We also present a simple scheme for implementing Replay Protection for unicast communication, at the link layer security framework. We evaluate our scheme against the conventional schemes, for ensuring Replay Protection.Through the analysis and experimental evaluation in TinySec framework, we show that our bloom-filter based approach with multiple hash functions is simpler and optimal approach, for Replay Protection.
Ramesh K Karne - One of the best experts on this subject based on the ideXlab platform.
-
an evaluation of secure real time transport protocol srtp performance for voip
Network and System Security, 2009Co-Authors: Andre L Alexander, Alexander L Wijesinha, Ramesh K KarneAbstract:The Secure Real-Time Transport Protocol (SRTP) is an Internet standards-track security profile for RTP used to provide confidentiality, integrity and Replay Protection for RTP traffic. We study the performance of SRTP when it is used to secure VoIP conversations. Experiments are conducted using snom and Twinkle softphones running on Windows and Linux platforms respectively and a bare PC softphone running with no operating system installed to provide a baseline. Pre-defined SRTP transforms based on AES counter mode encryption with a 128-bit key and HMAC-SHA-1 with a 32-bit authentication tag, as well as 192 and 256-bit AES keys and an 80-bit authentication tag are tested. Measurement of internal processing times for each operation in the SRTP protocol indicates that authentication processing is more expensive than encryption regardless of key or tag size. A comparison of jitter and delta (packet interarrival time) for secured and unsecured VoIP traffic reveals that the addition of SRTP Protection to VoIP traffic over RTP has a negligible effect on voice quality. VoIP throughput with SRTP is about 2% more than with RTP alone since the insignificant increase in delay is offset by the small increase in packet size.
Dogan Kesdogan - One of the best experts on this subject based on the ideXlab platform.
-
malice versus an on possible risks of missing Replay and integrity Protection
Financial Cryptography, 2011Co-Authors: Benedikt Westermann, Dogan KesdoganAbstract:In this paper we investigate the impact of missing Replay Protection as well as missing integrity Protection concerning a local attacker in AN.ON. AN.ON is a low latency anonymity network mostly used to anonymize web traffic. We demonstrate that both Protection mechanisms are important by presenting two attacks that become feasible as soon as the mechanisms are missing. We mount both attacks on the AN.ON network which neither implements Replay Protection nor integrity Protection yet.
