Networking & Network Security Final Year Projects

Using password is, perhaps, still the most versatile method of securing secret and confidential  information, even though several recent studies have pointed out possibility of breaching it.

A general trend of having different passwords for several user accounts of the same user (such as multiple email accounts, multiple social networking accounts, etc.) can barely overcome the possibility as users mostly prefer retaining similarity among own passwords, which results in the possibility of breaching almost all passwords once only one password gets breached. Consequently, several research studies attempted to strengthen passwords.

However, none of the studies is yet to get wide popularity for not being able to achieve a delicate balance between strength of password and user friendliness. To achieve this goal, we present a new password based authentication system in this paper.

The proposed system is based on intermixing between a fixed text (conventional part of a password) and a free random text (newly added) at different pre-defined indices having different per-defined lengths. The addition of the free random text adds an additional level of difficulty in breaching the password. We present different variants of our proposed system along with their possible attack models.

We demonstrate strength of our proposed system through rigorous analytical formulation and numerical simulation. Besides, we confirm achieving a delicate balance between strength of the password and user friendliness through performing real user evaluation.

Lorem ipsum dolor sit amet consectur adipiscing elit sed eius mod ex tempor incididunt labore dolore magna aliquaenim ad minim eniam.

Emotions are primarily thought of as mental experiences of body states, which are mostly shown in the face with precise and specific muscle patterns. It is, perhaps, the most critical attribute of living beings, and is extremely difficult to detect and generate artificially. Its detection always remains a well-explored classical problem.

Existing approaches for detecting human emotions generally demand significant infrastructural overheads. Excluding these overheads, in this paper, we propose a much simpler way of emotion detection. To do so, We have induced different states of emotion through different multimedia

components, and then collected participants’ keystrokes (free text) and mouse usage data through a custom-developed survey. We have used several existing classifiers (KNN, KStar, Random Committee and Random Forest) and a newly proposed light-weight classifier namely Bounded K-means Clustering, to

analyze those usage data for different emotional states. Our analysis demonstrates that emotion can be detected from the usage data up to a certain level. Moreover, our proposed classifier enables the best detection of five emotional states namely happiness, inspiration, sympathy, disgust, and fear compared to

other existing classifiers. Besides, the analysis also reveals that user identification through usage dynamics does not result in a good level of accuracy when usage gets influenced by different emotional states.

To solve the key management related problems encountered in symmetric as well as asymmetric key based schemes, recently a public key based scheme known as Certificateless Effective Key Management protocol (CL-EKM) has been proposed for dynamic Wireless Sensor Networks (WSNs).

In spite of showing numerous advantages over the previously proposed schemes, this protocol shows some critical limitations.

One among these is the method of relying on unicast transmission mode to transmit messages from the Base Station (BS) to all cluster heads in the network. This is because when the

Network grows in size or when the number of messages to be transmitted at a given time is large, this would cause severe negative impact on the overall performance. Hence, in this paper, we consider the optimization problem of the protocol and propose a solution which enhances CL-EKM by avoiding

Intensive use of encryption and unicast operations that reduces the energy and delay associated with the communications between the BS and the cluster heads. The performance gains are depicted in the presented results.

The application scope of VPN is increasing day by day as the organizations are creating private networks through public Internet using VPN tunneling instead of leased line. VPN protocols are classified into site-to-site and remote access VPN which exhibits different set of characteristics in terms of security mechanism.

But there is no VPN preferences based on the organizational application requirements. In this paper, different VPN tunneling protocols like GRE, IPSec, PPTP and L2TP with IPSec are analyzed to measure the performance in terms of throughput, RTT, Jitter and security parameters. The results exhibits that, GRE is preferable for delay and bandwidth sensitive application in context of site to site VPN and L2TP is more effective than PPTP for remote access VPN.

Data sharing has never been easier with the advances of cloud computing, and an accurate analysis on the shared data provides an array of benefits to both the society and individuals. Data sharing with a large number of participants must take into account several issues, including efficiency, data integrity and privacy of data owner. Ring signature is a promising candidate to construct an anonymous and authentic data sharing system.

It allows a data owner to anonymously authenticate his data which can be put into the cloud for storage or analysis purpose. Yet the costly certificate verification in the traditional public key infrastructure (PKI) setting becomes a bottleneck for this solution to be scalable. Identity-based (ID-based) ring signature, which eliminates the process of certificate verification, can be used instead. In this paper, we further enhance the security of ID-based ring signature by providing forward security:

If a secret key of any user has been compromised, all previous generated signatures that include this user still remain valid. This property is especially important to any large scale data sharing system, as it is impossible to ask all data owners to reauthenticate their data even if a secret key of one single user has been compromised. We provide a concrete and efficient instantiation of our scheme, prove its security and provide an implementation to show its practicality.

Bringing Big data technologies into agriculture presents a significant challenge; at the same time, this technology contributes effectively in many countries’ economic and social development. In this work, we will study environmental data provided by precision agriculture information technologies, which represents a crucial source of data in need of being wisely managed and analyzed with appropriate methods and tools in order to extract the meaningful information.

Our main purpose through this paper is to propose an effective Big data architecture based on profiling system which can assist (among others) producers, consulting companies, public bodies and research laboratories to make better decisions by providing them real time data processing, and a dynamic big data service composition method, to enhance and monitor the agricultural productivity. Thus, improve their traditional decision making process, and allow better management of the natural resources.

Cloud computing is the latest technology in the field of distributed computing. It provides various online and on-demand services for data storage, network services, platform services and etc.

Many organizations are unenthusiastic to use cloud services due to data security issues as the data resides on the cloud services provider’s servers. To address this issue, there have been several approaches applied by various researchers worldwide to strengthen security of the stored data on cloud computing.

The Bi-directional DNA Encryption Algorithm (BDEA) is one such data security techniques. However, the existing technique focuses only on the ASCII character set, ignoring the non-English user of the cloud computing. Thus, this proposed work focuses on enhancing the BDEA to use with the Unicode characters

Searchable encryption is of increasing interest for protecting the data privacy in secure searchable cloud storage. In this paper, we investigate the security of a well-known cryptographic primitive, namely, public key encryption with keyword search (PEKS) which is very useful in many applications of cloud storage. Unfortunately, it has been shown that the traditional PEKS framework suffers from an inherent insecurity called inside keyword guessing attack (KGA) launched by the malicious server. To address this security vulnerability, we propose a new PEKS framework named dual-server PEKS (DS-PEKS). 

As another main contribution, we define a new variant of the smooth projective hash functions (SPHFs) referred to as linear and homomorphic SPHF (LH-SPHF). We then show a generic construction of secure DS-PEKS from LH-SPHF. To illustrate the feasibility of our new framework, we provide an efficient instantiation of the general framework from a Decision Diffie–Hellman-based LH-SPHF and show that it can achieve the strong security against inside the KGA.

Scheduling and broadcasting of data through network tunnels is always a big challenge in closed network topologies. Each and individual tunnel or part of network will be having its own capacity to transmit and receive the packets. Adoptive and open networks are easy to transmit the data but the challenges will occur in synchronization of data transmission among them. So clustering, tracking, log maintenance of the data transmission among the channels or tunnels and retransmission with respect energy levels and synchronization can be achieved by incremental tracking retransmission (ITR[1]) approach.

Energy levels will be monitored by network monitor and assigns scheduling depends on the network capacity of the available methodologies. Here the three methodologies are

1.Memory less channels[2] ,

2. Modulated
channel[3],

3.Joint and uniform scheduling for data transmission with respect to scheduling.

Considerable throughput criteria is framed with incremental flow with our work to end up fair and best accuracy levels. This ITR method is totally unique in open networks. Here open networks means which can adopt with legacy and other adoptive open networks in tunnelling or bridge level transmission.

The packet buffering and delivery is always depends on previous cluster or next cluster and chance of losing the packets. So to overcome our work is practically implemented in chunks mechanism. Totally 3 or more chunks will be framed as clusters which acts as incremental growth in transmission with respect to losing of the packets.

The central frame work which works as auto deployment methodology to track the tunnels. The loss of frequency is traceable using this frame work and adopts the lost and non lost packets addresses and flushes to next level to fulfil ITR method.

The practical implementation depends on asynchronous services to roll back to any level/cluster. The feasible transmission is achieved in incremental level of clusters which will get the log or track information about the data from central frame work.

To share the data in between neighbor nodes in established or fixed MANET is a big challenge. Always displaced movements MANET nodes are unpredictable with respect to their moving places in case of sharing data. And data sharing is late and sometimes hard in between deferent networks. And also compromised nodes may take advantage to take and hide the data.

So to overcome these scenario we propose a new approach called SMN (Smart movement notice), EDT (Efficient data Transfer). And to transfer the data in encoded format we propose a new algorithm ROTA (Rotation orient transfer analog). All these techniques can be used across the MANETs in deferent networks. The data can be shared via non compromised hash technique in ROTA technique. All the techniques are inter related with one approach of data transfer in efficient manner.

The neibour nodes displacements are available all the times to all current network nodes and also root or master node. The master node is the key node to transfer the data to other networks in encoded formats. The data can be large and also feasible formats to transfer to legacy networks.

Data deduplication is a technique for eliminating duplicate copies of data, and has been widely used in cloud storage to reduce storage space and upload bandwidth. However, there is only one copy for each file stored in cloud even if such a file is owned by a huge number of users.

As a result, deduplication system improves storage utilization while reducing reliability. Furthermore, the challenge of privacy for sensitive data also arises when they are outsourced by users to cloud. Aiming to address the above security challenges, this paper makes the first attempt to formalize the notion of distributed reliable deduplication system.

We propose new distributed deduplication systems with higher reliability in which the data chunks are distributed across multiple cloud servers. The security requirements of data confidentiality and tag consistency are also achieved by introducing a deterministic secret sharing scheme in distributed storage systems, instead of using convergent encryption as in previous deduplication systems.

Security analysis demonstrates that our deduplication systems are secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement the proposed systems and demonstrate that the incurred overhead is very limited in realistic environments.

Security is an important issue in sensor networks. Many applications in military, distributed information gathering etc., demand for Secure Group Communication (SGC) in sensor networks. The SGC requires common network-wide group key for confidentiality of control messages and data reports.

The group key should be updated when a node is compromised. In this paper we propose a new key management. scheme for group key computation and distribution which is based on tree structure. The proposed scheme minimizes storage as well as communication and computation cost of end user (i.e., sensor nodes). The complex encryption/decryption operations used to distribute new group key whenever a node is compromised are replaced by one way hash functions and simple XOR operations. Keywords: Secure Group Communication, Sensor Node, Hash Function, Group Key.

File sharing applications in mobile ad hoc networks (MANETs) have attracted more and more attention in recent years. The efficiency of file querying suffers from the distinctive properties of such networks including node mobility and limited communication range and resource. An intuitive method to alleviate this problem is to create file replicas in the network.

However, despite the efforts on file replication, no research has focused on the global optimal replica creation with minimum average querying delay. Specifically, current file replication protocols in mobile ad hoc networks have two shortcomings. First, they lack a rule to allocate limited resources to different files in order to minimize the average querying delay.

Second, they simply consider storage as available resources for replicas, but neglect the fact that the file holders’ frequency of meeting other nodes also plays an important role in determining file availability.

Actually, a node that has a higher meeting frequency with others provides higher availability to its files. This becomes even more evident in sparsely distributed MANETs, in which nodes meet disruptively. In this paper, we introduce a new concept of resource for file replication, which considers both node storage and meeting frequency.

We theoretically study the influence of resource allocation on the average querying delay and derive a resource allocation rule to minimize the average querying delay. We further propose a distributed file replication protocol to realize the proposed rule. Extensive trace-driven experiments with synthesized traces and real traces show that our protocol can achieve shorter average querying delay at a lower cost than current replication protocols.

Link error and malicious packet dropping are two sources for packet losses in multi-hop wireless ad hoc network. In this paper, while observing a sequence of packet losses in the network, we are interested in determining whether the losses are caused by link errors only, or by the combined effect of link errors and malicious drop.

We are especially interested in the insider-attack case, whereby malicious nodes that are part of the route exploit their knowledge of the communication context to selectively drop a small amount of packets critical to the network performance. Because the packet dropping rate in this case is comparable to the channel error rate, conventional algorithms that are based on detecting the packet loss rate cannot achieve satisfactory detection accuracy.

To improve the detection accuracy, we propose to exploit the correlations between lost packets. Furthermore, to ensure truthful calculation of these correlations, we develop a homomorphic linear authenticator (HLA) based public auditing architecture that allows the detector to verify the truthfulness of the packet loss information reported by nodes. This construction is privacy preserving, collusion proof, and incurs low communication and storage overheads.

To reduce the computation overhead of the baseline scheme, a packet-block-based mechanism is also proposed, which allows one to trade detection accuracy for lower computation complexity. Through extensive simulations, we verify that the proposed mechanisms achieve significantly better detection accuracy than conventional methods such as a maximum-likelihood based detection.

Communication in Mobile Ad hoc network is done over a shared wireless channel with no Central Authority (CA) to monitor. Responsibility of maintaining the integrity and secrecy of data, nodes in the network are held responsible.

To attain the goal of trusted communication in MANET (Mobile Ad hoc Network) lot of approaches using key management has been implemented. This work proposes a composite identity and trust based model (CIDT) which depends on public key, physical identity, and trust of a node which helps in secure data transfer over wireless channels.

CIDT is a modified DSR routing protocol for achieving security. Trust Factor of a node along with its key pair and identity is used to authenticate a node in the network. Experience based trust factor (TF) of a node is used to decide the authenticity of a node. A valid certificate is generated for authentic node to carry out the communication in the network. Proposed method works well for self certification scheme of a node in the network.

Location-Based Service (LBS) becomes increasingly popular with the dramatic growth of smartphones and social network services (SNS), and its context-rich functionalities attract considerable users. Many LBS providers use users’ location information to offer them convenience and useful functions.

However, the LBS could greatly breach personal privacy because location itself contains much information. Hence, preserving location privacy while achieving utility from it is still an challenging question now.

This paper tackles this non-trivial challenge by designing a suite of novel fine-grained Privacy-preserving Location Query Protocol (PLQP). Our protocol allows different levels of location query on encrypted location information for different users, and it is efficient enough to be applied in mobile platforms.

Wireless sensor network is a collection of large number of sensor nodes that are deployed in large number to monitor the environment. There is a great technological advancement in wireless sensor network during last few years. Due to low-cost, small-size, nature of Wireless Sensor Networks (WSNs), it allows them to sense the information in various hostile environments (e.g. military surveillance, battlefield).

So, to fully achieve the capacity of WSNs, sensor nodes need to cooperate in the collection and must disseminate topology information. These sensor nodes specifically operate in a multi hop routing. Sensor network in muilti hop routing faces a variety of risks which is also due to the harsh operating environments. In this paper a fuzzy based approach is introduced which will enhance the routing security and reliability in WSNs.

Mobile cloud computing (MCC) is an emerging trend which combines the benefits of cloud computing with the mobile devices. This new technology not only offers tremendous computing power and storage to the mobile devices with limited processing and storage capabilities but also increases the affordability and reliability. Despite providing various benefits, MCC is still in its early stages in providing trust guarantees to a user.

Location-Based Services (LBS), on the other hand, are those services which operate on a users location to provide him/her services such as finding nearby restaurants, hospitals, bus terminal and ATMs, to name a few. While a users location is mandatory for LBS to work, it imposes serious threats to the users privacy. In this paper we propose a privacy preserving cloud-based computing architecture for using location-based services.

On one hand, our architecture provides a secure mechanism for using LBS services anonymously while on the other hand it utilizes untrusted but fast and reliable cloud services for its implementation in an efficient and effective manner. Moreover, we provide various attack scenarios and show that how our architecture preserves the privacy of the user and is difficult to compromise.

Cloud security is one of most important issues that has attracted a lot of research and development effort in past few years. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually involve early stage actions such as multistep exploitation, low-frequency vulnerability scanning, and compromising identified vulnerable virtual machines as zombies, and finally DDoS attacks through the compromised zombies.

Within the cloud system, especially the Infrastructure-as-a-Service (IaaS) clouds, the detection of zombie exploration attacks is extremely difficult. This is because cloud users may install vulnerable applications on their virtual machines. To prevent vulnerable virtual machines from being compromised in the cloud, we propose a multiphase distributed vulnerability detection, measurement, and countermeasure selection mechanism called NICE, which is built on attack graph-based analytical models and reconfigurable virtual network-based counter measures.

The proposed framework leverages OpenFlow network programming APIs to build a monitor and control plane over distributed programmable virtual switches to significantly improve attack detection and mitigate attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.

Vehicular ad hoc networks (VANETs) adopt the Public Key Infrastructure (PKI) and Certificate Revocation Lists (CRLs) for their security. In any PKI system, the authentication of a received message is performed by checking if the certificate of the sender is included in the current CRL, and verifying the authenticity of the certificate and signature of the sender.

In this paper, we propose an Expedite Message Authentication Protocol (EMAP) for VANETs, which replaces the time-consuming CRL checking process by an efficient revocation checking process. The revocation check process in EMAP uses a keyed Hash Message Authentication Code ðHMACÞ, where the key used in calculating theHMAC is shared only between nonrevoked On-Board Units (OBUs). In addition, EMAP uses a novel probabilistic key distribution, which enables nonrevoked OBUs to securely share and update a secret key.

EMAP can significantly decrease the message loss ratio due to the message verification delay compared with the conventional authentication methods employing CRL. By conducting security analysis and performance evaluation,EMAP is demonstrated to be secure and efficient.

Mobile ad hoc networks (MANETs) have attracted much attention due to their mobility and ease of deployment. However, the wireless and dynamic natures render them more vulnerable to various types of security attacks than the wired networks. The major challenge is to guarantee secure network services.

To meet this challenge, certificate revocation is an important integral component to secure network communications. In this paper, we focus on the issue of certificate revocation to isolate attackers from further participating in network activities. For quick and accurate certificate revocation, we propose the Cluster-based Certificate Revocation with Vindication Capability (CCRVC) scheme.

In particular, to improve the reliability of the scheme, we recover the warned nodes to take part in the certificate revocation process; to enhance the accuracy, we propose the threshold-based mechanism to assess and vindicate warned nodes as legitimate nodes or not, before recovering them. The performances of our scheme are evaluated by both numerical and simulation analysis. Extensive results demonstrate that the proposed certificate revocation scheme is effective and efficient to guarantee secure communications in mobile ad hoc networks.

The problem of efficiently and securely broadcasting to a remote cooperative group occurs in many newly emerging networks. A major challenge in devising such systems is to overcome the obstacles of the potentially limited communication from the group to the sender, the unavailability of a fully trusted key generation center, and the dynamics of the sender.

The existing key management paradigms cannot deal with these challenges effectively. In this paper, we circumvent these obstacles and close this gap by proposing a novel key management paradigm.

The new paradigm is a hybrid of traditional broadcast encryption and group key agreement. In such a system, each member maintains a single public/secret key pair. Upon seeing the public keys of the members, a remote sender can securely broadcast to any intended subgroup chosen in an ad hoc way. Following this model, we instantiate a scheme that is proven secure in the standard model. Even if all the nonintended members collude, they cannot extract any useful information from the transmitted messages.

After the public group encryption key is extracted, both the computation overhead and the communication cost are independent of the group size. Furthermore, our scheme facilitates simple yet efficient member deletion/addition and flexible rekeying strategies. Its strong security against collusion, its constant overhead, and its implementation friendliness without relying on a fully trusted authority render our protocol a very promising solution to many applications.

Back-pressure-based adaptive routing algorithms where each packet is routed along a possibly different path have been extensively studied in the literature. However, such algorithms typically result in poor delay performance and involve high implementation complexity.

In this paper, we develop a new adaptive routing algorithm built upon the widely studied back-pressure algorithm. We decouple the routing and scheduling components of the algorithm by designing a probabilistic routing table that is used to route packets to per-destination queues. The scheduling decisions in the case of wireless networks are made using counters called shadow queues.

The results are also extended to the case of networks that employ simple forms of network coding. In that case, our algorithm provides a low-complexity solution to optimally exploit the routing-coding tradeoff.

Handling traffic dynamics in order to avoid network congestion and subsequent service disruptions is one of the key tasks performed by contemporary network management systems. Given the simple but rigid routing and forwarding functionalities in IP base environments, efficient resource management and control solutions against dynamic traffic conditions is still yet to be obtained.

In this article, we introduce AMPLE — an efficient traffic engineering and routing topologies for long term operation through the optimized setting of link weights. Based on these diverse paths, adaptive traffic control performs intelligent traffic splitting across individual routing topologies in reaction to the monitored network dynamics at short timescale. According to our evaluation with real network topologies and traffic traces, the proposed system is able to cope almost optimally with unpredicted traffic dynamics and, as such, it constitutes a new proposal for achieving better quality of service and overall network performance in IP networks.

Management system that performs adaptive traffic control by using multiple virtualized routing topologies. The proposed system consists of two complementary components: offline link weight optimization that takes as input the physical network topology and tries to produce maximum routing path diversity across multiple virtual