Articles written in Sadhana
Volume 44 Issue 6 June 2019 Article ID 0132
The identity-based cryptosystems furnish us with simplest key management procedures. Yet, they have a very slow adoption in cryptography due to the key escrow problem and the necessity of a secure channel between the user and the Private Key Generator (PKG) to transmit the created private key to the user. In thispaper, we propose an identity-based signature scheme that not only solves the key escrow problem but also eliminates the requirement of the secure channel. The proposed scheme is secure against existential forgery under adaptively chosen message and ID attacks in the random oracle model assuming the hardness of theComputational Diffie–Hellmann Problem (CDHP). Furthermore, we compare the efficiency of our scheme to that of a similar established scheme.
Volume 44 Issue 12 December 2019 Article ID 0245
Denial of service (DoS) or distributed denial of service (DDoS) attacks based on bandwidth depletion remain a persistent network security threat and have always been an important issue for system administrators and researchers. Defence mechanisms proposed so far to defend against such attacks could not address the problem adequately and efficiently due to lack of quantitative approaches in modelling defence strategies against DoS/DDoS attacks. Game theory is a microeconomic and mathematical tool that provides a quantitative framework to model such attacks. A model based on game theory can act as a decision supportsystem to the defender and augments its capabilities to take best decisions for maintaining an optimum level of network security round the clock against such attacks. Inspired by this, different DoS/DDoS scenarios, where game theory has been used to represent the strategic interaction between the attacker and a defender, are investigated. Based on the strategic interactions, a game theoretical defence mechanism is proposed to mitigate DoS/DDoS attacks. The proposed mechanism is based on two-player zero-sum game. It considers DoS/DDoSattack based on bandwidth depletion where an attacker wants to occupy maximum bandwidth of a link having a limited capacity. The attacker does so by flooding the network with unsolicited or malicious flows. The attacker has to decide an effective attack rate per flow. It has to choose an optimal size of botnet also for a cost-effective attack. It does trade-off analysis prior to attack. If its payoff or benefit obtained is less than the attack cost, it chooses to refrain from launching such a costlier DoS/DDoS attack. On the other hand, to set an upper bound on network traffic, the defender needs to set an optimum threshold per flow so that maximum attack flows are either dropped or redirected to a honeypot deployed in the network. Arbitrary setting of a threshold for flow rates can also cause a loss of legitimate flows. The defender chooses the optimum threshold value with precise estimation to minimize loss of legitimate flows. The defender also does trade-off analysis and sets the threshold in a way that can minimize the attacker’s payoff. This optimization problem is presented as a game between the attackerand defender. Action sets and objective functions of both players are defined. The network constrains are modelled and payoffs are calculated. The game converges to Nash equilibrium. The best course of actions is deduced from the Nash strategies. Results obtained by simulation and numerical calculations are in favour of the proposed game theoretical defence mechanism and strongly advocate the worthiness of using game theory to defend against DoS and DDoS attacks to strengthen network security.
Volume 45 All articles Published: 12 October 2020 Article ID 0256
Maintaining an adequate balance between security and other performance metrics like memory requirement, throughput and energy requirement in a resource-constrained environment is a major challenge. The National Institute of Standards and Technology (NIST), in its latest lightweight cryptography report,suggested the suitability of symmetric ciphers in constrained devices. In this paper we have performed statistical security analyses of six state-of-the-art stream ciphers, namely Lizard, Fruit, Plantlet, Sprout, Grain v1 and Espresso, with the help of randomness test, structural test, autocorrelation test and avalanche test. We have also carried out the performance analysis of these ciphers in detail after porting the optimized code of the ciphers to a low-cost microcontroller, namely ATmega 328P. The selection of the device is based on its acceptability in the Internet of Things (IoT)-based network. The statistical security, performance metrics and comparative analysis suggest the suitability of the selected ciphers for providing security in constrained environments