M phil-computer-science-secure-computing-projects
0 likes97 views
The document contains details of several M.Phil Computer Science Secure Computing Projects implemented in C#. The projects deal with topics related to privacy, anonymity, and security in distributed systems and networks. Some of the project titles and brief descriptions included in the document are: - Privacy-Preserving Updates to Anonymous and Confidential Databases - Replica Placement for Route Diversity in Distributed Hash Tables - Robust Correlation of Encrypted Attack Traffic Through Stepping Stones Using Flow Watermarking - A Policy Enforcing Mechanism for Trusted Ad Hoc Networks - Adaptive Fault Tolerant QoS Control Algorithms for Maximizing System Lifetime of Query-Based Wireless Sensor Networks
M phil-computer-science-secure-computing-projects
- 1. M.Phil Computer Science Secure Computing Projects Web : www.kasanpro.com Email : [email protected] List Link : http://kasanpro.com/projects-list/m-phil-computer-science-secure-computing-projects Title :Privacy-Preserving Updates to Anonymous and Confidential Databases Language : C# Project Link : http://kasanpro.com/p/c-sharp/privacy-preserving-updates-anonymous-confidential-databases Abstract : Suppose Alice owns a k-anonymous database and needs to determine whether her database, when inserted with a tuple owned by Bob, is still k-anonymous. Also, suppose that access to the database is strictly controlled, because for example data are used for certain experiments that need to be maintained confidential. Clearly, allowing Alice to directly read the contents of the tuple breaks the privacy of Bob (e.g., a patient's medical record); on the other hand, the confidentiality of the database managed by Alice is violated once Bob has access to the contents of the database. Thus, the problem is to check whether the database inserted with the tuple is still k-anonymous, without letting Alice and Bob know the contents of the tuple and the database respectively. In this paper, we propose two protocols solving this problem on suppression-based and generalization-based k-anonymous and confidential databases. The protocols rely on well-known cryptographic assumptions, and we provide theoretical analyses to proof their soundness and experimental results to illustrate their efficiency. Title :Replica Placement for Route Diversity in Tree-Based Routing Distributed Hash Tables Language : C# Project Link : http://kasanpro.com/p/c-sharp/replica-placement-route-diversity-tree-based-routing-distributed-hash-tables Abstract : Distributed hash tables (DTHs) share storage and routing responsibility among all nodes in a peer-to-peer network. These networks have bounded path length unlike unstructured networks. Unfortunately, nodes can deny access to keys or misroute lookups. we address both of these problems through replica placement. we characterize tree-based routing DTHs and define maxdisjoint, a replica placement that creates route diversity for these DTHs. we prove that this placement creates disjoint routes and find the replication degree necessary to produce a desired number of disjoint routes. using simulations of pastry (a tree-based routing DTHs), we evaluate the impact of maxdisjoint on routing robustness compared to other placements when nodes are compromised at random or in a contiguous run. furthermore, we consider another route diversity mechanism that we call neighbor set routing and show that, when used with our replica placement, it can successfully route messages to a correct replica even with a quarter of the nodes in the system compromised at random. finally, we demonstrate a family of replica query strategies that can trade off response time and system load. We present a hybrid query strategy that keeps response time low without producing too high a load. Title :Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Flow Watermarking Language : C# Project Link : http://kasanpro.com/p/c-sharp/robust-correlation-encrypted-attack-traffic-flow-watermarking Abstract : Network based intruders seldom attack their victims directly from their own computer. Often, they stage their attacks through intermediate "stepping stones" in order to conceal their identity and origin. To identify the source of the attack behind the stepping stone(s), it is necessary to correlate the incoming and outgoing flows or connections of a stepping stone. To resist attempts at correlation, the attacker may encrypt or otherwise manipulate the connection traffic. Timing based correlation approaches have been shown to be quite effective in correlating encrypted connections. However, timing based correlation approaches are subject to timing perturbations that may be deliberately introduced by the attacker at stepping stones. In this project, our watermark-based approach is "active" in that It embeds a unique watermark into the encrypted flows by slightly adjusting the timing of selected packets. The unique watermark that is embedded in the encrypted flow gives us a number of advantages over passive timing based correlation in resisting timing perturbations by the attacker. A two-fold monotonically increasing compound mapping is created and proved to yield more distinctive visible watermarks in the watermarked image. Security protection measures by parameter and mapping randomizations have also been proposed to deter attackers from
- 2. illicit image recoveries. Title :A Policy Enforcing Mechanism for Trusted Ad Hoc Network Language : C# Project Link : http://kasanpro.com/p/c-sharp/policy-enforcing-mechanism-trusted-ad-hoc-network Abstract : To ensure fair and secure communication in Mobile Ad hoc Networks (MANETs), the applications running in these networks must be regulated by proper communication policies. However, enforcing policies in MANETs is challenging because they lack the infrastructure and trusted entities encountered in traditional distributed systems. This paper presents the design and implementation of a policy enforcing mechanism based on trusted execution monitor built on top of the Trusted Platform Module. Under this mechanism, each application or protocol has an associated policy. Two instances of an application running on different nodes may engage in communication only if these nodes enforce the same set of policies for both the application and the underlying protocols used by the application. In this way, nodes can form trusted application centric networks. Before allowing a node to join such a network, Satem verifies its trustworthiness of enforcing the required set of policies. If any of them is compromised, Satem disconnects the node from the network. We demonstrate the correctness of our solution through security analysis, and its low overhead through performance evaluation of the applications. Title :Adaptive Fault Tolerant QoS Control Algorithms for Maximizing System Lifetime of Query-Based Wireless Sensor Networks Language : C# Project Link : http://kasanpro.com/p/c-sharp/adaptive-fault-tolerant-qos-control-algorithms-maximizing-system-lifetime Abstract : Data sensing and retrieval in wireless sensor systems have a widespread application in areas such as security and surveillance monitoring, and command and control in battlefields. In query-based wireless sensor systems, a user would issue a query and expect a response to be returned within the deadline. While the use of fault tolerance mechanisms through redundancy improves query reliability in the presence of unreliable wireless communication and sensor faults, it could cause the energy of the system to be quickly depleted. Therefore, there is an inherent tradeoff between query reliability vs. energy consumption in query-based wireless sensor systems. In this paper, we develop adaptive fault tolerant quality of service (QoS) control algorithms based on hop-by-hop data delivery utilizing "source" and "path" redundancy, with the goal to satisfy application QoS requirements while prolonging the lifetime of the sensor system. We develop a mathematical model for the lifetime of the sensor system as a function of system parameters including the "source" and "path" redundancy levels utilized. We discover that there exists optimal "source" and "path" redundancy under which the lifetime of the system is maximized while satisfying application QoS requirements. Numerical data are presented and validated through extensive simulation, with physical interpretations given, to demonstrate the feasibility of our algorithm design. M.Phil Computer Science Secure Computing Projects Title :The Geometric Efficient Matching Algorithm for Firewalls Language : C# Project Link : http://kasanpro.com/p/c-sharp/geometric-efficient-matching-algorithm-firewalls Abstract : The firewall is one of the central technologies allowing high-level access control to organization networks. Packet matching in firewalls involves matching on many fields from the TCP and IP packet header. At least five fields (protocol number, source and destination IP addresses, and ports) are involved in the decision which rule applies to a given packet. With available bandwidth increasing rapidly, very efficient matching algorithms need to be deployed in modern firewalls to ensure that the firewall does not become a bottleneck Since firewalls need to filter all the traffic crossing the network perimeter, they should be able to sustain a very high throughput, or risk becoming a bottleneck. Thus, algorithms from computational geometry can be applied. In this paper we consider a classical algorithm that we adapted to the firewall domain. We call the resulting algorithm "Geometric Efficient Matching" (GEM). The GEM algorithm enjoys a logarithmic matching time performance. However, the algorithm's theoretical worst-case space complexity is O (n4) for a rule-base with n rules. Because of this perceived high space complexity, GEM-like algorithms were rejected as impractical by earlier works. Contrary to this conclusion, this paper shows that GEM is actually an excellent choice. Based on statistics from real firewall rule-bases, we created a Perimeter rules model that generates random, but non-uniform, rulebases. We evaluated GEM via extensive simulation using the Perimeter rules model. Title :IPAS: Implicit Password Authentication System Language : C#
- 3. Project Link : http://kasanpro.com/p/c-sharp/ipas-implicit-password-authentication-system Abstract : Authentication is the first line of defense against compromising confidentiality and integrity. Though traditional login/password based schemes are easy to implement, they have been subjected to several attacks. As alternative, token and biometric based authentication systems were introduced. However, they have not improved substantially to justify the investment. Thus, a variation to the login/password scheme, viz. graphical scheme was introduced. But it also suffered due to shoulder-surfing and screen dump attacks. In this paper, we introduce a framework of our proposed (IPAS) Implicit Password Authentication System, which is immune to the common attacks suffered by other authentication schemes Title :Distributed Detection of Clone Attacks in Wireless Sensor Networks Language : NS2 Project Link : http://kasanpro.com/p/ns2/detection-clone-attacks-wireless-sensor-networks Abstract : Wireless Sensor Networks (WSNs) are often deployed in hostile environments where an adversary can physically capture some of the nodes, first can reprogram, and then, can replicate them in a large number of clones, easily taking control over the network. A few distributed solutions to address this fundamental problem have been recently proposed. However, these solutions are not satisfactory. First, they are energy and memory demanding: A serious drawback for any protocol to be used in the WSN - resource constrained environment. Further, they are vulnerable to the specific adversary models introduced in this paper. The contributions of this work are threefold. First, we analyze the desirable properties of a distributed mechanism for the detection of node replication attacks. Second, we show that the known solutions for this problem do not completely meet our requirements. Third, we propose a new self-healing, Randomized, Efficient, and Distributed (RED) protocol for the detection of node replication attacks, and we show that it satisfies the introduced requirements. Finally, extensive simulations show that our protocol is highly efficient in communication, memory, and computation; is much more effective than competing solutions in the literature; and is resistant to the new kind of attacks introduced in this paper, while other solutions are not. http://kasanpro.com/ieee/final-year-project-center-cuddalore-reviews Title :Distributed Detection of Clone Attacks in Wireless Sensor Networks Language : C# Project Link : http://kasanpro.com/p/c-sharp/detection-clone-attacks-wireless-sensor-networks-code Abstract : Wireless Sensor Networks (WSNs) are often deployed in hostile environments where an adversary can physically capture some of the nodes, first can reprogram, and then, can replicate them in a large number of clones, easily taking control over the network. A few distributed solutions to address this fundamental problem have been recently proposed. However, these solutions are not satisfactory. First, they are energy and memory demanding: A serious drawback for any protocol to be used in the WSN - resource constrained environment. Further, they are vulnerable to the specific adversary models introduced in this paper. The contributions of this work are threefold. First, we analyze the desirable properties of a distributed mechanism for the detection of node replication attacks. Second, we show that the known solutions for this problem do not completely meet our requirements. Third, we propose a new self-healing, Randomized, Efficient, and Distributed (RED) protocol for the detection of node replication attacks, and we show that it satisfies the introduced requirements. Finally, extensive simulations show that our protocol is highly efficient in communication, memory, and computation; is much more effective than competing solutions in the literature; and is resistant to the new kind of attacks introduced in this paper, while other solutions are not. Title :Extracting Spread-Spectrum Hidden Data from Digital Media Language : C# Project Link : http://kasanpro.com/p/c-sharp/extracting-spread-spectrum-hidden-data-digital-media Abstract : We consider the problem of extracting blindly data embedded over a wide band in a spectrum (transform) domain of a digital medium (image, audio, video). We develop a novel multi- carrier/signature iterative generalized least-squares (M-IGLS) core procedure to seek unknown data hidden in hosts via multi- carrier spread-spectrum embedding. Neither the original host nor the embedding carriers are assumed available. Experimental studies on images show that the developed algorithm can achieve recovery probability of error close to what may be attained with known embedding carriers and host autocorrelation matrix. M.Phil Computer Science Secure Computing Projects
- 4. Title :Extracting Spread-Spectrum Hidden Data from Digital Media Language : NS2 Project Link : http://kasanpro.com/p/ns2/extracting-spread-spectrum-hidden-data-digital-media-code Abstract : We consider the problem of extracting blindly data embedded over a wide band in a spectrum (transform) domain of a digital medium (image, audio, video). We develop a novel multi- carrier/signature iterative generalized least-squares (M-IGLS) core procedure to seek unknown data hidden in hosts via multi- carrier spread-spectrum embedding. Neither the original host nor the embedding carriers are assumed available. Experimental studies on images show that the developed algorithm can achieve recovery probability of error close to what may be attained with known embedding carriers and host autocorrelation matrix. Title :Privacy Preserving Data Sharing With Anonymous ID Assignment Language : C# Project Link : http://kasanpro.com/p/c-sharp/privacy-preserving-data-sharing-with-anonymous-id-assignment Abstract : An algorithm for anonymous sharing of private data parties is developed. This technique is used iteratively among N to assign these nodes ID numbers ranging from 1 to . This assignment is anonymous in that the identities received are unknown to the other members of the group. Resistance to collusion among other members is verified in an information theoretic sense when private communication channels are used. This assignment of serial numbers allows more complex data to be shared and has applications to other problems in privacy preserving data mining, collision avoidance in communications and distributed database access. The required computations are distributed without using a trusted central authority. Existing and new algorithms for assigning anonymous IDs are examined with respect to trade-offs between communication and computational requirements. The new algorithms are built on top of a secure sum data mining operation using Newton's identities and Sturm's theorem. An algorithm for distributed solution of certain polynomials over finite fields enhances the scalability of the algorithms. Markov chain representations are used to find statistics on the number of iterations required, and computer algebra gives closed form results for the completion rates. Title :Privacy Preserving Data Sharing With Anonymous ID Assignment Language : NS2 Project Link : http://kasanpro.com/p/ns2/privacy-preserving-data-sharing-with-anonymous-id-assignment-code Abstract : An algorithm for anonymous sharing of private data parties is developed. This technique is used iteratively among N to assign these nodes ID numbers ranging from 1 to . This assignment is anonymous in that the identities received are unknown to the other members of the group. Resistance to collusion among other members is verified in an information theoretic sense when private communication channels are used. This assignment of serial numbers allows more complex data to be shared and has applications to other problems in privacy preserving data mining, collision avoidance in communications and distributed database access. The required computations are distributed without using a trusted central authority. Existing and new algorithms for assigning anonymous IDs are examined with respect to trade-offs between communication and computational requirements. The new algorithms are built on top of a secure sum data mining operation using Newton's identities and Sturm's theorem. An algorithm for distributed solution of certain polynomials over finite fields enhances the scalability of the algorithms. Markov chain representations are used to find statistics on the number of iterations required, and computer algebra gives closed form results for the completion rates. Title :Secure Encounter-based Mobile Social Networks: Requirements, Designs, and Tradeoffs Language : C# Project Link : http://kasanpro.com/p/c-sharp/secure-encounter-based-mobile-social-networks-requirements-designs-tradeoffs Abstract : Encounter-based social networks and encounter-based systems link users who share a location at the same time, as opposed to the traditional social network paradigm of linking users who have an offline friendship. This new approach presents challenges that are fundamentally different from those tackled by previous social network designs. In this paper, we explore the functional and security requirements for these new systems, such as availability, security, and privacy, and present several design options for building secure encounter-based social networks. To highlight these challenges we examine one recently proposed encounter-based social network design
- 5. and compare it to a set of idealized security and functionality requirements. We show that it is vulnerable to several attacks, including impersonation, collusion, and privacy breaching, even though it was designed specifically for security. Mindful of the possible pitfalls, we construct a flexible frame- work for secure encounter-based social networks, which can be used to construct networks that offer different security, privacy, and availability guarantees. We describe two example constructions derived from this framework, and consider each in terms of the ideal requirements. Some of our new designs fulfill more requirements in terms of system security, reliability, and privacy than previous work. We also evaluate real-world performance of one of our designs by implementing a proof-of-concept iPhone application called MeetUp. Experiments highlight the potential of our system and hint at the deployability of our designs on a large scale. Title :Secure Encounter-based Mobile Social Networks: Requirements, Designs, and Tradeoffs Language : NS2 Project Link : http://kasanpro.com/p/ns2/secure-encounter-based-mobile-social-networks-requirements-designs-tradeoffs-code Abstract : Encounter-based social networks and encounter-based systems link users who share a location at the same time, as opposed to the traditional social network paradigm of linking users who have an offline friendship. This new approach presents challenges that are fundamentally different from those tackled by previous social network designs. In this paper, we explore the functional and security requirements for these new systems, such as availability, security, and privacy, and present several design options for building secure encounter-based social networks. To highlight these challenges we examine one recently proposed encounter-based social network design and compare it to a set of idealized security and functionality requirements. We show that it is vulnerable to several attacks, including impersonation, collusion, and privacy breaching, even though it was designed specifically for security. Mindful of the possible pitfalls, we construct a flexible frame- work for secure encounter-based social networks, which can be used to construct networks that offer different security, privacy, and availability guarantees. We describe two example constructions derived from this framework, and consider each in terms of the ideal requirements. Some of our new designs fulfill more requirements in terms of system security, reliability, and privacy than previous work. We also evaluate real-world performance of one of our designs by implementing a proof-of-concept iPhone application called MeetUp. Experiments highlight the potential of our system and hint at the deployability of our designs on a large scale. M.Phil Computer Science Secure Computing Projects Title :Balancing Performance, Accuracy, and Precision for Secure Cloud Transactions Language : C# Project Link : http://kasanpro.com/p/c-sharp/balancing-performance-accuracy-precision-secure-cloud-transactions Abstract : In distributed transactional database systems deployed over cloud servers, entities cooperate to form proofs of authorization that are justified by collections of certified credentials. These proofs and credentials may be evaluated and collected over extended time periods under the risk of having the underlying authorization policies or the user credentials being in inconsistent states. It therefore becomes possible for policy-based authorization systems to make unsafe decisions that might threaten sensitive resources. In this paper, we highlight the criticality of the problem. We then define the notion of trusted transactions when dealing with proofs of authorization. Accordingly, we propose several increasingly stringent levels of policy consistency constraints, and present different enforcement approaches to guarantee the trustworthiness of transactions executing on cloud servers. We propose a Two-Phase Validation Commit protocol as a solution, which is a modified version of the basic Two-Phase Commit protocols. We finally analyze the different approaches presented using both analytical evaluation of the overheads and simulations to guide the decision makers to which approach to use. http://kasanpro.com/ieee/final-year-project-center-cuddalore-reviews Title :Balancing Performance, Accuracy, and Precision for Secure Cloud Transactions Language : NS2 Project Link : http://kasanpro.com/p/ns2/balancing-performance-accuracy-precision-secure-cloud-distributed-transactions Abstract : In distributed transactional database systems deployed over cloud servers, entities cooperate to form proofs of authorization that are justified by collections of certified credentials. These proofs and credentials may be evaluated and collected over extended time periods under the risk of having the underlying authorization policies or
- 6. the user credentials being in inconsistent states. It therefore becomes possible for policy-based authorization systems to make unsafe decisions that might threaten sensitive resources. In this paper, we highlight the criticality of the problem. We then define the notion of trusted transactions when dealing with proofs of authorization. Accordingly, we propose several increasingly stringent levels of policy consistency constraints, and present different enforcement approaches to guarantee the trustworthiness of transactions executing on cloud servers. We propose a Two-Phase Validation Commit protocol as a solution, which is a modified version of the basic Two-Phase Commit protocols. We finally analyze the different approaches presented using both analytical evaluation of the overheads and simulations to guide the decision makers to which approach to use.