Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection

Permanent URI for this collectionhttps://hdl.handle.net/11147/7148

Browse

Filters

2008 - 200932010 - 201952020 - 20222

Settings

Publication Index: search.filters.publicationIndex.ScopusSubject: search.filters.subject.Network security

Search Results

Now showing 1 - 10 of 10
  • Conference Object
    Citation - Scopus: 3
    A Novel Countermeasure for Selective Forwarding Attacks in Iot Networks
    (IEEE, 2022) Yaman, Okan; Sokat, Barış; Ayav, Tolga; Erten, Yusuf Murat
    As the Internet of Things (IoT) devices become more widespread there are rising public concerns about whether or not IoT devices and their services are secure. One of the major threats they face is selective forwarding attacks performed by malicious nodes. Although packets can be lost inherently due to network conditions, malicious nodes, such as those performing blackhole attacks, may deliberately drop some, but not all of them. Therefore, distinguishing these nodes from legitimate ones is not so easy. This study has proposed a lightweight countermeasure to deal with this kind of attack in IoT networks, using the standard IPv6 Routing Protocol for Low Power and Lossy Networks (RPL). The mechanism is based on Mobile Trusted Nodes (MTNs). For the given threat model, we showed that our model has robust detection accuracy and brings no additional overhead to the network. © 2022 IEEE.
  • Conference Object
    Citation - Scopus: 5
    Nfa Based Regular Expression Matching on Fpga
    (IEEE, 2021) Sert, Kamil; Bazlamaçcı, Cüneyt
    String matching is about finding all occurrences of a string within a given text. String matching algorithms have important roles in various real world areas such as web and security applications. In this work, we are interested in solving regular expression matching hence a more general form of string matching problem targeting especially the field of network intrusion detection systems (NIDS). In our work, we enhance a non-deterministic finite automata (NFA) based method on FPGA considerably. We propose to use a matching structure that processes two consecutive characters instead of one in order to yield better memory utilization and provide a novel mapping of this new architecture onto FPGA. The amount of digital circuitry needed to represent the NFA is reduced due to having less number of states and less number of LUTs in the devised 2-character regex matching process. An evaluation study is performed using the well-known Snort rule set and a sizable performance improvement is demonstrated.
  • Article
    Comparison of Group Key Establishment Protocols
    (Türkiye Klinikleri Journal of Medical Sciences, 2017) Şahin, Serap; Aslanoğlu, Rabia
    Recently group-oriented applications over unsecure open networks such as Internet or wireless networks have become very popular. Thus, group communication security over unsecure open networks has become a vital concern. Group key establishment (GKE) protocols are used to satisfy the confidentiality requirement of a newly started communication session by the generation or sharing of an ephemeral common key between the group members. In this study, we analyze the computation and communication efficiency of GKE protocols. Besides confidentiality, the security characteristics of identification and integrity control are also required for all steps of the protocol implementations. Thus, the main contribution of this work is to provide the computation and communication efficiency analysis of the same GKE protocols along with the identification of the group entities and integrity control of messages during the protocol steps. The specific implementation and analysis of GKE protocols are performed by group key agreement (GKA) with pairing- based cryptography and group key distribution (GKD) with verifiable secret sharing, respectively. Finally, a comparison of GKA and GKD protocols on the basis of their strong points and cost characteristics are also provided to inform potential users.
  • Conference Object
    Citation - Scopus: 1
    Mutation-Based Evaluation of Weighted Test Case Selection for Firewall Testing
    (Institute of Electrical and Electronics Engineers Inc., 2011) Tuğlular, Tuğkan; Gerçek, Gürcan
    As part of network security testing an administrator needs to know whether the firewall enforces the security policy as expected or not. In this setting black-box testing and evaluation methodologies can be helpful. In this paper we employ a simple mutation operation namely flipping a bit to generate mutant firewall policies and use them to evaluate our previously proposed weighted test case selection method for firewall testing. In the previously proposed firewall testing approach abstract test cases that are automatically generated from firewall decision diagrams are instantiated by selecting test input values from different test data pools for each field of firewall policy. Furthermore a case study is presented to validate the proposed approach. © 2011 IEEE
  • Conference Object
    Citation - WoS: 9
    Towards Denial-Of Key Agreement Protocols
    (Springer Verlag, 2009) Stebila, Douglas; Ustaoğlu, Berkant
    Denial of service resilience is an important practical consideration for key agreement protocols in any hostile environment such as the Internet. There are well-known models that consider the security of key agreement protocols, but denial of service resilience is not considered as part of these models. Many protocols have been argued to be denial-of-service-resilient, only to be subsequently broken or shown ineffective. In this work we propose a formal definition of denial of service resilience, a model for secure authenticated key agreement, and show how security and denial of service resilience can be considered in a common framework, with a particular focus on client puzzles. The model accommodates a variety of techniques for achieving denial of service resilience, and we describe one such technique by exhibiting a denial-of-service-resilient secure authenticated key agreement protocol. Our approach addresses the correct integration of denial of service countermeasures with the key agreement protocol to prevent hijacking attacks that would otherwise render the countermeasures irrelevant. © 2009 Springer Berlin Heidelberg.
  • Conference Object
    Citation - WoS: 19
    Comparing the Pre- and Post-Specified Peer Models for Key Agreement
    (Springer Verlag, 2008) Menezes, Alfred; Ustaoğlu, Berkant
    In the pre-specified peer model for key agreement, it is assumed that a party knows the identifier of its intended communicating peer when it commences a protocol run. On the other hand, a party in the post-specified peer model for key agreement does not know the identifier of its communicating peer at the outset, but learns the identifier during the protocol run. In this paper we compare the security assurances provided by the Canetti-Krawczyk security definitions for key agreement in the pre- and post-specified peer models. We give examples of protocols that are secure in one model but insecure in the other. We also enhance the Canetti-Krawczyk security models and definitions to encompass a class of protocols that are executable and secure in both the pre- and post-specified peer models. © 2008 Springer-Verlag Berlin Heidelberg.
  • Article
    Citation - Scopus: 9
    Challenges for the Security Analysis of Next Generation Networks
    (Elsevier Ltd., 2011) Atay, Serap; Masera, Marcelo
    The increasing complexity of information and telecommunications systems and networks is reaching a level beyond human ability, mainly from the security assessment viewpoint. Methodologies currently proposed for managing and assuring security requirements fall short of industrial and societal expectations. The statistics about vulnerabilities and attacks show that the security, reliability and availability objectives are not reached and that the general threat situation is getting worse. With the deployment of Next Generation Networks e NGNs, the complexity of networks, considering their architecture, speed and amount of connections, will increase exponentially. There are several proposals for the network and security architectures of NGNs, but current vulnerability, threat and risk analysis methods do not appear adequate to evaluate them. Appropriate analysis methods should have some additional new characteristics, mainly regarding their adaptation to the continuous evolution of the NGNs. In addition, the application of security countermeasures will require technological improvements, which will demand further security analyses. This paper evaluates the current vulnerability, threat and risk analysis methods from the point of view of the new security requirements of NGNs. Then, the paper proposes to use autonomic and self-adaptive systems/applications for assuring the security of NGNs.
  • Conference Object
    Modeling Efficient Multi-Chained Stream Signature Protocol Using Communicating Sequential Processeses
    (Institute of Electrical and Electronics Engineers Inc., 2010) Koltuksuz, Ahmet; Özkan, Murat; Külahçıoğlu, Burcu
    Communicating Sequential Processes (CSP) is a process algebra, designed for modeling and analyzing the behavior of concurrent systems. Several security protocols are modeled with CSP and verified using model-checking or theorem proving techniques successfully. Unlike other authentication protocols modeled using CSP, each of the Efficient Multi-chained Stream Signature (EMSS) protocol messages are linked to the previous messages, forming hash chains, which introduces difficulties for modeling and verification. In this paper; we model the EMSS stream authentication protocol using CSP and verify its authentication properties with model checking, by building an infinite state model of the protocol which is reduced into a finite state model. © 2010 IEEE.
  • Conference Object
    Citation - Scopus: 7
    Utilization of Timed Automata as a Verification Tool for Security Protocols
    (Institute of Electrical and Electronics Engineers Inc., 2010) Koltuksuz, Ahmet; Külahçıoğlu, Burcu; Özkan, Murat
    Timed Automata is an extension to the automata-theoretic approach for the modeling of real time systems that introduces time into the classical automata. It has become an important research area in both the context of formal languages and modeling and verification of real time systems since it was proposed by Alur and Dill in the early nineties. Timed automata proposes an efficient model checking method for verification real time systems having mature and efficient automatic verification tools. One of the application areas of timed automata is the verification of security protocols which are known to be time sensitive. This study aims to make use of timed automata as a verification tool for security protocols and gives a case study on the initial part of the Neuman- Stubblebine Repeated Authentication Protocol. © 2010 IEEE.
  • Conference Object
    Citation - WoS: 5
    Citation - Scopus: 6
    The 1st Workshop on Model-Based Verification & Validation: Directed Acyclic Graph Modeling of Security Policies for Firewall Testing
    (Institute of Electrical and Electronics Engineers Inc., 2009) Tuğlular, Tuğkan; Kaya, Özgür; Müftüoğlu, Can Arda; Belli, Fevzi
    Currently network security of institutions highly depend on firewalls, which are used to separate untrusted network from trusted one by enforcing security policies. Security policies used in firewalls are ordered set of rules where each rule is represented as a predicate and an action. This paper proposes modeling of firewall rules via directed acyclic graphs (DAG), from which test cases can be automatically generated for firewall testing. The approach proposed follows test case generation algorithm developed for event sequence graphs. Under a local area network setup with the aid of a specifically developed software for this purpose, generated test cases are converted to network test packets, test packets are sent to the firewall under test (FUT), and sent packets are compared with passed packets to determine test result.