Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Author: search.filters.author.Ramalingam, J.Has files: No

Search Results

Now showing 1 - 10 of 12
  • No Thumbnail Available
    Item
    Light-Weight Deep Learning Models for Visual Malware Classification
    (Springer Science and Business Media Deutschland GmbH, 2023) Akshay Kumar, E.; Ramalingam, J.
    Malware attacks are on the rise every day in the Internet-based digital world. Regular Internet users are at risk due to the evolution of new infections. In recent years, the use of machine learning algorithms to identify malware has gained popularity because numerous studies have demonstrated its efficacy. This work provides two deep learning models to categorize the malware turned into images. Our method uses fewer resources and takes less time to accomplish the same performance as state-of-the-art results. The primary advantage of malware images is that no additional feature engineering is required. Our models for categorizing image-based malware are less complex and can be used in computational systems with limited computational capabilities, such as Android devices. © 2023, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
  • No Thumbnail Available
    Item
    On Cryptographic Approaches for Detecting GNSS Spoofing Attacks
    (Institute of Electrical and Electronics Engineers Inc., 2024) Ramalingam, J.; Maned, V.R.
    The increasing adoption of technologies dependent on Global Navigation Satellite Systems (GNSS) services has prompted many countries to develop their own navigation, positioning, and timing (PNT) systems. Spoofing GNSS signals is a significant security issue as it can undermine the reliability of GNSS positioning and timing services. In this paper, we analyze the efficacy of the Navigation Message Authentication (NMA) schemes proposed for GPS (USA) and Galileo (Europe). We demonstrate the ineffectiveness of the Chameleon hash key-chain proposed for GPS signal authentication and establish that standard digital signatures offer better performance than Chameleon hash key-chain in this context. © 2024 IEEE.
  • No Thumbnail Available
    Item
    Comments on 'Outsourcing Eigen-Decomposition and Singular Value Decomposition of Large Matrix to a Public Cloud'
    (Institute of Electrical and Electronics Engineers Inc., 2024) Rath, S.; Ramalingam, J.
    The outsourcing protocols for Eigen-Decomposition (ED) and Singular Value Decomposition (SVD) proposed by Zhou and Li (2016) offer intriguing advancements but are susceptible to malicious behavior by cloud entities. Our investigation identifies a critical vulnerability in the verification scheme utilized by Zhou and Li, where a malicious cloud can deceive the client by providing incorrect results that pass the verification step undetected. This paper not only demonstrates this vulnerability through a detailed attack scenario but also proposes an enhanced verification method to fortify the protocols against such malicious activities, ensuring the integrity and reliability of the schemes proposed by Zhou and Li. © 2013 IEEE.
  • No Thumbnail Available
    Item
    On “Practical and secure outsourcing algorithms for solving quadratic congruences in IoTs” from IEEE IoT journal
    (Elsevier B.V., 2021) Ramalingam, J.
    Secure outsourced computation enables IoT devices to offload resource-intensive computations to a more resourceful server while keeping the inputs secret to the server. Recently, Zhang et al. put forth two outsourcing algorithms for solving quadratic congruences (Zhang et al., 2020). We observe that both the algorithms do not achieve the claimed security guarantees: a polynomial-time attack reveals the secret inputs to a passive adversary. As a consequence of the insecure outsourcing, the factorization of the RSA modulus is also revealed and hence leads to the total compromise of the security of the underlying scheme which makes use of the Zhang et al. outsourcing algorithms for solving quadratic congruences. Interestingly, we propose corrective measures for the Zhang et al. algorithm and prove that the resulting algorithm enables secure and verifiable delegation of solving quadratic congruences in IoTs. © 2021 Elsevier B.V.
  • No Thumbnail Available
    Item
    ES-HAS: ECC-based secure handover authentication scheme for roaming mobile user in global mobility networks
    (MDPI, 2021) Suvidha, K.S.; Ramalingam, J.; Kamath, S.S.; Lee, C.-C.
    The design and implementation of two-factor schemes designed for roaming mobile users for global mobility networks in smart cities requires attention to protect the scheme from various security attacks, such as the replay attack, impersonation attack, man-in-the-middle attack, password-guessing attack and stolen-smart-card attack. In addition to these attacks, the scheme should achieve user anonymity, unlinkability and perfect forward secrecy. In the roaming scenario, as mobile users are connected to the foreign network, mobile users must provide authentication details to the foreign network to which they are connected. The foreign network forwards the authentication messages received from the mobile users to their home network. The home network validates the authenticity of the mobile user. In the roaming scenario, all communication between the three entities is carried over an insecure channel. It is assumed that the adversary has the capabilities to intercept the messages transmitted over an insecure channel. Hence, the authentication scheme designed must be able to resist the above-mentioned security attacks and achieve the security goals. Our proposed scheme ES-HAS (elliptic curve-based secure handover authentication scheme) is a two-factor authentication scheme in which the mobile user possesses the password, and the smart card resists the above-mentioned security attacks. It also achieves the above-mentioned security goals. We also extended our two-factor authentication to a multi-factor authentication scheme using the fingerprint biometric technique. The formal security analysis using BAN logic and the formal security verification of the proposed scheme using the widely accepted AVISPA (automated validation of internet security protocols and applications) tool is presented in this article. In comparison with the related schemes, the proposed scheme is more efficient and robust. This makes the proposed scheme suitable for practical implementation. © 2021 by the authors. Licensee MDPI, Basel, Switzerland.
  • No Thumbnail Available
    Item
    Robust message authentication in the context of quantum key distribution
    (Inderscience Publishers, 2022) Shanmugam, D.; Ramalingam, J.
    Universal hashing-based message authentication code (MAC) is used as the de facto method to achieve information-theoretically secure authentication in quantum key distribution. We present a critical look at the most widely used type, namely Wegman-Carter MAC based on polynomial hashing and analyse its robustness against physical attacks exploiting side information. In particular, we mount a classical DPA attack on the hash part of the Wegman-Carter MAC which leads to a possible intercept-and-resend attack on the BB84-like QKD protocols. We illustrate this case with polynomial-evaluation MACs as their variants are used in commercial QKD systems. We show that our attack methodology is much simpler compared to that of Belaid et al. at ASIACRYPT 2014. Finally, we present an algebraic countermeasure so that the resulting MAC is not susceptible to the identified attack. © 2022 Inderscience Enterprises Ltd.
  • No Thumbnail Available
    Item
    Privacy-Preserving Outsourcing Algorithm for Solving Large Systems of Linear Equations
    (Springer, 2023) Rath, S.; Ramalingam, J.
    In recent years, the secure offloading of resource-intensive computations to third-party servers has gained significant attention, thanks to the availability of computing services provided by major cloud service providers. In this paper, we propose a novel algorithm that addresses the secure outsourcing of computation for solving large-scale System of Linear Equations (SLEs). The proposed algorithm introduces a unique transformation technique to encrypt a given SLE, effectively tackling the security challenges that have been posed or raised by previous related algorithms. In contrast to prior algorithms, which focused on SLEs with a full-rank coefficient matrix, our algorithm is the first of its kind, compatible with all variations of large-scale SLEs, effectively finding a solution if one exists. Moreover, our suggested approach ensures a one-round client–cloud interaction, and allowing the client to verify the trustworthiness of the cloud server with a probability of 1. For the experimental analysis, we utilized a GPU server, specifically the Tesla V100-PCIE, as the cloud-side server. Furthermore, through a comprehensive theoretical analysis and experimental comparisons with the best-known algorithm [IEEE TIFS, 2014], we demonstrate the effectiveness of our approach. The results show that our algorithm outperforms the best-known algorithm in terms of efficiency, thereby solidifying its superiority in solving large-scale SLEs. © 2023, The Author(s), under exclusive licence to Springer Nature Singapore Pte Ltd.
  • No Thumbnail Available
    Item
    On Efficient Parallel Secure Outsourcing of Modular Exponentiation to Cloud for IoT Applications
    (Multidisciplinary Digital Publishing Institute (MDPI), 2024) Rath, S.; Ramalingam, J.; Lee, C.-C.
    Modular exponentiation is crucial for secure data exchange in cryptography, especially for resource-constrained Internet of Things (IoT) devices. These devices often rely on third-party servers to handle computationally intensive tasks like modular exponentiation. However, existing outsourcing solutions for the RSA algorithm may have security vulnerabilities. This work identifies a critical flaw in a recent outsourcing protocol for RSA proposed by Hu et al. We demonstrate how this flaw compromises the security of the entire RSA system. Subsequently, we propose a robust solution that strengthens the RSA algorithm and mitigates the identified vulnerability. Furthermore, our solution remains resilient against existing lattice-based attacks. The proposed fix offers a more secure and efficient way for IoT devices to leverage the power of third-party servers while maintaining data integrity and confidentiality. An extensive performance evaluation confirms that our solution offers comparable efficiency while significantly enhancing security compared to existing approaches. © 2024 by the authors.
  • No Thumbnail Available
    Item
    Practical and Efficient PUF-Based Protocol for Authentication and Key Agreement in IoT
    (Institute of Electrical and Electronics Engineers Inc., 2024) Manivannan, S.; Chakraborty, R.S.; Chakrabarti, I.; Ramalingam, J.
    The immense potential of the Internet of Things (IoT) is challenged by grave security vulnerabilities that are easily exploitable in resource-constrained environments. We propose a lightweight Authentication and Key Agreement (AKA) protocol to derive a shared session key for each communicating node in a mutually communicating cluster of IoT nodes. Each IoT device is embedded with a Physically Unclonable Function (PUF), and a Fuzzy Extractor (FE) is deployed to correct and reproduce the private key and public helper data pair from the possibly erroneous PUF response. This secret raw PUF response is not stored explicitly in the server. A forward-secure authenticated key agreement is achieved by incorporating Elliptic Curve Diffie-Hellman (ECDH) key exchange protocol. The security of the proposed scheme has been formally verified while considering both active and passive attackers using the Verifpal tool. A prototype implementation with the arbiter PUF circuit, FE, and associated software has successfully demonstrated the efficacy of our scheme. © 2009-2012 IEEE.
  • No Thumbnail Available
    Item
    Accelerating QKD post-processing by secure offloading of information reconciliation
    (Elsevier Ltd, 2024) Ramalingam, J.; Rath, S.; Kuppusamy, L.; Lee, C.-C.
    While quantum key distribution (QKD) offers unparalleled security in communication, its real-world application is hindered by inherent physical constraints. The challenge lies predominantly in the cumbersome, energy-intensive nature of current QKD systems, which stems largely from the time-intensive post-processing stage. This paper investigates the feasibility of offloading the computationally intensive post-processing tasks, specifically focusing on information reconciliation (IR), to potentially untrusted servers. We present a novel scheme that leverages syndrome decoding techniques to efficiently transfer the IR step of QKD protocols to a single external server. Notably, this offloading is accomplished while maintaining the highest level of security, known as unconditional security. The proposed technique is bolstered by a comprehensive theoretical analysis and validated through experimental trials. These findings demonstrate the effectiveness of our approach in bridging the gap between the theoretical promise of QKD and its real-world deployment. © 2024 Elsevier Ltd