Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Author: search.filters.author.Rudra, B.Subject: search.filters.subject.Security

Search Results

Now showing 1 - 5 of 5
  • No Thumbnail Available
    Item
    Evaluation of Recurrent Neural Networks for Detecting Injections in API Requests
    (Institute of Electrical and Electronics Engineers Inc., 2021) Reddy, S.A.; Rudra, B.
    Application programming interfaces (APIs) are a vital part of every online business. APIs are responsible for transferring data across systems within a company or to the users through the web or mobile applications. Security is a concern for any public-facing application. The objective of this study is to analyze incoming requests to a target API and flag any malicious activity. This paper proposes a solution using sequence models to identify whether or not an API request has SQL, XML, JSON, and other types of malicious injections. We also propose a novel heuristic procedure that minimizes the number of false positives. False positives are the valid API requests that are misclassified as malicious by the model. © 2021 IEEE.
  • No Thumbnail Available
    Item
    Analysis of Magnitude of Threats for V2X Authentication Schemes Under Quantum Powered Adversary
    (Springer Science and Business Media Deutschland GmbH, 2023) Sawant, S.V.; Rudra, B.
    The Internet has revolutionized the way we communicate. We are now able to connect to anyone across the globe with little or no effort. This revolution has empowered various technological inventions. The Internet has fixed numerous challenges that were difficult to address before. Today, even Vehicular Communication is possible due to the Internet. From providing situational vigilance to taking sound decisions, vehicles have traveled a smart journey. These technological marvels were possible due to the remarkable progress in the computational power of devices. Now, with the world moving towards quantum computing, we stare at future with an ocean of possibilities. Such capabilities in the hands of adversaries can lead to unpleasant consequences. Hence, it is important to determine whether our existing systems are safe against such powerful adversaries. Also, it is equally important to develop techniques that can defend vehicles from adversaries. In this paper, we have listed out various authentication schemes against quantum adversaries and presented our observations. © 2023, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
  • No Thumbnail Available
    Item
    Secure Decentralized Carpooling Application Using Blockchain and Zero Knowledge Proof
    (Science and Technology Publications, Lda, 2024) Goel, S.; Sawant, S.V.; Rudra, B.
    Blockchain extends its reach far beyond cryptocurrencies such as Bitcoin, encompassing a broader spectrum of applications. It acts as a transparent, distributed, and unchangeable ledger where every participant in the network possesses a copy of the blockchain. This decentralized system secures all data and transactions through encryption, ensuring reliability. The key components of blockchain-based applications include Smart Contracts, which house the application’s logic and operate on the blockchain. In traditional carpooling systems, centralized authorities like Uber or Ola control the entire process, collecting and managing data from both drivers and riders. However, by leveraging blockchain and smart contracts, a more secure and private carpooling system can be established, allowing riders and drivers to connect directly without intermediaries. Blockchain applications encounter challenges, primarily related to scalability and privacy. Every node in the system processing transactions limits scalability. Moreover, the practice of publishing all data at each node for processing raises privacy concerns. To tackle these issues, an approach using non-interactive proofs for off-chain computations can enhance efficiency. This approach verifies correctness without exposing private data, thus improving privacy. ZoKrates, a toolbox, simplifies this process by providing a domain-specific language (DSL), compiler, and generators for proofs and verification of Smart Contracts, streamlining complex zero-knowledge proof tasks and promoting their adoption. © 2024 by SCITEPRESS – Science and Technology Publications, Lda.
  • No Thumbnail Available
    Item
    Detection of injections in API requests using recurrent neural networks and transformers
    (Inderscience Publishers, 2022) Sujan Reddy, A.; Rudra, B.
    Application programming interfaces (APIs) are playing a vital role in every online business. The objective of this study is to analyse the incoming requests to a target API and flag any malicious activity. This paper proposes a solution based on sequence models and transformers for the identification of whether an API request has SQL injections, code injections, XSS attacks, operating system (OS) command injections, and other types of malicious injections or not. In this paper, we observe that transformers outperform B-RNNs in detecting malicious activity which is present in API requests. We also propose a novel heuristic procedure that minimises the number of false positives. We observe that the RoBERTa transformer outperforms and gives an accuracy of 100% on our dataset. We observe that the heuristic procedure works well in reducing the number of false positives when a large number of false positives exist in the predictions of the models. © © 2022 Inderscience Enterprises Ltd.
  • No Thumbnail Available
    Item
    Advancing Security and Scalability - A Protocol Extension for Dynamic Group Membership Management
    (AnaPub Publications, 2025) Renisha, P.S.; Rudra, B.
    The integration of Contributory Group Key Agreement (CGKA) for group formation revolutionizes the collaborative process of generating group keys, instilling trust and fostering collaboration among group members. By ensuring that each member actively contributes to the generation of the group key, CGKA distributes the responsibility of key generation across the group, thereby enhancing the security and resilience of the group's cryptographic infrastructure. Concurrently, the utilization of Lattice Diffie-Hellman (LDH) for key generation leverages the mathematical properties of lattices to securely derive shared secret keys. LDH offers a robust and efficient method for generating keys in cryptographic applications, ensuring the confidentiality and integrity of communication channels. Furthermore, the incorporation of blockchain technology for implementing membership changes introduces a decentralized and transparent approach to managing group membership dynamics. By leveraging blockchain's distributed ledger technology and smart contracts, membership changes can be executed securely, transparently, and efficiently. This enhances the integrity and resilience of the group's membership management system, allowing for the secure addition and removal of members from the group while maintaining the integrity of the cryptographic infrastructure. Together, the integration of CGKA, LDH, and blockchain technology presents a comprehensive solution for advancing the security and scalability of dynamic group membership management protocols, offering a robust framework for secure and efficient communication in contemporary environments. Moreover, the proposed integration of CGKA, LDH, and blockchain technology facilitates seamless adaptation to dynamic changes in group membership, ensuring that security and scalability are maintained even as the composition of the group evolves. Through simulations and performance evaluations, the effectiveness of the integrated approach that is implemented in Python Software is demonstrated compared to existing protocols like Elliptic Curve Diffie-Hellman (ECDH), RSA Key Exchange, and Post-Quantum Cryptography (PQC). ©2025 The Authors.