1. Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/1/5

Browse

Filters

2020 - 202130

Settings

Author: search.filters.author.Chandavarkar B.R.Start date: 2020

Search Results

Now showing 1 - 10 of 30
  • No Thumbnail Available
    Item
    Automated versus Manual Approach of Web Application Penetration Testing
    (2020) Singh N.; Meherhomji V.; Chandavarkar B.R.
    The main aim of this work is to find and explain certain scenarios that can demonstrate the differences in automated and manual approaches for penetration testing. There are some scenarios in which manual testing works better than automatic scripts/vulnerability scanners for finding security issues in web applications. In some other scenarios, the opposite may be true. The concepts of various web application vulnerabilities have been used for testing, including OWASP1Open Web Application Security Project; online community dedicated to web security Top 10, using both manual and automatic approaches. Automation tools and scripts have been used and tested to see what could potentially go wrong if attackers exploit such vulnerabilities. Also, certain scenarios have been used which determine whether one approach is better than the other for finding/detecting security issues in web applications. Finally, the work concludes by providing results in the form of pros-and-cons of both approaches, which it realises after carrying this out. © 2020 IEEE.
  • No Thumbnail Available
    Item
    An Interdependency between Symmetric Ciphers and Hash Functions: A Survey
    (2020) Dubey P.K.; Jangid A.; Chandavarkar B.R.
    Symmetric ciphers are one of the most famous cryptographic paradigms in cryptography. Its simplistic algorithm makes it easy to understand, and it has not very complex implementation. Hash functions, on the other hand, are the fundamental algorithm in managing the integrity of the transmitted data. It is also widely popular. Symmetric ciphers and hash functions are very much dependent on each other to make them more secure and robust application. In this paper, we will see how symmetric ciphers and hash functions are connected, and their different use cases in real life. This paper also includes different symmetric ciphers, hash functions, and we will see their relationship. First, this paper will introduce what a security service is, then the classes of cryptographic algorithms are illustrated where we have discussed different paradigms of cryptography. After that, we have addressed different types of symmetric ciphers and hash functions. Based on some use cases, we have shown the inter-dependency of symmetric cipher and hash function. Next, we have presented a comparison in various approaches to dependency. © 2020 IEEE.
  • No Thumbnail Available
    Item
    An Experimental Evaluation of SHA-512 for Different Modes of Operation
    (2020) Bhonge H.N.; Ambat M.K.; Chandavarkar B.R.
    We have different numbers of algorithms for computation of the hash. SHA-512 is vulnerable to pre-image attacks. Two variants of SHA-512, which are SHA-512/224 and SHA-512/256, are also susceptible to collision attacks. This paper aimed to overcome the challenges of SHA-5112 and its variants. Our approach is to use the SHA-512 algorithm with different modes of operation. We evaluate each mode of operation in terms of the time required for the computation of the hash. This paper also describes two essential properties, such as pre-image resistance and collision resistance of our approach. © 2020 IEEE.
  • No Thumbnail Available
    Item
    An Experimental Evaluation on the Dependency between One-Way Hash Functions and Salt
    (2020) Rathod U.; Sonkar M.; Chandavarkar B.R.
    Passwords are barriers that protect unauthorized users from accessing personal information in any application. Protecting passwords is one of the challenging tasks in today's world. Currently, a combination of Username/Password used for authentication for a large number of applications. Malicious users might try to steal/misuse the user's data for unethical purposes. To prevent passwords from stealing, developers prefer to use one-way hash functions. One-way hash functions are theoretically irreversible functions that take as an input variable size text and output fixed-sized text. In reality, hash functions are not collision-resistant. Therefore it is recommended to use passwords and randomly generated text called salt to generate hash values and prevent rainbow tables and dictionary attacks. Passwords are hashed at the client-side and sent across the public channel/network. A salt is a randomly generated alphanumeric text used to concatenate with a password to generate a random hash value. This paper demonstrates how the random generation of salt is dependent on passwords and how hash values are dependent on salt. Further, analysis of the behaviour of passwords and hash values using various tools like Wireshark, Ettercap, and Hydra are presented in the paper. © 2020 IEEE.
  • No Thumbnail Available
    Item
    An Improved and Reliable Sequential Decoding of Convolution Codes
    (2020) Chandavarkar B.R.; Byju A.; Thomas E.
    Error control (detection and correction) of data plays a pivotal role in networking to facilitate the reliable transmission of messages from source to destination. Convolution code is one of the popularly known error control mechanism which is considered superior to several legacy error control algorithms like the Hamming code. The Fano algorithm is a sequential decoding algorithm used to decode long constraint length convolution codes. However, this algorithm has failed to offer 100% error detection and correction capabilities. These lead to the inferior performance of this algorithm to correct errors at the destination. This paper proposes an enhanced Fano (e-Fano) algorithm that offers 100% error detection and correction up to finite bits of error. Through the MATLAB simulations, e-Fano and the conventional Fano algorithm are compared for the % of error detection and correction in the received data. © 2020 IEEE.
  • No Thumbnail Available
    Item
    Ways of Connecting Illiterates with the Security Mechanism: Case Study
    (2021) Kumar S.R.; Sonkar M.; Chandavarkar B.R.
    The digital communication faces lots of security threats and attacks in the network. Thus, security mechanisms are used as a measure to ensure safety and to implement the security services for the text documents, audio, video and other types of data communication over the network. These security mechanisms are helpful to recognise, prevent and recover from security breaches, threats and attacks. Some of the security mechanisms are Cryptography, Public key certification, Authentication, Digital signatures etc. Obviously, these are mostly used by educated people in communication for their data to be remain integrated, confidential and safe. But, a bitter fact is that there are 30.90% people who are illiterate and have no education background living in our country and their data is also very important to them. So, we have to connect those illiterate people to these security mechanisms, so that they can also communicate without being in fear of the data loss or data manipulation. There are many ways to connect illiterate people with the security mechanisms such as by using facial recognition and fingerprint as the password in various systems or machines like ATMs, banks, government offices and also provide information and knowledge about the prevention from the possible fraud, theft and malicious activities. This paper discuss those different ways to connect the illiterate people with security mechanisms and enlighten their lives. © 2021, The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
  • No Thumbnail Available
    Item
    Use Cases of Authentication Protocols in the Context of Digital Payment System
    (2020) Thawre G.; Bahekar N.; Chandavarkar B.R.
    In the digital payment system, the transactions and their data about clients are very sensitive, so the security and privacy of personal information of the client is a big concern. The confirmation towards security necessities prevents the data from a stolen and unauthorized person over the digital transactions, So the stronger authentication methods required, which must be based on cryptography. Initially, in the payment ecosystem, they were using the Kerberos protocol, but now different approaches such as Challenge-Handshake Authentication Protocol (CHAP), Tokenization, Two-Factor Authentication(PIN, MPIN, OTP), etc. such protocols are being used in the payment system. This paper presents the use cases of different authentication protocols. Further, the use of these protocols in online payment systems to verify each individual are explained. © 2020 IEEE.
  • No Thumbnail Available
    Item
    Undeniable Signature Scheme: A Survey
    (2020) Kale P.; Hazarika P.; Chandavarkar B.R.
    Nowadays, almost all business organizations, committees use the internet to do transactions and confidential information exchange. So it is crucial to make these transactions secure and reliable. A system to be confident and trustworthy needs a function of cryptography, and also it must manage the keys of cryptography. The digital signature, which is universally verifiable, is a solution when there are disputes between the sender and receiver. Later the undeniable signature scheme was introduced as a modern technique to verify the validity of a message sent by the sender. The undeniable signature scheme has its properties to protect the interests of the sender and receiver. An authenticated verifier only can check the signature with the approval of the signer. In this paper, we have discussed various undeniable signature schemes-key generation, signature verification, and disavowal protocol. This paper compares different schemes of the undeniable signature on the various notations of security. © 2020 IEEE.
  • No Thumbnail Available
    Item
    The Dependency of Healthcare on Security: Issues and Challenges
    (2021) Kittur L.J.; Mehra R.; Chandavarkar B.R.
    Information security and privacy in the sector of healthcare is an important issue that has to be given importance. With the growing adoption of electronic health records of patients, the need of accessing and sharing information between different healthcare professionals is also increasing. This gives rise to the attention that has to be provided for securing the information. Also the adoption of the Internet of Things in wireless body sensor networks, leads to the usage of Cloud and Fog in healthcare systems. Thus pointing towards secure methods of accessing, storing, processing of sensitive data. In this paper, an overview of different issues and challenges pertaining to the security of healthcare systems is presented. Also, the solutions to address the security concerns in the healthcare systems are also discussed. © 2021, The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
  • No Thumbnail Available
    Item
    Techniques to Secure Address Resolution Protocol
    (2020) Selvarajan S.; Mohan M.; Chandavarkar B.R.
    Address Resolution Protocol was developed to create a standard for translating IP addresses to physical addresses. ARP takes (IP, Protocol) as input and converts to physical address. ARP can be easily spoofed because it lacks security. The inventors of ARP thought that internal to the network threats were minimum, and ARP had to be simple for its efficient and dynamic working. A machine in the network, which can work at the data link layer, can be easily spoofed because of the vulnerability in ARP protocol, leading to a man-in-the-middle attack. Securing ARP is not an easy task because state information should be preserved for authentication of ARP frames. However, the protocol is stateless, and making changes to the ARP protocol itself is not practical since the protocol is currently being widely used. Our objective in this paper is to provide a solution to detect and mitigate ARP spoofing attacks without any changes to the protocol itself. The proposed system provides improvement to an existing solution using ICMP to detect ARP spoofing. © 2020 IEEE.