Dimitrios N. Serpanos

Power Attack Resistant Cryptosystem Design: A Dynamic Voltage and Frequency Switching Approach

A novel power attack resistant cryptosystem is presented. Security in digital computing and communication is becoming increasingly important. Design techniques that can protect cryptosystems from leaking information have been studied by several groups. Power attacks, which infer program behavior from observing power supply current into a processor core, are important forms of attack. Various methods have been proposed to counter the popular and efficient power attacks. However, these methods do not adequately protect against power attacks and may introduce new vulnerabilities. We address a novel approach against power attacks, i.e., dynamic voltage and frequency switching (DVFS). Three designs, naive, improved and advanced implementations, have been studied to test the efficiency of DVFS against power attacks. A final advanced realization of our novel cryptosystem is presented; it achieves enough high power trace entropy and time trace entropy to block all kinds of power attacks, with 27% energy reduction and 16% time overhead for DES encryption and decryption algorithms.

Effective caching of Web objects using Zipf's law

Web accesses follow Zipfs law with a good approximation, as measurements and observations indicate. This property provides an important tool in the design of Web caching architectures, because it allows designers to calculate appropriate cache sizes to achieve the desired hit ratios. The appropriate cache size combined with an LFU replacement policy achieves high cache hit rates. However, LFU replaces objects based on frequency measurements of past accesses. Thus, the system achieves high hit rates only after these measurements are reliable and converge to the final Zipf distribution. In this paper, we provide an analysis using Chernoffs bound and a calculation of an upper bound of the number of initial requests that need to be processed in order to obtain measurements of popularity with high confidence and a measured Zipf distribution which converges to the correct one.

Network Security: Current Status and Future Directions

Preface. Contributors. 1. Computer Network Security: Basic Background and Current Issues (Panayiotis Kotzanikolaou and Christos Douligeris). 1.1 Some Terminology on Network Security. 1.2 ISO/OSI Reference Model for Networks. 1.3 Network Security Attacks. 1.4 Mechanisms and Controls for Network Security: Book Overview and Structure. References. Part One Internet Security. 2. Secure Routing (Ioannis Avramopoulos, Hisashi Kobayashi, Arvind Krishnamurthy, and Randy Wang). 2.1 Introduction. 2.2 Networking Technologies. 2.3 Attacks in Networks. 2.4 State of the Art. 2.5 Conclusion and Research Issues. References. 3. Designing Firewalls: A Survey (Angelos D. Keromytis and Vassilis Prevelakis). 3.1 Introduction. 3.2 Firewall Classifi cation. 3.3 Firewall Deployment: Management. 3.4 Conclusions. References. 4. Security in Virtual Private Networks (Srinivas Sampalli). 4.1 Introduction. 4.2 VPN Overview. 4.3 VPN Benefi ts. 4.4 VPN Terminology. 4.5 VPN Taxonomy. 4.6 IPSec. 4.7 Current Research on VPNs. 4.8 Conclusions. References. 5. IP Security (IPSec) (Anirban Chakrabarti and Manimaran Govindarasu). 5.1 Introduction. 5.2 IPSec Architecture and Components. 5.3 Benefi ts and Applications of IPSec. 5.4 Conclusions. References. 6. IDS for Networks (John C. McEachen and John M. Zachary). 6.1 Introduction. 6.2 Background. 6.3 Modern NIDSs. 6.4 Research and Trends. 6.5 Conclusions. References. 7. Intrusion Detection Versus Intrusion Protection (Luis Sousa Cardoso). 7.1 Introduction. 7.2 Detection Versus Prevention. 7.3 Intrusion Prevention Systems: The Next Step in Evolution of IDS. 7.4 Architecture Matters. 7.5 IPS Deployment. 7.6 IPS Advantages. 7.7 IPS Requirements: What to Look For. 7.8 Conclusions. References. 8. Denial-of-Service Attacks (Aikaterini Mitrokotsa and Christos Douligeris). 8.1 Introduction. 8.2 DoS Attacks. 8.3 DDoS Attacks. 8.4 DDoS Defense Mechanisms. 8.5 Conclusions. References. 9. Secure Architectures with Active Networks (Srinivas Sampalli, Yaser Haggag, and Christian Labonte). 9.1 Introduction. 9.2 Active Networks. 9.3 SAVE Test bed. 9.4 Adaptive VPN Architecture with Active Networks. 9.5 (SAM) Architecture. 9.6 Conclusions. References. Part Two Secure Services. 10. Security in E-Services and Applications (Manish Mehta, Sachin Singh, and Yugyung Lee). 10.1 Introduction. 10.2 What Is an E-Service? 10.3 Security Requirements for EServices and Applications. 10.4 Security for Future EServices. References. 11. Security in Web Services (Christos Douligeris and George P. Ninios). 11.1 Introduction. 11.2 Web Services Technologies and Standards. 11.3 Web Services Security Standard. 11.4 Conclusions. References. 12. Secure Multicasting (Constantinos Boukouvalas and Anthony G. Petropoulos). 12.1 Introduction 205 12.2 IP Multicast. 12.3 Application Security Requirements. 12.4 Multicast Security Issues. 12.5 Data Authentication. 12.6 Source Authentication Schemes. 12.7 Group Key Management. 12.8 Group Management and Secure Multicast Routing. 12.9 Secure IP Multicast Architectures. 12.10 Secure IP Multicast Standardization Efforts. 12.11 Conclusions. References. 13. Voice Over IP Security (Son Vuong and Kapil Kumar Singh). 13.1 Introduction. 13.2 Security Issues in VoIP. 13.3 Vulnerability Testing. 13.4 Intrusion Detection Systems. 13.5 Conclusions. References. 14. Grid Security (Kyriakos Stefanidis, Artemios G. Voyiatzis, and Dimitrios N. Serpanos). 14.1 Introduction. 14.2 Security Challenges for Grids. 14.3 Grid Security Infrastructure. 14.4 Grid Computing Environments. 14.5 Grid Network Security. 14.6 Conclusions and Future Directions. References. 15. Mobile Agent Security (Panayiotis Kotzanikolaou, Christos Douligeris, Rosa Mavropodi, and Vassilios Chrissikopoulos). 15.1 Introduction. 15.2 Taxonomy of Solutions. 15.3 Security Mechanisms for Mobile Agent Systems. References Part Three Mobile and Security. 16. Mobile Terminal Security (Olivier Benoit, Nora Dabbous, Laurent Gauteron, Pierre Girard, Helena Handschuh, David Naccache, Stephane Socie, and Claire Whelan). 16.1 Introduction. 16.2 WLAN and WPAN Security. 16.3 GSM and 3GPP Security. 16.4 Mobile Platform Layer Security. 16.5 Hardware Attacks on Mobile Equipment. 16.6 Conclusion. References. 17. IEEE 802.11 Security (Daniel L. Lough, David J. Robinson, and Ian G. Schneller). 17.1 Introduction. 17.2 Introduction to IEEE 802.11. 17.3 Wired Equivalent Privacy. 17.4 Additional IEEE 802.11 Security Techniques. 17.5 Wireless Intrusion Detection Systems. 17.6 Practical IEEE 802.11 Security Measures. 17.7 Conclusions. References. 18. Bluetooth Security (Christian Gehrmann). 18.1 Introduction. 18.2 Bluetooth Wireless Technology. 18.3 Security Architecture. 18.4 Security Weaknesses and Countermeasures. 18.5 Bluetooth Security: What Comes Next? References. 19. Mobile Telecom Networks (Christos Xenakis and Lazaros Merakos). 19.1 Introduction. 19.2 Architectures Network. 19.3 Security Architectures. 19.4 Research Issues. 19.5 Conclusions. References. 20. Security in Mobile Ad HocNetworks (Mike Burmester, Panayiotis Kotznanikolaou, and Christos Douligeris). 20.1 Introduction. 20.2 Routing Protocols. 20.3 Security Vulnerabilities. 20.4 Preventing Attacks in MANETs. 20.5 Trust in MANETs. 20.6 Establishing Secure Routes in a MANET. 20.7 Cryptographic Tools for MANETs. References. 21. Wireless Sensor Networks (Artemios G. Voyiatzis and Dimitrios N. Serpanos). 21.1 Introduction. 21.2 Sensor Devices. 21.3 Sensor Network Security. 21.4 Future Directions. 21.5 Conclusions. References. 22. Trust (Lidong Chen). 22.1 Introduction. 22.2 What Is a trust Model? 22.3 How Trust Models Work? 22.4 Where Trust Can Go Wrong? 22.5 Why Is It Diffi cult to Defi ne Trust? 22.6 Which Lessons Have We Learned? References. Part Four Trust, Anonymity, and Privacy. 23. PKI Systems (Nikos Komninos). 23.1 Introduction. 23.2 Origins of Cryptography. 23.3 Overview of PKI Systems. 23.4 Components of PKI Systems. 23.5 Procedures of PKI Systems. 23.6 Current and Future Aspects of PKI Systems. 23.7 Conclusions. References. 24. Privacy in Electronic Communications (Alf Zugenmaier and Joris Claessens). 24.1 Introduction. 24.2 Protection from Third Party: Confidentiality. 24.3 Protection from Communication Partner. 24.4 Invasions of Electronic Private Sphere. 24.5 Balancing Privacy with Other Needs. 24.6 Structure of Privacy. 24.7 Conclusion and Future Trends. References. 25. Securing Digital Content (Magda M. Mourad and Ahmed N. Tantawy). 25.1 Introduction. 25.2 Securing Digital Content: Need and Challenges. 25.3 Content Protection Techniques. 25.4 Illustrative Application: EPublishing of E-Learning Content. 25.5 Concluding Remarks. References. Appendix A. Cryptography Primer: Introduction to Cryptographic Principles and Algorithms (Panayiotis Kotzanikolaou and Christos Douligeris). A.1 Introduction. A.2 Cryptographic Primitives. A.3 Symmetric-Key Cryptography. A.4 Asymmetric-Key Cryptography. A.5 Key Management. A.6. Conclusions and Other Fields of Cryptography. References. Appendix B. Network Security: Overview of Current Legal and Policy Issues (Andreas Mitrakas). B.1 Introduction. B.2 Network Security as a Legal Requirement. B.3 Network Security Policy Overview. B.4 Legal Aspects of Network Security. B.5 Self-Regulatory Security Frameworks. B.6 Conclusions. References. Appendix C. Standards in Network Security (Despina Polemi and Panagiotis Sklavos). C.1 Introduction. C.2 Virtual Private Networks: Internet Protocol Security (IPSec). C.3 Multicast Security (MSEC). C.4 Transport Layer Security (TLS). C.5 Routing Security. C.6 ATM Networks Security. C.7 Third-Generation (3G) Mobile Networks. C.8 Wireless LAN (802.11) Security. C.9 E-Mail Security. C.10 Public-Key Infrastructure (X.509). Index. About the Editors and Authors.

Security and Privacy in Distributed Smart Cameras

Distributed smart camera systems are becoming increasingly important in a wide range of applications. As they are often deployed in public space and/or our personal environment, they increasingly access and manipulate sensitive or private information. Their architectures need to address security and privacy issues appropriately, considering them from the inception of the overall system structure. In this paper, we present security and privacy issues of distributed smart camera systems. We describe security requirements, possible attacks, and common risks, analyzing issues at the node and at the network level and presenting available solutions. Although security issues of distributed smart cameras are analogous to networked embedded systems and sensor networks, emphasis is given to special requirements of smart camera networks, including privacy and continuous real-time operation.

Credit-flow-controlled ATM for MP interconnection: The ATLAS I single-chip ATM switch

Multiprocessing (MP) on networks of workstations (NOW) is a high-performance computing architecture of growing importance. In traditional MPs, wormhole routing interconnection networks use fixed-size flits and backpressure. In NOWs, ATM-one of the major contending interconnection technologies-uses fixed-size cells, while backpressure can be added to it. We argue that ATM with backpressure has interesting similarities with wormhole routing. We are implementing ATLAS I, a single-chip gigabit ATM switch, which includes credit flow control (backpressure), according to a protocol resembling Quantum Flow Control (QFC). We show by simulation that this protocol performs better than the traditional multi-lane wormhole protocol: high throughput and low latency are provided with less buffer space. Also, ATLAS I demonstrates little sensitivity to bursty traffic, and, unlike wormhole, it is fair in terms of latency in hot-spot configurations. We use detailed switch models, operating at clock-cycle granularity.

ATLAS I: implementing a single-chip ATM switch with backpressure

ATLAS I is a general-purpose, single-chip, gigabit asynchronous transfer mode (ATM) switch with advanced architectural features. To evaluate the architecture of ATLAS I, we analyzed the design complexity and silicon cost of the chips individual functions. Our analysis suggests possible improvements.

Security challenges in embedded systems

Embedded systems security is a significant requirement in emerging environments, considering the increasing deployment of embedded systems in several application domains. The large number of deployed embedded systems, their limited resources and their increasing complexity render systems vulnerable to an increasing number of threats. Additionally, the involvement of sensitive, often private, information and the expectation for safe and dependable embedded platforms lead to strong security requirements, even legal ones, which require new technologies for their provision. In this article, we provide an overview of embedded security issues, used methods and technologies, identifying important challenges in this emerging field.

Real-time service provisioning for mobile and wireless networks

As mobile devices and wireless networks are becoming ubiquitous, the interest of users to deploy real-time applications, e.g. online gaming or Voice-over-IP in such environments is also increasing. Due to the difference between traditional and wireless networks, in particular in terms of available bandwidth and network structure, the concepts used for supporting real-time applications in both networks are different. This paper gives an overview of the key technical challenges that are fundamental and need to be solved in order to easily support real-time applications in wireless and mobile environments. In a first step, issues related to service provisioning in mobile networks are discussed. This is followed by a look at the Quality of Service supported by wireless networks and possible techniques for improving it. Finally, concepts for securing the communication between the users of real-time applications in wireless and mobile networks are presented. For each of these issues, we provide a detailed analysis and an overview of the state-of-the-art. Moreover, we illustrate the main points using distributed online games as an example.

Exploitation of different types of locality for Web caches

Object access distribution in the Web is governed by Zipfs law, in general. This property leads to effective Web caches, which store the most popular objects and typically employ the LFU replacement policy, which achieves high, and often the highest, cache hit rates. However, Web cache design based only on Zipfs law has two main disadvantages: (i) it does not exploit the temporal and spatial locality of user accesses on a per session basis, and (ii) LFU implementation is costly and impractical in many environments, because it requires statistics on all objects accessed since the beginning of a caches operation. We consider all parameters of locality of references in the Web (temporal, spatial and popularity) and draw an analogy with processor caches. Given cache replacement policies that address different locality characteristics, we argue that there exist replacement algorithms that combine these characteristics and achieve high performance at a low cost. We describe the Window-LFU (W-LFU), a policy that combines LFU and LRU and achieves better performance than LFU at lower cost. W-LFU exploits both Zipfs law, and temporal locality by using the accesses in a recent time-window. Simulations with actual traces indicate that W-LFU provides better results than theoretically expected.

Switching fabrics with internal backpressure using the ATLAS I single-chip ATM switch

ATLAS I is a single-chip ATM switch with optional credit-based (backpressure) flow control. This 4-million-transistor 0.35-micron CMOS chip, which is currently under development, offers 20 Gbit/s aggregate I/O throughput, sub-microsecond cut-through latency, 256-cell shared buffer containing multiple logical output queues, priorities, multicasting, and load monitoring. This paper discusses the use of backpressure inside networks based on ATLAS I chips: in switching fabrics of large ATM switches, or in wormhole-style workstation cluster LANs. We explain and we show by simulation that the ATLAS I backpressure provides a switching fabric with high performance, comparable to an output queued switch, at low cost, comparable to an input buffered switch.