Shashank Srivastava

Self-reliant mobile code: a new direction of agent security

The motivation for using mobile agent technology in the context of distributed application stems from its various advantages like intelligence, mobility, communication ability and fault tolerance capability. As every technological movement is aligned with its repercussions, the mobile agent technology also has its inherent security loop holes. Researchers have proposed various approaches to mitigate security bottlenecks but the threat of malicious execution environment in permissible and effectual conduct is still vague and unresolved. In this paper, we introduced a security protocol to protect mobile agent from different kinds of security attacks. The basic building blocks of our protocol are built on the foundation of integrity based confidentiality and self-protection approach based on agent driven security. The general idea behind self-protection is to make mobile agent less interactive during its execution. In order to achieve agent driven security, we bring forth a novel concept of symmetric keys component distribution, wherein a key component is distributed in secure manner and other key component is derived from ensuring integrity of data collected at run time. In order to verify the validity of our approach in overcoming different kind of security attacks, we present Petri net based formal representation of our protocol to strengthen the belief of distributed applications. In addition, we implement our approach on JADE (Java agent development framework) platform and compare it with well-known self-protection approach on the basis of computational complexity and services offered.

Detection of Mobile Agent's Blocking in Secure Layered Architecture

with the exponential growth of distributed applications and widespread popularity of Internet poses many challenges for researchers that motivate the organizations to deploy the mobile agent technology with considering the security issue pertains to mobile agent and agent platform. Malicious host problem is one of the biggest challenging issues in the arena of agent technology. Current proposal aims to layered security model for the protection of agents code, data and secrets which are worth mentioning in a single approach along with maintaining autonomy features of mobile agents. The proposed defense in depth approach is viable under the assumption of established PKI (Public Key infrastructure) with fixed ordered itinerary list of nodes. In addition, we devise an algorithm for detecting the culprit of blocking attack to rescue the offers (data) collected during the agents itinerary.

Protection of mobile agent and its itinerary from malicious host

With the advancement of communication technology, network infrastructure has been shifting towards distributed paradigm from centralized architecture which creates many tribulations like low bandwidth, high network load, high network latency, low performance etc. Mobile agent, a new computational paradigm has ability to solve aforementioned problems up to a great extent. Mobile agents are the objects oriented software codes, which have the characteristics like intelligence, autonomy, responsiveness, communication ability and adaptability that build them more advantageous than any other mechanism like client server in network infrastructure. Nevertheless various applications and advantages are offered by mobile agents; but these are not sufficient for its acceptance on a wider scale because of inherent security risk. So, for the deployment of agent based technology, the inherent lacunae of security is require to be sorted out. This paper presents multilevel security architecture for solving the challenges of malicious host problems. Current proposal aims to multiphase security model for providing security to agents code, data and itinerary which is worth considering in a single multi phase approach along with maintaining of flexibility and autonomy features of mobile agents. The proposed solution is viable under the assumption of established PKI infrastructure and free roaming agents with fixed itinerary list of nodes.

Analyzing behavior of DDoS attacks to identify DDoS detection features in SDN

Software Defined Network (SDN) facilitates network programmers with easier network monitoring, identification of anomalies, instant implementation of changes, central control to the whole network in a cost effective and efficient manner. These features could be beneficial for securing and maintaining entire network. Being a promising network paradigm, it draws a lot of attention from researchers in security domain. But its logically centralized control tends to single point of failure, increasing the risk of attacks such as Distributed Denial of Service (DDoS) attack. In this paper, we have tried to identify various possibilities of DDoS attacks in SDN environment with the help of attack tree and an attack model. Further, an attempt to analyze the impact of various traditional DDoS attacks on SDN components is done. Such analysis helps in identifying the type of DDoS attacks that impose bigger threat on SDN architecture and also the features that could play important role in identification of these attacks are deduced.

Enhancing the efficiency of secure network monitoring through mobile agents

In the current network communication infrastructure, there is a tremendous growth in heterogeneous computer network and proliferation of network traffic which demands efficient and secure network monitoring and network management. Mostly SNMP (Simple Network Management Protocol) based client server architecture is used for network management which uses SNMP as a protocol to provide centralized approach of network management which is quite efficient in terms of performance. Foremost problems related to this architecture are heterogeneity in networks, limited amount of bandwidth, lack of resources, lack of fault tolerance capability and huge amount of traffic generated on central server which can degrade the performance of network. In this paper we proposed distributed and decentralized approach for the purpose of network monitoring and management which reduces the traffic around management station and alleviate processing load created by management protocol like SNMP. To facilitate distributed and decentralized monitoring, we proposed a secured multi-agent based architecture in which, we created different mobile agents for the purpose of getting network related information. Mobile agents retrieve network related information, which act as an input for network administrator. Network administrator uses this information to enhance the performance of network by managing network traffic and bandwidth utilization of network. Since security risk is the main drawback of mobile agent paradigm, so for this we have used ECC (Elliptical Curve Cryptography) which provides authentication as well as confidentiality to the monitoring process.

Research Trends in Security and DDoS in SDN: Research Trends in Security and DDoS in SDN

Software-Defined Networks (SDNs) are emerging as one of the most promising new era network technologies with its centralized and easily programmable nature. Many security issues with legacy networks could easily be resolved using SDNs central management and control; at the same time, security vulnerabilities of this technology are still the biggest concern of researchers and industries for adapting this technology. In this paper, a comprehensive review on security aspects of SDN is presented, considering how researchers are utilizing its features for providing security as well as their concerns about its security. Further, a critical comparison of existing countermeasures against SDN security including distributed denial of service (DDoS) is presented. This analysis includes the research works that have been done since the origin of OpenFlow protocol till 2015, including the contributions made by industries as well as universities towards securing the SDN framework. We have also compared our survey with existing surveys. The motivation behind this survey is to identify security concerns of SDN and ongoing research in this field. We have focused on DDoS in SDN mainly, which has not been much targeted by research surveys. By highlighting the current state of the art in this domain, we could facilitate researchers with a broad overview of advancement of research in SDN security and DDoS. Copyright

Trust analysis of execution platform for self protected mobile code

Malicious host problem is still a challenging phenomenon in agent computing environment. In mobile agent computing, agent platform has full control over mobile agent to execute it. A host can analyze the code during stay of mobile agent on that host. A host can modify the mobile code for his benefits. A host can analyze and modify the data which is previously collected during agent itinerary. Hence to save the code from malicious host we need to identify it. Therefore we calculate the risk associated with that code executing on a mobile host using fuzzy logic. When a host performs an attack over the mobile agent it will take more execution time thus some risk is associated with it. If the calculated risk is greater than a user specified maximum value then the agent code is discarded and the host is identified to be malicious. In this paper, we proposed a fuzzy based risk evaluation model integrated with proposed self-protected security protocol to secure mobile code from insecure execution.

An approach for virtual machine image security

Cloud security being the main hindrance in adoption of cloud computing has some most vulnerable security concerns as: virtualization, data and storage. Here, to provide virtualization security, the components of virtualization (such as hypervisors, virtual machines, and virtual machine images) must be secured using some improvised security mechanisms. Amongst all components, Virtual machine images (VM images) are considered to be the fundamental of whole cloud security. Hence must be secured from every possible attack. In this paper, a security protocol is proposed to mainly protect the VM images from two of the possible attacks. One is the channel attack like man-in-the-middle attack (MITM attack) and second is the attack by a malicious executing environment. It is using a concept of symmetric keys component distribution providing an integrity based confidentiality and self-protection. This protection is based on an encapsulated mobile agent. Here one key component is generated and distributed in a secure manner and the other key component is derived by host platform itself using its own available resource configuration information. In order to verify the validity of this approach in overcoming different kind of security attacks, BAN logic based formal representation is presented.

Modelling and simulation of matrix converter based DC-DC converter

This paper presents modelling and simulation of DC-DC converter with matrix converter as its basic topology. The proposed converter performs the four quadrant chopper operation. This topology can perform many different converter functions. This DC-DC converter can be utilized in speed control of dc motor in electric automobiles and traction where supply is dc voltage. The simulation model was developed in MATLAB/Simulink environment. Pulse width modulation technique is used for output synthesis of the converter. The analysis of converter was done considering resistive and inductive both loads separately. Finally, state space model is presented.

Harmonic compensation of HVDC rectifier using shunt active filter

In recent years, the issue of harmonic compensation has got considerable attention. This paper presents harmonic compensation of HVDC rectifier using shunt active filter. The filtering technique reduces harmonics in current and voltage and also improves total harmonic distortion of system. Simulation model was developed in MATLAB/ Simulink environment. Results are obtained for a resistive and inductive load and analysis of harmonic distortion is done at different firing angle values of thyristor used in HVDC rectifier. Frequency domain analysis is also shown to achieve optimum results.