Showing papers on "Handshake published in 2023"

Edge-Assisted Intelligent Device Authentication in Cyber–Physical Systems

Abstract: Cyber–physical system (CPS) provides a foundation for the Industrial Internet of Things (IIoT) that interconnects all types of devices. The integration of CPS with IIoT generates the large volumes of data forcing the development of artificial intelligence (AI) to extract information more precisely. Nevertheless, the increasing volume/variety of data traffic and the ever-growing number of IIoT devices bring great challenges for the host-centric communication model of the current Internet. In this work, we present a novel information-centric networking (ICN)-based system model in CPS, which enables processing data from IIoT devices closer to the edge as opposed to a content provider. Based on this ICN system model, we propose an edge-assisted authentication scheme in CPS, aiming to protect the system from unauthorized access and reduce workload for resource-constrained devices. The main features of our scheme include a delegation model of security operations and session handshake procedures through edge routers, addressing the rising challenges in managing and securing IIoT devices in the ICN. We formally prove the security of our scheme and conduct performance analysis to show its practicality.

F-ACCUMUL: A Protocol Fingerprint and Accumulative Payload Length Sample-Based Tor-Snowflake Traffic-Identifying Framework

Abstract: Tor is widely used to protect users’ privacy, which is the most popular anonymous tool. Tor introduces multiple pluggable transports (PT) to help users avoid censorship. A number of traffic analysis methods have been devoted to de-anonymize these PT. Snowflake is the latest PT based on the WebRTC protocol and DTLS encryption protocol for peer-to-peer communication, differing from other PT, which defeat these traffic analysis methods. In this paper, we propose a Snowflake traffic identification framework, which can identify whether the user is accessing Tor and which hidden service he is visiting. Rule matching and DTLS handshake fingerprint features are utilized to classify Snowflake traffic. The linear interpolation of the accumulative payload length of the first n messages in the DTLS data transmission phase as additional features are extracted to identify the hidden service. The experimental results show that our identification framework F-ACCUMUL can effectively identify Tor-Snowflake traffic and Tor-Snowflake hidden service traffic.

Use of QUIC for AMQP in IoT networks

Abstract: The use of IoT devices is expanding every day in today’s environment. An interoperable protocol like AMQP is essential for supporting multiple IoT use cases and interconnecting IoT devices from different vendors. Many IoT applications are sensitive to delays, which researchers are working to avoid as much as possible. One of the main sources of the delay is the underlying transport layer protocol, such as TCP or UDP. TCP is more reliable than UDP, although it is slower due to the three-way handshake and the use of TLS for security. QUIC, a new transport layer protocol standardized by the Internet Engineering Task Force, combines the finest aspects of UDP and TCP to provide quick and reliable communication. We use the Go programming language to integrate AMQP 1.0 with QUIC to reduce latency and improve battery life. The Docker tool is used to containerize the AMQP 1.0 Broker, Sender, and Receiver implementations, and various scenarios are tested in the NS3 simulator. The findings demonstrated that even though Round Trip Time was 71% higher for QUIC, using QUIC at the transport level improved Startup Latency and Total Communication Time by 62% and 22%, respectively. The proposed scheme (AMQP 1.0 over QUIC) transported 3.5 times more data than the existing scheme (AMQP 1.0 over TCP), but QUIC’s throughput was 7 times higher, which shorten the communication time and 31% less energy was consumed. Furthermore, metrics including Packet Loss, Delay, and Channel Bandwidth were used to compare the two schemes. The results showed that, with the exception of the low channel bandwidth scenario, the proposed scheme consistently outperformed the existing scheme.

Aspects of Cyber Security in Autonomous and Connected Vehicles

Abstract: An automobile is a computer on wheels after the integration of electronics. This handshake of electronics and mechanical systems makes a vehicle smart, and comfortable; driver assistance for achieving this involves data exchange and surroundings sensing. Devices such as sensors, telematics, protocols, etc., are responsible for data exchange and data sensing. This process contains some loopholes that are the preliminary sources for the attacker to attack the vulnerable devices to control the vehicle. This article provides a review of possible attacks and defenses on autonomous and connected vehicles. The attacker’s area of autonomous and connected vehicles is classified into three categories that are safety system attacks, connectivity attacks, and diagnostics attacks, and provided all possible defenses for those attacks. In addition, we provided an analysis of the domain to understand the scenarios in this domain, recommendations, and future scope in this area for further work.

Privacy Preservation Authentication: Group Secret Handshake with Multiple Groups

Abstract: The technique of group secret handshake (GSH) has been used to help the members affiliated with the same group in achieving private authentication. After executing GSH protocols, the participants affiliated with the group can compute a shared secret key, or generate a public encryption key while the true participants can self-compute their decryption keys. This paper presents a concrete GSH protocol with Multiple Groups. Only a legitimate member can prove that it belongs to a set of legitimate affiliations, but which affiliation it belongs to will not be leaked. The Group Authority can reveal the real identities of the fellows in the proposed scheme after analyzing the flow of communication. The proposed scheme can provide affiliation-hiding and detectability. In addition, it achieves Perfect Forward Secrecy.

CheckShake: Passively Detecting Anomaly in Wi-Fi Security Handshake using Gradient Boosting based Ensemble Learning

Abstract: Recently, a number of attacks have been demonstrated (like key reinstallation attack, called KRACK) on WPA2 protocol suite in Wi-Fi WLAN, for which a patching is often challenging. In this paper, we design and implement a system, called CheckShake, to passively detect anomalies in the handshake of Wi-Fi security protocols, in particular WPA2, between a client and an AP using COTS radios. Our proposed system works without decrypting any traffic and sniffing on multiple channels in parallel. It uses a state machine model for grouping Wi-Fi handshake packets and then perform deep packet inspection to identify the symptoms of the anomaly in specific stages of a handshake session. Our implementation of CheckShake does not require any modification to the firmware of the client or the AP or the COTS devices, it only requires to be physically placed within the range of the AP and its clients. We use both the publicly available dataset and our own data set for performance analysis of CheckShake. Using gradient boosting-based supervised machine learning (ML) models, we show that an accuracy around 98.50% with no false positive can be achieved using CheckShake in open sourced data that has non-zero probability of missing packets per group of packets.

Exploring tactile sensing to perform the power grasp of a human-robot handshake

Abstract: The way humans relate to robots is constantly evolving. The trust that we are gaining towards them, allows an evolution in the cooperation between us and them. Vizzy, a social robot that helps to promote physical exercise among the elderly, was previously programmed to perform handshakes. Its fingers were equipped with magnetic tactile sensors. However, the sensors on the fingers did not produce enough information regarding when to start a handshake, or when to end it, among other information, due to their localization. This work presents an upgrade of its tactile sensing capabilities, introducing a new silicone palm with magnetic sensors that allows to obtain more information during the grasping. In addition, we design a controller that closes the hand in an autonomous way, tailored for handshakes. This work presents the hardware design and implementations, as well as all the software needed to enable the use of the sensors (sensor calibration and design of the new control system). Finally, the results obtained prove a solid calibration, and a positive response to the implemented control system. Furthermore, the silicone palm produced was highly praised for the comfort introduced to the interaction.

Development and implementation of “handshake rounds”: An antibiotic stewardship intervention for hospitalized adult patients with hematologic malignancies

Abstract: Abstract Objective: To design and implement “handshake rounds” as an antibiotic stewardship intervention to reduce inpatient intravenous (IV) antibiotic use in patients with hematologic malignancies. Design: Quasi-experimental analysis of antibiotic use (AU) and secondary outcomes before and and after handshake rounds were implemented. Setting: Quaternary-care, academic medical center. Patients: Hospitalized adults with hematologic malignancies receiving IV antibiotics. Methods: We performed a retrospective review of a preintervention cohort prior to the intervention. A multidisciplinary team developed criteria for de-escalation of antibiotics, logistics of handshake rounds, and outcome metrics. Eligible patients were discussed during scheduled handshake rounds between a hematology–oncology pharmacist and transplant–infectious diseases (TID) physician. Prospective data were collected over 30 days in the postintervention cohort. Due to small sample size, 2:1 matching was used to compare pre- to and postintervention AU. Total AU in days of therapy per 1,000 patient days (DOT/1,000 PD) was reported. Mean AU per patient was analyzed using Wilcoxon rank-sum test. A descriptive analysis of secondary outcomes of pre- and postintervention cohorts was performed. Results: Total AU was substantially lower after the intervention, with 517 DOT/1,000 PD compared to 865 DOT/1,000 PD before the intervention. There was no statistically significant difference in the mean AU per patient between the 2 cohorts. There was a lower rate of 30-day mortality in the postintervention cohort and rates of ICU admissions were similar. Conclusions: Conducting handshake rounds is a safe and effective way to implement an antibiotic stewardship intervention among high-risk patient population such as those with hematologic malignancies.

Low-Latency Masking with Arbitrary Protection Order Based on Click Elements

Abstract: Masking is the main countermeasure against side-channel attacks due to its sound formal proof of security and the scalability of its protection parameters. However, effective masking increases the implementation complexity by requiring additional silicon area, random number generators and higher latency. Thus, reducing the masking implementation costs while conserving its robustness under side-channel attacks is a relevant branch of research in hardware security applications. Relying on the two-phase bundled-data protocol, this work presents a low-latency masking implementation with arbitrary protection order. In particular, we base our approach on the click elements to control the handshake logic, allowing us to implement asynchronous circuits using conventional synthesis tools. In this manner, we are able to obtain an effective single-cycle and protected implementation of the AES S-box requiring smaller silicon area and potentially lower power consumption compared to the state-of-the-art. Additionally, we detail the asynchronous design methodology that can be applied in different scenarios to improve the latency of secure hardware designs. Finally, we assess leakages to evaluate the robustness of our approach against side-channel attacks.

ZTLS: A DNS-based Approach to Zero Round Trip Delay in TLS handshake

Abstract: Establishing secure connections fast to end-users is crucial to online services. However, when a client sets up a TLS session with a server, the TLS handshake needs one round trip time (RTT) to negotiate a session key. Additionally, establishing a TLS session also requires a DNS lookup (e.g., the A record lookup to fetch the IP address of the server) and a TCP handshake. In this paper, we propose ZTLS to eliminate the 1-RTT latency for the TLS handshake by leveraging the DNS. In ZTLS, a server distributes TLS handshake-related data (i.e., Diffie-Hellman elements), dubbed Z-data, as DNS records. A ZTLS client can fetch Z-data by DNS lookups and derive a session key. With the session key, the client can send encrypted data along with its ClientHello, achieving 0-RTT. ZTLS supports incremental deployability on the current TLS-based infrastructure. Our prototype-based experiments show that ZTLS is 1-RTT faster than TLS in terms of the first response time.

Performance Evaluation and Analysis of Wi-Fi Security Protocols

Abstract: In the twenty-first century as the technology evolves in a rapid pace, more and more number of users and businesses are getting connected to the Internet. A vast majority of these users use the wireless mode (Wi-Fi) for getting connected to the Internet. As the number of users and the online transactions rises in billions so is the risk of a cyber-fraud, due to the vulnerabilities present in the Wi-Fi protocols (WEP, WPA and WPA2). Security remains a huge challenge as Wi-Fi passwords could be cracked from both home and enterprise-level networks by using the tools and by performing social engineering attacks. Data protection is a huge challenge for computer scientists, and in this work, the investigators have identified the loopholes of Wi-Fi encryption protocols. The identification procedures are tested on a test network with various Wi-Fi encryption protocols in a controlled laboratory setup. Data packets from the wireless networks could be easily sniffed by using aircrack-ng software suite for capturing the handshake and ultimately for cracking the password from huge wordlists. The process of cracking the password could also be speed up by using a Graphics Processing Unit (GPU) which performs set of repetitive tasks in a faster way and helps in extracting passwords. The overall investigation helps investigators to understand the vulnerabilities present in the modern-day Wi-Fi protocols. Hence, it has been proposed the use of RADIUS server model like in an enterprise network and the use of Wi-Max standard of security for better safety measures.

Yarrpbox: Detecting Middleboxes at Internet-Scale

Abstract: The end-to-end principle is one of the foundations of the original Internet architecture. This principle is put to the test by middleboxes, i.e., devices which change important parts of a packet in transit. Middleboxes can have beneficial effects, such as a lower handshake time, but also make it more difficult to deploy newly developed protocols, such as TLS 1.3 and QUIC. Therefore, it is important to have a good understanding of the middlebox ecosystem in the Internet. In this paper, we present results from a multi-faceted middlebox analysis study. We develop Yarrpbox, a tool to efficiently perform middlebox detection measurements on an Internet-scale. With Yarrpbox, we perform IPv4-wide middlebox detection and find that nearly 10% of paths are affected by a total of 5.8k middlebox devices. We perform the first IPv6 study to date, uncovering a lower prevalence of middleboxes in IPv6. Moreover, we show that the location of a vantage point can have an effect on the results, leading to up to 600 more detected middleboxes. Additionally, we characterize middleboxes by mapping them to vendors and resolving aliases. Finally, we release Yarrpbox as open-source software and make data and analysis code publicly available.

Model of Twin Automatic Stacking Crane Operation Strategy with Dynamic Handshake Area in an Automated Container Terminal

Abstract: This paper proposes a new idea for allocating a handshake area of an automated container yard. A block of automated container yards (CY) consists of two areas, which are the import (waterside) and export (landside) areas. The CY has two major activities (loading and unloading), where both are served by Twin Automatic Stacking Cranes (Twin-ASCs). A handshake area in the middle of the CY serves as a temporary slot for both ASCs. This situation causes an imbalance between the ASCs when the demands of each side differ significantly. Thus, we proposed using a dynamic location of the handshake area corresponding to the proportion demand of export and import containers. We developed a heuristics model and algorithms of ASC’s operations to compare the efficiency of the ASC operations between the fixed and the dynamic location. Based on our model and algorithm, we developed simulation software. Finally, we explored some numerical experiments to compare the performance of both policies in dealing with different export and import demand scenarios. Our result showed that the proposed approach outperformed the existing one in reducing unnecessary ASC movements.

The Design of Clustering Algorithm and MAC Protocol for Low Delay Underwater Acoustic Sensor Networks

Abstract: Underwater acoustic sensor networks (UASNs), which are popular in various application fields, including marine resources development, environmental exploration, seismic monitoring, etc., have made great progress in recent years. To maintain good scheduling performance, clustering algorithms and multiple access control (MAC) protocols have been widely used in sensor networks to improve network efficiency. However, the existing algorithms and protocols still have many shortcomings. For example, many clustering algorithms consider the delay performance little, the cluster structures are not always fully utilized by MAC protocols, and the cluster maintenance strategies are not considered. This article is devoted to solving those problems. By taking the node traffic and distances into account simultaneously, we design the cluster structure reasonably. And based on this structure, we plan a conflict-free handshake protocol with minimal idle time gaps. Besides, we also design a joining-cluster strategy for the free nodes to maintain the network without interference. Simulation results show that our work can perform well in network uniformity and end-to-end delay.

Digital Twin Haptic Robotic Arms: Towards Handshakes in the Metaverse

Abstract: More daily interactions are happening in the digital world of the metaverse. Providing individuals with means to perform a handshake during these interactions can enhance the overall user experience. In this paper, we put forward the design and implementation of two right-handed underactuated Digital Twin robotic arms to mediate the physical handshake interaction between two individuals. This allows them to perform a handshake while they are in separate locations. The experimental findings are very promising as our evaluation shows that the participants were highly interested in using our system to shake hands with their loved ones when they are physically separated. With this Digital Twin robotic arms system, we also found a correlation between the handshake characteristics and personality traits of the participants from the handshake data collected during the experiment.

Machine learning interpretability meets TLS fingerprinting

Abstract: Protecting users’ privacy over the Internet is of great importance; however, it becomes harder and harder to maintain due to the increasing complexity of network protocols and components. Therefore, investigating and understanding how data are leaked from the information transmission platforms and protocols can lead us to a more secure environment. In this paper, we propose a framework to systematically find the most vulnerable information fields in a network protocol. To this end, focusing on the transport layer security (TLS) protocol, we perform different machine-learning-based fingerprinting attacks on the collected data from more than 70 domains (websites) to understand how and where this information leakage occurs in the TLS protocol. Then, by employing the interpretation techniques developed in the machine learning community and applying our framework, we find the most vulnerable information fields in the TLS protocol. Our findings demonstrate that the TLS handshake (which is mainly unencrypted), the TLS record length appearing in the TLS application data header, and the IV field are among the most critical leaker parts in this protocol, respectively.

Golden handshake

Abstract: Thoroughly revised and updated to include contemporary terms that have gained importance such as furlough, unconscious bias, platform work, and Great Resignation, this second edition of the Encyclopedia of Human Resource Management is an authoritative and comprehensive reference resource comprising almost 400 entries on core HR areas and concepts.

Ensembled Machine Learning Techniques for DDoS Detection in SDN

Abstract: Software Defined Networking(SDN) focuses on overcoming the drawbacks of traditional networks and offers the advantage of flexibility in managing the networks. On the other hand, this new paradigm makes networks susceptible to attacks. DDoS is one of those significant attacks. DDoS makes resources unavailable to legitimate users, and one of the mechanisms that attackers follow is the TCP-SYN flood to launch the DDoS attack. The TCP SYN flood attack takes advantage of the three-way handshake to exhaust the web server’s resources. We proposed an approach to detect DDoS attacks in SDN based on an ensemble technique.Our proposed approach uses stacking model, combining bagging and boosting models as ensembled techniques. we implemented our proposed approach on dataset. We have generated our own dataset containing the required features. We show that our proposed approach gives better accuracy than existing models in the literature. We validated our proposed approach on both generated dataset and existing dataset.

A survey of methods for encrypted network traffic fingerprinting.

Abstract: Privacy protection in computer communication is gaining attention because plaintext transmission without encryption can be eavesdropped on and intercepted. Accordingly, the use of encrypted communication protocols is on the rise, along with the number of cyberattacks exploiting them. Decryption is essential for preventing attacks, but it risks privacy infringement and incurs additional costs. Network fingerprinting techniques are among the best alternatives, but existing techniques are based on information from the TCP/IP stack. They are expected to be less effective because cloud-based and software-defined networks have ambiguous boundaries, and network configurations not dependent on existing IP address schemes increase. Herein, we investigate and analyze the Transport Layer Security (TLS) fingerprinting technique, a technology that can analyze and classify encrypted traffic without decryption while addressing the problems of existing network fingerprinting techniques. Background knowledge and analysis information for each TLS fingerprinting technique is presented herein. We discuss the pros and cons of two groups of techniques, fingerprint collection and artificial intelligence (AI)-based. Regarding fingerprint collection techniques, separate discussions on handshake messages ClientHello/ServerHello, statistics of handshake state transitions, and client responses are provided. For AI-based techniques, discussions on statistical, time series, and graph techniques according to feature engineering are presented. In addition, we discuss hybrid and miscellaneous techniques that combine fingerprint collection with AI techniques. Based on these discussions, we identify the need for a step-by-step analysis and control study of cryptographic traffic to effectively use each technique and present a blueprint.

Balancing Flexibility and Precision in Robot-assisted Feeding

Abstract: Assistive robots can empower those with mobility impairments, but they must manage the trade-off between safety, efficacy, and comfort. For some task dimensions, there is flexibility: humans can shake robot hands anywhere within reach. For others, precision is key: too hard of a handshake can lead to injury. This distinction is critical for particularly intimate tasks like feeding. A robot feeding system needs to explore when there is flexibility, optimizing for success and user preferences, while maintaining the precision necessary to avoid destroying food or harming the user. Here, we propose a hierarchical approach. We design strategies and heuristics based on user feedback to abstract away the precise dimensions of bite acquisition and transfer. We can deploy learning algorithms relatively safely the resulting curated action subspace. Within the next year, we expect this work to culminate in a week-long in-home deployment with a user and co-designer.

Handshake Feedback in a Haptic Glove Using Pouch Actuators

Abstract: In this paper, we propose and demonstrate a haptic device with liquid-pouch motors that can simulate a handshake. Because handshakes involve contact of the palms or soft skin, handshake simulation requires the haptic device to provide pressure onto specific areas of the palm with soft contact. This can be achieved with thermally driven liquid-pouch motors, which inflate and deflate when a low-boiling-point liquid, here Novec ™ 7000, evaporates and condenses, respectively. Due to the simplicity of the soft actuator system, this haptic glove is lightweight and conformable. To design the haptic glove, we experimentally investigated the contact region and strength in handshakes, which led to an optimal number, size and position for the liquid-pouch motors. Sensory experiments with human subjects verified that the designed haptic glove successfully simulated handshakes.