Security of Multiple-Key Agreement Protocols and Propose an Enhanced Protocol

Security of Multiple-Key Agreement Protocols and Propose an Enhanced Protocol

Abstract: Multiple key agreement protocols produce several session keys instead of one session key. Most of the multiple key agreement protocols do not utilize the hash functions in the signature schemes used for identification. Not using hash function in these protocols causes that the protocols do not satisfy some requirement security properties. In this paper we review the multiple key agreement protocols and perform attacks on some of them. Then we introduce a new multiple key agreement protocol and show that the proposed protocol is more secure than the existent multiple key agreement protocols.

Cryptography helps us to make a secure communication in public networks. The secret key plays an essential role in the cryptosystems such that revealing the secret key causes the cryptographic system to be compromised. Therefore how to exchange the secret key is very important in cryptographic applications. One of the considerable methods for secret key exchanging is key agreement protocols. These protocols enable two or more users of any public
networks to share a secret common key together.

Download this Papers

Author : Department of Mathematics and Computer Sciences, Tarbiat Moallem University, Tehran, Iran
Faculty of Electrical and computer Engineering, K.N. Toosi University of Technology, Tehran, Iran

Proactive techniques to stop & squish a botnets: technically feasible but legal too?

Proactive Botnet Countermeasures An Offensive Approach

Abstract. Botnets, consisting of thousands of interconnected, remote-controlled computers, pose a big threat against the Internet. We have witnessed the involvement of such malicious infrastructures in politically motivated attacks more than once in recent years. Classical countermeasures are mostly reactive and conducted as part of incident response actions. This is often not sufficient. We argue that proactive measures are necessary to mitigate the botnet threat and demonstrate techniques based on a formalized view of botnet infrastructures. However, while being technically feasible, such actions raise legal and ethical questions.

A botnet is an alliance of interconnected computers infected with malicious software (a bot). Bots are commanded by an operator and can typically be advised to send Spam mails, harvest information such as license keys or banking data on compromised machines, or launch distributed denial-of-service (DDoS) attacks against arbitrary targets. What’s more, they often interfere with regular operation rendering infected machines unstable or unusable. Thousands of such botnets exists, with each containing thousands to millions of infected systems. The result are major direct and indirect consequences for economy as well as for the political life [2].

Download This Papers