We propose a new authenticated key agreement scheme based on Blom’s scheme, but using multiple master keys and public keys in permutations to compute the private keys in each node. The computations are over a small prime field, and by storing them in a random order in the node, the private-public-master-key associations (PPMka) of the private keys are lost. If a node is captured, the PPMka of the private keys cannot be determined with certainty, making it difficult to begin to attack the scheme. We obtained analytical results to show that, using suitable keying parameters, the probability of discovering the correct PPMka can be made so small, that a very powerful adversary needs to capture the entire network of tens of thousands of nodes or expend an infeasible amount of effort to try all of the possible solutions. We verified our results using computer-simulated attacks on the scheme. The unknown PPMka enables our scheme to break free from the capture threshold of the original Blom’s scheme, so that it can be used in large networks of low-resource devices, such as sensor nodes.
Attacks on cloud computing (CC) services and infrastructure have raised concerns about the efficacy of data protection mechanisms in this environment. The framework developed in this study (CCAID: cloud computing, attack, and intrusion detection) aims to improve the performance of intrusion detection systems (IDS) operating in CC environments. It deploys a proposed new hybrid ensemble feature selection (FS) method. The ensemble includes FS algorithms of three different types (filter, wrapper, and embedded algorithms). The selected features used to train the ML (machine learning) model of the intrusion detection component comprised a binary detection engine for the identification of malicious/attack packets and a multiclassification detection engine for the identification of the type of attack. Both detection engines deploy ensemble classifiers. Experiments were carried out using the NSL KDD dataset. The binary model achieved a classification accuracy of 99.55% with a very low false alarm rate of 0.45%. The classification accuracy of the multiclassification model was also high (98.92%). These results compare very favourably with the results reported in the literature and indicate the feasibility of the framework implementation.
The security of the Multiple-Key Blom's (MKB) key agreement scheme is analysed. We considered how the scheme may be broken by a very powerful and well resourced adversary who is able to capture any number of nodes to extract all the sensitive keying material. We showed that by choosing suitable keying parameters, the captured private keys cannot be used directly to break the scheme. Each captured key must first be correctly associated with the public key and master key used to compute it. The chances of finding this private-public-master-key association (PPMka) can be made extremely small and would require the attacker to capture a very large number of nodes, or try an extremely large number of possible solutions. This allows the scheme to be secure for use in large networks, overcoming the limitations in the original Blom's scheme. We obtained some analytical results and compared them to those from computer simulated attacks on the scheme.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.