Distributed Denial of Service (DDoS) attacks have caused significant disruptions in the operations of Internet-based services. These DDoS attacks use large scale botnets, which often exploit millions of compromised Internet of Things (IoT) devices worldwide. IoT devices are traditionally less secure and are easy to be exploited. The extent of these exploitations has increased after the publication of the Mirai botnet source code on GitHub that provided a foundation for the attackers to develop and launch Mirai botnet variants. The Internet Engineering Task Force (IETF) proposed RFC 8520 Manufacturer Usage Description (MUD) so that an IoT device can convey to the network the level of network access it requires to accomplish its standard functionality. Though MUD is a promising effort, there is a need to evaluate its effectiveness, identify its limitations, and enhance its architecture to overcome its weakness and improve its efficiency. The latest Mirai variant malware is exploiting vulnerabilities of Internet of Things devices [1]. As MUD does not consider identifying and patching vulnerabilities present in the device before the issuance of the MUD profile, a device can be compromised even in the presence of the Manufacturer Usage Description profile by exploiting either the configuration vulnerabilities or firmware vulnerabilities present in the device [2]. This paper presents an evaluation study of the Manufacturer Usage Description (MUD), identifies its weaknesses, and proposed enhancements in its architecture. This research proposed a mechanism for identifying and eliminating the configuration vulnerabilities before creating the MUD profile for a device to minimize the attack surface. This research adopts the OWASP firmware testing methodology [3] for discovering vulnerabilities in the firmware of WiFi home routers. The device is allowed to request the MUD profile only if the identified firmware vulnerabilities are low. The identified firmware vulnerabilities are patched in case the score of the identified firmware vulnerabilities is moderate or high. The device is allowed to request the MUD profile after the vulnerabilities are patched. The firmware vulnerabilities are shared with other peers using blockchain smart contracts. There is a possibility that the MUD URL might be pointing to a corrupted or malicious MUD profile hosted at the attacker file server due to the absence of an authentication mechanism in the MUD process. This research also proposed an authentication mechanism for device MUD profile, MUD file generator, and MUD file server. Implementation results show that proposed enhancements improve the security services provided by the Manufacturer Usage Description (MUD).
Key schedule algorithms play an important role in modern encryption algorithms, and their security is as crucial as the security of the encryption algorithms themselves. Many studies have been performed on the cryptographic strength evaluation of the encryption algorithms; however, strength evaluation of the key schedule algorithms often obtains less attention that can lead towards the possible loophole in the overall encryption process. In this paper, a criterion is proposed to evaluate the cryptographic strength of the key schedule algorithms. This criterion includes different methods of data generation from subkeys and a suitable set of statistical tests. The statistical tests are used to explore the cryptographic properties such as diffusion, confusion, independence, and randomness in the subkeys generated by the key schedule algorithm. The proposed criterion has been applied to some of the key schedule algorithms of different block ciphers. The results confirm that the proposed criterion can effectively differentiate between strong- and weak-key schedule algorithms.
Blockchain is a decentralized and shared distributed ledger that records the transaction history done by totally different nodes within the whole network. The technology is practically used in the field of education for record-keeping, digital certification, etc. There have already been several papers published on this, but no one can't find a single paper covering the blockchain-based educational projects. So, There is a gap of latest trends to education. Blockchain-based educational projects resolve the issues of today's educators. On that basis, we conclude that there is a need for conducting a systematic literature review. This study, therefore, reviews the artistic gap between these two based on educational projects. For this purpose, the paper focuses on exploring some block-chain based projects and protocols that are used in these projects. It also analyses the block-chain features that are being used and the services are offered by the existing educational projects using block-chain features to improve the execution of this technology in education.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.