-
Privacy Aware Memory Forensics
Authors:
Janardhan Kalikiri,
Gaurav Varshney,
Jaswinder Kour,
Tarandeep Singh
Abstract:
In recent years, insider threats and attacks have been increasing in terms of frequency and cost to the corporate business. The utilization of end-to-end encrypted instant messaging applications (WhatsApp, Telegram, VPN) by malicious insiders raised data breach incidents exponentially. The Securities and Exchange Board of India (SEBI) investigated reports on such data leak incidents and reported a…
▽ More
In recent years, insider threats and attacks have been increasing in terms of frequency and cost to the corporate business. The utilization of end-to-end encrypted instant messaging applications (WhatsApp, Telegram, VPN) by malicious insiders raised data breach incidents exponentially. The Securities and Exchange Board of India (SEBI) investigated reports on such data leak incidents and reported about twelve companies where earnings data and financial information were leaked using WhatsApp messages. Recent surveys indicate that 60% of data breaches are primarily caused by malicious insider threats. Especially, in the case of the defense environment, information leaks by insiders will jeopardize the countrys national security. Sniffing of network and host-based activities will not work in an insider threat detection environment due to end-to-end encryption. Memory forensics allows access to the messages sent or received over an end-to-end encrypted environment but with a total compromise of the users privacy. In this research, we present a novel solution to detect data leakages by insiders in an organization. Our approach captures the RAM of the insiders device and analyses it for sensitive information leaks from a host system while maintaining the users privacy. Sensitive data leaks are identified with context using a deep learning model. The feasibility and effectiveness of the proposed idea have been demonstrated with the help of a military use case. The proposed architecture can however be used across various use cases with minor modifications.
△ Less
Submitted 13 June, 2024;
originally announced June 2024.
-
A Passwordless MFA Utlizing Biometrics, Proximity and Contactless Communication
Authors:
Sneha Shukla,
Gaurav Varshney,
Shreya Singh,
Swati Goel
Abstract:
Despite being more secure and strongly promoted, two-factor (2FA) or multi-factor (MFA) schemes either fail to protect against recent phishing threats such as real-time MITM, controls/relay MITM, malicious browser extension-based phishing attacks, and/or need the users to purchase and carry other hardware for additional account protection. Leveraging the unprecedented popularity of NFC and BLE-ena…
▽ More
Despite being more secure and strongly promoted, two-factor (2FA) or multi-factor (MFA) schemes either fail to protect against recent phishing threats such as real-time MITM, controls/relay MITM, malicious browser extension-based phishing attacks, and/or need the users to purchase and carry other hardware for additional account protection. Leveraging the unprecedented popularity of NFC and BLE-enabled smartphones, we explore a new horizon for designing an MFA scheme. This paper introduces an advanced authentication method for user verification that utilizes the user's real-time facial biometric identity, which serves as an inherent factor, together with BLE- NFC-enabled mobile devices, which operate as an ownership factor. We have implemented a prototype authentication system on a BLE-NFC-enabled Android device, and initial threat modeling suggests that it is safe against known phishing attacks. The scheme has been compared with other popular schemes using the Bonneau et al. assessment framework in terms of usability, deployability, and security.
△ Less
Submitted 13 June, 2024;
originally announced June 2024.
-
A Lightweight and Secure PUF-Based Authentication and Key-exchange Protocol for IoT Devices
Authors:
Chandranshu Gupta,
Gaurav Varshney
Abstract:
The Internet of Things (IoT) has improved people's lives by seamlessly integrating into many facets of modern life and facilitating information sharing across platforms. Device Authentication and Key exchange are major challenges for the IoT. High computational resource requirements for cryptographic primitives and message transmission during Authentication make the existing methods like PKI and I…
▽ More
The Internet of Things (IoT) has improved people's lives by seamlessly integrating into many facets of modern life and facilitating information sharing across platforms. Device Authentication and Key exchange are major challenges for the IoT. High computational resource requirements for cryptographic primitives and message transmission during Authentication make the existing methods like PKI and IBE not suitable for these resource constrained devices. PUF appears to offer a practical and economical security mechanism in place of typically sophisticated cryptosystems like PKI and IBE. PUF provides an unclonable and tamper sensitive unique signature based on the PUF chip by using manufacturing process variability. Therefore, in this study, we use lightweight bitwise XOR, hash function, and PUF to Authenticate IoT devices. Despite several studies employing the PUF to authenticate communication between IoT devices, to the authors' knowledge, existing solutions require intermediary gateway and internet capabilities by the IoT device to directly interact with a Server for Authentication and hence, are not scalable when the IoT device works on different technologies like BLE, Zigbee, etc. To address the aforementioned issue, we present a system in which the IoT device does not require a continuous active internet connection to communicate with the server in order to Authenticate itself. The results of a thorough security study are validated against adversarial attacks and PUF modeling attacks. For formal security validation, the AVISPA verification tool is also used. Performance study recommends this protocol's lightweight characteristics. The proposed protocol's acceptability and defenses against adversarial assaults are supported by a prototype developed with ESP32.
△ Less
Submitted 7 November, 2023;
originally announced November 2023.
-
Numerical investigation of viscous fingering in a three-dimensional cubical domain
Authors:
Garima Varshney,
Anikesh Pal
Abstract:
We perform three-dimensional numerical simulations to understand the role of viscous fingering in swee** a high-viscous fluid (HVF). These fingers form due to the injection of a low-viscous fluid (LVF) into a porous media containing the high-viscous fluid. We find that the swee** of HVF depends on different parameters such as the Reynolds number ($Re$) based on the inflow rate of the LVF, the…
▽ More
We perform three-dimensional numerical simulations to understand the role of viscous fingering in swee** a high-viscous fluid (HVF). These fingers form due to the injection of a low-viscous fluid (LVF) into a porous media containing the high-viscous fluid. We find that the swee** of HVF depends on different parameters such as the Reynolds number ($Re$) based on the inflow rate of the LVF, the Péclet number ($Pe$), and the logarithmic viscosity ratio of HVF and LVF, $\mathfrak{R}$. At high values of $Re$, $Pe$, and $\mathfrak{R}$, the fingers grow non-linearly, resulting in earlier tip splitting of the fingers and breakthrough, further leading to poor swee** of the HVF. In contrast, the fingers evolve uniformly at low values of $Re$, $Pe$, and $\mathfrak{R}$, resulting in an efficient swee** of the HVF. We also estimate the sweep efficiency and conclude that the parameters $Re$, $Pe$ and $\mathfrak{R}$ be chosen optimally to minimize the non-linear growth of the fingers to achieve an efficient swee** of the HVF.
△ Less
Submitted 31 May, 2023;
originally announced May 2023.
-
An Improved Authentication Scheme for BLE Devices with no I/O Capabilities
Authors:
Chandranshu Gupta,
Gaurav Varshney
Abstract:
Bluetooth Low Energy (BLE) devices have become very popular because of their Low energy consumption and hence a prolonged battery life. They are being used in smart wearable devices, smart home automation system, beacons and many more areas. BLE uses pairing mechanisms to achieve a level of peer entity authentication as well as encryption. Although, there are a set of pairing mechanisms available…
▽ More
Bluetooth Low Energy (BLE) devices have become very popular because of their Low energy consumption and hence a prolonged battery life. They are being used in smart wearable devices, smart home automation system, beacons and many more areas. BLE uses pairing mechanisms to achieve a level of peer entity authentication as well as encryption. Although, there are a set of pairing mechanisms available but BLE devices having no keyboard or display mechanism (and hence using the Just Works pairing) are still vulnerable. In this paper, we propose and implement, a light-weight digital certificate based authentication mechanism for the BLE devices making use of Just Works model. The proposed model is an add-on to the already existing pairing mechanism and therefore can be easily incorporated in the existing BLE stack. To counter the existing Man-in-The-Middle attack scenario in Just Works pairing (device spoofing), our proposed model allows the client and peripheral to make use of the popular Public Key Infrastructure (PKI) to establish peer entity authentication and a secure cryptographic tunnel for communication. We have also developed a lightweight BLE profiled digital certificate containing the bare minimum fields required for resource constrained devices, which significantly reduces the memory (about 90\% reduction) and energy consumption. We have experimentally evaluated the energy consumption of the device using the proposed pairing mechanism to demonstrate that the model can be easily deployed with less changes to the power requirements of the chips. The model has been formally verified using automatic verification tool for protocol testing.
△ Less
Submitted 28 April, 2022;
originally announced April 2022.
-
Bianchi type-III THDE quintessence model with hybrid expansion law
Authors:
Gunjan Varshney,
Anirudh Pradhan,
Umesh Kumar Sharma
Abstract:
The current research investigates the behavior of the Tsallis holographic dark energy (THDE) model with quintessence in a homogeneous and anisotropic Bianchi type-III (B-III) space-time. We construct the model by using two conditions (i) expansion scalar ($θ$) is proportionate to shear scalar ($σ$) in the model and (ii) hybrid expansion law $a = t^βe^{γt}$, where $β>0$, $γ>0$. Our study is based o…
▽ More
The current research investigates the behavior of the Tsallis holographic dark energy (THDE) model with quintessence in a homogeneous and anisotropic Bianchi type-III (B-III) space-time. We construct the model by using two conditions (i) expansion scalar ($θ$) is proportionate to shear scalar ($σ$) in the model and (ii) hybrid expansion law $a = t^βe^{γt}$, where $β>0$, $γ>0$. Our study is based on Type Ia supernovae (SNIa) data in combination with CMB and BAO observations (Giostri et al, JCAP 3, 27 (2012), arXiv:1203.3213v2[astro-ph.CO]), the present values of Hubble constant and deceleration parameter are $H_{0} = 73.8$ and $q_{0} = -0.54$ respectively. Compiling our theoretical models with this data, we obtain $β= 2.1445~ \& ~ 2.1154$ for $γ= 0.5 ~ \& ~ 1$ respectively. We have completed a new type of cosmic model for which the expansion occurs to the current accelerated phase for the restraints. We have discussed the conformity among the scalar field model of quintessence and THDE model. To understand the Universe, we have also established the relations for Distance modulus, Luminosity Distance, and Angular-diameter distance. Some geometric and physical aspects of the THDE model are also highlighted.
△ Less
Submitted 11 July, 2021;
originally announced August 2021.
-
Barrow agegraphic dark energy
Authors:
Umesh Kumar Sharma,
Gunjan Varshney,
Vipin Chandra Dubey
Abstract:
In this work, we propose a new dark energy model by applying the Barrow entropy and the holographic principle, with a time scale as IR cut off. Analysing the conformal time as well as universe's age as infrared cut-offs, we explore the cosmological importance of the suggested dark energy models and examine the universe evolution filled with the proposed DE applicants and a pressure-less matter. We…
▽ More
In this work, we propose a new dark energy model by applying the Barrow entropy and the holographic principle, with a time scale as IR cut off. Analysing the conformal time as well as universe's age as infrared cut-offs, we explore the cosmological importance of the suggested dark energy models and examine the universe evolution filled with the proposed DE applicants and a pressure-less matter. We observe that the equation of state, deceleration, the density parameters can present adequate nature, and these models may also explain the late-time acceleration though, the proposed models are unstable except some values of Barrow exponent $Δ$. Furthermore, we mention the consequences of the presence of interaction among the universe sectors.
△ Less
Submitted 24 December, 2020;
originally announced December 2020.
-
A Comprehensive Survey of Aadhar and Security Issues
Authors:
Isha Pali,
Lisa Krishania,
Divya Chadha,
Asmita Kandar,
Gaurav Varshney,
Sneha Shukla
Abstract:
The concept of Aadhaar came with the need for a unique identity for every individual. To implement this, the Indian government created the authority UIDAI to distribute and generate user identities for every individual based on their demographic and biometric data. After the implementation, came the security issues and challenges of Aadhaar and its authentication. So, our study focuses on the jour…
▽ More
The concept of Aadhaar came with the need for a unique identity for every individual. To implement this, the Indian government created the authority UIDAI to distribute and generate user identities for every individual based on their demographic and biometric data. After the implementation, came the security issues and challenges of Aadhaar and its authentication. So, our study focuses on the journey of Aadhaar from its history to the current condition. The paper also describes the authentication process, and the updates happened over time. We have also provided an analysis of the security attacks witnessed so far as well as the possible countermeasure and its classification. Our main aim is to cover all the security aspects related to Aadhaar to avoid possible security attacks. Also, we have included the current updates and news related to Aadhaar.
△ Less
Submitted 18 July, 2020;
originally announced July 2020.
-
Understanding the Social Factors Affecting the Cryptocurrency Market
Authors:
Gourang Aggarwal,
Vimal Patel,
Gaurav Varshney,
Kimberly Oostman
Abstract:
Blockchain and its application on cryptocurrency transactions have gathered a lot of attention and popularity since the birth of the pioneer Bitcoin in 2009. More than 1500 cryptocurrencies are currently circulated in the market. The technology underpinning Bitcoin and other cryptocurrencies is Blockchain and is a rapidly growing decentralized distributed ledger technology which find its major inv…
▽ More
Blockchain and its application on cryptocurrency transactions have gathered a lot of attention and popularity since the birth of the pioneer Bitcoin in 2009. More than 1500 cryptocurrencies are currently circulated in the market. The technology underpinning Bitcoin and other cryptocurrencies is Blockchain and is a rapidly growing decentralized distributed ledger technology which find its major involvement in cryptocurrencies. But cryptocurrencies are of extremely volatile and fragile nature which makes it difficult to be used as a stable currency for transactions and devoid this market of human trust. Cryptocurrency market is controlled by various social and government factors which keeps it fluctuating. This paper identifies and discusses the important factors that govern the cryptocurrency market and analyzes the impact of these factors. A pilot user survey has also been presented at the end of this paper to understand and demonstrate the societal view of the acceptance of cryptocurrencies.
△ Less
Submitted 13 January, 2019;
originally announced January 2019.
-
A Metapolicy Framework for Enhancing Domain Expressiveness on the Internet
Authors:
Gaurav Varshney,
Pawel Szalachowski
Abstract:
Domain Name System (DNS) domains became Internet-level identifiers for entities (like companies, organizations, or individuals) hosting services and sharing resources over the Internet. Domains can specify a set of security policies (such as, email and trust security policies) that should be followed by clients while accessing the resources or services represented by them. Unfortunately, in the cu…
▽ More
Domain Name System (DNS) domains became Internet-level identifiers for entities (like companies, organizations, or individuals) hosting services and sharing resources over the Internet. Domains can specify a set of security policies (such as, email and trust security policies) that should be followed by clients while accessing the resources or services represented by them. Unfortunately, in the current Internet, the policy specification and enforcement are dispersed, non-comprehensive, insecure, and difficult to manage.
In this paper, we present a comprehensive and secure metapolicy framework for enhancing the domain expressiveness on the Internet. The proposed framework allows the domain owners to specify, manage, and publish their domain-level security policies over the existing DNS infrastructure. The framework also utilizes the existing trust infrastructures (i.e., TLS and DNSSEC) for providing security. By reusing the existing infrastructures, our framework requires minimal changes and requirements for adoption. We also discuss the initial results of the measurements performed to evaluate what fraction of the current Internet can get benefits from deploying our framework. Moreover, overheads of deploying the proposed framework have been quantified and discussed.
△ Less
Submitted 11 April, 2018;
originally announced April 2018.