BITS Faculty Publications

Permanent URI for this communityhttp://localhost:4000/handle/123456789/1867

Browse

Subject: search.filters.subject.Security

Search Results

Now showing 1 - 10 of 30
  • No Thumbnail Available
    Item
    Secure message communication among vehicles using elliptic curve cryptography in smart cities
    (IEEE, 2016) Dua, Amit
    Message exchange among vehicles is an integral part of communication in smart cities. Messages are exchanged to inform the other vehicles about emergency situations such as-safety alerts, and location privacy. Due to the usage of an insecure wireless medium, malicious activities in vehicles, i.e., illegal use of the false messages, can astray other vehicles. Security in communication among the vehicles can be provided by encrypting the messages using various security keys. However, it has been found from the literature that existing schemes for secure communication require large key size, and therefore may these schemes may not be applicable to smart cities. To address these issues, a secure message communication scheme among vehicles based on elliptic curve cryptography (ECC) is proposed. The proposed scheme needs smaller key size leading to mathematically simple and cost effective solution. Furthermore, the scheme provides mutual authentication, confidentiality, and forward secrecy. Security analysis prove that the proposed scheme is suitable to be adapted in smart city environment.
  • No Thumbnail Available
    Item
    Unique Key-Based Secured Transmission Protocol for Rolling Shutter Visible Light Communications
    (IEEE, 2024-10) Joshi, Sandeep
    In this letter, we propose a novel secure transmission protocol for rolling shutter visible light communication (RS-VLC) that leverages unique cryptographic key generation through linear feedback shift registers and bad pixel (BP) mapping. This method ensures data integrity and confidentiality by dynamically encoding data based on device-specific BP maps. Our results demonstrate a substantial improvement in bit error rate performance while reducing the complexity of key generation, encryption, and decryption to the order of N, where N is the number of bits in the key. The lower computational complexity of the proposed protocol makes it suitable for low-power internet-of-things devices and mobile applications. We also provide a comparative analysis with existing cryptographic schemes, demonstrating the enhanced security and lightweight nature of the proposed approach.
  • No Thumbnail Available
    Item
    Generative AI for Cyber Security: Analyzing the Potential of ChatGPT, DALL-E, and Other Models for Enhancing the Security Space
    (IEEE, 2024-04) Chamola, Vinay
    This research paper intends to provide real-life applications of Generative AI (GAI) in the cybersecurity domain. The frequency, sophistication and impact of cyber threats have continued to rise in today’s world. This ever-evolving threat landscape poses challenges for organizations and security professionals who continue looking for better solutions to tackle these threats. GAI technology provides an effective way for them to address these issues in an automated manner with increasing efficiency. It enables them to work on more critical security aspects which require human intervention, while GAI systems deal with general threat situations. Further, GAI systems can better detect novel malware and threatening situations than humans. This feature of GAI, when leveraged, can lead to higher robustness of the security system. Many tech giants like Google, Microsoft etc., are motivated by this idea and are incorporating elements of GAI in their cybersecurity systems to make them more efficient in dealing with ever-evolving threats. Many cybersecurity tools like Google Cloud Security AI Workbench, Microsoft Security Copilot, SentinelOne Purple AI etc., have come into the picture, which leverage GAI to develop more straightforward and robust ways to deal with emerging cybersecurity perils. With the advent of GAI in the cybersecurity domain, one also needs to take into account the limitations and drawbacks that such systems have. This paper also provides some of the limitations of GAI, like periodically giving wrong results, costly training, the potential of GAI being used by malicious actors for illicit activities etc.
  • No Thumbnail Available
    Item
    Security of Cryptocurrencies in blockchain technology: State-of-art, challenges and future prospects
    (Elsevier, 2020-08) Gupta, Shashank; Dua, Amit
    In contemporary era of technologies, blockchain has acquired tremendous attention from various domains. It has wide spectrum of applications ranging from finance to social services and has greatly influenced the emerging business world. Since, blockchain technology is getting embedded in the e-commerce services, the cryptocurrencies are gaining huge prevalence. Bitcoin and ethereum are few such crypto currencies, which have utilized decentralized nature of blockchain. Blockchain can be considered as a distributed database system containing immutable ledgers, which are prone to attack by malicious users. Although, from the initial digital currency to the present smart contract, the utilities of blockchain have been harnessed, the innovative technology has to rely on cryptography for its security. There are several reports, which emphases on the vulnerabilities and security of blockchain, however, there is a lack of a comprehensive and methodical survey in both application and technical views. In this survey article, the authors cover various aspects related to blockchain including its taxonomies and the situations in which a particular category of blockchain should be applied. The authors also focusses on the structure of blockchain and the working of the ongoing transactions in the cryptocurrency network. In addition, the authors also specify various categories of consensus protocols, smart contracts, forks, techniques for generating the consensus. A detailed taxonomy of blockchain along with their features and related real-world applications is also discussed. In addition, existing key platforms of blockchain related to the cryptocurrencies, hyperledger and multichain are also discussed. Existing emerging vulnerabilities of blockchain related to the recent attacks on bitcoin and etherum is also presented along with the defensive methodologies and future trends in blockchain.
  • No Thumbnail Available
    Item
    Securing IoT Applications using Blockchain: A Survey
    (2020-06) Bhatia, Ashutosh
    The Internet of Things (IoT) has become a guiding technology behind automation and smart computing. One of the major concerns with the IoT systems is the lack of privacy and security preserving schemes for controlling access and ensuring the security of the data. A majority of security issues arise because of the centralized architecture of IoT systems. Another concern is the lack of proper authentication and access control schemes to moderate access to information generated by the IoT devices. So the question that arises is how to ensure the identity of the equipment or the communicating node. The answer to secure operations in a trustless environment brings us to the decentralized solution of Blockchain. A lot of research has been going on in the area of convergence of IoT and Blockchain, and it has resulted in some remarkable progress in addressing some of the significant issues in the IoT arena. This work reviews the challenges and threats in the IoT environment and how integration with Blockchain can resolve some of them.
  • No Thumbnail Available
    Item
    ConvXSS: A deep learning-based smart ICT framework against code injection attacks for HTML5 web applications in sustainable smart city infrastructure
    (Elsevier, 2022-05) Dua, Amit; Gupta, Shashank
    In this paper we propose ConvXSS, a novel deep learning approach for the detection of XSS and code injection attacks, followed by context-based sanitization of the malicious code if the model detects any malicious code in the application. Firstly, we briefly discuss XSS and code injection attacks that might pose threat to sustainable smart cities. Along with this, we discuss various approaches proposed previously for the detection and alleviation of these attacks followed by their respective limitations. Then we propose our deep learning model adopting whose novelty is based on the approach followed for Data Pre-Processing. Then we finally propose Context-based Sanitization to replace the malicious part of the code with sanitized code. Numerical experiments conducted on various datasets have shown various results out of which the best model has an accuracy of 99.42%, a precision of 99.81% and a recall of 99.35%. When compared with other state of the art techniques in this domain, our approach shows at par or in the best case, better results in terms of detection speed and accuracy of CSS attacks.
  • No Thumbnail Available
    Item
    Minimizing Organizational User Requirement while Meeting Security Constraints
    (ACM Digital Library, 2015-09) Roy, Arindam
    Large systems are complex and typically need automatic configuration to be managed effectively. In any organization, numerous tasks have to be carried out by employees. However, due to security needs, it is not feasible to directly assign any existing task to the first available employee. In order to meet many additional security requirements, constraints such as separation of duty, cardinality and binding have to be taken into consideration. Meeting these requirements imposes extra burden on organizations, which, however, is unavoidable in order to ensure security. While a trivial way of ensuring security is to assign each user to a single task, business organizations would typically like to minimize their costs and keep staffing requirements to a minimum. To meet these contradictory goals, we define the problem of Cardinality Constrained-Mutually Exclusive Task Minimum User Problem (CMUP), which aims to find the minimum users that can carry out a set of tasks while satisfying the given security constraints. We show that the CMUP problem is equivalent to a constrained version of the weak chromatic number problem in hypergraphs, which is NP-hard. We, therefore, propose a greedy solution. Our experimental evaluation shows that the proposed algorithm is both efficient and effective.
  • No Thumbnail Available
    Item
    Hardware Testbed based Analytical Performance Modelling for Mobile Task Offloading in UAV Edge Cloudlets
    (IEEE, 2021) Chamola, Vinay
    In recent times, there is a paradigm shift to cloud services that offer on-demand computer system resources, especially data storage and computing power. The main reason for the shift is that it removes the user's active participation to perform computationally intensive tasks. However, current cloud-based services incur high user latency as being deployed very far from the user. One alternative solution to the traditional cloud-based paradigm is drone-based edge computing. In drone edge computing, drones are located near the user and deployed to provide data offload services. There have been many works that have addressed the issue of efficient task assignment in edge devices. This paper presents a concrete analytical performance model for drone cloudlet networks and factors that influence the service response time to the user. The results can be helpful for network administrators to make the current edge computing paradigm faster, more robust and, cost-effective.
  • No Thumbnail Available
    Item
    MbRE IDS: An AI and Edge Computing Empowered Framework for Securing Intelligent Transportation Systems
    (IEEE, 2022-05) Chamola, Vinay
    Recent years have seen a widespread growth of research in the Internet of Things (IoT). While mobility networks such as the Intelligent Transportation Systems (ITS) are being increasingly studied for their application in smart cities, there are numerous cyber threats that may disrupt the security and safety of the users of such networks. This study proposes an intelligent, statistical Intrusion Detection System (IDS) called Multi-branch Reconstruction Error (MbRE) for the long term security of ITS against known and unknown threats. The proposed IDS learns only from normal behavior, detects deviation of vehicular from it, and classifies it into eight generalized buckets based on the aspects of the data found to be malicious, i.e. frequency, identity and motion (speed and position). The results obtained show the success of the proposed IDS in detecting different threats with recall and accuracy scores between 97.5% to 100% without the need to train on them.
  • No Thumbnail Available
    Item
    CellularBlockB5G: A Blockchain-based Multi Operator Spectrum Sharing Simulator for 5G and Beyond Networks
    (IEEE, 2023) Chamola, Vinay
    The advancement of Fifth-generation networks has enabled service-specific resource provisioning through Network slicing. Moving forward, Beyond 5G (B5G) is the key enabling factor for the next generation of computing networks catering to the needs of seamless connectivity with ultra-reliable performance and security. But the deployment of such systems to provide various services through dynamic network slicing needs network densification, leading to increased operational cost. This requirement has bid to enable infrastructure sharing between multiple operators and HetNets through Blockchain as a promising solution with secure and distributed ledger-based operations. This work presents a comprehensive simulation environment providing blockchain integration with B5G networks. In particular, this work identifies key challenges to creating such a simulation environment and handles several operational details, including spectrum sharing, network slicing and dealing with orphan blocks. In the end, we have presented the evaluation of the simulator on 5G blockchain-based spectrum sharing. Furthermore, this work can facilitate further research on blockchain in B5G networks and help in providing a common framework for operators in analyzing such operations on a large scale.