Home Index

AU-KBC RESEARCH CENTRE

Cryptography and Network Security Group

Head

M. Sethuraman, Scientist

B.Tech - IIT Madras, M.Tech – IIT Kanpur

30+ years in Crypto design Exp.

      http://comm.au-kbc.org/sethuraman.htm

 

     The Group carries out four different types of activities--

·        Research

·        Product development

·        Sponsored Projects

·        Training & Seminars

 

 

Research

·        WLAN WEP

·        Timing & Power Channel attack on USB smart card

·        Cryptanalytic attack on discrete logarithm crypto systems

           

In House Product Development

·        WebGuard

·        e-PKI

·        Secure Mailer

·        DPAT

 

Sponsored Projects

·        Crypto tools for CAIR

·        Security Toolkit for BMS

 

Training & Seminars

·        Wireless Security

·        Cryptography and Network Security

 

 

            Some details of the Products and Technologies developed here are given below.

 

I. iSecurIT – A Network Security Education and Training Platform.

 

A unique hardware Product developed by the AU-KBC Centre  jointly with M/S. Benchmark Microsystems, Chennai, to provide hands-on training to students and trainees in Cryptography and Network Security.

 

 

Carry out  Experiments & Demos on-

 

o       Cryptography – RC4, RSA, SDES, 3SDES, MD5…

o       Malware tools – Virus, Anti Virus, Trojans…

o       Network Identification – Network Enumeration…

o       System Threats – DDOS, Sniffing, Spoofing…

o       Web Vulnerabilities – Honeypots, SQL Injection,Buffer Overflow…

o       Hacking a webserver

o       Setting up honeypot

o       Setting up a firewall

o       Investigation & fixing buffer overflow

o       TCP session hijacking

o       Setting up end-to-end network security

 

  This product is being marketed by M/S. Benchmark Systems, and the Product Brochure gives more details.

 

II. WebGuard—A Hardware Solution that eliminates web defacing

 

Web defacement attacks alter the contents of web pages in an unauthorized manner with an intent to cause embarrassment, inconvenience and possible business loss to the web site owner. They are a major challenge to the integrity of web sites and  attack statistics are indeed astonishing: there are approximately 600 attacks in one hour, with as many as 1500 attacks a day on the Dot Com domain alone. Software solutions to this problem that reside on the server itself are not fully effective as the server is visible from the outside and the solution residing on it can be first disabled by the attacker.

WebGuard  is a unique hardware solution to the problem of web page defacing, and it sits between the firewall and the server it is meant to protect.

 

 

Some of the significant features of our product are --

·        Net-invisible content inspection engine

·        Cryptographic content verification to protect the integrity of both static and dynamic content such as CGI s, ASPs, Java servlets, images etc. of every outgoing web page.

·        Security  guaranteed through dedicated, network-transparent hardware appliance.

·        Policy based (Strict / Cache modes) recovery mechanism for hacked contents.

·        Contents  verified in Real Time, constantly and consistently.

·        Posting tools provided and Server Version available

·        Incoming client traffic content inspection for additional protection

·        Paired with every web platform and scalable.

·        Sends alerts on detection of content alteration (SMS, email).

 

            WebGuard  has undergone black-box testing at CERT-IN, and is ready for deployment.

 

III. e-PKI- An Enterprise level Public Key Infrastructure Solution

 

Digital Signatures and Digital Certificates constitute the backbone of e-Commerce by providing the required features of Confidentiality, Integrity, Authentication and  Non-repudiation to the transactions. Verisign, RSA, Cyber Trust are some of the firms that provide the PKI services worldwide on commercial terms. However, enterprises like Universities, Govt. Departments, etc. also need Digital Signatures and Digital Certificates for their internal electronic information exchange purposes, but not necessarily with the legal status  required for e-commerce purposes. They can do with Enterprise versions of PKI solutions for their internal electronic transactions; while these enterprise versions may not have the legal status of the PKI solutions used in e-commerce, they have to have all their technical features, capabilities and standards compliances.

AU-KBC Centre has developed such an e-PKI solution and tested the same on the campus network.

 

 

        

 

 

 

EPKI Components

·        Certificate Authority (CA) Server

·        Registration Authority (RA) Server

·        Public Server

EPKI Features:

·        AAA(Authentication, Authorization, Audit) services

·        Non-repudiation

·        X509 (v3) compliant digital certificates

·        Full fledged RA/CA Servers Available

·        PKCS compliant requests and responses

·        Certificates for users and server Key Management

·        Key Issue; Revocation; Renewal; Verification;

·        Key management services: CRL Publishing / Query - Results; OCSP Support

·        Customization for Server Components

·        Customization for Encryption algorithm (RSA, ElGamal, Elliptic Curve etc)

·        Customizable certificate Parameters & Policy implementation

·        Enables Trust establishment on various Entities

·        Roaming solutions (Certificates in portable tokens)

 

 

 

IV. Secure Mailer-- Roaming solution for secure email access

 

 

 

Features

·        Transparently takes care of email signing and encryption/decryption

·        Personal mail storage enabled

·        Available in small form CDs / USB dongles

·        Uses X.509 std Certificates for Mail encryption/Decryption

 

 

V. DPAT-Dynamic Password Authentication Tool

 

 

 

Cryptographically secure pass-code Generation

 

 

 

Features:

·        Second factor Authentication token for internal and remote access

·        Cryptographically secure pass-code

·        Becomes  stronger when used in conjunction with smart card

·        Soft token available(Requires lightweight client)

·        Hardware Token (Under Development)

·        Useful in E-Banking and Secure Login Mechanisms

 

VI. Smart Paper Ticket

 

 

VII. Crypt Analysis:

 

·        Breaking embedded crypto sysytems.

·        Power analysis and Timing based attacks carried out on embedded ECC.

·        Power and Timing attack resistant solution developed.

 

 

VIII. Stream Ciphers:

 

§         Used in the design of stream ciphers. Examples: Sober-T16,  Sober- T32, SNOW, TURING use Linear Feedback Shift Registers (LFSRs) in their design.

§         2-adic FCSRs give rise to a new complexity measure for pseudo random sequences  called 2-adic complexity . This measure was used in the recently held NESSIE evaluation of stream and block ciphers. 

·        Like LFSRs, they are realizable in hardware and  give rise to a new complexity measure called dyadic complexity. They have good statistical properties; used in place of LFSRs

·        The research on FCSRs will focus on :

·        studying the statistical properties of sequences produced using this methodology

·        to design new stream ciphers using FCSRs

·        to extend these architectures to cover other numeration systems