M. Sethuraman, Scientist
30+ years in Crypto design Exp.
The Group carries out four different types of activities--
· Product development
· Sponsored Projects
· Training & Seminars
· WLAN WEP
· Timing & Power Channel attack on USB smart card
· Cryptanalytic attack on discrete logarithm crypto systems
In House Product Development
· Secure Mailer
· Crypto tools for CAIR
· Security Toolkit for BMS
Training & Seminars
· Wireless Security
· Cryptography and Network Security
Some details of the Products and Technologies developed here are given below.
A unique hardware Product developed by the AU-KBC Centre jointly with M/S. Benchmark Microsystems, Chennai, to provide hands-on training to students and trainees in Cryptography and Network Security.
Carry out Experiments & Demos on-
o Cryptography – RC4, RSA, SDES, 3SDES, MD5…
o Malware tools – Virus, Anti Virus, Trojans…
o Network Identification – Network Enumeration…
o System Threats – DDOS, Sniffing, Spoofing…
o Web Vulnerabilities – Honeypots, SQL Injection,Buffer Overflow…
o Hacking a webserver
o Setting up honeypot
o Setting up a firewall
o Investigation & fixing buffer overflow
o TCP session hijacking
o Setting up end-to-end network security
Web defacement attacks alter the contents of web pages in an unauthorized manner with an intent to cause embarrassment, inconvenience and possible business loss to the web site owner. They are a major challenge to the integrity of web sites and attack statistics are indeed astonishing: there are approximately 600 attacks in one hour, with as many as 1500 attacks a day on the Dot Com domain alone. Software solutions to this problem that reside on the server itself are not fully effective as the server is visible from the outside and the solution residing on it can be first disabled by the attacker.
WebGuard is a unique hardware solution to the problem of web page defacing, and it sits between the firewall and the server it is meant to protect.
Some of the significant features of our product are --
· Net-invisible content inspection engine
· Cryptographic content verification to protect the integrity of both static and dynamic content such as CGI s, ASPs, Java servlets, images etc. of every outgoing web page.
· Security guaranteed through dedicated, network-transparent hardware appliance.
· Policy based (Strict / Cache modes) recovery mechanism for hacked contents.
· Contents verified in Real Time, constantly and consistently.
· Posting tools provided and Server Version available
· Incoming client traffic content inspection for additional protection
· Paired with every web platform and scalable.
· Sends alerts on detection of content alteration (SMS, email).
WebGuard has undergone black-box testing at CERT-IN, and is ready for deployment.
Digital Signatures and Digital Certificates constitute the backbone of
e-Commerce by providing the required features of Confidentiality, Integrity,
Authentication and Non-repudiation
to the transactions. Verisign, RSA, Cyber Trust are
some of the firms that provide the PKI services worldwide on commercial terms.
However, enterprises like Universities, Govt. Departments, etc. also need
Digital Signatures and Digital Certificates for their internal electronic
information exchange purposes, but not necessarily with the legal status required for
e-commerce purposes. They can do with
AU-KBC Centre has developed such an e-PKI solution and tested the same on the campus network.
· Certificate Authority (CA) Server
· Registration Authority (RA) Server
· Public Server
· AAA(Authentication, Authorization, Audit) services
· X509 (v3) compliant digital certificates
· Full fledged RA/CA Servers Available
· PKCS compliant requests and responses
· Certificates for users and server Key Management
· Key Issue; Revocation; Renewal; Verification;
· Key management services: CRL Publishing / Query - Results; OCSP Support
· Customization for Server Components
· Customization for Encryption algorithm (RSA, ElGamal, Elliptic Curve etc)
· Customizable certificate Parameters & Policy implementation
· Enables Trust establishment on various Entities
· Roaming solutions (Certificates in portable tokens)
· Transparently takes care of email signing and encryption/decryption
· Personal mail storage enabled
· Available in small form CDs / USB dongles
· Uses X.509 std Certificates for Mail encryption/Decryption
Cryptographically secure pass-code Generation
· Second factor Authentication token for internal and remote access
· Cryptographically secure pass-code
· Becomes stronger when used in conjunction with smart card
· Soft token available(Requires lightweight client)
· Hardware Token (Under Development)
· Useful in E-Banking and Secure Login Mechanisms
VII. Crypt Analysis:
· Breaking embedded crypto sysytems.
· Power analysis and Timing based attacks carried out on embedded ECC.
· Power and Timing attack resistant solution developed.
VIII. Stream Ciphers:
§ Used in the design of stream ciphers. Examples: Sober-T16, Sober- T32, SNOW, TURING use Linear Feedback Shift Registers (LFSRs) in their design.
§ 2-adic FCSRs give rise to a new complexity measure for pseudo random sequences called 2-adic complexity . This measure was used in the recently held NESSIE evaluation of stream and block ciphers.
· Like LFSRs, they are realizable in hardware and give rise to a new complexity measure called dyadic complexity. They have good statistical properties; used in place of LFSRs
· The research on FCSRs will focus on :
· studying the statistical properties of sequences produced using this methodology
· to design new stream ciphers using FCSRs
· to extend these architectures to cover other numeration systems