Home Index

AU-KBC RESEARCH CENTRE

Cryptography and Network Security Group

Head

M. Sethuraman, Scientist

B.Tech - IIT Madras, M.Tech – IIT Kanpur

30+ years in Crypto design Exp.

http://comm.au-kbc.org/sethuraman.htm

 

The Group carries out four different types of activities--

        Research

        Product development

        Sponsored Projects

        Training & Seminars

 

 

Research

        WLAN WEP

        Timing & Power Channel attack on USB smart card

        Cryptanalytic attack on discrete logarithm crypto systems

In House Product Development

        WebGuard

        e-PKI

        Secure Mailer

        DPAT

 

Sponsored Projects

        Crypto tools for CAIR

        Security Toolkit for BMS

 

Training & Seminars

        Wireless Security

        Cryptography and Network Security

 

 

Some details of the Products and Technologies developed here are given below.

 

I. iSecurIT – A Network Security Education and Training Platform.

 

A unique hardware Product developed by the AU-KBC Centre jointly with M/S. Benchmark Microsystems, Chennai, to provide hands-on training to students and trainees in Cryptography and Network Security.

 

 

Carry out Experiments & Demos on-

 

o       Cryptography – RC4, RSA, SDES, 3SDES, MD5…

o       Malware tools – Virus, Anti Virus, Trojans…

o       Network Identification – Network Enumeration…

o       System Threats – DDOS, Sniffing, Spoofing…

o       Web Vulnerabilities – Honeypots, SQL Injection,Buffer Overflow…

o       Hacking a webserver

o       Setting up honeypot

o       Setting up a firewall

o       Investigation & fixing buffer overflow

o       TCP session hijacking

o       Setting up end-to-end network security

 

This product is being marketed by M/S. Benchmark Systems, and the Product Brochure gives more details.

 

II. WebGuard—A Hardware Solution that eliminates web defacing

 

Web defacement attacks alter the contents of web pages in an unauthorized manner with an intent to cause embarrassment, inconvenience and possible business loss to the web site owner. They are a major challenge to the integrity of web sites and attack statistics are indeed astonishing: there are approximately 600 attacks in one hour, with as many as 1500 attacks a day on the Dot Com domain alone. Software solutions to this problem that reside on the server itself are not fully effective as the server is visible from the outside and the solution residing on it can be first disabled by the attacker.

WebGuard is a unique hardware solution to the problem of web page defacing, and it sits between the firewall and the server it is meant to protect.

 

 

Some of the significant features of our product are --

        Net-invisible content inspection engine

        Cryptographic content verification to protect the integrity of both static and dynamic content such as CGI s, ASPs, Java servlets, images etc. of every outgoing web page.

        Security guaranteed through dedicated, network-transparent hardware appliance.

        Policy based (Strict / Cache modes) recovery mechanism for hacked contents.

        Contents verified in Real Time, constantly and consistently.

        Posting tools provided and Server Version available

        Incoming client traffic content inspection for additional protection

        Paired with every web platform and scalable.

        Sends alerts on detection of content alteration (SMS, email).

 

WebGuard has undergone black-box testing at CERT-IN, and is ready for deployment.

 

III. e-PKI- An Enterprise level Public Key Infrastructure Solution

 

Digital Signatures and Digital Certificates constitute the backbone of e-Commerce by providing the required features of Confidentiality, Integrity, Authentication and Non-repudiation to the transactions. Verisign, RSA, Cyber Trust are some of the firms that provide the PKI services worldwide on commercial terms. However, enterprises like Universities, Govt. Departments, etc. also need Digital Signatures and Digital Certificates for their internal electronic information exchange purposes, but not necessarily with the legal status required for e-commerce purposes. They can do with Enterprise versions of PKI solutions for their internal electronic transactions; while these enterprise versions may not have the legal status of the PKI solutions used in e-commerce, they have to have all their technical features, capabilities and standards compliances.

AU-KBC Centre has developed such an e-PKI solution and tested the same on the campus network.

 

 

 

 

 

EPKI Components

        Certificate Authority (CA) Server

        Registration Authority (RA) Server

        Public Server

EPKI Features:

        AAA(Authentication, Authorization, Audit) services

        Non-repudiation

        X509 (v3) compliant digital certificates

        Full fledged RA/CA Servers Available

        PKCS compliant requests and responses

        Certificates for users and server Key Management

        Key Issue; Revocation; Renewal; Verification;

        Key management services: CRL Publishing / Query - Results; OCSP Support

        Customization for Server Components

        Customization for Encryption algorithm (RSA, ElGamal, Elliptic Curve etc)

        Customizable certificate Parameters & Policy implementation

        Enables Trust establishment on various Entities

        Roaming solutions (Certificates in portable tokens)

 

 

 

IV. Secure Mailer-- Roaming solution for secure email access

 

 

 

Features

        Transparently takes care of email signing and encryption/decryption

        Personal mail storage enabled

        Available in small form CDs / USB dongles

        Uses X.509 std Certificates for Mail encryption/Decryption

 

 

V. DPAT-Dynamic Password Authentication Tool

 

 

 

Cryptographically secure pass-code Generation

 

 

 

Features:

        Second factor Authentication token for internal and remote access

        Cryptographically secure pass-code

        Becomes stronger when used in conjunction with smart card

        Soft token available(Requires lightweight client)

        Hardware Token (Under Development)

        Useful in E-Banking and Secure Login Mechanisms

 

VI. Smart Paper Ticket

 

 

VII. Crypt Analysis:

 

        Breaking embedded crypto sysytems.

        Power analysis and Timing based attacks carried out on embedded ECC.

        Power and Timing attack resistant solution developed.

 

 

VIII. Stream Ciphers:

 

         Used in the design of stream ciphers. Examples: Sober-T16, Sober- T32, SNOW, TURING use Linear Feedback Shift Registers (LFSRs) in their design.

         2-adic FCSRs give rise to a new complexity measure for pseudo random sequences called 2-adic complexity . This measure was used in the recently held NESSIE evaluation of stream and block ciphers.

        Like LFSRs, they are realizable in hardware and give rise to a new complexity measure called dyadic complexity. They have good statistical properties; used in place of LFSRs

        The research on FCSRs will focus on :

        studying the statistical properties of sequences produced using this methodology

        to design new stream ciphers using FCSRs

        to extend these architectures to cover other numeration systems