E-Book, Englisch, Band 4, 114 Seiten
Reihe: IITK Directions
Shukla / Agrawal Cyber Security in India
1. Auflage 2020
ISBN: 978-981-15-1675-7
Verlag: Springer Nature Singapore
Format: PDF
Kopierschutz: 1 - PDF Watermark
Education, Research and Training
E-Book, Englisch, Band 4, 114 Seiten
Reihe: IITK Directions
ISBN: 978-981-15-1675-7
Verlag: Springer Nature Singapore
Format: PDF
Kopierschutz: 1 - PDF Watermark
This book of 'directions' focuses on cyber security research, education and training in India, and work in this domain within the Indian Institute of Technology Kanpur. IIT Kanpur's Computer Science and Engineering Department established an 'Interdisciplinary Center for Cyber Security and Cyber Defense of Critical Infrastructures (C3I Center)' in 2016 with funding from the Science and Engineering Research Board (SERB), and other funding agencies. The work at the center focuses on smart grid security, manufacturing and other industrial control system security; network, web and data security; cryptography, and penetration techniques. The founders are involved with various Indian government agencies including the Reserve Bank of India, National Critical Information Infrastructure Protection Center, UIDAI, CCTNS under home ministry, Ministry of IT and Electronics, and Department of Science & Technology. The center also testifies to the parliamentary standing committee on cyber security, and has been working with the National Cyber Security Coordinator's office in India. Providing glimpses of the work done at IIT Kanpur, and including perspectives from other Indian institutes where work on cyber security is starting to take shape, the book is a valuable resource for researchers and professionals, as well as educationists and policymakers.
Sandeep Kumar Shukla is currently the Poonam and Prabhu Goel Chair Professor and Head of the Computer Science and Engineering Department, Indian Institute of Technology, Kanpur, India. He is the Editor-in-Chief of ACM Transactions on Embedded Systems and an Associate Editor of ACM Transactions on Cyber-Physical Systems. He is an IEEE fellow, an ACM Distinguished Scientist, and served as an IEEE Computer Society Distinguished Visitor from 2008 to 2012, and as an ACM Distinguished Speaker from 2007 to 2014. He was previously an Associate Editor of IEEE Transactions on Computers, IEEE Transactions on Industrial Informatics, IEEE Design & Test, IEEE Embedded Systems Letters, and various other journals. He was a member of the faculty at the Virginia Polytechnic Institute, Arlington, Virginia, between 2002 and 2015, and has also been a visiting scholar at INRIA, France, and the University of Kaiserslautern, Germany. In 2014, he was named a fellow of the Institute of Electrical and Electronics Engineers (IEEE) for his contributions to applied probabilistic model checking for system design. He has authored several books on systems and has edited and co-authored numerous books with Springer. Prof. Manindra Agrawal received his B.Tech. and Ph.D. in Computer Science and Engineering from the Indian Institute of Technology, Kanpur in 1986 and 1991, respectively. He was a fellow of the School of Mathematics, SPIC Science Foundation, Chennai, from 1993 to 1995, and a Humboldt fellow at the University of Ulm, Germany, from 1995 to 1996. He joined the faculty at IIT Kanpur as an Assistant Professor at the Department of Computer Science and Engineering in 1996. And was appointed as the N. Rama Rao Chair Professor in 2003. He is the recipient of several international awards, including the Fulkerson Prize 2006 and the Gödel Prize 2006, and has published and presented papers in respected journals. He was the Head of the Computer Science and Engineering Department, and Dean of Faculty affairs at IIT Kanpur. Currently, he is the Deputy Director and Officiating Director of IIT Kanpur. Prof. Agrawal has made significant contributions to the theory of efficient reactions between computational problems, which are part of the program studying the well-known P vs NP question in mathematics/computer science. His joint paper with two of his former students resolves the centuries-old problem of a fast test of primality. In the language of complexity theory, they have proved that recognizing primes is in the 'class P' and this constitutes one of the most striking problems now known in this class.
Autoren/Hrsg.
Weitere Infos & Material
1;Series Editor’s Preface;6
2;Contents;7
3;Editors and Contributors;8
4;1 Building India's First Cyber-Security Test-Bed for CI;10
4.1;1.1 Introduction;10
4.1.1;1.1.1 Contribution of This Article;11
4.2;1.2 C3i Center, IIT Kanpur;11
4.2.1;1.2.1 Objective;13
4.3;1.3 Existing Setup: Experimental Setup;14
4.3.1;1.3.1 Level-0: Field Devices;14
4.3.2;1.3.2 Level-1: Protection and Control System;14
4.3.3;1.3.3 Level-1.5: Industrial Communication;15
4.3.4;1.3.4 Level-2: Visualization and Control;15
4.3.5;1.3.5 Level-3: Management;18
4.4;1.4 Future Planning of Smart Infrastructure;19
4.4.1;1.4.1 Smart Power Grid;19
4.5;References;24
5;2 The State of Android Security;25
5.1;2.1 Introduction;25
5.2;2.2 The Security Architecture of Android;26
5.2.1;2.2.1 Application Sandbox;26
5.2.2;2.2.2 Permissions;26
5.3;2.3 Android Vulnerability and Advanced Threats;26
5.3.1;2.3.1 Architectural Vulnerability;26
5.3.2;2.3.2 Software Vulnerability;27
5.3.3;2.3.3 Hardware Vulnerability;27
5.3.4;2.3.4 Advanced Threats;27
5.4;2.4 Malware Analysis: Techniques and Its Limitation;27
5.4.1;2.4.1 Static Analysis;28
5.4.2;2.4.2 Dynamic Analysis;28
5.4.3;2.4.3 Hybrid Analysis;29
5.5;2.5 Conclusion;29
5.6;References;29
6;3 Blockchain and Its Application in Cybersecurity;31
6.1;3.1 Introduction;31
6.2;3.2 Evolution of Blockchain;32
6.2.1;3.2.1 Blockchain 1.0;32
6.2.2;3.2.2 Blockchain 2.0;33
6.2.3;3.2.3 Blockchain 3.0;33
6.3;3.3 Security of Blockchains;33
6.3.1;3.3.1 Confidentiality: Who Can See the Data;33
6.3.2;3.3.2 Integrity: The Accuracy and Consistency of Data over Its Entire Life Cycle;33
6.3.3;3.3.3 Availability: Liveness Guarantee;34
6.4;3.4 Applications;34
6.4.1;3.4.1 Secure Decentralized Currency;34
6.4.2;3.4.2 Smart Contracts;34
6.4.3;3.4.3 Document Verification in KSI;34
6.4.4;3.4.4 Insider Threats;35
6.4.5;3.4.5 Supply Chain Management;36
6.4.6;3.4.6 Patch Management, Backing Up, and Restoration: Enforcing Policy;36
6.4.7;3.4.7 Blockchain-Based Authentication;37
6.5;3.5 Blockchain in IoT;37
6.5.1;3.5.1 Use of Blockchain in the IoT Space;37
6.5.2;3.5.2 The Important Aspects of Blockchain-Based IoT Applications;37
6.6;3.6 Attacks on Blockchain-Based Systems;38
6.6.1;3.6.1 51% Attack;38
6.6.2;3.6.2 Mining Pool Attack;38
6.6.3;3.6.3 Eclipse Attack;39
6.6.4;3.6.4 Practical Attacks ch355;39
6.7;3.7 Conclusion;39
6.8;References;39
7;4 Malware Analysis Using Image Classification Techniques;41
7.1;4.1 Windows Malware Classification Using Image Representation;41
7.1.1;4.1.1 Data Collection and Labeling;42
7.1.2;4.1.2 Data Generation;42
7.1.3;4.1.3 Classification;42
7.1.4;4.1.4 Packed and Unknown Malware Classification;43
7.1.5;4.1.5 Results;43
7.2;4.2 Linux Malware Classification Using Image Representation;43
7.2.1;4.2.1 Data Collection and Labeling;43
7.2.2;4.2.2 Data Generation;44
7.2.3;4.2.3 Classification;44
7.2.4;4.2.4 Packed Malware Classification;44
7.2.5;4.2.5 Results;44
7.3;4.3 Conclusion and Future Work;45
7.4;References;46
8;5 A Review: Malware Analysis Work at IIT Kanpur;47
8.1;5.1 PeerClear: Peer-to-Peer BotNet Detection;47
8.1.1;5.1.1 P2P Host Detection;48
8.1.2;5.1.2 P2P BotNet Detection;49
8.1.3;5.1.3 Experimental Results;49
8.2;5.2 Malware Classification Using Early-Stage Behavioral Analysis;49
8.2.1;5.2.1 Dataset;49
8.2.2;5.2.2 Feature Extraction, Features Selection, and Classification;49
8.2.3;5.2.3 Experimental Results;50
8.3;5.3 Automated Malware Detection Using Memory Forensics;53
8.3.1;5.3.1 Memory Dump Generation and Selection;53
8.3.2;5.3.2 Feature Extraction, Selection, and Classification;53
8.3.3;5.3.3 Experimental Results;53
8.4;5.4 Conclusion;55
8.5;References;55
9;6 Honeypot Deployment Experience at IIT Kanpur;57
9.1;6.1 Introduction;57
9.2;6.2 Classification of Honeypots;58
9.2.1;6.2.1 Low/High-Interaction Honeypot;58
9.2.2;6.2.2 Server/Client Honeypot;59
9.2.3;6.2.3 Production/Research Honeypot;59
9.3;6.3 Deployed Honeypots;59
9.3.1;6.3.1 OpenCanary;59
9.3.2;6.3.2 Cowrie;60
9.3.3;6.3.3 Clientpot;61
9.3.4;6.3.4 HoneyFARM;64
9.3.5;6.3.5 HoneyWEB;66
9.3.6;6.3.6 HoneyFTP;66
9.3.7;6.3.7 Cloud-Based IoT Honeypot;67
9.4;6.4 Analysis of Attacks on Our Honeypots;68
9.4.1;6.4.1 Analysis of HoneySSH;68
9.4.2;6.4.2 Analysis of HoneySMB;69
9.4.3;6.4.3 Analysis of HoneyWEB;69
9.4.4;6.4.4 Analysis of HoneyFTP;69
9.4.5;6.4.5 IoT Honeypot Analysis;69
9.5;6.5 Conclusion;70
9.6;References;71
10;7 Cache Based Side-Channel Attacks;72
10.1;7.1 Introduction to Memory Systems and Side-Channel Attacks;72
10.2;7.2 Side-Channel Attacks and Information Leakage;73
10.2.1;7.2.1 Attacks of Interest;73
10.2.2;7.2.2 Side-Channel Attacks on Real-World Applications;73
10.2.3;7.2.3 What Is Needed for a Successful Attack?;74
10.2.4;7.2.4 A Case of Spectre and Meltdown Attacks;75
10.3;7.3 Countermeasures;75
10.4;7.4 Conclusion;75
10.5;References;76
11;8 Hardware Security in India: The Journey so Far;77
11.1;8.1 Introduction;77
11.2;8.2 Fault Analysis of Cryptosystems;79
11.2.1;8.2.1 Attacks and Countermeasures;79
11.2.2;8.2.2 Automated Detection of Fault Attacks;80
11.3;8.3 Hardware Design of Public-Key Cryptosystems;82
11.3.1;8.3.1 Fast and Efficient Implementation of GF(2n) ECC Scalar Multiplication on FPGA;83
11.3.2;8.3.2 Efficient Resource Utilization for ECC Scalar Multiplication in GF(p);84
11.3.3;8.3.3 Lightweight Architecture for ECC Scalar Multiplication in GF(p);85
11.4;8.4 PUFs: Design and Usage in IoT Security;85
11.4.1;8.4.1 Design of PUF-Based Protocols;88
11.5;8.5 Micro-architectural Attacks and Countermeasures;89
11.5.1;8.5.1 Cache Timing Attack on Clefia;89
11.5.2;8.5.2 Branch Misprediction Attack;92
11.5.3;8.5.3 Software-Driven Fault Attack Using Row-Hammer;93
11.5.4;8.5.4 Detection of These Attacks;94
11.6;8.6 Hardware Security to Accelerate Cloud Cryptosystems;95
11.7;8.7 Conclusions;101
11.8;References;101
12;9 The World of Bug Bounties—the Indian Scenario;103
12.1;9.1 Introduction;103
12.2;9.2 What Is a Bug Bounty Program?;103
12.2.1;9.2.1 Foreign Companies and Bug Bounties;104
12.2.2;9.2.2 Indian Private Sector and Bug Bounties;105
12.3;9.3 Foreign Government;105
12.4;9.4 Indian Government;106
12.4.1;9.4.1 Case Study 1;106
12.4.2;9.4.2 Case Study 2;107
12.5;9.5 Conclusion;107
12.6;References;108
13;10 Post-quantum Cryptography: An Introduction;109
13.1;10.1 Introduction;109
13.2;10.2 Directions for Post-quantum Cryptography;110
13.3;10.3 Lattice-Based Cryptography;111
13.3.1;10.3.1 Classic Computational Lattice Problems;111
13.3.2;10.3.2 Modern Computational Lattice Problems;111
13.4;10.4 Cryptographic Constructions;113
13.4.1;10.4.1 Public-Key Encryption;113
13.5;10.5 Conclusions;113
13.6;References;114
