com Admin Author Admin Facetimepcandroid At Author XqxYqvBwg
... Figure 3 1 , illustrates 2 , 3 , the 4 and graph 5 Ring are responsible of Rings (RoR) for issuing , with certificates 45 nodes tying split K in w to three w . rings of 15 nodes. Each node has a direct All certificates connection are to issued five other with nodes, a limited meaning lifetime they T j and are responsible after T j it is for considered issuing five expired. certificates. Before For the certificate example, node expires, w is responsible for issuing certificates tying K w 1 to w 1 , K w 2 to the w , issuer K to can w update , K it, to by w issuing and K a new to w version . Furthermore, with an extended lifetime T j ' . When a certificate is issued, the issuer stores it in its local repository and sends a copy for the corresponding node, which also stores it. Nodes store only the certificates they issued and certificates that were issued to them. To authenticate the public key of a node j , node i needs to find a path from itself to j in the virtual structure, a virtual path. Virtual paths are certificate chains. Note that it might be possible to find several virtual paths from i to j , node i can nodes 1 , 2 , 3 , 4 and 5 are responsible for issuing certificates tying K w to w . All certificates are issued with a limited lifetime T j and after T j it is considered expired. Before the certificate expires, the issuer can update it, by issuing a new version with an extended lifetime T j ' . When a certificate is issued, the issuer stores it in its local repository and sends a copy for the corresponding node, which also stores it. Nodes store only the certificates they issued and certificates that were issued to them. To authenticate the public key of a node j , node i needs to find a path from itself to j in the virtual structure, a virtual path. Virtual paths are certificate chains. Note that it might be possible to find several virtual paths from i to j , node i can choose any of them, or even try more than one at a time. After choosing a virtual path, the source must obtain all certificates from the nodes in the virtual path, i.e. it must validate the entire certificate chain. The certificate validation process is performed as follows: 1. the first certificate is directly verified by node i , as it is the issuer of this certificate; 2. each remaining certificate is verified using the public key of the previous certificate; 3. the last certificate contains the public key of node j . VKM guarantees that only correct and valid certificates are used. However, it implies in endorsement latency, as certificates must be reactively validated. If the network uses a virtualization-based routing protocol, such as VRP  or VDV , VKM can use the same virtual network graph, reducing the memory usage even more. Certificate revocation can be explicit or implicit. Implicit revocations are based on the certificate lifetime. If a certificate issuer does not update the certificate, it is considered revoked. In the explicit revocation, if a node u believes that another one m is presenting malicious behavior, u contacts all nodes which issue a certificate to m accusing it of misbehavior. The issuers start a voting mechanism to decide if they believe the accusation revoke accuse u node of or misbehavior. m not. certificates. If they believe If they the do accusation, not believe all it, issuers they Like GKM, the overhead to revoke a certificate depends on the number of issuers, i.e. the connectivity of the virtual structure. As it will be shown in section 4, the security of the network depends on the connectivity of the virtual structure. Thus, the network manager must choose the correct values balancing security and overhead, based on the network requirements. This section presents the evaluation of VKM, its effectiveness against the personification and Sybil attacks and a comparison with the PGP-Like and the GKM. All evaluations were performed through simulations on the Network Simulator 2 (NS-2) , version 30. Simulation parameters are shown in Table II and they are the same used on the original evaluations of PGP-Like and GKM. All results are averages of thirty-five simulations with a confidence interval of 95%. GKM considers 50 overlapped virtual groups randomly formed with 6, 9 and 12 members. The virtual structure of VKM is the RoR with four rings and twenty-five nodes per ring. Each node issues 5, 10, 15 and 20 certificates, and has 5, 10, 15 and 20 certificates issued to it. The Sybil attack is characterized by a malicious node creating several fake identities to itself. It can be extremely harmful to any voting based protocol, for example. The use of certificate chains makes the PGP-Like highly vulnerable to this attack, as shown in Figure 4 and 5 . The percentage of nodes with false identities in their local repositories is extremely high, reaching 80% after 800 seconds of network lifetime, independently of the number of attackers, 5%, 10% or 20%. Figures 4 and 5 also demonstrate the number of authenticated false identities by correct nodes. Note that an attacker might create a false identity f and issue fake certificates to f . All nodes which trust will also trust f . Therefore, if the attacker has a correct behavior for a considerable time, several units are likely to trust it, as the false identity is spread throughout the network due to the certificate exchange mechanism. In GKM, a false identity must build a group to enter the system. Moreover, the group must contain at least two nodes from other groups, i.e. the group with the fake id must have at least two non-malicious nodes. Considering that the malicious node is able to build such a group, it still has to authenticate the public key of the fake id. It is necessary to find two disjoint group certificate chains to authenticate it. This is only possible if several malicious nodes participate in the system. Figure 6 presents the impact of a Sybil attack over GKM. In scenarios with 5% or 10% of Sybil nodes, no false identity is authenticated. Further, with 20% and group size 9 (m = 9), less than 5% of false identities are authenticated, with group size of 12 no fake id authentication is performed. On the other hand, 100% of false identities can be authenticated with 40% of Sybil nodes and groups with 6 members. These results demonstrate that with less than 40% of attackers, GKM is highly resistant to Sybil attacks. It also demonstrates that the resistance of GKM depends on group sizes, larger groups provide better resistance against Sybil attacks. In VKM, all authentications are performed following the virtual structure. All fake indentities created by the Sybil attacker cannot be included in the virtual structure. Thus, the attack is completely meaningless, since this false identity cannot be authenticated, as they are not part of the virtual structure. As shown in Figure 7, there is no fake identity inside the virtual structure, independently of the number of attacker and the number of certificates issued by the nodes. Consequently, no fake identity can be authenticated in VKM, making it completely secure against Sybil attacks. In fact, VKM is 100% secure against Sybil attacks. It implies in preloading the virtual structure in each node, but the use of the virtual structure eliminates the effect of a Sybil attack, independently of the number of attackers. In the personification attack, the attacker takes the place of a leaving node and behaves as it was the correct one, or the attacker invades a valid node turning it into a malicious one. The results for the personification attack on the PGP-Like and the GKM are the same as the ones presented for the Sybil attack, in Figures 4, 5 and 6. The personification attack and the Sybil one have the same effects on PGP-Like and GKM. On the other hand, in VKM the personification attacker becomes a part of the virtual structure. Thus, it can authenticate and be authenticated by correct nodes. Figure 8 shows the impact of the personification attack on VKM. As shown in Figure 8, even with 20% of attackers in the network, VKM is able to correctly authenticate more than 40% of the certificates. In the presence of 5% of attackers, the VKM is able to correctly authenticate approximately 80% of certificate chains. PGP-Like is completely vulnerable, even with only 5\% of attackers (Figure 5), while GKM becomes vulnerable with 40% of attackers (Figure 6). Both in GKM and VKM, it is possible to see that increasing the connectivity of the virtual structure, it is still possible to reduce the effects of personification attacks. In GKM, the worst-case scenarios are the ones with the smallest groups, as it is easier for a Sybil node to join different groups. In VKM, the worst scenarios are the ones with the smallest connectivity of the virtual structure, as there are fewer virtual paths between pairs of nodes. Moreover, it is possible to increase the resistance of VKM by requesting that the source finds two distinct paths in the virtual structure for each authentication, though this improvement is considered a future work. This section contains a comparison between PGP-Like, GKM and VKM considering their characteristics, scalability and communication overhead. Table III depicts all characteristics of the three schemes. In PGP-Like, nodes can enter or leave the system at any time. In GKM, nodes can also join and leave the network at any time. When a new node wants to join the system, it must find at least other trusted nodes and form a group. When a node leaves the system, it does not directly affect GKM, though it is necessary that at least a predetermined number of members of the group remains in the system. If the number of members ...Punjabi Fakeid Final Latest Official Full Video Song xgz8v
Author com At Author Facetimepcandroid Admin Admin
Get access to 30 million figurestv Video Wjax tv Wjax tv Wjax Video Video TwTFxgPE
Join ResearchGate to access over 30 million figures and 118+ million publications – all in one place.
Ad you may be interested in