Research

 

Products and Technologies

Faculty and student research has resulted in a number of innovative products and technologies some of which are listed below.

 

Amrita VPN

AmritaŠ VPN is a world class, easy-to-use open source virtual private network solution developed by Amrita that runs on the GNU/Linux platform. It was originally developed to maintain privacy while making use of pubic internet infrastructure to connect to various amrita networks situated across various geographical locations. Amrita VPN is an easy-to-use open source VPN solution that runs on the GNU/Linux platform. The implementation is fully in user-space and requires no kernel patches or enhancements. It uses openssl library for strong encryption and authentication through SSLv3.
Read More...

 

Amrita Wireless Safety Lock

Amrita is actively pursuing its business and research interests in the domain of security locking solutions, that helps to control physical access to a restricted area. Amrita Security Locking Solutions offer a broad range of state-of-the-art technology, from a single door solution, all the way to a multiple location, wide area network solution.
Read More...

 

Amrita Secure VOIP

Amrita Secure VoIP system enables seamless voice communication using existing PC systems. It helps to reduce long distance communication cost considerably while enabling to be independent of exchange services in an intra organization environment.
Read More...

 

Projects

 

Cloud Computing Security

Cloud computing is the future for all computing with the primary driving force being zero upfront cost and the ability to scale up or down on the resources dynamically based on demand. The biggest concern inspite of its advantages is the lack of security and the need to trust the provider with confidential data and business intelligence, thus dampening the adoption of cloud computing. Although lot of research is happening in cloud computing, most beneficiaries are still waiting for good security solutions to embrace it. Our focus areas include developing: trust models for cloud computing, a client authenticated policy enforcement mechanism for the cloud, building and implementing a trusted cloud platform for the infrastructure as a service model and privacy preserving processing on the cloud using hybrid techniques. Use of security enabled data objects (SEDO) has shown promise in building soft sensors that give data owners far more control than existing alternatives.

 

Parallell Computing in Security

As the cyber security threats become complex, so have the tools and technologies meant to solve them. In an effort to harness the power of parallel computing to advance the security research and solutions, our research focuses on optimizing general-purpose computing on graphics processing units (GPGPU) to compute and process massive volumes of security data traditionally processed by CPU's.

 

Natural User interfaces and Biometric authentication

We are currently investigating the use of natural user interfaces and gesture recognition systems to pattern matching and developing newer biometric authentication schemes.

 

Security of Internet of Things

As with computing systems, trends show sharp increase in more and more electronic devices and appliances networked to the internet. From simple home appliances to more complex systems such as medical devices and industrial control (SCADA) systems, there is an integration of software and hardware that causes new security threats due to its contact to the internet. Our work involves building secure framework for such embedded systems that can be trusted.

 

Healthcare Security

Currently the cost and complexity of protecting health care data is very high due to security, privacy and compliance concerns. Contrasting systems and developing frameworks that will enhance the security of the health care systems and its data while reducing its cost is integral to our research.

 

IPS Visualization Studies

Manipulation of big data from corporate giants and data centers is one of the most formidable challenges in networked systems. Information overloads and lack of proper processing methodologies on this vast reserve in a timely fashion many times causes disregard of genuine alerts. Our research involves development of advanced algorithms and visualization techniques for such dynamic fast moving data.

 

Next Generation Secure Internet Technologies for Globally Distributed Enterprises

Sponsored by Department of Science and Technology, Govt. of India in Collaboration with Technische Universitaet Muenchen (TUM), Germany.

The objective of this project is to investigate systems and architectures for Virtual Private Networking (VPN) over Internet or other forms of public/ untrusted networks for securing VoIP traffic. Although separate techniques exists to secure the signaling and bearer traffic for VoIP (SIPS and SRTP, for example), the VPN will provide a unified mechanism that can secure VoIP traffic between two sites. In addition, proper authorization techniques for VoIP is important since vulnerabilities such as Spam over Internet Telephony (SPIT) and VoIP- based phishing (vishing) exist.


The VPN will also enable authorization of a VoIP session at the entry point into the network. Presently Layer-3 VPNs are commonly used to securely transport VoIP traffic between multiple private networks. Layer-3 VPNs have the disadvantage that they interconnect two networks at the IP-level, thereby exposing all network hosts and services by default. To limit access, proper firewall configuration has to be put into place.

 

We are exploring a VPN architecture that allows only the signaling and bearer traffic of VoIP through the VPN tunnels, thereby eliminating the need for creating additional firewall rules for securing the VPN virtual interfaces. We will demonstrate the viability of our techniques for real-world VoIP applications, by enhancing the existing Amrita VPN with our architecture, and releasing it in open source. By encouraging our users to give us performance reports and other feedback, this will enable us to validate and enhance the architecture.

 

Design and Analysis of Cryptographically Secure Pseudorandom Number Generators

Sponsored by Defence Research and Development Organisation

A cryptographically secure pseudorandom number generator is a pseudorandom number generator with properties that makes it suitable for use in cryptography. CSPRNGs are designed explicitly to resist determined mathematical reverse engineering. In this project, we are studying the designs of PRNGs based on number theory. We concentrate in fast generation of the following generators: Power generators and subset sum generators.

 

Fast Implementation of Finite Field Arithmetic for Elliptic Curve Cryptography

Sponsored by Ministry of Defense

In this project we attempt to address various VLSI design related issues with a special focus on low area and low power implementation of the finite filed arithmetic. We intend to select a few algorithms with the potential for application in the area. Their realization with FGPA will be studied, analyzed and compared. The focus will be on the identification of algorithms and parameter combinations which will deliver optimum performance.

 

Error Linear Complexity Measures for Multisequences

Sponsored by Adavanced Data Processing Research Institute (ADRIN)

A major issue in the security analysis of stream ciphers is the quality assessment of keystreams. Keystream guaranteeing an adequate security level must meet various requirements such as possessing good statistical randomness properties and a high complexity. Recently several word-based stream ciphers ranging from 8 bit to 128 bits have been proposed and analyzed.

In the study of these word-based stream cipher systems, for generalizing the concept of the linear complexity of single keystream sequences to parallel streams of finitely many sequences, the joint linear complexity and k-error joint linear complexity of multisequences has been introduced and its various properties are investigated. In this project we concentrate on the error linear complexity of multisequences.

 

Development of Fast and Effective Cryptographic Techniques (Completed)

Sponsored by Indian Space Research Organization

A major issue in the security analysis of stream ciphers is the quality assessment of key streams. In other words, we need to know how close the key stream is to true randomness. Key stream guaranteeing an adequate security level must meet various requirements such as possessing good statistical randomness properties and a high complexity (in a suitable sense), so that the key stream cannot be inferred from a small portion of its terms.

In this project we concentrate on linear complexity and related complexity measures for key sequences. Analysis of Word based Stream Ciphers (Sponsored by Advanced Data Processing and Research Institute (ISRO)) For the assessment of the quality of multisequence for word based stream ciphers, we need to know the behaviour of joint linear complexity profile of random multisequence over a finite field. The joint linear complexity and joint linear complexity profile of multisequences have received a lot of attention recently. In this project we propose to study further the properties of multisequences in the same line. This will be of direct relevance to the analysis of the stream cipher candidates of the eSTREAM cipher project.

More Projects

  • ADRIN (ISRO) supported project on "Word-Based Stream Ciphers"
  • NTRO (National Technical Research Organization supported project in "VLSI design of Finite Field Arithmetic"
  • ADRIN(ISRO) supported project on " Hardware Based Network Intrusion Detection System for High Speed Networks"
  • SAG (DRDO) supported project on "Classified image transmission system" - aimed at developing a steganographic scheme that is powerful enough to resist histogram attack
  • ISRO supported project on "Development of encryption algorithms for Satellite Based Communications for ISRO"
  • Developing a security component to resist Cloud Insider attack. In order to bring better consumer control in the whole of cloud computing we have proposed to build a soft sensor based approach which when implemented will give the clients a better control over the operations that are performed by the provider
  • Developing a Trust model for cloud computing - Research is being conducted in a progressive fashion starting off with detailed analysis of current threats and developing a hierarchical threat model depicting all identified threats and its sub components. This is followed by building a trust model which talks about current mitigation practices against these known threats. These threats are then narrowed down to one that is of highest but not addressed well enough as an area of interest for further research
  • Advanced Threat Data Collection and Analysis Platform - We have built a network of honeypots at various locations exposing them to attackers so that attack footprints can be collected and analyzed to understand the attack behaviors
  • Employing GPGPU acceleration for Inline Alerts - Initiative to offload the high number of string/rule/pattern matching computation to GPGPU in any Inline Alert System
  • Developing a content filtering tool that can work irrespective of languages, so that it can act as a global solution