pp. 1752-1756, IEEE LATIN AMERICA TRANSACTIONS, VOLUME: 10, ISSUE: 3, APRIL 20

Abstract: Modern enterprise infrastructures adopt multilayer network architectures and heterogeneous server environments in order to efficiently fulfill each organization’s goals and objectives. These complex network architectures have resulted in increased demands of information security measures. Each organization needs to effectively deal with this major security concerns, forming a security policy according to its requirements and objectives. An efficient security policy must be proactive in order to provide sufficient defense layers against a variety of known and unknown attack classes and cases. This proactive approach is usually interpreted wrongly in only up-to-date software and hardware. Regular updates are necessary, although, not enough, because potential mis-configurations and design flaws cannot be located and patched, making the whole network vulnerable to attackers. In this paper we present how a comprehensive security level can be reached through extensive Penetration Tests (Ethical Hacking). We present a Penetration Test methodology and framework capable to expose possible exploitable vulnerabilities in every network layer. Additionally, we conducted an extensive analysis of a network penetration test case study against a network simulation lab setup, exposing common network mis-configurations and their security implications to the whole network and its users.

Index Terms:
penetration testing, network security, ethical hacking, proactive security policy

Authors:
Anestis Bechtsoudis
Computer Engineering and Informatics Department (CEID)
University of Patras, GREECE
e-mail: abechtsoudis [ at ] ieee.org

Nicolas Sklavos
Informatics & MM Dept., Branch of Pyrgos
Technological Educational Institute of Patras
Pyrgos, ZIP 27100, GREECE
e-mail: nsklavos [ at ] ieee.org

Download Full Paper

Download Full Paper (local mirror)

Copyright Notice

A. Bechtsoudis

Abstract — The block cipher designers assume that the secret information will be manipulated in close and reliable computing environments. Unfortunately, this isn’t feasible because actual computing units and chips have implementation information leakage during their operation. Side channel cryptanalysis exploits this implementation data, in order to extract cipher’s secret information. In this paper, we discuss the current state-of the art of side channel cryptanalysis. We also analyze the different categories of side channel attacks and examine how concrete attacks against FPGA devices leads to secret information reveal.

Authors:

Anestis Bechtsoudis
Computer Engineering and Informatics Department (CEID)
University of Patras, GREECE
mpechtsoud [ at ] ceid.upatras.gr

Nicolas Sklavos
Informatics & MM Dept., Branch of Pyrgos
Technological Educational Institute of Patras
Pyrgos, ZIP 27100, GREECE
e-mail: nsklavos [ at ] ieee.org

Download full paper

Download presentation poster

Copyright Notice

A. Bechtsoudis