Manik Lal Das

Yash Mehta, Dev Patel, Manik Lal Das

A unique identification for citizens can lead to effective governance to manage and provide citizen-centric services. While ensuring this service, privacy of the citizens needs to be preserved. Aadhaar, the identification system by UIDAI has faced some critics regarding its privacy preserving feature. This paper discusses those concerns in Aadhaar system and proposed a new model for the Aadhaar system. The proposed solution is aimed to address the issue of collusion of third party service providers and profiling of Aadhaar users. The proposed solution uses a distributed model capturing the Aadhaar system, in which data of users is decentralized and stored in zonal office's databases as well as the CIDR. The proposed solution provides the functioning of the authentication process of the Aadhaar system more effective, as it reduces the number of requests being handled directly by the CIDR and also tackles the concern of correlation of data.

Tikam Alma, Manik Lal Das

Modern web applications are dominated by HTTP/HTTPS messages that consist of one or more headers, where most of the exploits and payloads can be injected by attackers. According to the OWASP, the 80 percent of the web attacks are done through HTTP/HTTPS requests queries. In this paper, we present a deep learning based web application attacks detection model. The model uses auto-encoder that can learn from the sequences of word and weight each word or character according to them. The classification engine is trained on ECML-KDD dataset for classification of anomaly queries with respect to specific attack type. The proposed web application detection engine is trained with anomaly and benign web queries to achieve the accuracy of receiver operating characteristic curve of 1. The experimental results show that the proposed model can detect web applications attack successfully with low false positive rate.

Atrayee Deb, Saloni Dalal, Manik Lal Das

The growing popularity of digital systems have paved the way for digital locker that ensures security and safety of the digital documents in store. While facilitating this system to user and availing its services offered by service provider, non-repudiation of service offered and service consumed is an important security requirement in the digital locker system. In this paper, we present a digital locker system that addresses the aspect of confidentiality, integrity, and non-repudiation along with other security properties. The proposed protocol ensures the confirmed participation of the user as well as the service provider while accessing the digital locker. The protocol is analyzed against potential threats in the context of safety and security of the digital locker system.

Rahul Saranjame, Manik Lal Das

This report gives a novel technique of image encryption and authentication by combining elements of Visual Cryptography and Public Key Cryptography. A prominent attack involving generation of fake shares to cheat honest users has been described and a demonstration of the proposed system employing a centralised server to generate shares and authenticate them on the basis of requests is made as a counter to the described attack.

Harsh N Thakker, Mayank Saha, Manik Lal Das

Given a cloud-based anonymous data storage system, there are two ways for managing the nodes involved in file transfers. One of them is using reputations and the other uses a micropayment system. In reputation-based approach, each node has a reputation associated with it, which is used as a currency or feedback collection for file exchange operations. There have been several attempts over the years to develop a strong and efficient reputation system that provides credibility, fairness, and accountability. One such attempt was the Free Haven Project that provides a strong foundation for cloud-based anonymous data storage systems. The work proposed in this paper is motivated by the Free Haven Project aimed at developing a reputation system that facilitates dynamic operations such as adding servers, removing servers and changing role of authorities. The proposed system also provides algorithm for scoring and maintaining reputations of the servers in order to achieve credibility, accountability and fairness.