Appointments 
Walk-in Adv |  Others Adv |  Tenders

REGIONAL CYBER SECURITY RESEARCH CENTRE

Background & Justification

The rapidly spreading use of computers and computer networks and the many advantages of open global network interconnections also have created increasing needs of improved information security. Software solutions and tools are irreplaceable cornerstones in network security. Network security software skills are a necessity, not only for IT and security specialists, but for every computer and computer network user. All this has profound implications on IT education, but also on all education, in which the use of computers and computer networks is inevitable. An interdependent network of information technology infrastructure called cyberspace, forms the backbone of all the information needs of all nations, but major potential applications are being hindered because of serious security and privacy concerns. A new type of threat called Cyber-terrorism has started influencing the Internet adversely. To improve the identified underlying issues, many organizations need to review as to how security risks, threats and costs are identified, measured and managed. Internet Security also has been a major concern, after various security breaches. Today, even after two and a half decades, the internet still remains vulnerable to a number of attacks. Many early network protocols that now form part of the internet infrastructure were designed without security in mind and hackers are continuously deploying more sophisticated and complex methods of attack. Hence it is very important to investigate and deploy procedures by which how security is implemented, in communication networks. Information infrastructures are an eclectic mix of open and closed networks, private and public systems, the Internet, and government, military, and civilian organizations. Significant efforts are required to provide infrastructure protection, increase cooperation between sectors, and identify points of responsibility. The threats to infrastructures are many, and are increasing daily: information warfare, hackers, terrorists, criminals, activists, and even competing organizations all pose significant threats that cannot be adequately dealt with using the current infrastructure model. Because of the need for new and different organizational infrastructures, management is has to reconsider its purpose and its methods of operation. Information technology not only challenges and alters the way we produce new goods and services, but also triggers far-reaching change in institutional arrangements, social norms, and cultural values. It is playing a crucial role in our economic well being and results in a relationship among societies and nations never experienced before. Even educational institutions are being revolutionized through distance learning by the new computer-mediated communication technology and Internet-based support.

RCSRC is a security research centre being setup at the Punjab Engineering College. The primary focus of RCSRC is to conduct high quality research in the general areas of security, and performance optimization in Networking, at affordable costs. The Centre will be a platform to provide defense against other threats such as information warfare. Our mission is to develop information infrastructures into more secure and reliable infrastructures and to enhance the communication networks and protocols of today's best-effort Internet.

Vision

Future communications networks, especially wireless networks, will be more robust, more powerful and more flexible in a wide variety of operating environments, apart from being more vulnerable to cyber hacking resulting in more cyber security crimes. Hence, the urgent need to establish a Cyber Security Research Centre. The research work to be undertaken in the Cyber Security Research Centre and data collected here shall be of great benefit to the entire Research community. We aim at creating a technology rich environment conducive to constructive discussions and evolving thoughts which will lead to innovative ideas in unwiring and digitizing the world securely at affordable costs. The Vision for the RCSRC will to:

  • Aid and advise organizations in cyber security policy enforcements, conduct of security audits and incident handling.
  • Provide various IT organizations, including the Police department, consultancy for design of secure networks including deployment of Security administration software like intrusion detection, management software for security software and vulnerability checking, protection against port scanners, password crackers etc.
  • Train manpower in the cyber security related skills needed by state departments including police, network users, IT professionals, and network security specialists. By taking the policy seriously and teaching all of the stakeholders about their role in maintaining it, they will embrace the policy as an integral part of their jobs.
  • Facilitate research work for undergraduate and postgraduate students and researchers in the concerned areas.
  • Disseminate research results through journal and conference publications, technical reports, and public domain software.
  • Create a digital knowledge library in the form of WEB/FTP server consisting of information in the above mentioned areas.
  • Undertake projects with Government of India, Nasscom, IT Industry in collaboration with academia.
  • Conduct interdisciplinary training programs for state departments, IT industry and academia.

Objectives to be achieved by RCSRC:

  • Conduct high quality research in emerging areas of ICT especially cyber security, wireless mobile computing, and networking.
  • Identify key research needs and active industry partners as a sustainable way to expand research capacity at the Punjab Engineering College with special emphasis on Cyber Crimes.
  • Create an environment for graduate students to seek jobs closely aligned with their research interests or to remain in a research community supported by strong industrial relationships.
  • Create innovative solutions via commercial applications of research.
  • Foster interdisciplinary research programs.
  • Partner other cyber research organizations.
  • Cultivating new secure technologies, that provide seamless networking between heterogeneous networks, to deliver connectivity at lower cost and higher bandwidth for increased productivity.
  • To maintain high quality of confidentiality and authentic solutions scalable for low-power devices in networks.
  • Safeguard security of campus network systems.

Key Areas identified for Research work by RCSRC:

  • Design & developments of Secure Network Protocols & Algorithms.
  • Network and systems security protocols, Architecture & Performance Measurements & Analysis.
  • Low Cost Secure Wireless network & Mobile Communication & Converged Access Devices.
  • Wireless LAN Modeling, Analysis, Deployment & Testing
  • Effectively Design technologies such as MANET, 802.11, 3G/4G, Ultra Wide Band, 802.16 and Bluetooth.
  • Development and deployment of cost-effective and relevant services in such areas as e-Governance, e-learning, telemedicine.

Design and development of security administration software.
Network Monitoring, Biometric devices, Surveillance and Forensics through Intelligent traffic Analysis.

Delieverable

The Cyber Security Research Centre will carry out studies and hosts seminars that move society towards rational and informed discussion of these critical changes. Center’s mission is to encourage, promote, facilitate, and execute interdisciplinary research in areas related to the nexus of society and the Internet. Future computer and communications networks will be more robust, more powerful and secure and more flexible under a wide variety of operating environments. The research work to be undertaken in the Centre and data collected here shall be of great benefit to the entire Research community who shall be perusing the similar area. We aim at creating a technology rich environment conducive to constructive discussions and evolving thoughts which will lead to innovative ideas in unwiring and digitizing the world securely at affordable costs. Besides the centre will:

  • Aid and advise organizations in cyber security policy enforcements, conduct of security audits and incident handling.
  • Provide various IT organizations, including the Police department, consultancy for design of secure networks including deployment of Security administration software like intrusion detection, management software for security software and vulnerability checking, protection against port scanners, password crackers etc.
  • Train manpower in the cyber security related skills needed by state departments including police, network users, IT professionals, and network security specialists. By taking the policy seriously and teaching all of the stakeholders about their role in maintaining it, they will embrace the policy as an integral part of their jobs.
  • Facilitate research work for undergraduate and postgraduate students and researchers in the concerned areas.
  • Disseminate research results through journal and conference publications, technical reports, and public domain software.
  • Create a digital knowledge library in the form of WEB/FTP server consisting of information in the above mentioned areas.
  • Undertake projects with Government of India, Nasscom, IT Industry in collaboration with academia.
  • Conduct interdisciplinary training programs for state departments, IT industry and academia.

Plan of Action

Setting up of the Centre

This Regional Cyber Security Research Centre will be established in the Punjab Engineering College in collaboration with Chandigarh Administration and NASSCOM. The technical consultancy will be provided by NASSCOM and the funding to the project will be by Department of Information Technology, Chandigarh Administration, which will be done through Society for Promotion of Information Technology, Chandigarh.

Statement of Task:

This project will involve a survey of the research effort in cyber security and trustworthiness to assess the current mix of topics, level of effort, division of labor, sources of funding, and quality; describe those research areas that merit federal funding, considering short-, medium-, and long-term emphases and taking third-generation capabilities as a starting point; and recommend the necessary level for federal funding in cyber security research. Contemporary explorations of cyber security issues by a variety of parties will be factored into this examination. Technologies and approaches conventionally associated with cyber security and trustworthiness will be examined to identify those areas most deserving of attention in the future. In addition, this project will also seek to identify and explore models and technologies not traditionally considered to be within cyber security and trustworthiness in an effort to generate ideas for revolutionary advances in cyber security. Structural alternatives for the oversight and allocation of funding (how to best allocate existing funds and how best to program new funds that may be made available) will be considered and the Board of Mentors will provide corresponding recommendations.

Plan Envisaged for Capacity Building

At the very onset the RCSRC would begin its setting up in terms of Capacity Building. We see the central aspect of "capacity building" as a shared effort among all those involved in the programme to develop collectively our capacity for conducting excellent research around the important set of questions that drive our programme The Capacity Building will be categorized as follows:

Infrastructural Resources

The Capacity Building in terms of Infrastructural Resources would be started immediately. The activities classified under the same are as follows:

  • Renovation of the Building: Identifying key architects and getting the site renovated to present state of the art environment suitable for conducive research. The 2000 Sq. feet of area identified in the Department of Computer Sciences & Engineering, PEC, Chandigarh is to be renovated. The Engineering Department, UT has been asked to initiate this activity in consultation with the Director IT and the Centre Coordinators
  • Purchase of hardware and software has been started by SPIC.

Purchase of hardware and software has been started by SPIC.

Manpower

The Capacity building in terms of Manpower will be accomplished through learning by doing.

Training

Training the manpower in existing technologies and new tools and strategies. The Training shall be disseminated at various levels which shall act as human resource for the conduct of the entire activities to be undertaken. The profiles can be:

  • In-house Faculty and faculty of other Engineering Colleges.
  • Defense Personnel
  • Research Associates & Project Associates recruited in the Centre
  • N/W & System Administrators of Chandigarh Administration.
  • Chandigarh Police

Besides this, the Undergraduate and postgraduate students can also be induced in the Centre for carrying out Research & development activities. Besides other formal curricula they can be professionally trained so that they can constructively contribute in disseminating useful results.

Extension Services

Outreach, through collaborations that deploy our security technology and encourage knowledge transfer for both public and private benefits will be undertaken. Dissemination of information related to Cyber Security will be done aggressively to increase community awareness of security technology, challenges and solutions. Special Cyber Safety events shall be organized as a part of Extension Services to spread awareness.

Research

To provide thought leadership to the nation and to the world among academics, practitioners, and policymakers. Collaborative research shall follow up so that academic researchers work hand in hand with industry researchers. Key research projects be identified based upon the manpower developed after the conduct of training mentioned above. RCSRC research shall improve our ability to design secure computer and network systems and protect them from attacks, enables people and organizations to form secure trust relationships across networked computing devices, and improves our understanding of the social, economic, and policy barriers to the development and deployment of such technology. The Center shall engage a multidisciplinary team of researchers and faculty and educate students in the broad field of cyber security. The Center shall focus on research in key technologies related to preparation for and response to emergencies at national, state and local levels. The RCSRC shall leverage prior applied research from military and civilian applications to develop new technologies unique to emergency preparedness and response. The research shall be geared toward the needs of first responders, incident commanders, emergency management officials and medical personnel. Drawing on the strengths from Computer Science & Engineering & IT, and NASSCOM the Center shall be a valuable regional and national asset for the development of emergency readiness and response technology.

Proposed Projects

The abstracts of proposed Research projects that will be initiated in RCSRC are mentioned below:

Project-I
Title: Self defensive approach towards P2P worms exploits

Peer-to-peer (P2P) overlay networks enjoy enormous and ever increasing popularity both in real-life deployment (e.g., Gnutella and KaZaA) and also in the research community. While security issues for P2P networks have received attention, the main focus remains on ensuring correct operations within a P2P network in the face of failures and malicious participants. Examples include maintaining the internal structure of a P2P network and fair sharing of resources. The threats that a large scale P2P network deployment poses to Internet security have largely been ignored. P2P worms exploit common vulnerabilities in member hosts of a P2P network and spread topologically in the P2P network, a potentially more effective strategy than random scanning for locating victims. This project shall identify the danger posed by P2P worms and initiate the study of possible mitigation mechanisms. In particular, the project shall explore the feasibility of a self-defense infrastructure inside a P2P network, outline challenges, and evaluate how well this defense mechanism contains P2P worms, and reveal correlations between containment and the overlay topology of a P2P network. The project shall layout a number of design directions to improve the resilience of P2P networks to worm attacks.

Project-II
Title: Secure Wireless City

The establishment of wireless city plays an essential role on such various government projects around the world. The challenge of this item is to provide valuable suggestions, including networking, security, and administration considerations, for building the secure wireless city. To provide a technical survey, the integration of heterogeneous wireless networks technologies will be investigated in and around Chandigarh. Additionally, current status and future trend of security considerations on deploying large-scale wireless networks will be analyzed.

The following are tentatively identified as an area

  • The survey and analysis of wireless cities.
  • The threat model analysis of wireless city, conducted.
  • The authentication issues on WiFi and WiMAX.
  • WiFi-WiMAX, inter-networking seamless roaming.
  • Extended VPN of secure wireless city.
  • Practical applications on secure wireless city.
Project-III
Title: Digital Image Forensics

It is probably fair to say that it is no longer true that seeing is believing. The ease with which digital media can and is being manipulated and altered is simply stunning. At least one consequence of this is that images and video recordings no longer hold the unique stature as a definitive recording of events. And, while the technology to alter digital media is developing at break-neck speeds, the technology to contend with the ramifications is lagging seriously behind. There is, therefore, a critical need to develop tools to detect tampering in digital media. To this end, we will develop statistical tools for detecting tampering in digital images.

Project-IV
Title : Security through analysis and measurement for wireless LANs

With the rise of Voice over wireless LAN (VoWLAN), any complete WiFi security solution must address denial of service attacks, such as kicking off other clients, consuming excessive bandwidth, or spoofing access points, to the detriment of legitimate clients. Even authorized clients may be able to sufficiently disrupt service quality to make the network ineffective for legitimate clients. Our approach will provide a new foundation for wireless network security, ability to dynamically measure, analyze and protect a WiFi network against existing and novel threats, including rogue clients and access points, with a focus on VoWLAN use cases. Our goal is to support thousands of APs and clients, quickly recognize most new attacks, and generate few false alarms.

Project-V
Title : New Methods of Spoof Detection in 802.11 Wireless Networking

The explosive growth of 802.11 networks has coincided with an increased presence of security threats to these networks. A large proportion of these threats are in the form of spoof attacks. Spoof attacks involve one device assuming the identity of another to perform malicious behavior. The available security tools to detect such behavior are quite limited. Current methods of sequence number analysis simply detect gaps in the monotonic incrementing series of sequence numbers in transmitted frames. However, these methods result in large amounts of false positives on wireless networks which experience even small amounts of frame loss. The unpredictable nature of environmental effects on signal propagation and a lack of signal strength stability due to calibration drift in low-quality wireless networking cards present significant challenges to using signal strength to detect wireless spoofs. A new methodology can thus be developed that can perform better detection and give less false positive rates than the popular tool: Snort-wireless’s MacSpoof.

Project VI
Title : Securing WLANs on top of 802.1x

The project shall explore the practical problem of secure decentralized authentication and access control in wireless networks— WLANs (802.11 & 802.16). Many organizations are interested in securing connection access to their wireless (and wired) networks but the problem of accommodating guests continues to impede real deployments. This project will transform a working prototype solving this problem into ready-to-use technology that can be added to an 802.1x authenticated network. This project shall also explore a deeper problem: if the trust flow expressed by an infrastructure’s clever PKI does not match the trust flow the human organization requires, then the human users will find a way to achieve their goals that breaks the infrastructure. This project’s approach marries the security of standard X.509 PKI tools with the flexibility of delegation.

As the implementation of the project progresses, more research projects will be added and also the scope of the existing ones will be enhanced.