Koustav Sadhukhan scite author profile

Koustav Sadhukhan

2Publications

4Citation Statements Received

17Citation Statements Given

How they've been cited

How they cite others

Affiliations

Defence Research and Development Organisation

Publications

Order By: Most citations

Identification of Bugs and Vulnerabilities in TLS Implementation for Windows Operating System Using State Machine Learning

Yadav

Sadhukhan

2019

View full text Add to dashboard Cite

TLS protocol is an essential part of secure Internet communication. In past, many attacks have been identified on the protocol. Most of these attacks are due to flaws in protocol implementation. The flaws are due to improper design and implementation of program logic by programmers. One of the widely used implementation of TLS is SChannel which is used in Windows operating system since its inception. We have used "protocol state fuzzing" to identify vulnerable and undesired state transitions in the state machine of the protocol for various versions of SChannel. The client as well as server components have been analyzed thoroughly using this technique and various flaws have been discovered in the implementation. Exploitation of these flaws under specific circumstances may lead to serious attacks which could disrupt secure communication. In this paper, we analyze state machine models of TLS protocol implementation of SChannel library and describe weaknesses and design flaws in these models, found using protocol state fuzzing.

show abstract

Cyber Attack Thread: A control-flow based approach to deconstruct and mitigate cyber threats

Sadhukhan

Mallari

Yadav

2015

View full text Add to dashboard Cite

Abstract-Attacks in cyberspace have got attention due to risk at privacy, breach of trust and financial losses for individuals as well as organizations. In recent years, these attacks have become more complex to analyze technically, as well as to detect and prevent from accessing confidential data. Although there are many methodologies and mechanisms which have been suggested for cyber-attack detection and prevention, but not from the perspective of an attacker. This paper presents the cyberdefence as hindrances, faced by the attacker, by understanding attack thread and defence possibilities with existing security mechanisms. Seven phases of Cyber Attack Thread are introduced and technical aspects are discussed with reference to APT attacks. The paper aims for security practitioner and administrators as well as for the general audience to understand the attack scenario and defensive security measures.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.