Date of Award

3-26-2020

Document Type

Thesis

Degree Name

Master of Science in Computer Engineering

Department

Department of Electrical and Computer Engineering

First Advisor

Scott R. Graham, PhD

Abstract

This thesis presents a novel security system developed for a multi-channel communication architecture, which achieves security by distributing the message and its associated message authentication code across the available channels at the bit level, to support systems that require protection from confidentiality and integrity attacks without relying solely on traditional encryption. One contribution of the work is to establish some helpful terminology, present a basic theory for multi-channel communications, describe the services provided by an optimal system, and then implement a proof of concept system to demonstrate the concept's validity. This proof of concept, focused on the splitting and recombination activities, operates by using existing key exchange mechanisms to establish system initialization information, and then splitting the message in fragments across each available channel. Splitting prevents the entirety of a given message from being transmitted across a single channel, and spreads the overall message authentication across the set of channels. This gives the end user the following unique service: the sender and receiver can identify a compromised channel, even in the presence of a sophisticated man in the middle attack wherein the adversary achieves fragment acceptance at the destination by altering the message's error detecting code. Under some conditions, the receiver can recover the original message without retransmission, despite these injected errors. The resulting system may be attractive for critical infrastructure communications systems as a holistic approach to both availability and a defense against integrity attacks. This system would be a natural fit as a cipher suite for a future iteration of the Transport Layer Security protocol targeting support for multi-channel communication systems.

AFIT Designator

AFIT-ENG-MS-20-M-026

DTIC Accession Number

AD1102923

Download

Share

COinS