Analyses, Mitigation and Applications of Secure Hash Algorithms

Al-Odat, Zeyad Abdel-Hameed

January 2020

Cryptographic hash functions are one of the widely used cryptographic primitives with a purpose to ensure the integrity of the system or data. Hash functions are also utilized in conjunction with digital signatures to provide authentication and non-repudiation services. Secure Hash Algorithms are developed over time by the National Institute of Standards and Technology (NIST) for security, optimal performance, and robustness. The most known hash standards are SHA-1, SHA-2, and SHA-3. The secure hash algorithms are considered weak if security requirements have been broken. The main security attacks that threaten the secure hash standards are collision and length extension attacks. The collision attack works by finding two different messages that lead to the same hash. The length extension attack extends the message payload to produce an eligible hash digest. Both attacks already broke some hash standards that follow the Merkle-Damgrard construction. This dissertation proposes methodologies to improve and strengthen weak hash standards against collision and length extension attacks. We propose collision-detection approaches that help to detect the collision attack before it takes place. Besides, a proper replacement, which is supported by a proper construction, is proposed. The collision detection methodology helps to protect weak primitives from any possible collision attack using two approaches. The first approach employs a near-collision detection mechanism that was proposed by Marc Stevens. The second approach is our proposal. Moreover, this dissertation proposes a model that protects the secure hash functions from collision and length extension attacks. The model employs the sponge structure to construct a hash function. The resulting function is strong against collision and length extension attacks. Furthermore, to keep the general structure of the Merkle-Damgrard functions, we propose a model that replaces the SHA-1 and SHA-2 hash standards using the Merkle-Damgrard construction. This model employs the compression function of the SHA-1, the function manipulators of the SHA-2, and the $10*1$ padding method. In the case of big data over the cloud, this dissertation presents several schemes to ensure data security and authenticity. The schemes include secure storage, anonymous privacy-preserving, and auditing of the big data over the cloud.

authorization

big data

cloud computing

cryptography

hash algorithms

security

Návrh IS pro sdílení bibliografických citací a dokumentů / Proposal of IS for Sharing Bibliographic Citations and Documents

Mráz, Jaroslav

January 2013

This diploma thesis deals with the design of an information system for sharing documents and bibliographical citations with the main emphasis put on using a cloud solution. The theoretical part explains the terms related to cloud computing and its application, the importance of citation and methods for the evaluation of information systems. Subsequent chapters of the theoretical part explain why citation is important and what methods are used for the assessment of an information system. The practical part provides an overview of the currently available solutions for developing an implemented information system. Moreover, an outline of the system illustrated via UML diagrams is included.

Modelo Tecnológico de Reconocimiento Facial para la Identificación de Pacientes en el Sector Salud

La Madrid Arroyo, Diego Alonso, Barriga Rivera, Martín Humberto

01 December 2019

El fraude médico y los ciberataques en el sector sanitario son fenómenos en aumento. La suplantación de identidad es una modalidad de fraude que tiene como propósito asumir la identidad de otra persona en una institución médica para obtener bienes y servicios médicos a las aseguradoras presentando reclamaciones falsas obteniendo un beneficio económico. Por lo tanto, afecta a la población asegurada ya que involucra un monto invertido, tiempo y servicio brindado. Sólo es necesario presentar documentos de identidad para ser atendido, la cual puede ser una medida de verificación y validación de alto riesgo para el paciente si se trata de algún fraude, debido a que cuando una persona usa la identidad médica de la víctima para obtener servicios médicos o medicamentos con receta, esa información se incorpora a la historia clínica electrónica de la víctima y puede complicar su atención médica en el futuro. Identificar al paciente de forma segura e inequívoca es de vital importancia para el paciente, impidiendo que nadie pueda suplantar su identidad. El presente proyecto detalla el desarrollo de un modelo tecnológico que tiene como objetivo la identificación de pacientes mediante un servicio cognitivo de reconocimiento facial en Cloud computing para cubrir la necesidad que tienen los sectores de salud de prevenir la suplantación de identidad. Además, en caso de emergencias, se alerta a los parientes del paciente identificado el estado de salud en el que se encuentra mediante un mensaje de texto. Se espera que el modelo les permita a los pacientes ser atendidos sin la necesidad de contar con un documento de identidad en caso se encuentren en estado de emergencia y prevenir fraudes como las suplantaciones de identidad. Finalmente, se definirá un plan de continuidad que contenga mecanismos de respaldo en tiempo real para la disponibilidad y confiabilidad. Asimismo, se contará con recursos a nivel de software, los cuales serán detallados en base a características, especificaciones y uso. / Medical fraud and cyber-attacks in the health sector are increasing phenomena. Impersonation is a form of fraud whose purpose is to assume the identity of another person in a medical institution to obtain medical goods and services to insurers by presenting false claims obtaining an economic benefit. Therefore, it affects the insured population as it involves an amount invested, time and service provided. It is only necessary to present identity documents to be treated, which can be a measure of verification and validation of high risk for the patient if it is a fraud, because when a person uses the victim's medical identity to obtain services doctors or prescription drugs, that information is incorporated into the victim's electronic medical record and may complicate their medical care in the future. Identifying the patient safely and unequivocally is of vital importance to the patient, preventing anyone from supplanting their identity. This project details the development of a technological model that aims to identify patients through a cognitive facial recognition service on cloud computing to cover the need of health sectors to prevent phishing. In addition, the closest relatives of the identified patient will be alerted to the state of health in which they are in a text message. The model is expected to allow patients to be treated without the need to have an identity document in case they are in a state of emergency and prevent fraud such as phishing. Finally, a continuity plan will be defined that contains real-time backup mechanisms for availability and reliability. Also, there will be resources at the software level, which will be detailed based on features, specifications and use. / Tesis

Reconocimiento Facial

Sector Salud

Cloud computing

Modelo Tecnológico

Essays on Cloud Computing Analytics

Singh, Vivek Kumar

12 March 2019

This dissertation research focuses on two key aspects of cloud computing research – pricing and security using data-driven techniques such as deep learning and econometrics. The first dissertation essay (Chapter 1) examines the adoption of spot market in cloud computing and builds IT investment estimation models for organizations adopting cloud spot market. The second dissertation essay (Chapter 2 and 3) studies proactive threat detection and prediction in cloud computing. The final dissertation essay (Chapter 4) develops a secured cloud files system which protects organizations using cloud computing in accidental data leaks.

Cloud computing

pricing

security

machine learning

Next Generation Cloud Computing Architectures: Performance and Pricing

Mahajan, Kunal

January 2021

Cloud providers need to optimize the container deployments to efficiently utilize their network, compute and storage resources. In addition, they require an attractive pricing strategy for the compute services like containers, virtual machines, and serverless computing in order to attract users, maximize their profits and achieve a desired utilization of their resources. This thesis aims to tackle the twofold challenge of achieving high performance in container deployments and identifying the pricing for compute services. For performance, the thesis presents a transport-adaptive network architecture (D-TAIL) improving tail latencies. Existing transport protocols such as Homa, pFabric [1, 2] utilize Shortest Remaining Processing Time (SRPT) scheduling policy which is known to have starvation issues for long flows as SRPT prioritizes short flows. D-TAIL addresses this limitation by taking age of the flow in consideration while deciding the priority. D-TAIL shows a maximum reduction of 72%, 29.66% and 28.39% in 99th-percentile FCT for transport protocols like DCTCP, pFabric and Homa respectively. In addition, the thesis also presents a container deployment design utilizing peer-to-peer network and virtual file system with content-addressable storage to address the problem of cold starts in existing container deployment systems. The proposed deployment design increases compute availability, reduces storage requirement and prevents network bottlenecks. For pricing, the thesis studies the tradeoffs between serverless computing (SC) and traditional cloud computing (virtual machine, VM) using realistic cost models, queueing theoretic performance models, and a game theoretic formulation. For customers, we identify their workload distribution between SC and VM to minimize their cost while maintaining a particular performance constraint. For cloud provider, we identify the SC and VM prices to maximize its profit. The main result is the identification and characterization of three optimal operational regimes for both customers and the provider, that leverage either SC or VM only, or both, in a hybrid configuration.

Computer science

Cloud computing

Computer industry--Prices

Computer network architectures

Capacity Management Approaches for Compute Clouds

Sedaghat, Mina

January 2013

Cloud computing provides the illusion of a seamless, infinite resource pool with flexibleon-demand accessibility. However, behind this illusion there are thousands ofservers and peta-bytes of storage, running tens of thousands of applications accessedby millions of users. The management of such systems is non-trivial because theyface elastic demand, have heterogeneous resources, must fulfill diverse managementobjectives, and are vast in scale.Autonomic computing techniques can be used to tackle the complex problem ofresource management in cloud data centers by introducing self-managing elementsknown as autonomic managers. Each autonomic manager should be capable of managingitself while simultaneously contributing to the fulfillment of high level systemwideobjectives. A wide range of approaches and mechanisms can be used to defineand design these autonomic managers as well as to organize them and coordinate theiractions in order to achieve specific goals.This thesis investigates autonomic approaches for cloud resource management thataim to optimize the cloud infrastructure layer with respect to various high level objectives.The resource management problem is formulated as a problem of optimizationwith respect to one or more management objectives such as cost, profitability, or datacenter utilization, as well as performance concerns such as response time, quality ofservice, and rejection rates. The aim of the reported investigations is to address theproblems of cost-efficient elastic resource provisioning, unified management of cloudresources, and scalability in cloud resource management. This is achieved by introducingthree new concepts in capacity management: the Repacking, Holistic, and Peerto Peer approaches.

Cloud computing

Capacity Management

Computer Sciences

Datavetenskap (datalogi)

Propuesta de un marco de trabajo en Cloud Computing para el soporte de la evolución tecnológica en una Institución Pública

Polo Urbina, Karina Tatiana, Ruiz Wilson, Yuri Antonovich

09 January 2020

La Institución Pública es un organismo encargado de la recaudación en el Perú vinculado al Ministerio de Economía y Finanzas, y tiene como Misión transformarse en la administración tributaria y aduanera más exitosa, moderna y respetada de la región. Para eso desde hace algunos años la institución ha comenzado a lanzar iniciativas de proyectos de software que utilicen cloud computing, para que de esta forma puedan trabajar de manera más eficiente la gestión y compra de infraestructura, así como poder atender la demanda creciente de servicios digitales solicitados por los contribuyentes. La presente tesis analizó la forma de cómo la Institución Pública fue adoptando cloud computing en sus proyectos de software, y como esta adopción puede ser mejorada al contar con un marco de trabajo que le permita tener pautas de cómo lanzar iniciativas que involucren en su desarrollo el uso de cloud como base tecnológica, y como esto debe estar alineada a la estrategia de crecimiento de servicios digitales que la Institución Pública desea ir cubriendo poco a poco para mejora su servicio hacia los contribuyentes. / The Public Organization is an institution in charge of tax collection in Peru, and linked to the Ministry of Economy and Finance, and has as its main mission to become the most successful, modern and respected tax and customs administration in the region. For this reason, for some years ago, the institution has begun to launch software project initiatives that use cloud computing, so that they can work more efficiently in the management and purchase of infrastructure, as well as being able to meet the growing demand for digital services. requested by taxpayers The current thesis analyzed how the Public Organization was adopting cloud computing in its software projects, and how this adoption can be improved, by having a framework that allows it to have guidelines on how to launch initiatives that involve in its development the use of Cloud as a technology base, and how this should be aligned with the digital services growth strategy that the Public Organization wishes to gradually cover to improve its service to taxpayers. / Trabajo de investigación

Cloud computing

Arquitectura de referencia

Servicios cloud

Reference architecture

Cloud service

Modelo de una solución ECM Open Source basado en cloud computing para una PYME del sector manufactura / Cloud-based Open-Source Enterprise Content Management Model at a SME operating in the Manufacturing sector

Montesinos Rosales, Andrea Yadira, Salas Villacorta, Rolando Sebastian

27 January 2020

En la actualidad, las empresas deben mantener estructurados y organizados todos sus recursos de información, desean también tener un canal que unifique todo en un solo repositorio con el objetivo de darle una estructura y ponerlos a rápida disposición de sus colaboradores, clientes y proveedores logrando optimizar sus procesos y obteniendo una ventaja competitiva, ya que la información estará siempre ordenada y disponible cuando se necesite. Es por ello que para lograr este objetivo muchas de las empresas implementan software de gestión de contenido empresarial (ECM). Con estos sistemas, las empresas no solo mantienen organizada y estructurada su información, sino también logran crear un ambiente colaborativo que ayuda a gestionar y mejorar el trabajo en equipo que se da dentro de la organización, a la vez es posible que puedan crear un canal de intercambio de información con su entorno, respondiendo las necesidades de sus clientes, proveedores o entidades gubernamentales. Con el paso del tiempo y los avances tecnológicos, los ECM han ido evolucionando, ahora están siendo potenciados por la presencia del Cloud Computing y gracias a ella ahora no solo se puede organizar información y colaborar desde el ambiente mismo de trabajo con un dispositivo asignado, sino desde cualquier parte y desde cualquier dispositivo que tenga acceso a internet. Gracias también a la tecnología Cloud, los ECM están llegando al alcance de todo tipo de empresas, incluidas PYMES. El presente proyecto está destinado a mostrar un modelo de implementación de un software ECM potenciado por Cloud en una PYME. / In this days, companies must keep structured and organized all their information resources, they also want to have a channel that unifies everything in a single repository in order to make them available quickly to their employees, customers and suppliers improving his processes and obtaining a competitive advantage, making the information always structured and available when needed. That is why to achieve this goal many of the companies implement enterprise content management (ECM) software. With these systems, companies will not only organize and structure their information, they can also create a collaborative environment that helps manage and improve the teamwork, while it is possible that they can create a channel for exchanging information with its environment, responding to the needs of its customers, suppliers or government entities. With the passage of time and technological advances, ECMs have been evolving, they are now being enhanced by the presence of Cloud Computing and thanks to it, now it is not only possible to organize information and collaborate from the same working environment with an assigned device, it’s now possible work from anywhere and from any device that has internet access. Thanks also to Cloud technology, ECMs are reaching the reach of all types of companies, including SMEs. This project is intended to show a model of implementation of an ECM software powered by Cloud in an SME. / Tesis

Gestión empresarial

Cloud computing

Open source

Business management

Scalable Scheduling Policies with Performance Guarantees for Cloud Applications

Psychas, Konstantinos

January 2020

We study three models of job scheduling in a distributed server system. For each of them we suggest scheduling algorithms that are computationally efficient and provably achieve a performance objective related to the model. For this we consider jobs to be an abstraction of executable programs that request specific resources e.g. memory, CPU. Resources need to be reserved in one of the servers for the duration the programs run, which is unknown. The first model considers queue-based scheduling algorithms, in which jobs belong to a finite set of types and each type has a separate queue. The scheduling objective under this formulation is to keep the size of all queues bounded, which translates to bounded queuing delay. The two families of algorithms for this model can achieve the objective for the maximum theoretical workload. Most importantly they follow vastly different paradigms and are both viable alternatives depending on what other trade-offs the scheduling has to achieve. The second model considers that resource requirements of jobs come from an unknown distribution. Jobs are queued and the objective is again to keep the number of jobs in the queue bounded and consequently the queuing delay. In this harder formulation there is no previous characterization of the maximum workload that can achieve the objective. We provide such a characterization and algorithms that achieve at least 2/3 of that maximum. Lastly, we consider a model without queues in which jobs are admitted or rejected on arrival, with the goal to maximize the total utility of the jobs that run. Algorithms of this model were proven to achieve at least 1/2 of the maximum, but further analysis suggests that this limit can be as high as 1 − e (exponent -1). In all models we made simplifying assumptions that allow us to prove the desired properties of the system, but despite the theoretical nature of this work, we also discuss how the algorithms can be applied and tailored to the needs of different cloud applications. We hope they will eventually inspire improvements to existing cloud infrastructure management deployments.

Electrical engineering

Cloud computing

Application software

Job analysis--Computer programs

Multi-tenant portál pro evidenci a správu osobních údajů a souhlasů o jejich zpracování

Kalas, Petr

January 2019

This thesis deals with design and implementation of personal data and consents to the processing of personal data management portal with multitenancy support. The work deals with theoretical basis for the portal design in the field of personal data protection and cloud software development. The final design is implemented and deployed in production environment.