Mecanismo de Segurança Ciente do Contexto para Computação em Nuvem Móvel. / Security mechanism for context-aware computing mobile cloud.

AROUCHA, Cláudio Manoel Pereira

27 May 2015

Submitted by Maria Aparecida (cidazen@gmail.com) on 2017-08-31T13:25:42Z No. of bitstreams: 1 Claudio Manoel.pdf: 2235875 bytes, checksum: 09f2ae854210974f87252bad3c5b1df9 (MD5) / Made available in DSpace on 2017-08-31T13:27:28Z (GMT). No. of bitstreams: 1 Claudio Manoel.pdf: 2235875 bytes, checksum: 09f2ae854210974f87252bad3c5b1df9 (MD5) Previous issue date: 2015-05-27 / The use and popularity of mobile devices has been growing vertiginously, as well an the cloud computing as instrument to store data and services, making feasible the combination of these two technologies. One of the biggest obstacles is the mobile device’s security and ergonomics to provide security for transporting its data without performance degradation. This work proposes a context-aware security mechanism for mobile devices in cloud computing. In addition, it is used the TLS technology to create a secure channel of data sent between mobile device’s client and the cloud server, authenticating them via public key cryptography. At the same time, it provides an appropriate level of security, and analyses the context of the mobile device from the Fuzzy logic. The impact of the mechanism on the mobile device’s performance were measured through experiments. / O uso e a popularidade dos dispositivos móveis vem crescendo vertiginosamente, bem como a computação em nuvem como instrumento para armazenar dados e serviços, tornando-se viável a união dessas duas tecnologias. Um dos maiores obstáculos é a questão da segurança e ergonomia do dispositivo móvel que necessita provê-lo ao trafegar dados sem haver degradação de seu desempenho. Este trabalho propõe então um mecanismo de segurança ciente do contexto para Computação em Nuvem Móvel. Em adição, utiliza-se a tecnologia Transport Layer Security (TLS) para criar um canal seguro de envio de dados entre o cliente do dispositivo móvel e o servidor da Nuvem, autenticando-o por meio de criptografia de chave pública. Paralelamente, para prover um nível de segurança apropriado, analisase o contexto do dispositivo móvel a partir da lógica Fuzzy. O impacto do mecanismo no desempenho do dispositivo móvel foi medido por meio de experimentos.

Sistemas de Informação

Ontology mapping: a logic-based approach with applications in selected domains

Wong, Alfred Ka Yiu, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2008

In advent of the Semantic Web and recent standardization efforts, Ontology has quickly become a popular and core semantic technology. Ontology is seen as a solution provider to knowledge based systems. It facilitates tasks such as knowledge sharing, reuse and intelligent processing by computer agents. A key problem addressed by Ontology is the semantic interoperability problem. Interoperability in general is a common problem in different domain applications and semantic interoperability is the hardest and an ongoing research problem. It is required for systems to exchange knowledge and having the meaning of the knowledge accurately and automatically interpreted by the receiving systems. The innovation is to allow knowledge to be consumed and used accurately in a way that is not foreseen by the original creator. While Ontology promotes semantic interoperability across systems by unifying their knowledge bases through consensual understanding, common engineering and processing practices, it does not solve the semantic interoperability problem at the global level. As individuals are increasingly empowered with tools, ontologies will eventually be created more easily and rapidly at a near individual scale. Global semantic interoperability between heterogeneous ontologies created by small groups of individuals will then be required. Ontology mapping is a mechanism for providing semantic bridges between ontologies. While ontology mapping promotes semantic interoperability across ontologies, it is seen as the solution provider to the global semantic interoperability problem. However, there is no single ontology mapping solution that caters for all problem scenarios. Different applications would require different mapping techniques. In this thesis, we analyze the relations between ontology, semantic interoperability and ontology mapping, and promote an ontology-based semantic interoperability solution. We propose a novel ontology mapping approach namely, OntoMogic. It is based on first order logic and model theory. OntoMogic supports approximate mapping and produces structures (approximate entity correspondence) that represent alignment results between concepts. OntoMogic has been implemented as a coherent system and is applied in different application scenarios. We present case studies in the network configuration, security intrusion detection and IT governance & compliance management domain. The full process of ontology engineering to mapping has been demonstrated to promote ontology-based semantic interoperability.

semantic interoperability

ontology

ontology mapping

compliance management

network management

network security intrusion detection

network configuration management

integrated network management

Mappings (Mathematics)

Mobile IPv4 Secure Access to Home Networks

Tang, Jin

29 June 2006

With the fast development of wireless networks and devices, Mobile IP is expected to be used widely so that mobile users can access the Internet anywhere, anytime without interruption. However, some problems, such as firewall traversal and use of private IP addresses, restrict use of Mobile IP. The objective of this thesis is to design original schemes that can enable a mobile node at abroad to access its home network as well as the Internet securely and that can help Mobile IP to be used widely and commercially. Our solutions are secure, efficient, and scalable. They can be implemented and maintained easily. In this thesis, we mainly consider Mobile IPv4, instead of Mobile IPv6. Three research topics are discussed. In each topic, the challenges are investigated and the new solutions are presented. The first research topic solves the firewall traversal problems in Mobile IP. A mobile node cannot access its firewall-protected home network if it fails the authentication by the firewall. We propose that an IPsec tunnel be established between the firewall and the foreign agent for firewall traversal and that an IPsec transport security association be shared by the mobile node and a correspondent node for end-to-end security. The second topic researches further on firewall traversal problems and investigates the way of establishing security associations among network entities. A new security model and a new key distribution method are developed. With the help of the security model and keys, the firewall and the relevant network entities set up IPsec security associations to achieve firewall traversal. A mobile node from a private home network cannot communicate with other hosts with its private home address when it is visiting a public foreign network. A novel and useful solution is presented in the third research topic. We suggest that the mobile node use its Network Access Identifier (NAI) as its identification and obtain a public home address from its home agent. In addition, a new tunnel between the mobile node and its home agent is proposed.

Private addresses

AAA

IPsec

Firewall

Network security

Mobile IP

Wireless Internet

Computer networks Security measures

Firewalls (Computer security)

Mobile agents (Computer software)

Certificate revocation list distribution in vehicular ad hoc networks

Nowatkowski, Michael E.

05 April 2010

The objective of this research is to investigate improved methods for distributing certificate revocation lists (CRLs) in vehicular ad hoc networks (VANETs). VANETs are a subset of mobile ad hoc networks composed of network-equipped vehicles and infrastructure points, which will allow vehicles to communicate with other vehicles and with roadside infrastructure points. While sharing some of the same limitations of mobile ad hoc networks, such as lack of infrastructure and limited communications range, VANETs have several dissimilarities that make them a much different research area. The main differences include the size of the network, the speed of the vehicles, and the network security concerns. Confidentiality, authenticity, integrity, and availability are some of the standard goals of network security. While confidentiality and authenticity at times seem in opposition to each other, VANET researchers have developed many methods for enhancing confidentiality while at the same time providing authenticity. The method agreed upon for confidentiality and authenticity by most researchers and the IEEE 1609 working group is a public key infrastructure (PKI) system. An important part of any PKI system is the revocation of certificates. The revocation process, as well as the distribution of revocation information, is an open research problem for VANETs. This research develops new methods of CRL distribution and compares them to existing methods proposed by other researchers. The new methods show improved performance in various vehicle traffic densities.

Network security

Vehicular ad hoc network

Simulation

IEEE 1609

Certificate revocation list

ns-3

Computer networks Security measures

Key Distribution In Wireless Sensor Networks

Gupta, Abhishek

06 1900

In the last few years, wireless sensor networks (WSNs) have become a very actively researched area. The impetus for this spurt of interest were developments in wireless technologies and low-cost VLSI, that made it possible to build inexpensive sensors and actuators. Each such device has limited computational power, memory and energy supply. Nevertheless, because of the low cost, such devices can be deployed in large numbers, and can thereafter form a sensor network. Usually, one or more base stations are also present which act as sink nodes. When sensors are deployed in hostile environments, security becomes an integral part for such type of networks. A first step in this direction is to provide secure communication between any two nodes and between a node and the base station. Since the public key cryptographic techniques are computationally expensive for resource constrained sensors, one need to rely on symmetric key cryptography for secure communication. The distribution and management of cryptographic keys poses a unique challenge in sensor networks. One requires efficient key distribution algorithms for such type of networks. In this thesis, we address the problem of secure path key establishment in wireless sensor networks. We first propose a pairwise key distribution algorithm for probabilistic schemes. Inspired by the recent proxy-based schemes, we introduce a friend-based scheme for establishing pairwise keys securely. We show that the chances of finding friends in a neighbourhood are considerably more than that of finding proxies, leading to lower communication overhead. Further, we prove that the friend-based scheme performs better than the proxy-based scheme both in terms of resilience against node capture as well as in energy consumption for pairwise key establishment. A recent study has shown that the advantages of the probabilistic approach over the deterministic approach, are not as much as people have believed. Thus, we focus our attention on deterministic schemes in which we first discuss why one cannot use the conventional security measure for determining the resilience of a key distribution scheme in case of schemes in which nodes share more than one key. Then, we propose a new and a more general security metric for measuring the resilience of a key distribution scheme in wireless sensor networks. Further, we present a polynomial-based scheme and a novel complete connectivity scheme for distributing keys to sensors and show an analytical comparison, in terms of security and connectivity, between the schemes. Motivated by the schemes, we derive general expressions for the new security measure and the connectivity. A number of conclusions are made using these general expressions. Then, we conclude our work with a number of future directions that can be followed with this piece of work.

Wireless Communication Networks

Sensors

Detectors

Sensor Network Security

Wireless Sensor Networks (WSNs)

Key Distribution Algorithms

Pairwise Keys

Key Management

Key Distribution

Communciation Engineering

Μοντέλα ασυνήθους δικτυακής κυκλοφορίας σε TCP/IP δικτυακά υπολογιστικά περιβάλλοντα / Models of abnormal network traffic in TCP/IP networking computer environments

Κομνηνός, Θεόδωρος

16 March 2009

Στην διδακτορική διατριβή αναπτύξαμε μοντέλα για την ασυνήθη δικτυακή κυκλοφορία βασισμένη σε χαρακτηριστικά της TCP/IP επικοινωνίας ανάμεσα σε υπολογιστικά συστήματα, αλλά και στην συμπεριφορά συστημάτων και χρηστών κάτω από επιθέσεις ιών και δικτυακών σκουληκιών. Για την ανάπτυξη συνδυάσαμε το μαθηματικό φορμαλισμό πάνω σε πραγματικά χαρακτηριστικά που εντοπίσαμε πως υπάρχουν σχεδόν σε όλες τις προσπάθειες επίθεσης προς υπολογιστικά και δικτυακά συστήματα από προσπάθειες επιτιθέμενων, αλλά και με αυτοματοποιημένα συστήματα μετάδοσης ιών. Υλοποιήσαμε ένα πραγματικό κατανεμημένο σύστημα έγκαιρης και έγκυρης προειδοποίησης και λήψης άμεσων μέτρων για την προστασία δικτύων υπολογιστών από τη διάδοση των ιών και από τις διαρκώς εξελισσόμενες επιθέσεις των hackers. Τέλος η αυξανόμενη παρουσία δυνατοτήτων για fast worms μας παρακίνησε να μοντελοποιήσουμε την συμπεριφορά ιών που μεταδίδονται μέσα από τα κοινωνικά δίκτυα που σχηματίζονται από τον κατάλογο που έχουν οι χρήστες για γνωστούς και φίλους σε e-mail και Instant Messaging. Προτείνουμε λοιπόν δύο μοντέλα: ένα μοντέλο που περιγράφει την συμπεριφορά fast worms βασισμένα σε κοινωνικά δίκτυα στηριζόμενοι στο μαθηματικό μοντέλο σε Constraint Satisfaction Problems (CSP), αλλά και ένα μοντέλο για τη μετάδοση ιών και την εξουδετέρωσή τους, που λαμβάνει υπόψη την δικτυακή κίνηση και την λειτουργία των εξυπηρετητών βασισμένοι στο M/M/1 μοντέλο ουρών. Στην διατριβή προτείνουμε ένα είδος διαδραστικότητας ανάμεσα στους antivirus Agents και τους ιούς και αναλύουμε ένα μαθηματικό μοντέλο για την διάδοση πληθυσμού ιών και antivirus βασισμένα σε θεωρίες ουρών. / In this PhD Thesis we developed models for the abnormal network traffic based on TCP/IP communication protocol of computer systems, and the behavior of systems and users under viruses and worms attacks. For the development we combined mathematical formalism on real attributes that characterize almost all attacking efforts of hackers, virus and worms against computers and networking systems. Our main goal was based upon the theoretic models we proposed, to provide a useful tool to deal with intrusions. Thus we developed a Software Tool for Distributed Intrusion Detection in Computer Networks. Based on an improved model we produced a real time distributed detection system for early warning administrators of worm and virus propagation and hackers’ attacks. Also in this work we propose a discrete worm rapid propagation model based on social networks that are built using the address book of e-mail and instant messaging clients using the mathematic formalism of Constraint Satisfaction Problems (CSP). The address book, which reflects the acquaintance profiles of people, is used as a “hit-list”, to which the worm can send itself in order to spread fast. We also model user reaction against infected email as well as the rate at which antivirus software is installed. We then propose a worm propagation formulation based on a token propagation algorithm, further analyzed with a use of a system of continuous differential equations, as dictated by Wormald’s theorem on approximating “well-behaving” random processes with deterministic functions. Finally in this work we present a virus propagation and elimination model that takes into account the traffic and server characteristics of the network computers. This model partitions the network nodes into perimeter and non-perimeter nodes. Incoming/outgoing traffic of the network passes through the perimeter of the network, where the perimeter is defined as the set of the servers which are connected directly to the internet. All network nodes are assumed to process tasks based on the M/M/1 queuing model. We study burst intrusions (e.g. Denial of Service Attacks) at the network perimeter and we propose a kind of interaction between these agents that results using the formalism of distribution of network tasks for Jackson open networks of queues.

Ασφάλεια υπολογιστών

Ασφάλεια δικτύων

Ασυνήθη κυκλοφορία

Διάδοση ιών

Μοντελοποίηση

TCP/IP

005.84

Computer security

Network security

Abnormal behavior

Virus propagation

Modelling

TCP/IP

Detection of malicious user communities in data networks

Moghaddam, Amir

04 April 2011

Malicious users in data networks may form social interactions to create communities in abnormal fashions that deviate from the communication standards of a network. As a community, these users may perform many illegal tasks such as spamming, denial-of-service attacks, spreading confidential information, or sharing illegal contents. They may use different methods to evade existing security systems such as session splicing, polymorphic shell code, changing port numbers, and basic string manipulation. One way to masquerade the traffic is by changing the data rate patterns or use very low (trickle) data rates for communication purposes, the latter is focus of this research. Network administrators consider these communities of users as a serious threat. In this research, we propose a framework that not only detects the abnormal data rate patterns in a stream of traffic by using a type of neural network, Self-organizing Maps (SOM), but also detect and reveal the community structure of these users for further decisions. Through a set of comprehensive simulations, it is shown in this research that the suggested framework is able to detect these malicious user communities with a low false negative rate and false positive rate. We further discuss ways of improving the performance of the neural network by studying the size of SOM's.

Malicious users

Self organizing maps

Community detection

Network security

Neural networks

Network data management

Peer-to-peer network communications

Correlation-based Botnet Detection in Enterprise Networks

Gu, Guofei

07 July 2008

Most of the attacks and fraudulent activities on the Internet are carried out by malware. In particular, botnets, as state-of-the-art malware, are now considered as the largest threat to Internet security. In this thesis, we focus on addressing the botnet detection problem in an enterprise-like network environment. We present a comprehensive correlation-based framework for multi-perspective botnet detection consisting of detection technologies demonstrated in four complementary systems: BotHunter, BotSniffer, BotMiner, and BotProbe. The common thread of these systems is correlation analysis, i.e., vertical correlation (dialog correlation), horizontal correlation, and cause-effect correlation. All these Bot* systems have been evaluated in live networks and/or real-world network traces. The evaluation results show that they can accurately detect real-world botnets for their desired detection purposes with a very low false positive rate. We find that correlation analysis techniques are of particular value for detecting advanced malware such as botnets. Dialog correlation can be effective as long as malware infections need multiple stages. Horizontal correlation can be effective as long as malware tends to be distributed and coordinated. In addition, active techniques can greatly complement passive approaches, if carefully used. We believe our experience and lessons are of great benefit to future malware detection.

Malware detection

Network security

Anomaly detection

Intrusion detection

Local area networks (Computer networks)

Computer networks Security measures

Computer crimes

Correlation (Statistics)

Ontology mapping: a logic-based approach with applications in selected domains

Wong, Alfred Ka Yiu, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2008

In advent of the Semantic Web and recent standardization efforts, Ontology has quickly become a popular and core semantic technology. Ontology is seen as a solution provider to knowledge based systems. It facilitates tasks such as knowledge sharing, reuse and intelligent processing by computer agents. A key problem addressed by Ontology is the semantic interoperability problem. Interoperability in general is a common problem in different domain applications and semantic interoperability is the hardest and an ongoing research problem. It is required for systems to exchange knowledge and having the meaning of the knowledge accurately and automatically interpreted by the receiving systems. The innovation is to allow knowledge to be consumed and used accurately in a way that is not foreseen by the original creator. While Ontology promotes semantic interoperability across systems by unifying their knowledge bases through consensual understanding, common engineering and processing practices, it does not solve the semantic interoperability problem at the global level. As individuals are increasingly empowered with tools, ontologies will eventually be created more easily and rapidly at a near individual scale. Global semantic interoperability between heterogeneous ontologies created by small groups of individuals will then be required. Ontology mapping is a mechanism for providing semantic bridges between ontologies. While ontology mapping promotes semantic interoperability across ontologies, it is seen as the solution provider to the global semantic interoperability problem. However, there is no single ontology mapping solution that caters for all problem scenarios. Different applications would require different mapping techniques. In this thesis, we analyze the relations between ontology, semantic interoperability and ontology mapping, and promote an ontology-based semantic interoperability solution. We propose a novel ontology mapping approach namely, OntoMogic. It is based on first order logic and model theory. OntoMogic supports approximate mapping and produces structures (approximate entity correspondence) that represent alignment results between concepts. OntoMogic has been implemented as a coherent system and is applied in different application scenarios. We present case studies in the network configuration, security intrusion detection and IT governance & compliance management domain. The full process of ontology engineering to mapping has been demonstrated to promote ontology-based semantic interoperability.

semantic interoperability

ontology

ontology mapping

compliance management

network management

network security intrusion detection

network configuration management

integrated network management

Mappings (Mathematics)

Segurança em gerenciamento de redes baseado em web services / Security in web services-based network management

Rohr, Estêvão Miguel Zanette

January 2009

A área de gerência de redes encontra uma série de desafios desde seu príncipio. O protocolo que surgiu como padrão para gerência de redes, o SNMP, possui uma série de limitações, por exemplo, no tocante à segurança, configuração de equipamentos e composição de serviços. Por essa razão, tecnologias alternativas para o gerenciamento de redes têm sido pesquisadas. A tecnologia de Web Services surgiu como forte alternativa, por características como o uso de padrões amplamente suportados (HTTP e XML) e modelo de desenvolvimento orientado a serviços. Pesquisas iniciais demonstraram que os Web Services são uma alternativa viável em termos de desempenho. Assim, o uso de Web Services em áreas específicas de gerência de redes, como notificações e gerência por delegação, tem sido pesquisado. Porém, há carência de estudos sobre o uso de segurança no gerenciamento de redes via Web Services. Os Web Services trazem facilidade para uso de segurança, que é vital para a gerência de redes, e este é o foco deste trabalho. É proposta uma arquitetura de integração de segurança à comunicação de mensagens de gerenciamento de redes via Web Services. Para isso, foram utilizados o padrão WS-Security, para segurança em Web Services, e o padrão WS-Management, para gerenciamento de redes via Web Services. Também foi integrado controle de acesso à arquitetura, com uso do padrão XACML. Uma avaliação de desempenho foi realizada para verificar o impacto do uso de segurança, e comparações com SNMPv3 foram realizadas na solução de controle de acesso via XACML. Os testes mostram que, como é tradicional, a segurança tem impacto considerável no tempo de processamento e tráfego na rede. Porém, a arquitetura e implementação realizadas comprovam que, também na área de segurança, a tecnologia de Web Services tem aplicação eficaz para o gerenciamento de redes. / The network management field has several challenges since its beginning. The standard protocol for network management, SNMP, has many drawbacks, related to security, device configuration, and service composition. For these reason, alternative technologies for network management have been investigated. Web Services technology emerged as a strong solution, due to advantages such as employing widely supported standards (HTTP and XML) and service-oriented development model. The first performed investigations in the area showed that Web Services are a valid alternative to SNMP in terms of performance. Thus, Web Services usage in specific areas of network management, such as notifications and management by delegation, have been researched. However, there are currently no studies on security aspects of Web Services-based network management. Web Services enable easy integration of security, which is mandatory for network management, and this is the main goal of this work. An architecture is proposed for security integration in a network management message communication using Web Services. The standards used in this architecture were WSSecurity, which enables security in Web Services, and WS-Management, which targets Web Services-based network management. Access control integration was also developed, using XACML standard. A performance evaluation was carried out in order to verify security usage impact, and comparisons with SNMPv3 were performed in XACML access control solution. Tests showed that, as expected, security has a considerable impact in processing time and network traffic. However, the architecture and implementation show that, also in the security area, the Web Services technology has effective aplication in network management.

Redes : Computadores

Gerencia : Redes : Computadores

Serviços Web

Network management

SNMP

Web services

Security

Network security

Web services security

Access control

WS-security

XACML

WS-management

VACM