Dealing with Network Partitions and Mergers in Structured Overlay Networks

Shafaat, Tallat Mahmood

January 2009

<p>Structured overlay networks form a major classof peer-to-peer systems, which are touted for their abilitiesto scale, tolerate failures, and self-manage. Any long livedInternet-scale distributed system is destined to facenetwork partitions. Although the problem of network partitionsand mergers is highly related to fault-tolerance andself-management in large-scale systems, it has hardly beenstudied in the context of structured peer-to-peer systems.These systems have mainly been studied under churn (frequentjoins/failures), which as a side effect solves the problemof network partitions, as it is similar to massive nodefailures. Yet, the crucial aspect of network mergers has beenignored. In fact, it has been claimed that ring-based structuredoverlay networks, which constitute the majority of thestructured overlays, are intrinsically ill-suited for mergingrings. In this thesis, we present a number of research papers representing our work on handling network partitions and mergers in structured overlay networks. The contribution of this thesis is threefold. First, we provide a solution for merging ring-based structured overlays. Our solution is tuneable, by a {\em fanout} parameter, to achieve a trade-off between message and time complexity. Second, we provide a network size estimation algorithm for ring-based structured overlays. We believe that an estimate of the current network size can be used for tuning overlay parameters that change according to the network size, for instance the fanout parameter in our merger solution.Third, we extend our work from fixing routing anomalies to achieving data consistency. We argue that decreasing lookup inconsistencies on the routing level aids in achieving data consistency in applications built on top of overlays. We study the frequency of occurence of lookup inconsistencies and discuss solutions to decrease the affect of lookup inconsistencies.</p>

Structured Overlay Networks

Distributed Hash Tables

DHTs

Network Partitions

Network Mergers

Network Size Estimation

Lookup Inconsistencies

Gossiping

Computer science

Datalogi

Reliable peer to peer grid middleware

Leslie, Matthew John

January 2011

Grid computing systems are suffering from reliability and scalability problems caused by their reliance on centralised middleware. In this thesis, we argue that peer to peer middleware could help alleviate these problems. We show that peer to peer techniques can be used to provide reliable storage systems, which can be used as the basis for peer to peer grid middleware. We examine and develop new methods of providing reliable peer to peer storage, giving a new algorithm for this purpose, and assessing its performance through a combination of analysis and simulation. We then give an architecture for a peer to peer grid information system based on this work. Performance evaluation of this information system shows that it improves scalability when compared to the original centralised system, and that it withstands the failure of participant nodes without a significant reduction in quality of service. New contributions include dynamic replication, a new method for maintaining reliable storage in a Distributed Hash Table, which we show allows for the creation of more reliable, higher performance systems with lower bandwidth usage than current techniques. A new analysis of the reliability of distributed storage systems is also presented, which shows for the first time that replica placement has a significant effect on reliability. A simulation of the performance of distributed storage systems provides for the first time a quantitative performance comparison between different placement patterns. Finally, we show how these reliable storage techniques can be applied to grid computing systems, giving a new architecture for a peer to peer grid information service for the SAM-Grid system. We present a thorough performance evaluation of a prototype implementation of this architecture. Many of these contributions have been published at peer reviewed conferences.

005.3

Combined robust and fragile watermarking algorithms for still images : design and evaluation of combined blind discrete wavelet transform-based robust watermarking algorithms for copyright protection using mobile phone numbers and fragile watermarking algorithms for content authentication of digital still images using hash functions

Jassim, Taha Dawood

January 2014

This thesis deals with copyright protection and content authentication for still images. New blind transform domain block based algorithms using one-level and two-level Discrete Wavelet Transform (DWT) were developed for copyright protection. The mobile number with international code is used as the watermarking data. The robust algorithms used the Low-Low frequency coefficients of the DWT to embed the watermarking information. The watermarking information is embedded in the green channel of the RGB colour image and Y channel of the YCbCr images. The watermarking information is scrambled by using a secret key to increase the security of the algorithms. Due to the small size of the watermarking information comparing to the host image size, the embedding process is repeated several times which resulted in increasing the robustness of the algorithms. Shuffling process is implemented during the multi embedding process in order to avoid spatial correlation between the host image and the watermarking information. The effects of using one-level and two-level of DWT on the robustness and image quality have been studied. The Peak Signal to Noise Ratio (PSNR), the Structural Similarity Index Measure (SSIM) and Normalized Correlation Coefficient (NCC) are used to evaluate the fidelity of the images. Several grey and still colour images are used to test the new robust algorithms. The new algorithms offered better results in the robustness against different attacks such as JPEG compression, scaling, salt and pepper noise, Gaussian noise, filters and other image processing compared to DCT based algorithms. The authenticity of the images were assessed by using a fragile watermarking algorithm by using hash function (MD5) as watermarking information embedded in the spatial domain. The new algorithm showed high sensitivity against any tampering on the watermarked images. The combined fragile and robust watermarking caused minimal distortion to the images. The combined scheme achieved both the copyright protection and content authentication.

005.8

Robust Image Hash Spoofing

Amir Asgari, Azadeh

January 2016

With the intensively increasing of digital media new challenges has been created for authentication and protection of digital intellectual property. A hash function extracts certain features of a multimedia object e.g. an image and maps it to a fixed string of bits. A perceptual hash function unlike normal cryptographic hash is change tolerant for image processing techniques. Perceptual hash function also referred to as robust hash, like any other algorithm is prone to errors. These errors are false negative and false positive, of which false positive error is neglected compared to false negative errors. False positive occurs when an unknown object is identified as known. In this work a new method for raising false alarms in robust hash function is devised for evaluation purposes i.e. this algorithm modifies hash key of a target image to resemble a different image’s hash key without any significant loss of quality to the modified image. This algorithm is implemented in MATLAB using block mean value based hash function and successfully reduces hamming distance between target image and modified image with a good result and without significant loss to attacked imaged quality.

Robust hash function

Hamming distance

Block mean value

Spoofing attack

Elektroteknik och elektronik

Implantations cryptographiques sécurisées et outils d’aide à la validation des contremesures contre les attaques par canaux cachés

Thuillet, Céline

30 March 2012

Depuis plusieurs années, les composants dédiés à la sécurité comme les cartes à puce sont soumises à des attaques dites par canaux cachés. Ces attaques permettent d'exhiber les secrets en analysant des caractéristiques physiques comme la consommation du composant ou encore son temps d'exécution. Dans le cadre de cette thèse, deux contremesures ont été réalisées et appliquées à l'AES (algorithme de chiffrement symétrique). De plus, afin d'aider les développements futurs des contremesures et la validation de celles-ci, un simulateur a été développé. Il permet de réaliser des attaques grâce à un modèle de consommation défini dans les phases amont de développement. Enfin, j'ai pu participer aux groupes de travail qui ont proposé Shabal à la compétition SHA-3, qui vise à définir un nouveau standard pour les fonctions de hachage. Des implantations matérielles ont été réalisées par la suite. / For several years, the security components such as smart cards are subject to side channel attacks. These attacks allow to exhibit secrets by analyzing the physical characteristics such as power consumption or execution time. As part of this thesis, two countermeasures were carried out and applied to the AES (symmetric cipher). In addition, to help future development of countermeasures and their validation, a simulator was developed. It realizes attacks using a power consumption model defined in the early phases of development. Finally, I participated in working groups that have proposed Shabal to SHA-3 competition, which aims to define a new standard for hash functions. Hardware implementations have been made thereafter.

Attaques par canaux cachés

Fonctions de hachage

Carte à puce

Asic

Protections

Side channel attacks

Smartcards

ASIC

Countermeasures

Symmetric cipher

Hash functions

Lyra2: password hashing scheme with improved security against time-memory trade-offs. / LYRA2: um esquema de hash de senhas com maior segurança contra trade-offs entre processamento e memória.

Andrade, Ewerton Rodrigues

07 June 2016

To protect against brute force attacks, modern password-based authentication systems usually employ mechanisms known as Password Hashing Schemes (PHS). Basically, a PHS is a cryptographic algorithm that generates a sequence of pseudorandom bits from a user-defined password, allowing the user to configure the computational costs involved in the process aiming to raise the costs of attackers testing multiple passwords trying to guess the correct one. Traditional schemes such as PBKDF2 and bcrypt, for example, include a configurable parameter that controls the number of iterations performed, allowing the user to adjust the time required by the password hashing process. The more recent scrypt and Lyra algorithms, on the other hand, allow users to control both processing time and memory usage. Despite these advances, there is still considerable interest by the research community in the development of new (and better) alternatives. Indeed, this led to the creation of a competition with this specific purpose, the Password Hashing Competition (PHC). In this context, the goal of this research effort is to propose a superior PHS alternative. Specifically, the objective is to improve the Lyra algorithm, a PHS built upon cryptographic sponges whose project counted with the authors\' participation. The resulting solution, called Lyra2, preserves the security, efficiency and flexibility of Lyra, including: the ability to configure the desired amount of memory and processing time to be used by the algorithm; and (2) the capacity of providing a high memory usage with a processing time similar to that obtained with scrypt. In addition, it brings important improvements when compared to its predecessor: (1) it allows a higher security level against attack venues involving time-memory trade-offs; (2) it includes tweaks for increasing the costs involved in the construction of dedicated hardware to attack the algorithm; (3) it balances resistance against side-channel threats and attacks relying on cheaper (and, hence, slower) storage devices. Besides describing the algorithm\'s design rationale in detail, this work also includes a detailed analysis of its security and performance in different platforms. It is worth mentioning that Lyra2, as hereby described, received a special recognition in the aforementioned PHC competition. / Para proteger-se de ataques de força bruta, sistemas modernos de autenticação baseados em senhas geralmente empregam algum Esquema de Hash de Senhas (Password Hashing Scheme - PHS). Basicamente, um PHS é um algoritmo criptográfico que gera uma sequência de bits pseudo-aleatórios a partir de uma senha provida pelo usuário, permitindo a este último configurar o custo computacional envolvido no processo e, assim, potencialmente elevar os custos de atacantes testando múltiplas senhas em paralelo. Esquemas tradicionais utilizados para esse propósito são o PBKDF2 e bcrypt, por exemplo, que incluem um parâmetro configurável que controla o número de iterações realizadas pelo algoritmo, permitindo ajustar-se o seu tempo total de processamento. Já os algoritmos scrypt e Lyra, mais recentes, permitem que usuários não apenas controlem o tempo de processamento, mas também a quantidade de memória necessária para testar uma senha. Apesar desses avanços, ainda há um interesse considerável da comunidade de pesquisa no desenvolvimento e avaliação de novas (e melhores) alternativas. De fato, tal interesse levou recentemente à criação de uma competição com esta finalidade específica, a Password Hashing Competition (PHC). Neste contexto, o objetivo do presente trabalho é propor uma alternativa superior aos PHS existentes. Especificamente, tem-se como alvo melhorar o algoritmo Lyra, um PHS baseado em esponjas criptográficas cujo projeto contou com a participação dos autores do presente trabalho. O algoritmo resultante, denominado Lyra2, preserva a segurança, eficiência e flexibilidade do Lyra, incluindo a habilidade de configurar do uso de memória e tempo de processamento do algoritmo, e também a capacidade de prover um uso de memória superior ao do scrypt com um tempo de processamento similar. Entretanto, ele traz importantes melhorias quando comparado ao seu predecessor: (1) permite um maior nível de segurança contra estratégias de ataque envolvendo trade-offs entre tempo de processamento e memória; (2) inclui a possibilidade de elevar os custos envolvidos na construção de plataformas de hardware dedicado para ataques contra o algoritmo; (3) e provê um equilíbrio entre resistância contra ataques de canal colateral (\"side-channel\") e ataques que se baseiam no uso de dispositivos de memória mais baratos (e, portanto, mais lentos) do que os utilizados em computadores controlados por usuários legítimos. Além da descrição detalhada do projeto do algoritmo, o presente trabalho inclui também uma análise detalhada de sua segurança e de seu desempenho em diferentes plataformas. Cabe notar que o Lyra2, conforme aqui descrito, recebeu uma menção de reconhecimento especial ao final da competição PHC previamente mencionada.

Algorithms

Algoritmos

Computer security

Criptologia

Cryptology

Esquema de hash de senhas

Methodology and techniques of computing

Metodologia e técnicas de computação

Password hashing scheme

Segurança de computadores

Lyra2: password hashing scheme with improved security against time-memory trade-offs. / LYRA2: um esquema de hash de senhas com maior segurança contra trade-offs entre processamento e memória.

Ewerton Rodrigues Andrade

07 June 2016

To protect against brute force attacks, modern password-based authentication systems usually employ mechanisms known as Password Hashing Schemes (PHS). Basically, a PHS is a cryptographic algorithm that generates a sequence of pseudorandom bits from a user-defined password, allowing the user to configure the computational costs involved in the process aiming to raise the costs of attackers testing multiple passwords trying to guess the correct one. Traditional schemes such as PBKDF2 and bcrypt, for example, include a configurable parameter that controls the number of iterations performed, allowing the user to adjust the time required by the password hashing process. The more recent scrypt and Lyra algorithms, on the other hand, allow users to control both processing time and memory usage. Despite these advances, there is still considerable interest by the research community in the development of new (and better) alternatives. Indeed, this led to the creation of a competition with this specific purpose, the Password Hashing Competition (PHC). In this context, the goal of this research effort is to propose a superior PHS alternative. Specifically, the objective is to improve the Lyra algorithm, a PHS built upon cryptographic sponges whose project counted with the authors\' participation. The resulting solution, called Lyra2, preserves the security, efficiency and flexibility of Lyra, including: the ability to configure the desired amount of memory and processing time to be used by the algorithm; and (2) the capacity of providing a high memory usage with a processing time similar to that obtained with scrypt. In addition, it brings important improvements when compared to its predecessor: (1) it allows a higher security level against attack venues involving time-memory trade-offs; (2) it includes tweaks for increasing the costs involved in the construction of dedicated hardware to attack the algorithm; (3) it balances resistance against side-channel threats and attacks relying on cheaper (and, hence, slower) storage devices. Besides describing the algorithm\'s design rationale in detail, this work also includes a detailed analysis of its security and performance in different platforms. It is worth mentioning that Lyra2, as hereby described, received a special recognition in the aforementioned PHC competition. / Para proteger-se de ataques de força bruta, sistemas modernos de autenticação baseados em senhas geralmente empregam algum Esquema de Hash de Senhas (Password Hashing Scheme - PHS). Basicamente, um PHS é um algoritmo criptográfico que gera uma sequência de bits pseudo-aleatórios a partir de uma senha provida pelo usuário, permitindo a este último configurar o custo computacional envolvido no processo e, assim, potencialmente elevar os custos de atacantes testando múltiplas senhas em paralelo. Esquemas tradicionais utilizados para esse propósito são o PBKDF2 e bcrypt, por exemplo, que incluem um parâmetro configurável que controla o número de iterações realizadas pelo algoritmo, permitindo ajustar-se o seu tempo total de processamento. Já os algoritmos scrypt e Lyra, mais recentes, permitem que usuários não apenas controlem o tempo de processamento, mas também a quantidade de memória necessária para testar uma senha. Apesar desses avanços, ainda há um interesse considerável da comunidade de pesquisa no desenvolvimento e avaliação de novas (e melhores) alternativas. De fato, tal interesse levou recentemente à criação de uma competição com esta finalidade específica, a Password Hashing Competition (PHC). Neste contexto, o objetivo do presente trabalho é propor uma alternativa superior aos PHS existentes. Especificamente, tem-se como alvo melhorar o algoritmo Lyra, um PHS baseado em esponjas criptográficas cujo projeto contou com a participação dos autores do presente trabalho. O algoritmo resultante, denominado Lyra2, preserva a segurança, eficiência e flexibilidade do Lyra, incluindo a habilidade de configurar do uso de memória e tempo de processamento do algoritmo, e também a capacidade de prover um uso de memória superior ao do scrypt com um tempo de processamento similar. Entretanto, ele traz importantes melhorias quando comparado ao seu predecessor: (1) permite um maior nível de segurança contra estratégias de ataque envolvendo trade-offs entre tempo de processamento e memória; (2) inclui a possibilidade de elevar os custos envolvidos na construção de plataformas de hardware dedicado para ataques contra o algoritmo; (3) e provê um equilíbrio entre resistância contra ataques de canal colateral (\"side-channel\") e ataques que se baseiam no uso de dispositivos de memória mais baratos (e, portanto, mais lentos) do que os utilizados em computadores controlados por usuários legítimos. Além da descrição detalhada do projeto do algoritmo, o presente trabalho inclui também uma análise detalhada de sua segurança e de seu desempenho em diferentes plataformas. Cabe notar que o Lyra2, conforme aqui descrito, recebeu uma menção de reconhecimento especial ao final da competição PHC previamente mencionada.

Algoritmos

Criptologia

Esquema de hash de senhas

Metodologia e técnicas de computação

Segurança de computadores

Algorithms

Computer security

Cryptology

Methodology and techniques of computing

Password hashing scheme

Design and implementation of a blockchain shipping application

Bouidani, Maher M.

31 January 2019

The emerging Blockchain technology has the potential to shift the traditional centralized systems to become more flexible, efficient and decentralized. An important area to apply this capability is supply chain. Supply chain visibility and transparency has become an important aspect of a successful supply chain platform as it becomes more complex than ever before. The complexity comes from the number of participants involved and the intricate roles and relations among them. This puts more pressure on the system and the customers in terms of system availability and tamper-resistant data. This thesis presents a private and permisioned application that uses Blockchain and aims to automate the shipping processes among different participants in the supply chain ecosystem. Data in this private ledger is governed with the participants’ invocation of their smart contracts. These smart contracts are designed to satisfy the participants’ different roles in the supply chain. Moreover, this thesis discusses the performance measurements of this application results in terms of the transaction throughput, transaction average latency and resource utilization. / Graduate

Blockchain

Hyperledger

Public Key

Private Key

Public Key Cryptography

Shipping and Logistics

Blockchain Framework

Hash Function

Consensus

Merkle Tree

RESTful

JavaScript

以GeoJSON壓縮技術增進網路資料傳輸效能之研究 / Efficiency improvement of spatial data transmission by GeoJSON compression techniques

陳欣瑜, Chen,Hsin Yu

Unknown Date

標準化的地理資料交換格式是開放式地理資訊系統不可或缺的一環，可提供不同的平台經由統一的交換格式而順利進行資料交換。GeoJSON除了具備基本的資料互通性外，其結構簡單且容易讀取的特性為地理資訊服務軟體帶來許多效益。然而座標資料量之多寡直接影響資料傳輸效能，為提昇傳輸效率，必須配合有效的資料壓縮技術以降低傳輸之資料量。此外，GeoJSON壓縮方法的設計與結構訴求，也須融合GeoJSON的概念，以簡單、方便運用與容易了解為目標。 本研究提出一套GeoJSON壓縮技術進行空間資料的壓縮，以降低資料量而增進Web GIS地理資料傳輸的效能。除評估其壓縮效率，並透過不同規模以及不同型態的地理資料，分析影響壓縮效率的原因。最後藉由HTTP壓縮技術輔助，並從資料傳遞的時間與壓縮率，評估本研究提出的方法所帶來的成效。我們同時以單向雜湊函數，建立資料傳遞時的檢查機制，以確保資料傳遞時的正確性與一致性。 實作中，我們採用GeoJSON壓縮技術，進行座標資料的大小減量實驗，結果顯示本研究方法可以得到不錯的壓縮成果與傳輸效能，並且可避免資料傳輸發生問題。 / Standardized GIS data exchanging format is an essential part of Open GIS. This enables GIS data providers, software developers, and system integrators to exchange GIS data from different platform. The simple structure of GeoJSON not only has the data interoperability potential but also has the characteristics of easy processed and readability. These properties directly benefit the GIS service software. However, the amount of spatial information encoded in GIS documents usually has direct impact to the efficiency of GIS data transmission. In order to improve the data transmission efficiency, one has to reduce the amount of spatial data transmitted through data compression techniques. In this thesis, we proposed a data compression mechanism for spatial data. Our mechanism, co-operated with the concept of GeoJSON, aim at simple, easy to understand, and easy to use, can reduce the amount of spatial data transmitted and improve the transmission efficiency. We analyzed the compression ratio of various data types and data amounts through different base parameters. We also measured the system response time reduced using this method and compared with the combination of using our method as well as the HTTP compression modules. A one-way hashing technique is used to ensure data accuracy and consistency during the transmission processes. The experimental results show that our GeoJSON-based compression mechanism can significantly reduce the file size of spatial data and improve the efficiency of spatial data transmission. In addition, the data communication errors can be avoided.

GeoJSON

差分編碼

單向雜湊函數

GeoJSON

delta encoding

one-way hash function

Security in VoIP-Current Situation and Necessary Development

Gao, Li Li

January 2006

<p>Nowadays, VoIP is getting more and more popular. It helps company to reduce cost, extends service to remote area, produce more service opportunities, etc. Besides these advantages, VoIP also put forward security problems.</p><p>In this paper, we introduce the popular protocols in VoIP and their security mechanisms, by introducing threats to VoIP, we point out the vulnerabilities with the security mechanisms of each VoIP protocol, and give recommendation for each VoIP protocol. In the conclusion part, we evaluate the vulnerabilities of each protocol, and point out in the future, with better protocol architecture, enhanced security policies, VoIP will has a brighter future.</p>

VoIP

Security

MGCP

threats

risk

IPSec

Hash

encryption.

VoIP vulnerability

VoIP protocols

H.323. SIP

RTP

RTCP

Computer science

Datavetenskap