• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 46
  • 10
  • 3
  • 3
  • 2
  • 2
  • 2
  • 1
  • Tagged with
  • 84
  • 84
  • 59
  • 28
  • 26
  • 23
  • 21
  • 21
  • 18
  • 16
  • 15
  • 14
  • 13
  • 13
  • 12
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
61

Ασφαλή και έμπιστα πρωτόκολλα επικοινωνιών με χρήση κρυπτογραφίας και κρυπτανάλυσης

Λιάγκου, Βασιλική 24 October 2008 (has links)
Στην διδακτορική διατριβή αναπτύξαμε ασφαλή και έμπιστα πρωτόκολλα επικοινωνιών εισάγοντας ένα νέο μοντέλο έμπιστου συστήματος που ικανοποιεί τις συνεχώς εξελισσόμενες απαιτήσεις των υπολογιστικών συστημάτων. Για την ανάπτυξη του μοντέλου μας συνδυάσαμε την μαθηματική λογική και τα φαινόμενα κατωφλίου που προκύπτουν ασυμπτωτικά στην ανάπτυξη των συνδυαστικών δομών. Η βασική ιδέα της διδακτορικής διατριβής είναι ότι στα δυναμικά γενικά συστήματα υπολογισμού δεν μπορεί η έννοια της εμπιστοσύνης και της ασφάλειας να είναι στατική. Πιστεύουμε ότι ένα έμπιστο και ασφαλές σύστημα θα πρέπει να μελετάται με στατιστικές, ασυμπτωτικές παραμέτρους, καθώς τα τμήματα του συστήματος εξελίσσονται. Κατά συνέπεια, ο κύριος στόχος μας είναι να καθορίσουμε την εμπιστοσύνη ως μια ιδιότητα του συστήματος που «εμφανίζεται» όταν ισχύουν ασυμπωτικά, σχεδόν βέβαια ένα σύνολο λογικών ιδιοτήτων στις τυχαίες δομές επικοινωνίας, οι οποίες διαμορφώνουν τα συστήματα υπολογισμού. Στην διδακτορική διατριβή καθορίζονται διάφορες ιδιότητες που σχετίζονται με την ασφάλεια και εμπιστοσύνη του συστήματος και εκφράζονται χρησιμοποιώντας την λογική πρώτης ή δεύτερης τάξης και ταυτόχρονα ορίζονται και οι προϋποθέσεις κάτω από τις οποίες αυτές οι ιδιότητες εμφανίζονται στο όριο τους, καθώς το σύστημα αυξάνεται. Στην παρούσα εργασία χρησιμοποιούμε μοντέλα γράφων που μπορούν ρεαλιστικά να περιγράψουν ένα δυναμικό και συνεχώς εξελισσόμενο δίκτυο και δείχνουμε ότι αυτά τα μοντέλα μπορεί να χρησιμοποιηθούν για να ικανοποιούν διάφορες ``καλές'' ιδιότητες, οι οποίες του επιτρέπουν μια ασφαλή επικοινωνία. Το τελευταίο διάστημα παρουσιάζουν αρκετό ερευνητικό και επιστημονικό ενδιαφέρον τα ασύρματά δίκτυα που χρησιμοποιούν συσκευές με μικρούς πόρους σε μνήμη και ενέργεια. Επιπλέον η διδακτορική διατριβή περιλαμβάνει τον σχεδιασμό και την υλοποίηση νέων κρυπτογραφικών πρωτοκόλλων διαχείρισης κλειδιού σε τέτοια ασύρματα δυναμικά δίκτυα . Εδώ παρουσιάζουμε κρυπτογραφικά πρωτόκολλα που είναι κατάλληλα για μια μη στατική δομή δικτύου, τα οποία δεν απαιτούν συγκεκριμένη τοπολογία δικτύου και στηρίζονται μόνο στις απλές περιορισμένου φάσματος ανταλλαγές μηνυμάτων. Για να μπορέσουμε να αναπτύξουμε αυτά τα πρωτόκολλα βασιστήκαμε σε γνωστές κρυπταναλιτικές μεθόδους χρησιμοποιώντας πρωτόκολλα κρυπτογράφησης και αποκρυπτογράφησης. Τέλος η μελέτη μας δίνει έμφαση στα πλεονεκτήματα και τα μειονεκτήματα των πρωτοκόλλων μας δεδομένης της διαθέσιμης τεχνολογίας, των αντίστοιχων κριτηρίων αποδοτικότητας (ενέργεια, χρόνος) και του παρεχόμενου επιπέδου ασφάλειας. / In this Phd thesis,, we try to use formal logic and threshold phenomena that asymptotically emerge with certainty in order to build new trust models and to evaluate the existing one. The departure point of our work is that dynamic, global computing systems are not amenable to a static viewpoint of the trust concept, no matter how this concept is formalized. We believe that trust should be a statistical, asymptotic concept to be studied in the limit as the system's components grow according to some growth rate. Thus, our main goal is to define trust as an emerging system property that ``appears'' or "disappears" when a set of properties hold, asymptotically with probability$ 0$ or $1$ correspondingly . Here we try to combine first and second order logic in order to analyze the trust measures of specific network models. Moreover we can use formal logic in order to determine whether generic reliability trust models provide a method for deriving trust between peers/entities as the network's components grow. Our approach can be used in a wide range of applications, such as monitoring the behavior of peers, providing a measure of trust between them, assessing the level of reliability of peers in a network. Wireless sensor networks are comprised of a vast number of ultra-small autonomous computing, communication and sensing devices, with restricted energy and computing capabilities, that co-operate to accomplish a large sensing task. Sensor networks can be very useful in practice. Such systems should at least guarantee the confidentiality and integrity of the information reported to the controlling authorities regarding the realization of environmental events. Therefore, key establishment is critical for the protection in wireless sensor networks and the prevention of adversaries from attacking the network. Finally in this dissertation we also propose three distributed group key establishment protocols suitable for such energy constrained networks. This dissertation is composed of two parts. Part I develops the theory of the first and second order logic of graphs - their definition, and the analysis of their properties that are expressible in the {\em first order language} of graphs. In part II we introduce some new distributed group key establishment protocols suitable for sensor networks. Several key establishment schemes are derived and their performance is demonstrated.
62

Crypto-processor - architecture, programming and evaluation of the security

Gaspar, Lubos 16 November 2012 (has links) (PDF)
Architectures of cryptographic processors and coprocessors are often vulnerable to different kinds of attacks, especially those targeting the disclosure of encryption keys. It is well known that manipulating confidential keys by the processor as ordinary data can represent a threat: a change in the program code (malicious or unintentional) can cause the unencrypted confidential key to leave the security area. This way, the security of the whole system would be irrecoverably compromised. The aim of our work was to search for flexible and reconfigurable hardware architectures, which can provide high security of confidential keys during their generation, storage and exchange while implementing common symmetric key cryptographic modes and protocols. In the first part of the manuscript, we introduce the bases of applied cryptography and of reconfigurable computing that are necessary for better understanding of the work. Second, we present threats to security of confidential keys when stored and processed within an embedded system. To counteract these threats, novel design rules increasing robustness of cryptographic processors and coprocessors against software attacks are presented. The rules suggest separating registers dedicated to key storage from those dedicated to data storage: we propose to partition the system into the data, cipher and key zone and to isolate the zones from each other at protocol, system, architectural and physical levels. Next, we present a novel HCrypt crypto-processor complying with the separation rules and thus ensuring secure key management. Besides instructions dedicated to secure key management, some additional instructions are dedicated to easy realization of block cipher modes and cryptographic protocols in general. In the next part of the manuscript, we show that the proposed separation principles can be extended also to a processor-coprocessor architecture. We propose a secure crypto-coprocessor, which can be used in conjunction with any general-purpose processor. To demonstrate its flexibility, the crypto-coprocessor is interconnected with the NIOS II, MicroBlaze and Cortex M1 soft-core processors. In the following part of the work, we examine the resistance of the HCrypt cryptoprocessor to differential power analysis (DPA) attacks. Following this analysis, we modify the architecture of the HCrypt processor in order to simplify its protection against side channel attacks (SCA) and fault injection attacks (FIA). We show that by rearranging blocks of the HCrypt processor at macroarchitecture level, the new HCrypt2 processor becomes natively more robust to DPA and FIA. Next, we study possibilities of dynamically reconfiguring selected parts of the processor - crypto-coprocessor architecture. The dynamic reconfiguration feature can be very useful when the cipher algorithm or its implementation must be changed in response to appearance of some vulnerability. Finally, the last part of the manuscript is dedicated to thorough testing and optimizations of both versions of the HCrypt crypto-processor. Architectures of crypto-processors and crypto-coprocessors are often vulnerable to software attacks targeting the disclosure of encryption keys. The thesis introduces separation rules enabling crypto-processor/coprocessors to support secure key management. Separation rules are implemented on novel HCrypt crypto-processor resistant to software attacks targetting the disclosure of encryption keys
63

Implementa??o e an?lise de desempenho dos protocolos de criptografia neural e Diffie-Hellman em sistemas RFID utilizando uma plataforma embarcada

Firmino Filho, Jos? Mac?do 16 December 2009 (has links)
Made available in DSpace on 2014-12-17T14:55:40Z (GMT). No. of bitstreams: 1 JoseMF.pdf: 585000 bytes, checksum: d743090da952a3d8b178ffb4048abd4b (MD5) Previous issue date: 2009-12-16 / Coordena??o de Aperfei?oamento de Pessoal de N?vel Superior / RFID (Radio Frequency Identification) identifies object by using the radio frequency which is a non-contact automatic identification technique. This technology has shown its powerful practical value and potential in the field of manufacturing, retailing, logistics and hospital automation. Unfortunately, the key problem that impacts the application of RFID system is the security of the information. Recently, researchers have demonstrated solutions to security threats in RFID technology. Among these solutions are several key management protocols. This master dissertations presents a performance evaluation of Neural Cryptography and Diffie-Hellman protocols in RFID systems. For this, we measure the processing time inherent in these protocols. The tests was developed on FPGA (Field-Programmable Gate Array) platform with Nios IIr embedded processor. The research methodology is based on the aggregation of knowledge to development of new RFID systems through a comparative analysis between these two protocols. The main contributions of this work are: performance evaluation of protocols (Diffie-Hellman encryption and Neural) on embedded platform and a survey on RFID security threats. According to the results the Diffie-Hellman key agreement protocol is more suitable for RFID systems / Identifica??o por r?dio freq??ncia, tamb?m chamada de RFID (Radio Frequency Identification), representa uma tecnologia de transmiss?o de dados sem fio. Estes dados s?o relacionados principalmente a c?digos de identifica??o. A tecnologia RFID vem apresentando um grande potencial de utiliza??o em setores da automa??o industrial, residencial e hospitalar. No entanto, estas aplica??es podem resultar em riscos a seguran?a e privacidade dos usu?rios. Recentemente, pesquisadores v?m apresentando poss?veis solu??es as amea?as de seguran?a da tecnologia. Entre estas solu??es est?o os protocolos de distribui??o de chaves criptogr?ficas. O presente trabalho tem como objetivo realizar uma avalia??o de desempenho dos protocolos de Criptografia Neural e Diffie-Hellman na gera??o de chaves em sistemas RFID. Para isso, iremos mensurar o tempo de processamento destes protocolos. Para os testes foi desenvolvido uma plataforma em FPGA (Field-Programmable Gate Array) com o processador embarcado Nios IIr. Sobre esta plataforma foram utilizados os protocolos de Criptografia Neural e Diffie-Hellman no processo de gera??o de chaves criptogr?ficas. A metodologia de pesquisa baseia-se na agrega??o de conhecimento ao desenvolvimento de novos sistemas RFID atrav?s de uma an?lise comparativa entre esses dois protocolos de seguran?a da informa??o. As principais contribui??es deste trabalho s?o: avalia??o de desempenho dos protocolos (Diffie- Hellman e Criptografia Neural) em uma plataforma embarcada e um levantamento bibliogr?fico de pesquisas relacionadas ? seguran?a da informa??o em sistemas RFID. Nos resultados obtidos foi poss?vel observar que o protocolo de Diffie-Hellman ? mais apropriado para sistemas RFID
64

GDPR: Securing Personal Data in Compliance with new EU-Regulations

Bitar, Hadi, Jakobsson, Björn January 2017 (has links)
New privacy regulations bring new challenges to organizations that are handling and processing personal data regarding persons within the EU. These challenges come mainly in the form of policies and procedures but also with some opportunities to use technology often used in other sectors to solve problems. In this thesis, we look at the new General Data Protection Regulation (GDPR) in the EU that comes into full effect in May of 2018, we analyze what some of the requirements of the regulation means for the industry of processing personal data, and we look at the possible solution of using hardware security modules (HSMs) to reach compliance with the regulation. We also conduct an empirical study using the Delphi method to ask security professionals what they think the most important aspects of securing personal data, and put that data in relation to the identified compliance requirements of the GDPR to see what organizations should focus on in their quest for compliance with the new regulation. We found that a successful implementation of HSMs based on industry standards and best practices address four of the 35 identified GDPR compliance requirements, mainly the aspects concerning compliance with anonymization through encryption, and access control. We also deduced that the most important aspect of securing personal data according to the experts of the Delphi study is access control followed by data inventory and classification.
65

Data Security Architecture Considerations for Telemetry Post Processing Environments

Kalibjian, Jeff 10 1900 (has links)
Telemetry data has great value, as setting up a framework to collect and gather it involve significant costs. Further, the data itself has product diagnostic significance and may also have strategic national security importance if the product is defense or intelligence related. This potentially makes telemetry data a target for acquisition by hostile third parties. To mitigate this threat, data security principles should be employed by the organization to protect telemetry data. Data security is in an important element of a layered security strategy for the enterprise. The value proposition centers on the argument that if organization perimeter/internal defenses (e.g. firewall, IDS, etc.) fail enabling hostile entities to be able to access data found on internal company networks; they will be unable to read the data because it will be encrypted. After reviewing important encryption background including accepted practices, standards, and architectural considerations regarding disk, file, database and application data protection encryption strategies; specific data security options applicable to telemetry post processing environments will be discussed providing tangible approaches to better protect organization telemetry data.
66

Energy Efficient Secure Key Management Schemes for WSNs and IoT

Wen, Wen January 2016 (has links)
Secret sharing is critical to most applications making use of security and remains one of the most challenging research areas in modern cryptography. In this thesis, we propose a novel efficient multi-secret sharing scheme based on the Chinese remainder theorem (CRT) with two verification methods, while the previous works are mostly based on the Lagrange polynomial. Key management schemes play an important role in communication security in Wireless Sensor Networks (WSNs). While the previous works mainly targeting on two different types of WSNs: distributed and hieratical, in this thesis, we propose our flexible WSN key management scheme, which is based on (n,t,n) multi-secret sharing technique, to provide a key management solution for heterogeneous architecture. The powerful key managers are responsible for most of the communicational and computational workload. They can provide Peer-to-Peer pair-wise keys for a pair of sensors to establish a secure communication session, and in the same time, they can also form communication clusters as cluster heads according to different application requirements. Internet of Things (IoT) becomes more and more popular and practical in recent years. Considering the diversity of the devices and the application scenarios, it is extremely hard to couple two devices or sub-networks with different communication and computation resources. In this thesis, we propose novel key agreement schemes based on (n,t,n) multi-secret sharing techniques for IoT in order to achieve light weighted key exchange while using Host Identity Protocol (HIP). We refer the new schemes as HIP-MEXs with different underlying multi-secret sharing techniques. We analyzed the computational and communication costs of the extremely resource constrained device which is referred to as Initiator, and CRT based HIP-MEX successfully outsource the heavy workload to the proxy, which are considered more powerful, when establishing new secret key.
67

En undersökning om end-to-end kryptering av SMS med hjälp av PKCS #1

Danielsson, Mikael January 2020 (has links)
In today’s society, especially after everything that was reported by Edward Snowden when he, during 2013, showed how USA’s NSA worked with global surveillance, there is a great need to keep communication secure. Se- cure both in such a way that the contents in messages are protected from unwanted parties as well as in such a way that messages’ authenticity can be verified. It’s just as important to know who one is communicating with as it is to know that no unauthorized person can read material not meant for them. We see more and more solutions like for instance Let’s Encrypt that offer free encryption for web traffic but when it actually comes to SMS traffic there aren’t as many effective options available. The purpose of this work is to develop a system to examine how one most effectively could treat SMS in a secure and authenticated fashion. The goal is to, contrary to many other solutions, not be dependent upon a third party but rather utilize the existing SMS protocol and to make sure that the con- tents is encrypted by use of public key cryptography. This leads to it being enough to use the application to be able to communicate securely as there would be no central server that could be closed down or in other ways af- fected to lessen the security of the communication. We also get a system that is much less dependent on mobile data and will thus become more flexible in areas where this can be costly or hard to reach. Beyond this a system for verification of external keys will be explored. Even if it, in case the user chooses to use it, will need access to mobile data, it could be a useful tool for authentication of communication with parties with whom one has not been in contact with before since they can publish their public key and then refer to it within the message. An example use case for this would be a gov- ernment needing to publish information to its citizens; then this key can be published on their web site so that anyone easily could verify it (the goal is to have this be done automatically during message retrieval). / I dagens samhälle, särskilt efter bland annat allt som rapporterades av Ed- ward Snowden när han under 2013 påvisade hur USAs NSA jobbade med global övervakning, är det av stor vikt av att kommunikation bör hållas säker. Säker både på så sätt att innehållet i meddelanden skyddas från oön- skade personer och på så sätt att meddelandens autenticitet kan styrkas. Det är minst lika viktigt att veta vem man kommunicerar med som att veta att ingen obehörig kan läsa material som inte är ämnat för dem. Vi ser fler och fler lösningar som till exempel Let’s Encrypt som erbjuder gratis kryptering av webbtrafik men när det gäller just SMS-trafik finns inte lika många och effektiva lösningar. Syftet med det här arbetet är att utveckla ett system för att undersöka hur man på bästa sätt skulle kunna behandla SMS på ett säkert och autentis- erat sätt. Målet är att, till skillnad mot många andra lösningar, inte vara beroende av en tredje part utan istället nyttja det befintliga SMS-protokollet men se till att innehållet är krypterat med hjälp av public key cryptography. Detta leder till att det räcker att använda applikationen för att kunna kom- municera säkert, det finns ingen central server som skulle kunna stängas ner eller på andra sätt påverkas för att försämra kommunikationens säker- het. Vi får också ett system som är mycket mindre beroende av mobildata och blir därför mer flexibelt i områden där dessa kan vara kostsamma eller svåråtkomliga. Utöver detta kommer ett system för extern autentisering av nycklar undersökas. Även om detta, om avsändaren väljer att utnyttja det, kommer att kräva tillgång till mobil datatrafik så skulle det vara ett nyttigt verktyg för att kunna autentisera kommunikation med personer som man aldrig tidigare varit kontakt med då dessa i så fall kan publicera sin nyckel online och sedan hänvisa till den i meddelandet. Exempel på användning för detta är om en myndighet behöver gå ut med information till medbor- garna; då kan denna nyckel publiceras på dess webbsida så att alla enkelt kan kontrollera den (målet är i så fall att detta skall ske automatiskt under hämtning av ett meddelande).
68

Secure Authenticated Key Exchange for Enhancing the Security of Routing Protocol for Low-Power and Lossy Networks

Alzahrani, Sarah Mohammed 26 May 2022 (has links)
No description available.
69

Efficient Privacy Preserving Key Management for Public Cloud Networks

Kathirvel, Anitha, Madan, Siddharth January 2014 (has links)
Most applications and documents are stored in a public cloud for storage and management purposes in a cloud computing environment. The major advantages of storing applications and documents in public cloud are lower cost through use of shared computing resources and no upfront infrastructure costs. However, in this case the management of data and other services is insecure. Therefore, security is a major problem in a public cloud as the cloud and the network are open to many other users. In order to provide security, it is necessary for data owners to store their data in the public cloud in a secure way and to use an appropriate access control scheme. Designing a computation and communication efficient key management scheme to selectively share documents based on fine-grained attribute-based access control policies in a public cloud is a challenging task. There are many existing approaches that encrypt documents prior to storage in the public cloud: These approaches use different keys and a public key cryptographic system to implement attribute-based encryption and/or proxy re-encryption. However, these approaches do not efficiently handle users joining and leaving the system when identity attributes and policies change. Moreover, these approaches require keeping multiple encrypted copies of the same documents, which has a high computational cost or incurs unnecessary storage costs. Therefore, this project focused on the design and development of an efficient key management scheme to allow the data owner to store data in a cloud service in a secure way. Additionally, the proposed approach enables cloud users to access the data stored in a cloud in a secure way. Many researchers have proposed key management schemes for wired and wireless networks. All of these existing key management schemes differ from the key management schemes proposed in this thesis. First, the key management scheme proposed in this thesis increases access level security. Second, the proposed key management scheme minimizes the computational complexity of the cloud users by performing only one mathematical operation to find the new group key that was computed earlier by the data owner. In addition, this proposed key management scheme is suitable for a cloud network. Third, the proposed key distribution and key management scheme utilizes privacy preserving methods, thus preserving the privacy of the user. Finally, a batch key updating algorithm (also called batch rekeying) has been proposed to reduce the number of rekeying operations required for performing batch leave or join operations. The key management scheme proposed in this thesis is designed to reduce the computation and communication complexity in all but a few cases, while increasing the security and privacy of the data. / De flesta program och dokument lagras i ett offentligt moln för lagring och hantering ändamål i en molnmiljö. De stora fördelarna med att lagra program och dokument i offentliga moln är lägre kostnad genom användning av delade datorresurser och ingen upfront infrastruktur costs.However, i detta fall hanteringen av data och andra tjänster är osäker. Därför är säkerhet ett stort problem i en offentlig moln som molnet och nätverket är öppna för många andra användare. För att ge trygghet, är det nödvändigt för dataägare att lagra sina data i det offentliga molnet på ett säkert sätt och att använda en lämplig åtkomstkontroll schema. Utforma en beräkning och kommunikation effektiv nyckelhantering system för att selektivt dela dokument som grundar sig på finkorniga attributbaserad åtkomstkontroll politik i en offentlig moln är en utmanande uppgift. Det finns många befintliga metoder som krypterar dokument före lagring i det offentliga molnet: Dessa metoder använder olika tangenter och en publik nyckel kryptografiskt system för att genomföra attributbaserad kryptering och / eller proxy re-kryptering. Dock har dessa metoder inte effektivt hantera användare som ansluter och lämnar systemet när identitetsattribut och politik förändras. Dessutom är dessa metoder kräver att hålla flera krypterade kopior av samma dokument, som har en hög beräkningskostnad eller ådrar sig onödiga lagringskostnader. Därför fokuserade projektet på design och utveckling av en effektiv nyckelhantering system för att möjliggöra dataägaren att lagra data i en molntjänst på ett säkert sätt. Dessutom, den föreslagna metoden gör det möjligt för molnanvändare att få tillgång till uppgifter lagras i ett cloud på ett säkert sätt. Många forskare har föreslagit viktiga förvaltningssystem för fasta och trådlösa nätverk. Alla dessa befintliga system ke, skiljer sig från de centrala förvaltningssystemen som föreslås i denna avhandling. Först föreslog nyckelhanteringssystemet i denna avhandling ökar Medverkan nivå säkerhet. För det andra, minimerar den föreslagna nyckelhanteringssystemet beräkningskomplexiteten för molnanvändare genom att utföra endast en matematisk operation för att hitta den nya gruppknapp som tidigare beräknades av dataägaren. Dessutom är denna föreslagna nyckelhanteringsschema lämpligt för ett moln nätverk. För det tredje, den föreslagna nyckeldistribution och nyckelhantering systemet utnyttjar integritets bevara metoder och därmed skydda privatlivet för användaren. Slutligen har ett parti viktig uppdatering algoritm (även kallad batch nya nycklar) föreslagits för att minska antalet Ny serieläggning av operationer som krävs för att utföra batch ledighet eller gå med i verksamheten. Nyckelhanteringssystemet som föreslås i denna avhandling är utformad för att minska beräknings-och kommunikations komplexitet i alla utom ett fåtal fall, och samtidigt öka säkerheten och integriteten av uppgifterna.
70

Performance evaluation of security mechanisms in Cloud Networks

Kannan, Anand January 2012 (has links)
Infrastructure as a Service (IaaS) is a cloud service provisioning model which largely focuses on data centre provisioning of computing and storage facilities. The networking aspects of IaaS beyond the data centre are a limiting factor preventing communication services that are sensitive to network characteristics from adopting this approach. Cloud networking is a new technology which integrates network provisioning with the existing cloud service provisioning models thereby completing the cloud computing picture by addressing the networking aspects. In cloud networking, shared network resources are virtualized, and provisioned to customers and end-users on-demand in an elastic fashion. This technology allows various kinds of optimization, e.g., reducing latency and network load. Further, this allows service providers to provision network performance guarantees as a part of their service offering. However, this new approach introduces new security challenges. Many of these security challenges are addressed in the CloNe security architecture. This thesis presents a set of potential techniques for securing different resource in a cloud network environment which are not addressed in the existing CloNe security architecture. The thesis begins with a holistic view of the Cloud networking, as described in the Scalable and Adaptive Internet Solutions (SAIL) project, along with its proposed architecture and security goals. This is followed by an overview of the problems that need to be solved and some of the different methods that can be applied to solve parts of the overall problem, specifically a comprehensive, tightly integrated, and multi-level security architecture, a key management algorithm to support the access control mechanism, and an intrusion detection mechanism. For each method or set of methods, the respective state of the art is presented. Additionally, experiments to understand the performance of these mechanisms are evaluated on a simple cloud network test bed. The proposed key management scheme uses a hierarchical key management approach that provides fast and secure key update when member join and member leave operations are carried out. Experiments show that the proposed key management scheme enhances the security and increases the availability and integrity. A newly proposed genetic algorithm based feature selection technique has been employed for effective feature selection. Fuzzy SVM has been used on the data set for effective classification. Experiments have shown that the proposed genetic based feature selection algorithm reduces the number of features and hence decreases the classification time, while improving detection accuracy of the fuzzy SVM classifier by minimizing the conflicting rules that may confuse the classifier. The main advantages of this intrusion detection system are the reduction in false positives and increased security. / Infrastructure as a Service (IaaS) är en Cloudtjänstmodell som huvudsakligen är inriktat på att tillhandahålla ett datacenter för behandling och lagring av data. Nätverksaspekterna av en cloudbaserad infrastruktur som en tjänst utanför datacentret utgör en begränsande faktor som förhindrar känsliga kommunikationstjänster från att anamma denna teknik. Cloudnätverk är en ny teknik som integrerar nätverkstillgång med befintliga cloudtjänstmodeller och därmed fullbordar föreställningen av cloud data genom att ta itu med nätverkaspekten.  I cloudnätverk virtualiseras delade nätverksresurser, de avsätts till kunder och slutanvändare vid efterfrågan på ett flexibelt sätt. Denna teknik tillåter olika typer av möjligheter, t.ex. att minska latens och belastningen på nätet. Vidare ger detta tjänsteleverantörer ett sätt att tillhandahålla garantier för nätverksprestandan som en del av deras tjänsteutbud. Men denna nya strategi introducerar nya säkerhetsutmaningar, exempelvis VM migration genom offentligt nätverk. Många av dessa säkerhetsutmaningar behandlas i CloNe’s Security Architecture. Denna rapport presenterar en rad av potentiella tekniker för att säkra olika resurser i en cloudbaserad nätverksmiljö som inte behandlas i den redan existerande CloNe Security Architecture. Rapporten inleds med en helhetssyn på cloudbaserad nätverk som beskrivs i Scalable and Adaptive Internet Solutions (SAIL)-projektet, tillsammans med dess föreslagna arkitektur och säkerhetsmål. Detta följs av en översikt över de problem som måste lösas och några av de olika metoder som kan tillämpas för att lösa delar av det övergripande problemet. Speciellt behandlas en omfattande och tätt integrerad multi-säkerhetsarkitektur, en nyckelhanteringsalgoritm som stödjer mekanismens åtkomstkontroll och en mekanism för intrångsdetektering. För varje metod eller för varje uppsättning av metoder, presenteras ståndpunkten för respektive teknik. Dessutom har experimenten för att förstå prestandan av dessa mekanismer utvärderats på testbädd av ett enkelt cloudnätverk. Den föreslagna nyckelhantering system använder en hierarkisk nyckelhantering strategi som ger snabb och säker viktig uppdatering när medlemmar ansluta sig till och medlemmarna lämnar utförs. Försöksresultat visar att den föreslagna nyckelhantering system ökar säkerheten och ökar tillgänglighet och integritet. En nyligen föreslagna genetisk algoritm baserad funktion valet teknik har använts för effektiv funktion val. Fuzzy SVM har använts på de uppgifter som för effektiv klassificering. Försök har visat att den föreslagna genetiska baserad funktion selekteringsalgoritmen minskar antalet funktioner och därmed minskar klassificering tiden, och samtidigt förbättra upptäckt noggrannhet fuzzy SVM klassificeraren genom att minimera de motstående regler som kan förvirra klassificeraren. De främsta fördelarna med detta intrångsdetekteringssystem är den minskning av falska positiva och ökad säkerhet.

Page generated in 0.0473 seconds