Studies on vegetation-, fire-, climate- and human history in the mid- to late Holocene - a contribution to protection and management of the forest-steppe-biome in the Mongolian Altai

Unkelbach, Julia

23 September 2019

No description available.

570

Mongolia

vegetation history

climate history

human activity

nature conservation

forest-steppe-ecosystem

multi-proxy-approach

Biologie (PPN619462639)

IP Multimedia Subsystem / IP Multimedia Subsystem

Bendíček, Martin

January 2008

This Master’s thesis deals with IMS architecture problems. This thesis describes its creation and progress, also structure of this architecture is mentioned. Text of this thesis describes function of the most important parts of the architecture, such as Proxy-CSCF, Interrogating-CSCF, Serving-CSCF and HSS. IMS architecture uses SIP protocol for establishment, maintenance and closing session and Diameter protocol for network management functions. That is why this thesis also describes characteristics of these two protocols. Next part of the thesis is focused on Open-source platform Open IMS Core and its installation. Open IMS Core platform was developed for testing IMS technologies within an internal project at the Fraunhofer Institute FOKUS in Berlin. Nowadays it is used by major part of vendors and providers for testing their products and services. As a main theme of this thesis, there was made a simple network, which consists of three users. This network is established on fundamentals of IMS and it was made in Open IMS Core. So in one chapter is outlined a process of its creation. There is described a process of adding a user list to database server HSS. In the next part there are mentioned some information about setup of virtual IMS terminal. Eventually there are shown some possibilities of how to catch traffic in the network. In this chapter there are also state diagrams, which describe a process of registration of IMS terminal and also a process of establishment, maintenance and closing session.

PKI based Encryption for Document Sharing, Optimized Storage, and Proof of Existence in the Cloud

Ratnayake, Yohan

January 2015

No description available.

Certificates

CA

Security Architecture

proxy server

CA server

CSP

Bitcoin block chain

cryptographic digest

proof of existence

digital notary service

timestamp

Amélioration des adresses CGA et du protocole SEND pour un meilleur support de la mobilité et de nouveaux services de sécurité / Improving CGA addresses and the SEND protocol for a better mobility support and new security services

Cheneau, Tony

07 January 2011

A l'origine conçus pour protéger le protocole de Découverte de Voisins (Neighbor Discovery Protocol, NDP) en IPv6, les adresses générées de manière cryptographique (Cryptographically Generated Addresses, CGA) et le protocole SEND (Secure Neighbor Discovery) doivent maintenant s'adapter au contexte de mobilité et à ses nouvelles fonctionnalités. Cette mobilité revêt de nombreuses formes : mobilité du noeud (Mobile IPv6, MIPv6), mobilité des routeurs (Network Mobility, NEMO) ou encore mobilité gérée par le réseau (Proxy Mobile IPv6). De nombreux changements doivent être opérés dans le protocole SEND : les opérations cryptographiques doivent être allégées pour les terminaux à faible capacité de calcul, les incompatibilités entre le partage d'adresse dans les protocoles de mobilité et le mécanisme de protection d'adresses de SEND doivent être corrigés, etc. Dans une première partie de cette thèse, nous présentons le protocole de Découverte de Voisins, les adresses CGA et le protocole de sécurité SEND. Nous étudions leurs limitations et, afin d'améliorer les performances, nous proposons l'utilisation de la cryptographie basée sur les courbes elliptiques (ECC). À travers une série de tests, nous mesurons l'impact de notre proposition. Par la suite, nous modifions les spécifications du protocole SEND afin de supporter de nouveaux algorithmes crytpographiques. Dans une deuxième partie, nous résolvons les incompatibilités entre le protocole SEND et les protocoles de mobilité (par ex. MIPv6) et entre le protocole SEND et les adresses anycast. Dans une dernière partie, nous présentons plusieurs contributions basées sur une utilisation dérivée des adresses CGA et du protocole SEND. / Originally designed to protect the Neighbor Discovery Protocol (NDP) (part of the IPv6 protocol suite), the Cryptographically Generated Addresses (CGA) and the Secure Neighbor Discovery (SEND) now need to be adapted to the context of Mobility and extended to new functionalities. The term "Mobility" encompasses many aspects, among them : node mobility (Mobile IPv6, MIPv6), router mobility (Network Mobility, NEMO) and network-based mobility management (Proxy Mobile IPv6, PMIPv6). Numerous changes need to be operated on the SEND protocol in order to comply with the Mobility : the cryptographic operations need to be adapted to operate on low power mobile nodes, the incompatibilities between the address sharing model of the mobile protocol and the address protections offered by SEND need to be fixed, etc. Firstly, we present the Neighbor Discovery protocol, the CGA addresses and the SEND protocol. We study their limitations, and, in order to improve their performances, we propose to replace the signature algorithm used in SEND (RSA) by the elliptic curves cryptography (ECC). We then evaluate the performances of our proposal. Subsequently, we modify the SEND protocol to include a signature algorithm selection mechanism. Secondly, we solve incompatilities between the SEND protocol and the mobility protocols (e.g. MIPv6) and between the SEND protocol and the anycast addresses. Finally, we present our contributions containing a derivate use of the CGA addresses and the SEND protocol.

IPv6

Mobilité

MIPv6

Etude de performance

Neighbor discovery protocol

Cryptographically generated addresses

Proxy neighbor discovery

Integration of Attribute-Based Encryption and IoT: An IoT Security Architecture

Elbanna, Ziyad

January 2023

Services relying on internet of things (IoTs) are increasing day by day. IoT makes use of internet services like network connectivity and computing capability to transform everyday objects into smart things that can interact with users, and the environment to achieve a purpose they are designed for. IoT nodes are memory, and energy constrained devices that acquire information from the surrounding environment, those nodes cannot handle complex data processing and heavy security tasks alone, thus, in most cases a framework is required for processing, storing, and securing data. The framework can be cloud-based, a publish/subscribe broker, or edge computing based. As services relying on IoT are increasing enormously nowadays, data security and privacy are becoming concerns. Security concerns arise from the fact that most IoT data are stored unencrypted on untrusted third-party clouds, which results in many issues like data theft, data manipulation, and unauthorized disclosure. While some of the solutions provide frameworks that store data in encrypted forms, coarse-grained encryption provides less specific access policies to the users accessing data. A more secure control method applies fine-grained access control, and is known as attribute-based encryption (ABE). This research aims to enhance the privacy and the security of the data stored in an IoT middleware named network smart objects (NOS) and extend its functionality by proposing a new IoT security architecture using an efficient ABE scheme known as key-policy attribute-based encryption (KP-ABE) along with an efficient key revocation mechanism based on proxy re-encryption (PRE). Design science research (DSR) was used to facilitate the solution. To establish the knowledge base, a previous case study was reviewed to explicate the problem and the requirements to the artefact were elicited from research documents. The artefact was designed and then demonstrated in a practical experiment by means of Ubuntu operating system (OS). Finally, the artefact’s requirements were evaluated by applying a computer simulation on the Ubuntu OS. The result of the research is a model artefact of an IoT security architecture which is based on ABE. The model prescribes the components and the architectural structure of the IoT system. The IoT system consists of four entities: data producers, data consumers, NOS, and the TA. The model prescribes the new components needed to implement KP-ABE and PRE modules. First, data is transferred from data producers to NOS through secure hypertext transfer protocol (HTTPS), then the data is periodically processed and analyzed to obtain a uniform representation and add useful metadata regarding security, privacy, and data-quality. After that, the data is encrypted by KP-ABE using users’ attributes. PRE takes place when a decryption key is compromised, then the ciphertext is re-encrypted to prevent it’s disclosure. The evaluation results show that the proposed model improved the data retrieval time of the previous middleware by 32% and the re-encryption time by 87%. Finally, the author discusses the limitations of the proposed model and highlights directions for future research.

Internet of things

Attribute based encryption

Fine-grained access control

Key revocation

Proxy re-encryption

Computer Sciences

Datavetenskap (datalogi)

Testing Resilience of Envoy Service Proxy with Microservices

Dattatreya Nadig, Nikhil

January 2019

Large scale internet services are increasingly implemented as distributed systems to achieve availability, fault tolerance and scalability. To achieve fault tolerance, microservices need to employ different resilience mechanisms such as automatic retries, rate limiting, circuit breaking amongst others to make the services handle failures gracefully and cause minimum damage to the performance of the overall system. These features are provided by service proxies such as Envoy which is deployed as a sidecar (sidecar proxy is an application design pattern which abstracts certain features, such as inter-service communications, monitoring and security, away from the main architecture to ease the tracking and maintenance of the application as a whole), the service proxies are very new developments and are constantly evolving. Evaluating their presence in a system to see if they add latency to the system and understand the advantages provided is crucial in determining their fit in a large scale system.Using an experimental approach, the services are load tested with and without the sidecar proxies in different configurations to determine if the usage of Envoy added latency and if its advantages overshadow its disadvantages. The Envoy sidecar proxy adds latency to the system; however, the benefits it brings in terms of resilience, make the services perform better when there is a high number of failures in the system. / Storskaliga internettjänster implementeras alltmer som distribuerade system för att uppnå tillgänglighet, feltolerans och skalbarhet. För att uppnå feltolerans måste microservices använda olika typer av resiliens mekanismer som automatisk återförsök, hastighetsbegränsning, kretsbrytning bland annat som tillåter tjänsterna att hantera misslyckanden graciöst och orsaka minimala skador på prestandan hos det övergripande systemet. Dessa funktioner tillhandahålls av service proxies som Envoy. Dessa proxies används som sidovagn (sidvagnproxy är ett applikationsdesignmönster som abstraherar vissa funktioner, såsom kommunikation mellan kommunikationstjänster, övervakning och säkerhet, bort från huvudarkitekturen för att underlätta spårningen och underhåll av ansökan som helhet). Dessa tjänster är väldigt nya och utvecklas ständigt. Att utvärdera deras närvaro i ett system för att se om de lägger till latens för systemet och förstå fördelarna som tillhandahålls är avgörande för att bestämma hur väl de skulle passa i ett storskaligt system. Med hjälp av ett experimentellt tillvägagångssätt testas tjänsterna med och utan sidospårproxys i olika konfigurationer för att avgöra om användningen av Envoy lägger till latens och om dess fördelar överskuggar dess nackdelar. Envoy sidecar proxy ökar latensen i systemet; De fördelar som det ger med avseende på resiliens gör tjänsterna bättre när det finns ett stort antal misslyckanden i systemet.

Service Proxy

Distributed Systems

Resilience Patterns

Automatic Retries

Rate Limiting

Circuit Breakers

Computer and Information Sciences

Data- och informationsvetenskap

Internal and External Causes of The Yemeni Civil War Grounded On The Critical Review of the Conflict and Proxy War Theories

Abu Khaled, Dana

January 2022

The current study targeted the current issue of the Yemeni crisis and activity of the Houthi movement from the point of its internal and external causes. The activity of the extremist groups on the territory of Yemen creates significant national security risks for most of countries of the Arabian Peninsula. In these conditions, it was important to analyze the problem in detail to comprehend and envision future possible resolutions. To analyze the issue under discussion, the paper utilized the conflict and proxy war theories in the international relations (IR) sphere.  In addition, qualitative data was collected and transformed into quantitative materials using quantitative content and discourse analysis methods. The critical analysis of the selected theories led to the recognition of the key theoretical concepts applicable for the study of the Yemeni case. The methodology was applied to review the official speeches of the national leaders of the following countries and organizations: the UAE, the United States, and Hezbollah. Based on the study findings, the paper determined interests of each potential side and proposed a potential strategy to effectively minimize the security risks caused by the movement.

Yemen

civil conflict

conflict theory

proxy conflict

quantitative content analysis

Övrig annan samhällsvetenskap

Integrated Mobility and Service Management for Future All-IP Based Wireless Networks

He, Weiping

24 April 2009

Mobility management addresses the issues of how to track and locate a mobile node (MN) efficiently. Service management addresses the issues of how to efficiently deliver services to MNs. This dissertation aims to design and analyze integrated mobility and service management schemes for future all-IP based wireless systems. We propose and analyze per-user regional registration schemes extending from Mobile IP Regional Registration and Hierarchical Mobile IPv6 for integrated mobility and service management with the goal to minimize the network signaling and packet delivery cost in future all-IP based wireless networks. If access routers in future all-IP based wireless networks are restricted to perform network layer functions only, we investigate the design of intelligent routers, called dynamic mobility anchor points (DMAPs), to implement per-user regional management in IP wireless networks. These DMAPs are access routers (ARs) chosen by individual MNs to act as regional routers to reduce the signaling overhead for intra-regional movements. The DMAP domain size is based on a MN's mobility and service characteristics. A MN optimally determines when and where to launch a DMAP to minimize the network cost in serving the user's mobility and service management operations. We show that there exists an optimal DMAP domain size for each individual MN. We also demonstrate that the DMAP design can easily support failure recovery because of the flexibility of allowing a MN to choose any AR to be the DMAP for mobility and service management. If access routers are powerful and flexible in future all-IP based networks to perform network-layer and application-layer functions, we propose the use of per-user proxies that can run on access routers. The user proxies can carry service context information such as cached data items and Web processing objects, and perform context-aware functions such as content adaptation for services engaged by the MN to help application executions. We investigate a proxy-based integrated mobility and service management architecture (IMSA) under which a client-side proxy is created on a per-user basis to serve as a gateway between a MN and all services engaged by the MN. Leveraging Mobile IP with route optimization, the proxy runs on an access router and cooperates with the home agent and foreign agent of the MN to maintain the location information of the MN to facilitate data delivery by services engaged by the MN. Further, the proxy optimally determines when to move with the MN so as to minimize the network cost associated with the user's mobility and service management operations. Finally we investigate a proxy-based integrated cache consistency and mobility management scheme called PICMM to support client-server query-based mobile applications, to improve query performance, the MN stores frequently used data in its cache. The MN's proxy receives invalidation reports or updated data objects from application servers, i.e., corresponding nodes (Cans) for cached data objects stored in the MN. If the MN is connected, the proxy will forward invalidation reports or fresh data objects to the MN. If the MN is disconnected, the proxy will store the invalidation reports or fresh data objects, and, once the MN is reconnected, the proxy will forward the latest cache invalidation report or data objects to the MN. We show that there is an optimal ``service area'' under which the overall cost due to query processing, cache consistency management and mobility management is minimized. To further reduce network traffic, we develop a threshold-based hybrid cache consistency management policy such that whenever a data object is updated at the server, the server sends an invalidation report to the MN through the proxy to invalidate the cached data object only if the size of the data object exceeds the given threshold. Otherwise, the server sends a fresh copy of the data object through the proxy to the MN. We identify the best ``threshold'' value that would minimize the overall network cost. We develop mathematical models to analyze performance characteristics of DMAP, IMSA and PICMM developed in the dissertation research and demonstrate that they outperform existing schemes that do not consider integrated mobility and service management or that use static regional routers to serve all MNs in the system. The analytical results obtained are validated through extensive simulation. We conclude that integrated mobility and service management can greatly reduce the overall network cost for mobile multimedia and database applications, especially when the application's data service rate is high compared with the MN's mobility rate. / Ph. D.

data consistency

performance analysis

Optimization

Mobile IP

Petri net.

regional registration

network protocol

proxy

Toward Privacy-Preserving and Secure Dynamic Spectrum Access

Dou, Yanzhi

19 January 2018

Dynamic spectrum access (DSA) technique has been widely accepted as a crucial solution to mitigate the potential spectrum scarcity problem. Spectrum sharing between the government incumbents and commercial wireless broadband operators/users is one of the key forms of DSA. Two categories of spectrum management methods for shared use between incumbent users (IUs) and secondary users (SUs) have been proposed, i.e., the server-driven method and the sensing-based method. The server-driven method employs a central server to allocate spectrum resources while considering incumbent protection. The central server has access to the detailed IU operating information, and based on some accurate radio propagation model, it is able to allocate spectrum following a particular access enforcement method. Two types of access enforcement methods -- exclusion zone and protection zone -- have been adopted for server-driven DSA systems in the current literature. The sensing-based method is based on recent advances in cognitive radio (CR) technology. A CR can dynamically identify white spaces through various incumbent detection techniques and reconfigure its radio parameters in response to changes of spectrum availability. The focus of this dissertation is to address critical privacy and security issues in the existing DSA systems that may severely hinder the progress of DSA's deployment in the real world. Firstly, we identify serious threats to users' privacy in existing server-driven DSA designs and propose a privacy-preserving design named P²-SAS to address the issue. P²-SAS realizes the complex spectrum allocation process of protection-zone-based DSA in a privacy-preserving way through Homomorphic Encryption (HE), so that none of the IU or SU operation data would be exposed to any snooping party, including the central server itself. Secondly, we develop a privacy-preserving design named IP-SAS for the exclusion-zone- based server-driven DSA system. We extend the basic design that only considers semi- honest adversaries to include malicious adversaries in order to defend the more practical and complex attack scenarios that can happen in the real world. Thirdly, we redesign our privacy-preserving SAS systems entirely to remove the somewhat- trusted third party (TTP) named Key Distributor, which in essence provides a weak proxy re-encryption online service in P²-SAS and IP-SAS. Instead, in this new system, RE-SAS, we leverage a new crypto system that supports both a strong proxy re-encryption notion and MPC to realize privacy-preserving spectrum allocation. The advantages of RE-SAS are that it can prevent single point of vulnerability due to TTP and also increase SAS's service performance dramatically. Finally, we identify the potentially crucial threat of compromised CR devices to the ambient wireless infrastructures and propose a scalable and accurate zero-day malware detection system called GuardCR to enhance CR network security at the device level. GuardCR leverages a host-based anomaly detection technique driven by machine learning, which makes it autonomous in malicious behavior recognition. We boost the performance of GuardCR in terms of accuracy and efficiency by integrating proper domain knowledge of CR software. / Ph. D. / With the rapid development of wireless technologies in recent years, wireless spectrum which all the wireless communication signals travel over is becoming the bottleneck of the fast growing wireless market. The spectrum scarcity problem is largely due to the current spectrum allocation scheme. Some spectrum bands, like the cellular bands, are overly crowded, while some government-held spectrum bands are used inadequately. By allowing users from the crowded spectrum bands to dynamically access to those less frequently used spectrum bands, the spectrum scarcity problem can be significantly alleviated. However, there are two critical issues that hinder the application of dynamic spectrum access in the real world: privacy and security. For privacy, in order to determine when, where, and how the spectrum can be reused, users need to bear the risk of sharing their sensitive operation data. This is especially frustrating for governmental and military parties whose operation data is highly classified. We solve the privacy problem by designing a privacy-preserving dynamic spectrum access system. The system is based on secure multi-party computation, which keeps users’ input operation data private when performing spectrum allocation computation over those inputs. The system achieves 128-bit industry-level security strength, and it is also computation and memory efficient for real-world deployment. For security, dynamic spectrum access requires radio devices to contain many software components so that the radio devices can be dynamically programmed to access different spectrum bands. However, the software also exposes the radio devices to the risk of malware infection. We develop a malware detection system to capture the anomalous behaviors in radio software executions. By adopting advanced machine learning techniques, our system is even able to detect first-seen malware.

Dynamic spectrum access

Cognitive radio networks

Privacy-preserving system

Malware detection

Machine learning

Homomorphic encryption

Proxy re-encryption

Inter- and intra-specimen variability masks reliable temperature control on shell Mg/Ca ratios in laboratory and field cultured Mytilus edulis and Pecten maximus (bivalvia).

Freitas, P.S., Clarke, Leon J., Kennedy, H.A., Richardson, C.A.

January 2008

Yes / The Mg/Ca ratios of biogenic calcite is commonly seen as a valuable palaeo-proxy for reconstructing past ocean temperatures. The temperature dependence of Mg/Ca ratios in bivalve calcite has been the subject of contradictory observations. The palaeoceanographic use of a geochemical proxy is dependent on initial, rigorous calibration and validation of relationships between the proxy and the ambient environmental variable to be reconstructed. Shell Mg/Ca ratio data are reported for the calcite of two bivalve species, Mytilus edulis (common mussel) and Pecten maximus (king scallop), which were grown in laboratory culturing experiments at controlled and constant aquarium seawater temperatures over a range from 10 to 20 C. Furthermore, Mg/Ca ratio data of laboratory- and fieldgrown M. edulis specimens were compared. Only a weak, albeit significant, shell Mg/Ca ratio¿temperature relationship was observed in the two bivalve species: M. edulis (r2=0.37, p<0.001 for laboratory-cultured specimens and r2=0.50, p<0.001 for field-cultured specimens) and P. maximus (r2=0.21, p<0.001 for laboratory-cultured specimens only). In the two species, shell Mg/Ca ratios were not found to be controlled by shell growth rate or salinity. The Mg/Ca ratios in the shells exhibited a large degree of variability among and within species and individuals. The results suggest that the use of bivalve calcite Mg/Ca ratios as a temperature proxy is limited, at least in the species studied to date. Such limitations are most likely due to the presence of physiological effects on Mg incorporation in bivalve calcite. The utilization is further limited by the great variability both within and among shells of the same species that were precipitated under the same ambient conditions

Pecten maximus

Mytilus edulis

Cultured

Bivalve species

Biogenic calcite

Ocean temperatures

past

Shell Mg/Ca ratio

Palaeo-proxy