Secure Block Storage

Drennan, James

January 2011

No description available.

Computer Engineering

Secure Storage

Signing requests

Encryption

Securing the Public Cloud: Host-Obscure Computing with Secure Enclaves

Cain, Chandler Lee

12 January 2021

As the practice of renting remote computing resources from a cloud computing platform becomes increasingly popular, the security of such systems is a subject of continued scrutiny. This thesis explores the current state of cloud computing security along with critical components of the cloud computing model. It identifies the need to trust a third party with sensitive information as a substantial obstacle for cloud computing customers. It then proposes a new model, Host-Obscure Computing, for a cloud computing service using secure enclaves and encryption that allows a customer to execute code remotely without exposing sensitive information, including program flow control logic. It presents a proof of concept for a secure cloud computing service using confidential computing technology, cryptography, and an emulator that runs in a secure memory space. It then provides an analysis of its effectiveness at reducing data exposure and its performance impact. Finally, it analyzes this model's advantages and its potential impact on the cloud computing industry. / Master of Science / The use of public cloud computing services continues to rise as a solution to many of the problems associated with on-premises data centers. Customers who would otherwise move to the cloud have resisted this change for security reasons. This research investigates what these security barriers are. Then, it proposes a novel model for a cloud computing service, referred to as Host-Obscure Computing, that is designed to mitigate these issues. Specifically, it addresses the need of a customer to share their program code and working data with the cloud provider. It outlines the development of a prototype implementation of this model. It then presents an analysis of this new service model from both a performance and security perspective. Finally, it suggests how the adoption of a service model similar to Host-Obscure Computing could improve the state of the cloud computing industry.

Cloud computing

cybersecurity

encryption

secure enclaves

New Frameworks for Secure Image Communication in the Internet of Things (IoT)

Albalawi, Umar Abdalah S

08 1900

The continuous expansion of technology, broadband connectivity and the wide range of new devices in the IoT cause serious concerns regarding privacy and security. In addition, in the IoT a key challenge is the storage and management of massive data streams. For example, there is always the demand for acceptable size with the highest quality possible for images to meet the rapidly increasing number of multimedia applications. The effort in this dissertation contributes to the resolution of concerns related to the security and compression functions in image communications in the Internet of Thing (IoT), due to the fast of evolution of IoT. This dissertation proposes frameworks for a secure digital camera in the IoT. The objectives of this dissertation are twofold. On the one hand, the proposed framework architecture offers a double-layer of protection: encryption and watermarking that will address all issues related to security, privacy, and digital rights management (DRM) by applying a hardware architecture of the state-of-the-art image compression technique Better Portable Graphics (BPG), which achieves high compression ratio with small size. On the other hand, the proposed framework of SBPG is integrated with the Digital Camera. Thus, the proposed framework of SBPG integrated with SDC is suitable for high performance imaging in the IoT, such as Intelligent Traffic Surveillance (ITS) and Telemedicine. Due to power consumption, which has become a major concern in any portable application, a low-power design of SBPG is proposed to achieve an energy- efficient SBPG design. As the visual quality of the watermarked and compressed images improves with larger values of PSNR, the results show that the proposed SBPG substantially increases the quality of the watermarked compressed images. Higher value of PSNR also shows how robust the algorithm is to different types of attack. From the results obtained for the energy- efficient SBPG design, it can be observed that the power consumption is substantially reduced, up to 19%.

Secure Image Communication

Image Compression

IoT

Secure Wavelet-based Coding of Images, and Application to Privacy Protected Video Surveillance

Martin, Karl

16 February 2011

The protection of digital images and video from unauthorized access is important for a number of applications, including privacy protection in video surveillance and digital rights management for consumer applications. However, traditional cryptographic methods are not well suited to digital visual content. Applying standard encryption approaches to the entire content can require significant computational resources due to the large size of the data. Furthermore, digital images and video often need to be manipulated,such as by resizing or transcoding, which traditional encryption would hinder. A number of image and video-specific encryption approaches have been proposed in the literature, but many of the them have significant negative impact on the ability to compress the data, which is a necessary requirement of most imaging systems. In this work, a secure image coder, called Secure Set Partitioning in Hierarchical Trees (SecSPIHT), is proposed. It combines wavelet-based image coding (compression) with efficient encryption. The encryption is applied to a small number of selected bits in the code domain, to achieve complete confidentiality of all the content while having no negative impact on compression performance. The output of the system is a secure code that cannot be decrypted and decoded without the provision of a secret key. It has superior rate-distortion performance compared to JPEG and JPEG2000, and the bit-rate can be easily scaled via a simple truncation operation. The computational overhead of the encryption operation is very low, typically requiring less than 1% of the coded image data to be encrypted. A related secure object-based coding approach is also presented. Called Secure Shape and Texture Set Partitioning in Hierarchical Trees (SecST-SPIHT), it codes and encrypts arbitrarily-shaped visual objects. A privacy protection system for video surveillance is proposed, using SecST-SPIHT to protect private data, such as face and body images appearing in surveillance footage. During normal operation of the system, the private data objects are protected via SecST-SPIHT. If an incident occurs that requires access to the data (e.g., for investigation), a designated authority must release the key. This is superior to other methods of privacy protection which irreversibly blur or mask the private data.

wavelet

image coding

encryption

security

privacy

video coding

secure image coding

secure object coding

0544

Secure Wavelet-based Coding of Images, and Application to Privacy Protected Video Surveillance

Martin, Karl

16 February 2011

The protection of digital images and video from unauthorized access is important for a number of applications, including privacy protection in video surveillance and digital rights management for consumer applications. However, traditional cryptographic methods are not well suited to digital visual content. Applying standard encryption approaches to the entire content can require significant computational resources due to the large size of the data. Furthermore, digital images and video often need to be manipulated,such as by resizing or transcoding, which traditional encryption would hinder. A number of image and video-specific encryption approaches have been proposed in the literature, but many of the them have significant negative impact on the ability to compress the data, which is a necessary requirement of most imaging systems. In this work, a secure image coder, called Secure Set Partitioning in Hierarchical Trees (SecSPIHT), is proposed. It combines wavelet-based image coding (compression) with efficient encryption. The encryption is applied to a small number of selected bits in the code domain, to achieve complete confidentiality of all the content while having no negative impact on compression performance. The output of the system is a secure code that cannot be decrypted and decoded without the provision of a secret key. It has superior rate-distortion performance compared to JPEG and JPEG2000, and the bit-rate can be easily scaled via a simple truncation operation. The computational overhead of the encryption operation is very low, typically requiring less than 1% of the coded image data to be encrypted. A related secure object-based coding approach is also presented. Called Secure Shape and Texture Set Partitioning in Hierarchical Trees (SecST-SPIHT), it codes and encrypts arbitrarily-shaped visual objects. A privacy protection system for video surveillance is proposed, using SecST-SPIHT to protect private data, such as face and body images appearing in surveillance footage. During normal operation of the system, the private data objects are protected via SecST-SPIHT. If an incident occurs that requires access to the data (e.g., for investigation), a designated authority must release the key. This is superior to other methods of privacy protection which irreversibly blur or mask the private data.

wavelet

image coding

encryption

security

privacy

video coding

secure image coding

secure object coding

0544

Secure Key Establishment for Mobile Networks

Tin, Yiu Shing (Terry)

January 2005

Informal analysis of authenticated key establishment (ake) protocols was commonly accepted as the valid argument for their security in the past. Although it can provide some confidence in protocol correctness, experience has shown time and again that ake protocols are likely to contain flaws even after an informal analysis is completed. Therefore, it has become increasingly common to expect a formal analysis, and preferably a mathematical proof, of any published ake protocol in order to obtain increased confidence in its security. In this research we use an appropriate model for analysing ake protocols based on its features and properties. The model allows us to design ake protocols modularly and reuse existing protocol components. We provide a detailed description of its formalisation, operations and usage. This description also includes ways of extracting new protocol components from existing ake protocols. Following the description of the model, we propose a new unauthenticated key establishment protocol for two-party communications. By composing this protocol with authentication protocols, we can construct several new secure ake protocols. These new protocols are compared with existing protocols for their computational efficiency. The comparison shows that our new proven secure protocols are as efficient as the existing protocols with an informal security analysis. We then propose a three-party key establishment protocol which involves a trusted server and two users. We also propose a non-interactive authentication protocol and discuss it and a variant of it. These components are used to construct a secure three-party ake protocol that supports a privacy framework. This framework allows users to remain anonymous while conducting electronic transactions with an independent service provider. A new password-based authentication protocol is proposed to address the problem of authentication using passwords. This protocol carries a proof of security and satisfies a slightly relaxed definition of security. We demonstrate its application by composing it with existing key establishment protocols. To maximise its use, we modified a two-party key establishment protocol to become three-party server based. By using the server for authentication, two users within a common network domain can establish a secure session key. Only a small number of ake protocols are demonstrated in this thesis. There exist many more provably secure ake protocols that can be constructed using the protocol components presented by applying the approach of "mix and match". That is, each new component results in a number of new ake protocols depending on the number of existing components.

Provable security

modular approach

Canetti-Krawczyk model

secure protocol

secure protocol design

mobile key establishment

Evaluation and Implementation for Pushing Automatic Updates to IoT Devices

Min, Menglei

January 2017

In recent years, Internet of Things has developed rapidly, and now has penetrated into human life and industrial production. It is speculated that the internet of things will become ubiquitous in the future, which will bring a series of problems. First, the large number of things will lead to operated system and software updates consuming a lot of manpower and resources. Another problem is the Internet of things facing security issues, in recent years for the means of Internet of things and tools have been increasing largely. Therefore, to achieve a secure automatic update on the Internet of Things is essential. This report will follow such an automatic update system based on Internet of things to expand. First it elaborated on the main motive of this problem, found three existing related works and three security methods for communication to analyze. Then combined results of analysis, put forward own a secure automatic update solution: manager and devices connect and mutual authentication in real time, at the same time, the manager will regularly check the database to see if there is new version application. When the administrator uploads a new version, the manager will download the version and then sends to all devices, then device installs and finally restart itself. Next, the report described how to implement this system in detail and evaluated it. In the end, this report summarized and introduces the future work.

Automatic update

Internet of things

Digital signature

Secure sockets layer communication

Secure hash algorithm

Software Engineering

Programvaruteknik

Realizing Homomorphic Secure Protocols through Cross-Layer Design Techniques / クロスレイヤ設計による準同型暗号プロトコルの実現

Bian, Song

23 May 2019

京都大学 / 0048 / 新制・課程博士 / 博士(情報学) / 甲第21975号 / 情博第703号 / 新制||情||121(附属図書館) / 京都大学大学院情報学研究科通信情報システム専攻 / (主査)教授 佐藤 高史, 教授 小野寺 秀俊, 教授 岡部 寿男 / 学位規則第4条第1項該当 / Doctor of Informatics / Kyoto University / DFAM

Homomorphic encryption

Approximate computing

Secure Email Filter

Secure Inference

007

Cybersäkerhet på väg : Säker mjukvaruutveckling i fordonsindustrin

Alfredsson, Anders

January 2023

Moderna vägfordon är i högre grad än tidigare styrda av mjukvara, och det är även vanligt att de har någon form av internetuppkoppling. För att fordonen ska kunna uppfylla de säkerhetskrav som ställs är det därför viktigt att mjukvaran är utvecklad på ett säkert sätt och under säkra former. Denna fallstudie undersöker med hjälp av strukturerade intervjuer hur några personer som arbetar med mjukvaruutveckling inom fordonsindustrin beskriver arbetet med säkerhet i utvecklingsprocessen. Resultatet visar att det finns en rad olika rutiner och riktlinjer som syftar till att skapa en säker produkt ur ett cybersäkerhetsperspektiv, men att det finns en tendens bland vissa utvecklare att förlita sig på processer och rutiner när det gäller att skapa en säker mjukvara.

secure software

secure development

säker mjukvara

säker utveckling

Computer Systems

Datorsystem

Secure Browser-Based Instant Messaging

Robison, Christopher Douglas

22 September 2012

Instant messaging is a popular form of communication over the Internet. Statistics show that instant messaging has overtaken email in popularity. Traditionally, instant messaging has consisted of a desktop client communicating with other clients via an instant messaging service provider. However, instant messaging solutions are starting to become available in the web browser–services like Google Talk, Live Messenger and Facebook. Despite the work done by researchers to secure instant messaging networks, little work has been done to secure instant messaging in the browser. We present secure browser-based instant messaging overlays as a means to enable convenient, secure communication in existing browser-based instant messaging interfaces. Additionally, we present a prototype implementation of the secure messaging overlays and the results of two user studies--the first study focusing on user interest in secure chat and the second being a usability study of the prototype.

secure instant messaging

secure chat

Facebook Chat

Private Facebook Chat

Computer Sciences