Spelling suggestions: "subject:"[een] SECURE"" "subject:"[enn] SECURE""
71 |
Towards practical fully homomorphic encryptionAlperin-Sheriff, Jacob 21 September 2015 (has links)
Fully homomorphic encryption (FHE) allows for computation of arbitrary func- tions on encrypted data by a third party, while keeping the contents of the encrypted data secure. This area of research has exploded in recent years following Gentry’s seminal work. However, the early realizations of FHE, while very interesting from a theoretical and proof-of-concept perspective, are unfortunately far too inefficient to provide any use in practice.
The bootstrapping step is the main bottleneck in current FHE schemes. This step refreshes the noise level present in the ciphertexts by homomorphically evaluating the scheme’s decryption function over encryptions of the secret key. Bootstrapping is necessary in all known FHE schemes in order to allow an unlimited amount of computation, as without bootstrapping, the noise in the ciphertexts eventually grows to a point where decryption is no longer guaranteed to be correct.
In this work, we present two new bootstrapping algorithms for FHE schemes. The first works on packed ciphertexts, which encrypt many bits at a time, while the second works on unpacked ciphertexts, which encrypt a single bit at a time. Our algorithms lie at the heart of the fastest currently existing implementations of fully homomorphic encryption for packed ciphertexts and for single-bit encryptions, respectively, running hundreds of times as fast for practical parameters as the previous best implementations.
|
72 |
An Investigation of Using Machine Learning with Distribution Based Flow Features for Classifying SSL Encrypted Network TrafficArndt, Daniel Joseph 13 August 2012 (has links)
Encrypted protocols, such as Secure Socket Layer (SSL), are becoming more prevalent because of the growing use of e-commerce, anonymity services, gaming and Peer-to-Peer (P2P) applications such as Skype and Gtalk. The objective of this work is two-fold. First, an investigation is provided into the identification of web browsing behaviour in SSL tunnels. To this end, C5.0, naive Bayesian, AdaBoost and Genetic Programming learning models are evaluated under training and test conditions from a network traffic capture. In these experiments flow based features are employed without using Internet Protocol
(IP) addresses, source/destination ports or payload information. Results indicate that it is possible to identify web browsing behaviour in SSL encrypted tunnels. Test performance of ~95% detection rate and ~2% false positive rate is achieved with a C5.0 model for
identifying SSL. ~98% detection rate and ~3% false positive rate is achieved with an AdaBoost model for identifying web browsing within these tunnels. Second, the identifying characteristics of SSL traffic are investigated, whereby a new tool is
introduced to generate new flow statistics that focus on presenting the features in a unique way, using bins to represent distributions of measurements. These new features are tested using the best performers from previous experiments, C5.0 and AdaBoost, and increase detection rates by up to 32.40%, and lower false positive rates by as much as 54.73% on data sets that contain traffic from a different network than the training set was captured on. Furthermore, the new feature set out-preforms the old feature set in every case.
|
73 |
SD Storage Array: Development and Characterization of a Many-device Storage ArchitectureKatsuno, Ian 29 November 2013 (has links)
Transactional workloads have storage request streams consisting of many small, independent, random requests. Flash memory is well suited to these types of access patterns, but is not always cost-effective. This thesis presents a novel storage architecture called the SD Storage Array (SDSA), which adopts a many-device approach. It utilizes many flash storage devices in the form of an array of Secure Digital (SD) cards. This approach leverages the commodity status of SD cards to pursue a cost-effective means of providing the high throughput that transactional workloads require. Characterization of a prototype revealed that when the request stream was 512B randomly addressed reads, the SDSA provided 1.5 times the I/O operations per second (IOPS) of a top-of-the-line solid state drive, provided there were at least eight requests in-flight. A scale-out simulation showed the IOPS should scale with the size of the array, provided there are no upstream bottlenecks.
|
74 |
SD Storage Array: Development and Characterization of a Many-device Storage ArchitectureKatsuno, Ian 29 November 2013 (has links)
Transactional workloads have storage request streams consisting of many small, independent, random requests. Flash memory is well suited to these types of access patterns, but is not always cost-effective. This thesis presents a novel storage architecture called the SD Storage Array (SDSA), which adopts a many-device approach. It utilizes many flash storage devices in the form of an array of Secure Digital (SD) cards. This approach leverages the commodity status of SD cards to pursue a cost-effective means of providing the high throughput that transactional workloads require. Characterization of a prototype revealed that when the request stream was 512B randomly addressed reads, the SDSA provided 1.5 times the I/O operations per second (IOPS) of a top-of-the-line solid state drive, provided there were at least eight requests in-flight. A scale-out simulation showed the IOPS should scale with the size of the array, provided there are no upstream bottlenecks.
|
75 |
A Secure Gateway Localization and Communication System for Vehicular Ad Hoc NetworksWang, Yan 22 April 2013 (has links)
Intelligent Transport System (ITS) has become a hot research topic over the past decades. ITS is a system that applies the following technologies to the whole transportation management system efficiently, including information technique, wireless communication, sensor networks, control technique, and computer engineering. ITS provides an accurate, real time and synthetically efficient transportation management system. Obviously, Vehicular Ad Hoc NETworks (VANETs) attract growing attention from both the research community and industry all over the world. This is because a large amount of applications are enabled by VANETs, such as safety related applications, traffic management, commercial applications and general applications. When connecting to the internet or communicating with different networks in order to access a variety of services using VANETs, drivers and passengers in different cars need to be able to exchange messages with gateways from their vehicles. A secure gateway discovery process is therefore critical, because vehicles should not be subject to security attacks while they are communicating; however, currently there is no existing protocol focusing on secure gateway discovery.
In this thesis, we first analyze and compare current existing secure service discovery protocols and then we propose a Secure Gateway Localization and Communication System for Vehicular Ad Hoc Networks (SEGAL), which concentrates on the security issue in gateway discovery. We focus on the authentication aspect by proposing secure cluster based VANETs, that can ensure the gateway discovery messages exchanged through secure clusters. We present the principle and specific process of our SEGAL protocol and analyze its performance to guarantee its outstanding practical applicability.
|
76 |
Secure paired domination in graphsKang, Jian 31 August 2010 (has links)
This thesis introduces a new strategy of defending the vertices of a graph - secure
paired domination, where guards are required to be paired and, when a vertex is
attacked, one or two guards move to defend the attacked vertex, while keeping the
graph dominated and the guards paired after the move. We propose nine possible
definitions of secure paired domination, compare and contrast each with the others,
and obtain properties and inequalities of the secure paired domination (SPD) numbers associated with the definitions. Based on each of the nine definitions, the SPD numbers of five types of special graphs, namely paths, cycles, spiders, ladders and grid graphs, are studied.
We then compare the SPD number of an arbitrary isolate-free graph to various
other parameters such as clique partition number, independence number, vertex-
covering number, secure domination number and paired domination number. We
establish that, for any graph without isolated vertices, its SPD number does not
exceed twice the value of any of its other parameters mentioned above. Also, we give classes of trees for which some of the bounds are achieved. As conclusion, some open problems and directions for further studies regarding secure paired domination are listed.
|
77 |
DSFS: a data storage facilitating service for maximizing security, availability, performance, and customizabilityBilbray, Kyle 12 January 2015 (has links)
The objective of this thesis is to study methods for the flexible and secure storage of sensitive
data in an unaltered cloud. While current cloud storage providers make guarantees
on the availability and security of data once it enters their domain, clients are not given
any options for customization. All availability and security measures, along with any
resulting performance hits, are applied to all requests, regardless of the data's sensitivity or client's wishes. In addition, once a client's data enters the cloud, it becomes vulnerable to different types of attacks. Other cloud users may access or disrupt the availability of their peers' data, and cloud providers cannot protect from themselves in the event of a malicious administrator or government directive. Current solutions use combinations of known encoding schemes and encryption techniques to provide confidentiality from peers and sometimes the cloud service provider, but its an all-or-nothing model. A client either uses the security methods of their system, or does not, regardless of whether the client's data needs more or less protection and availability. Our approach, referred to as the Data Storage Facilitating Service (DSFS), involves providing a basic set of proven protection schemes with configurable parameters that encode
input data into a number of fragments and intelligently scatters them across the target
cloud. A client may choose the encoding scheme most appropriate for the sensitivity of their data. If none of the supported schemes are sufficient for the client's needs or the client
has their own custom encoding, DSFS can accept already encoded fragments and perform
secure placement.
Evaluation of our prototype service demonstrates clear trade-offs in performance between
the different levels of security encoding provides, allowing clients to choose how
much the importance of their data is worth. This amount of flexibility is unique to DSFS and turns it into more of a secure storage facilitator that can help clients as much or as little as required. We also see a significant effect on overhead from the service's location relative to its cloud when we compare performances of our own setup with a commercial cloud
service.
|
78 |
Using Ambient Radio Environment to Support Practical Pervasive ComputingVarshavsky, Alexander 26 February 2009 (has links)
Mobile applications can benefit from increased awareness of the device's context. Unfortunately, existing solutions for inferring context require special purpose sensors or beacons on the mobile devices or in the physical environment. This requirement significantly limits the deployment of these solutions. In this thesis, I argue that mobile devices can infer a substantial amount of their context by leveraging their existing wireless interfaces to monitor ambient radio sources, such as GSM cell towers or WiFi access points. I focus on two important problems in context-aware computing: localization of mobile devices and detecting proximity between mobile devices for authentication purposes. Specifically, I present an accurate localization system based on fingerprinting of GSM signals. I show that the key to more accurate GSM localization is the use of wide signal strength fingerprints that include readings from a large number of base stations. Next, I present a method that addresses the key drawback of fingerprint-based localization systems - the need to collect extensive measurements to train the system in every target environment. Finally, I show how radio environment sensing can be used to secure the communication of devices that come within close proximity. Removing the need for additional hardware on the mobile devices and in the physical environment renders the approach that I present amenable for widespread deployment.
|
79 |
乳児の愛着行動と行動的抑制傾向 : 家庭での母子短期分離再会場面を使用して水野, 里恵, Mizuno, Rie 12 1900 (has links)
国立情報学研究所で電子化したコンテンツを使用している。
|
80 |
Ανάπτυξη και αποτίμηση ασφαλούς εφαρμογής σε έξυπνο τηλέφωνοΚλαουδάτος, Νικόλαος 11 January 2011 (has links)
Σκοπός αυτής της διπλωματικής εργασίας ήταν η ανάπτυξη μιας ασφαλούς εφαρμογής για έξυπνο τηλεφωνο (smartphone) με λειτουργικό σύστημα Microsoft Windows Mobile 6 χρησιμοποιώντας το .NET Compact Framework 3.5 (.NET CF) αλλά και η αποτίμηση της απόδοσής της.
Αρχικά αξιολογήσαμε την απόδοση των αλγόριθμων AES, DES, MD5, SHA1 που παρέχει το .NET CF. Επειδή το .NET CF 3.5 δεν παρέχει κάποια συνάρτηση ασφαλούς κατακερματισμού, υλοποιήσαμε δύο παραλλαγές αλγόριθμου HMAC. Η πρώτη βασίζεται στον αλγόριθμο MD5 και η δεύτερη στο SHA1. Η αποτίμηση της απόδοσης έγινε για μεγέθη εισόδων 1 ΚΒ, 4 ΚΒ, 32 ΚΒ, 512 ΚΒ και 1 ΜΒ. Από τα αποτελέσματα που προέκυψαν διαπιστώσαμε ότι ο AES είναι πολύ πιο αργός από τον DES. Επίσης ο SHA1 είναι πιο αργός από τον MD5, κάτι το οποίο ισχύει για τον HMAC-SHA1 συγκριτικά με τον HMAC-MD5.
Αναπτύξαμε στη συνέχεια μία εφαρμογή για την ασφαλή αποθήκευση αρχείων σε smartphone. H εφαρμογή υλοποιεί για τη διαχείριση κλειδιών κρυπτογράφησης τόσο το κλασσικό πρωτόκολλο, όσο και τις δύο παραλλαγές του πρωτοκόλλου ελεγχόμενης τυχαιότητας, το οποίο έχει προταθεί στη βιβλιογραφία.
Ολοκληρώνοντας την εργασία μας, αποτιμήσαμε την απόδοση των τρίων πρωτοκόλλων για διάφορα μεγέθη αρχείων. Τα αποτελέσματα των μετρήσεων μας επιβεβαιώνουν ότι το πρωτόκολλο ελεγχόμενης τυχαιότητας επιτυγχάνει προηγμένα χαρακτηριστικά ασφάλειας με μικρό υπολογιστικό κόστος στην πλατφόρμα Microsoft Windows Mobile 6. / -
|
Page generated in 0.0392 seconds