The changing character of power projection and maritime security in a digital age

Venables, Adrian

January 2017

The ability to fully understand the composition and properties of cyberspace and successfully exploit its potential is now regarded as being an essential component in the economic success and prestige of modern networked societies. This dependence has resulted in cyberspace being utilised to project national power and influence and is a key component in the establishment and maintenance of international relationships, trade, and security. Although providing both opportunities and threats in terms of a nation’s foreign policy and more broadly in the defence of a nation’s critical national infrastructure, the relationship between the maritime and cyber environments is one that is neither well researched or understood, but is becoming increasingly important. This thesis examines how the properties of these two environments can be harnessed to project power and influence over a target audience through three research objectives. The first is to introduce a novel three-dimensional model of cyberspace optimised to better understand how its properties and attributes can be measured in terms of power projection and to demonstrate that the environment does not exhibit universal characteristics but that its structure and use may differ at the source and destination of a cyberpower campaign. The second is to investigate the close relationship and interdependence between the maritime and cyber environments within the context of power and security leading to the new concept of maritime cyberspace. Finally, by classifying cyberattacks as acts of intelligence gathering, sabotage, or subversion, the third objective develops a more nuanced and complex appreciation of how power can be projected in maritime cyberspace to reach a target audience. The thesis concludes by reflecting on the usefulness and applicability of these three objectives and how they go beyond current thinking to enable the UK’s defence cyber doctrine to be re-examined and expanded to incorporate these new ideas.

005.8

A framework for the systematic evaluation of malware forensic tools

Kennedy, Ian Martin

January 2017

Following a series of high profile miscarriages of justice linked to questionable expert evidence, the post of the Forensic Science Regulator was created in 2008 with a remit to improve the standard of practitioner competences and forensic procedures. It has since moved to incorporate a greater level of scientific practice in these areas, as used in the production of expert evidence submitted to the UK Criminal Justice System. Accreditation to their codes of practice and conduct will become mandatory for all forensic practitioners by October 2017. A variety of challenges with expert evidence are explored and linked to a lack of a scientific methodology underpinning the processes followed. In particular, the research focuses upon investigations where malicious software (‘malware’) has been identified. A framework, called the ‘Malware Analysis Tool Evaluation Framework’ (MATEF), has been developed to address this lack of methodology to evaluate software tools used during investigations involving malware. A prototype implementation of the framework was used to evaluate two tools against a population of over 350,000 samples of malware. Analysis of the findings indicated that the choice of tool could impact on the number of artefacts observed in malware forensic investigations as well as identifying the optimal execution time for a given tool when observing malware artefacts. Three different measures were used to evaluate the framework. The first of these evaluated the framework against the requirements and determined that these were largely met. Where the requirements were not met these are attributed to matters either outside scope or the fledgling nature of the research. Another measure used to evaluate the framework was to consider its performance in terms of speed and resource utilisation. This identified scope for improvement in terms of the time to complete a test and the need for more economical use of disk space. Finally, the framework provides a scientific means to evaluate malware analysis tools, hence addressing the Research Question subject to the level at which ground truth is established. A number of contributions are produced as the output of this work. First there is confirmation for the case for a lack of trusted practice in the field of malware forensics. Second, the MATEF itself, as it facilitates the production of empirical evidence of a tool’s ability to detect malware artefacts. A third contribution is a set of requirements for establishing trusted practice in the use of malware artefact detection tools. Finally, empirical evidence that supports both the notion that the choice of tool can impact on the number of artefacts observed in malware forensic investigations as well as identifying the optimal execution time for a given tool when observing malware artefacts.

005.8

Design, implementation and analysis of keyed hash functions based on chaotic maps and neural networks / Conception et mise en oeuvre efficace de fonctions de hachage à sens unique basées sur des cartes chaotiques et réseaux neuronaux.

Abdoun, Nabil

22 July 2019

Les fonctions de hachage sont des primitives les plus utiles en cryptographie. En effet, elles jouent un rôle important dans l’intégrité des données, l’authentification des messages, la signature numérique et le chiffrement authentifié. Ainsi, la conception de fonctions de hachage sécurisées est cruciale. Dans cette thèse, nous avons conçu, implanté et analysé les performances de deux architectures comprenant chacune deux structures de fonctions de hachage avec clé basées sur des cartes chaotiques et des réseaux neuronaux (KCNN). La première architecture s’appuie sur la construction Merkle-Dåmgard, tandis que la seconde utilise la fonction Éponge. La première structure de la première architecture est formée de deux couches KCNN avec trois schémas de sortie différents (CNN-Matyas-Meyer-Oseas, CNN-Matyas-Meyer-Oseas Modifié et CNN-Miyaguchi-Preneel), tandis que la seconde structure est composée d’une couche KCNN suivie d'une couche de combinaison de fonctions non linéaires. La première structure de la deuxième architecture est formée de deux couches KCNN avec deux longueurs de hachage 256 et 512 bits. La seconde structure est comparable à celle utilisée dans la première architecture. Le système chaotique est utilisé pour générer les paramètres du KCNN. Les résultats obtenus par les tests statistiques, ainsi que l'analyse cryptanalytique, démontrent la sécurité des fonctions de hachage KCNN proposées. Enfin, nous travaillons actuellement sur la structure KCNNDUPLEX intégrant les fonctions de hachage KCNN proposées (basées Éponge) pour leur utilisation dans une application de chiffrement authentifiée. / The hash functions are the most useful primitives in cryptography. They play an important role in data integrity, message authentication, digital signature and authenticated encryption. Thus, the design of secure hash functions is crucial. In this thesis, we designed, implemented, and analyzed the performance of two architectures, each with two keyed hash function structures based on chaotic maps and neural networks (KCNN). The first architecture is based on the Merkle-Dåmgard construction, while the second uses the Sponge function. The first structure of the first architecture consists of two KCNN layers with three different output schemes (CNN-Matyas- Meyer-Oseas, Modified CNN-Matyas-Meyer- Oseas and CNN-Miyaguchi-Preneel). The second structure is composed of a KCNN layer followed by a combination layer of nonlinear functions. The first structure of the second architecture is formed of two KCNN layers with two hash value lengths 256 and 512. The second structure is similar to that used in the first architecture. The chaotic system is used to generate KCNN parameters. The results obtained by the statistical tests, as well as the cryptanalytical analysis, demonstrate the security of the proposed KCNN hash functions. Finally, we are currently working on the KCNN-DUPLEX structure integrating the proposed KCNN hashing functions (Sponge-based) for use in an authenticated encryption application.

--

005.8

A Search-Based Framework for Security Protocol Synthesis

Chen, Hao

January 2007

Security protocol verification has been the area where the bulk of the research in cryptographic protocols has taken place and a number of successful supporting tools have been developed. However, not much research has been done in the area of applying formal methods to the design of cryptographic protocols in the first place, despite wide recognition that the design of cryptographic protocols is very difficult. Most existing protocols have been designed using informal methods and heavily rely on the verification process to pick up vulnerabilities. The research reported in this thesis shows how to automatically synthesise abstract protocols using heuristic search, explains how to add high-level efficiency concerns to the synthesis, and demonstrates how to refine the abstract protocols to executable Java Code.

005.8

Interdomain user authentication and privacy

Pashalidis, Andreas

January 2006

This thesis looks at the issue of interdomain user authentication, i.e. user authentication in systems that extend over more than one administrative domain. It is divided into three parts. After a brief overview of related literature, the first part provides a taxonomy of current approaches to the problem. The taxonomy is first used to identify the relative strengths and weaknesses of each approach, and then employed as the basis for putting into context four concrete and novel schemes that are subsequently proposed in this part of the thesis. Three of these schemes build on existing technology; the first on 2nd and 3rd-generation cellular (mobile) telephony, the second on credit/debit smartcards, and the third on Trusted Computing. The fourth scheme is, in certain ways, different from the others. Most notably, unlike the other three schemes, it does not require the user to possess tamper-resistant hardware, and it is suitable for use from an untrusted access device. An implementation of the latter scheme (which works as a web proxy) is also described in this part of the thesis. As the need to preserve one’s privacy continues to gain importance in the digital world, it is important to enhance user authentication schemes with properties that enable users to remain anonymous (yet authenticated). In the second part of the thesis, anonymous credential systems are identified as a tool that can be used to achieve this goal. A formal model that captures relevant security and privacy notions for such systems is proposed. From this model, it is evident that there exist certain inherent limits to the privacy that such systems can offer. These are examined in more detail, and a scheme is proposed that mitigates the exposure to certain attacks that exploit these limits in order to compromise user privacy. The second part of the thesis also shows how to use an anonymous credential system in order to facilitate what we call ‘privacy-aware single sign-on’ in an open environment. The scheme enables the user to authenticate himself to service providers under separate identifier, where these identifiers cannot be linked to each other, even if all service providers collude. It is demonstrated that the anonymity enhancement scheme proposed earlier is particularly suited in this special application of anonymous credential systems. Finally, the third part of the thesis concludes with some open research questions.

005.8

Rank codes and their applications to communication security

Khan, Eraj

January 2012

Today, computer networks are utilized for the sharing of information and resources more than ever before. Data transmitted over any network can exposed to many devious activities. To protect the information flowing through these networks involves the design and implementation of systems that maintain security. The aim of this thesis is to investigate Rank codes for implementing communication security techniques for different application areas. This thesis can be divided into three parts. Each of these parts are summarized below: Wireless sensor networks are increasingly becoming viable solutions to many challenging problems. Security is one of the main issues in some of the application areas of wireless sensor networks such as military and Supervisory Control and Data Acquisition (SCADA) applications. Key distribution is a fundamental prerequisite for secure communication in any network. Due to the inherent resource and computation constraints of sensor nodes, link key establishment among the nodes is non-trivial. Numerous key exchange schemes have been proposed so far but key pre-distribution schemes are perhaps well suited for large scale deployments of resource constrained sensor networks. We have studied different key pre-distribution schemes and proposed a scheme based on the generator matrix of maximum rank codes.

005.8

Security design analysis

Chivers, Howard Robert

January 2006

No description available.

005.8

Localisation and obfuscation techniques for enhanced multi-factor authentification in mcommerce applications

Kuseler, Torben

January 2012

Abstract The focus of this thesis is to investigate solutions that shall enhance the security of remote client authentication for mCommerce applications on phones such as Smartphones or Tablet-PCs. This thesis details three innovative authentication schemes developed during the course of this study. These schemes are based on the use of localisation and obfuscation techniques in combination with multi-factor authentication to enforce the knowledge of "who, when, where and how" necessary for any remote client authentication attempt. Thus, assuring the mCommerce service provider about the genuine client as well as ensuring correct capturing and processing of the client's authentication data on the remote phone. The author of this thesis believes that these schemes, when developed on commercial mCommerce applications, shall enhance the service provider's trust into the received client data and therefore shall encourage more service providers to offer their mCommerce services via phone applications to their clients. The first proposed scheme, called MORE-BAILS, combines multiple authentication factors into a One-Time Multi-Factor Biometric Representation (OTMFBR) of a client, so to achieve robust, secure, and privacy-preserving client authentication. Tests and trials of this scheme proved that it is viable for use in the authentication process of any type of mCommerce phone applications. The second and third schemes, called oBiometrics and LocAuth respectively, use a new obfuscated-interpretation approach to protect the mComrnerce application against misuse by attackers as well as to ensure the real-time and one-time properties of the client's authentication attempt. The novelty of combining biornetric-based keys with obfuscated-interpretation tightly binds the correct mCommerce application execution to the genuine client. Furthermore, integration of the client's current location and real-time in the LocAuth challenge / response scheme eliminates the risk that an attacker can illegitimately re-use previously gathered genuine client authentication data in a replay attack. f Based on appropriate criteria, the MORE-BAILS, oBiometrics and LocAuth levels of security, user-friendliness and algorithms' ease-of-implementation are proven m experiments and trials on state-of-the-art Android-based Smartphones.

005.8

On practical cryptographic protocols and schemes

Morrissey, Paul

January 2009

In this thesis we are concerned with the theoretical security aspects of practical key establishment protocols, client puzzle mechanisms and direct anonymous attestation schemes. By practical we mean such schemes are already in use or designed for this purpose. Such cryptographic schemes are designed to fit around existing infrastructures and take into account factors such as computational efficiency and state storage costs.

005.8

Mitigating denial of sevice (DoS) attacks in delay/disruption tolerant networks (DTNs)

Ansa, Godwin Okon

January 2012

A Delay/Disruption Tolerant Network (DTN) is an overlay on top of a number of diverse networks such as mobile ad hoc networks, wireless sensor networks, satellite networks, vehicular networks and the Internet. In terrestrial DTNs, the effectiveness of data dissemination is greatly affected by node mobility and end-to-end disconnections. The inherent mobility of nodes is exploited to forward data opportunistically when a contact arises through the store-carry-and- forward technique. Thus a DTN is characterized by limited bandwidth, long queuing delays, low data rate, low power and intermittent connectivity. The real challenge is how to make DTN resilient against Denial of Service (DoS) attacks. In this thesis, we have investigated several DoS mitigating schemes for wired and wireless networks and found most of them to be highly interactive requiring several protocol rounds, resource-consuming, complex, assume persistent connectivity and hence not suitable for DTN. This thesis proposes three variants of DTN-Cookies of which any is selected as the light-weight authenticator based on the perceived Network Threat Level. For the intra-region scenario, it proposes a DoS-Resilient Authentication Mechanism to mitigate the effect of resource exhaustion DoS attacks. For the inter-region scenario, it proposes an enhanced version of the DoS-Resilient Authentication Mechanism. The proposed mechanism exploits the loose time-synchronization property of DTN, dividing communication contact time into timeslots. The mechanism uses variable seed values in different time slots for the computation and verification of DTN-Cookies, incorporates an ingress filter at the region gateways and uses the HMAC variant of DTN-Cookie. This work also proposes a comprehensive defence mechanism against flooding DoS attacks. The aim of the proposed mechanism is to restrict the volume of malicious traffic during an attack. The rate limiting component monitors the number of bundles per traffic flow and different nodes are assigned different threshold values based on their capability and role in the network. The results show that the proposed DTN-Cookies accurately detect DoS attacks and outperform RSA- 1024 digital signatures in terms of energy and bandwidth efficiency. The proposed mechanisms have been verified through simulations and their superior performance is established over solutions which are based purely on Public-Key Cryptography.

005.8