Development of a Novel Method to Reduce the Impact of Cutaneous chemical attacks

Davis, Stefan J., Wise, William R., Covington, A. D., Petter, J., Reip, P.

26 June 2019

Content: Acid attacks are a global problem: from 2011 to 2016 there were 1,464 incidents involving a corrosive substance in London alone. The most common chemicals used in these attacks are sulfuric, nitric and hydrochloric acids. Concentrated solutions of strongly alkaline substances including sodium hydroxide and sodium hypochlorite are also used. Current first-aid advice suggests diluting the exposed area with water and transfer to a hospital for further treatment. An immediate neutralisation treatment is avoided as incorrect identification of the corrosive could worsen the damage. In addition, there are concerns the enthalpy of solvation and neutralisation causes secondary burns. These limitations demonstrate the need for an amphoteric neutralising treatment with a low enthalpy of neutralisation. Aqueous formulations of natural water-based surfactants with natural plant-based substances have been trialled as neutralisers of sulfuric acid, sodium hydroxide and sodium hypochlorite. pH titrations demonstrated that the natural formulations are amphoteric, capable of effectively neutralising acidic and alkaline corrosives with minimal heat of neutralisation and no gas evolution. In addition, the studies have shown that the formulations can reduce oxidisers such as sodium hypochlorite. The experiments compared intact collagen with attacked but untreated collagen and collagen that had a corrosive applied but followed by treatment at different time intervals. Scanning electron microscopy (SEM) showed the reaction with concentrated sulfuric acid is rapid; significant collapse and gelatinisation of the fibre structure was observed within 5 seconds. Pigskin was utilised to model human skin: the observations demonstrated the importance of the epidermis in protecting the skin from chemical damage. Five minutes exposure to sulfuric acid, sodium hydroxide and sodium hypochlorite did not penetrate the epidermis, although damage was observed. The formulations of natural products recently tested at the University of Northampton have been shown to mitigate secondary chemical burns, whereas treatment with water alone resulted in secondary burns due to residual corrosive in the skin structure not being neutralised. The trials indicate that the product could be usefully applied by first responders and emergency services personnel. Take-Away: The findings have the potential to change current first-aid reccomendations by demonstrating an applicable neutralisation mechanism, whereas neutralisation with sodium bicarbonate has been shown to cause further damage to skin structure via gas evolution. Formulations of natural products have been shown to mitigate secondary chemical burns, whereas treatment with water resulted in secondary burns due to residual corrosive in the skin structure not being neutralised. Trials indicate these natural formulations could be usefully applied by first responders and emergency services personnel.

info:eu-repo/classification/ddc/620

ddc:620

Speculative Interference: A Modern Spectre Attack / Spekulativ Interferens: En Modern Spectre-attack

Borg, Isak

January 2021

Since the Spectre family of attacks were made public knowledge in January of 2018, researchers, manufacturers and interested individuals have experimented a lot with creating defences against it. But there have also been a lot of research aimed at circumventing these defences and finding alternative side-channels and mechanisms for performing Spectre-type attacks. This thesis implements and demonstrates a proof of concept of one of these newfound attacks known as a Speculative interference attack. This is done in a simulated environment, which to our knowledge has not been done before at the time of writing this report. After the 'basic' version of a Spectre attack has been explained, the thesis will explain how the more advanced interference attack works and how it is implemented in the simulated environment. In the end the results gained with the attack will be presented, which should convince the reader of the relevance and possibilities of the attack. / Efter att säkerhetsattackerna kända som Spectre offentliggjordes i Januari 2018 har bådeforskare, utvecklare och intresserade individer experimenterat med att ta fram försvar mot dem. Det har också spenderats mycket resurser och tid på att finna sätt att kringgå dessa försvar och att hitta alternativa sido-kanaler och mekanismer som kan utnyttjas för att genomföra en Spectre-attack. Den här uppsatsen demonstrerar en fungerande implementation av en av dessa nyfunna attacker, känd som en ’Speculative interference attack’. Detta görs i en simulerad miljö, vilken enligt vår kännedom inte tidigare har gjorts vid genomförandet av detta arbete. Efter att en mer grundläggande version av en Spectre-attack har förklarats kommer uppsatsen att gå igenom hur den mer avancerade ’interference’ attacken fungerar och hur den är implementerad. I slutändan kommer de resultat attacken tagit fram att redogöras, vilket bör övertyga läsaren om attackens relevans och möjligheter.

Spectre

spectre attack

speculative interference

speculative execution

invisible speculation

gem5

Computer and Information Sciences

Data- och informationsvetenskap

Differential Power Analysis In-Practice for Hardware Implementations of the Keccak Sponge Function

Graff, Nathaniel

01 June 2018

The Keccak Sponge Function is the winner of the National Institute of Standards and Technology (NIST) competition to develop the Secure Hash Algorithm-3 Standard (SHA-3). Prior work has developed reference implementations of the algorithm and described the structures necessary to harden the algorithm against power analysis attacks which can weaken the cryptographic properties of the hash algorithm. This work demonstrates the architectural changes to the reference implementation necessary to achieve the theoretical side channel-resistant structures, compare their efficiency and performance characteristics after synthesis and place-and-route when implementing them on Field Programmable Gate Arrays (FPGAs), publish the resulting implementations under the Massachusetts Institute of Technology (MIT) open source license, and show that the resulting implementations demonstrably harden the sponge function against power analysis attacks.

power analysis

hash function

VHDL

cryptography

side-channel attack

Rozšíření nástroje JMeter / Implementation of plugins for JMeter

Švehlák, Milan

January 2017

This thesis discusses the load testing tool JMeter and its opportunities for expansion by modules carrying out cyber attacks of the type Denial of Service (DoS). To begin with, there is a theoretical overview of cyber attacks of this type. The following chapter, talks about the JMeter tool, namely its functions and expansion options. After that, it is proceeded to the actual design and realization of the modules. The module implementing the attack HTTP Flood is created first. This module uses internal functions of the program JMeter. This new module is tested. Next chapter folows the procedure of creating modules, that use external generator of network traffic. Modules SYN Flood, ICMP Flood and NTP Flood are implemented using the generator Trafgen. Module implementing attack Slowloris uses a Python script as a generator of the attack. Finally, all the new modules are tested.

Automatizovaný tester bezpečnosti chytrých zařízení v energetice / Automated cyber security tester for smart devices in industry

Dávidík, Roland

January 2020

This diploma thesis explains the principle of SCADA systems and describes the DLMS/COSEM protocol. In the next part, it shortly describes the Modbus protocol and details the pros and cons of the Modbus protocol in comparison with the DLMS/COSEM protocol. In the next part, an open-source automated scanner was created. This scanner detects devices in a laboratory network. As the next step, the automated scanner finds out open ports and active services, which run on these devices, and tries to attack HTTP, SSH, and Telnet services. Next, the program checks, whether the found device is a smart-meter device and if it is compatible with DLMS/COSEM protocol. If yes, it checks, if the service is vulnerable to DOS attack and breaker disconnection. Scanner’s findings are presented in a newly created web application. NMAP, Masscan, and Metasploit open-source programs are used in the automated scanner. The whole automated scanner is optimized for the HW device Raspberry Pi with the operating system Raspbian Buster Lite installed. This work also describes the testing of the scanner on the laboratory environment and the results are evaluated afterwards.

Modelování a detekce útoku SlowDrop / Modeling and detection of SlowDrop attack

Mazánek, Pavel

January 2020

The work's main topic is a recently published slow DoS attack called SlowDrop. The work focuses on the subject of describing the current state of the DoS problem as a whole and the SlowDrop attack as well. It works with this theoretical basis during the implementation of it's own SlowDrop attack model. This model is tested in various scenarios and the outcome results are analyzed and constructively discussed. Furthermore defensive mechanisms against this threat and DoS attacks in general are proposed, specific methods shown and configurations recommended. These methods are followingly tested and evaluated. Last but not least the traffic of a SlowDrop attacker and a legitimate client with bad connection, which the SlowDrop attack is trying to immitate, are compared. From this comparison final conclusions of this work are drawn.

Technika SQL injection - její metody a způsoby ochrany / SQL Injection Technique - its Methods and Methods of Protection

Bahureková, Beáta

January 2020

SQL injection is a technique directed against web applications using an SQL database, which can pose a huge security risk. It involves inserting code into an SQL database, and this attack exploits vulnerabilities in the database or application layer. The main goal of my thesis is to get acquainted with the essence of SQL injection, to understand the various methods of this attack technique and to show ways to defend against it. The work can be divided into these main parts, which I will discuss as follows.In the introductory part of the work I mention the theoretical basis concerning SQL injection issues. The next chapter is focused on individual methods of this technique. The analytical part is devoted to mapping the current state of test subjects, scanning tools, which form the basis for optimal research and testing of individual SQL methods, which are discussed in this part from a practical point of view along with the analysis of commands. In the last part I will implement SQL methods on selected subjects and based on the outputs I will create a universal design solution how to defend against such attacks.

Detekce útoku SlowDrop / SlowDrop attack detection

Náčin, Peter

January 2021

The diploma thesis is focused on the detection of a slow DoS attack named SlowDrop. The attack tries to imitate a legitimate person with a slow internet connection and does not show a new strong signature, so the attack is difficult to detect. The diploma thesis is based on the work of Ing. Mazanek in which the SlowDrop attack script was created. At the theoretical level, the issue of DoS attacks is described in general, but also in particular. Furthermore, the work develops methods for solving the problem of SlowDrop attack detection. The methods are then defined in detail and tested in a simulation environment. The practical part describes data analysis, signature detection, anomaly detection using neural networks and a detection script. In all practical parts, the used technologies and solution procedures are described in detail. The specific implementation of the solution and the achieved results are also presented. Finally, the individual results are evaluated, compared individually, but also among themselves. The obtained results show that the attack is detectable using a neural network and by created detection script.

Analýza poškození dopravního letounu při teroristickém útoku / Analysis of transport aircraft damage during of terrorist attack

Čížková, Markéta

January 2021

In its theoretical part, the diploma thesis deals with the reasons leading to terrorist attacks and a brief list of some attacks on aircraft. It also focuses on the aircraft as the target of a terrorist attack, especially the aircraft kite as the major researched part. The conclusion of the theoretical part summarizes a list of types of aircraft fuselage structures in respect of design solutions for load transfer. The practical part determines the extent of damage caused by a missile with a fragmentation warhead. This scope is then applied to the illustrative case. In the following chapters, the calculation of the critical force of a panel loaded with pressure depends on the different nature and extent of damage. Then the work highlights the evaluation of the obtained results, which are also summarized in the conclusions of the work.

Sledování úspěšnosti vybraných herních činností ve volejbale u specializace smečař v mužské extralize. / Success rate monitoring of the selected volleyball spiker game moves in the male extraleague.

Horák, Tomáš

January 2021

Title: Success rate monitoring of the selected volleyball spiker game moves in the male extraleague. Aim: The aim of the thesis is to find out the success of the players in the hitter's position in the best eight teams of the men's volleyball extraleague on the pass and on the attack. Method: The thesis is based on empirical research using the technique of data collection using indirect observation, survey and video analysis of selected matches. Results: The results confirmed that the second spikers were better players in the passing ball than first spikers. It was further confirmed that the first spikers were better attacking players than second spikers. The first spikers were more used in the attack than second spikers, it wasn't confirmed. Keywords: Volleyball Spiker Pass Attack Male extraleague Statistics