Global ETD Search

341	Protecting Location-Data Against Inference Attacks Using Pre-Defined Personas Chini Foroushan, Amir Hossein January 2011 (has links) Usage of locational data is getting more popular day by day. Location-aware application, context aware application and Ubiquities applications are some of the major categories of applications which are based on locational data. One of the most concerning issues regarding such applications is how to protect user’s privacy against malicious attackers. Failing in this task would result in a total failure for the project, considering how privacy concerns are getting more and more important for the end users. In this project, we will propose a theoretical solution for protecting user privacy in location-based application against inference attacks. Our solution is based on categorizing target users into pre-defined groups (a. k. a. Personas) and utilizing their common characteristics in order to synthesize access control rules for the collected data. Location-based application User Privacy Inference Attacks Access Control Engineering and Technology Teknik och teknologier
342	Using Supervised Learning and Data Fusion to Detect Network Attacks Hautsalo, Jesper January 2021 (has links) Network attacks remain a constant threat to organizations around the globe. Intrusion detection systems provide a vital piece of the protection needed in order to fend off these attacks. Machine learning has become a popular method for developing new anomaly-based intrusion detection systems, and in recent years, deep learning has followed suit. Additionally, data fusion is often applied to intrusion detection systems in research, most often in the form of feature reduction, which can improve the accuracy and training times of classifiers. Another less common form of data fusion is decision fusion, where the outputs of multipe classifiers are fused into a more reliable result. Recent research has produced some contradictory results regarding the efficiency of traditional machine learning algorithms compared to deep learning algorithms. This study aims to investigate this problemand provide some clarity about the relative performance of a selection of classifier algorithms, namely artificial neural network, long short-term memory and random forest. Furthermore, two feature selection methods, namely correlation coefficient method and principal component analysis, as well as one decision fusion method in D-S evidence theory are tested. The majority of the feature selection methods fail to increase the accuracy of the implemented models, although the accuracy is not drastically reduced. Among the individual classifiers, random forest shows the best performance, obtaining an accuracy of 87,87%. Fusing the results with D-S evidence theory further improves this result, obtaining an accuracy of 88,56%, and proves particularly useful for reducing the number of false positives. Network intrusion detection IDS network attacks supervised learning Computer Sciences Datavetenskap (datalogi)
343	Security related self-protected networks: Autonomous threat detection and response (ATDR) Havenga, Wessel Johannes Jacobus January 2021 (has links) >Magister Scientiae - MSc / Cybersecurity defense tools, techniques and methodologies are constantly faced with increasing challenges including the evolution of highly intelligent and powerful new-generation threats. The main challenges posed by these modern digital multi-vector attacks is their ability to adapt with machine learning. Research shows that many existing defense systems fail to provide adequate protection against these latest threats. Hence, there is an ever-growing need for self-learning technologies that can autonomously adjust according to the behaviour and patterns of the offensive actors and systems. The accuracy and effectiveness of existing methods are dependent on decision making and manual input by human experts. This dependence causes 1) administration overhead, 2) variable and potentially limited accuracy and 3) delayed response time. Denial of service attacks Machine learning Neural networking Self-protected networks Anomaly detection Cybersecurity
344	Data Link Layer Security for Spacecraft Communication Implementation on FPGA Sundberg, Sarah January 2020 (has links) With increasing awareness of potential security threats there is a growing interest in communication security for spacecraft control and data. Traditionally commercial and scientific missions have relied on their uniqueness to prevent security breaches. During time the market has changed with open systems for mission control and data distribution, increased connectivity and the use of existing and shared infrastructure. Therefore security layers are being introduced to protect spacecraft communication. In order to mitigate the perceived threats, the Consultative Committee for Space Data Systems (CCSDS) has proposed the addition of communication security in the various layers of the communication model. This thesis describes and discuss their proposal and look into how this application should be implemented into the data link layer of the communication protocol to protect from timing attacks. An implementation of AES-CTR+GMAC is constructed in software to compare different key lengths and another implementation is constructed in synthesized VHDL for use on hardware to investigate the impact on area consumption on the FPGA as well as if it is possible to secure it from cache-timing attacks. AES-GCM FPGA VHDL Spacecraft Communication Timing attacks Security Embedded Systems Inbäddad systemteknik
345	Sécurité physique de la cryptographie sur courbes elliptiques / Physical security of elliptic curve cryptography Murdica, Cédric 13 February 2014 (has links) La Cryptographie sur les Courbes Elliptiques (abréviée ECC de l'anglais Elliptic Curve Cryptography) est devenue très importante dans les cartes à puces car elle présente de meilleures performances en temps et en mémoire comparée à d'autres cryptosystèmes asymétriques comme RSA. ECC est présumé incassable dans le modèle dit « Boite Noire », où le cryptanalyste a uniquement accès aux entrées et aux sorties. Cependant, ce n'est pas suffisant si le cryptosystème est embarqué dans un appareil qui est physiquement accessible à de potentiels attaquants. En plus des entrés et des sorties, l'attaquant peut étudier le comportement physique de l'appareil. Ce nouveau type de cryptanalyse est appelé cryptanalyse physique. Cette thèse porte sur les attaques physiques sur ECC. La première partie fournit les pré-requis sur ECC. Du niveau le plus bas au plus élevé, ECC nécessite les outils suivants : l'arithmétique sur les corps finis, l'arithmétique sur courbes elliptiques, la multiplication scalaire sur courbes elliptiques et enfin les protocoles cryptographiques. La deuxième partie expose un état de l'art des différentes attaques physiques et contremesures sur ECC. Pour chaque attaque, nous donnons le contexte dans lequel elle est applicable. Pour chaque contremesure, nous estimons son coût en temps et en mémoire. Nous proposons de nouvelles attaques et de nouvelles contremesures. Ensuite, nous donnons une synthèse claire des attaques suivant le contexte. Cette synthèse est utile pendant la tâche du choix des contremesures. Enfin, une synthèse claire de l'efficacité de chaque contremesure sur les attaques est donnée. / Elliptic Curve Cryptography (ECC) has gained much importance in smart cards because of its higher speed and lower memory needs compared with other asymmetric cryptosystems such as RSA. ECC is believed to be unbreakable in the black box model, where the cryptanalyst has access to inputs and outputs only. However, it is not enough if the cryptosystem is embedded on a device that is physically accessible to potential attackers. In addition to inputs and outputs, the attacker can study the physical behaviour of the device. This new kind of cryptanalysis is called Physical Cryptanalysis. This thesis focuses on physical cryptanalysis of ECC. The first part gives the background on ECC. From the lowest to the highest level, ECC involves a hierarchy of tools: Finite Field Arithmetic, Elliptic Curve Arithmetic, Elliptic Curve Scalar Multiplication and Cryptographie Protocol. The second part exhibits a state-of-the-art of the different physical attacks and countermeasures on ECC.For each attack, the context on which it can be applied is given while, for each countermeasure, we estimate the lime and memory cost. We propose new attacks and new countermeasures. We then give a clear synthesis of the attacks depending on the context. This is useful during the task of selecting the countermeasures. Finally, we give a clear synthesis of the efficiency of each countermeasure against the attacks. Sécurité physique Attaques en fautes ECC Physical security Attacks faults Elliptic curve cryptography
346	Western White Pine: The Effect of Clone and Cone Color on Attacks by the Mountain Pine Cone Beetle Jenkins, Michael J 01 May 1982 (has links) The relationship between clone and cone color in western white pine, Pinus monticola Douglas, to attack by the mountain pine cone beetle, Conophthorus monticolae Hopkins, was studied in the Sandpoint Seed Orchard, Idaho. A positive relationship was shown to exist during a 5 year field evaluation. Cone beetles were found to prefer dark colored cones and to attack certain clones at a higher rate than others. Laboratory dissections did not indicate that cone color affected oviposition, brood development or brood mortality. Olfactometer experiments demonstrated that olfactory stimuli are involved in the cone beetle attack sequence. Visual cues relating to cone color may be involved in the initial long range host orientation of attacking beetles. Western White Pine Clone Cone Attacks Mountain pine cone beetle Biology
347	Evaluation of Tracking Regimes for, and Security of, PLI Systems Taheri, Shayan 01 May 2015 (has links) In the area of computer and network security, due to the insufficiency, high costs, and user-unfriendliness of existing defending methods against a number of cyber attacks, focus for developing new security improvement methods has shifted from the digital to analog domain. In the analog domain, devices are distinguished based on the present variations and characteristics in their physical signals. In fact, each device has unique features in its signal that can be used for identification and monitoring purposes. In this regard, the term physical layer identification (PLI) or device fingerprinting refers to the process of classifying different electronic devices based on their analog identities that are created by employment of signal processing and data analysis methods. Due to the fact that a device behavior undergoes changes due to variations in external and internal conditions, the available PLI techniques might not be able to identify the device reliably. Therefore, a tracking system that is capable of extracting and explaining the present variations in the electrical signals is required to be developed. In order to achieve the best possible tracking system, a number of prediction models are designed using certain statistical techniques. In order to evaluate the performance of these models, models are run on the acquired data from five different fabrications of the same device in four distinct experiments. The results of performance evaluation show that the surrounding temperature of a device is the best option for predicting its signal. The last part of this research project belongs to the security evaluation of a PLI system. The leveraged security examination technique exposes the PLI system to different types of attacks and evaluates its defending strength accordingly. Based on the mechanism of the employed attack in this work, the forged version of a device’s signal is generated using an arbitrary waveform generator (AWG) and is sent to the PLI system. The outcomes of this experiment indicate that the leveraged PLI technique is strong enough in defeating this attack. cyber attacks security improvement Physical Layer Identification PLI tracking system Computer Engineering
348	Sécurisation des algorithmes de couplages contre les attaques physiques / Security of pairing algorithms against physical attacks Jauvart, Damien 20 September 2017 (has links) Cette thèse est consacrée à l’étude de la sécurité physique des algorithmesde couplage. Les algorithmes de couplage sont depuis une quinzaine d’années utilisésà des fins cryptographiques. D’une part, les systèmes d’information évoluent, et denouveaux besoins de sécurité apparaissent. Les couplages permettent des protocolesinnovants, tels que le chiffrement basé sur l’identité, les attributs et l’échange tripartien un tour. D’autre part, l’implémentation des algorithmes de couplages est devenueefficace, elle permet ainsi d’intégrer des solutions cryptographiques à base de couplagedans les systèmes embarqués.La problématique de l’implémentation sécurisée des couplages dans les systèmesembarqués va être étudiée ici. En effet, l’implémentation d’algorithmes dédiés à lacryptographie sur les systèmes embarqués soulève une problématique : la sécurité del’implémentation des couplages face aux attaques physiques. Les attaques par canauxauxiliaires, dites passives, contre les algorithmes de couplages sont connues depuisbientôt une dizaine d’années. Nous proposons des études pour valider l’efficacité desattaques en pratique et avec des atouts théoriques. De notre connaissance, il y a uneseule attaque pratique dans la littérature, nous l’optimisons d’un facteur dix en termesde nombres de traces. Nous proposons aussi une attaque horizontale, qui nous permetd’attaquer le couplage twisted Ate en une seule trace.Par ailleurs, les contre-mesures n’ont été que peu étudiées. Nous complétons cettepartie manquante de la littérature. Nous proposons de nouveaux modèles d’attaquessur la contre-mesure de randomisation des coordonnées. L’attaque en collision proposéepermet ainsi de donner une réévaluation de la contre-mesure ciblée. Ainsi nousproposons la combinaison de contre-mesures qui, à moindres coûts, protégerait de cesattaques. / This thesis focuses on the resistance of Pairing implementations againstside channel attacks. Pairings have been studied as a cryptographic tool for the pastfifteen years and have been of a growing interest lately. On one hand, Pairings allowthe implementation of innovative protocols such as identity based encryption, attributebased encryption or one round tripartite exchange to address the evolving needs ofinformation systems. On the other hand, the implementation of the pairings algorithmshave become more efficient, allowing their integration into embedded systems.Like for most cryptographic algorithms, side channel attack schemes have beenproposed against Pairing implementations. However most of the schemes describedin the literature so far have had very little validation in practice. In this thesis, westudy the practical feasibility of such attacks by proposing a technique for optimizingcorrelation power analysis on long precision numbers. We hence improve by a factorof 10 the number of side-channel leakage traces needed to recover a 256-bit secret keycompared to what is, to our best knowledge, one of the rare practical implementationsof side channel attacks published. We also propose a horizontal attack, which allow usto attack the twisted Ate pairing using a single trace.In the same way, countermeasures have been proposed to thwart side channel attacks,without any theoretical or practical validation of the efficiency of such countermeasures.We here focus on one of those countermeasures based on coordinatesrandomization and show how a collision attack can be implemented against this countermeasure.As a result, we describe how this countermeasure would have to be implementedto efficiently protect Pairing implementations against side channel attacks.The latter studies raise serious questions about the validation of countermeasures whenintegrated into complex cryptographic schemes like Pairings Cryptographie Couplages Attaques par canaux auxiliaires Contre-Mesures Cryptography Pairings Side-Channel attacks Countermeasures
349	Towards a better formalisation of the side-channel threat / Vers une meilleure formalisation des attaques par canaux cachés Cherisey, Eloi de 18 December 2018 (has links) Dans le cadre de la sécurité des systèmes embarqués, il est nécessaire de connaître les attaques logicielles et physiques pouvant briser la sécurité de composants cryptographiques garantissant l’intégrité, la fiabilité et la confidentialité des données. Etant donné que les algorithmes utilisés aujourd’hui comme Advanced Encryption Standard (AES) sont considérés comme résistants contre la cryptanalyse linéaire et différentielle, d’autres méthodes plus insidieuses sont utilisées pour récupérer les secrets de ces composants. En effet, la clé secrète utilisée pour le chiffrement de données peut fuiter pendant l’algorithme. Il est ainsi possible de mesurer cette fuite et de l’exploiter. Cette technique est appelée attaque par canal auxiliaire.Le principal objectif de ce manuscrit de thèse est de consolider les connaissances théoriques sur ce type de menace. Pour cela, nous appliquons des résultats de théorie de l’information à l’ étude par canal auxiliaire. Nous montrons ainsi comment il est possible de comparer un modèle de fuite par canal auxiliaire à un modèle de transmission de l’information. Dans un premier temps, nous montrons que la sécurité d’un composant est fortement dépendante du rapport signal à bruit de la fuite. Ce résultat a un impact fort car il ne dépend pas de l’attaque choisie. Lorsqu’un designer équipe son produit, il ne connaît pas encore la manière dont son système embarqué pourra être attaque plusieurs années plus tard. Les outils mathématiques proposés dans ce manuscrit pourront aider les concepteurs à estimer le niveau de fiabilité de leurs puces électroniques. / In the field of the security of the embeded systems, it is necessary to know and understandthe possible physical attacks that could break the security of cryptographic components. Sincethe current algorithms such as Advanced Encryption Standard (AES) are very resilient agaisntdifferential and linear cryptanalysis, other methods are used to recover the secrets of thesecomponents. Indeed, the secret key used to encrypt data leaks during the computation of thealgorithm, and it is possible to measure this leakage and exploit it. This technique to recoverthe secret key is called side-channel analysis.The main target of this Ph. D. manuscript is to increase and consolidate the knowledge onthe side-channel threat. To do so, we apply some information theoretic results to side-channelanalysis. The main objective is show how a side-channel leaking model can be seen as acommunication channel.We first show that the security of a chip is dependant to the signal-to-noise ratio (SNR) ofthe leakage. This result is very usefull since it is a genereic result independant from the attack.When a designer builds a chip, he might not be able to know in advance how his embededsystem will be attacked, maybe several years later. The tools that we provide in this manuscriptwill help designers to estimated the level of fiability of their chips. Cryptographie Attaques sur les canaux cachés Statistiques Théorie de l'information Cryptogtaphy Side chanels attacks Statistics Information theory
350	Offer of security: at the expense of democracy : A qualitative comparative difference-in-difference study on the connection between the exposure of terrorist attacks and the level of democracy. Stulic, Lisa January 2022 (has links) This paper explores the research puzzle if states, in the name of security, conduct policy changes due to terrorist attacks and whether theses policy changes has an affect on the level of democracy. The research examines the cases of France and the UK during 2014-2016. France experienced several terrorist attacks in 2015 while the UK experienced none. The hypothesis, that the exposure of a terrorist attack/terrorist attacks leads to a decrease in democracy, received strong support. France saw a greater number of democratic restrictions than the UK in 2016. However, the support was reduced to a moderate level since the empirics indicate that countries often conduct anti-democratic policy changes due to previous experienced terrorist attacks and a perceived threat of terrorist attacks. This was the case in both countries 2014 and the UK 2016 where no terrorist attack was observed. An alternative explanation is that crises in general constitute a reduction in democracy rather than specifically terrorist attacks. Another objection is that the result might suffer from low reliability due to the case's similarity in terms of being European democratic countries. Therefore, to generalize the result a broader number of cases have to be examined. terrorist attacks level of democracy security Övrig annan samhällsvetenskap

Search results