Vers des communications de confiance et sécurisées dans un environnement véhiculaire / Towards trusted and secure communications in a vehicular environment

Tan, Heng Chuan

13 September 2017

Le routage et la gestion des clés sont les plus grands défis dans les réseaux de véhicules. Un comportement de routage inapproprié peut affecter l’efficacité des communications et affecter la livraison des applications liées à la sécurité. D’autre part, la gestion des clés, en particulier en raison de l’utilisation de la gestion des certificats PKI, peut entraîner une latence élevée, ce qui peut ne pas convenir à de nombreuses applications critiques. Pour cette raison, nous proposons deux modèles de confiance pour aider le protocole de routage à sélectionner un chemin de bout en bout sécurisé pour le transfert. Le premier modèle se concentre sur la détection de noeuds égoïstes, y compris les attaques basées sur la réputation, conçues pour compromettre la «vraie» réputation d’un noeud. Le second modèle est destiné à détecter les redirecteurs qui modifient le contenu d’un paquet avant la retransmission. Dans la gestion des clés, nous avons développé un système de gestion des clés d’authentification et de sécurité (SA-KMP) qui utilise une cryptographie symétrique pour protéger la communication, y compris l’élimination des certificats pendant la communication pour réduire les retards liés à l’infrastructure PKI. / Routing and key management are the biggest challenges in vehicular networks. Inappropriate routing behaviour may affect the effectiveness of communications and affect the delivery of safety-related applications. On the other hand, key management, especially due to the use of PKI certificate management, can lead to high latency, which may not be suitable for many time-critical applications. For this reason, we propose two trust models to assist the routing protocol in selecting a secure end-to-end path for forwarding. The first model focusses on detecting selfish nodes, including reputation-based attacks, designed to compromise the “true” reputation of a node. The second model is intended to detect forwarders that modify the contents of a packet before retransmission. In key management, we have developed a Secure and Authentication Key Management Protocol (SA-KMP) scheme that uses symmetric cryptography to protect communication, including eliminating certificates during communication to reduce PKI-related delays.

Règle de combinaison de Dempster

Fusion d’informations

Attaques par paquets

Attaques basées sur la réputation

Attaques à transmission limitée

VANET

WMN

PKI sans certificat

Cryptosystèmes hybrides

Proverif

Accord de clé 3D basé sur un réseau

Dempster’s rule of combination

Information fusion

Packet dropping attacks

Recommendation-based trust model

Reputation-based attacks

Limited transmission power attacks

Merkle tree authentication mechanism

VANET

WMN

Certificate-less PKI

Hybrid cryptosystems

Proverif

3D grid-based key agreement

Risk management strategies to maintain corporate reputation

Joosub, Tasneem Suliman

30 September 2006

All companies, are vulnerable to events that could impact their reputation. These events can arise from various factors, such as a company's employment practices, economics, natural disasters, pollution, poor governance or poor management. Effective risk managers identify the different circumstances and factors that may impact on the reputation of a company, prior to the incident occurring. In order to assist risk managers, this dissertation proposes a structured approach to the management of reputational risks, which would ensure that the impact on the reputation of the company is minimised. The proposed approach was collated and deduced from the actions taken by companies that have suffered attacks against their reputations, but have successfully mitigated the consequences and minimised the damage to their reputations. Specific South African legislative requirements are also taken into account. This approach is highlighted and confirmed by contrasting it to the actions taken by companies that failed to counter the attacks on their reputation. / Business Management / M.Com. (Business Management)

Damage

Events

Vulnerable

Poor governance

Action plan

Counter attacks

Steps

Risk managers

Approach

Reputation

658.400968

Risk management -- South Africa

Corporate image -- South Africa

Corporate governance -- South Africa

The impact of 9/11 on the South African anti-terrorism legislation and the constitutionality thereof.

Kokott, Katrin

January 2005

This paper aimed at analysing what was South Africa's response to its international obligations regarding the 9/11 events and how does such response comply with the country's constitutional framework. This study gave a brief outline of the most significant legislative changes in a number of countries and then concentrate on the South African anti-terrorism legislation. It identified the provisions of the Act that have been discussed most controversial throughout the drafting process and analysed whether they comply with constitutional standards. Particular emphasis was laid on the possible differences between the South African Act and comparative legislation that derive directly from the apartheid history of the country.

September 11 Terrorist Attacks, 2001

New Reality Resembles Old: An Examination of the American Public's Social Construction of Reality Following September 11, 2001 Terrorist Attacks

Stoutmeyer, Stacie L.

05 1900

This thesis examines whether the September 11, 2001 terrorist attacks caused a significant, lasting change in the American public's social construction of reality. A framework of everyday reality was created which focused on beliefs, behaviors, and cultural institutions in the United States. Data regarding specific beliefs and behaviors was collected from numerous survey sources, and content analysis was performed on media literature from September 11, 2001 to September 11, 2003. Findings from this study show that beliefs examined did change, while behaviors on similar topics did not. These finding represents an interesting paradox to be evaluated in future studies. Cultural institutions, as related to the public's knowledge of and relationship with each, also appeared little changed. Therefore, while some aspects displayed adjustment, this study cannot conclusively state that American public's social construction of reality experienced a "new reality" paradigm shift as proclaimed by the media immediately following the attacks.

Social perception -- United States.

September 11 Terrorist Attacks, 2001.

Social construction of reality

terrorism

September 11, 2001

disaster

Security Analysis of ECC Based Protocols

Khatwani, Chanchal

01 January 2017

Elliptic curve cryptography (ECC) is extensively used in various multifactor authentication protocols. In this work, various recent ECC based authentication and key exchange protocols are subjected to threat modeling and static analysis to detect vulnerabilities, and to enhance them to be more secure against threats. This work demonstrates how currently used ECC based protocols are vulnerable to attacks. If protocols are vulnerable, damages could include critical data loss and elevated privacy concerns. The protocols considered in thiswork differ in their usage of security factors (e.g. passwords, pins, and biometrics), encryption and timestamps. The threatmodel considers various kinds of attacks including denial of service, man in the middle, weak authentication and SQL injection. Countermeasures to reduce or prevent such attacks are suggested. Beyond cryptanalysis of current schemes and proposal of new schemes, the proposed adversary model and criteria set forth provide a benchmark for the systematic evaluation of future two-factor authentication proposals.

Thesis

University of North Florida

UNF

Computer and Systems Architecture

Contributions to the Resilience of Peer-To-Peer Video Streaming against Denial-of-Service Attacks

Nguyen, Giang T.

31 January 2017

Um die ständig wachsenden Anforderungen zur Übertragung von Live Video Streams im Internet zu erfüllen werden kosteneffektive und resourceneffiziente Lösungen benötigt. Eine adäquate Lösung bietet die Peer-to-Peer (P2P) Streaming Architektur an, welche bereits heute in unterschiedlichsten Systemen zum Einsatz kommt. Solche Systeme erfordern von der Streaming Quelle nur moderate Bandbreiten, da die Nutzer (bzw. Peers) ihre eigene Bandbreite zur Verbreitung des Streams einbringen. Dazu werden die Peers oberhalb der Internetarchitektur zu einem Overlay verbunden. Das geplante Verlassen, sowie der ungewollte Absturz von Peers (genannt Churn) kann das Overlay schädigen und den Empfang einiger Peers unterbrechen. Weitaus kritischer sind Angriffe auf die Verfügbarkeit des Systems indem relevante Knoten des Overlays von Angreifern attackiert werden, um die Verteilung des Streams gezielt zu stören. Um Overlays zu konstruieren, die robust gegenüber Churn sind, nutzen so genannte pull-basierte P2P Streaming Systeme eine Mesh Topologie um jeden Peer über mehrere Pfade mit der Quelle zu verbinden. Peers fordern regelmäßig Teile des Videos, sog. Chunks, von ihren Partnern im Overlay an. Selbst wenn einige Partner plötzlich nicht mehr im System verfügbar sind kann ein Peer alle Chunks von den verbleibenden Nachbarn beziehen. Um dies zu ermöglichen tauschen Peers regelmäßig sog. Buffer Maps aus. Diese kleinen Pakete enthalten Informationen über die Verfügbarkeit von Chunks im Puffer eines Peers. Um dadurch entstehende Latenzen und den zusätzlichen Mehraufwand zu reduzieren wurden hybride Systeme entwickelt. Ein solches System beginnt pull-basiert und formt mit der Zeit einen Baum aus einer kleinen Untermenge aller Peers um Chunks ohne explizite Anfrage weiterzuleiten. Unglücklicherweise sind sowohl pull-basierte, als auch hybride Systeme anfällig gegenüber Denial-of-Service Angriffen (DoS). Insbesondere fehlen Maßnahmen zur Abschwächung von DoS Angriffen auf die Partner der Quelle. Die genannten Angriffe werden weiterhin dadurch erleichtert, dass die Identität der Quelle-nahen Knoten akkurat aus den ausgetauschten Buffer Maps extrahiert werden kann. Hybride Systeme sind außerdem anfällig für Angriffe auf den zugrundeliegenden Baum. Aufgrund der schwerwiegenden Auswirkungen von DoS Angriffen auf pull-basierte, sowie hybride Systeme stellen wir drei Gegenmaßnahmen vor. Zuerst entwickeln wir das Striping Schema zur Abschwächung von DoS Angriffen auf die Partner der Quelle. Hierbei werden Peers dazu angeregt ihre Chunk-Anfragen an unterschiedliche Partner zu senden. Als zweites entwickeln wir das SWAP Schema, welches Peers dazu bringt proaktiv ihre Partner zu wechseln um Angreifer daran zu hindern die Quellenahe zu identifizieren. Als drittes entwickeln wir RBCS, einen widerstandsfähigen Baum zur Abschwächung von DoS Angriffen auf hybride Systeme. Da bisher kein Simulator für die faire Evaluation von P2P-basierten Live Video Streaming Algorithmen verfügbar war, entwickeln wir OSSim, ein generalisiertes Simulations-Framework für P2P-basiertes Video Streaming. Des weiteren entwickeln wir etliche Angreifermodelle sowie neuartige Resilienzmetriken on OSSim. Ausgiebige Simulationsstudien zeigen, dass die entwickelten Schemata signifikant die Widerstandsfähigkeit von pull-basierten und hybriden Systemen gegenüber Churn und DoS Angriffen erhöhen. / The constantly growing demand to watch live videos over the Internet requires streaming systems to be cost-effective and resource-efficient. The Peer-to-Peer (P2P) streaming architecture has been a viable solution with various deployed systems to date. The system only requires a modest amount of bandwidth from the streaming source, since users (or peers) contribute their bandwidth to disseminate video streams. To enable this, the system interconnects peers into an overlay. However, churn–meaning the leaving and failing of peers–can break the overlay, making peers unable to receive the stream. More severely, an adversary aiming to sabotage the system can attack relevant nodes on the overlay, disrupting the stream delivery. To construct an overlay robust to churn, pull-based P2P streaming systems use a mesh topology to provide each peer with multiple paths to the source. Peers regularly request video chunks from their partners in the overlay. Therefore, even if some partners are suddenly absent, due to churn, a peer still can request chunks from its remaining partners. To enable this, peers periodically exchange buffer maps, small packets containing the availability information of peers’ video buffers. To reduce latency and overhead caused by the periodic buffer map exchange and chunk requests, hybrid systems have been proposed. A hybrid system bootstraps from a pull-based one and gradually forms a tree backbone consisting of a small subset of peers to deliver chunks without requests. Unfortunately, both pull-based and hybrid systems lack measures to mitigate Denial-of-Service (DoS) attacks on head nodes (or the source’s partners). More critically, they can be identified accurately by inferring exchanged buffer maps. Furthermore, hybrid systems are vulnerable to DoS attacks on their backbones. Since DoS attacks can badly affect both pull-based and hybrid systems, we introduce three countermeasures. First, we develop the striping scheme to mitigate DoS attacks targeting head nodes. The scheme enforces peers to diversify their chunk requests. Second, to prevent attackers from identifying head nodes, we develop the SWAP scheme, which enforces peers to proactively change their partners. Third, we develop RBCS, a resilient backbone, to mitigate DoS attacks on hybrid systems. Since a simulator for a fair evaluation is unavailable so far, we develop OSSim, a general-purpose simulation framework for P2P video streaming. Furthermore, we develop several attacker models and novel resilience metrics in OSSim. Extensive simulation studies show that the developed schemes significantly improve the resilient of pull-based and hybrid systems to both churn and DoS attacks.

Denial-of-Service Angriffen

Peer-To-Peer Video Streaming

Widerstandsfähigkeit

Denial-of-Service Attacks

Peer-To-Peer Video Streaming

Resilience

ddc:004

rvk:ST 276

Analyse de vulnérabilités et évaluation de systèmes de détection d'intrusions pour les applications Web. / Web applications vulnerability analysis and intrusion detection systems assessment

Akrout, Rim

18 October 2012

Avec le développement croissant d’Internet, les applications Web sont devenues de plus en plus vulnérables et exposées à des attaques malveillantes pouvant porter atteinte à des propriétés essentielles telles que la confidentialité, l’intégrité ou la disponibilité des systèmes d’information. Pour faire face à ces malveillances, il est nécessaire de développer des mécanismes de protection et de test (pare-feu, système de détection d’intrusion, scanner Web, etc.) qui soient efficaces. La question qui se pose est comment évaluer l’efficacité de tels mécanismes et quels moyens peut-on mettre en oeuvre pour analyser leur capacité à détecter correctement des attaques contre les applications web.Dans cette thèse nous proposons une nouvelle méthode, basée sur des techniques de clustering de pages Web, qui permet d’identifier les vulnérabilités à partir de l’analyse selon une approche boîte noire de l’application cible. Chaque vulnérabilité identifiée est réellement exploitée ce qui permet de s’assurer que la vulnérabilité identifiée ne correspond pas à un faux positif. L’approche proposée permet également de mettre en évidence différents scénarios d’attaque potentiels incluant l’exploitation de plusieurs vulnérabilités successives en tenant compte explicitement des dépendances entre les vulnérabilités.Nous nous sommes intéressés plus particulièrement aux vulnérabilités de type injection de code, par exemple les injections SQL. Cette méthode s’est concrétisée par la mise en oeuvre d’un nouveau scanner de vulnérabilités et a été validée expérimentalement sur plusieurs exemples d’applications vulnérables. Nous avons aussi développé une plateforme expérimentale intégrant le nouveau scanner de vulnérabilités, qui est destinée à évaluer l’efficacité de systèmes de détection d’intrusions pour des applications Web dans un contexte qui soit représentatif des menaces auxquelles ces applications seront confrontées en opération. Cette plateforme intègre plusieurs outils qui ont été conçus pour automatiser le plus possible les campagnes d’évaluation. Cette plateforme a été utilisée en particulier pour évaluer deux techniques de détection d’intrusions développées par nos partenaires dans le cadre d’un projet de coopération financé par l’ANR, le projet DALI. / With the increasing development of Internet, Web applications have become increasingly vulnerable and exposed to malicious attacks that could affect essential properties such as confidentiality, integrity or availability of information systems. To cope with these threats, it is necessary to develop efficient security protection mechanisms and testing techniques (firewall, intrusion detection system,Web scanner, etc..). The question that arises is how to evaluate the effectiveness of such mechanisms and what means can be implemented to analyze their ability to correctly detect attacks against Webapplications.This thesis presents a new methodology, based on web pages clustering, that is aimed at identifying the vulnerabilities of a Web application following a black box analysis of the target application. Each identified vulnerability is actually exploited to ensure that the identified vulnerability does not correspond to a false positive. The proposed approach can also highlight different potential attack scenarios including the exploitation of several successive vulnerabilities, taking into account explicitly the dependencies between these vulnerabilities. We have focused in particular on code injection vulnerabilities, such asSQL injections. The proposed method led to the development of a new Web vulnerability scanner and has been validated experimentally based on various vulnerable applications.We have also developed an experimental platform integrating the new web vulnerability scanner, that is aimed at assessing the effectiveness of Web applications intrusion detection systems, in a context that is representative of the threats that such applications face in operation. This platform integrates several tools that are designed to automate as much as possible the evaluation campaigns. It has been used in particular to evaluate the effectiveness of two intrusion detection techniques that have been developed by our partners of the collaborative project DALI, funded by the ANR, the French National Research Agency

Système de détection d’intrusions

Scanner Web

Application Web

Attaque et vulnérabilités

Évaluation

Web vulnerability scanners

Web applications

Web attacks

Vulnerabilities

Evaluation

Ntrusion detection System

005

Analýza návrhu hašovací funkce CubeHash / Analysis of the CubeHash proposal

Stankovianska, Veronika

January 2013

The present thesis analyses the proposal of CubeHash with spe- cial emphasis on the following papers: "Inside the Hypercube" [1], "Sym- metric States and Their Improved Structure" [7] and "Linearisation Frame- work for Collision Attacks" [6]. The CubeHash algorithm is presented in a concise manner together with a proof that the CubeHash round function R : ({0, 1}32 )32 → ({0, 1}32 )32 is a permutation. The results of [1] and [7] con- cerning the CubeHash symmetric states are reviewed, corrected and substan- tiated by proofs. More precisely, working with a definition of D-symmetric state, based on [7], the thesis proves both that for V = Z4 2 and its linear subspace D, there are 22 |V | |D| D-symmetric states and an internal state x is D-symmetric if and only if the state R(x) is D-symmetric. In response to [1], the thesis presents a step-by-step computation of a lower bound for the num- ber of distinct symmetric states, explains why the improved preimage attack does not work as stated and gives a mathematical background for a search for fixed points in R. The thesis further points out that the linearisation method from [6] fails to consider the equation (A ⊕ α) + β = (A + β) ⊕ α (∗), present during the CubeHash iteration phase. Necessary and sufficient conditions for A being a solution to (∗) are...

Attack graph approach to dynamic network vulnerability analysis and countermeasures

Hamid, Thaier K. A.

January 2014

It is widely accepted that modern computer networks (often presented as a heterogeneous collection of functioning organisations, applications, software, and hardware) contain vulnerabilities. This research proposes a new methodology to compute a dynamic severity cost for each state. Here a state refers to the behaviour of a system during an attack; an example of a state is where an attacker could influence the information on an application to alter the credentials. This is performed by utilising a modified variant of the Common Vulnerability Scoring System (CVSS), referred to as a Dynamic Vulnerability Scoring System (DVSS). This calculates scores of intrinsic, time-based, and ecological metrics by combining related sub-scores and modelling the problem’s parameters into a mathematical framework to develop a unique severity cost. The individual static nature of CVSS affects the scoring value, so the author has adapted a novel model to produce a DVSS metric that is more precise and efficient. In this approach, different parameters are used to compute the final scores determined from a number of parameters including network architecture, device setting, and the impact of vulnerability interactions. An attack graph (AG) is a security model representing the chains of vulnerability exploits in a network. A number of researchers have acknowledged the attack graph visual complexity and a lack of in-depth understanding. Current attack graph tools are constrained to only limited attributes or even rely on hand-generated input. The automatic formation of vulnerability information has been troublesome and vulnerability descriptions are frequently created by hand, or based on limited data. The network architectures and configurations along with the interactions between the individual vulnerabilities are considered in the method of computing the Cost using the DVSS and a dynamic cost-centric framework. A new methodology was built up to present an attack graph with a dynamic cost metric based on DVSS and also a novel methodology to estimate and represent the cost-centric approach for each host’ states was followed out. A framework is carried out on a test network, using the Nessus scanner to detect known vulnerabilities, implement these results and to build and represent the dynamic cost centric attack graph using ranking algorithms (in a standardised fashion to Mehta et al. 2006 and Kijsanayothin, 2010). However, instead of using vulnerabilities for each host, a CostRank Markov Model has developed utilising a novel cost-centric approach, thereby reducing the complexity in the attack graph and reducing the problem of visibility. An analogous parallel algorithm is developed to implement CostRank. The reason for developing a parallel CostRank Algorithm is to expedite the states ranking calculations for the increasing number of hosts and/or vulnerabilities. In the same way, the author intends to secure large scale networks that require fast and reliable computing to calculate the ranking of enormous graphs with thousands of vertices (states) and millions of arcs (representing an action to move from one state to another). In this proposed approach, the focus on a parallel CostRank computational architecture to appraise the enhancement in CostRank calculations and scalability of of the algorithm. In particular, a partitioning of input data, graph files and ranking vectors with a load balancing technique can enhance the performance and scalability of CostRank computations in parallel. A practical model of analogous CostRank parallel calculation is undertaken, resulting in a substantial decrease in calculations communication levels and in iteration time. The results are presented in an analytical approach in terms of scalability, efficiency, memory usage, speed up and input/output rates. Finally, a countermeasures model is developed to protect against network attacks by using a Dynamic Countermeasures Attack Tree (DCAT). The following scheme is used to build DCAT tree (i) using scalable parallel CostRank Algorithm to determine the critical asset, that system administrators need to protect; (ii) Track the Nessus scanner to determine the vulnerabilities associated with the asset using the dynamic cost centric framework and DVSS; (iii) Check out all published mitigations for all vulnerabilities. (iv) Assess how well the security solution mitigates those risks; (v) Assess DCAT algorithm in terms of effective security cost, probability and cost/benefit analysis to reduce the total impact of a specific vulnerability.

005.8

Relay-attacker : Utnyttjande av trådlösa bilnycklar

Marklind, Anton, Marklind, Simon

January 2019

Bilen är en av de saker som många människor använder dagligenoch för att underlätta användandet kommer det hela tiden nya funk-tioner som underlättar användandet. Ett exempel är trådlösa nycklar.Många moderna bilar använder en teknik som kallas för “keyless” vilketinnebär att bilnycklarna under intervaller sänder ut radiosignaler. Detger en möjlighet att inte behöva hålla i nyckeln när bilen ska användasoch bilägaren har det lättare att öppna bilen och lasta in saker, utanatt aktivt behöva använda nycklen.Men är det tillräckligt säkert med helt trådlösa nycklar? Signaler-na är öppen för alla som kan avlyssna dem. Signalerna mellan bil ochnyckel skickas trådlöst och obehöriga kan lyssna av innehållet. I dettaprojekt undersöker vi möjligheten att spela in signalen och därefterspela upp den igen i syfte att låsa upp en bil, utan tillgång till denverkliga nyckeln. Vi utför experiment på X fordon, med olika nycklaroch olika signalfrekvenser. Om det är öppet för alla borde det ock-så gå att spela in dessa signaler och sända ut dem med hjälp utaven radiosändare. Det kallas för en relay-attack och där kommer syftetmed detta arbete, nämligen en studie om hur attackerna går till ochhur enkelt det egentligen är att göra dem själva. Samt att ett experi-ment utförs på en mängd olika bilar med olika typer av bilnycklar medvarierande frekvenser. / On a daily basis the car is frequently used, and a lot of people arein need of their cars. New technologies are developed to make it easierfor car owners to unlock the car and drive away without making theeffort of using the car keys. A technology called “keyless” car keys areimplemented in modern cars, the car keys sends out radio frequenciesin an interval on a couple of seconds.But is a complete wireless key system secure enough? The radiosignals are open to whoever wants to listen to them, and that couldhave devastating consequences. If it is open to everyone, then it shouldalso be possible to record these signals and send them out using a radiotransmitter. It’s called a relay attack and the purpose of this report isto get broader perspective of how an attack like that works and howeasy it is to execute the attack. The experiment was performed ondifferent types of cars and their keys with varying frequencies.

Relay attacks

keyless

remote control keys

RKE

PKES

interception

Relay-attacker

keyless

fjärrnycklar

RKE

PKES

avlyssning

Information Systems