Synchronization of multi-carrier CDMA signals and security on internet.

January 1996

by Yooh Ji Heng. / Thesis (M.Phil.)--Chinese University of Hong Kong, 1996. / Includes bibliographical references (leaves 119-128). / Appendix in Chinese. / Chapter I --- Synchronization of Multi-carrier CDMA Signals --- p.1 / Chapter 1 --- Introduction --- p.2 / Chapter 1.1 --- Spread Spectrum CDMA --- p.4 / Chapter 1.1.1 --- Direct Sequence/SS-CDMA --- p.5 / Chapter 1.1.2 --- Frequency Hopping/SS-CDMA --- p.5 / Chapter 1.1.3 --- Pseudo-noise Sequence --- p.6 / Chapter 1.2 --- Synchronization for CDMA signal --- p.7 / Chapter 1.2.1 --- Acquisition of PN Sequence --- p.7 / Chapter 1.2.2 --- Phase Locked Loop --- p.8 / Chapter 2 --- Multi-carrier CDMA --- p.10 / Chapter 2.1 --- System Model --- p.11 / Chapter 2.2 --- Crest Factor --- p.12 / Chapter 2.3 --- Shapiro-Rudin Sequence --- p.14 / Chapter 3 --- Synchronization and Detection by Line-Fitting --- p.16 / Chapter 3.1 --- Unmodulated Signals --- p.16 / Chapter 3.2 --- Estimating the Time Shift by Line-Fitting --- p.19 / Chapter 3.3 --- Modulated Signals --- p.22 / Chapter 4 --- Matched Filter --- p.23 / Chapter 5 --- Performance and Conclusion --- p.27 / Chapter 5.1 --- Line Fitting Algorithm --- p.27 / Chapter 5.2 --- Matched Filter --- p.28 / Chapter 5.3 --- Conclusion --- p.30 / Chapter II --- Security on Internet --- p.31 / Chapter 6 --- Introduction --- p.32 / Chapter 6.1 --- Introduction to Cryptography --- p.32 / Chapter 6.1.1 --- Classical Cryptography --- p.33 / Chapter 6.1.2 --- Cryptanalysis --- p.35 / Chapter 6.2 --- Introduction to Internet Security --- p.35 / Chapter 6.2.1 --- The Origin of Internet --- p.35 / Chapter 6.2.2 --- Internet Security --- p.36 / Chapter 6.2.3 --- Internet Commerce --- p.37 / Chapter 7 --- Elementary Number Theory --- p.39 / Chapter 7.1 --- Finite Field Theory --- p.39 / Chapter 7.1.1 --- Euclidean Algorithm --- p.40 / Chapter 7.1.2 --- Chinese Remainder Theorem --- p.40 / Chapter 7.1.3 --- Modular Exponentiation --- p.41 / Chapter 7.2 --- One-way Hashing Function --- p.42 / Chapter 7.2.1 --- MD2 --- p.43 / Chapter 7.2.2 --- MD5 --- p.43 / Chapter 7.3 --- Prime Number --- p.44 / Chapter 7.3.1 --- Listing of Prime Number --- p.45 / Chapter 7.3.2 --- Primality Testing --- p.45 / Chapter 7.4 --- Random/Pseudo-Random Number --- p.47 / Chapter 7.4.1 --- Examples of Random Number Generator --- p.49 / Chapter 8 --- Private Key and Public Key Cryptography --- p.51 / Chapter 8.1 --- Block Ciphers --- p.51 / Chapter 8.1.1 --- Data Encryption Standard (DES) --- p.52 / Chapter 8.1.2 --- International Data Encryption Algorithm (IDEA) --- p.54 / Chapter 8.1.3 --- RC5 --- p.55 / Chapter 8.2 --- Stream Ciphers --- p.56 / Chapter 8.2.1 --- RC2 and RC4 --- p.57 / Chapter 8.3 --- Public Key Cryptosystem --- p.58 / Chapter 8.3.1 --- Diffie-Hellman --- p.60 / Chapter 8.3.2 --- Knapsack Algorithm --- p.60 / Chapter 8.3.3 --- RSA --- p.62 / Chapter 8.3.4 --- Elliptic Curve Cryptosystem --- p.63 / Chapter 8.3.5 --- Public Key vs. Private Key Cryptosystem --- p.64 / Chapter 8.4 --- Digital Signature --- p.65 / Chapter 8.4.1 --- ElGamal Signature Scheme --- p.66 / Chapter 8.4.2 --- Digital Signature Standard (DSS) --- p.67 / Chapter 8.5 --- Cryptanalysis to Current Cryptosystems --- p.68 / Chapter 8.5.1 --- Differential Cryptanalysis --- p.68 / Chapter 8.5.2 --- An Attack to RC4 in Netscapel.l --- p.69 / Chapter 8.5.3 --- "An Timing Attack to Diffie-Hellman, RSA" --- p.71 / Chapter 9 --- Network Security and Electronic Commerce --- p.73 / Chapter 9.1 --- Network Security --- p.73 / Chapter 9.1.1 --- Password --- p.73 / Chapter 9.1.2 --- Network Firewalls --- p.76 / Chapter 9.2 --- Implementation for Network Security --- p.79 / Chapter 9.2.1 --- Kerberos --- p.79 / Chapter 9.2.2 --- Privacy-Enhanced Mail (PEM) --- p.80 / Chapter 9.2.3 --- Pretty Good Privacy (PGP) --- p.82 / Chapter 9.3 --- Internet Commerce --- p.83 / Chapter 9.3.1 --- Electronic Cash --- p.85 / Chapter 9.4 --- Internet Browsers --- p.87 / Chapter 9.4.1 --- Secure NCSA Mosaic --- p.87 / Chapter 9.4.2 --- Netscape Navigator --- p.89 / Chapter 9.4.3 --- SunSoft HotJava --- p.91 / Chapter 10 --- Examples of Electronic Commerce System --- p.94 / Chapter 10.1 --- CyberCash --- p.95 / Chapter 10.2 --- DigiCash --- p.97 / Chapter 10.3 --- The Financial Services Technology Consortium --- p.98 / Chapter 10.3.1 --- Electronic Check Project --- p.99 / Chapter 10.3.2 --- Electronic Commerce Project --- p.101 / Chapter 10.4 --- FirstVirtual --- p.103 / Chapter 10.5 --- Mondex --- p.104 / Chapter 10.6 --- NetBill --- p.106 / Chapter 10.7 --- NetCash --- p.108 / Chapter 10.8 --- NetCheque --- p.111 / Chapter 11 --- Conclusion --- p.113 / Chapter A --- An Essay on Chinese Remainder Theorem and RSA --- p.115 / Bibliography --- p.119

Code division multiple access

Synchronization

Computer networks--Safety measures

Internet

A statistical process control approach for network intrusion detection

Park, Yongro

13 January 2005

Intrusion detection systems (IDS) have a vital role in protecting computer networks and information systems. In this thesis we applied an SPC monitoring concept to a certain type of traffic data in order to detect a network intrusion. We developed a general SPC intrusion detection approach and described it and the source and the preparation of data used in this thesis. We extracted sample data sets that represent various situations, calculated event intensities for each situation, and stored these sample data sets in the data repository for use in future research. A regular batch mean chart was used to remove the sample datas inherent 60-second cycles. However, this proved too slow in detecting a signal because the regular batch mean chart only monitored the statistic at the end of the batch. To gain faster results, a modified batch mean (MBM) chart was developed that met this goal. Subsequently, we developed the Modified Batch Mean Shewhart chart, the Modified Batch Mean Cusum chart, and the Modified Batch Mean EWMA chart and analyzed the performances of each one on simulated data. The simulation studies showed that the MBM charts perform especially well with large signals ?the type of signal typically associated with a DOS intrusion. The MBM Charts can be applied two ways: by using actual control limits or by using robust control limits. The actual control limits must be determined by simulation, but the robust control limits require nothing more than the use of the recommended limits. The robust MBM Shewhart chart was developed based on choosing appropriate values based on batch size. The robust MBM Cusum chart and robust MBM EWMA chart were developed on choosing appropriate values of charting parameters.

Intrusion detection

SPC

Control chart

Internet Security measures

Computer networks Safety measures

Computer security

Taxonomia de técnicas furtivas e antiforenses utilizadas em ataques cibernéticos

Melo, Sandro Pereira de

19 March 2018

Submitted by Filipe dos Santos (fsantos@pucsp.br) on 2018-06-26T12:35:40Z No. of bitstreams: 1 Sandro Pereira de Melo.pdf: 2533198 bytes, checksum: d31cf0cd607774a7541de96797446970 (MD5) / Made available in DSpace on 2018-06-26T12:35:40Z (GMT). No. of bitstreams: 1 Sandro Pereira de Melo.pdf: 2533198 bytes, checksum: d31cf0cd607774a7541de96797446970 (MD5) Previous issue date: 2018-03-19 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - CAPES / According to the current academic literature, numerous taxonomic proposals for the classification of cyber threats have been presented. The vast majority of these proposals focus on classifying the types of threats taking into account aspects related to their functionality, purpose and behavior. This thesis differs from others because it presents a taxonomic proposal to classify the Stealth Technique (SF) and Anti-forensics (AF) used by cyber threats to hide information, erase or cover up evidence, eliminate the track of the executed actions, obfuscate malicious codes, generate fake evidence, subvert security controls and perform attacks against their own forensic tools. Following the premise that a taxonomy must be cohesive, of simple maintenance, applicable, extensible and must encompass general types of SF and AF, the taxonomic proposal for classifying SF and AF techniques mentioned in this thesis takes into account factors related to the affected layer of a computer system, the moment of a cyber-attack using the techniques, the component of the operational system compromised, among others. This thesis also provides the following contributions: a brief index of threat indicators and their impact on organizations using data from different sources, prioritizing the CSIRT reports; some brief historical information of current SF and AF characteristics; an explanation of the forensic investigation process and the SF and AT techniques related to the affected forensic stage; and finally, the implementation of the taxonomic proposal to classify the SF and AF techniques / De acordo com a literatura acadêmica atual, inúmeras propostas taxonômicas de classificação de ameaças cibernéticas foram apresentadas. Em sua maioria, tais propostas taxonômicas têm o foco na classificação dos tipos de ameaças considerando aspectos relacionados ao funcionamento, finalidade e comportamento. Esta tese difere das demais por apresentar uma proposta de taxonomia para a classificação de Técnicas Furtivas (TF) e Antiforense (AF) utilizadas pelas ameaças cibernéticas para esconder informações, apagar ou ocultar evidências, eliminar a trilha das ações executadas, ofuscar códigos maliciosos, gerar falsas evidências, subverter controles de segurança e realizar ataques contra as próprias ferramentas forenses, impedindo e/ou prejudicando o processo de resposta a incidentes ou uma perícia forense. Seguindo a premissa de que uma taxonomia deve ser coesa, de simples manutenção, aplicável, extensível e deve englobar tipos gerais de TF e AF, a taxonomia proposta na classificação de técnicas TF e AF citada nesta tese leva em consideração fatores relacionados à camada afetada de um sistema computacional, o desdobramento de um ataque cibernético com o uso das técnicas, o componente do sistema operacional comprometido, entre outros. Outras contribuições provenientes desta tese incluem: uma breve sumarização de indicadores de ameaças e seus impactos em organizações a partir de dados tabulados de diferentes tipos de pesquisa, mas priorizando os relatórios de CSIRT, não exclusivamente; um sucinto histórico de informações sobre características de TF e AF correntes; uma explanação atrelada às fases do processo de perícia forense e das técnicas TF e AF relacionadas com a etapa forense afetada; e finalmente, a implementação da taxonomia proposta para classificar as TF e AF

Crime por computador

Computação Forense

Computer networks - Safety measures

Computer crimes

Intrusion System

CNPQ::ENGENHARIAS

Adaptive QoS control of DSRC vehicle networks for collaborative vehicle safety applications

Guan, Wenyang

January 2013

Road traffic safety has been a subject of worldwide concern. Dedicated short range communications (DSRC) is widely regarded as a promising enabling technology for collaborative safety applications (CSA), which can provide robust communication and affordable performance to build large scale CSA system. The main focus of this thesis is to develop solutions for DSRC QoS control in order to provide robust QoS support for CSA. The first design objective is to ensure robust and reliable message delivery services for safety applications from the DSRC networks. As the spectrum resources allocated to DSRC network are expected to be shared by both safety and non-safety applications, the second design objective is to make QoS control schemes bandwidth-efficient in order to leave as much as possible bandwidth for non-safety applications. The first part of the thesis investigates QoS control in infrastructure based DSRC networks, where roadside access points (AP) are available to control QoS control at road intersections. After analyse DSRC network capabilities on QoS provisioning without congestion control, we propose a two-phases adaptive QoS control method for DSRC vehicle networks. In the first phase an offline simulation based approach is used to and out the best possible system configurations (e.g. message rate and transmit power) with given numbers of vehicles and QoS requirements. It is noted that with different utility functions the values of optimal parameters proposed by the two phases centralized QoS control scheme will be different. The conclusions obtained with the proposed scheme are dependent on the chosen utility functions. But the proposed two phases centralized QoS control scheme is general and is applicable to different utility functions. In the second phase, these configurations are used online by roadside AP adaptively according to dynamic traffic loads. The second part of the thesis is focused on distributed QoS control for DSRC networks. A framework of collaborative QoS control is proposed, following which we utilize the local channel busy time as the indicator of network congestion and adaptively adjust safety message rate by a modified additive increase and multiplicative decrease (AIMD) method in a distributed way. Numerical results demonstrate the effectiveness of the proposed QoS control schemes.

629.222

An integrated approach for information security compliance in a financial services organisation

Desai, Mohammed Reza

January 2016

Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2016. / The aim of this research is to identify and explore the factors affecting information security compliance of information security policies and regulations, in a financial services organisation. The organisation has to comply with information security regulations and legislations by righteousness of its operations in light of the fact that any wrong doing together with misuse of data, are continually expanding. Corporate embarrassments comes about due to rupture of security, results in expanded thoughtfulness regarding corporate consistency. Legislature and policies have been set up to counter information security issues. This legislature and policies are not adequately addressing the compliance issues that arise, but are needed within organisations. Compliance targets are not met due to inconsistent guidelines that turns out to be significant in diminishing the financial position, reputation and security of information. This research further aims to explore whether employees comply with laws and regulations regarding information in an organisation. This is done in order to confirm whether governance and human factors play any significant part in compliance. The research is an exploratory study and specifically analyses the governance function and which stakeholders influence its operations in information compliance. The research investigates certain questions on organisational culture and the human factor, do influence employee’s compliance to laws and regulations. The objectives of the research are to investigate which factors, and how such factors influence compliance of information security policies and compliance with the goal of designing an integrated framework to assist in counteracting these findings. The research is underpinned by the Neo-institutional theory, Agency Theory and Rational choice theory. The Denison organisational cultural model and a framework proposed by von Solms are used as lenses to interpret the data of the research.

Computer networks -- Security measures

Computer security