Flexible Digital Authentication Techniques

Ge, He

05 1900

Abstract This dissertation investigates authentication techniques in some emerging areas. Specifically, authentication schemes have been proposed that are well-suited for embedded systems, and privacy-respecting pay Web sites. With embedded systems, a person could own several devices which are capable of communication and interaction, but these devices use embedded processors whose computational capabilities are limited as compared to desktop computers. Examples of this scenario include entertainment devices or appliances owned by a consumer, multiple control and sensor systems in an automobile or airplane, and environmental controls in a building. An efficient public key cryptosystem has been devised, which provides a complete solution to an embedded system, including protocols for authentication, authenticated key exchange, encryption, and revocation. The new construction is especially suitable for the devices with constrained computing capabilities and resources. Compared with other available authentication schemes, such as X.509, identity-based encryption, etc, the new construction provides unique features such as simplicity, efficiency, forward secrecy, and an efficient re-keying mechanism. In the application scenario for a pay Web site, users may be sensitive about their privacy, and do not wish their behaviors to be tracked by Web sites. Thus, an anonymous authentication scheme is desirable in this case. That is, a user can prove his/her authenticity without revealing his/her identity. On the other hand, the Web site owner would like to prevent a bunch of users from sharing a single subscription while hiding behind user anonymity. The Web site should be able to detect these possible malicious behaviors, and exclude corrupted users from future service. This dissertation extensively discusses anonymous authentication techniques, such as group signature, direct anonymous attestation, and traceable signature. Three anonymous authentication schemes have been proposed, which include a group signature scheme with signature claiming and variable linkability, a scheme for direct anonymous attestation in trusted computing platforms with sign and verify protocols nearly seven times more efficient than the current solution, and a state-of-the-art traceable signature scheme with support for variable anonymity. These three schemes greatly advance research in the area of anonymous authentication. The authentication techniques presented in this dissertation are based on common mathematical and cryptographical foundations, sharing similar security assumptions. We call them flexible digital authentication schemes.

Computer networks -- Security measures.

Computer security.

Authentication.

authentication

anonymity

digital signature

cryptographic protocols

Computação autonômica aplicada ao diagnóstico e solução de anomalias de redes de computadores / Autonomic computing applied to the diagnosis and solution of network anomalies

Amaral, Alexandre de Aguiar, 1986-

27 August 2018

Orientadores: Leonardo de Souza Mendes, Mario Lemes Proença Junior / Tese (doutorado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-27T01:36:35Z (GMT). No. of bitstreams: 1 Amaral_AlexandredeAguiar_D.pdf: 3847801 bytes, checksum: 71773e4b12743836bc5dc38e572c1c63 (MD5) Previous issue date: 2015 / Resumo: A tarefa de gerenciamento de redes tem se tornado cada vez mais desafiadora. Dentre esses desafios está o problema de diagnosticar e solucionar as anomalias. As soluções atuais não têm sido suficiente para atender os requisitos demandados para a aplicação em ambientes de rede de grande escala. Os principais motivos decorrem da falta de autonomicidade e escalabilidade. Nesta tese, os conceitos da computação autonômica e distribuída são explorados para diagnosticar e solucionar anomalias de rede em tempo real. A proposta é constituída de entidades autonômicas hierarquicamente distribuídas, responsáveis por detectar e reparar as anomalias nas suas regiões de domínio com a mínima intervenção humana. Isto permite a escalabilidade, viabilizando a implantação do sistema em redes de grande escala. A autonomicidade das entidades autonômicas reduz intervenções manuais e a probabilidade de erros na análise e tomada de decisão, fazendo com que a complexidade percebida pela gerência no processo de detecção de anomalias seja reduzida. Experimentos foram realizados em duas diferentes redes: Universidade Tecnológica Federal do Paraná ¿ Campus Toledo e no Instituto Federal de Santa Catarina ¿ Campus GW. Os resultados demonstraram a eficácia e autonomicidade da solução para detectar e tratar diferentes anomalias em tempo real, com a mínima intervenção humana / Abstract: The challenges inherent to network administration increase daily. Among these challenges, there is the problem of diagnosing and repairing network anomalies. Current solutions have not been enough to meet the requirements of large scale networks. The main reasons stem from the lack of autonomicity and scalability. In this thesis, autonomic and distributed computing concepts are exploited presenting a solution to diagnose and treat network anomalies in real time. In this pro-posal, autonomic entities are hierarchically distributed, being responsible for detecting and repair-ing the anomalies in their domain, with minimal human intervention. This provides scalability, enabling the system to be deployed in large scale networks. The autonomic entities autonomicity reduces the manual intervention and the likelihood of errors in the analysis and decision process, minimizing the complexity perceived by the network management in the anomaly detection pro-cedure. Experiments were performed at two different networks: Federal University of Technolo-gy Paraná (UTFPR) - Toledo Campus and at the Federal Institute of Science and Technology Santa of Catarina - GW Campus. The results demonstrated the efficacy of the solution and its autonomicity to detect and repair various anomalies in real time, with minimal human interven-tion / Doutorado / Telecomunicações e Telemática / Doutor em Engenharia Elétrica

Redes de computadores - Gerência

Anomalias

Computer networks - Management

Anomalies

Computer networks - Security systems

Structure and Feedback in Cloud Service API Fuzzing

Atlidakis, Evangelos

January 2021

Over the last decade, we have witnessed an explosion in cloud services for hosting software applications (Software-as-a-Service), for building distributed services (Platform- as-a-Service), and for providing general computing infrastructure (Infrastructure-as-a- Service). Today, most cloud services are programmatically accessed through Application Programming Interfaces (APIs) that follow the REpresentational State Trans- fer (REST) software architectural style and cloud service developers use interface-description languages to describe and document their services. My thesis is that we can leverage the structured usage of cloud services through REST APIs and feedback obtained during interaction with such services in order to build systems that test cloud services in an automatic, efficient, and learning-based way through their APIs. In this dissertation, I introduce stateful REST API fuzzing and describe its implementation in RESTler: the first stateful REST API fuzzing system. Stateful means that RESTler attempts to explore latent service states that are reachable only with sequences of multiple interdependent API requests. I then describe how stateful REST API fuzzing can be extended with active property checkers that test for violations of desirable REST API security properties. Finally, I introduce Pythia, a new fuzzing system that augments stateful REST API fuzzing with coverage-guided feedback and learning-based mutations.

Computer science

Cloud computing

Application software

Computer networks--Security measures

Computer programs--Testing

User compliance with the organisation's information security policy: a deterrence theory study

Fachin, Dario

January 2016

MCom Information Systems Research report 2015 / In today’s age of increasing cyber-attacks, with even national governments interests forming cyber warfare departments to defend their countries, there is no company globally which cannot be prepared for their critical infrastructure or information to be stolen, destroyed, manipulated or be made unavailable from various cyber-attacks. In most organisations, the user of the Information Systems is vital to ensuring that systems are protected by adhering to the Information Security Policy. Failure to comply with the Information Security Policy by end users exposes the company to the risk of the loss of sensitive information which could have major reputational, legal and financial impacts. The study followed a positivist research philosophy using a hypothetical model to test various hypotheses. Through the lens of deterrence theory, using a survey method to gather the information, the hypotheses are tested and analysed to further understand user compliance with an organisation’s Information Security Policy. The findings reveal that some elements of the deterrence theory are strong predictors to ensuring user compliance within a large global mining firm. The certainty of being caught for end users and the celerity of not adhering to the Information Security policy are strong predictors to ensure user compliance. The awareness of severity for not complying with the Information Security Policy or the awareness of being monitored is reflected to not be strong predictors to ensure user compliance. The research is intended to further assist both academics and practitioners to further their understanding of user compliance to the Information Security Policy. / MT2017

Computer networks--Security measures

Business enterprises--Security measures

Security protocols for mobile ad hoc networks

Davis, Carlton R.

January 2006

No description available.

Network intrusion simulation using OPNET

Razak, Shabana

01 October 2002

No description available.

Computer networks -- Security measures

Computer security

Computer simulation

OPNET

Electrical and Computer Engineering

Engineering

Systems and Communications

Mobile agent file integrity analyzer

Wang, Guantong

01 April 2001

No description available.

Computer networks -- Security measures

Computer security

Mobile agents (Computer software)

Electrical and Computer Engineering

Engineering

Systems and Communications

Mitigation of network tampering using dynamic dispatch of mobile agents

Rocke, Adam Jay

01 January 2004

No description available.

Computer networks -- Access control

Computer networks -- Security measures

Electrical and Computer Engineering

Engineering

Distributed intrusion detection system

Malik, Vishal

01 October 2002

No description available.

Computer networks -- Security measures

Computer security

Security systems

Electrical and Computer Engineering

Engineering

Systems and Communications

MiniCA: A web-based certificate authority

Macdonell, James Patrick

01 January 2007

The MiniCA project is proposed and developed to address growing demand for inexpensive access to security features such as privacy, strong authentication, and digital signatures. These features are integral to public-key encryption technologies. The audience for whom the software project is intended includes, technical staff requiring certificates for use in SSL applications (i.e. a secure web-site) at California State University, San Bernardino.

Computer networks Security measures

Computer networks Access control

Public key cryptography

Data encryption (Computer science)

Data protection

Computer networks Access control

Computer networks Security measures

Data encryption (Computer science)

Data protection

Public key cryptography.

Information Security