An innovative algebraic approach for IP traceback.

January 2004

Chen Zhaole. / Thesis submitted in: Aug 2003. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2004. / Includes bibliographical references (leaves 54-56). / Abstracts in English and Chinese. / Abstract / Acknowledgement / Chapter 1 --- Introduction --- p.1 / Chapter 1.1. --- Motivation --- p.2 / Chapter 1.2. --- The Problem --- p.2 / Chapter 1.3. --- Project Introduction --- p.3 / Chapter 1.4. --- Thesis Outline --- p.4 / Chapter 2 --- Denial-of-Service Attacks --- p.5 / Chapter 2.1 --- Introduction --- p.6 / Chapter 2.2 --- Denial-of-Service Attacks --- p.7 / Chapter 2.2.1 --- Direct DoS Attacks --- p.7 / Chapter 2.2.2 --- Reflector DoS Attacks --- p.11 / Chapter 3 --- Related Work --- p.14 / Chapter 3.1 --- Introduction --- p.15 / Chapter 3.2 --- Link Testing --- p.15 / Chapter 3.3 --- Probabilistic Marking Scheme --- p.16 / Chapter 3.4 --- ICMP Traceback --- p.17 / Chapter 3.5 --- Algebraic Marking Scheme --- p.18 / Chapter 3.6 --- Advanced and Authenticated Marking Scheme --- p.19 / Chapter 4 --- An Innovative Algebraic Approach for IP Traceback --- p.21 / Chapter 4.1 --- Introduction --- p.22 / Chapter 4.2 --- Background --- p.23 / Chapter 4.2.1 --- Definitions --- p.23 / Chapter 4.2.2 --- Assumptions --- p.24 / Chapter 4.2.3 --- Basic Principles --- p.25 / Chapter 4.3 --- Marking Schemes for Tracing DoS Attacks --- p.26 / Chapter 4.3.1 --- Simplified Algebraic Marking Scheme --- p.26 / Chapter 4.3.2 --- Reflective Algebraic Marking Scheme --- p.31 / Chapter 5 --- Feasibility and Performance Analysis --- p.35 / Chapter 5.1 --- Backward Compatibility --- p.36 / Chapter 5.2 --- Number of False Positives --- p.37 / Chapter 5.3 --- Minimum Number of Packets for Reconstruction --- p.38 / Chapter 5.4 --- Multiple Attacks --- p.38 / Chapter 5.5 --- Reconstruction Time --- p.39 / Chapter 5.6 --- Router Performance --- p.39 / Chapter 6 --- Experiment Results --- p.40 / Chapter 6.1 --- Experiments of Simplified Marking Scheme --- p.41 / Chapter 6.2 --- Experiments of Reflective Marking Scheme --- p.44 / Chapter 7 --- Conclusions and future work --- p.47 / Chapter 7.1 --- Conclusions --- p.47 / Chapter 7.2 --- Future Work --- p.48 / Bibliography --- p.50

Computer networks--Security measures

Computer security

Towards IP traceback based defense against DDoS attacks.

January 2004

Lau Nga Sin. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2004. / Includes bibliographical references (leaves 101-110). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Research Motivation --- p.2 / Chapter 1.2 --- Problem Statement --- p.3 / Chapter 1.3 --- Research Objectives --- p.4 / Chapter 1.4 --- Structure of the Thesis --- p.6 / Chapter 2 --- Background Study on DDoS Attacks --- p.8 / Chapter 2.1 --- Distributed Denial of Service Attacks --- p.8 / Chapter 2.1.1 --- DDoS Attack Architecture --- p.9 / Chapter 2.1.2 --- DDoS Attack Taxonomy --- p.11 / Chapter 2.1.3 --- DDoS Tools --- p.19 / Chapter 2.1.4 --- DDoS Detection --- p.21 / Chapter 2.2 --- DDoS Countermeasure: Attack Source Traceback --- p.23 / Chapter 2.2.1 --- Link Testing --- p.23 / Chapter 2.2.2 --- Logging --- p.24 / Chapter 2.2.3 --- ICMP-based traceback --- p.26 / Chapter 2.2.4 --- Packet marking --- p.28 / Chapter 2.2.5 --- Comparison of various IP Traceback Schemes --- p.31 / Chapter 2.3 --- DDoS Countermeasure: Packet Filtering --- p.33 / Chapter 2.3.1 --- Ingress Filtering --- p.33 / Chapter 2.3.2 --- Egress Filtering --- p.34 / Chapter 2.3.3 --- Route-based Packet Filtering --- p.35 / Chapter 2.3.4 --- IP Traceback-based Packet Filtering --- p.36 / Chapter 2.3.5 --- Router-based Pushback --- p.37 / Chapter 3 --- Domain-based IP Traceback Scheme --- p.40 / Chapter 3.1 --- Overview of our IP Traceback Scheme --- p.41 / Chapter 3.2 --- Assumptions --- p.44 / Chapter 3.3 --- Proposed Packet Marking Scheme --- p.45 / Chapter 3.3.1 --- IP Markings with Edge Sampling --- p.46 / Chapter 3.3.2 --- Domain-based Design Motivation --- p.48 / Chapter 3.3.3 --- Mathematical Principle --- p.49 / Chapter 3.3.4 --- Marking Mechanism --- p.51 / Chapter 3.3.5 --- Storage Space of the Marking Fields --- p.56 / Chapter 3.3.6 --- Packet Marking Integrity --- p.57 / Chapter 3.3.7 --- Path Reconstruction --- p.58 / Chapter 4 --- Route-based Packet Filtering Scheme --- p.62 / Chapter 4.1 --- Placement of Filters --- p.63 / Chapter 4.1.1 --- At Sources' Networks --- p.64 / Chapter 4.1.2 --- At Victim's Network --- p.64 / Chapter 4.2 --- Proposed Packet Filtering Scheme --- p.65 / Chapter 4.2.1 --- Classification of Packets --- p.66 / Chapter 4.2.2 --- Filtering Mechanism --- p.67 / Chapter 5 --- Performance Evaluation --- p.70 / Chapter 5.1 --- Simulation Setup --- p.70 / Chapter 5.2 --- Experiments on IP Traceback Scheme --- p.72 / Chapter 5.2.1 --- Performance Metrics --- p.72 / Chapter 5.2.2 --- Choice of Marking Probabilities --- p.73 / Chapter 5.2.3 --- Experimental Results --- p.75 / Chapter 5.3 --- Experiments on Packet Filtering Scheme --- p.82 / Chapter 5.3.1 --- Performance Metrics --- p.82 / Chapter 5.3.2 --- Choices of Filtering Probabilities --- p.84 / Chapter 5.3.3 --- Experimental Results --- p.85 / Chapter 5.4 --- Deployment Issues --- p.91 / Chapter 5.4.1 --- Backward Compatibility --- p.91 / Chapter 5.4.2 --- Processing Overheads to the Routers and Network --- p.93 / Chapter 5.5 --- Evaluations --- p.95 / Chapter 6 --- Conclusion --- p.96 / Chapter 6.1 --- Contributions --- p.96 / Chapter 6.2 --- Discussions and future work --- p.99 / Bibliography --- p.110

Computer networks--Security measures

Computer security

Mathematical analysis of security investment strategies and influence of cyber-insurance in networks.

January 2012

在互聯網上的主機(或節點)經常面對比如病毒和蠕蟲攻擊這一類能夠傳播的風險。儘管對這種風險的已經知曉，並且網絡/系統的安全非常重要，對於安全防護的投入依然很少，因此這種傳播式風險依然非常普遍。決定是否對安全保護進行投入是一個相互影響的過程:一個節點關於安全保護的投入會影響到其他節點所遭受的安全風險，因此也會影響它們關於安全保護投入的決定。我們的第一個目標是要了解“網絡外部性"和“節點異質性"如何影響安全投入。每個節點通過評估所受到的安全威脅和預期損失來做出決定。我們把它刻畫成一個貝葉斯博弈，在這個博弈裡面，每個節點只知道局部的信息，例如，自身有多少個鄰節點，和一些很少的全局信息，比如網絡中節點的度分佈。我們的第二個目標是研究一種叫做網絡保險的新的風險管理方式。我們探討競爭的網絡保險市場存在對於安全投入有什麼影響。通過分析，我們發現如果網絡保險提供商能夠觀察到節點的安全狀況，當節點所採取的保護措施質量不是很高時，網絡保險市場對於促進安全保護投入有積極的作用。我們還發現網絡保險對於度數高的節點的激勵程度更好。相反，如果網絡保險提供商不能觀察到節點的安全保護狀況，我們驗證了部分保險可以起到一個非負的激勵效用，雖然不是一種激勵，但是能夠提高節點的效用。 / Hosts (or nodes) in the Internet often face epidemic risks such as virus and worms attack. Despite the awareness of these risks and the importance of network/system security, investment in security protection is still scare, and hence epidemic risk is still prevalent. Deciding whether to invest in security protection is an interdependent process: security investment decision made by one node can affect the security risk of others, and therefore affect their decisions also. Our first goal is to understand how "network externality" and "nodes heterogeneity" may affect security adoption. Nodes make decisions on security investment by evaluating the epidemic risk and the expected loss. We characterize it as a Bayesian network game in which nodes only have the local information, e.g., the number of neighbors, and minimum common information, e.g., degree distribution of the network. Our second goal is to study a new form of risk management, called cyber-insurance. We investigate how the presence of competitive insurance market can affect the security adoption and show that if the insurance provider can observe the protection level of nodes, the insurance market is a positive incentive for security adoption if the protection quality is not very high. We also find that cyber-insurance is more likely to be a good incentive for nodes with higher degree. Conversely, if the insurance provider cannot observe the protection level of nodes, we verify that partial insurance can be a non-negative incentive, improving node’s utility though not being an incentive. / Detailed summary in vernacular field only. / Yang, Zichao. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2012. / Includes bibliographical references (leaves 59-65). / Abstracts also in Chinese. / Abstract --- p.i / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Mathematical Models --- p.6 / Chapter 2.1 --- Epidemic Model --- p.6 / Chapter 2.2 --- InvestmentModel --- p.8 / Chapter 2.3 --- Bayesian Network Game --- p.11 / Chapter 3 --- Analysis for Strategic Security Adoption --- p.13 / Chapter 3.1 --- General Case --- p.13 / Chapter 3.1.1 --- Estimating the Probability --- p.14 / Chapter 3.1.2 --- Security Adoption. --- p.17 / Chapter 3.2 --- Analysis of Node Heterogeneity: Two Types Case --- p.25 / Chapter 4 --- Analysis for Cyber-insurance Market --- p.30 / Chapter 4.1 --- Supply of Insurance --- p.30 / Chapter 4.2 --- Cyber-insuranceWithoutMoral Hazard --- p.34 / Chapter 4.2.1 --- Security Adoption with Cyber-insurance Market --- p.34 / Chapter 4.2.2 --- Incentive Analysis --- p.37 / Chapter 4.3 --- Cyber-insurance withMoral Hazard --- p.41 / Chapter 5 --- Simulation & Numerical Results --- p.46 / Chapter 5.1 --- Validating Final Infection Probability --- p.46 / Chapter 5.2 --- Security Adoption with Externality Effect --- p.49 / Chapter 5.3 --- Influence of Cyber-insurance --- p.52 / Chapter 6 --- Related Work --- p.53 / Chapter 7 --- Conclusion --- p.57 / Bibliography --- p.59

Computer security--Cost effectiveness

Decision making

On the protection of computation results of free-roaming agents against truncation and shred-not attacks. / CUHK electronic theses & dissertations collection / Digital dissertation consortium

January 2002

by Cheng Siu Lung. / "August 2002." / Thesis (Ph.D.)--Chinese University of Hong Kong, 2002. / Includes bibliographical references. / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. Ann Arbor, MI : ProQuest Information and Learning Company, [200-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Mode of access: World Wide Web. / Abstracts in English and Chinese.

Mobile agents (Computer software)

Computer security

Authentication

Querying XML data: efficiency and security issues. / CUHK electronic theses & dissertations collection

January 2006

Experiments were conducted to show the effectiveness of our approaches. / The security of the XML data draws as much attention as the efficiency problem. In this thesis, we study a promising approach to store the accessibility information, which is based on the Compressed Accessibility Map (CAM). We make two advancements in this direction. (1) Previous work suggests that for each user group and each operation type, a different CAM is built. We observe that the performance and storage requirements can be further improved by combining multiple CAMs into an Integrated CAM (ICAM). We explore this possibility and propose an integration mechanism. (2) If the change in structure of the XML data is not frequent, we suggest an efficient lookup method, which can be applied to CAMS or ICAMs, with a much lower time complexity compared to the previous approach. / We take into consideration ID/IDREF attributes, which are common in XML documents. Most related works model an XML document with ID/IDREF attributes as a graph. We retain a tree model, called extended XML tree, in which the IDREF attribute is regarded as an IDREF node, instead of an IDREF edge to the corresponding node. Based on this model, we propose a B+-tree style index (PIN-tree) integrating the essence of the path index and the inverted list approach. A query evaluation algorithm, PINE, based on the model and the indexing is proposed. PINE handles efficiently queries with/without IDREF requests, and IDREF requests can be stated explicitly or implicitly. We prove that PINE is near optimal for twig queries without IDREF requests under the assumption that the number of distinct tag paths to a label is limited. The assumption is proven to be reasonable by experiments. The complexity of PINE for queries with IDREF requests is also given. / XML is emerging as a widely-used platform-independent data representation language. With increasing interests in XML data, techniques concerning XML evolve rapidly. In this thesis, we study two important issues when querying XML data, efficiency and security, which are essential to an XML searching engine. / Jiang Mingfei. / "January 2006." / Adviser: Ada Wai-Chee Fu. / Source: Dissertation Abstracts International, Volume: 67-11, Section: B, page: 6509. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2006. / Includes bibliographical references (p. 136-143). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. [Ann Arbor, MI] : ProQuest Information and Learning, [200-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts in English and Chinese. / School code: 1307.

Computer security

XML (Document markup language)

Security and usability in password authentication

Yildirim, Merve

January 2017

This thesis investigates the human-factor problems in password authentication and proposes some usable solutions to these problems by focusing on both forms of knowledge based authentication: textual passwords and graphical passwords. It includes a range of empirical studies to examine users' password-related behaviour and practices in authentication, and helps users to adopt secure password behaviour. This thesis consists of two parts. The first part focuses on traditional text-based passwords. Design flaws and usability issues of existing text-password mechanisms used by many organisations cause employees to adopt insecure password practices. The first work in this thesis investigates the reasons for employees' lack of motivation regarding password protection against security failures. An empirical study is conducted to identify the factors causing employees' insecure behaviours in organisations, and several persuasion strategies are tested to persuade employees to use passwords more safely. The results of the study revealed that some persuasion strategies are effective in motivating users to adopt good password practices. The study also found that the failure of password policies and authentication schemes deployed by organisations is a common problem among the organisations. Considering the results of the first study, in the second work of this thesis, a password guideline/advice study is conducted to help users to create stronger and more memorable passwords. A password guideline including a number of password creation methods and a persuasive message is proposed, and its effectiveness in improving the strength of user-chosen passwords is evaluated. The results show that the users who received the proposed guideline produced stronger and more memorable passwords than the users followed the usual password restrictions while creating their passwords. The results also demonstrate that the given password creation methods can be helpful and inspirational for users to create their own encryption formula. All these works reveal the weaknesses of user-chosen textual passwords and inefficacy of existing text-based password mechanisms. Although these studies show that text-based password mechanisms can be strengthened, they are still problematic where usability is concerned. Thus, the second part of this thesis focuses on another form of knowledge-based authentication: graphical passwords. A novel hybrid authentication scheme integrating text and images is introduced to minimise the brute force and shoulder surfing attacks which text and graphical passwords suffer. In the last work of this thesis, the proposed hybrid scheme is implemented and evaluated. The evaluation shows that the proposed scheme provides security and usability at the same time, and it also makes the password creation process enjoyable for users. In summary, the thesis contributes to the analysis of some key security and usability problems which arise in knowledge-based authentication. A series of empirical studies has been conducted. Based on their results, usable solutions to the human-factor problems in password-based authentication are proposed and evaluated.

004

An effective methodology to traceback DDoS attackers.

January 2003

Lam, Kwok Tai. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2003. / Includes bibliographical references (leaves 64-66). / Abstracts in English and Chinese. / Chapter 1 --- Introduction to Network Security via Efficient IP Traceback --- p.10 / Chapter 1.1 --- Motivation --- p.10 / Chapter 1.2 --- DDoS Attacker Traceback Problem --- p.11 / Chapter 1.3 --- Document Roadmap --- p.13 / Chapter 2 --- Background --- p.14 / Chapter 2.1 --- Probabilistic Edge Marking Algorithm --- p.14 / Chapter 2.1.1 --- Probabilistic Edge Marking Procedure --- p.15 / Chapter 2.1.2 --- Attack Graph Construction Procedure --- p.17 / Chapter 2.1.3 --- Advantages and Disadvantages of Algorithm --- p.19 / Chapter 3 --- Attacker Traceback: Linear Topology --- p.22 / Chapter 3.1 --- Determination of Local Traffic Rates --- p.23 / Chapter 3.2 --- Determination of Minimum Stable Time tmin --- p.25 / Chapter 3.3 --- Elimination of Attackers --- p.26 / Chapter 4 --- Attacker Traceback: General Topology --- p.30 / Chapter 4.1 --- Determination of Local Traffic Rates --- p.30 / Chapter 4.2 --- Determination of Minimum Stable Time tmin --- p.33 / Chapter 5 --- Simulations --- p.36 / Chapter 5.1 --- Simulation 1 - Correctness and robustness of estimating the min- imum stable time tmin --- p.37 / Chapter 5.1.1 --- Simulation l.A - Influence on tmin by different packet arrival processes --- p.37 / Chapter 5.1.2 --- Simulation l.B - Influence on tmin by different packet arrival processes under MMPP --- p.38 / Chapter 5.1.3 --- Simulation l.C - Influence on tmin and variance of traffic rate estimation by different pthreshold --- p.39 / Chapter 5.2 --- Simulation 2 - Factors which influence the minimum stable time tmin --- p.40 / Chapter 5.2.1 --- Simulation 2.A - Influence on tmin by different length of the attack path --- p.41 / Chapter 5.2.2 --- Simulation 2.B - Influence on tmin by the relative posi- tions of the attackers --- p.42 / Chapter 5.2.3 --- Simulation 2.C - Influence on tmin by different ATR and different length of the attack path --- p.43 / Chapter 5.3 --- Simulation 3 - Extension to General Network Topology --- p.45 / Chapter 5.3.1 --- Simulation 3.A - Influence on tmin by different ATR and different diameter of the network topology --- p.45 / Chapter 5.3.2 --- Simulation 3.B - Influence on tmin by different number of attackers --- p.46 / Chapter 5.4 --- Simulation 4 - Extension to Internet Topology --- p.47 / Chapter 5.4.1 --- Simulation 4.A - Influence on tminby different diameter of the network topology --- p.49 / Chapter 5.4.2 --- Simulation 4.B - Influence on tmin by different number of attackers --- p.50 / Chapter 6 --- Experiments --- p.51 / Chapter 6.1 --- Experiment 1: Simple DoS Attack --- p.53 / Chapter 6.1.1 --- Experiment l.A - Influence on tmin by different types of DDoS attack --- p.54 / Chapter 6.1.2 --- Experiment l.B - Influence on tmin by different length of the attack path --- p.55 / Chapter 6.2 --- Experiment 2: Coordinated DoS Attack --- p.55 / Chapter 6.2.1 --- Experiment 2.A - Influence on tmin by the relative posi- tions of the attackers --- p.56 / Chapter 6.2.2 --- Experiment 2.B - Influence on tmin by different number of attackers --- p.58 / Chapter 7 --- Related Work --- p.59 / Chapter 8 --- Conclusion --- p.62 / Bibliography --- p.64

Computer networks--Security measures

Computer security

Hackers

Security issues in mobile IP and mobile ad hoc networks

Shankaran, Rajan, University of Western Sydney, College of Science, Technology and Environment, School of Computing and Information Technology

January 2004

The need for information anywhere and at any time has been the driving force for the increasing growth in mobile networks and devices. The field of mobile computing is the merger of advances in computing and communications with the aim of providing seamless and ubiquitous computing environment for mobile users. Whereas notebook computers and personal digital assistants (PDAs) are self-contained, networked computing constitutes a new paradigm of computing that is revolutionizing the way computers are used. Mobile networking greatly enhances the utility of carrying a computing device. It provides mobile users with versatile communication to other people and expedient notification of important events, yet with much more flexibility than cellular telephones and pagers. It also permits continuous access to services and resources of the traditional land-based wired networks. This combination of networking and mobility will engender new applications and services, such as collaborative software to support impromptu meetings, electronic bulletin boards that adapt to the contents according to the participants present, self adjusting lighting and heating, and navigation software to guide users in unfamiliar places and tours. To support mobility in the Internet, the Internet Protocol (IP) has been extended to support mobility. Also at the same time, there is also a growing trend for these IP based networks to operate in an infrastructureless environment called mobile ad-hoc networks. However, the proliferation of such mobile networks depends on a multitude of factors, with trustworthiness being one of the primary challenges to be met. The objective of this dissertation is to address the issues involved in the design of security services for Mobile IP and ad-hoc networks. Extensions to IP based networks (both wired and infrastructureless networks) to facilitate mobility have not been designed keeping security in mind. However adequate security features are basic requirements for the continued functioning of mobile networks. Clearly the problem is so broad that there is no way to devise a general solution We aim to address most of these wide- ranging problems and in the process initiate a practical approach to the development of an integrated security infrastructure for mobile networks. The intention is to seamlessly integrate these security services and mechanisms at the IP level within the mobile IP and ad-hoc networks. The provision of security services at the higher and lower layers and their interoperability with our proposed framework is outside the scope of this thesis / Doctor of Philosophy (PhD)

computer security

mobile computing

security measures

Towards the development of a defensive cyber damage and mission impact methodology

Fortson, Larry W.,

January 1900

Thesis (M.S.)--Air Force Institute of Technology, 2007. / AFIT/GIR/ENV/07-M9. Title from title page of PDF document (viewed on: Nov. 29, 2007). "March 2007." Includes bibliographical references (leaves 226-237).

Security architecture methodology for large net-centric systems

Umeh, Njideka Adaku,

January 2007

Thesis (M.S.)--University of Missouri--Rolla, 2007. / Vita. The entire thesis text is included in file. Title from title screen of thesis/dissertation PDF file (viewed December 6, 2007) Includes bibliographical references (p. 60-63).