Die integrering van inligtingsekerheid met programmatuuringenieurswese

20 November 2014

M.Com. (Informatiks) / Please refer to full text to view abstract

Computer security

Software engineering

Computer networks - Security measures

A Network Telescope Approach for Inferring and Characterizing IoT Exploitations

Unknown Date

While the seamless interconnection of IoT devices with the physical realm is envisioned to bring a plethora of critical improvements on many aspects and in diverse domains, it will undoubtedly pave the way for attackers that will target and exploit such devices, threatening the integrity of their data and the reliability of critical infrastructure. The aim of this thesis is to generate cyber threat intelligence related to Internet-scale inference and evaluation of malicious activities generated by compromised IoT devices to facilitate prompt detection, mitigation and prevention of IoT exploitation. In this context, we initially provide a unique taxonomy, which sheds the light on IoT vulnerabilities from five di↵erent perspectives. Subsequently, we address the task of inference and characterization of IoT maliciousness by leveraging active and passive measurements. To support large-scale empirical data analytics in the context of IoT, we made available corresponding raw data through an authenticated platform. / Includes bibliography. / Thesis (M.S.)--Florida Atlantic University, 2018. / FAU Electronic Theses and Dissertations Collection

Internet of things.

Internet of things--Security measures.

Cyber intelligence (Computer security)

A secure one-use dynamic backdoor password system based on public key cryptography.

January 2002

Yu Haitao. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2002. / Includes bibliographical references (leaves 71). / Abstracts in English and Chinese. / Chapter Chapter 1. --- Introduction --- p.1 / Chapter 1.1 --- Introduction --- p.1 / Chapter 1.2 --- Thesis organization --- p.6 / Chapter Chapter 2. --- Conventional password authentication and backdoor password schemes --- p.7 / Chapter 2.1 --- Password and password authentication --- p.7 / Chapter 2.1.1 --- Introduction to password and its security problems --- p.7 / Chapter 2.1.2 --- Front-door passwords vs. backdoor passwords --- p.8 / Chapter 2.1.3 --- Dynamic passwords vs. static passwords --- p.9 / Chapter 2.2 --- Forgotten-password problem --- p.10 / Chapter Chapter 3. --- Introduction to Cryptography --- p.12 / Chapter 3.1 --- Introduction to information security --- p.12 / Chapter 3.2 --- Conventional cryptography --- p.16 / Chapter 3.3 --- Public-key cryptography --- p.21 / Chapter 3.4 --- RSA cryptosystem --- p.24 / Chapter 3.5 --- One-way function --- p.27 / Chapter 3.6 --- Digital signature --- p.30 / Chapter 3.7 --- Secret sharing --- p.34 / Chapter 3.8 --- Zero-knowledge proof --- p.34 / Chapter 3.9 --- Key management --- p.36 / Chapter 3.9.1 --- Key distribution in conventional cryptography --- p.36 / Chapter 3.9.2 --- Distribution of public keys --- p.39 / Chapter Chapter 4. --- A secure one-use dynamic backdoor password system based on Public Key Cryptography --- p.42 / Chapter 4.1 --- System objectives --- p.42 / Chapter 4.2 --- Simple system and analysis --- p.45 / Chapter 4.2.1 --- System diagram --- p.45 / Chapter 4.2.2 --- System protocol --- p.46 / Chapter 4.2.3 --- Applied technologies --- p.50 / Chapter 4.2.4 --- System security analysis --- p.52 / Chapter 4.3 --- Multi-user system and analysis --- p.55 / Chapter 4.3.1 --- Modification to the system diagram --- p.56 / Chapter 4.3.2 --- Modification to the system protocol --- p.57 / Chapter 4.3.3 --- System analysis for multi-user system --- p.64 / Chapter 4.4 --- Applicable modes and analysis --- p.66 / Chapter 4.5 --- Conclusion --- p.68 / Chapter Chapter 5. --- Conclusion --- p.69 / Bibliography --- p.71 / Appendix --- p.72 / Chapter A. --- Algorithm of MD5 --- p.72 / Chapter B. --- Algorithm of DSA --- p.76 / Chapter C. --- Algorithm of RSA --- p.79

Public key cryptography

Computers--Access control--Passwords

Computer security

Authentication

Preemptive distributed intrusion detection using mobile agents.

January 2002

by Chan Pui Chung. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2002. / Includes bibliographical references (leaves [56]-[61]). / Abstracts in English and Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- The Trends --- p.1 / Chapter 1.2 --- What this Thesis Contains --- p.3 / Chapter 2 --- Background --- p.5 / Chapter 2.1 --- Computer Security --- p.5 / Chapter 2.2 --- Anti-intrusion Techniques --- p.6 / Chapter 2.3 --- The Need for Intrusion Detection System --- p.7 / Chapter 2.4 --- Intrusion Detection System Categorization --- p.8 / Chapter 2.4.1 --- Network-based vs. Host-based --- p.8 / Chapter 2.4.2 --- Anomaly Detection vs. Misuse Detection --- p.10 / Chapter 2.4.3 --- Centralized vs. Distributed --- p.11 / Chapter 2.5 --- Agent-based IDS --- p.12 / Chapter 2.6 --- Mobile agent-based IDS --- p.12 / Chapter 3 --- Survey on Intrusion Step --- p.14 / Chapter 3.1 --- Introduction --- p.14 / Chapter 3.2 --- Getting information before break in --- p.14 / Chapter 3.2.1 --- Port scanning --- p.14 / Chapter 3.2.2 --- Sniffing --- p.16 / Chapter 3.2.3 --- Fingerprinting --- p.17 / Chapter 3.3 --- Intrusion method --- p.17 / Chapter 3.3.1 --- DOS and DDOS --- p.17 / Chapter 3.3.2 --- Password cracking --- p.18 / Chapter 3.3.3 --- Buffer overflows --- p.19 / Chapter 3.3.4 --- Race Condition --- p.20 / Chapter 3.3.5 --- Session Hijacking --- p.20 / Chapter 3.3.6 --- Computer Virus --- p.21 / Chapter 3.3.7 --- Worms --- p.21 / Chapter 3.3.8 --- Trojan Horse --- p.22 / Chapter 3.3.9 --- Social Engineering --- p.22 / Chapter 3.3.10 --- Physical Attack --- p.23 / Chapter 3.4 --- After intrusion --- p.23 / Chapter 3.4.1 --- Covering Tracks --- p.23 / Chapter 3.4.2 --- Back-doors --- p.23 / Chapter 3.4.3 --- Rootkits --- p.23 / Chapter 3.5 --- Conclusion --- p.24 / Chapter 4 --- A Survey on Intrusion Detection System --- p.25 / Chapter 4.1 --- Introduction --- p.25 / Chapter 4.2 --- Information Source --- p.25 / Chapter 4.2.1 --- Host-based Source --- p.25 / Chapter 4.2.2 --- Network-based Source --- p.26 / Chapter 4.2.3 --- Out-of-band Source --- p.27 / Chapter 4.2.4 --- Data Fusion from multiple sources --- p.27 / Chapter 4.3 --- Detection Technology --- p.28 / Chapter 4.3.1 --- Intrusion signature --- p.28 / Chapter 4.3.2 --- Threshold Detection --- p.31 / Chapter 4.3.3 --- Statistical Analysis --- p.31 / Chapter 4.3.4 --- Neural Network --- p.32 / Chapter 4.3.5 --- Artificial Immune System --- p.33 / Chapter 4.3.6 --- Data Mining --- p.33 / Chapter 4.3.7 --- Traffic Analysis --- p.34 / Chapter 4.4 --- False Alarm Rate --- p.35 / Chapter 4.5 --- Response --- p.35 / Chapter 4.6 --- Difficulties in IDS --- p.36 / Chapter 4.6.1 --- Base Rate Fallacy --- p.36 / Chapter 4.6.2 --- Denial of Service Attack against IDS --- p.37 / Chapter 4.6.3 --- Insertion and Evasion attack against the Network-Based IDS . --- p.37 / Chapter 4.7 --- Conclusion --- p.38 / Chapter 5 --- Preemptive Distributed Intrusion Detection using Mobile Agents --- p.39 / Chapter 5.1 --- Introduction --- p.39 / Chapter 5.2 --- Architecture Design --- p.40 / Chapter 5.2.1 --- Overview --- p.40 / Chapter 5.2.2 --- Agents involved --- p.40 / Chapter 5.2.3 --- Clustering --- p.42 / Chapter 5.3 --- How it works --- p.44 / Chapter 5.3.1 --- Pseudo codes of operations --- p.48 / Chapter 5.4 --- Advantages --- p.49 / Chapter 5.5 --- Drawbacks & Possible Solutions --- p.49 / Chapter 5.6 --- Other Possible Mode of Operation --- p.50 / Chapter 5.7 --- Conclusion --- p.51 / Chapter 6 --- Conclusion --- p.52 / A Paper Derived from this Thesis --- p.54 / Bibliography --- p.55

Mobile agents (Computer software)

Computer security

Computer networks--Security measures

Cryptographic primitives on reconfigurable platforms.

January 2002

Tsoi Kuen Hung. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2002. / Includes bibliographical references (leaves 84-92). / Abstracts in English and Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Motivation --- p.1 / Chapter 1.2 --- Objectives --- p.3 / Chapter 1.3 --- Contributions --- p.3 / Chapter 1.4 --- Thesis Organization --- p.4 / Chapter 2 --- Background and Review --- p.6 / Chapter 2.1 --- Introduction --- p.6 / Chapter 2.2 --- Cryptographic Algorithms --- p.6 / Chapter 2.3 --- Cryptographic Applications --- p.10 / Chapter 2.4 --- Modern Reconfigurable Platforms --- p.11 / Chapter 2.5 --- Review of Related Work --- p.14 / Chapter 2.5.1 --- Montgomery Multiplier --- p.14 / Chapter 2.5.2 --- IDEA Cipher --- p.16 / Chapter 2.5.3 --- RC4 Key Search --- p.17 / Chapter 2.5.4 --- Secure Random Number Generator --- p.18 / Chapter 2.6 --- Summary --- p.19 / Chapter 3 --- The IDEA Cipher --- p.20 / Chapter 3.1 --- Introduction --- p.20 / Chapter 3.2 --- The IDEA Algorithm --- p.21 / Chapter 3.2.1 --- Cipher Data Path --- p.21 / Chapter 3.2.2 --- S-Box: Multiplication Modulo 216 + 1 --- p.23 / Chapter 3.2.3 --- Key Schedule --- p.24 / Chapter 3.3 --- FPGA-based IDEA Implementation --- p.24 / Chapter 3.3.1 --- Multiplication Modulo 216 + 1 --- p.24 / Chapter 3.3.2 --- Deeply Pipelined IDEA Core --- p.26 / Chapter 3.3.3 --- Area Saving Modification --- p.28 / Chapter 3.3.4 --- Key Block in Memory --- p.28 / Chapter 3.3.5 --- Pipelined Key Block --- p.30 / Chapter 3.3.6 --- Interface --- p.31 / Chapter 3.3.7 --- Pipelined Design in CBC Mode --- p.31 / Chapter 3.4 --- Summary --- p.32 / Chapter 4 --- Variable Radix Montgomery Multiplier --- p.33 / Chapter 4.1 --- Introduction --- p.33 / Chapter 4.2 --- RSA Algorithm --- p.34 / Chapter 4.3 --- Montgomery Algorithm - Ax B mod N --- p.35 / Chapter 4.4 --- Systolic Array Structure --- p.36 / Chapter 4.5 --- Radix-2k Core --- p.37 / Chapter 4.5.1 --- The Original Kornerup Method (Bit-Serial) --- p.37 / Chapter 4.5.2 --- The Radix-2k Method --- p.38 / Chapter 4.5.3 --- Time-Space Relationship of Systolic Cells --- p.38 / Chapter 4.5.4 --- Design Correctness --- p.40 / Chapter 4.6 --- Implementation Details --- p.40 / Chapter 4.7 --- Summary --- p.41 / Chapter 5 --- Parallel RC4 Engine --- p.42 / Chapter 5.1 --- Introduction --- p.42 / Chapter 5.2 --- Algorithms --- p.44 / Chapter 5.2.1 --- RC4 --- p.44 / Chapter 5.2.2 --- Key Search --- p.46 / Chapter 5.3 --- System Architecture --- p.47 / Chapter 5.3.1 --- RC4 Cell Design --- p.47 / Chapter 5.3.2 --- Key Search --- p.49 / Chapter 5.3.3 --- Interface --- p.50 / Chapter 5.4 --- Implementation --- p.50 / Chapter 5.4.1 --- RC4 cell --- p.51 / Chapter 5.4.2 --- Floorplan --- p.53 / Chapter 5.5 --- Summary --- p.53 / Chapter 6 --- Blum Blum Shub Random Number Generator --- p.55 / Chapter 6.1 --- Introduction --- p.55 / Chapter 6.2 --- RRNG Algorithm . . --- p.56 / Chapter 6.3 --- PRNG Algorithm --- p.58 / Chapter 6.4 --- Architectural Overview --- p.59 / Chapter 6.5 --- Implementation --- p.59 / Chapter 6.5.1 --- Hardware RRNG --- p.60 / Chapter 6.5.2 --- BBS PRNG --- p.61 / Chapter 6.5.3 --- Interface --- p.66 / Chapter 6.6 --- Summary --- p.66 / Chapter 7 --- Experimental Results --- p.68 / Chapter 7.1 --- Design Platform --- p.68 / Chapter 7.2 --- IDEA Cipher --- p.69 / Chapter 7.2.1 --- Size of IDEA Cipher --- p.70 / Chapter 7.2.2 --- Performance of IDEA Cipher --- p.70 / Chapter 7.3 --- Variable Radix Systolic Array --- p.71 / Chapter 7.4 --- Parallel RC4 Engine --- p.75 / Chapter 7.5 --- BBS Random Number Generator --- p.76 / Chapter 7.5.1 --- Size --- p.76 / Chapter 7.5.2 --- Speed --- p.76 / Chapter 7.5.3 --- External Clock --- p.77 / Chapter 7.5.4 --- Random Performance --- p.78 / Chapter 7.6 --- Summary --- p.78 / Chapter 8 --- Conclusion --- p.81 / Chapter 8.1 --- Future Development --- p.83 / Bibliography --- p.84

Computer security

Field programmable gate arrays

Public key cryptography

Secure execution of mobile agents on open networks using cooperative agents.

January 2002

Yu Chiu-Man. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2002. / Includes bibliographical references (leaves 93-96). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgements --- p.ii / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Advantages of mobile agents --- p.2 / Chapter 1.2 --- Security --- p.3 / Chapter 1.3 --- Contributions --- p.3 / Chapter 1.4 --- Structure --- p.4 / Chapter 2 --- The Problem of Execution Tampering Attack --- p.5 / Chapter 2.1 --- Mobile agent execution model --- p.5 / Chapter 2.2 --- Tampering attack from malicious hosts --- p.5 / Chapter 2.3 --- Open network environment --- p.6 / Chapter 2.4 --- Conclusion --- p.6 / Chapter 3 --- Existing Approaches to Solve the Execution Tampering Prob- lem --- p.8 / Chapter 3.1 --- Introduction --- p.8 / Chapter 3.2 --- Trusted execution environment --- p.9 / Chapter 3.2.1 --- Closed system --- p.9 / Chapter 3.2.2 --- Trusted hardware --- p.9 / Chapter 3.3 --- Tamper-detection --- p.11 / Chapter 3.3.1 --- Execution tracing --- p.11 / Chapter 3.4 --- Tamper-prevention --- p.12 / Chapter 3.4.1 --- Blackbox security --- p.12 / Chapter 3.4.2 --- Time limited blackbox --- p.13 / Chapter 3.4.3 --- Agent mess-up --- p.15 / Chapter 3.4.4 --- Addition of noisy code --- p.15 / Chapter 3.4.5 --- Co-operating agents --- p.16 / Chapter 3.5 --- Conclusion --- p.17 / Chapter 4 --- Tamper-Detection Mechanism of Our Protocol --- p.18 / Chapter 4.1 --- Introduction --- p.18 / Chapter 4.2 --- Execution tracing --- p.18 / Chapter 4.3 --- Code obfuscation --- p.21 / Chapter 4.3.1 --- Resilience of obfuscating transformation --- p.22 / Chapter 4.4 --- Execution tracing with obfuscated program --- p.23 / Chapter 4.5 --- Conclusion --- p.27 / Chapter 5 --- A Flexible Tamper-Detection Protocol by Using Cooperating Agents --- p.28 / Chapter 5.1 --- Introduction --- p.28 / Chapter 5.1.1 --- Agent model --- p.29 / Chapter 5.1.2 --- Execution model --- p.30 / Chapter 5.1.3 --- System model --- p.30 / Chapter 5.1.4 --- Failure model --- p.30 / Chapter 5.2 --- The tamper-detection protocol --- p.30 / Chapter 5.3 --- Fault-tolerance policy --- p.38 / Chapter 5.4 --- Costs of the protocol --- p.38 / Chapter 5.5 --- Discussion --- p.40 / Chapter 5.6 --- Conclusion --- p.42 / Chapter 6 --- Verification of the Protocol by BAN Logic --- p.43 / Chapter 6.1 --- Introduction --- p.43 / Chapter 6.2 --- Modifications to BAN logic --- p.44 / Chapter 6.3 --- Term definitions --- p.45 / Chapter 6.4 --- Modeling of our tamper-detection protocol --- p.46 / Chapter 6.5 --- Goals --- p.47 / Chapter 6.6 --- Sub-goals --- p.48 / Chapter 6.7 --- Assumptions --- p.48 / Chapter 6.8 --- Verification --- p.49 / Chapter 6.9 --- Conclusion --- p.53 / Chapter 7 --- Experimental Results Related to the Protocol --- p.54 / Chapter 7.1 --- Introduction --- p.54 / Chapter 7.2 --- Experiment environment --- p.54 / Chapter 7.3 --- Experiment procedures --- p.55 / Chapter 7.4 --- Experiment implementation --- p.56 / Chapter 7.5 --- Experimental results --- p.61 / Chapter 7.6 --- Conclusion --- p.65 / Chapter 8 --- Extension to Solve the ´حFake Honest Host´ح Problem --- p.68 / Chapter 8.1 --- Introduction --- p.68 / Chapter 8.2 --- "The method to solve the ""fake honest host"" problem" --- p.69 / Chapter 8.2.1 --- Basic idea --- p.69 / Chapter 8.2.2 --- Description of the method --- p.69 / Chapter 8.3 --- Conclusion --- p.71 / Chapter 9 --- Performance Improvement by Program Slicing --- p.73 / Chapter 9.1 --- Introduction --- p.73 / Chapter 9.2 --- Deployment of program slicing --- p.73 / Chapter 9.3 --- Conclusion --- p.75 / Chapter 10 --- Increase Scalability by Supporting Multiple Mobile Agents --- p.76 / Chapter 10.1 --- Introduction --- p.76 / Chapter 10.2 --- Supporting multiple mobile agents --- p.76 / Chapter 10.3 --- Conclusion --- p.78 / Chapter 11 --- Deployment of Trust Relationship in the Protocol --- p.79 / Chapter 11.1 --- Introduction --- p.79 / Chapter 11.2 --- Deployment of trust relationship --- p.79 / Chapter 11.3 --- Conclusion --- p.82 / Chapter 12 --- Conclusions and Future Work --- p.83 / A Data of Experimental Results --- p.86 / Publication --- p.92 / Bibliography --- p.93

Mobile agents (Computer software)

Computer security

Computer networks--Security measures

Secure Computation in Heterogeneous Environments: How to Bring Multiparty Computation Closer to Practice?

Raykova, Mariana Petrova

January 2012

Many services that people use daily require computation that depends on the private data of multiple parties. While the utility of the final result of such interactions outweighs the privacy concerns related to output release, the inputs for such computations are much more sensitive and need to be protected. Secure multiparty computation (MPC) considers the question of constructing computation protocols that reveal nothing more about their inputs than what is inherently leaked by the output. There have been strong theoretical results that demonstrate that every functionality can be computed securely. However, these protocols remain unused in practical solutions since they introduce efficiency overhead prohibitive for most applications. Generic multiparty computation techniques address homogeneous setups with respect to the resources available to the participants and the adversarial model. On the other hand, realistic scenarios present a wide diversity of heterogeneous environments where different participants have different available resources and different incentives to misbehave and collude. In this thesis we introduce techniques for multiparty computation that focus on heterogeneous settings. We present solutions tailored to address different types of asymmetric constraints and improve the efficiency of existing approaches in these scenarios. We tackle the question from three main directions: New Computational Models for MPC - We explore different computational models that enable us to overcome inherent inefficiencies of generic MPC solutions using circuit representation for the evaluated functionality. First, we show how we can use random access machines to construct MPC protocols that add only polylogarithmic overhead to the running time of the insecure version of the underlying functionality. This allows to achieve MPC constructions with computational complexity sublinear in the size for their inputs, which is very important for computations that use large databases. We also consider multivariate polynomials which yield more succinct representations for the functionalities they implement than circuits, and at the same time a large collection of problems are naturally and efficiently expressed as multivariate polynomials. We construct an MPC protocol for multivariate polynomials, which improves the communication complexity of corresponding circuit solutions, and provides currently the most efficient solution for multiparty set intersection in the fully malicious case. Outsourcing Computation - The goal in this setting is to utilize the resources of a single powerful service provider for the work that computationally weak clients need to perform on their data. We present a new paradigm for constructing verifiable computation (VC) schemes, which enables a computationally limited client to verify efficiently the result of a large computation. Our construction is based on attribute-based encryption and avoids expensive primitives such as fully homomorphic encryption andprobabilistically checkable proofs underlying existing VC schemes. Additionally our solution enjoys two new useful properties: public delegation and verification. We further introduce the model of server-aided computation where we utilize the computational power of an outsourcing party to assist the execution and improve the efficiency of MPC protocols. For this purpose we define a new adversarial model of non-collusion, which provides room for more efficient constructions that rely almost completely only on symmetric key operations, and at the same time captures realistic settings for adversarial behavior. In this model we propose protocols for generic secure computation that offload the work of most of the parties to the computation server. We also construct a specialized server-aided two party set intersection protocol that achieves better efficiencies for the two participants than existing solutions. Outsourcing in many cases concerns only data storage and while outsourcing the data of a single party is useful, providing a way for data sharing among different clients of the service is the more interesting and useful setup. However, this scenario brings new challenges for access control since the access control rules and data accesses become private data for the clients with respect to the service provide. We propose an approach that offers trade-offs between the privacy provided for the clients and the communication overhead incurred for each data access. Efficient Private Search in Practice - We consider the question of private search from a different perspective compared to traditional settings for MPC. We start with strict efficiency requirements motivated by speeds of available hardware and what is considered acceptable overhead from practical point of view. Then we adopt relaxed definitions of privacy, which still provide meaningful security guarantees while allowing us to meet the efficiency requirements. In this setting we design a security architecture and implement a system for data sharing based on encrypted search, which achieves only 30% overhead compared to non-secure solutions on realistic workloads.

Computer science

Computer security--Computer programs

Management information systems

Symbolic Model Learning: New Algorithms and Applications

Argyros, Georgios

January 2019

In this thesis, we study algorithms which can be used to extract, or learn, formal mathematical models from software systems and then using these models to test whether the given software systems satisfy certain security properties such as robustness against code injection attacks. Specifically, we focus on studying learning algorithms for automata and transducers and the symbolic extensions of these models, namely symbolic finite automata (SFAs). In a high level, this thesis contributes the following results: 1. In the first part of the thesis, we present a unified treatment of many common variations of the seminal L* algorithm for learning deterministic finite automata (DFAs) as a congruence learning algorithm for the underlying Nerode congruence which forms the basis of automata theory. Under this formulation the basic data structures used by different variations are unified as different ways to implement the Nerode congruence using queries. 2. Next, building on the new formulation of L*-style algorithms we proceed to develop new algorithms for learning transducer models. Firstly, we present the first algorithm for learning deterministic partial transducers. Furthermore, we extend my algorithm into non-deterministic models by introducing a novel, generalized congruence relation over string transformations which is able to capture a subclass of string transformations with regular lookahead. We demonstrate that this class is able to capture many practical string transformation from the domain of string sanitizers in Web applications. 3. Classical learning algorithms for automata and transducers operate over finite alphabets and have a query complexity that scales linearly with the size of the alphabet. However, in practice, this dependence on the alphabet size hinders the performance of the algorithms. To address this issue, we develop the MAT* algorithm for learning symbolic finite state automata (SFAs) which operate over infinite alphabets. In practice, the MAT* learning algorithm allow us to plug custom transition learning algorithms which will efficiently infer the predicates in the transitions of the SFA without querying the whole alphabet set. 4. Finally, we use our learning algorithm toolbox as the basis for the development of a set of black-box testing algorithms. More specifically, we present Grammar Oriented Filter Auditing (GOFA), a novel technique which allows one to utilize my learning algorithms to evaluate the robustness of a string sanitizer or filter against a set of attack strings given as a context-free grammar. Furthermore, because such grammars are many times unavailable, we developed sfadiff a differential testing technique based on symbolic automata learning which can be used in order to perform differential testing of two different parser implementations using SFA learning algorithms and we demonstrate how our algorithm can be used to develop program fingerprints. We evaluate our algorithms against state-of-the-art Web Application Firewalls and discover over 15 previously unknown vulnerabilities which result in evading the firewalls and performing code injection attacks in the backend Web application. Finally, we show how our learning algorithms can uncover vulnerabilities which are missed by other black-box methods such as fuzzing and grammar-based testing.

Computer science

Algorithms

Software

Mathematical models

Computer security

Regions Security Policy (RSP) : applying regions to network security / RSP : applying regions to network security

Baratz, Joshua W. (Joshua William), 1981-

January 2004

Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004. / Includes bibliographical references (p. 51-54). / The Regions network architecture is a new look at network organization that groups nodes into regions based on common purposes. This shift from strict network topology groupings of nodes requires a change in security systems. This thesis designs and implements the Regions Security Policy (RSP). RSP allows a unified security policy to be set across a region, fully controlling data as it enters into, exits from, and transits within a region. In doing so, it brings together several existing security solutions so as to provide security comparable to existing systems that is more likely to function correctly. / by Joshua W. Baratz. / M.Eng.and S.B.

Computer networks Security measures

Computer security

Identity-based cryptography from paillier cryptosystem.

January 2005

Au Man Ho Allen. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2005. / Includes bibliographical references (leaves 60-68). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iii / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Preliminaries --- p.5 / Chapter 2.1 --- Complexity Theory --- p.5 / Chapter 2.2 --- Algebra and Number Theory --- p.7 / Chapter 2.2.1 --- Groups --- p.7 / Chapter 2.2.2 --- Additive Group Zn and Multiplicative Group Z*n --- p.8 / Chapter 2.2.3 --- The Integer Factorization Problem --- p.9 / Chapter 2.2.4 --- Quadratic Residuosity Problem --- p.11 / Chapter 2.2.5 --- Computing e-th Roots (The RSA Problem) --- p.13 / Chapter 2.2.6 --- Discrete Logarithm and Related Problems --- p.13 / Chapter 2.3 --- Public key Cryptography --- p.16 / Chapter 2.3.1 --- Encryption --- p.17 / Chapter 2.3.2 --- Digital Signature --- p.20 / Chapter 2.3.3 --- Identification Protocol --- p.22 / Chapter 2.3.4 --- Hash Function --- p.24 / Chapter 3 --- Paillier Cryptosystems --- p.26 / Chapter 3.1 --- Introduction --- p.26 / Chapter 3.2 --- The Paillier Cryptosystem --- p.27 / Chapter 4 --- Identity-based Cryptography --- p.30 / Chapter 4.1 --- Introduction --- p.31 / Chapter 4.2 --- Identity-based Encryption --- p.32 / Chapter 4.2.1 --- Notions of Security --- p.32 / Chapter 4.2.2 --- Related Results --- p.35 / Chapter 4.3 --- Identity-based Identification --- p.36 / Chapter 4.3.1 --- Security notions --- p.37 / Chapter 4.4 --- Identity-based Signature --- p.38 / Chapter 4.4.1 --- Security notions --- p.39 / Chapter 5 --- Identity-Based Cryptography from Paillier System --- p.41 / Chapter 5.1 --- Identity-based Identification schemes in Paillier setting --- p.42 / Chapter 5.1.1 --- Paillier-IBI --- p.42 / Chapter 5.1.2 --- CGGN-IBI --- p.43 / Chapter 5.1.3 --- GMMV-IBI --- p.44 / Chapter 5.1.4 --- KT-IBI --- p.45 / Chapter 5.1.5 --- Choice of g for Paillier-IBI --- p.46 / Chapter 5.2 --- Identity-based signatures from Paillier system . . --- p.47 / Chapter 5.3 --- Cocks ID-based Encryption in Paillier Setting . . --- p.48 / Chapter 6 --- Concluding Remarks --- p.51 / A Proof of Theorems --- p.53 / Chapter A.1 --- "Proof of Theorems 5.1, 5.2" --- p.53 / Chapter A.2 --- Proof Sketch of Remaining Theorems --- p.58 / Bibliography --- p.60

Computer security

Cryptography

Data encryption (Computer science)

Digital signatures