Global ETD Search

41	Balancing energy, security and circuit area in lightweight cryptographic hardware design / L'équilibre entre consommation énergétique, sécurité et surface de circuit dans la conception de matériel cryptographique léger Portella, Rodrigo 27 October 2016 (has links) Cette thèse aborde la conception et les contremesures permettant d'améliorer le calcul cryptographique matériel léger. Parce que la cryptographie (et la cryptanalyse) sont de nos jours de plus en plus omniprésentes dans notre vie quotidienne, il est crucial que les nouveaux systèmes développés soient suffisamment robustes pour faire face à la quantité croissante de données de traitement sans compromettre la sécurité globale. Ce travail aborde de nombreux sujets liés aux implémentations cryptographiques légères. Les principales contributions de cette thèse sont : - Un nouveau système d'accélération matérielle cryptographique appliqué aux codes BCH ; - Réduction de la consommation des systèmes embarqués et SoCs ; - Contre-mesures légères des attaques par canal auxiliaire applicables à l'algorithme de chiffrement reconfigurable AES ;- CSAC : Un pare-feu sécurisé sur la puce cryptographique ; - Attaques par analyse fréquentielle ; - Un nouveau protocole à divulgation nulle de connaissance appliquée aux réseaux de capteurs sans fil ; - OMD : Un nouveau schéma de chiffrement authentifié. / This thesis addresses lightweight hardware design and countermeasures to improve cryptographic computation. Because cryptography (and cryptanalysis) is nowadays becoming more and more ubiquitous in our daily lives, it is crucial that newly developed systems are robust enough to deal with the increasing amount of processing data without compromising the overall security. This work addresses many different topics related to lightweight cryptographic implementations. The main contributions of this thesis are: - A new cryptographic hardware acceleration scheme applied to BCH codes; - Hardware power minimization applied to SoCs and embedded devices; - Timing and DPA lightweight countermeasures applied to the reconfigurable AES block cipher; - CSAC: A cryptographically secure on-chip firewall; - Frequency analysis attack experiments; - A new zero-knowledge zero-knowledge protocol applied to wireless sensor networks; - OMD: A new authenticated encryption scheme. Cryptographie symétrique Cryptographie légère Authentification Chiffrement Contre-mesure matérielle Cryptosystème matériel Attaque par canal auxiliaire Attaque par fautes Symmetric-key cryptography Lightweight cryptography Authentication Encryption Hardware design Hardware cryptosystem Hardware countermeasure DPA Fault attacks 004.8
42	Zavedení managementu bezpečnosti informací v podniku dle ISO 27001 / Implementation of Information Security Management in Company According to ISO 27001 Šumbera, Adam January 2013 (has links) This diploma thesis deals with implementation of the information security management system in company. The theoretical part of thesis summarizes the theoretical knowledge in the field of information security and describes a set of standards ISO/IEC 27000. In the following section the specific company is analysed, and to this company there are then applied theoretical knowledge during the implementation of information security management system.
43	Biomechanical Simulations of a Flywheel Exercise Device in Microgravity / Biomekaniska simuleringar av resistansgivande svänghjulsbaserad träningsutrustning i tyngdlöshet Jönsson, Maria, Boije, Malin January 2015 (has links) Bone loss and muscle atrophy are two main physiological conditions affecting astronauts while being in space. In order to counteract the effects, at least two hours of aerobic and resistant countermeasure exercise is scheduled into their working day, seven days a week. Yoyo Technology AB has developed a resistance exercise device based on the flywheel principle, providing a load independent of gravity. However, there is no biomechanical research done on the efficiency of the device in microgravity, from a human movement point of view using simulation software. The aim of this thesis was to evaluate the effects of performing a leg press on the flywheel exercise device in a microgravity environment. Simulations of performing a flywheel leg press in earth gravity, microgravity and performing a conventional squat were done. The evaluated parameters were reaction forces, joint angles, joint moments, joint powers and muscle recruitment in the lower extremities. The simulations were done using a biomechanical simulation software based on a motion capture data collection. From the results two conclusions were proposed. Performing a flywheel leg press in microgravity environment or on earth provides at least as much peak moment as a body weighted squat performed on earth. Furthermore, performing a flywheel leg press in microgravity will induce a higher activity level among hip extensors and knee flexors compared to performing a flywheel leg press on earth. FWED Flywheel Exercise Device Microgravity Biomechanical Simulation Countermeasure Exercise Resistance Training Motion Capture AnyBody Modeling System Leg Press Squat FWED Svänghjulsbaserad träningsutrustning Tyngdlöshet Biomekanisk simulering Motverkande träning Styrketräning Motion Capture AnyBody Modeling System Benpress Benböj Medical Engineering Medicinteknik
44	Optimization of cost-based threat response for Security Information and Event Management (SIEM) systems / Optimisation de la réponse aux menaces basée sur les coûts dans des systèmes pour la Sécurité de l'Information et la Gestion des Evénements (SIEMs) Gonzalez Granadillo, Gustavo Daniel 12 December 2013 (has links) Les SIEMs (systèmes pour la Sécurité de l'Information et la Gestion des Evénements) sont le cœur des centres opérationnels de sécurité actuels. Les SIEMs corrèlent les événements en provenance de différents capteurs (anti-virus, pare-feux, systèmes de détection d'intrusion, etc), et offrent des vues synthétiques pour la gestion des menaces ainsi que des rapports de sécurité. La recherche dans les technologies SIEM a toujours mis l'accent sur la fourniture d'une interprétation complète des menaces, en particulier pour évaluer leur importance et hiérarchiser les réponses. Toutefois, dans de nombreux cas, la réponse des menaces a encore besoin de l'homme pour mener l'analyse et aboutir à la prise de décisions, p.ex. compréhension des menaces, définition des contremesures appropriées ainsi que leur déploiement. Il s'agit d'un processus lent et coûteux, nécessitant un haut niveau d'expertise, qui reste néanmoins sujet à erreurs. Ainsi, des recherches récentes sur les SIEMs ont mis l'accent sur l'importance et la capacité d'automatiser le processus de sélection et le déploiement des contremesures. Certains auteurs ont proposé des mécanismes automatiques de réponse, comme l'adaptation des politiques de sécurité pour dépasser les limites de réponses statiques ou manuelles. Bien que ces approches améliorent le processus de réaction (en le rendant plus rapide et/ou plus efficace), ils restent limités car ces solutions n'analysent pas l'impact des contremesures choisies pour atténuer les attaques. Dans cette thèse, nous proposons une nouvelle approche systématique qui sélectionne la contremesure optimale au travers d'un ensemble de candidats, classés sur la base d'une comparaison entre leur efficacité à arrêter l'attaque et leur capacité à préserver, simultanément, le meilleur service aux utilisateurs légitimes. Nous proposons également un modèle pour représenter graphiquement les attaques et les contre-mesures, afin de déterminer le volume de chaque élément dans un scénario de multiples attaques. Les coordonnées de chaque élément sont dérivés d'un URI . Ce dernier est composé principalement de trois axes : l’utilisateur, le canal et le ressource. Nous utilisons la méthodologie CARVER pour donner un poids approprié à chaque élément composant les axes de notre système de coordonnées. Cette approche nous permet de connecter les volumes avec les risques (p.ex. des grands volumes sont équivalents à des risques élevés, tandis que des petits volumes sont équivalents à des risques faibles). Deux concepts sont considérés en comparant deux ou plusieurs volumes de risques: le risque résiduel, qui résulte lorsque le volume du risque est plus élevé que le volume de la contre-mesure, et le dommage collatéral, qui en résulte lorsque le volume de la contre-mesure est supérieur au volume du risque. En conséquence, nous sommes en mesure d'évaluer les contre-mesures pour des scénarios d'attaques individuelles et multiples, ce qui permet de sélectionner la contre-mesure ou groupe de contre-mesures qui fournit le plus grand bénéfice à l'organisation / Current Security Information and Event Management systems (SIEMs) constitute the central platform of modern security operating centers. They gather events from various sensors (intrusion detection systems, anti-virus, firewalls, etc.), correlate these events, and deliver synthetic views for threat handling and security reporting. Research in SIEM technologies has traditionally focused on providing a comprehensive interpretation of threats, in particular to evaluate their importance and prioritize responses accordingly. However, in many cases, threat responses still require humans to carry out the analysis and decision tasks e.g., understanding the threats, defining the appropriate countermeasures and deploying them. This is a slow and costly process, requiring a high level of expertise, and remaining error-prone nonetheless. Thus, recent research in SIEM technology has focused on the ability to automate the process of selecting and deploying countermeasures. Several authors have proposed automatic response mechanisms, such as the adaptation of security policies, to overcome the limitations of static or manual response. Although these approaches improve the reaction process (making it faster and/or more efficient), they remain limited since these solutions do not analyze the impact of the countermeasures selected to mitigate the attacks. In this thesis, we propose a novel and systematic process to select the optimal countermeasure from a pool of candidates, by ranking them based on a trade-off between their efficiency in stopping the attack and their ability to preserve, at the same time, the best service to normal users. In addition, we propose a model to represent graphically attacks and countermeasures, so as to determine the volume of each element in a scenario of multiple attacks. The coordinates of each element are derived from a URI. This latter is mainly composed of three axes: user, channel, and resource. We use the CARVER methodology to give an appropriate weight to each element composing the axes in our coordinate system. This approach allows us to connect the volumes with the risks (i.e. big volumes are equivalent to high risk, whereas small volumes are equivalent to low risk). Two concepts are considered while comparing two or more risk volumes: Residual risk, which results when the risk volume is higher than the countermeasure volume; and Collateral damage, which results when the countermeasure volume is higher than the risk volume. As a result, we are able to evaluate countermeasures for single and multiple attack scenarios, making it possible to select the countermeasure or group of countermeasures that provides the highest benefit to the organization Sélection de contre-mesures Attaques multiples Return on response investment (RORI) Volume de l'attaque Sélection combinée de contre-mesures Countermeasure selection Multiple attacks Return on response investment (RORI) Attack volume Combined selection of countermeasures
45	Detecting Anomalous Behavior in Radar Data Rook, Jayson Carr 01 June 2021 (has links) No description available. Computer Science Electrical Engineering Remote Sensing Computer Engineering Electronic Warfare Electronic Countermeasure Multifunction Radar Anomaly Detection Hidden Markov Model Long Short-Term Memory Pattern Detection Cross-Correlation Overlapping Index
46	Pier Streamlining as a Bridge Local Scour Countermeasure and the Underlying Scour Mechanism Li, Junhong, Li 23 May 2018 (has links) No description available. Civil Engineering Bridge local scour scour countermeasure streamlined pier CFD simulation RANS model DES model CFD-DEM two-way coupled model two-phase model flume test coherent dynamics horseshoe vortex pore pressure miniature pressure transducer
47	Implantation sécurisée de protocoles cryptographiques basés sur les codes correcteurs d'erreurs / Secure implementation of cryptographic protocols based on error-correcting codes Richmond, Tania 24 October 2016 (has links) Le premier protocole cryptographique basé sur les codes correcteurs d'erreurs a été proposé en 1978 par Robert McEliece. La cryptographie basée sur les codes est dite post-quantique car il n'existe pas à l'heure actuelle d'algorithme capable d'attaquer ce type de protocoles en temps polynomial, même en utilisant un ordinateur quantique, contrairement aux protocoles basés sur des problèmes de théorie des nombres. Toutefois, la sécurité du cryptosystème de McEliece ne repose pas uniquement sur des problèmes mathématiques. L'implantation, logicielle ou matérielle, a également un rôle très important pour sa sécurité et l'étude de celle-ci face aux attaques par canaux auxiliaires/cachés n'a débuté qu'en 2008. Des améliorations sont encore possibles. Dans cette thèse, nous proposons de nouvelles attaques sur le déchiffrement du cryptosystème de McEliece, utilisé avec les codes de Goppa classiques, ainsi que des contre-mesures correspondantes. Les attaques proposées sont des analyses de temps d'exécution ou de consommation d'énergie. Les contre-mesures associées reposent sur des propriétés mathématiques et algorithmiques. Nous montrons qu'il est essentiel de sécuriser l'algorithme de déchiffrement en le considérant dans son ensemble et non pas seulement étape par étape / The first cryptographic protocol based on error-correcting codes was proposed in 1978 by Robert McEliece. Cryptography based on codes is called post-quantum because until now, no algorithm able to attack this kind of protocols in polynomial time, even using a quantum computer, has been proposed. This is in contrast with protocols based on number theory problems like factorization of large numbers, for which efficient Shor's algorithm can be used on quantum computers. Nevertheless, the McEliece cryptosystem security is based not only on mathematical problems. Implementation (in software or hardware) is also very important for its security. Study of side-channel attacks against the McEliece cryptosystem have begun in 2008. Improvements can still be done. In this thesis, we propose new attacks against decryption in the McEliece cryptosystem, used with classical Goppa codes, including corresponding countermeasures. Proposed attacks are based on evaluation of execution time of the algorithm or its power consumption analysis. Associate countermeasures are based on mathematical and algorithmic properties of the underlying algorithm. We show that it is necessary to secure the decryption algorithm by considering it as a whole and not only step by step Cryptographie à clé publique Cryptosystème de McEliece Codes de Goppa (classiques) Cryptographie post-quantique Attaque par canal auxiliaire (/ caché) Attaque temporelle Attaque par analyse de consommation Contre-mesure Public key cryptography McEliece cryptosystem Goppa codes Post-quantum cryptography Side-channel attacks Timing attack Power analysis attack Countermeasure
48	Advanced EM/Power Side-Channel Attacks and Low-overhead Circuit-level Countermeasures Debayan Das (11178318) 27 July 2021 (has links) <div>The huge gamut of today’s internet-connected embedded devices has led to increasing concerns regarding the security and confidentiality of data. To address these requirements, most embedded devices employ cryptographic algorithms, which are computationally secure. Despite such mathematical guarantees, as these algorithms are implemented on a physical platform, they leak critical information in the form of power consumption, electromagnetic (EM) radiation, timing, cache hits and misses, and so on, leading to side-channel analysis (SCA) attacks. Non-profiled SCA attacks like differential/correlational power/EM analysis (DPA/CPA/DEMA/CEMA) are direct attacks on a single device to extract the secret key of an encryption algorithm. On the other hand, profiled attacks comprise of building an offline template (model) using an identical device and the attack is performed on a similar device with much fewer traces.</div><div><br></div><div>This thesis focusses on developing efficient side-channel attacks and circuit-level low-overhead generic countermeasures. A cross-device deep learning-based profiling power side-channel attack (X-DeepSCA) is proposed which can break the secret key of an AES-128 encryption engine running on an Atmel microcontroller using just a single power trace, thereby increasing the threat surface of embedded devices significantly. Despite all these advancements, most works till date, both attacks as well as countermeasures, treat the crypto engine as a black box, and hence most protection techniques incur high power/area overheads.</div><div><br></div><div>This work presents the first white-box modeling of the EM leakage from a crypto hardware, leading to the understanding that the critical correlated current signature should not be passed through the higher metal layers. To achieve this goal, a signature attenuation hardware (SAH) is utilized, embedding the crypto core locally within the lower metal layers so that the critical correlated current signature is not passed through the higher metals, which behave as efficient antennas and its radiation can be picked up by a nearby attacker. Combination of the 2 techniques – current-domain signature suppression and local lower metal routing shows >350x signature attenuation in measurements on our fabricated 65nm test chip, leading to SCA resiliency beyond 1B encryptions, which is a 100x improvement in both EM and power SCA protection over the prior works with comparable overheads. Moreover, this is a generic countermeasure and can be utilized for any crypto core without any performance degradation.</div><div><br></div><div>Next, backed by our physics-level understanding of EM radiation, a digital library cell layout technique is proposed which shows >5x reduction in EM SCA leakage compared to the traditional digital logic gate layout design. Further, exploiting the magneto-quasistatic (MQS) regime of operation for the present-day CMOS circuits, a HFSS-based framework is proposed to develop a pre-silicon EM SCA evaluation technique to test the vulnerability of cryptographic implementations against such attacks during the design phase itself.</div><div><br></div><div>Finally, considering the continuous growth of wearable and implantable devices around a human body, this thesis also analyzes the security of the internet-of-body (IoB) and proposes electro-quasistatic human body communication (EQS-HBC) to form a covert body area network. While the traditional wireless body area network (WBAN) signals can be intercepted even at a distance of 5m, the EQS-HBC signals can be detected only up to 0.15m, which is practically in physical contact with the person. Thus, this pioneering work proposing EQS-HBC promises >30x improvement in private space compared to the traditional WBAN, enhancing physical security. In the long run, EQS-HBC can potentially enable several applications in the domain of connected healthcare, electroceuticals, augmented and virtual reality, and so on. In addition to these physical security guarantees, side-channel secure cryptographic algorithms can be augmented to develop a fully secure EQS-HBC node.</div> Circuits and Systems Microelectronics and Integrated Circuits Computer System Security Electromagnetic Security Hardware Security Mixed-Signal Circuit design for security Generic Low-overhead countermeasure Signature Attenuation Hardware STELLAR X-DeepSCA
49	Integrating Trust-Based Adaptive Security Framework with Risk Mitigation to enhance SaaS User Identity and Access Control based on User Behavior Akpotor Scott, Johnson January 2022 (has links) In recent years, the emerging trends in cloud computing technologies have given rise to different computing services through the Internet. Organizations across the globe have seized this opportunity as a critical business driver for computing resource access and utilities that will indeed support significant business operations. Embracing SaaS as a crucial business factor enhances corporate business strategy through economies of scale, easy manageability, cost-effectiveness, non-geographical dependence, high reliability, flexible resources, and fast innovation. However, this has also come with various risks due to the limitation of traditional user identity and access control solutions’ inability to effectively identify and manage cloud users’ authorization process when interacting with the cloud. The limit can result in a legitimate user account's impersonation to carry out malicious activities after the user account is compromised to go undetected since traditional solutions seldom function based on user behavior trust level behind any account. Furthermore, the limitation is a significant vulnerability to the cloud environment. This vulnerability is known to be exploited by threats that can eventually lead to substantial unacceptable risks that can undermine security principles or requirements such as confidentiality, integrity, and availability. Significant consequences of this risk are categorized into financial damages, legal implications, reputational damages, and regulatory implications to the cloud environment. As a result, a solution that could contribute to the remediation of these potential risks incurred due to the limitation of user identity and access control management was proposed and designed as User Behavior Trust-Based Adaptive Security framework. The design aims to enhance how cloud users' identity and access control might be managed effectively based on a user behavior trust context and adaptation of corresponding access control measures through adaptive security. The design capability was manifested by integrating it into the standard ISO/2705:2018 Risk Management process. Although, there have been several good information security frameworks such as ISO/IEC 27005:2018 and other technical countermeasures such as SaaS Identity & Access Management (IDaaS) to deal with this risk on the public cloud services. However, they are based on static mitigation approaches, so there is a solid need to shift towards a more dynamic strategical approach. The presented design work, User Behavior Trust-Based Adaptive Security framework, intends to serve as a proposed guideline for risk mitigation that would enhance user identity and access control limitations across the cloud. The solution functions by a trust modeling process that evaluates cloud user activities to compute a user behavior comprehensive trust degree. The resulting data is further used as input feeds parameters into a policy decision point process. The policy decision point process adapts the input parameters to user behavior trust level and behavior risk rating to determine the appropriate access control decision. Ultimately, the adaptive security solution consults the policy decision points to dynamically enforce the corresponding controls measures based on the access control decision received as input feed. The report also conducts a risk assessment process to identify vulnerabilities, threats, and risks related to user behavior trust level and risk rating regarding SaaS resources. Then adapt the mitigation solution, User Behavior Trust-Based Adaptive Security framework, as a possible risk treatment within the risk management process ISO/2705:2018. This report uses a design methodology derived from User Behavior Trust Modelling scientific research work, Gartner Adaptive Security Architecture Model, and eXtensible Access Control Markup Language's policy decision point concept. The design evaluates user behavior trust level by the trust modeling, while the integrated policy decision point processes the trust level to make the access control decision which is later enforced by the adaptive security solution. The report further adapts the risk management procedure ISO/2705:2018 to identify risk from user behavior and trust level, then implements the design solution as a possible risk treatment. The research findings were documented as Results and Discussion, where the functional and operational aspects of the designed framework were provided. In addition, the effects of applying the framework as a possible risk treatment solution were observed through conducting an ISO/2705:2018 risk management procedure. The notable outcome of a reduction of identified risk levels was an improvement in user attitude or behavior, which eventually increased user behavior trust level and reduced associated behavior risk. At the same time, the discussion detailed the interpretation of the results, implications, and limitation of the research, why the framework could be considered a remediation solution beyond the state-of-the-art for cloud user identity and access management—precisely by integrating user behavior, trust, policy decision making with adaptive security into risk management process to reduce IDM-associated risk in the SaaS. Finally, this study has outlined the significance of adopting the designed framework as a possible mitigation solution to enhance the shortcomings of user identity and access control management in the cloud. It has demonstrated that SaaS identified risk can be reduced to an acceptable level when user behavior and activities are taken seriously. Insight into the current trust state and associated risk level of cloud users are vital for continuous risk monitoring and reduction. The solution is to be used as a recommended guideline that might significantly contribute to the research community and information security field of cloud security. Future research direction to consider the possibility of simulating and transforming this conceptual and abstract framework into a real-world working solution due to research work limitations. The framework was designed based on recognized and accepted scientific and technological principles and concepts, from user behavior trust modeling, eXtensible access control markup language, and adaptive security architecture. In addition, to extend this concept to a future research area that will focus exclusively on application-processes behavior. Risk Assessment Security countermeasure Risk Management Risk Mitigation Adaptive Security Controls Threats Risk Vulnerabilities User Behavior Trust Degree User Behavior Risk Rating Policy Decision Point Policy Enforcement Point User Behavior Trust Model Adaptive Security Architecture SaaS Public Cloud. Computer Systems Datorsystem Telecommunications Telekommunikation Communication Systems Kommunikationssystem Annan elektroteknik och elektronik
50	An analysis of security measures implemented on commercial private game reserves in Limpopo Herman, Dewald Gustav 29 November 2020 (has links) South Africa presently experiences high levels of crime daily. Although crime is accepted as an everyday occurrence for its citizens, it affects the economy of the country. This study analysed security measures implemented on Commercial Private Game Reserves (CPGRs) in Limpopo and the impact of crime thereof. CPGRs are enclosed areas containing various species of fauna and flora. Visitors from domestic and foreign origins visit these reserves to enjoy nature and its tranquillity. This study analysed the security measures to determine their effectiveness for CPGRs. The study further explored the use of security risk management strategies and risk assessments as crime reduction tools. The study was carried out using a case study research design. Data were collected by the researcher using three methods: observation, onsite checklists and semi-structured one-on-one interviews which were conducted on site. Validity and reliability indicate the trustworthiness of the study. The researcher reduced the data gathered through the use of thematic data analysis. Interviews were transcribed and themes were created and identified by the researcher. The comprehensive data indicated the importance of a security risk manager on a CPGR. The research found that very few security risk managers are employed and that managers of security risks employed on CPGRs have various titles. However, while the CPGRs have similar risks, their risk reduction strategies vary. The most commonly used measures are people, physical and technological measures with each having various subdivisions. The security measures implemented by CPGRs in the Limpopo province which were analysed are not formulated using a scientific approach as most properties do not make use of a formal security risk assessment. The study is deemed valuable as a model was developed from the findings that could be used by game reserves to guide them to apply relevant security measures. A formal security programme is often limited due to financial constraints of the reserve or the reserve owners, however, not all strategies should be considered as a financial expense as much can be done without exhausting financial reserves. The findings contributed to making recommendations to improve the overall security of CPGRs. This study encourages more research into the subject to improve the security industry and to stimulate the tourism industry. / Security Risk Management / M. Tech. (Security Management) Game reserve security Eco-tourism Security risk management Risk assessment Crime prevention Risk reduction Crime risks Security risk manager Security risk countermeasure Corporate responsibility 333.954916096825

Search results