Embedded monitors for detecting and preventing intrusions in cryptographic and application protocols.

Joglekar, Sachin P.

12 1900

There are two main approaches for intrusion detection: signature-based and anomaly-based. Signature-based detection employs pattern matching to match attack signatures with observed data making it ideal for detecting known attacks. However, it cannot detect unknown attacks for which there is no signature available. Anomaly-based detection builds a profile of normal system behavior to detect known and unknown attacks as behavioral deviations. However, it has a drawback of a high false alarm rate. In this thesis, we describe our anomaly-based IDS designed for detecting intrusions in cryptographic and application-level protocols. Our system has several unique characteristics, such as the ability to monitor cryptographic protocols and application-level protocols embedded in encrypted sessions, a very lightweight monitoring process, and the ability to react to protocol misuse by modifying protocol response directly.

Computer security.

Cyberterrorism -- Prevention.

Cryptographic

protocol

intrussion

detection

anomaly

Best practice strategy framework for developing countries to secure cyberspace

12 November 2015

M.Com. (Informatics) / Cyber issues are global phenomena in a world of inter-related systems, and as such, the discussion on cybersecurity frameworks, policies and strategies inevitably requires reference to, and benchmarking with regional, continental and global trends and solutions. This, in the context of the effects of globalisation on developing countries, with specific reference to areas such as Africa as a developing continent with regard to the protection of its cyberspace. More drastic measures, such as the utilization of cyber warfare techniques and pre-emptive cyber strike-teams in addition to traditional cybersecurity mechanisms as an essential part of a national security effort to protect cyberspace has become more prevalent within the developed worlds. Likewise, developing nations need to gear themselves in a structured, coordinated and responsible way in order to do their part to secure their own environments. Cyberspace is a dynamic global environment with cyber related issues being a global concern. Although countries generally regulate their own cyber environment through policy; cross-border cyber issues are difficult to resolve and the lack of international cyber laws impede cybersecurity efforts. Cybercrime and the management of cross-border cyber incidents are becoming a growing national security concern as the lack of effective controls leave critical infrastructure and the cyber-connected environment vulnerable to attack. Some developing countries are on track with the maturity of their cybersecurity initiatives, but appropriate cybersecurity frameworks for many developing countries require careful consideration, especially due to the lack of resources, infrastructure and local technology development capabilities.

Computer networks - Security measures

Data encryption (Computer science)

Cyberspace - Security measures

Cyberterrorism - Prevention

Information warfare - Prevention

M.I.D.A.S. : metrics identification of attack surfaces / Metrics identification of attack surfaces

Meek, Joshua A.

05 May 2012

This thesis endeavors to determine the feasibility of design metrics as a predictor of attack surface size by finding a positive correlation between one or more design metrics and an application’s attack surface measurement. An attack surface is the set of ways in which an adversary can enter a system and potentially cause damage. For an experimental setting, six open-source java-based projects were analyzed. For each project, the attack surface is assessed using Microsoft’s Attack Surface Analyzer, which takes a snapshot of a system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface. A collection of design metrics was collected from each open-source project as well. The goal is to find a metric or set of metrics that predicted the attack surface changes identified by the Attack Surface Analyzer. / Department of Computer Science

Cyberterrorism -- Prevention

Software measurement

Computer security -- Design

Microsoft Attack Surface Analyzer

Global response to cyberterrorism and cybercrime: A matrix for international cooperation and vulnerability assessment.

Ozeren, Suleyman

08 1900

Cyberterrorism and cybercrime present new challenges for law enforcement and policy makers. Due to its transnational nature, a real and sound response to such a threat requires international cooperation involving participation of all concerned parties in the international community. However, vulnerability emerges from increased reliance on technology, lack of legal measures, and lack of cooperation at the national and international level represents real obstacle toward effective response to these threats. In sum, lack of global consensus in terms of responding to cyberterrorism and cybercrime is the general problem. Terrorists and cyber criminals will exploit vulnerabilities, including technical, legal, political, and cultural. Such a broad range of vulnerabilities can be dealt with by comprehensive cooperation which requires efforts both at the national and international level. "Vulnerability-Comprehensive Cooperation-Freedom Scale" or "Ozeren Scale" identified variables that constructed the scale based on the expert opinions. Also, the study presented typology of cyberterrorism, which involves three general classifications of cyberterrorism; Disruptive and destructive information attacks, Facilitation of technology to support the ideology, and Communication, Fund raising, Recruitment, Propaganda (C-F-R-P). Such a typology is expected to help those who are in a position of decision-making and investigating activities as well as academicians in the area of terrorism. The matrix for international cooperation and vulnerability assessment is expected to be used as a model for global response to cyberterrorism and cybercrime.

cyberterrorism

cyber crime

vulnerability

international

cooperation

Attaques par canaux auxiliaires: nouvelles attaques, contre-mesures et mises en oeuvre

Fernandes Medeiros, Stéphane

28 April 2015

Les attaques par canaux auxiliaires sont apparues dans la deuxième moitié des années 1990. Ces attaques exploitent différentes informations qu’il est possible de collecter lors de l’exécution d’un algorithme sur un appareil cryptographique. Il est ainsi possible, entre autres, de mesurer la consommation d’énergie d’un appareil cryptographique, ou encore d’observer le temps d’exécution d’un certain algorithme sur un appareil. C’est à ces deux sources d’in- formation que nous nous intéressons dans ce travail. Après une présentation des concepts utiles à la lecture du travail et de l’état de l’art des attaques et des contre-mesures du domaine, nous abordons les résultats de nos recherches effectuées lors de ce travail de thèse. Nous présentons d’abord nos contributions aux attaques par mesure de consommation d’énergie :(1) une approche com- binant apprentissage semi-supervisé et attaques par templates pour retrouver le poids de Hamming des différents bytes d’une clé de chiffrement et (2) une approche utilisant des techniques d’apprentissage automatique pour attaquer une implantation protégée d’AES. Ensuite, nous abordons les contre-mesures investiguées durant nos recherches qui se résument (1) en la possibilité de rendre l’ordre des instructions d’AES le plus aléatoire possible en jouant sur la relation de dépendance entre celles-ci ainsi qu’en (2) l’étude de l’application partielle (sur un sous-ensemble de données) de certaines contre-mesures, afin de protéger les données sensibles d’un algorithme. Enfin, nous terminons ce travail par l’emploi de la programmation orientée aspects comme manière d’implanter des contre-mesures pour les attaques temporelles (sur RSA) et pour les attaques par mesures de consommation d’énergie (sur AES). / Doctorat en Sciences / info:eu-repo/semantics/nonPublished

Informatique générale

Sciences exactes et naturelles

Computer crimes

Cyberterrorism -- Prevention

Cryptography -- Equipment and supplies

Data encryption (Computer science)

Computer algorithms

Criminalité informatique

Cyberterrorisme -- Prévention

Cryptographie -- Appareils et matériel

Chiffrement (Informatique)

Algorithmes

TA

SPA

AOP

shuffling

hiding

attaques par canaux auxiliaires

masking

AES

MIA

CPA

DPA

The threat of cyberterrorism: Contemporary consequences and prescriptions

Stocking, Galen Asher Thomas

01 January 2004

This study researches the varying threats that emanate from terrorists who carry their activity into the online arena. It examines several elements of this threat, including virtual to virtual attacks and threats to critical infrastructure that can be traced to online sources. It then reports on the methods that terrorists employ in using information technology such as the internet for propaganda and other communication purposes. It discusses how the United States government has responded to these problems, and concludes with recommendations for best practices.

Defense and Security Studies

Information Security