Usability-Driven Security Enhancements in Person-to-Person Communication

Yadav, Tarun Kumar

01 February 2024

In the contemporary digital landscape, ensuring secure communication amid widespread data exchange is imperative. This dissertation focuses on enhancing the security and privacy of end-to-end encryption (E2EE) applications while maintaining or improving usability. The dissertation first investigates and proposes improvements in two areas of existing E2EE applications: countering man-in-the-middle and impersonation attacks through automated key verification and studying user perceptions of cryptographic deniability. Insights from privacy-conscious users reveal concerns about the lack of E2EE support, app siloing, and data accessibility by client apps. To address these issues, we propose an innovative user-controlled encryption system, enabling encryption before data reaches the client app. Finally, the dissertation evaluates local threats in the FIDO2 protocol and devises defenses against these risks. Additionally, it explores streamlining FIDO2 authentication management across multiple websites for user convenience and security.

FIDO2

End-to-end encryption

E2EE

Application-independent encryption

2FA

Signal

Secure messaging

MITM attacks

Authentication

Physical Sciences and Mathematics

Structured Information Flow (SIF) Framework for Automating End-to-End Information Flow for Large Organizations

Bhatia, Shishir

09 March 2006

For almost five decades, since the advent of the first computers for commercial use, the dream of the Paperless Office, a.k.a. total Information flow automation, has eluded the industry. Now, with the emergence of Internet- and Web-based technologies, daily we see examples of organizations like eBay and Amazon that perform their business in a fully automated manner without the use of paper or pen. However, bigger and older organizations that have more complex functions, like government organizations, have not been very successful in harnessing the latest technological innovations to completely automate their Information flow. We propose a Structured Information Flow (SIF) framework that provides the conceptual infrastructure to automate small and big, new and old organizations alike. The ease of the transformation is due to three key features of SIF that set it apart from any other Information flow automation scheme. First, SIF utilizes the attributes of the organization, such as the existing reporting structure, to model the automated Information flow. The rules governing the flow of Information are based on the hierarchy already in place, for example: A senior can view any Information owned by any of his/her direct subordinates. Second, SIF characterizes external organization entities as a special case of internal organization entities, allowing for seamless integration of the Information flow to and from them. Third, the SIF framework is independent of platform, method, organization, or technology. This gives it a generic nature that makes it applicable as a platform to implement multiple types of automated e-systems such as e-commerce, e-education, e-training, e-governance, etc. In this body of work, we formally define the SIF framework using state transformation language and a visual representation scheme specifically developed for this purpose. We also define the Information Interfaces, which are the mechanism for implementing rules- and constraint-based Information flow in SIF. / Master of Science

End-to-End Information Flow

Paperless Office

Information Flow Framework

Information Flow Automation Model

Electronic Information Flow

Energy-efficient privacy homomorphic encryption scheme for multi-sensor data in WSNs

Verma, Suraj, Pillai, Prashant, Hu, Yim Fun

04 May 2015

Yes / The recent advancements in wireless sensor hardware ensures sensing multiple sensor data such as temperature, pressure, humidity, etc. using a single hardware unit, thus defining it as multi-sensor data communication in wireless sensor networks (WSNs). The in-processing technique of data aggregation is crucial in energy-efficient WSNs; however, with the requirement of end-to-end data confidentiality it may prove to be a challenge. End-to-end data confidentiality along with data aggregation is possible with the implementation of a special type of encryption scheme called privacy homomorphic (PH) encryption schemes. This paper proposes an optimized PH encryption scheme for WSN integrated networks handling multi-sensor data. The proposed scheme ensures light-weight payloads, significant energy and bandwidth consumption along with lower latencies. The performance analysis of the proposed scheme is presented in this paper with respect to the existing scheme. The working principle of the multi-sensor data framework is also presented in this paper along with the appropriate packet structures and process. It can be concluded that the scheme proves to decrease the payload size by 56.86% and spend an average energy of 8-18 mJ at the aggregator node for sensor nodes varying from 10-50 thereby ensuring scalability of the WSN unlike the existing scheme.

Wireless sensor networks

Homomorphic encryption scheme

Data aggregation

Energy-efficient WSNs

End-to-end data confidentiality

Contiki-OS

Network delay control through adaptive queue management

Lim, Lee Booi

January 2011

Timeliness in delivering packets for delay-sensitive applications is an important QoS (Quality of Service) measure in many systems, notably those that need to provide real-time performance. In such systems, if delay-sensitive traffic is delivered to the destination beyond the deadline, then the packets will be rendered useless and dropped after received at the destination. Bandwidth that is already scarce and shared between network nodes is wasted in relaying these expired packets. This thesis proposes that a deterministic per-hop delay can be achieved by using a dynamic queue threshold concept to bound delay of each node. A deterministic per-hop delay is a key component in guaranteeing a deterministic end-to-end delay. The research aims to develop a generic approach that can constrain network delay of delay-sensitive traffic in a dynamic network. Two adaptive queue management schemes, namely, DTH (Dynamic THreshold) and ADTH (Adaptive DTH) are proposed to realize the claim. Both DTH and ADTH use the dynamic threshold concept to constrain queuing delay so that bounded average queuing delay can be achieved for the former and bounded maximum nodal delay can be achieved for the latter. DTH is an analytical approach, which uses queuing theory with superposition of N MMBP-2 (Markov Modulated Bernoulli Process) arrival processes to obtain a mapping relationship between average queuing delay and an appropriate queuing threshold, for queue management. While ADTH is an measurement-based algorithmic approach that can respond to the time-varying link quality and network dynamics in wireless ad hoc networks to constrain network delay. It manages a queue based on system performance measurements and feedback of error measured against a target delay requirement. Numerical analysis and Matlab simulation have been carried out for DTH for the purposes of validation and performance analysis. While ADTH has been evaluated in NS-2 simulation and implemented in a multi-hop wireless ad hoc network testbed for performance analysis. Results show that DTH and ADTH can constrain network delay based on the specified delay requirements, with higher packet loss as a trade-off.

004.65

Detection and localization of link-level network anomalies using end-to-end path monitoring / Détection et localisation des anomalies réseau au niveau des liens en utilisant de la surveillance des chemins de bout-en-bout

Salhi, Emna

13 February 2013

L'objectif de cette thèse est de trouver des techniques de détection et de localisation des anomalies au niveau des liens qui soient à faible coût, précises et rapides. La plupart des techniques de détection et de localisation des anomalies au niveau des liens qui existent dans la littérature calculent les solutions, c-à-d l'ensemble des chemins à monitorer et les emplacements des dispositifs de monitorage, en deux étapes. La première étape sélectionne un ensemble minimal d'emplacements des dispositifs de monitorage qui permet de détecter/localiser toutes les anomalies possibles. La deuxième étape sélectionne un ensemble minimal de chemins de monitorage entre les emplacements sélectionnés de telle sorte que tous les liens du réseau soient couverts/distinguables paire par paire. Toutefois, ces techniques ignorent l'interaction entre les objectifs d'optimisation contradictoires des deux étapes, ce qui entraîne une utilisation sous-optimale des ressources du réseau et des mesures de monitorage biaisées. L'un des objectifs de cette thèse est d'évaluer et de réduire cette interaction. A cette fin, nous proposons des techniques de détection et de localisation d'anomalies au niveau des liens qui sélectionnent les emplacements des moniteurs et les chemins qui doivent être monitorés conjointement en une seule étape. Par ailleurs, nous démontrons que la condition établie pour la localisation des anomalies est suffisante mais pas nécessaire. Une condition nécessaire et suffisante qui minimise le coût de localisation considérablement est établie. Il est démontré que les deux problèmes sont NP-durs. Des algorithmes heuristiques scalables et efficaces sont alors proposés. / The aim of this thesis is to come up with cost-efficient, accurate and fast schemes for link-level network anomaly detection and localization. It has been established that for detecting all potential link-level anomalies, a set of paths that cover all links of the network must be monitored, whereas for localizing all potential link-level anomalies, a set of paths that can distinguish between all links of the network pairwise must be monitored. Either end-node of each path monitored must be equipped with a monitoring device. Most existing link-level anomaly detection and localization schemes are two-step. The first step selects a minimal set of monitor locations that can detect/localize any link-level anomaly. The second step selects a minimal set of monitoring paths between the selected monitor locations such that all links of the network are covered/distinguishable pairwise. However, such stepwise schemes do not consider the interplay between the conflicting optimization objectives of the two steps, which results in suboptimal consumption of the network resources and biased monitoring measurements. One of the objectives of this thesis is to evaluate and reduce this interplay. To this end, one-step anomaly detection and localization schemes that select monitor locations and paths that are to be monitored jointly are proposed. Furthermore, we demonstrate that the already established condition for anomaly localization is sufficient but not necessary. A necessary and sufficient condition that minimizes the localization cost drastically is established. The problems are demonstrated to be NP-Hard. Scalable and near-optimal heuristic algorithms are proposed.

Monitorage des réseaux

Détection des anomalies

Localisation des anomalies

Monitorage des chemins de bout-en-bout

Network monitoring

Anomaly detection

Anomaly localization

End-to-end path monitoring

Link-level network anomalies

Arquitetura de segurança fim-a-fim para redes de sensores sem fio. / End-to-end security architecture for wireless sensor networks.

Oliveira, Bruno Trevizan de

03 August 2012

Diversas aplicações de redes de sensores sem fio necessitam de serviços de segurança, como confidencialidade, integridade e autenticação de origem de dados. Contudo, dadas as limitações de processamento, memória e suprimento de energia dos dispositivos, os mecanismos de segurança tradicionais podem causar efeitos indesejáveis na rede, como atraso na comunicação e aumento no consumo de energia, impondo obstáculos para seu uso na tecnologia em questão. Muitas propostas de esquemas de segurança baseados em criptografia simétrica projetados especificamente para redes de sensores sem fio são encontradas na literatura. Contudo, essas soluções são focadas na segurança salto-a-salto. Tal abordagem é adequada para garantir a segurança dos enlaces deste tipo de rede, mas não garante a segurança na comunicação fim-a-fim. Neste trabalho são apresentados cenários e desafios de implementação de segurança neste tipo de rede, e a concepção, o projeto e a implementação de uma arquitetura de segurança para redes de sensores sem fio, que tem como objetivos: prover segurança na comunicação fim-a-fim; permitir a interoperabilidade entre diferentes sistemas; e possibilitar uma maior flexibilidade em relação à utilização de chaves criptográficas em diferentes cenários e topologias. Adicionalmente, a solução proposta suporta ativação e desativação de seus serviços em tempo de execução. O projeto da referida arquitetura, atuante na camada de aplicação da pilha de protocolos de rede, foi construído com base na análise das características de arquiteturas encontradas na literatura, bem como de estratégias adotadas por estas. Para a construção da implementação foram selecionados mecanismos e algoritmos criptográficos a partir da avaliação de desempenho que considerou assimétricas de uso de memória, tempo de execução e consumo de energia. Como resultados são apresentados a especificação da arquitetura, a avaliação qualitativa da mesma e a avaliação de desempenho da implementação desenvolvida como prova de conceito. Além disso, é apresentada uma análise do impacto de diferentes topologias e características de disposição na tarefa de distribuição de chaves criptográficas em redes de sensores sem fio. / Many wireless sensor networks applications need security services, such as confidentiality, data integrity and data source authentication. On the other hand, because of device limitations, security mechanisms may affect the network energy consumption and communication delay, which impose a great challenge for practical implementation of security mechanisms in such scenario. Many solutions based on symmetric cryptography were proposed for the specific challenges of wireless sensor networks. Nevertheless, they are focused on hop-by-hop security. Such approach is suited to provide link-layer security, but it cannot guarantee end-to-end security. This work presents scenarios and challenges to implement security in wireless sensor networks, and the conception, design and implementation of a security architecture, which aims to provide: security in end-to-end communication; interoperability between different systems, and enable greater flexibility in cryptographic keys distribution in different scenarios and topologies. Additionally, the proposed solution supports on-the-y adjustment of its security services. The architecture design, which targets the application layer of the network protocol stack, was based on the main properties of the architectures found in literature as well as adopted strategies. For the implementation, mechanisms and cryptographic algorithms were selected through the performance evaluation that considers memory usage, execution time and power consumption as metrics. The results were the architecture specification and its qualitative analysis, and the performance evaluation of the implementation developed as proof of concept. Furthermore, we present an analysis of topology and deployment impact on key distribution task.

Código de autenticação de mensagem

Criptografia simétrica

End-to-end security

Message authentication code

Network security

Redes de sensores sem fio

Segurança de redes

Segurança fim-a-fim

Symmetric cryptography

Wireless sensor networks

Arquitetura de segurança fim-a-fim para redes de sensores sem fio. / End-to-end security architecture for wireless sensor networks.

Bruno Trevizan de Oliveira

03 August 2012

Diversas aplicações de redes de sensores sem fio necessitam de serviços de segurança, como confidencialidade, integridade e autenticação de origem de dados. Contudo, dadas as limitações de processamento, memória e suprimento de energia dos dispositivos, os mecanismos de segurança tradicionais podem causar efeitos indesejáveis na rede, como atraso na comunicação e aumento no consumo de energia, impondo obstáculos para seu uso na tecnologia em questão. Muitas propostas de esquemas de segurança baseados em criptografia simétrica projetados especificamente para redes de sensores sem fio são encontradas na literatura. Contudo, essas soluções são focadas na segurança salto-a-salto. Tal abordagem é adequada para garantir a segurança dos enlaces deste tipo de rede, mas não garante a segurança na comunicação fim-a-fim. Neste trabalho são apresentados cenários e desafios de implementação de segurança neste tipo de rede, e a concepção, o projeto e a implementação de uma arquitetura de segurança para redes de sensores sem fio, que tem como objetivos: prover segurança na comunicação fim-a-fim; permitir a interoperabilidade entre diferentes sistemas; e possibilitar uma maior flexibilidade em relação à utilização de chaves criptográficas em diferentes cenários e topologias. Adicionalmente, a solução proposta suporta ativação e desativação de seus serviços em tempo de execução. O projeto da referida arquitetura, atuante na camada de aplicação da pilha de protocolos de rede, foi construído com base na análise das características de arquiteturas encontradas na literatura, bem como de estratégias adotadas por estas. Para a construção da implementação foram selecionados mecanismos e algoritmos criptográficos a partir da avaliação de desempenho que considerou assimétricas de uso de memória, tempo de execução e consumo de energia. Como resultados são apresentados a especificação da arquitetura, a avaliação qualitativa da mesma e a avaliação de desempenho da implementação desenvolvida como prova de conceito. Além disso, é apresentada uma análise do impacto de diferentes topologias e características de disposição na tarefa de distribuição de chaves criptográficas em redes de sensores sem fio. / Many wireless sensor networks applications need security services, such as confidentiality, data integrity and data source authentication. On the other hand, because of device limitations, security mechanisms may affect the network energy consumption and communication delay, which impose a great challenge for practical implementation of security mechanisms in such scenario. Many solutions based on symmetric cryptography were proposed for the specific challenges of wireless sensor networks. Nevertheless, they are focused on hop-by-hop security. Such approach is suited to provide link-layer security, but it cannot guarantee end-to-end security. This work presents scenarios and challenges to implement security in wireless sensor networks, and the conception, design and implementation of a security architecture, which aims to provide: security in end-to-end communication; interoperability between different systems, and enable greater flexibility in cryptographic keys distribution in different scenarios and topologies. Additionally, the proposed solution supports on-the-y adjustment of its security services. The architecture design, which targets the application layer of the network protocol stack, was based on the main properties of the architectures found in literature as well as adopted strategies. For the implementation, mechanisms and cryptographic algorithms were selected through the performance evaluation that considers memory usage, execution time and power consumption as metrics. The results were the architecture specification and its qualitative analysis, and the performance evaluation of the implementation developed as proof of concept. Furthermore, we present an analysis of topology and deployment impact on key distribution task.

Código de autenticação de mensagem

Criptografia simétrica

Redes de sensores sem fio

Segurança de redes

Segurança fim-a-fim

End-to-end security

Message authentication code

Network security

Symmetric cryptography

Wireless sensor networks

Directed Self-Assembly of Gold Nanorods Using Surface Modification

Walker, David A

10 July 2008

Metallic nanoparticles are unique materials for optical, electronic, catalytic, and sensing applications. Due to the vast flexibility in controlling the surface chemistry of these particles through functionalization there is a great deal of interest in using metallic nanoparticles as building blocks in the development of more complex nanostructures through the use of a 'bottom-up' approach. Using self assembly techniques, one can exploit spontaneous chemical interactions to build complex constructs on the nanometer scale. Towards this end, gold nanorods have been synthesized and modified with various polymers, inorganic oxides and organic ligands to establish principles for self-assembly of these unique nanomaterials. Gold nanorods are of great interest due to their strong optical absorption in the visible and near infrared regions, which can be tuned through material preparation and modification of the surrounding environment. This thesis focuses on investigating approaches for both irreversible and reversible self-assembly of gold nanorods. Techniques such as dynamic light scattering (DLS), ultraviolet-visible (UV) spectroscopy, transmission electron microscopy (TEM), and polarization modulation infrared reflection absorbance spectroscopy (PM-IRRAS) were used to characterize the colloidal particles and gold surfaces. A novel contribution of this work is the successful demonstration of end-to-end linking of gold nanorods in a rapid and reversible manner using a pH responsive polypeptide.

poly(L-glutamic acid)

resorcinarene

monolayers

composite particles

linear assembly

end-to-end assembly

reversible assembly

nanotechnology

sensors

metallic nanoparticles

American Studies

Arts and Humanities

A Distributed Approach to Passively Gathering End-to-End Network Performance Measurements

Simpson, Charles Robert, Jr.

12 April 2004

NETI@home is an open-source software package that collects network performance statistics from end-systems. It has been written for and tested on the Windows, Solaris, and Linux operating systems, with testing for other operating systems to be completed soon. NETI@home is designed to run on end-user machines and collect various statistics about Internet performance. These statistics are then sent to a server at the Georgia Institute of Technology, where they are collected and made publicly available. This tool gives researchers much needed data on the end-to-end performance of the Internet, as measured by end-users. NETI@homes basic approach is to sniff packets sent from and received by the host and infer performance metrics based on these observed packets. NETI@home users are able to select a privacy level that determines what types of data are gathered, and what is not reported. NETI@home is designed to be an unobtrusive software system that runs quietly in the background with little or no intervention by the user, and using few resources.

End-to-end

Passive measurement

NETI@home

Network measurements

Network performance

Distributed measurement

Software architecture

End-user computing

Internet Computer programs

Network performance (Telecommunication)

Integrated reliability and availability analysis of networks with software failures and hardware failures [electronic resource] / by Wei Hou.

Hou, Wei.

January 2003

Includes vita. / Title from PDF of title page. / Document formatted into pages; contains 155 pages. / Thesis (Ph.D.)--University of South Florida, 2003. / Includes bibliographical references. / Text (Electronic thesis) in PDF format. / ABSTRACT: This dissertation research attempts to explore efficient algorithms and engineering methodologies of analyzing the overall reliability and availability of networks integrated with software failures and hardware failures. Node failures, link failures, and software failures are concurrently and dynamically considered in networks with complex topologies. MORIN (MOdeling Reliability for Integrated Networks) method is proposed and discussed as an approach for analyzing reliability of integrated networks. A Simplified Availability Modeling Tool (SAMOT) is developed and introduced to evaluate and analyze the availability of networks consisting of software and hardware component systems with architectural redundancy. / ABSTRACT: In this dissertation, relevant research efforts in analyzing network reliability and availability are reviewed and discussed, experimental data results of proposed MORIN methodology and SAMOT application are provided, and recommendations for future researches in the network reliability study are summarized as well. / System requirements: World Wide Web browser and PDF reader. / Mode of access: World Wide Web.

performance evaluation.

distributed systems.

system redundancy.

end-to-end solution modeling.

event tree.

application tool.