Tasking on natural statistics of infrared images

Goodall, Todd Richard

03 February 2015

Natural Scene Statistics (NSS) provide powerful perceptually relevant tools that have been successfully used for image quality analysis of visible light images. NSS capture statistical regularities that arise in the physical world and thus are relevant to Long Wave Infrared (LWIR) images. LWIR images are similar to visible light images and mainly differ by the wavelengths captured by the sensors. The distortions unique to LWIR are of particular interest to current researchers. We analyze a few common LWIR distortions and how they relate to NSS models. Humans are the most important factor for assessing distortion and quality in IR images, which are often used in perceptual tasks. Therefore, predicting human performance when a task involving LWIR images needs to be performed can be critical to improving task efficacy. The National Institute for Standards and Technology (NIST) characterizes human Targeting Task Performance (TTP) by asking firefighters to identify the locations of fire hazards in LWIR images under distorted conditions. We find that task performance can be predicted using NSS features. We also report the results of a human study. We analyzed the NSS of LWIR images under pristine and distorted conditions using four databases of LWIR images. Each database was captured with a different camera allowing us to better evaluate the statistics of LWIR images independent of camera model. We find that models of NSS are also effective for measuring distortions in the presence of other independent distortions. / text

NSS

LWIR

NIST

TTP

Uma analise comparativa das metodologias de gerenciamento de risco FIRM, NIST SP 800-30 e OCTAVE / A comparative study of risk management methodologies FIRM, NIST SP 800-30 e OCTAVE

Oliveira, Viviane Luciana de

23 February 2006

Orientador: Ricardo Dahab / Dissertação (mestrado profissional) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-07T00:08:57Z (GMT). No. of bitstreams: 1 Oliveira_VivianeLucianade_M.pdf: 1641602 bytes, checksum: 1c2e225f8c446b0eb8a478365e5fff23 (MD5) Previous issue date: 2006 / Resumo: O Gerenciamento de Risco de TI têm se tornado uma preocupação constante das organizações, em função da importância que o ambiente tecnológico passou a representar para o negócio das empresas ao longo das últimas décadas. Concomitantemente, cada vez mais as empresas têm de estar aderentes às regulamentações externas que afetam o nicho de mercado em que estão inseridas. O Gerenciamento do Risco, em particular, é um requerimento sujeito a essas regras. Entender e tratar adequadamente tais riscos, visando minimizar impactos negativos nas operações das organizações é o principal objetivo do processo de Gerenciamento de Risco de TI. A escolha de uma boa metodologia de Gerenciamento de Risco de TI, adaptada às necessidades da organização, é um dos requisitos chaves para o sucesso deste processo. Nessa dissertação discutiremos todo o conceito relacionado ao tema Gerenciamento de Risco de TI, e compararemos três metodologias de Gerenciamento de Risco de TI amplamente utilizadas / Abstract: Information Technology. (IT) Risk Management has become a continuous concem for organizations due to the increasing importance technology has had to business over the past few decades. Simultaneously, more and more companies need to be compliant with external regulatory roles which affect the market where they act. Risk management, in particular, is a requirement subject to those roles. To understand, and properly treat, IT related risks in order to minimize negative impacts in an organization's operations is the main objective of the IT Risk Management processo Choosing a good methodology, adapted to the company's needs, is one of the key requirements for the success of this processo In this work, the conceptual background of IT Risk Management is discussed and three widely used IT Risk Management methodologies are discussed and compared. / Mestrado / Metodologia e Tecnicas da Computação / Mestre em Computação

NIST special publication

Avaliação de riscos

Risk management

Kryptoanalytické útoky na lehkovážné šifry / Cryptanalytic attacks on lightweight ciphers

Rabas, Tomáš

January 2021

In 2016 the National Institute of Standards and Technology (NIST) started the stan- dardization process for lightweight cryptography (LWC). We provide a broad introduc- tion to lightweight cryptography together with a survey of current design trends and lightweight cryptography standards, with special attention to this competition. In the second part, we present a description and cryptoanalysis of three lightweight ciphers: SIV-Rijndael256, CLX, and Limdolen. 1

Vývoj a využití hašovacích funkcí při zpracování informací / Development and utilization of hash functions for information processing

Zimmermannová, Jana

January 2012

At the end of 70th of last century the concept began to emerge, now is referred as a cryptographic hash function. Currently, these functions are associated especially with a digital signature. In 2005, the worldwide most used function SHA-1 was broken. This fact led in 2007 NIST announced a public competition to create a new secure hash algorithm. This Thesis deals with issues of cryptographic hash functions from the beginning of their theoretical formulation to current events in this area. Key words: Cryptographic hash functions, SHA-1, MD5, NIST competition

Promestra Security compared with other random number generators

Korsbakke, Andreas, Ringsell, Robin

January 2019

Background. Being able to trust cryptographic algorithms is a crucial part of society today, because of all the information that is gathered by companies all over the world. With this thesis, we want to help both Promestra AB and potential future customers to evaluate if you can trust their random number generator. Objectives. The main objective for the study is to compare the random number generator in Promestra security with the help of the test suite made by the NationalInstitute of Standards and Technology. The comparison will be made with other random number generators such as Mersenne Twister, Blum-Blum-Schub and more. Methods. The selected method in this study was to gather a total of 100 million bits of each random number generator and use these in the National Institute ofStandards and Technology test suite for 100 tests to get a fair evaluation of the algorithms. The test suite provides a statistical summary which was then analyzed. Results. The results show how many iterations out of 100 that have passed and also the distribution between the results. The obtained results show that there are some random number generators that have been tested that clearly struggles in many of the tests. It also shows that half of the tested generators passed all of the tests. Conclusions. Promestra security and Blum-Blum-Schub is close to passing all the tests, but in the end, they cannot be considered to be the preferable random number generator. The five that passed and seem to have no clear limitations are:Random.org, Micali-Schnorr, Linear-Congruential, CryptGenRandom, and MersenneTwister.

Randomness

Cryptography

RNG

NIST

Computer Sciences

Datavetenskap (datalogi)

Propuesta de implementación de un modelo de gestión de ciberseguridad para el centro de operaciones de seguridad (SOC) de una empresa de telecomunicaciones

Vilcarromero Zubiate, Ladi Lizeth, Vilchez Linares, Evit

06 August 2018

La seguridad nacional y económica de los países depende del funcionamiento confiable de su infraestructura crítica. Las amenazas de ciberseguridad explotan la creciente complejidad de dichos sistemas, colocando la economía, la seguridad pública y la salud en riesgo. Al igual que el riesgo financiero y de reputación, el riesgo de ciberseguridad afecta a los objetivos estratégicos de una empresa. Puede aumentar los costos y afectar los ingresos. Puede dañar la capacidad de una organización para Innovar, brindar servicios, ganar y mantener a los clientes. Así mimo, la información se ha convertido en uno de los activos más importantes para cualquier organización, y el aseguramiento de la misma como un punto primordial para lograr ventajas competitivas y generación del valor, basando en el adecuado resguardo de la Confidencialidad, Disponibilidad e Integridad de la Información. El propósito del presente trabajo es desarrollar y proponer un método que permita gestionar la ciberseguridad en empresas del sector telecomunicaciones sobre la base de una adecuada gestión del riesgo y la medición de controles según un nivel de madurez. Este método propuesto se encuentra basado en el Cyber Security Framework (CSF) del National Institute of Standards and Technology (NIST) promulgada por el Presidente Obama mediante la Orden Ejecutiva (EO) 13636. / The national and economic security of the countries depends on the reliable operation of their critical infrastructure. Cybersecurity threats exploit the increasing complexity of these systems, putting the economy, public safety and health at risk. Like financial and reputation risk, cybersecurity risk affects the strategic objectives of a company. It can increase costs and affect income. It can damage the ability of an organization to innovate, provide services, earn and maintain customers. Likewise, information has become one of the most important assets for any organization, and the assurance of it as a fundamental point to achieve competitive advantages and generation of value, based on the appropriate protection of Confidentiality, Availability and Integrity of the information. The purpose of this paper is to develop and propose a method for managing cybersecurity in companies in the telecommunications sector on the basis of an adequate risk management and the measurement of controls according to a level of maturity. This proposed method is based on the Cyber Security Framework (CSF) of the National Institute of Standards and Technology (NIST) promulgated by President Obama through Executive Order (EO) 13636. / Trabajo de investigación

Ciberseguridad

Infraestructuras Criticas

Telecomunicaciones

CSF

NIST

Cybersecurity

Critical Infrastructures

Telecommunications

Methodologies for Estimating Bioaccessibility of Six Metals in Household Dust: Zn, Pb, Cd, Cu, Ni, and Cr

Boros, Kristina

January 2015

The purpose of this study is to evaluate the relative advantages and disadvantages of two approaches for estimating oral bioaccessibility using a physiologically-based extraction technique (PBET): a simple gastric phase simulation and a two-phase gastrointestinal simulation. Bioaccessibility estimates of six metals prevalent in Canadian contaminated sites (zinc, lead, cadmium, copper, nickel, and chromium) were compared using the gastric phase simulation alone and the complete gastrointestinal simulation. Samples included vacuum dust samples from 33 homes, certified dust and soil reference materials, and a house dust control sample. Bioaccessibility measurements using the gastric phase simulation were greater than or equal to measurements obtained using the gastrointestinal simulation for the six studied metals. This research found that for the six studied metals, a simple simulation of the gastric phase provides the most conservative and cost-effective approach for estimating oral bioaccessibility of ingested metals.

Household dust

Dust

Soil

NIST

Bioaccessibility

Trace Metals

Lösenordspolicyer på populära webbsidor i Sverige. : En fallstudie för att undersöka lösenordspolicyer på 50 av de mest populära webbsidorna i Sverige. / Password policies on popular web sites in Sweden

Persson, Samuel, Håkansson, Erica

January 2020

Today, text-based password is one of the most common ways to verify login to a web page and to protect the account against theft. These password attacks are becoming more and more effective every year, which means that it is important not to let passwords be guessable. The purpose of this study is to investigate how the most popular websites in Sweden handled password policies at present. The implementation of the case study included testing 50 web pages against 26 passwords in order to evaluate how effective the webpages policy was. By collecting data on these 50 webpage password policies, four questions could be answered: How do password policies look, how effective are the webpage's password policies, how have password policies changed over time and how different web categories differ. The results of the case study indicate that several websites need to review their password policy. For example, only 22% of websites met the recommended requirements of NIST 800–63 and only a few webpages made major changes to their password policy over the last 5 years. Web pages that did not use password-based authentication systems are not used in this study. / Idag är text-baserat lösenord ett av de vanligaste sätten att verifiera inloggning mot en webbsida och för att skydda kontot mot stöld. Dessa lösenordsattacker blir allt mer effektiva för varje år vilket innebär att det är viktigt att inte låta lösenord bli gissningsbart. Syftet med denna studie är att undersöka hur de mest populära webbsidorna i Sverige hanterade lösenordspolicyer i dagsläget. Genomförandet av fallstudien inkluderade att testa 50 webbsidor mot 26 lösenord för att utvärdera hur effektiva webbsidornas policy var. Genom att samla in data om dessa 50 webbsidors lösenordspolicyer kunde fyra frågor besvaras: Hur ser lösenordspolicyer ut, hur effektiva är webbsidornas lösenordspolicyer, hur har lösenordspolicyer förändrats med tiden och hur skiljer sig olika webbkategorier. Resultaten från fallstudien visar på att flera webbsidor behöver se över deras lösenordspolicy. Exempelvis var det bara 22% av webbsidorna som uppfyllde de rekommenderade kraven från NIST 800–63 och det var endast ett fåtal webbsidor som har gjort större förändringar i sin lösenordspolicy under 5 års tid. Webbsidor som inte använde sig av lösenordsbaserade autentiseringssystem används ej i denna studie. / <p>På grund av Covid-19 gjordes presentationen på distans via programmet Zoom.</p>

Lösenordspolicy

lösenordsattacker

webbsidor

autentisering

NIST

Information Systems

Hardware Realization of Chaos Based Symmetric Image Encryption

Barakat, Mohamed L.

06 1900

This thesis presents a novel work on hardware realization of symmetric image encryption utilizing chaos based continuous systems as pseudo random number generators. Digital implementation of chaotic systems results in serious degradations in the dynamics of the system. Such defects are illuminated through a new technique of generalized post proceeding with very low hardware cost. The thesis further discusses two encryption algorithms designed and implemented as a block cipher and a stream cipher. The security of both systems is thoroughly analyzed and the performance is compared with other reported systems showing a superior results. Both systems are realized on Xilinx Vetrix-4 FPGA with a hardware and throughput performance surpassing known encryption systems.

Chaos

FPGA

NIST

Post-Processing

Black and stream ciphers

Image encryption

Hodnocení zdrojů entropie v běžných počítačích / Evaluation of entropy sources in common computers

Bafrnec, Matúš

January 2020

This thesis is focused on entropy sources and their evaluation. It includes a brief introduction to the information theory, description of entropy sources, their parameters and characteristics and methods of evaluation based on the NIST organisation standard SP 800-90B. The following part of the thesis is dedicated to the description of two created programs and evaluation and comparison of entropy sources. Additionally, the last part describes the usage of hash functions in association with entropy sources.