Global ETD Search

191	Elliptic curves: identity-based signing and quantum arithmetic Unknown Date (has links) Pairing-friendly curves and elliptic curves with a trapdoor for the discrete logarithm problem are versatile tools in the design of cryptographic protocols. We show that curves having both properties enable a deterministic identity-based signing with “short” signatures in the random oracle model. At PKC 2003, Choon and Cheon proposed an identity-based signature scheme along with a provable security reduction. We propose a modification of their scheme with several performance benefits. In addition to faster signing, for batch signing the signature size can be reduced, and if multiple signatures for the same identity need to be verified, the verification can be accelerated. Neither the signing nor the verification algorithm rely on the availability of a (pseudo)random generator, and we give a provable security reduction in the random oracle model to the (`-)Strong Diffie-Hellman problem. Implementing the group arithmetic is a cost-critical task when designing quantum circuits for Shor’s algorithm to solve the discrete logarithm problem. We introduce a tool for the automatic generation of addition circuits for ordinary binary elliptic curves, a prominent platform group for digital signatures. Our Python software generates circuit descriptions that, without increasing the number of qubits or T-depth, involve less than 39% of the number of T-gates in the best previous construction. The software also optimizes the (CNOT) depth for F2-linear operations by means of suitable graph colorings. / Includes bibliography. / Dissertation (Ph.D.)--Florida Atlantic University, 2014. / FAU Electronic Theses and Dissertations Collection Coding theory Computer network protocols Computer networks -- Security measures Data encryption (Computer science) Mathematical physics Number theory -- Data processing
192	General Deterrence Theory: Assessing Information Systems Security Effectiveness in Large versus Small Businesses Schuessler, Joseph H. 05 1900 (has links) This research sought to shed light on information systems security (ISS) by conceptualizing an organization's use of countermeasures using general deterrence theory, positing a non-recursive relationship between threats and countermeasures, and by extending the ISS construct developed in prior research. Industry affiliation and organizational size are considered in terms of differences in threats that firms face, the different countermeasures in use by various firms, and ultimately, how a firm's ISS effectiveness is affected. Six information systems professionals were interviewed in order to develop the appropriate instruments necessary to assess the research model put forth; the final instrument was further refined by pilot testing with the intent of further clarifying the wording and layout of the instrument. Finally, the Association of Information Technology Professionals was surveyed using an online survey. The model was assessed using SmartPLS and a two-stage least squares analysis. Results indicate that a non-recursive relationship does indeed exist between threats and countermeasures and that countermeasures can be used to effectively frame an organization's use of countermeasures. Implications for practitioners include the ability to target the use of certain countermeasures to have desired effects on both ISS effectiveness and future threats. Additionally, the model put forth in this research can be used by practitioners to both assess their current ISS effectiveness as well as to prescriptively target desired levels of ISS effectiveness. countermeasures Information systems security threats risk assessment Computer networks -- Security measures. Computer security.
193	Distributed file systems in an authentication system Merritt, John W January 2010 (has links) Typescript (photocopy). / Digitized by Kansas Correctional Industries / Department: Computer Science. Computer networks--Security measures Electronic mail systems C♯ (Computer program language) UNIX (Computer file)
194	A malware threat avoidance model for online social network users Ikhalia, Ehinome January 2017 (has links) The main purpose of this thesis is to develop a malware threat avoidance model for users of online social networks (OSNs). To understand the research domain, a comprehensive and systematic literature review was conducted and then the research scope was established. Two design science iterations were carried out to achieve the research aim reported in this thesis. In the first iteration, the research extended the Technology Threat Avoidance Theory (TTAT) to include a unique characteristic of OSN - Mass Interpersonal Persuasion (MIP). The extended model (TTAT-MIP), focused on investigating the factors that needs to be considered in a security awareness system to motivate OSN users to avoid malware threats. Using a quantitative approach, the results of the first iteration suggests perceived severity, perceived threat, safeguard effectiveness, safeguard cost, self-efficacy and mass interpersonal persuasion should be included in a security awareness system to motivate OSN users to avoid malware threats. The second iteration was conducted to further validate TTAT-MIP through a Facebook video animation security awareness system (referred in this thesis as Social Network Criminal (SNC)). SNC is a Web-based application integrated within Facebook to provide security awareness to OSN users. To evaluate TTAT-MIP through SNC, three research techniques were adopted: lab experiments, usability study and semi-structured interviews. The results suggest that participants perceived SNC as a useful tool for malware threat avoidance. In addition, SNC had a significant effect on the malware threat avoidance capabilities of the study participants. Moreover, the thematic analysis of the semi-structured interviews demonstrated that the study participants' found SNC to be highly informative; persuasive; interpersonally persuasive; easy to use; relatable; fun to use; engaging; and easy to understand. These findings were strongly related to the constructs of TTAT-MIP. The research contributes to theory by demonstrating a novel approach to design and deploy security awareness systems in a social context. This was achieved by including users' behavioural characteristic on the online platform where malware threats occur within a security awareness system. Besides, this research shows how practitioners keen on developing systems to improve security behaviours could adopt the TTAT-MIP model for other related contexts.
195	Prilog razvoju metode za detekciju napada ometanjem usluge na Internetu / A contribution to the method for detection of denial of service attacks inInternet Petković Miodrag 24 September 2018 (has links) <p>U ovoj doktorskoj disertaciji predložen je i analiziran metod koji kombinuje primenu entropije odabranih obeležja mrežnog saobraćaja i Takagi-Sugeno-Kang (TSK) neuro-fazi modela u detekciji DoS napada. Entropija je primenjena jer omogućava detekciju širokog spektra statističkih anomalija uzrokovanih DoS napadima dok TSK neuro-fazi model daje dodatni kvalitet u konačnom određivanju tačaka početka i kraja napada povećavajući odnos ispravno i pogrešno detektovanih napada.</p> / <p>In this thesis a new method for DoS attack detection is proposed. This method<br />combines the use of entropy of some characteristic parameters of network traffic<br />and Takagi-Sugeno-Kang (TSK) neuro-fuzzy model. Entropy has been used because<br />it enables detection of wide spectar of network anomalies caused by DoS attacks,<br />while TSK adds new value to final detection of the start and the end of an attack<br />increasing ratio between true and false detections.</p>
196	Scaling and Visualizing Network Data to Facilitate in Intrusion Detection Tasks Abdullah, Kulsoom B. 07 April 2006 (has links) As the trend of successful network attacks continue to rise, better forms of intrusion, detection and prevention are needed. This thesis addresses network traffic visualization techniques that aid administrators in recognizing attacks. A view of port statistics and Intrusion Detection System (IDS) alerts has been developed. Each help to address issues with analyzing large datasets involving networks. Due to the amount of traffic as well as the range of possible port numbers and IP addresses, scaling techniques are necessary. A port-based overview of network activity produces an improved representation for detecting and responding to malicious activity. We have found that presenting an overview using stacked histograms of aggregate port activity, combined with the ability to drill-down for finer details allows small, yet important details to be noticed and investigated without being obscured by large, usual traffic. Another problem administrators face is the cumbersome amount of alarm data generated from IDS sensors. As a result, important details are often overlooked, and it is difficult to get an overall picture of what is occurring in the network by manually traversing textual alarm logs. We have designed a novel visualization to address this problem by showing alarm activity within a network. Alarm data is presented in an overview from which system administrators can get a general sense of network activity and easily detect anomalies. They additionally have the option of then zooming and drilling down for details. Based on our system administrator requirements study, this graphical layout addresses what system administrators need to see, is faster and easier than analyzing text logs, and uses visualization techniques to effectively scale and display the data. With this design, we have built a tool that effectively uses operational alarm log data generated on the Georgia Tech campus network. For both of these systems, we describe the input data, the system design, and examples. Finally, we summarize potential future work. Intrusion detection Alarm visualization Network security visualization Network security Port visualization Network visualization Visualization Computer networks Security measures Computer security
197	Security Architecture and Protocols for Overlay Network Services Srivatsa, Mudhakar 16 May 2007 (has links) Conventional wisdom suggests that in order to build a secure system, security must be an integral component in the system design. However, cost considerations drive most system designers to channel their efforts on the system's performance, scalability and usability. With little or no emphasis on security, such systems are vulnerable to a wide range of attacks that can potentially compromise confidentiality, integrity and availability of sensitive data. It is often cumbersome to redesign and implement massive systems with security as one of the primary design goals. This thesis advocates a proactive approach that cleanly retrofits security solutions into existing system architectures. The first step in this approach is to identify security threats, vulnerabilities and potential attacks on a system or an application. The second step is to develop security tools in the form of customizable and configurable plug-ins that address these security issues and minimally modify existing system code, while preserving its performance and scalability metrics. This thesis uses overlay network applications to shepherd through and address challenges involved in supporting security in large scale distributed systems. In particular, the focus is on two popular applications: publish/subscribe networks and VoIP networks. Our work on VoIP networks has for the first time identified and formalized caller identification attacks on VoIP networks. We have identified two attacks: a triangulation based timing attack on the VoIP network's route set up protocol and a flow analysis attack on the VoIP network's voice session protocol. These attacks allow an external observer (adversary) to uniquely (nearly) identify the true caller (and receiver) with high probability. Our work on the publish/subscribe networks has resulted in the development of an unified framework for handling event confidentiality, integrity, access control and DoS attacks, while incurring small overhead on the system. We have proposed a key isomorphism paradigm to preserve the confidentiality of events on publish/subscribe networks while permitting scalable content-based matching and routing. Our work on overlay network security has resulted in a novel information hiding technique on overlay networks. Our solution represents the first attempt to transparently hide the location of data items on an overlay network. Performance and scalability Applied cryptography Systems security Overlay networks Computer architecture Security measures Computer networks Security measures Plug-ins (Computer programs)
198	Security And Quality Of Service For Wireless Sensor Networks Tomur, Emrah 01 February 2008 (has links) (PDF) Security and quality of service (QoS) issues in cluster-based wireless sensor networks are investigated. The QoS perspective is mostly at application level consisting of four attributes, which are spatial resolution, coverage, system lifetime and packet loss due to collisions. The addressed security aspects are message integrity and authentication. Under this scope, the interactions between security and service quality are analyzed with particular emphasis on the tradeoff between security and spatial resolution for channel capacity. The optimal security and spatial resolution levels which yield the best tradeoff are determined. In addition, a control strategy is proposed to achieve the desired quality of service and security levels during the entire operation of a cluster-based sensor network. Compared to the existing studies, the proposed method is simpler and has superior performance.
199	Improving host-based computer security using secure active monitoring and memory analysis Payne, Bryan D. 03 June 2010 (has links) Thirty years ago, research in designing operating systems to defeat malicious software was very popular. The primary technique was to design and implement a small security kernel that could provide security assurances to the rest of the system. However, as operating systems grew in size throughout the 1980's and 1990's, research into security kernels slowly waned. From a security perspective, the story was bleak. Providing security to one of these large operating systems typically required running software within that operating system. This weak security foundation made it relatively easy for attackers to subvert the entire system without detection. The research presented in this thesis aims to reimagine how we design and deploy computer systems. We show that through careful use of virtualization technology, one can effectively isolate the security critical components in a system from malicious software. Furthermore, we can control this isolation to allow the security software a complete view to monitor the running system. This view includes all of the necessary information for implementing useful security applications including the system memory, storage, hardware events, and network traffic. In addition, we show how to perform both passive and active monitoring securely, using this new system architecture. Security applications must be redesigned to work within this new monitoring architecture. The data acquired through our monitoring is typically very low-level and difficult to use directly. In this thesis, we describe work that helps bridge this semantic gap by locating data structures within the memory of a running virtual machine. We also describe work that shows a useful and novel security framework made possible through this new monitoring architecture. This framework correlates human interaction with the system to distinguish legitimate and malicious outgoing network traffic. Memory analysis Introspection Virtualization Security Active monitoring User intent Computer networks Security measures Computer security
200	Semantic view re-creation for the secure monitoring of virtual machines Carbone, Martim 28 June 2012 (has links) The insecurity of modern-day software has created the need for security monitoring applications. Two serious deficiencies are commonly found in these applications. First, the absence of isolation from the system being monitored allows malicious software to tamper with them. Second, the lack of secure and reliable monitoring primitives in the operating system makes them easy to be evaded. A technique known as Virtual Machine Introspection attempts to solve these problems by leveraging the isolation and mediation properties of full-system virtualization. A problem known as semantic gap, however, occurs as a result of the low-level separation enforced by the hypervisor. This thesis proposes and investigates novel techniques to overcome the semantic gap, advancing the state-of-the-art on the syntactic and semantic view re-creation for applications that conduct passive and active monitoring of virtual machines. First, we propose a new technique for reconstructing a syntactic view of the guest OS kernel's heap state by applying a combination of static code and dynamic memory analysis. Our key contribution is the accuracy and completeness of our analysis. We also propose a new technique that allows out-of-VM applications to invoke and securely execute API functions inside the monitored guest's kernel, eliminating the need for the application to know details of the guest's internals. Our key contribution is the ability to overcome the semantic gap in a robust and secure manner. Finally, we propose a new virtualization-based event monitoring technique based on the interception of kernel data modifications. Our key contribution is the ability to monitor operating system events in a general and secure fashion. Semantic gap Secure monitoring Introspection Systems security Virtual machines Virtualization Computer networks Security measures Virtual computer systems Computer architecture

Search results