Global ETD Search

261	Direct Online/Offline Digital Signature Schemes. Yu, Ping 12 1900 (has links) Online/offline signature schemes are useful in many situations, and two such scenarios are considered in this dissertation: bursty server authentication and embedded device authentication. In this dissertation, new techniques for online/offline signing are introduced, those are applied in a variety of ways for creating online/offline signature schemes, and five different online/offline signature schemes that are proved secure under a variety of models and assumptions are proposed. Two of the proposed five schemes have the best offline or best online performance of any currently known technique, and are particularly well-suited for the scenarios that are considered in this dissertation. To determine if the proposed schemes provide the expected practical improvements, a series of experiments were conducted comparing the proposed schemes with each other and with other state-of-the-art schemes in this area, both on a desktop class computer, and under AVR Studio, a simulation platform for an 8-bit processor that is popular for embedded systems. Under AVR Studio, the proposed SGE scheme using a typical key size for the embedded device authentication scenario, can complete the offline phase in about 24 seconds and then produce a signature (the online phase) in 15 milliseconds, which is the best offline performance of any known signature scheme that has been proven secure in the standard model. In the tests on a desktop class computer, the proposed SGS scheme, which has the best online performance and is designed for the bursty server authentication scenario, generated 469,109 signatures per second, and the Schnorr scheme (the next best scheme in terms of online performance) generated only 223,548 signatures. The experimental results demonstrate that the SGE and SGS schemes are the most efficient techniques for embedded device authentication and bursty server authentication, respectively. bursty server authentication standard model Online/offline digital signature schemes embedded dvice authentication Digital signatures. Computer networks -- Access control. Computer networks -- Security measures.
262	Contribuições e avaliações das arquiteturas para as VPNs convergentes com escalabilidade, segurança e qualidade de serviço / Contributions and assessments for converging VPN architectures with scalability, security and quality of service Boava, Adão 18 August 2018 (has links) Orientador: Yuzo Iano / Tese (doutorado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-18T15:52:00Z (GMT). No. of bitstreams: 1 Boava_Adao_D.pdf: 10725757 bytes, checksum: b362a8b8e87465a0da12692a4fe7633f (MD5) Previous issue date: 2011 / Resumo: Os próximos anos prometem ser os das tecnologias das redes de nova geração para as operadoras de telecomunicações, fornecedores de equipamentos e usuários, com ênfase na integração das redes móveis sem fio, como 3G e 4G, com as redes fixas tradicionais, integração essa chamada às vezes de convergência das redes. Como consequência da convergência, vive-se um momento em que várias operadoras de telecomunicações fixas e móveis começaram a oferecer alguns serviços básicos de banda larga e os fornecedores de equipamentos iniciaram o processo de homologação de tais serviços, sendo que basicamente o único serviço disponível pelas operadoras que utilizam as redes de banda larga móveis e fixa é o acesso à internet. Esta tese apresenta alternativas para integrar as redes fixas com as redes móveis das operadoras a fim de oferecer serviços de VPNs (Virtual Private Network) fixo - móveis para aplicações que exijam mobilidade, baixo custo, qualidade de serviço, conectividade e segurança com alta escalabilidade. Para oferecer a mobilidade, são apresentadas as principais soluções de acesso banda larga para a formação de MVPN (Mobile Virtual Private Network). Essas são analisadas e avaliadas a fim de mostrar suas deficiências para utilização em acessos das VPNs. A qualidade de serviço, conectividade, segurança e escalabilidade serão alcançadas com a implementação do protocolo MPLS (Multi-Protocol Label Switching) no núcleo da rede. A implementação do MPLS no núcleo da rede consolida o transporte para as diversas tecnologias de acesso sem fio e com fio, reduzindo os custos operacionais das operadoras e tornando a redes mais escaláveis e confiáveis, preparando, assim, a operadora para as redes de acesso de quarta geração (4G). A partir dos requisitos das aplicações que irão trafegar na VPN, são propostas novas contribuições para as VPNs fixo - móveis para que estas atendam a esses requisitos com alta escalabilidade, mobilidade, segurança, conectividade e qualidade de serviço para o usuário e a operadora. Para validar as novas contribuições propostas, foi implementado um ambiente de teste para avaliar a conectividade e isolamento das VPNs e a qualidade de serviço. Duas propostas para resolver o problema de escalabilidade das VPNs são apresentadas, uma baseada em lista de controle de acesso ACL (Access Control List) e outra baseada em firewall. Também é apresentada uma proposta de IPSec (IP Security Protocol) sobre MPLS para resolver o problema de erros de configuração quando cometidos pelas operadoras de telecom / Abstract: The following years will be dominated by next generation network technology for telecommunication providers, equipment suppliers and users who emphasize the integration of mobile wireless networks such as 3G and 4G with traditional fixed networks - an integration often dubbed as network convergence. As a consequence of convergence, it is possible to observe that various fixed and mobile telecommunication providers are beginning to offer basic broadband services and equipment suppliers have initiated corresponding homologation processes, in which the only service made available by providers that utilize mobile and fixed broadband networks is internet access. This thesis presents alternatives to integrate the fixed and mobile network of providers so as to offer MVPN (Mobile Virtual Private Network) and fixed services for application that require mobility, low cost, quality of service, connectivity and security with high scalability. The main solutions for broadband access for MVPN formation are presented to offer mobility. These solutions are analyzed and assessed in order to show their deficiencies for the utilization in VPN accessing. Quality of service, connectivity, security and scalability will be reached with the implementation of MPLS (Multi-Protocol Label Switching) in the core network. The implementation of MPLS in the core network consolidates transportation for several wireless and fixed access technologies, reducing the operational costs of providers, making networks more scalable and trustworthy, thereby preparing the provider for fourth generation (4G) access networks. Based on the requirements of the applications that will travel in the VPN, new contributions are proposed for fixed-mobile VPNs so that it meets these requirements with high scalability, mobility, security, connectivity and quality of service, both for the user and the provider. To validate the proposed contributions a test environment was implemented to evaluate the connectivity and isolation of the VPNs and the quality of service. Two proposals to solve the VPN scalability problems are presented, one based on ACL (Access Control List) and the other based on firewall. An IPSec (IP Security Protocol) on MPLS proposal is also presented in order to solve configuration errors made by telecommunication providers / Doutorado / Telecomunicações e Telemática / Doutor em Engenharia Elétrica Comunicação movel Redes de comunicação Sistemas de comunicação sem fio Mobile communication Communication networks Wireless communication systems Computer networks - Security measures
263	Mathematical security models for multi-agent distributed systems Ma, Chunyan 01 January 2004 (has links) This thesis presents the developed taxonomy of the security threats in agent-based distributed systems. Based on this taxonomy, a set of theories is developed to facilitate analyzng the security threats of the mobile-agent systems. We propose the idea of using the developed security risk graph to model the system's vulnerabilties. Computer security -- Mathematical models Computer networks -- Security measures Information Security
264	Rychlé zpracování aplikačních protokolů / Fast Processing of Application-Layer Protocols Bárta, Stanislav January 2014 (has links) This master's thesis describes the design and implementation of system for processing application protocols in high-speed networks using the concept of Software Defined Monitoring. The proposed solution benefits from hardware accelerated network card performing pre-processing of network traffic based on the feedback from monitoring applications. The proposed system performs pre-processing and filtering of network traffic which is handed afterwards passed to application modules. Application modules process application protocols and generate metadata that describe network traffic. Pre-processing consists of parsing of network protocols up to the transport layer, TCP reassembling and forwarding packet flow only to modules that are looking for a given network traffic. The proposed system closely links intercept related information internal interception function (IRI-IIF) and content of communication internal interception function (CC-IIF) to minimize the performing of duplicate operations and increase the efficiency of the system.
265	Ochrana datové sítě s využitím NetFlow dat / Network Protection Using NetFlow Data Sedlář, Petr January 2010 (has links) This document provides information about Cisco NetFlow technology and its usage to protect networks from different types of attacks. Part of the document is a summary of common security risks in term of their detection on network and transport layer. There are specified characteristics of NetFlow data containing samples of security risks. On the basis of these characteristics, an application for detection these risks is designed and implemented.
266	The design of an effective extreme controller mechanism scheme for software defined cognitive radio network Sibanda, Brian January 2021 (has links) Thesis( M. A. (Computer Science)) -- University of Limpopo , 2021 / In Software Defined Cognitive Radio Network (SDCRN), network security is a significant issue. This issue arises when Software Defined Network (SDN) architecture integrates with the Cognitive Radio Network (CRN) technology. SDN is designed to improve network resource management, while CRN technology is meant at improving spectrum management. These technologies are vulnerable to several malicious attacks. These attacks include Distributed Denial of Service (DDoS) and Primary User Emulation (PUE). Both the DDoS and PUE can be disrupt services in the SDCRN. To curb these attacks, schemes which hardens the security of SDCRN need to be designed. Thus, in this study we propose a security mechanism called Extreme_Controller_Mechanism (XCM) that reduce the effects of DDoS and PUE. The proposed XCM scheme was designed and evaluated in three simulation environment, the OMNeT++, Octave, and MATLAB simulators. The SDCRN data set was generated using the Neural Network back propagation algorithms. The data set was then used in Matlab to evaluate the effectiveness of the prosed XCM scheme. XCM proved to be effective and efficient at detection and prevention of DDoS and PUE attacks in SDCRN. In terms of memory and processor utilisation, XCM proved to the best when compared to other schemes such as the Advanced Support Vector Machine (ASVM) and deep learning convolution network (CDLN). But in terms of detection time, the ASVM was found to be the best performing scheme. Regarding our test for detection rate, false positive and false negative, the XCM, ASVM and CDLM performed the same. The results of the XCM were therefore the best and superior to the ASVM and CDLM. This can be attributed to the fact that the XCM scheme is optimised for DDoS and PUE attacks. We can therefore conclude that our XCM scheme is the best performing scheme compared to the ASVM and CDLN schemes. Software defined cognitive radio network Distributed denial of service Primary user emulation Computer networks -- Security measures
267	An analysis and a comparative study of cryptographic algorithms used on the internet of things (IoT) based on avalanche effect Muthavhine, Khumbelo Difference 07 1900 (has links) Ubiquitous computing is already weaving itself around us and it is connecting everything to the network of networks. This interconnection of objects to the internet is new computing paradigm called the Internet of Things (IoT) networks. Many capacity and non-capacity constrained devices, such as sensors are connecting to the Internet. These devices interact with each other through the network and provide a new experience to its users. In order to make full use of this ubiquitous paradigm, security on IoT is important. There are problems with privacy concerns regarding certain algorithms that are on IoT, particularly in the area that relates to their avalanche effect means that a small change in the plaintext or key should create a significant change in the ciphertext. The higher the significant change, the higher the security if that algorithm. If the avalanche effect of an algorithm is less than 50% then that algorithm is weak and can create security undesirability in any network. In this, case IoT. In this study, we propose to do the following: (1) Search and select existing block cryptographic algorithms (maximum of ten) used for authentication and encryption from different devices used on IoT. (2) Analyse the avalanche effect of select cryptographic algorithms and determine if they give efficient authentication on IoT. (3) Improve their avalanche effect by designing a mathematical model that improves their robustness against attacks. This is done through the usage of the initial vector XORed with plaintext and final vector XORed with cipher tect. (4) Test the new mathematical model for any enhancement on the avalanche effect of each algorithm as stated in the preceding sentences. (5) Propose future work on how to enhance security on IoT. Results show that when using the proposed method with variation of key, the avalanche effect significantly improved for seven out of ten algorithms. This means that we have managed to improve 70% of algorithms tested. Therefore indicating a substantial success rate for the proposed method as far as the avalanche effect is concerned. We propose that the seven algorithms be replaced by our improved versions in each of their implementation on IoT whenever the plaintext is varied. / Electrical and Mining Engineering / M. Tech. (Electrical Engineering) 005.8 Internet of things -- Security measures Data encryption (Computer science) Computer networks -- Security measures Computer algorithms
268	Particle swarm optimization applied to real-time asset allocation Reynolds, Joshua 05 1900 (has links) Particle Swam Optimization (PSO) is especially useful for rapid optimization of problems involving multiple objectives and constraints in dynamic environments. It regularly and substantially outperforms other algorithms in benchmark tests. This paper describes research leading to the application of PSO to the autonomous asset management problem in electronic warfare. The PSO speed provides fast optimization of frequency allocations for receivers and jammers in highly complex and dynamic environments. The key contribution is the simultaneous optimization of the frequency allocations, signal priority, signal strength, and the spatial locations of the assets. The fitness function takes into account the assets' locations in 2 dimensions, maximizing their spatial distribution while maintaining allocations based on signal priority and power. The fast speed of the optimization enables rapid responses to changing conditions in these complex signal environments, which can have real-time battlefield impact. Results optimizing receiver frequencies and locations in 2 dimensions have been successful. Current run-times are between 450ms (3 receivers, 30 transmitters) and 1100ms (7 receivers, 50 transmitters) on a single-threaded x86 based PC. Run-times can be substantially decreased by an order of magnitude when smaller swarm populations and smart swarm termination methods are used, however a trade off exists between run-time and repeatability of solutions. The results of the research on the PSO parameters and fitness function for this problem are demonstrated. Particle swarm optimization Asset allocation Mathematical optimization Particles (Nuclear physics) Swarm intelligence Electronic intelligence Electronics in military engineering Information warfare Military telecommunication Computer networks -- Security measures
269	Ontology Based Security Threat Assessment and Mitigation for Cloud Systems Kamongi, Patrick 12 1900 (has links) A malicious actor often relies on security vulnerabilities of IT systems to launch a cyber attack. Most cloud services are supported by an orchestration of large and complex systems which are prone to vulnerabilities, making threat assessment very challenging. In this research, I developed formal and practical ontology-based techniques that enable automated evaluation of a cloud system's security threats. I use an architecture for threat assessment of cloud systems that leverages a dynamically generated ontology knowledge base. I created an ontology model and represented the components of a cloud system. These ontologies are designed for a set of domains that covers some cloud's aspects and information technology products' cyber threat data. The inputs to our architecture are the configurations of cloud assets and components specification (which encompass the desired assessment procedures) and the outputs are actionable threat assessment results. The focus of this work is on ways of enumerating, assessing, and mitigating emerging cyber security threats. A research toolkit system has been developed to evaluate our architecture. We expect our techniques to be leveraged by any cloud provider or consumer in closing the gap of identifying and remediating known or impending security threats facing their cloud's assets. Ontology Cybersecurity Cloud Computing Vulnerability Ranking Threat Risk Prediction Assessment Mitigation Systems Computer networks -- Security measures. Computer security. Cloud computing -- Security measures. Ontologies (Information retrieval)
270	Seed and Grow: An Attack Against Anonymized Social Networks Peng, Wei 07 August 2012 (has links) Indiana University-Purdue University Indianapolis (IUPUI) / Digital traces left by a user of an on-line social networking service can be abused by a malicious party to compromise the person’s privacy. This is exacerbated by the increasing overlap in user-bases among various services. To demonstrate the feasibility of abuse and raise public awareness of this issue, I propose an algorithm, Seed and Grow, to identify users from an anonymized social graph based solely on graph structure. The algorithm first identifies a seed sub-graph either planted by an attacker or divulged by collusion of a small group of users, and then grows the seed larger based on the attacker’s existing knowledge of the users’ social relations. This work identifies and relaxes implicit assumptions taken by previous works, eliminates arbitrary parameters, and improves identification effectiveness and accuracy. Experiment results on real-world collected datasets further corroborate my expectation and claim. social networks; anonymization; privacy Data protection Computer security Internet -- Safety measures Privacy, Right of Computer networks -- Social aspects

Search results