Physical-layer security: practical aspects of channel coding and cryptography

Harrison, Willie K.

21 June 2012

In this work, a multilayer security solution for digital communication systems is provided by considering the joint effects of physical-layer security channel codes with application-layer cryptography. We address two problems: first, the cryptanalysis of error-prone ciphertext; second, the design of a practical physical-layer security coding scheme. To our knowledge, the cryptographic attack model of the noisy-ciphertext attack is a novel concept. The more traditional assumption that the attacker has the ciphertext is generally assumed when performing cryptanalysis. However, with the ever-increasing amount of viable research in physical-layer security, it now becomes essential to perform the analysis when ciphertext is unreliable. We do so for the simple substitution cipher using an information-theoretic framework, and for stream ciphers by characterizing the success or failure of fast-correlation attacks when the ciphertext contains errors. We then present a practical coding scheme that can be used in conjunction with cryptography to ensure positive error rates in an eavesdropper's observed ciphertext, while guaranteeing error-free communications for legitimate receivers. Our codes are called stopping set codes, and provide a blanket of security that covers nearly all possible system configurations and channel parameters. The codes require a public authenticated feedback channel. The solutions to these two problems indicate the inherent strengthening of security that can be obtained by confusing an attacker about the ciphertext, and then give a practical method for providing the confusion. The aggregate result is a multilayer security solution for transmitting secret data that showcases security enhancements over standalone cryptography.

Wire-tap channel

Wiretap channel

Low-density parity-check codes

Stopping sets

Multi-layer security

Wiretap codes

Wire-tap codes

Physical-layer security

LDPC codes

Information-theoretic security

Coding theory

Cryptography

Digital communications

Computer security

Computer networks Security measures

Digital encoding for secure data communications

Rondón, Eduardo Emilio Coquis.

January 1976

Thesis (Engineer's) --Naval Postgraduate School, 1976. / "September 1976." "AD A035848." Includes bibliographical references (leaves 122-123) Available via the Internet.

The design and implementation of a security and containment platform for peer-to-peer media distribution / Die ontwerp en implimentasie van ’n sekure en begeslote platvorm vir portuurnetwerk mediaverspreiding

Storey, Quiran

12 1900

Thesis (MScEng)--Stellenbosch University, 2013. / ENGLISH ABSTRACT: The way in which people consume video is changing with the adoption of new technologies such as tablet computers and smart televisions. These new technologies, along with the Internet, are moving video distribution away from satellite and terrestrial broadcast to distribution over the Internet. Services online now offer the same content that originally was only available on satellite broadcast television. However, these services are only viable in countries with high speed, inexpensive Internet bandwidth. The need therefore exists for alternative services to deliver content in countries where bandwidth is still expensive and slow. These include many of the developing nations of Africa. In this thesis we design and develop a video distribution platform that relies on peer-to-peer networking to deliver high quality video content. We use an existing video streaming peer-to-peer protocol as the primary distribution mechanism, but allow users to share video over other protocols and services. These can include BitTorrent, DC++ and users sharing hard drives with one another. In order to protect the video content, we design and implement a security scheme that prevents users from pirating video content, while allowing easy distribution of video data. The core of the security scheme requires a low bandwidth Internet connection to a server that streams keys to unlock the video content. The project also includes the development of a custom video player application to integrate with the security scheme. The platform is not limited to, but is aimed at high speed local area networks where bandwidth is free. In order for the platform to support feasible business models, we provision additional services, such as video cataloging and search, video usage monitoring and platform administration. The thesis includes a literature study on techniques and solutions to secure video entertainment, specifically in a peer-to-peer environment. / AFRIKAANSE OPSOMMING: Die wyse waarvolgens mense video verbruik is aan die verander met die ingebruikneming van nuwe tegnologie soos tabletrekenaars en slim televisiestelle. Hierdie nuwe tegnologie tesame met die Internet maak dat die verspreiding van video al hoe minder plaasvind deur middel van satellietuitsendings en al hoe meer versprei word deur die Internet. Aanlyn-Internetdienste bied deesdae dieselfde inhoud aan as wat voorheen slegs deur beeldsending versprei is. Hierdie dienste is egter slegs lewensvatbaar in lande met hoëspoed- en goedkoop Internetbandwydte. Daar is dus ’n behoefte aan alternatiewe tot hierdie dienste in lande waar bandwydte steeds duur en stadig is. Baie lande in Afrika kan in hierdie kategorie ingesluit word. In hierdie tesis word ’n videoverspreidingsplatform ontwerp en ontwikkel, wat van portuurnetwerke gebruik maak om hoëkwaliteit-beeldmateriaal te versprei. Die stelsel gebruik ’n bestaande portuurnetwerk-datavloeiprotokol as die premêre verspreidingsmeganisme, maar laat gebruikers ook toe om videoinhoud direk met ander gebruikers en dienste te deel. BitTorrent, DC++ en gebruikers wat hardeskywe met mekaar deel word hierby ingesluit. Ten einde die videoinhoud te beskerm ontwerp en implimenteer ons ’n sekuriteitstelsel wat verhoed dat gebruikers die videoinhoud onregmatig kan toe-eien, maar wat terselfdertyd die verspreiding van die data vergemaklik. Hierdie sluit die ontwikkeling van ’n pasgemaakte videospeler in. Die kern van die sekuriteitstelsel benodig ’n lae-bandwydte-Internetverbinding na ’n bediener wat sleutels uitsaai om die videoinhoud te ontsluit. Alhoewel nie daartoe beperk nie, is die platform gemik op hoëspoed-plaaslikegebiedsnetwerke met gratis bandwydte. Om die platvorm aan ’n haalbare sakemodel te laat voldoen het ons vir addisionele dienste soos videokatalogisering met soekfunksies, videoverbruikersmonitering en platvormadministrasie voorsiening gemaak. Die tesis sluit ’n literatuurstudie oor tegnieke en oplossings vir die beskerming van video data, spesifiek in die portuurnetwerke omgeving, in.

Streaming videos

Internet security measures

Computing platforms

Local area networks (Computer networks)

Video distribution platforms

Applying mobile agents in an immune-system-based intrusion detection system

Zielinski, Marek Piotr

30 November 2004

Nearly all present-day commercial intrusion detection systems are based on a hierarchical architecture. In such an architecture, the root node is responsible for detecting intrusions and for issuing responses. However, an intrusion detection system (IDS) based on a hierarchical architecture has many single points of failure. For example, by disabling the root node, the intrusion-detection function of the IDS will also be disabled. To solve this problem, an IDS inspired by the human immune system is proposed. The proposed IDS has no single component that is responsible for detecting intrusions. Instead, the intrusion-detection function is divided and placed within mobile agents. Mobile agents act similarly to white blood cells of the human immune system and travel from host to host in the network to detect intrusions. The IDS is fault-tolerant because it can continue to detect intrusions even when most of its components have been disabled. / Computer Science (School of Computing) / M. Sc. (Computer Science)

Computer security

Intrusion detection system

Immune system

Mobile agent

Fault-tolerance

Anomaly detection

System call monitoring

Computer immunology

005.8

Computer security

Mobile agents (Computer software)

Computer networks -- Security measures

Selection of mobile agent systems based on mobility, communication and security aspects

Lall, Manoj

30 June 2005

The availability of numerous mobile agent systems with its own strengths and weaknesses poses a problem when deciding on a particular mobile agent system. In this dissertation, factors based on mobility, communication and security of the mobile agent systems are presented and used as a means to address this problem. To facilitate in the process of selection, a grouping scheme of the agent system was proposed. Based on this grouping scheme, mobile agent systems with common properties are grouped together and analyzed against the above-mentioned factors. In addition, an application was developed using the Aglet Software Development Toolkit to demonstrate certain features of agent mobility, communication and security. / Theoretical Computing / M. Sc. (Computer Science)

Mobile agent systems

Mobile agents

KQML

Execution environment

Distributed systems

Agent Communication Language

Agent Mobility

Agent Security

Computational environment

Data state

006.3

Mobile agents (Computer software)

Mobile computing

Computer networks -- Security measures

Towards a conceptual framework for information security digital divide

Chisanga, Emmanuel

10 1900

In the 21st century, information security has become the heartbeat of any organisation. One of the best-known methods of tightening and continuously improving security on an information system is to uniquely and efficiently combine the human aspect, policies, and technology. This acts as leverage for designing an access control management approach which not only avails parts of the system that end-users are permitted to but also regulates which data is relevant according to their scope of work. This research explores information security fundamentals at organisational and theoretical levels, to identify critical success factors which are vital in assessing the organisation’s security maturity through a model referred to as “information security digital divide maturity framework”. The foregoing is based on a developed conceptual framework for information security digital divide. The framework strives to divide end-users, business partners, and other stakeholders into “specific information haves and have-nots”. It intends to assist organisations to continually evaluate and improve on their security governance, standards, and policies which permit access on the basis of each end-user or stakeholder’s business function, role, and responsibility while at the same time preserving the traditional standpoint of confidentiality, integrity, and availability. After a thorough review of a range of frameworks that have influenced the information security landscape, COBITTM was relied upon as a baseline for the development of the framework of the study because of its rich insight and maturity on IT management and governance. To ascertain that the proposed framework meets the required expectation, a survey targeting end-users within three participating organisations was carried out. The outcome revealed the current maturity level of each participating organisation, highlighting strengths and limitations of current information security practices. As such, for new organisations relying on the proposed framework for the first time, the outcome of such an assessment will represent a benchmark to be relied on for further improvement before embarking on the next maturity assessment cycle. In addition, a second survey was conducted with subject matter experts in information security. Data generated and collected through a questionnaire was then analysed and interpreted qualitatively and quantitatively in order to identify aspects, not only to gauge the acceptance of the proposed conceptual framework but also to identify areas for improvements. The study found that there was a general consensus amongst experts on the importance of a framework for benchmarking information security digital divide in organisations. It also provided a range of valuable input relied upon to improve the framework to its final version. / School of Computing / M. Sc. (Computing)

Capability maturity

Digital divide

Information security

Information systems

Critical success factors

Information security digital divide

Information security maturity level

Frameworks

Benchmarking

005.8

Computer security

Computer networks -- Security measures

A framework for the protection of mobile agents against malicious hosts

Biermann, Elmarie

30 September 2004

The mobility attribute of a mobile agent implies deployment thereof in untrustworthy environments, which introduces malicious host threats. The research question deals with how a security framework could be constructed to address the mentioned threats without introducing high costs or restraining the mobile agent's autonomy or performance. Available literature have been studied, analysed and discussed. The salient characteristics as well as the drawbacks of current solutions were isolated. Through this knowledge a dynamic mobile agent security framework was defined. The framework is based on the definition of multiple security levels, depending on type of deployment environment and type of application. A prototype was constructed and tested and it was found to be lightweight and efficient, giving developers insight into possible security threats as well as tools for maximum protection against malicious hosts. The framework outperformed other frameworks / models as it provides dynamic solutions without burdening a system with unnecessary security gadgets and hence paying for it in system cost and performance / Computing / D.Phil.

Computer security

Communication networks

Countermeasure classification

Mobile agent security framework

Security framework requirements

Threats classification

Malicious hosts

Mobile agent security

005.8

Mobile agents (Computer software)

Computer security

Computer networks -- Security measures

Computer seizure as technique in forensic investigation

Ndara, Vuyani

19 March 2014

The problem encountered by the researcher was that the South African Police Service Cyber-Crimes Unit is experiencing problems in seizing computer evidence. The following problems were identified by the researcher in practice: evidence is destroyed or lost because of mishandling by investigators; computer evidence is often not obtained or recognised, due to a lack of knowledge and skills on the part of investigators to properly seize computer evidence; difficulties to establish authenticity and initiate a chain of custody for the seized evidence; current training that is offered is unable to cover critical steps in the performance of seizing computer evidence; computer seizure as a technique requires specialised knowledge and continuous training, because the information technology industry is an ever-changing area. An empirical research design, followed by a qualitative research approach, allowed the researcher to also obtain information from practice. A thorough literature study, complemented by interviews, was done to collect the required data for the research. Members of the South African Police Cyber-crime Unit and prosecutors dealing with cyber-crime cases were interviewed to obtain their input into, and experiences on, the topic. The aim of the study was to explore the role of computers in the forensic investigation process, and to determine how computers can be seized without compromising evidence. The study therefore also aimed at creating an understanding and awareness about the slippery nature of computer evidence, and how it can find its way to the court of law without being compromised. The research has revealed that computer crime is different from common law or traditional crimes. It is complicated, and therefore only skilled and qualified forensic experts should be used to seize computer evidence, to ensure that the evidence is not compromised. Training of cyber-crime technicians has to be priority, in order to be successful in seizing computers. / Department of Criminology / M.Tech. (Forensic Investigation)

Forensic

Digital forensic

Computer

Digital evidence

Investigators

Technicians

Chain of custody

Seizure

Cyber-crime

Cyber-crime technicians

363.25968

Computer crimes -- Investigation

Computer security

Forensic sciences -- Data processing

Crime scene searches

Electronic evidence

Computer networks -- Security measures

Um framework para desenvolvimento e implementação de sistemas seguros baseados em hardware / A framework for development and implementation of secure hardware-based systems

Gallo Filho, Roberto Alves, 1978-

20 April 2004

Orientador : Ricardo Dahab. / Tese (doutorado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-21T17:02:27Z (GMT). No. of bitstreams: 1 GalloFilho_RobertoAlves_D.pdf: 5999506 bytes, checksum: 6ef66e76246dddb7de30593abff60bc5 (MD5) Previous issue date: 2012 / Resumo A concepção de sistemas seguros demanda tratamento holístico, global. A razão é que a mera composição de componentes individualmente seguros não garante a segurança do conjunto resultante2. Enquanto isso, a complexidade dos sistemas de informação cresce vigorosamente, dentre outros, no que se diz respeito: i) ao número de componentes constituintes; ii) ao número de interações com outros sistemas; e iii) 'a diversidade de natureza dos componentes. Este crescimento constante da complexidade demanda um domínio de conhecimento ao mesmo tempo multidisciplinar e profundo, cada vez mais difícil de ser coordenado em uma única visão global, seja por um indivíduo, seja por uma equipe de desenvolvimento. Nesta tese propomos um framework para a concepção, desenvolvimento e deployment de sistemas baseados em hardware que é fundamentado em uma visão única e global de segurança. Tal visão cobre um espectro abrangente de requisitos, desde a integridade física dos dispositivos até a verificação, pelo usuário final, de que seu sistema está logicamente íntegro. Para alcançar este objetivo, apresentamos nesta tese o seguinte conjunto de componentes para o nosso framework: i) um conjunto de considerações para a construção de modelos de ataques que capturem a natureza particular dos adversários de sistemas seguros reais, principalmente daqueles baseados em hardware; ii) um arcabouço teórico com conceitos e definições importantes e úteis na construção de sistemas seguros baseados em hardware; iii) um conjunto de padrões (patterns) de componentes e arquiteturas de sistemas seguros baseados em hardware; iv) um modelo teórico, lógico-probabilístico, para avaliação do nível de segurança das arquiteturas e implementações; e v) a aplicação dos elementos do framework na implementação de sistemas de produção, com estudos de casos muito significativos3. Os resultados relacionados a estes componentes estão apresentados nesta tese na forma de coletânea de artigos. 2 Técnicas "greedy" não fornecem necessariamente os resultados ótimos. Mais, a presença de componentes seguros não é nem fundamental. 3 Em termos de impacto social, econômico ou estratégico / Abstract: The conception of secure systems requires a global, holistic, approach. The reason is that the mere composition of individually secure components does not necessarily imply in the security of the resulting system4. Meanwhile, the complexity of information systems has grown vigorously in several dimensions as: i) the number of components, ii) the number of interactions with other components, iii) the diversity in the nature of the components. This continuous growth of complexity requires from designers a deep and broad multidisciplinary knowledge, which is becoming increasingly difficult to be coordinated and attained either by individuals or even teams. In this thesis we propose a framework for the conception, development, and deployment of secure hardware-based systems that is rooted on a unified and global security vision. Such a vision encompasses a broad spectrum of requirements, from device physical integrity to the device logical integrity verification by humans. In order to attain this objective we present in this thesis the following set of components of our framework: i) a set of considerations for the development of threat models that captures the particular nature of adversaries of real secure systems based on hardware; ii) a set of theoretical concepts and definitions useful in the design of secure hardware-based systems; iii) a set of design patterns of components and architectures for secure systems; iv) a logical-probabilistic theoretical model for security evaluation of system architectures and implementations; and v) the application of the elements of our framework in production systems with highly relevant study cases. Our results related to these components are presented in this thesis as a series of papers which have been published or submitted for publication. 4Greedy techniques do not inevitably yield optimal results. More than that, the usage of secure components is not even required / Doutorado / Ciência da Computação / Doutor em Ciência da Computação

Proteção de dados

Sistemas de segurança

Data protection

Computer networks - Security measures

Security systems

Performance Analysis of Security Protocols

Donta, Praveen Kumar

01 January 2007

Security is critical to a wide range of applications and services. Numerous security mechanisms and protocols have been developed and are widely used with today’s Internet. These protocols, which provide secrecy, authentication, and integrity control, are essential to protecting electronic information. There are many types of security protocols and mechanisms, such as symmetric key algorithms, asymmetric key algorithms, message digests, digital certificates, and secure socket layer (SSL) communication. Symmetric and asymmetric key algorithms provide secrecy. Message digests are used for authentication. SSL communication provides a secure connection between two sockets. The purpose of this graduate project was to do performance analysis on various security protocols. These are performance comparisons of symmetric key algorithms DES (Data Encryption Standard), 3DES (Triple DES), AES (Advanced Encryption Standard), and RC4; of public-private key algorithms RSA and ElGamal; of digital certificates using message digests SHA1 (Secure Hash Algorithm) and MD5; and of SSL (Secure Sockets Layer) communication using security algorithms 3DES with SHA1 and RC4 with MD5.

UNF

University of North Florida

School of Computing

Computer security -- Evaluation

Computer network protocols -- Evaluation

Computer Sciences