An innovative algebraic approach for IP traceback.

January 2004

Chen Zhaole. / Thesis submitted in: Aug 2003. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2004. / Includes bibliographical references (leaves 54-56). / Abstracts in English and Chinese. / Abstract / Acknowledgement / Chapter 1 --- Introduction --- p.1 / Chapter 1.1. --- Motivation --- p.2 / Chapter 1.2. --- The Problem --- p.2 / Chapter 1.3. --- Project Introduction --- p.3 / Chapter 1.4. --- Thesis Outline --- p.4 / Chapter 2 --- Denial-of-Service Attacks --- p.5 / Chapter 2.1 --- Introduction --- p.6 / Chapter 2.2 --- Denial-of-Service Attacks --- p.7 / Chapter 2.2.1 --- Direct DoS Attacks --- p.7 / Chapter 2.2.2 --- Reflector DoS Attacks --- p.11 / Chapter 3 --- Related Work --- p.14 / Chapter 3.1 --- Introduction --- p.15 / Chapter 3.2 --- Link Testing --- p.15 / Chapter 3.3 --- Probabilistic Marking Scheme --- p.16 / Chapter 3.4 --- ICMP Traceback --- p.17 / Chapter 3.5 --- Algebraic Marking Scheme --- p.18 / Chapter 3.6 --- Advanced and Authenticated Marking Scheme --- p.19 / Chapter 4 --- An Innovative Algebraic Approach for IP Traceback --- p.21 / Chapter 4.1 --- Introduction --- p.22 / Chapter 4.2 --- Background --- p.23 / Chapter 4.2.1 --- Definitions --- p.23 / Chapter 4.2.2 --- Assumptions --- p.24 / Chapter 4.2.3 --- Basic Principles --- p.25 / Chapter 4.3 --- Marking Schemes for Tracing DoS Attacks --- p.26 / Chapter 4.3.1 --- Simplified Algebraic Marking Scheme --- p.26 / Chapter 4.3.2 --- Reflective Algebraic Marking Scheme --- p.31 / Chapter 5 --- Feasibility and Performance Analysis --- p.35 / Chapter 5.1 --- Backward Compatibility --- p.36 / Chapter 5.2 --- Number of False Positives --- p.37 / Chapter 5.3 --- Minimum Number of Packets for Reconstruction --- p.38 / Chapter 5.4 --- Multiple Attacks --- p.38 / Chapter 5.5 --- Reconstruction Time --- p.39 / Chapter 5.6 --- Router Performance --- p.39 / Chapter 6 --- Experiment Results --- p.40 / Chapter 6.1 --- Experiments of Simplified Marking Scheme --- p.41 / Chapter 6.2 --- Experiments of Reflective Marking Scheme --- p.44 / Chapter 7 --- Conclusions and future work --- p.47 / Chapter 7.1 --- Conclusions --- p.47 / Chapter 7.2 --- Future Work --- p.48 / Bibliography --- p.50

Computer networks--Security measures

Computer security

Towards IP traceback based defense against DDoS attacks.

January 2004

Lau Nga Sin. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2004. / Includes bibliographical references (leaves 101-110). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Research Motivation --- p.2 / Chapter 1.2 --- Problem Statement --- p.3 / Chapter 1.3 --- Research Objectives --- p.4 / Chapter 1.4 --- Structure of the Thesis --- p.6 / Chapter 2 --- Background Study on DDoS Attacks --- p.8 / Chapter 2.1 --- Distributed Denial of Service Attacks --- p.8 / Chapter 2.1.1 --- DDoS Attack Architecture --- p.9 / Chapter 2.1.2 --- DDoS Attack Taxonomy --- p.11 / Chapter 2.1.3 --- DDoS Tools --- p.19 / Chapter 2.1.4 --- DDoS Detection --- p.21 / Chapter 2.2 --- DDoS Countermeasure: Attack Source Traceback --- p.23 / Chapter 2.2.1 --- Link Testing --- p.23 / Chapter 2.2.2 --- Logging --- p.24 / Chapter 2.2.3 --- ICMP-based traceback --- p.26 / Chapter 2.2.4 --- Packet marking --- p.28 / Chapter 2.2.5 --- Comparison of various IP Traceback Schemes --- p.31 / Chapter 2.3 --- DDoS Countermeasure: Packet Filtering --- p.33 / Chapter 2.3.1 --- Ingress Filtering --- p.33 / Chapter 2.3.2 --- Egress Filtering --- p.34 / Chapter 2.3.3 --- Route-based Packet Filtering --- p.35 / Chapter 2.3.4 --- IP Traceback-based Packet Filtering --- p.36 / Chapter 2.3.5 --- Router-based Pushback --- p.37 / Chapter 3 --- Domain-based IP Traceback Scheme --- p.40 / Chapter 3.1 --- Overview of our IP Traceback Scheme --- p.41 / Chapter 3.2 --- Assumptions --- p.44 / Chapter 3.3 --- Proposed Packet Marking Scheme --- p.45 / Chapter 3.3.1 --- IP Markings with Edge Sampling --- p.46 / Chapter 3.3.2 --- Domain-based Design Motivation --- p.48 / Chapter 3.3.3 --- Mathematical Principle --- p.49 / Chapter 3.3.4 --- Marking Mechanism --- p.51 / Chapter 3.3.5 --- Storage Space of the Marking Fields --- p.56 / Chapter 3.3.6 --- Packet Marking Integrity --- p.57 / Chapter 3.3.7 --- Path Reconstruction --- p.58 / Chapter 4 --- Route-based Packet Filtering Scheme --- p.62 / Chapter 4.1 --- Placement of Filters --- p.63 / Chapter 4.1.1 --- At Sources' Networks --- p.64 / Chapter 4.1.2 --- At Victim's Network --- p.64 / Chapter 4.2 --- Proposed Packet Filtering Scheme --- p.65 / Chapter 4.2.1 --- Classification of Packets --- p.66 / Chapter 4.2.2 --- Filtering Mechanism --- p.67 / Chapter 5 --- Performance Evaluation --- p.70 / Chapter 5.1 --- Simulation Setup --- p.70 / Chapter 5.2 --- Experiments on IP Traceback Scheme --- p.72 / Chapter 5.2.1 --- Performance Metrics --- p.72 / Chapter 5.2.2 --- Choice of Marking Probabilities --- p.73 / Chapter 5.2.3 --- Experimental Results --- p.75 / Chapter 5.3 --- Experiments on Packet Filtering Scheme --- p.82 / Chapter 5.3.1 --- Performance Metrics --- p.82 / Chapter 5.3.2 --- Choices of Filtering Probabilities --- p.84 / Chapter 5.3.3 --- Experimental Results --- p.85 / Chapter 5.4 --- Deployment Issues --- p.91 / Chapter 5.4.1 --- Backward Compatibility --- p.91 / Chapter 5.4.2 --- Processing Overheads to the Routers and Network --- p.93 / Chapter 5.5 --- Evaluations --- p.95 / Chapter 6 --- Conclusion --- p.96 / Chapter 6.1 --- Contributions --- p.96 / Chapter 6.2 --- Discussions and future work --- p.99 / Bibliography --- p.110

Computer networks--Security measures

Computer security

Two essays on public sector reform.

January 2003

Yuen Chi-lok. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2003. / Includes bibliographical references (leaves 63-70). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iii / Table of Contents --- p.iv / List of Tables --- p.v / Chapter Chapter 1 --- The Dynamics of the Labor Market across Public and Private Sectors in a Theoretical Model / Chapter 1.1 --- Introduction --- p.1 / Chapter 1.2 --- Empirical Studies --- p.4 / Chapter 1.3 --- The Model --- p.7 / Chapter 1.3.1 --- Preferences of Working Agents --- p.7 / Chapter 1.3.2 --- Production Technology --- p.8 / Chapter 1.4 --- "Optimization, Equilibrium and Some Comparative Static Results" --- p.10 / Chapter 1.4.1 --- Optimization Problems --- p.10 / Chapter 1.4.2 --- Market Equilibrium --- p.15 / Chapter 1.4.3 --- Comparative Static Results --- p.16 / Chapter 1.5 --- Extensions --- p.22 / Chapter 1.5.1 --- Wage Structure in Public Sector and its Effects --- p.22 / Chapter 1.5.2 --- How the Wage Level of the Public Sector Affects the Private Labor Market --- p.24 / Chapter 1.6 --- Conclusion --- p.29 / Chapter Chapter 2 --- Pillars for the Growing Dragon: Social Security in China --- p.31 / Chapter 2.1 --- Introduction --- p.31 / Chapter 2.2 --- The Evolution of the Chinese Social Security System --- p.33 / Chapter 2.2.1 --- The Establishment of the Social Security System since1949 --- p.33 / Chapter 2.2.2 --- The Reform in 1980s --- p.35 / Chapter 2.3 --- The Existing Chinese Social Security System --- p.39 / Chapter 2.3.1 --- Pension Reform --- p.42 / Chapter 2.3.2 --- Unemployment Insurance Reform --- p.45 / Chapter 2.3.3 --- Medical Insurance Reform --- p.50 / Chapter 2.4 --- Sustainability Problem in the Chinese Social Security System --- p.53 / Chapter 2.5 --- Conclusion --- p.60 / References --- p.63 / Appendix --- p.71

Labor market

Social security

Social security--China

DeRef: a privacy-preserving defense mechanism against request forgery attacks.

January 2011

Fung, Siu Yuen. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2011. / Includes bibliographical references (p. 58-63). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Background and Related Work --- p.7 / Chapter 2.1 --- Request Forgery Attacks --- p.7 / Chapter 2.2 --- Current Defense Approaches --- p.10 / Chapter 2.3 --- Lessons Learned --- p.13 / Chapter 3 --- Design of DeRef --- p.15 / Chapter 3.1 --- Threat Model --- p.16 / Chapter 3.2 --- Fine-Grained Access Control --- p.18 / Chapter 3.3 --- Two-Phase Privacy-Preserving Checking --- p.24 / Chapter 3.4 --- Putting It All Together --- p.29 / Chapter 3.5 --- Implementation --- p.33 / Chapter 4 --- Deployment Case Studies --- p.36 / Chapter 4.1 --- WordPress --- p.37 / Chapter 4.2 --- Joomla! and Drupal --- p.42 / Chapter 5 --- Evaluation --- p.44 / Chapter 5.1 --- Performance Overhead of DeRef in Real Deployment --- p.45 / Chapter 5.2 --- Performance Overhead of DeRef with Various Configurations --- p.50 / Chapter 6 --- Conclusions --- p.56 / Bibliography --- p.58

Internet--Security measures

Data protection

Database security

An effective methodology to traceback DDoS attackers.

January 2003

Lam, Kwok Tai. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2003. / Includes bibliographical references (leaves 64-66). / Abstracts in English and Chinese. / Chapter 1 --- Introduction to Network Security via Efficient IP Traceback --- p.10 / Chapter 1.1 --- Motivation --- p.10 / Chapter 1.2 --- DDoS Attacker Traceback Problem --- p.11 / Chapter 1.3 --- Document Roadmap --- p.13 / Chapter 2 --- Background --- p.14 / Chapter 2.1 --- Probabilistic Edge Marking Algorithm --- p.14 / Chapter 2.1.1 --- Probabilistic Edge Marking Procedure --- p.15 / Chapter 2.1.2 --- Attack Graph Construction Procedure --- p.17 / Chapter 2.1.3 --- Advantages and Disadvantages of Algorithm --- p.19 / Chapter 3 --- Attacker Traceback: Linear Topology --- p.22 / Chapter 3.1 --- Determination of Local Traffic Rates --- p.23 / Chapter 3.2 --- Determination of Minimum Stable Time tmin --- p.25 / Chapter 3.3 --- Elimination of Attackers --- p.26 / Chapter 4 --- Attacker Traceback: General Topology --- p.30 / Chapter 4.1 --- Determination of Local Traffic Rates --- p.30 / Chapter 4.2 --- Determination of Minimum Stable Time tmin --- p.33 / Chapter 5 --- Simulations --- p.36 / Chapter 5.1 --- Simulation 1 - Correctness and robustness of estimating the min- imum stable time tmin --- p.37 / Chapter 5.1.1 --- Simulation l.A - Influence on tmin by different packet arrival processes --- p.37 / Chapter 5.1.2 --- Simulation l.B - Influence on tmin by different packet arrival processes under MMPP --- p.38 / Chapter 5.1.3 --- Simulation l.C - Influence on tmin and variance of traffic rate estimation by different pthreshold --- p.39 / Chapter 5.2 --- Simulation 2 - Factors which influence the minimum stable time tmin --- p.40 / Chapter 5.2.1 --- Simulation 2.A - Influence on tmin by different length of the attack path --- p.41 / Chapter 5.2.2 --- Simulation 2.B - Influence on tmin by the relative posi- tions of the attackers --- p.42 / Chapter 5.2.3 --- Simulation 2.C - Influence on tmin by different ATR and different length of the attack path --- p.43 / Chapter 5.3 --- Simulation 3 - Extension to General Network Topology --- p.45 / Chapter 5.3.1 --- Simulation 3.A - Influence on tmin by different ATR and different diameter of the network topology --- p.45 / Chapter 5.3.2 --- Simulation 3.B - Influence on tmin by different number of attackers --- p.46 / Chapter 5.4 --- Simulation 4 - Extension to Internet Topology --- p.47 / Chapter 5.4.1 --- Simulation 4.A - Influence on tminby different diameter of the network topology --- p.49 / Chapter 5.4.2 --- Simulation 4.B - Influence on tmin by different number of attackers --- p.50 / Chapter 6 --- Experiments --- p.51 / Chapter 6.1 --- Experiment 1: Simple DoS Attack --- p.53 / Chapter 6.1.1 --- Experiment l.A - Influence on tmin by different types of DDoS attack --- p.54 / Chapter 6.1.2 --- Experiment l.B - Influence on tmin by different length of the attack path --- p.55 / Chapter 6.2 --- Experiment 2: Coordinated DoS Attack --- p.55 / Chapter 6.2.1 --- Experiment 2.A - Influence on tmin by the relative posi- tions of the attackers --- p.56 / Chapter 6.2.2 --- Experiment 2.B - Influence on tmin by different number of attackers --- p.58 / Chapter 7 --- Related Work --- p.59 / Chapter 8 --- Conclusion --- p.62 / Bibliography --- p.64

Computer networks--Security measures

Computer security

Hackers

Security issues in mobile IP and mobile ad hoc networks

Shankaran, Rajan, University of Western Sydney, College of Science, Technology and Environment, School of Computing and Information Technology

January 2004

The need for information anywhere and at any time has been the driving force for the increasing growth in mobile networks and devices. The field of mobile computing is the merger of advances in computing and communications with the aim of providing seamless and ubiquitous computing environment for mobile users. Whereas notebook computers and personal digital assistants (PDAs) are self-contained, networked computing constitutes a new paradigm of computing that is revolutionizing the way computers are used. Mobile networking greatly enhances the utility of carrying a computing device. It provides mobile users with versatile communication to other people and expedient notification of important events, yet with much more flexibility than cellular telephones and pagers. It also permits continuous access to services and resources of the traditional land-based wired networks. This combination of networking and mobility will engender new applications and services, such as collaborative software to support impromptu meetings, electronic bulletin boards that adapt to the contents according to the participants present, self adjusting lighting and heating, and navigation software to guide users in unfamiliar places and tours. To support mobility in the Internet, the Internet Protocol (IP) has been extended to support mobility. Also at the same time, there is also a growing trend for these IP based networks to operate in an infrastructureless environment called mobile ad-hoc networks. However, the proliferation of such mobile networks depends on a multitude of factors, with trustworthiness being one of the primary challenges to be met. The objective of this dissertation is to address the issues involved in the design of security services for Mobile IP and ad-hoc networks. Extensions to IP based networks (both wired and infrastructureless networks) to facilitate mobility have not been designed keeping security in mind. However adequate security features are basic requirements for the continued functioning of mobile networks. Clearly the problem is so broad that there is no way to devise a general solution We aim to address most of these wide- ranging problems and in the process initiate a practical approach to the development of an integrated security infrastructure for mobile networks. The intention is to seamlessly integrate these security services and mechanisms at the IP level within the mobile IP and ad-hoc networks. The provision of security services at the higher and lower layers and their interoperability with our proposed framework is outside the scope of this thesis / Doctor of Philosophy (PhD)

computer security

mobile computing

security measures

Towards the development of a defensive cyber damage and mission impact methodology

Fortson, Larry W.,

January 1900

Thesis (M.S.)--Air Force Institute of Technology, 2007. / AFIT/GIR/ENV/07-M9. Title from title page of PDF document (viewed on: Nov. 29, 2007). "March 2007." Includes bibliographical references (leaves 226-237).

Security versus Power Consumption in Wireless Sensor Networks

Fötschl, Christine, Rainer, Stefan

January 2006

<p>X3 C is a Swedish company which develops a world wide good tracking system by using ARFID </p><p>tags placed on every item which has to be delivered and base stations as gateway in a wireless </p><p>sensor network. The requirement of a long lifespan of their ARFID tags made it difficult to </p><p>implement security. Firstly an evaluation of possible security mechanisms and their power </p><p>consumption was done by measuring the avalanche effect and character frequency of the sym- </p><p>metric algorithms Blowfish, RC2 and XTEA. Secondly, the required CPU time which is needed </p><p>by each algorithm for encrypting a demo plaintext, was measured and analyzed. Summariz- </p><p>ing both analysis, the XTEA algorithm, run in CBC mode, is the recommendation for the XC </p><p>ARFID tags. The testing processes and the results are presented in detail in this thesis.</p>

Wireless Sensor Networks

Security Algorithm Benchmarking

Security

Design and implementation of a hardened distributed network endpoint security system for improving the security of internet protocol-based networks

Atkins, William Dee,

January 2007

Thesis (M.S.)--University of Missouri--Rolla, 2007. / Vita. The entire thesis text is included in file. Title from title screen of thesis/dissertation PDF file (viewed April 11, 2007) Includes bibliographical references (p. 54-55).

Security versus Power Consumption in Wireless Sensor Networks

Fötschl, Christine, Rainer, Stefan

January 2006

X3 C is a Swedish company which develops a world wide good tracking system by using ARFID tags placed on every item which has to be delivered and base stations as gateway in a wireless sensor network. The requirement of a long lifespan of their ARFID tags made it difficult to implement security. Firstly an evaluation of possible security mechanisms and their power consumption was done by measuring the avalanche effect and character frequency of the sym- metric algorithms Blowfish, RC2 and XTEA. Secondly, the required CPU time which is needed by each algorithm for encrypting a demo plaintext, was measured and analyzed. Summariz- ing both analysis, the XTEA algorithm, run in CBC mode, is the recommendation for the XC ARFID tags. The testing processes and the results are presented in detail in this thesis.

Wireless Sensor Networks

Security Algorithm Benchmarking

Security