Global ETD Search

161	An Investigation on Detecting Applications Hidden in SSL Streams using Machine Learning Techniques McCarthy, Curtis 13 August 2010 (has links) The importance of knowing what type of traffic is flowing through a network is paramount to its success. Traffic shaping, Quality of Service, identifying critical business applications, Intrusion Detection Systems, as well as network administra- tion activities all require the base knowledge of what traffic is flowing over a network before any further steps can be taken. With SSL traffic on the rise due to applica- tions securing or concealing their traffic, the ability to determine what applications are running within a network is getting more and more difficult. Traditional methods of traffic classification through port numbers or deep packet inspection have been deemed inadequate by researchers thus making way for new methods. The purpose of this thesis is to investigate if a machine learning approach can be used with flow features to identify SSL in a given network trace. To this end, different machine learning methods are investigated without the use of port numbers, Internet Protocol addresses, or payload information. Various machine learning models are investigated including AdaBoost, Naive Bayes, RIPPER, and C4.5. The robustness of the results are tested against unseen datasets during training. Moreover, the proposed approach is compared to the Wireshark traffic analysis tool. Results show that the proposed ap- proach is very promising in identifying SSL traffic from a given network trace without using port numbers, Internet protocol addresses, or payload information. SSL Traffic Classification Machine Learning TLS Secure Sockets Layer Transport Layer Security
162	The Design and Applications of a Privacy-Preserving Identity and Trust-Management System Hussain, Mohammed 08 April 2010 (has links) Identities are present in the interactions between individuals and organizations. Online shopping requires credit card information, while e-government services require social security or passport numbers. The involvement of identities, however, makes them susceptible to theft and misuse. The most prominent approach for maintaining the privacy of individuals is the enforcement of privacy policies that regulate the flow and use of identity information. This approach suffers two drawbacks that severely limit its effectiveness. First, recent research in data-mining facilitates the fusion of partial identities into complete identities. That holds true even if the attributes examined are not, normally considered, to be identifying. Second, policies are prone to human error, allowing for identity information to be released accidentally. This thesis presents a system that enables an individual to interact with organizations, without allowing these organizations to link the interactions of that individual together. The system does not release individuals' identities to organizations. Instead, certified artificial identities are used to guarantee that individuals possess the required attributes to successfully participate in the interactions. The system limits the fusion of partial identities and minimizes the effects of human error. The concept of using certified artificial identities has been extensively researched. The system, however, tackles several unaddressed scenarios. The system works not only for interactions that involve an individual and an organization, but also for interactions that involve a set of individuals connected by structured relations. The individuals should prove the existence of relations among them to organizations, yet organizations cannot profile the actions of these individuals. Further, the system allows organizations to be anonymous, while proving their attributes to individuals. Reputation-based trust is incorporated to help individuals make informed decisions whether to deal with a particular organization. The system is used to design applications in e-commerce, access control, reputation management, and cloud computing. The thesis describes the applications in detail. / Thesis (Ph.D, Computing) -- Queen's University, 2010-04-07 11:17:37.68 Security Privacy Reputation Management Identity Management Anonymity Secure Interactions Unlinkability Cloud Computing
163	Creating a Secure Server Architecture and Policy for Linux-based Systems Kourtesis, Marios January 2015 (has links) Creating and maintaining servers for hosting services in a secure and reliable way is an important but complex and time-consuming task. Misconfiguration and lack of server maintenance can potentially make the system vulnerable. Hackers can exploit these vulnerabilities in order to penetrate into the system internals and cause damage. Having a standard architecture/configuration supporting the needed services saves time and resources while it reduces security risks. A server architecture protected by a security policy can secure the integrity and quality of the overall services. This research demonstrates building a secure server architecture protected by a security policy. To achieve this a security policy and a checklist was designed and combined with a host based IDPS, a NMS and a WAF. IDS secure environments Linux network management systems server security web application firewall server security
164	SECURE IMAGE PROCESSING Hu, Nan 01 January 2007 (has links) In todays heterogeneous network environment, there is a growing demand for distrusted parties to jointly execute distributed algorithms on private data whose secrecy needed to be safeguarded. Platforms that support such computation on image processing purposes are called secure image processing protocols. In this thesis, we propose a new security model, called quasi information theoretic (QIT) security. Under the proposed model efficient protocols on two basic image processing algorithms linear filtering and thresholding are developed. For both problems we consider two situations: 1) only two parties are involved where one holds the data and the other possesses the processing algorithm; 2) an additional non-colluding third party exists. Experiments show that our proposed protocols improved the computational time significantly compared with the classical cryptographical couterparts as well as providing reasonable amount of security as proved in the thesis
165	A SECURE ONLINE PAYMENT SYSTEM Pant, Shristi 01 January 2011 (has links) An online payment system allows a customer to make a payment to an online merchant or a service provider. Payment gateways, a channel between customers and payment processors, use various security tools to secure a customer’s payment information, usually debit or credit card information, during an online payment. However, the security provided by a payment gateway cannot completely protect a customer’s payment information when a merchant also has the ability to obtain the payment information in some form. Furthermore, not all merchants provide a secure payment environment to their customers and, despite having a standard payment policy, adhere to it. Consequently, this exposes a customer’s payment information to risks of being compromised or misused by merchants or stolen by hackers and spammers. In this thesis we propose a new approach to payment systems in which a customer’s payment information cannot be obtained by a merchant. A customer sends his payment information directly to a payment gateway and a payment gateway, upon verifying the transaction, sends a payment to the appropriate merchant. We use the Pedersen commitment scheme along with dual signatures to securely transfer funds to a merchant and protect a customer’s payment information from any Internet vulnerabilities. Online Payment Systems Payment Gateways Pedersen Commitment Secure Electronic Transaction Dual Signatures Computer Sciences
166	Lightweight Security Solutions for the Internet of Things Raza, Shahid January 2013 (has links) The future Internet will be an IPv6 network interconnecting traditional computers and a large number of smart object or networks such as Wireless Sensor Networks (WSNs). This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operations. Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. The traditional Internet has established and tested ways of securing networks. The IoT is a hybrid network of the Internet and resource-constrained networks, and it is therefore reasonable to explore the options of using security mechanisms standardized for the Internet in the IoT. The IoT requires multi-facet security solutions where the communication is secured with confidentiality, integrity, and authentication services; the network is protected against intrusions and disruptions; and the data inside a sensor node is stored in an encrypted form. Using standardized mechanisms, communication in the IoT can be secured at different layers: at the link layer with IEEE 802.15.4 security, at the network layer with IP security (IPsec), and at the transport layer with Datagram Transport Layer Security (DTLS). Even when the IoT is secured with encryption and authentication, sensor nodes are exposed to wireless attacks both from inside the WSN and from the Internet. Hence an Intrusion Detection System (IDS) and firewalls are needed. Since the nodes inside WSNs can be captured and cloned, protection of stored data is also important. This thesis has three main contributions. (i) It enables secure communication in the IoT using lightweight compressed yet standard compliant IPsec, DTLS, and IEEE 802.15.4 link layer security; and it discusses the pros and cons of each of these solutions. The proposed security solutions are implemented and evaluated in an IoT setup on real hardware. (ii) This thesis also presents the design, implementation, and evaluation of a novel IDS for the IoT. (iii) Last but not least, it also provides mechanisms to protect data inside constrained nodes. The experimental evaluation of the different solutions shows that the resource-constrained devices in the IoT can be secured with IPsec, DTLS, and 802.15.4 security; can be efficiently protected against intrusions; and the proposed combined secure storage and communication mechanisms can significantly reduce the security-related operations and energy consumption. Security Internet of Things 6LoWPAN CoAP RPL Secure Storage IDS DTLS IPsec
167	Secure and Privacy-Aware Data Collection in Wireless Sensor Networks Rodhe, Ioana January 2012 (has links) A wireless sensor network is a collection of numerous sensors distributed on an area of interest to collect and process data from the environment. One particular threat in wireless sensor networks is node compromise attacks, that is, attacks where the adversary gets physical access to a node and to the programs and keying material stored on it. Only authorized queries should be allowed in the network and the integrity and confidentiality of the data that is being collected should be protected. We propose a layered key distribution scheme together with two protocols for query authentication and confidential data aggregation. The layered key distribution is more robust to node and communication failures than a predefined tree structure. The protocols are secure under the assumption that less than n sensor nodes are compromised. n is a design parameter that allows us to trade off security for overhead. When more than n sensor nodes are compromised, our simulations show that the attacker can only introduce unauthorized queries into a limited part of the network and can only get access to a small part of the data that is aggregated in the network. Considering the data collection protocol we also contribute with strategies to reduce the energy consumption of an integrity preserving in-network aggregation scheme to a level below the energy consumption of a non-aggregation scheme. Our improvements reduce node congestion by a factor of three and the total communication load by 30%. Location privacy of the users carrying mobile devices is another aspect considered in this thesis. Considering a mobile sink that collects data from the network, we propose a strategy for data collection that requires no information about the location and movement pattern of the sink. We show that it is possible to provide data collection services, while protecting the location privacy of the sink. When mobile phones with built-in sensors are used as sensor nodes, location information about where the data has been sensed can be used to trace users and infer other personal information about them, like state of health or personal preferences. Therefore, location privacy preserving mechanisms have been proposed to provide location privacy to the users. We investigate how a location privacy preserving mechanism influences the quality of the collected data and consider strategies to reconstruct the data distribution without compromising location privacy. / WISENET Secure Data Collection Key Distribution Location Privacy Quality of Information Wireless Sensor Networks
168	Verifying Physical Endpoints to Secure Digital Systems Studer, Ahren M. 01 May 2011 (has links) The proliferation of electronic devices supporting sensing, actuation, and wireless communication enables the monitoring and/or control of a variety of physical systems with digital communication. Such “cyber physical systems” blur the boundaries of the digital and physical worlds, where correct information about the physical world is needed for the correct operation of the digital system. Often in these systems the physical source or destination of information is as important as the information itself. However, the omni-directional and invisible nature of wireless communication makes it difficult to determine communication endpoints. This allows a malicious party to intercept wireless messages or pose as other entities in the system. As such, these systems require new protocols to associate the endpoints of digital communication with physical entities. Traditional security approaches that associate cryptographic keys with names can help verify endpoints in static systems where a string accurately describes the role of a device. In other systems, the role of a device depends on its physical properties, such as location, which change over time. This dynamic nature implies that identification of an endpoint based on a static name is insufficient. Instead, we can leverage devices’ sensing and actuation capabilities to verify the physical properties and determine the physical endpoints of communication. We investigate three different scenarios where the physical source and/or destination is important and propose endpoint verification techniques: verifying the physical endpoints during an exchange between two smartphones, verifying the receiver of information is in a physical space to enable location-based access control, and verifying the source of information to protect Vehicle-to-Vehicle (V2V) applications. We evaluate our proposals in these systems and show that our solutions fulfill the security requirements while utilizing existing hardware. Exchanging Information Between Smartphones Shake on it (SHOT) allows users to verify the endpoints during an exchange of information between two smartphones. In our protocol, the phones use their vibrators and accelerometers to establish a human-observable communication channel. The users hold the phones together while the phones use this channel to bootstrap and verify the authenticity of an exchange that occurs over the higher-bandwidth wireless channel. Users can detect the injection of information from other devices as additional vibrations, and prevent such attacks. Our implementation of SHOT for the DROID smartphone is able to support sender and receiver verification during an exchange between two smartphones in 15 seconds on average. Location-Based Access Control We propose using location-based access control to protect sensitive files on laptops, without requiring any effort from the user to provide security. With a purely wireless electronic system, verifying that a given device is in a physical space is a challenge; either the definition of the physical space is vague (radio waves can travel beyond walls) or the solution requires expensive hardware to measure a message’s time of flight. Instead, we use infrared as a signal that walls can contain. We develop key derivation protocols that ensure only a receiver in the physical room with access to the signal can derive the key. We implement a system that uses the laptop’s webcam to record the infrared signal, derive a key, and decrypt sensitive files in less than 5 seconds. Source Verification for V2V Networks A number of V2V applications use information about nearby vehicles to prevent accidents or reduce fuel consumption. However, false information about the positioning of vehicles can cause erroneous behavior, including accidents that would not occur in the absence of V2V. As such, we need a way to verify which vehicle sent a message and that the message accurately describes the physical state of that vehicle. We propose using LED lights on vehicles to broadcast the certificate a vehicle is currently using. Receivers can use onboard cameras to film the encoding of the certificate and estimate the relative location of the vehicle. This visual channel allows a receiver to associate a physical vehicle at a known location with the cryptographic credentials used to sign a location claim. Our simulations indicate that even with a pessimistic visual channel, visual verification of V2V senders provides sufficient verification capabilities to support the relevant applications. System Security Mobile Computing Trust Establishment Key Management Secure Storage Vehicular Networks
169	Data Aggregation and Gathering Transmission in Wireless Sensor Networks: A Survey kakani, phani priya January 2013 (has links) Wireless sensor networks have many sensor devices that send their data to the sink or base station for further processing. This is called direct delivery. But this leads to heavy traffic in the network and as the nodes are limited with energy, this decreases the lifetime of the network. So data aggregation technique is introduced to improve the lifetime. This technique aggregates or merges the multiple incoming packets in to single packet and forwards it to sink. There is different data aggregation techniques based on the topology of the network. This report clearly explains the purpose of data aggregation and gathering in WSN, data aggregation in flat networks and data aggregation in hierarchical networks, different data aggregation techniques in cluster based networks, chain based, tree based and grid based networks. Data aggregation technique can successfully minimize the data traffic and energy consumption only when it is carried out in a secure manner. Part2 of the survey explains the possible attacks that affect data aggregation in wireless sensor network. The secure data aggregation techniques in wireless sensor networks are also discussed in this report. Secure data aggregation
170	Secure, privacy assured mechanisms for heterogeneous contextual environments Vasanta, Harikrishna January 2006 (has links) Location information is used to provide a diverse range of services to users such as emergency, navigation, billing, security, information and advertising services. This information is derived from a broad range of indoor and outdoor technologies. The location information thus derived is of different granularity, different co-ordination system and is controlled by numerous service providers. In addition to this, broad selections of devices are used for providing these services. Having a diverse range of applications requiring location information at different levels of granularity, the need to export location information across multiple devices and the existence of different location determination technologies necessitates the need for heterogeneous location network. These networks derive location information from multiple sources and provides various location-based services to users irrespective of the medium, device or technology used. Security, user privacy and management of location information are some of the important issues that need to be addressed. The main contribution of this thesis is the design of a secure and privacy assured heterogeneous location architecture. A formal methodology was chosen to design the heterogeneous location architecture. The design of the architecture resulted in a novel key distribution protocol and a model for information flow that can be easily encapsulated into applications or architectures having similar requirements. The research also resulted in the enhancement of a proposed location framework for securing critical infrastructures using context-aware self-defending objects. The proposed enhanced framework helps to negate the security vulnerabilities introduced through the use of general-purpose computer systems in critical infrastructures. heterogeneous location networks context aware computing pervasive computing ubiquitous computing secure system design network security

Search results