A Study and Implementation of Match Problem

Shyu, Jin-Hong

14 August 2003

Match problem is a very practical problem. For example, distribution system of united examination today is a kind of match problem. However, it is very inconvenient to hand over preference card now. Person must leave for designate place to hand over preference card. Besides, Internet is in widespread use now. A lot of work has accomplished and achieved conveniently by the use of Internet, such as Internet filing tax, electronic document and so on. After the work electronic-based, the work efficiency and personal convenience will be increased. Therefore, this study is constructing a system, which combines handing over preference card with Internet and considering that the security of Internet. This can simplify the procedure of handing over preference card.

Web-Services

Match Problem

Secure Channel

Study on Routing Protocols for the Security of Wireless Sensor Networks

Kulkarni, Aditya

10 1900

ITC/USA 2013 Conference Proceedings / The Forty-Ninth Annual International Telemetering Conference and Technical Exhibition / October 21-24, 2013 / Bally's Hotel & Convention Center, Las Vegas, NV / This paper describes some of the security challenges faced by Wireless Sensor Networks (WSN). A classification and analysis of prominent attacks on the routing protocols of WSN is provided, along with a review of recent developments in the field to help mitigate the impact of these attacks.

wireless sensor networks

routine

secure communications

Secure Detection in Cyberphysical Control Systems

Chabukswar, Rohan

01 May 2014

A SCADA system employing the distributed networks of sensors and actuators that interact with the physical environment is vulnerable to attacks that target the interface between the cyber and physical subsystems. An attack that hijacks the sensors in an attempt to provide false readings to the controller (for example, the Stuxnet worm that targeted Iran’s nuclear centrifuges) can be used to feign normal system operation for the control system, while the attacker can hijack the actuators to send the system beyond its safety range. This thesis extends the results of a previously proposed method. The original method proposed addition of a randomized “watermarking” signal and checking for the presence of this signal and its effects in the received sensor measurements. Since the control inputs traverse the cyberphysical boundary and make their effects apparent in the sensor measurements, they are employed to carry this watermarking signal through to the system and back to the SCADA controller. The sensor measurements are compared to the expected measurements (calculated using a suitably delayed model of the system within the controller). This methodology is based on using the statistics of the linear system and its controller. The inclusion of a randomized signal on the control inputs induces an increase in the performance cost of the physical system. This thesis proposes a method of optimization of the watermarking signal based on the trade-off between this performance cost and the attack detection rate, by leveraging the distribution the watermarking signal over multiple inputs and multiple outputs. It is further proved that regardless of the number of inputs and outputs in the system, only one watermarking signal needs to be generated. This optimization, and its necessity in improving the effectiveness of the detector without detriment to the performance cost, are demonstrated on a simulated chemical plant. The thesis also proposes another methodology that does not rely on these statistics, but is instead based on calculating the correlation between the received sensor measurements and the expected measurements accrued from the model inside the controller. Generalizing the form of attack even further to attacks that target the integrity of the data sent to the actuators and received from the sensors, this thesis demonstrates the effect of such integrity attack on electricity market operations, where the attacker successfully uses a vulnerability in the Global Position System to break synchronicity among dispersed phasor measurements to gain a competitive advantage over other bidders in the electricity market. In an effort to make state estimation robust against integrity attacks, the sensors and states are modeled as binary variables. Sensor networks use binary measurements and state estimations for several reasons, including communication and processing overheads. Such a state estimator is vulnerable to attackers that can hijack a subset of the sensors in an effort to change the state estimate. This thesis proposes a method for designing the estimators using the concept of invariant sets. This methodology relies on identifying the sets of measurement vectors for which no amount of manipulation by the attacker can change estimate, and maximizing the probability that the sensor measurement vector lies in this set. Although the problem of finding the best possible invariant sets for a general set of sensors has double-exponential complexity, by using some simplifications on the types of sensors, this can be reduced significantly. For the problem that employs all sensors of the same type, this method reduces to a linear search. For sensors that can be classified into two types, this complexity reduces to a search over a two-dimensional space, which is still tractable. Further increase in the confidence of the estimate can be achieved by considering the correlation between the sensor measurements.

control

cyberphysical systems

secure control

scada

Crypto-processor - architecture, programming and evaluation of the security

Gaspar, Lubos

16 November 2012

Architectures of cryptographic processors and coprocessors are often vulnerable to different kinds of attacks, especially those targeting the disclosure of encryption keys. It is well known that manipulating confidential keys by the processor as ordinary data can represent a threat: a change in the program code (malicious or unintentional) can cause the unencrypted confidential key to leave the security area. This way, the security of the whole system would be irrecoverably compromised. The aim of our work was to search for flexible and reconfigurable hardware architectures, which can provide high security of confidential keys during their generation, storage and exchange while implementing common symmetric key cryptographic modes and protocols. In the first part of the manuscript, we introduce the bases of applied cryptography and of reconfigurable computing that are necessary for better understanding of the work. Second, we present threats to security of confidential keys when stored and processed within an embedded system. To counteract these threats, novel design rules increasing robustness of cryptographic processors and coprocessors against software attacks are presented. The rules suggest separating registers dedicated to key storage from those dedicated to data storage: we propose to partition the system into the data, cipher and key zone and to isolate the zones from each other at protocol, system, architectural and physical levels. Next, we present a novel HCrypt crypto-processor complying with the separation rules and thus ensuring secure key management. Besides instructions dedicated to secure key management, some additional instructions are dedicated to easy realization of block cipher modes and cryptographic protocols in general. In the next part of the manuscript, we show that the proposed separation principles can be extended also to a processor-coprocessor architecture. We propose a secure crypto-coprocessor, which can be used in conjunction with any general-purpose processor. To demonstrate its flexibility, the crypto-coprocessor is interconnected with the NIOS II, MicroBlaze and Cortex M1 soft-core processors. In the following part of the work, we examine the resistance of the HCrypt cryptoprocessor to differential power analysis (DPA) attacks. Following this analysis, we modify the architecture of the HCrypt processor in order to simplify its protection against side channel attacks (SCA) and fault injection attacks (FIA). We show that by rearranging blocks of the HCrypt processor at macroarchitecture level, the new HCrypt2 processor becomes natively more robust to DPA and FIA. Next, we study possibilities of dynamically reconfiguring selected parts of the processor - crypto-coprocessor architecture. The dynamic reconfiguration feature can be very useful when the cipher algorithm or its implementation must be changed in response to appearance of some vulnerability. Finally, the last part of the manuscript is dedicated to thorough testing and optimizations of both versions of the HCrypt crypto-processor. Architectures of crypto-processors and crypto-coprocessors are often vulnerable to software attacks targeting the disclosure of encryption keys. The thesis introduces separation rules enabling crypto-processor/coprocessors to support secure key management. Separation rules are implemented on novel HCrypt crypto-processor resistant to software attacks targetting the disclosure of encryption keys

Secure crypto-processor

Secure crypto-coprocessor

Secure key management

Separation rules

HCrypt

Secure reconfiguration

FPGA

Um sistema seguro para votações digitais / A secure system for electronic voting

Lichtler, Ricardo Luis

January 2004

O papel das eleições tem crescido de importância na sociedade moderna. Se, por um lado, é necessário garantir a universalização do voto, por outro lado é fundamental garantir a qualidade e a lisura do processo eleitoral. Neste sentido, muitos trabalhos têm sido apresentados com o objetivo de usar recursos computacionais no processo eleitoral. Computadores podem facilitar o acesso dos eleitores aos sistemas e processos de votação, como também aceleram a apuração dos resultados. Entretanto, redes de computadores são alvos de ataques sistemáticos. Esses ataques podem afetar a disponibilidade do processo e, além disso, interferir nos resultados da eleição ou afetar seus fundamentos. Garantir que os princípios exigidos para uma eleição segura sejam respeitados é a finalidade dos sistemas baseados em protocolos criptográficos. Muitas propostas de sistemas têm sido feitas. Algumas utilizam certo grau de obscuridade de funcionamento como garantia contra ataques; outras utilizam técnicas amplamente conhecidas, embora com grau elevado de complexidade. O presente trabalho apresenta a proposta de um sistema completo para execução de uma votação digital segura. O sistema é baseado em um protocolo simples, porém completo, que utiliza técnicas criptográficas amplamente conhecidas. O protocolo é descrito gradativamente, e é provada a sua eficiência contra os ataques possíveis. O texto ainda apresenta alguns outros protocolos criados para esse mesmo propósito. Finalmente, é apresentado o protótipo de um sistema de software que emprega o protocolo considerado. / The role of the elections has grown of importance in the modern society. If it is necessary to guarantee the universalization of the vote, on the other hand it is basic to guarantee the quality and the correctness of the electoral process. In this direction, many works have been presented with the objective to use computational resources in the electoral process. Computers can facilitate to the access of the voters to the voting systems and processes, as also they speed up the verification of the results. However, computer networks are target of systematic attacks. These attacks can affect the availability of the process and, moreover, intervene with the results of the election or affect its fundamentals. To guarantee that the principles demanded for a safe election are respected is the purpose of the systems based on cryptographic protocols. Many proposals of systems have been made. Some use certain degree of functional obscurity as warranty against attacks; others use widely known techniques, even so with high degree of complexity. The present work presents the proposal of a complete system for execution of a secure digital voting. The system is based on a simple protocol, however complete, that uses widely known cryptographic techniques. The protocol is gradually described, and its efficiency against the possible attacksis proven. The text still presents some other protocols created for this same purpose. Finally, the prototype of a software system that uses the considered protocol is presented .

Criptografia

Voto eletrônico

Secure voting

Protocol

Cryptography

Um sistema seguro para votações digitais / A secure system for electronic voting

Lichtler, Ricardo Luis

January 2004

O papel das eleições tem crescido de importância na sociedade moderna. Se, por um lado, é necessário garantir a universalização do voto, por outro lado é fundamental garantir a qualidade e a lisura do processo eleitoral. Neste sentido, muitos trabalhos têm sido apresentados com o objetivo de usar recursos computacionais no processo eleitoral. Computadores podem facilitar o acesso dos eleitores aos sistemas e processos de votação, como também aceleram a apuração dos resultados. Entretanto, redes de computadores são alvos de ataques sistemáticos. Esses ataques podem afetar a disponibilidade do processo e, além disso, interferir nos resultados da eleição ou afetar seus fundamentos. Garantir que os princípios exigidos para uma eleição segura sejam respeitados é a finalidade dos sistemas baseados em protocolos criptográficos. Muitas propostas de sistemas têm sido feitas. Algumas utilizam certo grau de obscuridade de funcionamento como garantia contra ataques; outras utilizam técnicas amplamente conhecidas, embora com grau elevado de complexidade. O presente trabalho apresenta a proposta de um sistema completo para execução de uma votação digital segura. O sistema é baseado em um protocolo simples, porém completo, que utiliza técnicas criptográficas amplamente conhecidas. O protocolo é descrito gradativamente, e é provada a sua eficiência contra os ataques possíveis. O texto ainda apresenta alguns outros protocolos criados para esse mesmo propósito. Finalmente, é apresentado o protótipo de um sistema de software que emprega o protocolo considerado. / The role of the elections has grown of importance in the modern society. If it is necessary to guarantee the universalization of the vote, on the other hand it is basic to guarantee the quality and the correctness of the electoral process. In this direction, many works have been presented with the objective to use computational resources in the electoral process. Computers can facilitate to the access of the voters to the voting systems and processes, as also they speed up the verification of the results. However, computer networks are target of systematic attacks. These attacks can affect the availability of the process and, moreover, intervene with the results of the election or affect its fundamentals. To guarantee that the principles demanded for a safe election are respected is the purpose of the systems based on cryptographic protocols. Many proposals of systems have been made. Some use certain degree of functional obscurity as warranty against attacks; others use widely known techniques, even so with high degree of complexity. The present work presents the proposal of a complete system for execution of a secure digital voting. The system is based on a simple protocol, however complete, that uses widely known cryptographic techniques. The protocol is gradually described, and its efficiency against the possible attacksis proven. The text still presents some other protocols created for this same purpose. Finally, the prototype of a software system that uses the considered protocol is presented .

Criptografia

Voto eletrônico

Secure voting

Protocol

Cryptography

Um sistema seguro para votações digitais / A secure system for electronic voting

Lichtler, Ricardo Luis

January 2004

O papel das eleições tem crescido de importância na sociedade moderna. Se, por um lado, é necessário garantir a universalização do voto, por outro lado é fundamental garantir a qualidade e a lisura do processo eleitoral. Neste sentido, muitos trabalhos têm sido apresentados com o objetivo de usar recursos computacionais no processo eleitoral. Computadores podem facilitar o acesso dos eleitores aos sistemas e processos de votação, como também aceleram a apuração dos resultados. Entretanto, redes de computadores são alvos de ataques sistemáticos. Esses ataques podem afetar a disponibilidade do processo e, além disso, interferir nos resultados da eleição ou afetar seus fundamentos. Garantir que os princípios exigidos para uma eleição segura sejam respeitados é a finalidade dos sistemas baseados em protocolos criptográficos. Muitas propostas de sistemas têm sido feitas. Algumas utilizam certo grau de obscuridade de funcionamento como garantia contra ataques; outras utilizam técnicas amplamente conhecidas, embora com grau elevado de complexidade. O presente trabalho apresenta a proposta de um sistema completo para execução de uma votação digital segura. O sistema é baseado em um protocolo simples, porém completo, que utiliza técnicas criptográficas amplamente conhecidas. O protocolo é descrito gradativamente, e é provada a sua eficiência contra os ataques possíveis. O texto ainda apresenta alguns outros protocolos criados para esse mesmo propósito. Finalmente, é apresentado o protótipo de um sistema de software que emprega o protocolo considerado. / The role of the elections has grown of importance in the modern society. If it is necessary to guarantee the universalization of the vote, on the other hand it is basic to guarantee the quality and the correctness of the electoral process. In this direction, many works have been presented with the objective to use computational resources in the electoral process. Computers can facilitate to the access of the voters to the voting systems and processes, as also they speed up the verification of the results. However, computer networks are target of systematic attacks. These attacks can affect the availability of the process and, moreover, intervene with the results of the election or affect its fundamentals. To guarantee that the principles demanded for a safe election are respected is the purpose of the systems based on cryptographic protocols. Many proposals of systems have been made. Some use certain degree of functional obscurity as warranty against attacks; others use widely known techniques, even so with high degree of complexity. The present work presents the proposal of a complete system for execution of a secure digital voting. The system is based on a simple protocol, however complete, that uses widely known cryptographic techniques. The protocol is gradually described, and its efficiency against the possible attacksis proven. The text still presents some other protocols created for this same purpose. Finally, the prototype of a software system that uses the considered protocol is presented .

Criptografia

Voto eletrônico

Secure voting

Protocol

Cryptography

New Frameworks for Secure Image Communication in the Internet of Things (IoT)

Albalawi, Umar Abdalah S

08 1900

The continuous expansion of technology, broadband connectivity and the wide range of new devices in the IoT cause serious concerns regarding privacy and security. In addition, in the IoT a key challenge is the storage and management of massive data streams. For example, there is always the demand for acceptable size with the highest quality possible for images to meet the rapidly increasing number of multimedia applications. The effort in this dissertation contributes to the resolution of concerns related to the security and compression functions in image communications in the Internet of Thing (IoT), due to the fast of evolution of IoT. This dissertation proposes frameworks for a secure digital camera in the IoT. The objectives of this dissertation are twofold. On the one hand, the proposed framework architecture offers a double-layer of protection: encryption and watermarking that will address all issues related to security, privacy, and digital rights management (DRM) by applying a hardware architecture of the state-of-the-art image compression technique Better Portable Graphics (BPG), which achieves high compression ratio with small size. On the other hand, the proposed framework of SBPG is integrated with the Digital Camera. Thus, the proposed framework of SBPG integrated with SDC is suitable for high performance imaging in the IoT, such as Intelligent Traffic Surveillance (ITS) and Telemedicine. Due to power consumption, which has become a major concern in any portable application, a low-power design of SBPG is proposed to achieve an energy- efficient SBPG design. As the visual quality of the watermarked and compressed images improves with larger values of PSNR, the results show that the proposed SBPG substantially increases the quality of the watermarked compressed images. Higher value of PSNR also shows how robust the algorithm is to different types of attack. From the results obtained for the energy- efficient SBPG design, it can be observed that the power consumption is substantially reduced, up to 19%.

Secure Image Communication

Image Compression

IoT

Bezpečená komunikace mezi data loggerem a databazovým serverem / Secure communication between data logger and database server

Ferek, Matúš

January 2011

This work is aimed to analyze security risks of data transfer in Internet network and to design couple of possible solutions for securing communication between data logger and server for data processing. As a result, solution of securing this data communication by SSL layer was designed.

Rozšíření projektu Systemd-boot o podporu protokolu Secure Boot / Support of Secure Boot in Systemd-Boot Project

Sekletár, Michal

January 2016

The aim of this master thesis is to convey an ellaborate overview of Secure Boot, the technology used for an authentization during a platfrom boot up. Overview is followed by a description of contemporary implementations of Secure Boot found in the operating systems based on the Linux kernel. Finally, we propose a new implemenation of Secure Boot support in the systemd-boot project.

BIOS; systemd; X.509; UEFI; Secure Boot