A model to prepare and secure an implementation of a performance measurement system : A case study

Wieslander, Ida

January 2008

<p>What you do not measure you cannot control and what you do not control you cannot improve, implies that measurement is a pre-requisite for improvements. Especially for Small and Medium Sized Enterprises (SME) an implementation of a Performance Measurement System is mostly critical in terms of the fact that SMEs often is restricted of limited resources, lack of strategic thinking, lack of formal planning, as well as a reactive mentality. A model to prepare and secure an implementation of a performance measurement system at SMEs, has been developed, tested and validated through a single case study at a small enterprise, that is a well-renowned refiner of castings. The model is constituted by phases and steps supporting the advantages as well as over bridges the most common disadvantages for SMEs. The significant advantages on behalf of SMEs; loose structure, informal operating practices and lack of bureaucracy are reinforced by integrating the project and especially the output such as specification of requirements, new routines, improvement groups and forums within the organisation and in turn over bridge the disadvantages of limited resources and lack of formal planning. Identification and prioritisation of strategic objectives is the first step and creates a foundation of a continuous strategic thinking, which often SMEs are lacking, and in turn navigate the company in the right direction in order to maximise the utilisation of resources and consequently increase the profitability.</p> / <p>Vad som inte mäts kan inte kontrolleras och vad som inte kontrolleras kan inte förbättras, indikerar att mätning är en förutsättning för att åstadkomma förbättringar. Implementation av ett driftsuppföljningssystem är särskilt kritiskt på ett små och medelstora företag (SMEs) då dessa ofta är hindrade av begränsade resurser, bristfälligt strategiskt tänkande, otillräcklig formell planering, men även av en reaktiv mentalitet. En modell för att förbereda och säkra en implementation av ett driftsuppföljningssystem har utvecklats, testats och validerats genom en enskild fallstudie på ett mindre företag som bearbetar gjutgods. Modellen består av faser och steg som stödjer fördelarna med SMEs, men samtidigt överbrygger de vanligaste negativa kännetecken för SMEs. Fördelarna; lös struktur, informella operativa aktiviteter och brist på byråkrati är förstärkta genom att integrera projektet och speciellt resultaten såsom kravspecifikation, nya rutiner, förbättringsgrupper och forums i organisationen and därmed även överbrygga nackdelarna såsom begränsade resurser och bristfällig formell planering. Identifikation och prioritering av de strategiska målen är det första steget i modell för att skapa en grund för ett ständigt strategiskt tänkande, som ofta är bristfälligt på SMEs, och till följd därav styra företaget i rätt riktning och därmed maximera utnyttjandet av befintliga resurser och följaktligen öka lönsamheten.</p>

Prepare

Secure

Implementation

Performance Measurement System

SME

Case Study

A HIGHLY RELIABLE NON-VOLATILE FILE SYSTEM FOR SMALL SATELLITES

Nimmagadda, Rama Krishna

01 January 2008

Recent Advancements in Solid State Memories have resulted in packing several Giga Bytes (GB) of memory into tiny postage stamp size Memory Cards. Of late, Secure Digital (SD) cards have become a de-facto standard for all portable handheld devices. They have found growing presence in almost all embedded applications, where huge volumes of data need to be handled and stored. For the very same reason SD cards are being widely used in space applications also. Using these SD Cards in space applications requires robust radiation hardened SD cards and Highly Reliable Fault Tolerant File Systems to handle them. The present work is focused on developing a Highly Reliable Fault Tolerant SD card based FAT16 File System for space applications.

Secure Digital (SD)

Multi Media Card (MMC)

Fault Tolerant

File System

File Allocation Table (FAT)

Electrical and Computer Engineering

Efficient Authentication, Node Clone Detection, and Secure Data Aggregation for Sensor Networks

Li, Zhijun

January 2010

Sensor networks are innovative wireless networks consisting of a large number of low-cost, resource-constrained sensor nodes that collect, process, and transmit data in a distributed and collaborative way. There are numerous applications for wireless sensor networks, and security is vital for many of them. However, sensor nodes suffer from many constraints, including low computation capability, small memory, limited energy resources, susceptibility to physical capture, and the lack of infrastructure, all of which impose formidable security challenges and call for innovative approaches. In this thesis, we present our research results on three important aspects of securing sensor networks: lightweight entity authentication, distributed node clone detection, and secure data aggregation. As the technical core of our lightweight authentication proposals, a special type of circulant matrix named circulant-P2 matrix is introduced. We prove the linear independence of matrix vectors, present efficient algorithms on matrix operations, and explore other important properties. By combining circulant-P2 matrix with the learning parity with noise problem, we develop two one-way authentication protocols: the innovative LCMQ protocol, which is provably secure against all probabilistic polynomial-time attacks and provides remarkable performance on almost all metrics except one mild requirement for the verifier's computational capacity, and the HB$^C$ protocol, which utilizes the conventional HB-like authentication structure to preserve the bit-operation only computation requirement for both participants and consumes less key storage than previous HB-like protocols without sacrificing other performance. Moreover, two enhancement mechanisms are provided to protect the HB-like protocols from known attacks and to improve performance. For both protocols, practical parameters for different security levels are recommended. In addition, we build a framework to extend enhanced HB-like protocols to mutual authentication in a communication-efficient fashion. Node clone attack, that is, the attempt by adversaries to add one or more nodes to the network by cloning captured nodes, imposes a severe threat to wireless sensor networks. To cope with it, we propose two distributed detection protocols with difference tradeoffs on network conditions and performance. The first one is based on distributed hash table, by which a fully decentralized, key-based caching and checking system is constructed to deterministically catch cloned nodes in general sensor networks. The protocol performance of efficient storage consumption and high security level is theoretically deducted through a probability model, and the resulting equations, with necessary adjustments for real application, are supported by the simulations. The other is the randomly directed exploration protocol, which presents notable communication performance and minimal storage consumption by an elegant probabilistic directed forwarding technique along with random initial direction and border determination. The extensive experimental results uphold the protocol design and show its efficiency on communication overhead and satisfactory detection probability. Data aggregation is an inherent requirement for many sensor network applications, but designing secure mechanisms for data aggregation is very challenging because the aggregation nature that requires intermediate nodes to process and change messages, and the security objective to prevent malicious manipulation, conflict with each other to a great extent. To fulfill different challenges of secure data aggregation, we present two types of approaches. The first is to provide cryptographic integrity mechanisms for general data aggregation. Based on recent developments of homomorphic primitives, we propose three integrity schemes: a concrete homomorphic MAC construction, homomorphic hash plus aggregate MAC, and homomorphic hash with identity-based aggregate signature, which provide different tradeoffs on security assumption, communication payload, and computation cost. The other is a substantial data aggregation scheme that is suitable for a specific and popular class of aggregation applications, embedded with built-in security techniques that effectively defeat outside and inside attacks. Its foundation is a new data structure---secure Bloom filter, which combines HMAC with Bloom filter. The secure Bloom filter is naturally compatible with aggregation and has reliable security properties. We systematically analyze the scheme's performance and run extensive simulations on different network scenarios for evaluation. The simulation results demonstrate that the scheme presents good performance on security, communication cost, and balance.

wireless sensor networks

security protocols

efficient entity authentication

node clone detection

secure data aggregation

homomorphic primitives

Electrical and Computer Engineering

An Electronic Money Model For Micropayments

Chouseinoglou, Oumout

01 February 2004

This research first defines money and lists its functions and properties. Among these properties, the anonymity and off-line capability of money are pointed out. Then the history of money is briefly discussed, to show that money has evolved similarly to the Lamarckian evolution of species. The examination of the history of money helps us justify why electronic money is necessary, and to point out that money will continuously evolve towards Pure Money. The definition of electronic money conducted afterwards, draws the lines within which the model will be proposed. The proposed model is formally constructed and evaluated accordingly with the use of micropayment evaluation frameworks. The model is a hardware based model considering as baseline smart cards with secure co-processors, and allows transactions with cross-challenging. The model is evaluated with respect to technologic, social and economic dimensions, and taking into account the associated computational and storage costs.

QA Computer Software 76.75-76.765

Chaotic Digital Modulation And Demodulation

Ozturk, Uygar

01 December 2005

This thesis considers a communication system with chaotic modulation. Noise-like signals are generated by chaotic systems with different parameters to modulate binary digital signals. Demodulation is performed by both the Extended Kalman Filter (EKF) and Optimum Decoding Based Smoothing Algorithm (ODSA). Simulations are performed using both of these algorithms for different parameters affecting the performance of the communication system. Simulation results of these algorithms are compared.

Analysis and Design of Secure Sealed-Bid Auction

Peng, Kun

January 2004

Auctions have a long history and are an effective method to distributed resources. In the era of Internet and e-commerce, electronic sealed-bid auction play an important role in business. However, it is a risk to run a sealed-bid auction through the Internet, which is an open and unreliable environment. There are many security concerns about correctness and fairness of the auction and privacy of the bidders in electronic sealed-bid auctions. Cryptology seems to be the only security solution for electronic sealed-bid auction. On the other hand, a practical electronic sealed-bid auction scheme must be efficient. So efficient application of cryptographic tools to electronic sealed-bid auction is the focus of this thesis. Firstly, security requirements of sealed-bid auctions are surveyed. The auction result must be determined correctly according to the submitted bids and the pre-defined auction rule. The bidders must compete with each other in a fair play and none of them can take advantage of others. The auction must be publicly verifiable, so that the auction result is acceptable by everyone. Usually, a losing bidder hopes to keep his bid secret, so the losing bids should be kept secret. In different applications, different auction rules may be applied. So, to avoid a tie, a large number of biddable prices must be accepted in some applications. Secondly, the currently known sealed-bid auction schemes are classified. In recent years, many sealed-bid auction schemes based on various cryptographic primitives have been proposed. Nearly all of them can be classified into five models. In the Model 1, each bid is known to the auctioneers, who can find the winning bid and winner very efficiently. Bid privacy is not implemented in Model 1. In Model 2 homomorphic bid opening is employed, so that the winning bid and winner can be found while the losing bids are kept secret. In Model 3 very strong bid privacy is achieved through a Dutch-style bid opening, which is highly inefficient. In Model 4, the link between the bids and bidders instead of confidentiality of the bids is kept secret. This kind of confidentiality is weaker than normal bid privacy and called relative bid privacy in this thesis. (Complete confidentiality of the bids in the end of the auction is called absolute bid privacy.) Implementation of relative bid privacy can be very efficient if an efficient anonymous channel can be constructed. Model 5 uses secure evaluation to open the bids and find the auction result and makes it possible to achieve absolute bid privacy efficiently. Three main cryptographic primitives are explored and employed to design new auction schemes in four auction models. The first tool is batch verification, which can improve computational efficiency in auction schemes. The second is mix network, which can be used to implement anonymous channels in Model 4 and Model 5. Two new efficient mix networks are designed and used in Model 2, Model 4 and Model 5. The third is secure evaluation, which is employed in two new auction schemes in Model 5 to achieve strong bid privacy efficiently. Other cryptographic primitives employed in the auction schemes include efficient 1-out-of-w oblivious transfer in Model 2 and key chain in Model 3. Five new auction schemes are proposed. The first scheme in Model 2 batch verifies bid validity to improve efficiency. The second scheme optimises the key chain used in Model 3 to obtain a more advanced auction scheme. The third scheme implements a concrete anonymous channel in Model 4 for the first time and achieves relative bid privacy and high efficiency convincingly. The last two employ new secure evaluation techniques to achieve absolute bid privacy and high efficiency. With these five new auction schemes, better solutions are achieved in various auction applications.

Electronic Sealed-Bid Auction

Bid Privacy

Relative Bid Privacy

Batch Verification

Mix Network

Secure Evaluation

High Efficiency

Μεθοδολογία και υλοποίηση secure hash αλγορίθμων σε FPGA

Εμερετλής, Ανδρέας

24 October 2012

Οι κρυπτογραφικές συναρτήσεις κατακερματισμού αποτελούν στις μέρες μας ένα από τα δημοφιλέστερα συστατικά των κρυπτογραφικών συστημάτων, λόγω των ιδιαίτερων ιδιοτήτων τους. Λαμβάνοντας υπόψη τη συνεχή αύξηση του όγκου δεδομένων και των ταχυτήτων επικοινωνίας, η χρήση μιας συνάρτησης κατακερματισμού με χαμηλή ρυθμοαπόδοση μπορεί να επιβραδύνει το συνολικό ψηφιακό τηλεπικοινωνιακό σύστημα. Ο σχεδιασμός ενός δεδομένου αλγορίθμου κατακερματισμού ώστε να έχει τη βέλτιστη ρυθμοαπόδοση αποτελεί ζήτημα μεγάλης σημασίας. Στη συγκεκριμένη διπλωματική εργασία παρουσιάζεται μια μεθοδολογία σχεδιασμού με στόχο τη βέλτιστη ρυθμοαπόδοση κρυπτογραφικών αλγορίθμων που βασίζονται σε συγκεκριμένη επαναληπτική μορφή. Για το σκοπό αυτό αναπτύχθηκε ένα λογισμικό, που συνδυάζει δύο τεχνικές, τον επαναχρονισμό και την ξεδίπλωση, παράγοντας το βέλτιστο σχεδιαστικό αποτέλεσμα. Η μεθοδολογία εφαρμόστηκε σε δύο δημοφιλείς συναρτήσεις κατακερματισμού, τις SHA-1 και SHA-256. Οι μετασχηματισμένοι αλγόριθμοι συνθέθηκαν και υλοποιήθηκαν σε FPGA, επιβεβαιώνοντας την αποτελεσματικότητα της μεθόδου. / Nowadays, cryptographic hash functions are one of the most popular primitive components in the cryptographic systems, due to their key features. Considering that data sizes and communication speeds are increasing every year, the use of a hash algorithm with low throughput can be a bottle neck in the digital communication system. Designing a given hash algorithm to be throughput optimum is a critical issue. In this diploma thesis a design methodology is presented which oprimizes the throughput of cryptographic hash functions that rely on a specific iterative structure. For this purpose, a software was designed combining two techniques, retiming and unfolding, that generates the optimal throughput design. The methodology was applied to two popular hash algorithms, SHA-1 and SHA-256. The transformed algorithms were synthesized and implemented in a FPGA device, confirming its effectiveness.

Κρυπτογραφία

005.8

Cryptography

Hush functions

Field-programmable gate array (FPGA)

Secure Hash Algorithm (SHA)

SHA-1

SHA-256

Fast Actively Secure OT Extension for Short Secrets

Ajith, S

January 2017

Oblivious Transfer (OT) is one of the most fundamental cryptographic primitives with wide-spread application in general secure multi-party computation (MPC) as well as in a number of tailored and special-purpose problems of interest such as private set intersection (PSI), private information retrieval (PIR), contract signing to name a few. Often the instantiations of OT require prohibitive communication and computation complexity. OT extension protocols are introduced to compute a very large number of OTs referred as extended OTs at the cost of a small number of OTs referred as seed OTs. We present a fast OT extension protocol for small secrets in active setting. Our protocol when used to produce 1-out-of-n OTs outperforms all the known actively secure OT extensions. Our protocol is built on the semi-honest secure extension protocol of Kolesnikov and Kumaresan of CRYPTO'13 (referred as KK13 protocol henceforth) which is the best known OT extension for short secrets. At the heart of our protocol lies an efficient consistency checking mechanism that relies on the linearity of Walsh-Hadamard (WH) codes. Asymptotically, our protocol adds a communication overhead of O( log ) bits over KK13 protocol irrespective of the number of extended OTs, where and refer to computational and statistical security parameter respectively. Concretely, our protocol when used to generate a large enough number of OTs adds only 0:011-0:028% communication overhead and 4-6% runtime overhead both in LAN and WAN over KK13 extension. The runtime overheads drop below 2% when in addition the number of inputs of the sender in the extended OTs is large enough. As an application of our proposed extension protocol, we show that it can be used to obtain the most efficient PSI protocol secure against a malicious receiver and a semi-honest sender.

Fast Oblivious Transfer Application

Secure Multi-Party Computation

Walsh-Hadamard Codes

KK13 Protocol

OT Extension Protocol

Short Secrets

Computer Science

Maternal Secure Base Scripts’ socio demographic predictive variables / Factores sociodemográficos explicativos del guion de base segura materno / Fatores sócio-demográficos explicativos do script de base segura materno

Nóblega, Magaly, Traverso, Pierina, Ugarte, Andrea, Caballero, Luciana

18 July 2017

This study evaluates the predictive capacity of sociodemographic variables of the mother over the level of maternal secure base scripts. The participants were 83 mothers from 15 to 45 years old (M = 24.72, SD = 8.70).The level of maternal secure base was evaluated through the Narratives of Adult Attachment (Waters & Waters, 2006). The results show that the participants do not have an adequate level of secure base script. It was found that interaction between the age of the mother and the educational attainment level, partly explains the level of the maternal secure base script (R2 = .19). The protector role of the level of educational attainment for older mothers to have a higher level of secure base scripts isproposed. / Este estudio evalúa la capacidad predictiva de variables sociodemográficas de la madre sobre sus guiones de base segura. Participaron 83 madres de 15 a 45 años de edad (M =24.72, DE = 8.70). El nivel de base segura materno fue evaluado a través de las Narrativas de Apego Adulto (Waters & Waters, 2006). Los resultados muestran que las participantes no cuentan con un adecuado nivel de base segura. Se encontró que la interacción entre la edad y el nivel de instrucción materno explica en parte el nivel de base segura de las madres (R2 =.19). Se postula el rol protector del nivel de instrucción para que las madres mayores, tengan un mayor nivel de base segura en sus guiones. / Esta pesquisa avalia a capacidade preditiva das variáveis sócio-demográficas da mãe, a partir de seu script de base segura. Participaram 83 mães com idades entre 15 e 45 anos (M = 24.72, DE = 8.70). O nível de script de base segura materno foi avaliado através das Narrativas de Apego Adulto (Waters & Waters, 2006). Os resultados mostram que as participantes não apresentam um nível adequado de base segura. Encontrou-se que a interação entre idade e grau de instrução da mãe explica, em parte, o nível de base segura das mães (R2 = .19). Propõe-se que um grau de instrução maior constituiria um papel protetor nas mães mais velhas, para elas apresentarem maior nível de base segura nos seus scripts.

Secure Base Script

Age

Educational Attainment Level

Guión De Base Segura

Edad

Nivel Educativo

Script De Base Segura

Idade

Educação

Utilizando o protocolo Bitcoin para condução de computações multilaterais seguras e justas

OLIVEIRA FILHO, Márcio Barbosa de

02 February 2016

Submitted by Irene Nascimento (irene.kessia@ufpe.br) on 2016-06-22T17:04:20Z No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Utilizando o Protocolo Bitcoin para Condução de Computações Multilaterais Seguras e Justas.pdf: 1665447 bytes, checksum: 2ff437be55e080c80d97e0d6582cb360 (MD5) / Made available in DSpace on 2016-06-22T17:04:20Z (GMT). No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Utilizando o Protocolo Bitcoin para Condução de Computações Multilaterais Seguras e Justas.pdf: 1665447 bytes, checksum: 2ff437be55e080c80d97e0d6582cb360 (MD5) Previous issue date: 2016-02-02 / Suponha que dois milionários desejam descobrir quem é o mais rico sem que, para isso, um descubra o valor da fortuna do outro. Esse problema pode ser facilmente resolvido se ambos concordarem sobre um juiz a quem eles possam confiar a tarefa de calcular a resposta sem quebrar a privacidade de nenhum dos dois. O desafio, no entanto, é substituir esse juiz por uma interação multilateral, ou protocolo, que alcance o mesmo grau de segurança. Isso significa conduzir uma computação multilateral segura. Esse exemplo é conhecido como o problema dos milionários de Yao e foi proposto por Andrew Yao em um dos primeiros esforços para desenvolver uma forma geral de se conduzir computações multilaterais seguras. Desde lá, na década de 1980, vários avanços foram feitos nesse sentido e, hoje, já é um resultado bem estabelecido que qualquer função multilateral pode ser computada de maneira segura. Esse importante resultado, no entanto, vem com uma importante ressalva: a justiça não pode ser alcançada de maneira geral. Entende-se por justiça a garantia de que, no final de uma computação, ou todos os participantes recebem suas respostas ou nenhum deles recebe. Motivadas por esse resultado de impossibilidade, várias definições alternativas de justiça foram concebidas. Uma delas considera uma computação como sendo justa se os participantes que agirem desonestamente forem monetariamente penalizados. Ou seja, se alguns participantes receberem o resultado da computação e privarem os demais de receberem, então esse conluio é penalizado e os demais participantes, compensados. Com essa definição, uma computação justa pode ser vista como o cumprimento de um contrato, no qual cada participante se compromete a agir honestamente ou a pagar uma multa. Sob essa perspectiva, trabalhos recentes mostram como criptomoedas podem ser utilizadas para escrever esses contratos e, portanto, servir para condução de computações multilaterais seguras e monetariamente justas. Uma criptomoeda é um sistema monetário que se baseia em princípios criptográficos para alcançar segurança e controlar a taxa de emissão de novas moedas. O Bitcoin, criado em 2008 por Satoshi Nakamoto, foi a primeira realização dessa ideia. Ele se baseia em uma estrutura de dados pública chamada blockchain, que armazena o histórico de todas as transações já realizadas. A segurança da blockchain, incluindo sua não-maleabilidade, é garantida pela dificuldade da prova de trabalho exigida para que novas informações sejam adicionadas nessa estrutura. Cada transferência de moedas no Bitcoin é feita de maneira que um usuário só pode recebê-las mediante a apresentação de uma entrada que satisfaça um script especificado pelo remetente. Contratos escritos através desses scripts se fazem cumprir sem a necessidade de intervenção de uma parte confiável externa. Essa característica é o que faz o Bitcoin ser adequado e atrativo para se conferir justiça para computações multilaterais seguras. Um dos nossos objetivos neste trabalho é a realização de um estudo sobre os resultados que permitem a computação segura de uma função qualquer e dos que estabelecem a impossibilidade de se alcançar justiça de maneira geral. Tentaremos manter o rigor matemático para evitar uma apresentação estritamente panorâmica. Além disso, analisaremos criticamente uma construção proposta para utilizar o Bitcoin como plataforma para condução de computações multilaterais seguras e justas. Por fim, a partir dos pontos positivos e negativos levantados, apresentaremos uma proposta nossa com a mesma finalidade. / Suppose that two millionaires want to find out which one is the richest, but without revealing how much their fortunes are worth in the process. This problem can be easily solved if they trust a judge to compute the desired answer without compromising their privacy. The challenge, however, is to replace such a judge by a multiparty interaction, or protocol, that achieves the same level of security. That is, the challenge is to carry out a secure multiparty computation. The previous example is known as Yao’s millionaires’ problem and was stated by Andrew Yao in one of the first efforts to develop a general algorithm to carry out secure multiparty computations. Since then, in the 1980s, several advances were made to achieve this goal and, nowadays, it is a well-established result that any multiparty function can be securely computed. This important result, however, comes with an important restriction: fairness cannot be achieved in general. Fairness is the guarantee that, at the end of a computation, either all parties receive their outputs or none of them does. Motivated by this impossibility, several alternative definitions of fairness have been proposed. One of them considers a computation to be fair if the dishonest parties are monetarily penalized and the honest ones are monetarily compensated. According to this definition, a fair computation can be viewed as the enforcement of a contract, in which the parties agree on paying a penalty if they misbehave. Recent works have shown how cryptocoins can be used to write those contracts and, therefore, to be used for carrying out secure and monetarily fair multiparty computations. A cryptocoin is a monetary system that relies on cryptographic principles for achieving security and controlling the coin issuing rate. Bitcoin, created in 2008 by Satoshi Nakamoto, was the first practical realization of this idea. In its core, there is a publicly maintained data structure called blockchain, which works as a ledger and stores every transaction ever made. The security of the blockchain, including its non-malleability, is guaranteed by the difficulty of the proof of work required to add new data to it. A Bitcoin transaction can only be redeemed by a user that presents an input satisfying a script specified by the issuer of the transaction. Contracts written on these scripts are enforced without an external trusted third-party to intervene. This makes Bitcoin suitable and interesting to confer monetary fairness to multiparty computations. One of the goals of this work is to present the results that allow any function to be securely computed and the ones that show the impossibility of achieving fairness in general. We will try to present these results with the appropriate mathematical rigor to avoid giving just an overview of them. We will also analyze a recently proposed construction that uses Bitcoin as a platform to carry out fair multiparty computations. Finally, based on its positive and negative points, we will propose a construction with the same goal.