Global ETD Search

91	Automatic Detection and Prevention of Fake Key Attacks in Signal Yadav, Tarun Kumar 19 December 2019 (has links) The Signal protocol provides end-to-end encryption for billions of users in popular instant messaging applications like WhatsApp, Facebook Messenger, and Google Allo. The protocol relies on an app-specific central server to distribute public keys and relay encrypted messages between the users. Signal prevents passive attacks. However, it is vulnerable to some active attacks due to its reliance on a trusted key server. A malicious key server can distribute fake keys to users to perform man-in-the-middle or impersonation attacks. Signal applications support an authentication ceremony to detect these active attacks. However, this places an undue burden on the users to manually verify each other's public key. Recent studies reveal that the authentication ceremony is time-consuming and confusing, and almost nobody adopts it. Our goal is to explore various approaches for automatically detecting or preventing fake key attacks. We modified a local copy of the Signal server to demonstrate that active attacks are feasible. We then designed three defenses that automatically detect or prevent the attacks. We completed a threat analysis of the defenses and implemented some proof-of-concept prototypes for two of them. We analyze their strengths and weaknesses and outline avenues for future work. Signal protocol authentication secure messaging Physical Sciences and Mathematics
92	Secure Session Mobility for VoIP Dzaferagic, Samir January 2008 (has links) High data rate wireless packet data networks have made real-time IP based services available through mobile devices. At the same time, differences in the characteristics of radio technologies (802.11/WiFi and 3G networks) make seamless handoff across heterogeneous wireless networks difficult. Despite this, many believe that the ultimate goal of next generation networks (often referred to as the fourth generation) is to allow convergence of such dissimilar heterogeneous networks. Supporting voice over Internet Protocol in next-generation wireless systems is thought by some to require support for mobility and quality of service features. Currently a mobile node can experience interruptions or even sporadic disconnections of an on going real-time session due to handovers between both networks of different types and networks of the same type. Many tests have already been done in this area and one may wonder why it is worth spending even more time investigating it? This thesis focuses on the important problem of providing session security despite handovers between networks (be they operated by the same operator or different operators and be they the same link technologies or different). One of the goals in this thesis is to investigate how an ongoing speech session can continue despite a change in transmission media1. Additionally, a number of security threats that could occur due to the handover will be identified and presented. Finally, the most suitable solution to address these threats will be tested in a real environment. Eventual shortcomings and weaknesses will be identified and presented; along with suggestions for future work. 1 When utilizing IP over carriers such as wired Ethernet, WLAN, and 3G. / Trådlösa hög-hastighets datanät har möjliggjort appliceringen av realtids tjänster på mobil utrustning över IP. Samtidigt har skillnaderna i de olika radioteknologierna (802.11/WiFi och 3G näten) introducerat nya problem med att upprätthålla trådlösa kommunikationen tvärs den heterogena trådlösa accessen. Många tror att slutmålet för nästa generations nätverk (ofta refererade som fjärde generationens nätverk) är att tillåta konvergensen av dessa olika heterogena nätverk. Stödet för Voice over Internet Protokollet (VoIP) i nästa generations trådlösa nät tror somliga kräver ett inslag av kombination mellan mobilitet samt upprätthållandet av kvaliteten. För närvarande kan den mobila noden (MN) råka ut för störningar och även sporadiska avbrott av en pågående realtidssessionen på grund av övergångar mellan samma eller olika typer av medier. Många tester har redan gjorts inom det här området och man kan fråga sig varför det är värt att lägga ner ännu mer tid på att undersöka det här? Det här examensarbetet fokuserar på det viktiga problemet som handlar om att kunna erbjuda sessions säkerhet trots övergångar mellan näten (oavsett om dessa drivs av samma eller olika operatörer samt oavsett om de är av samma eller olika nätverks typ). Ett av målen för det här examensarbetet är att undersöka hur en pågående talsession behålls vid byte av transmissionsmedia2. Vidare kommer olika säkerhetsaspekter och hot som kan tänkas uppstå vid bytet att identifieras och presenteras. Slutligen kommer den mest lämpade lösningen till problemet att testas i verklig miljö. Eventuella brister och svagheter kommer att identifieras och redovisas i slutet av rapporten tillsammans med förslag på framtida arbete. 2 Då man nyttjar IP bärare som trådbundet Ethernet, WLAN och 3G. Secure VoIP SIP Mobile IP Session Mobility Communication Systems Kommunikationssystem
93	A Smart and Interactive Edge-Cloud Big Data System Jake M Stauffer (10987104) 22 June 2021 (has links) <p>Data and information have increased exponentially in recent years. The promising era of big data is advancing many new practices. One of the emerging big data applications is healthcare. Large quantities of data with varying complexities have been leading to a great need in smart and secure big data systems. </p> <p>Mobile edge, more specifically the smart phone, is a natural source of big data and is ubiquitous in our daily lives. Smartphones offer a variety of sensors, which make them a very valuable source of data that can be used for analysis. Since this data is coming directly from personal phones, that means the generated data is sensitive and must be handled in a smart and secure way. In addition to generating data, it is also important to interact with the big data. Therefore, it is critical to create edge systems that enable users to access their data and ensure that these applications are smart and secure. As the first major contribution of this thesis, we have implemented a mobile edge system, called s<sup>2</sup>Edge. This edge system leverages Amazon Web Service (AWS) security features and is backed by an AWS cloud system. The implemented mobile application securely logs in, signs up, and signs out users, as well as connects users to the vast amounts of data they generate. With a high interactive capability, the system allows users (like patients) to retrieve and view their data and records, as well as communicate with the cloud users (like physicians). The resulting mobile edge system is promising and is expected to demonstrate the potential of smart and secure big data interaction.</p> <p>The smart and secure transmission and management of the big data on the cloud is essential for healthcare big data, including both patient information and patient measurements. The second major contribution of this thesis is to demonstrate a novel big data cloud system, s<sup>2</sup>Cloud, which can help enhance healthcare systems to better monitor patients and give doctors critical insights into their patients' health. s<sup>2</sup>Cloud achieves big data security through secure sign up and log in for the doctors, as well as data transmission protection. The system allows the doctors to manage both patients and their records effectively. The doctors can add and edit the patient and record information through the interactive website. Furthermore, the system supports both real-time and historical modes for big data management. Therefore, the patient measurement information can, not only be visualized and demonstrated in real-time, but also be retrieved for further analysis. The smart website also allows doctors and patients to interact with each other effectively through instantaneous chat. Overall, the proposed s<sup>2</sup>Cloud system, empowered by smart secure design innovations, has demonstrated the feasibility and potential for healthcare big data applications. This study will further broadly benefit and advance other smart home and world big data applications. </p> Computer Engineering Cloud Smart Cloud Secure Cloud Big Data
94	Studies in incoercible and adaptively secure computation Poburinnaya, Oxana 05 November 2020 (has links) Despite being a relatively young field, cryptography taught us how to perform seemingly-impossible tasks, which now became part of our everyday life. One of them is secure multiparty computation (MPC), which allows mutually distrustful parties to jointly perform a computation on their private inputs, so that each party only learns its prescribed output, but nothing else. In this work we deal with two longstanding challenges of MPC: adaptive security and deniability (or, incoercibility). A protocol is said to be adaptively secure, if it still guarantees security for the remaining honest parties, even if some parties turn dishonest during the execution of the protocol, or even after the execution. (In contrast, statically secure protocols give security guarantees only when the set of dishonest parties is fixed before the execution starts.) While adaptive security threat model is often more realistic than the static one, there is a huge gap between efficiency of statically and adaptively secure protocols: adaptively secure protocols often require more complicated constructions, stronger assumptions, and more rounds of interaction. We improve in efficiency over the state of the art in adaptive security for a number of settings, including the first adaptively secure MPC protocol in constant number of rounds, under assumptions comparable to those of static protocols (previously known protocols required as many rounds of interaction as the depth of the circuit being computed). The second challenge we deal with is providing resilience in the situation where an external coercer demands that participants disclose their private inputs and all their secret keys - e.g. via threats, bribe, or court order. Deniable (or, incoercible) protocols allow coerced participants to convincingly lie about their inputs and secret keys, thereby still maintaining their privacy. While the concept was proposed more than twenty years ago, to date secure protocols withstanding coercion of all participants were not known, even for the simple case of encryption. We present the first construction of such an encryption scheme, and then show how to combine it with adaptively secure protocols to obtain the first incoercible MPC which withstands coercion of all parties. Computer science Cryptography Deniable encryption Secure multiparty computation Security
95	Exécutions de requêtes respectueuses de la vie privée par utilisation de composants matériels sécurisés / Privacy-Preserving Query Execution using Tamper Resistant Hardware To, Quoc-Cuong 16 October 2015 (has links) Les applications actuelles, des systèmes de capteurs complexes (par exemple auto quantifiée) aux applications de e-commerce, acquièrent de grandes quantités d'informations personnelles qui sont habituellement stockées sur des serveurs centraux. Cette quantité massive de données personnelles, considéré comme le nouveau pétrole, représente un important potentiel pour les applications et les entreprises. Cependant, la centralisation et le traitement de toutes les données sur un serveur unique, où elles sont exposées aux indiscrétions de son gestionnaire, posent un problème majeur en ce qui concerne la vie privée.Inversement, les architectures décentralisées aident les individus à conserver le plein de contrôle sur leurs données, toutefois leurs traitements en particulier le calcul de requêtes globales deviennent complexes.Dans cette thèse, nous visons à concilier la vie privée de l'individu et l'exploitation de ces données, qui présentent des avantages manifestes pour la communauté (comme des études statistiques) ou encore des perspectives d'affaires. Nous promouvons l'idée de sécuriser l'acquisition des données par l'utilisation de matériel sécurisé. Grâce à ces éléments matériels tangibles de confiance, sécuriser des protocoles d'interrogation distribués permet d'effectuer des calculs globaux, tels que les agrégats SQL, sans révéler d'informations sensibles à des serveurs centraux.Cette thèse étudie le sous-groupe de requêtes SQL sans jointures et montre comment sécuriser leur exécution en présence d'attaquants honnêtes-mais-curieux. Cette thèse explique également comment les protocoles d'interrogation qui en résultent peuvent être intégrés concrètement dans une architecture décentralisée. Nous démontrons que notre approche est viable et peut passer à l'échelle d'applications de la taille d'un pays par un modèle de coût et des expériences réelles sur notre prototype, SQL/AA. / Current applications, from complex sensor systems (e.g. quantified self) to online e-markets acquire vast quantities of personal information which usually end-up on central servers. This massive amount of personal data, the new oil, represents an unprecedented potential for applications and business. However, centralizing and processing all one's data in a single server, where they are exposed to prying eyes, poses a major problem with regards to privacy concern.Conversely, decentralized architectures helping individuals keep full control of their data, but they complexify global treatments and queries, impeding the development of innovative services.In this thesis, we aim at reconciling individual's privacy on one side and global benefits for the community and business perspectives on the other side. It promotes the idea of pushing the security to secure hardware devices controlling the data at the place of their acquisition. Thanks to these tangible physical elements of trust, secure distributed querying protocols can reestablish the capacity to perform global computations, such as SQL aggregates, without revealing any sensitive information to central servers.This thesis studies the subset of SQL queries without external joins and shows how to secure their execution in the presence of honest-but-curious attackers. It also discusses how the resulting querying protocols can be integrated in a concrete decentralized architecture. Cost models and experiments on SQL/AA, our distributed prototype running on real tamper-resistant hardware, demonstrate that this approach can scale to nationwide applications. Confidentialité Matériel sécurisé Protocole Privacy Secure hardware Protocol
96	INFRASTRUCTURE-FREE SECURE PAIRING OF MOBILE DEVICES Liu, Chunqiu 07 November 2016 (has links) Mobile devices have advanced tremendously during the last ten years and have changed our daily life in various ways. Secure pairing of mobile devices has become a significant issue considering the huge quantity of active mobile device connections and mobile traffic. However, current commonly used file sharing mobile applications rely on servers completely that are always targeted by attackers. In this thesis work, an innovative mechanism is proposed to generate symmetric keys on both mobile devices independently from a shared movement in arbitrary pattern, which means no server needs to be involved and no data exchange needed. A secret wireless-communication channel can then be established with a particular network strategy. Mobile devices secure pairing features extraction Digital Communications and Networking
97	Secure device-to-device communication in LTE-A Alam, M., Yang, D., Rodriguez, Jonathan, Abd-Alhameed, Raed 04 1900 (has links) No / Enabling D2D communications over LTE-A networks can provide many benefits in terms of throughput, energy consumption, traffic load, and so on. It also enables new commercial services such as location-based advertising. For these reasons, D2D communications has become a hot topic in both the academic and industrial communities. However, many research works are focused on node discovery, radio resource management, and other aspects, while the issue of security is less addressed. In this article, we intend to provide an overview of the security architecture, threads, and requirements. Based on these requirements, we propose several potential solutions by reusing the existing security mechanisms. Promising topics related to secure D2D communications for future research are also discussed. Secure device-to-device communication D2D LTE-A networks
98	Secure Identification in Social Wireless Networks Nawaz, Omer January 2011 (has links) The applications based on social networking have brought revolution towards social life and are continuously gaining popularity among the Internet users. Due to the advanced computational resources offered by the innovative hardware and nominal subscriber charges of network operators, most of the online social networks are transforming into the mobile domain by offering exciting applications and games exclusively designed for users on the go. Moreover, the mobile devices are considered more personal as compared to their desktop rivals, so there is a tendency among the mobile users to store sensitive data like contacts, passwords, bank account details, updated calendar entries with key dates and personal notes on their devices. The Project Social Wireless Network Secure Identification (SWIN) is carried out at Swedish Institute of Computer Science (SICS) to explore the practicality of providing the secure mobile social networking portal with advanced security features to tackle potential security threats by extending the existing methods with more innovative security technologies. In addition to the extensive background study and the determination of marketable use-cases with their corresponding security requirements, this thesis proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have implemented an initial prototype using PHP Socket and OpenSSL library to simulate the secure identification procedure based on the proposed design. The design is in compliance with 3GPP’s Generic Authentication Architecture (GAA) and our implementation has demonstrated the flexibility of the solution to be applied independently for the applications requiring secure identification. Finally, the thesis provides strong foundation for the advanced implementation on mobile platform in future. Secure Identification Internet Security GBA UICC Computer Sciences Datavetenskap (datalogi)
99	A Novel Multiple Access Quantum Key Distribution Network for Secure Communication. An Investigation into The Use of Laws of Quantum Physics And Communication Protocols To Enable Multiple Clients To Exchange Quantum Keys In A Lan Environment For Secure Communication Saleem, Faisal January 2019 (has links) Every business and household rely on internet in this day and age. We are using electronic devices connected to the Internet. These devices are generating a considerable amount of data, which is usually transmitted using public/insecure communication channels. On the one hand, the technological advancement of universal connectivity brought so much ease for humans’ race in business, shopping, and financial transactions. The rapid pace of this technological advancement also introduced several concerns in terms of the security and secrecy of data. Security researchers developed several encryption algorithms that are in use to ensure the safety and confidentiality of data. The mathematical difficulty of prime factorisation is the fundamental element of modern encryption algorithms, and they require a considerable amount of processing power to reverse engineer (or break) these algorithms. Scientists and government agencies are trying to build quantum computers to solve some complex problems. These problems include prime factorisation of large numbers, a critical factor in the field of cryptography. Quantum computers are much more potent because of their nature. It processes information by using laws of quantum. The successful development of quantum computers will pit the security and secrecy of our data at risk because it is trivial for the quantum computer to break the currently used encryption algorithms. Bearing this in mind, Research have started working on systems that will provide secure communications in the age of quantum computing. Considering the importance of quantum physics-based communication systems, we have some working examples of these systems, which are called quantum key distribution systems (QKD). These system uses quantum physics to transmit quantum states from one party to another. In case of the presence of Eavesdropping, the whole system will be disturbed, letting both parties know the existence of eve. QKD systems have some success and have different protocols, but until now, they have a very long way to go. When these systems are mature enough, they will require to work with current internet infrastructure, which is very costly and brings so much complexity to the network that it will not be feasible to implement. This thesis proposes a Multiple Access QKD Network integrated with Internet infrastructure to addresses these issues of Secure Communication. The system proposed in this thesis takes existing protocols of data communication, QKD, along with hardware architecture of communication devices. A QKD based client and network switch have been designed and developed along with its operating system to enable multi-access communication in the LAN environment. A simulation model of the model proposed in this thesis has been by using OMNet++ simulation framework to test and evaluate the viability of this model. The proposed QKD mechanism will reduce the complexity for network administrators, reduce the cost of implementation for businesses, and ensure the secrecy and security of the data even in the age of quantum computing. Quantum Key Distribution (QKD) Network Security Secure communications
100	Private data querying in the precomputation model Li, Boyang 15 August 2011 (has links) No description available. Computer Science Private Data Querying Secure Two-party Computation Precomputation

Search results