Global ETD Search

141	Analysing Malicious Code: : Dynamic Techniques Haukli, Lars January 2007 (has links) This report starts out discussing a framework for building an API monitoring system. In such a system, malicious code can be run, and its actions can be taken notice of. I look into different analysis tools for stuctural analysis, and API monitoring tools. I will also discuss dynamic analysis using a debugger, and anti-debugging techniques used by modern malware. When using a debugger, API hooking can be implemented using brakepoints as well. In any case, we will need an isolated environment. The best candidate for this is virtual machines. I will look at different ways of controlling a virtual guest from a host system. On VMware, we can use both normal networking interfaces, and a backdoor, which is really an i/o port. I will also look into techniques for detecting virtual machines, and some counter-techniques. Packing mechanisms and ways to undo them is central to malware analysis. In this paper I have unpacked and analysed several samples of the Storm Bot, which is packed using UPX. Additionally, the APIs used by Storm has been determined. Dynamic analysis can be based on API usage. Scripting VMware is a central part of the last chapter. I will demonstrate several ways of doing this. It seems this can be a good foundation for building automated analysis solutions. I will also discuss the PaiMei framework which integrates the most useful analysis tools, and can work as a framework for building programs that automate the process of malware analysis. A report on malware analysis would not be complete without viral code. Cermalus is a recently released virus, which assembly source code has been included in the appendix. The source is well commented, and clearly states what the different routines are used for. You will find many of the terms used in these comments explained throughout this report. ntnudaim SIE7 kommunikasjonsteknologi Telematikk
142	Cooperation through pheromone sharing in swarm routing Kjeldsen, Vebjørn January 2007 (has links) Traditional routing protocols build routing tables that are optimized on one parameter only, this parameter is typically hop counts. With the introduction of new requirements, brought forth by a wide range of communication intensive, real-time multimedia applications, more sophisticated routing techniques are required. However, computing routes subject to different requirements and in environments with changing traffic patterns and network topologies, is often computationally excessive and the problems are frequently NP hard. Swarm based algorithms, inspired by the foraging behavior of ants are candidates to solve such routing problems. To ensure system robustness and scalability, routing should be truly distributed and adaptive. The ac{CEAS} is an adaptive, robust and distributed routing and management system based on swarm intelligence. CEAS is performing stochastic routing with fast restoration on link failures. Previous work has shown that CEAS is robust and efficient in solving complex optimization problems such as finding primary and backup paths or simple cyclic paths (p-cycles) in networks. In all swarm systems there is a tradeoff between performance and management overhead (number of management packets). The focus in this work is on reducing the overhead in terms of management packets generated in ac{CEAS}. To achieve this, a new algorithm is proposed that applies pheromone sharing between sources going to identical destinations. Performance results from simulations show that the new CEAS system presented in this report outperforms the original CEAS in most scenarios. ntnudaim SIE7 kommunikasjonsteknologi Telematikk
143	Launching an Innovative Mobile Multimedia Communication Application : using different platforms Gunnerud, Runar January 2007 (has links) The IP Multimedia Subsystem (IMS) is intended by the Telco industry, to make it easy for third-party application developers to create new, innovative services that will help to offset the fall in revenue of regular voice services. However, a slow roll out of the system is increasing the chance of a disruptive technology to fill some of the space that IMS hopes to cover. This thesis presents a hands on example of the implementation of such a new innovative service. XMPP has been used as an alternative platform to launch the service, and is thoroughly compared to the IMS in this master's thesis. Ironically the service could not be launched on IMS due to technical problems. Results suggest that XMPP could replace IMS as a service platform, thus disrupting the business model of IMS. ntnudaim SIE7 kommunikasjonsteknologi Telematikk
144	A study of user authentication using mobile phone Hallsteinsen, Steffen Gullikstad January 2007 (has links) The number of different identities and credentials used for authentication towards services on the Internet has increased beyond the manageable. Still, the most common authentication scheme is based on usernames and passwords which are neither secure nor user-friendly. Hence, better solutions for simplified, yet secure authentication, is required in the future. This thesis present an authentication scheme based on a One-Time Password (OTP) MIDlet running on a mobile phone for unified authentication towards any type of service on the Internet. The scheme is described in detail by an analysis and a design model. Based on the analysis and design an implementation of a prototype has been developed using Java. The security aspects of scheme are thoroughly evaluated in a security evaluation which identifies threats, security objectives and possible attacks. The proposed solution offers a strong authentication scheme which can substitute many of the authentication schemes we are using to day. Not only can it replace the standard username/password scheme, but due to its security services it can also replace stronger schemes such as existing OTP and smartcard solutions. Therefore the solution is suitable for many services on the Internet which requires authentication such as Internet banking, corporate intranet, Internet stores and e-Government applications. ntnudaim SIE7 kommunikasjonsteknologi Telematikk
145	Efficient Web Services on Mobile Devices Johnsrud, Lars January 2007 (has links) Efficient solutions for Web Services on mobile devices would allow truly global, platform independent and interoperable information access, anywhere and at any time. While Web Services are continuously gaining ground, they are commonly reserved for use on personal computers and high-capacity servers, even though mobile devices are continuously becoming more advanced in terms of processing resources and wireless communication capabilities. This thesis identifies several challenges of accessing Web Services from mobile devices, and evaluates and discusses methods for creating more efficient solutions. Some of the challenges are the limited bandwidth and high communication latency. Reducing the size of XML information transferred and optimizing the communication protocol stack are identified as possible solutions to overcome these challenges. Additionally, as the communication cost correlates with the amount of data transferred, more efficient Web Services solutions are clearly beneficial for the end-user. The approaches described to reduce the size of XML files are traditional compression, alternative representation of the files, and binary XML. Binary XML is a compact representation of information that keeps the desirable structure of XML intact. The Efficient XML Interchange format currently being standardized by W3C is studied in more detail. Furthermore, optimizing the protocol stack has also been evaluated. A prototype Web Service system has been developed and tested in both simulated environments and in real surroundings using GPRS, EDGE and UMTS network connections. The results from the measurements show that both compression and the use of binary XML reduce the size of the information significantly and thereby the cost. Time needed to transfer the information is also reduced, and this effect is most apparent when the original files are large. Binary XML may however be the desirable format since it enables direct interaction with the information and keeps the memory footprint small. To reduce the time needed to transfer the information further, removing the HTTP protocol and optimizing the transport protocol, seems to minimize the effect of the latency. ntnudaim SIE7 kommunikasjonsteknologi Telematikk
146	Dependability modelling of Jgroup/ARM Sæstad, Ane January 2008 (has links) In the later years, fault tolerant distributed systems have been applied to a variety of network internal and external services. Keeping distributed systems consistent and fault tolerant require management functionality. Jgroup/ARM is a java based prototype system which automates this management functionality for fault tolerant distributed systems. This thesis presents an evaluation of the dependability characteristics of the Jgroup/ARM system. Both static and dynamic modelling techniques are introduced, but the main focus is on the dynamic techniques; state-diagrams and Petri net models. Previous work is evaluated to nd an approach suitable for dependability modelling of Jgroup/ARM. A system delivery model for Jgroup/ARM is developed based on its functionality. The monitored subsystem is dened to include the hardware (processors), a given number of services in the system and the replication management functionality (ARM framework). A Petri net model of Jgroup/ARM is developed in the Möbius modelling tool based on the system delivery model. A model of a single service replicated on a cluster of processors is developed, analyzed and expanded to include multiple services and the ARM framework functionality. The dependability of Jgroup/ARM is evaluated through simulating example scenarios in Möbius. The results show that the system availability is very high, even with a relatively high failure rate. ntnudaim SIE7 kommunikasjonsteknologi Telematikk
147	Technical and Commercial Potential for use of Wireless Trondheim's Wi-Fi Network for Payment Terminals Ulversøy, Joar January 2008 (has links) Wireless Trondheim is a company offering city-wide Wi-Fi network in Trondheim, seeking new ways to utilize the Wi-Fi network to increase the number of services offered, and also increasing the profits and total revenues. Payment cards are very popular in Norway, and merchants such as cafés or restaurants, or merchants at temporary events, may want to use wireless payment terminal in order to provide a convenient and easy way for customers to pay for their purchases. This thesis will address the technical and commercial potential of using payment terminal within Wireless Trondheim's Wi-Fi network. A study of the technical potential of using payment terminals within Wireless Trondheim's Wi-Fi network reveals two companies importing and configuring payment terminals in Norway, and that currently two terminals exist with Wi-Fi support. However, the security related to using terminals with Wi-Fi is not yet approved by the Banks' Standardization Office, which means that it is not possible to use payment terminals with Wi-Fi until the security has been approved. The test of a payment terminal in Wireless Trondheim's Wi-Fi network was not possible to conduct for the same security reasons. Among the two existing payment terminals with Wi-Fi, only one is available in Norway. This terminal is produced by Banksys and is called Xentissimo, and supports both GPRS, GSM and Wi-Fi. Ingenico 7810 is the other existing payment terminal with Wi-Fi, but this terminal does not have any other wireless communication option. A cost comparison of the different wireless payment access alternatives from the perspective of a merchant shows that Netcom GPRS is currently the cheapest alternative. Telenor GPRS is the second cheapest alternatives for low estimates of number of terminals and transactions for a typical café in Trondheim, while Ventelo broadband Point of Sale is the second cheapest alternative for a similar high estimate. Based on this comparison, a competitive and attractive price for the service offered by Wireless Trondheim has been determined and used to calculate revenues in the business model proposal. The business model proposal provided in this study is based on the high level elements of Osterwalder's Business Model Ontology. The model explains how Wireless Trondheim, in cooperation with the local branches of banks, can offer wireless access to payment terminals using Wireless Trondheim's Wi-Fi network. The chosen target customers for this service are cafés, restaurants and merchants at temporary events in the city of Trondheim, and the cooperation with the banks has been chosen in order to utilize the bank's existing distribution channels towards these target customers. The business and technical risks that this business model face are identified and described. Net present value calculations of the business model show negative results in the pessimistic and realistic scenario of market share, while the optimistic scenario gives a small positive net present value. These results suggest that the Wi-Fi connection offered by Wireless Trondheim is not cost-effective compared to Netcom GPRS, and that the business model proposed in this thesis does not have a commercial potential with the current customer estimates. However, if the Wi-Fi coverage increases and the number of potential customer increases substantially, it could be interesting to pursue this business model proposal further. An interesting possibility could also be a combination of offering payment access to terminals and Internet connection to merchants. The number of potential customers would then in that case be considerably larger, as the target customers would include most merchants in Trondheim, and not only be limited to restaurants, cafés and merchants at temporary events. ntnudaim SIE7 kommunikasjonsteknologi Telematikk
148	Forensic Key Discovery and Identification : Finding Cryptographic Keys in Physical Memory Maartmann-Moe, Carsten January 2008 (has links) Communication and whole-disk cryptosystems are on the verge of becoming mainstream tools for protection of data, both in corporate laptops and private computing equipment. While encryption is a useful tool, it also present new problems for forensic investigators, as clues to their investigation may be undecipherable. However, contrary to popular belief, these systems are not impenetrable. Forensic memory dumping and analysis can pose as ways to recover cryptographic keys that are present in memory due to bad coding practice, operation system quirks or hardware hacks. The volatile nature of physical memory does however challenge the classical principles of digital forensics as its transitory state may disappear at the flick of a switch. In this thesis, we analyze existing and present new cryptographic key search algorithms, together with different confiscation and analysis methods for images of volatile memory. We provide a new proof of concept tool that can analyze memory images and recover cryptographic keys, and use this tool together with a virtualized testbed to simulate and examine the different states of platforms with several separate cryptosystems. Making use of this testbed, we provide experiments to point out how modern day encryption in general are vulnerable to memory disclosure attacks. We show that memory management procedures, coding practice and the overall state of the system has great impact on the amount and quality of data that can be extracted, and present simple statistics of our findings. The discoveries have significant implications for most software encryption vendors and the businesses relying on these for data security. Using our results, we suggest best practices that can help investigators build a more comprehensive data foundation for analysis, by reconstructing virtual memory from RAM images. We also discuss how investigators may reduce the haystack by leveraging memory and process structure on Windows computers. Finally we tie this to current digital forensic procedures, and suggest an optimized way of handling live analysis based on the latest development in the field. ntnudaim SIE7 kommunikasjonsteknologi Telematikk
149	PowerScan: A Framework for Dynamic Analysis and Anti-Virus Based Identification of Malware Langerud, Thomas, Lillesand, Jøran Vagnby January 2008 (has links) This thesis describes the design and implementation of a framework, PowerScan, which provides the ability to combine multiple tools in the analysis of a malware sample. The framework utilizes XML configuration in order to provide extendability so that new tools can be added post compilation without significant effort. The framework deals with three major types of malware analysis: 1. Surface scan of a sample with multiple on-demand anti-virus engines. 2. Execution of malware sample with real-time (on-access) anti-virus engines running in the background. 3. Execution of malware sample with different dynamic analysis solutions running. These tools may monitor the file system, registry, network or other aspects of the operating systems during execution. The reasoning behind each of these phases are: 1. Using multiple scanners increases the probability that at least one of the vendors has created a detection signature for the given malware. 2. Executing the sample ensures that the malware code sooner or later will be written to disk or memory. This should greatly enhance detection rate for samples obfuscated using packers with encryption or other techniques, as the code at some point must be deobfuscated before execution. Additionally, on-demand scanners might use more advanced (and resource consuming) techniques when monitoring files executed on the system. As for surface scanning, the odds of correctly identifying the malware also increases when using more scanners. 3. Although several good sandbox analysis tools exist, the solution presented here allows the malware analyst choose which analysis tools to use - and even use different tool for analyzing the same aspect of the execution. A thorough description of both design, implementation and testing is given in the report. In addition to the implementation of the PowerScan framework described above, the theory behind all involved components is presented. This includes description of the Microsoft Windows platform (which is used for executing malware in PowerScan, and the one definitely most targeted by malware at the time of writing), virtualization (which is used in the virtual machines), anti-virus technology, malware hiding techniques and more. Surveys of the usability of different anti-virus engines and dynamic analysis tools in the framework have been conducted and are presented in the appendices, together with a comprehensive user guide. ntnudaim SIE7 kommunikasjonsteknologi Telematikk
150	Newspaper on e-paper with WiFi transfer : The newspaper of the future Aune, Håkon Rørvik January 2008 (has links) An e-newspaper is the result of newspaper content adapted to electronic paper. Electronic paper is a display technology which has many favourable attributes. It is a passive display technology which means that it can have the appearence of paper due to its high contrast, it is readable like paper due to only changing its pixels when the image changes and also uses very little power making it suitable for mobile uses. Making an e-newspaper service has many challenges, the areas focused on in this thesis are namely layout and distribution. There is great differences between an online newspaper and a paper newspaper, and the question is which direction is suitable for an e-newspaper. Some of the factors that plays a role includes rates of updates, feel of quality, ``charm'' and of course personal preferences. Distribution is split in two different approaches, pull or push. The latter most preferable because it gives the quickest updates in an automatic fashion. The reason for considering pull distribution is because it is more suited for devices that wishes to limit the time with an active air interface. There was made a demonstration of such an e-newspaper service, with a standard template, online newspaper inspired, layout and pull distribution to accomodate the chosen e-paper device's poor battery life. The pull distribution was further user initiated to conserve even more power. The software made for this demonstration can be found in the accompanying archive file. There was a test group, which evaluated the demonstration for a period of time. They did not completely agree with the layout choices, as they favoured a layout closer to the original paper source. That the download was user initiated was not a great problem though. ntnudaim SIE7 kommunikasjonsteknologi Telematikk

Search results