Coding techniques for information-theoretic strong secrecy on wiretap channels

Subramanian, Arunkumar

29 August 2011

Traditional solutions to information security in communication systems act in the application layer and are oblivious to the effects in the physical layer. Physical-layer security methods, of which information-theoretic security is a special case, try to extract security from the random effects in the physical layer. In information-theoretic security, there are two asymptotic notions of secrecy---weak and strong secrecy This dissertation investigates the problem of information-theoretic strong secrecy on the binary erasure wiretap channel (BEWC) with a specific focus on designing practical codes. The codes designed in this work are based on analysis and techniques from error-correcting codes. In particular, the dual codes of certain low-density parity-check (LDPC) codes are shown to achieve strong secrecy in a coset coding scheme. First, we analyze the asymptotic block-error rate of short-cycle-free LDPC codes when they are transmitted over a binary erasure channel (BEC) and decoded using the belief propagation (BP) decoder. Under certain conditions, we show that the asymptotic block-error rate falls according to an inverse square law in block length, which is shown to be a sufficient condition for the dual codes to achieve strong secrecy. Next, we construct large-girth LDPC codes using algorithms from graph theory and show that the asymptotic bit-error rate of these codes follow a sub-exponential decay as the block length increases, which is a sufficient condition for strong secrecy. The secrecy rates achieved by the duals of large-girth LDPC codes are shown to be an improvement over that of the duals of short-cycle-free LDPC codes.

Belief propagation

Girth

Sparse graph codes

Low-density parity-check (LDPC) codes

Information-theoretic security

Coding theory

Information theory

Data protection

Electronic security systems

Wiretapping

On spectrum sensing, resource allocation, and medium access control in cognitive radio networks

Karaputugala Gamacharige, Madushan Thilina

12 1900

The cognitive radio-based wireless networks have been proposed as a promising technology to improve the utilization of the radio spectrum through opportunistic spectrum access. In this context, the cognitive radios opportunistically access the spectrum which is licensed to primary users when the primary user transmission is detected to be absent. For opportunistic spectrum access, the cognitive radios should sense the radio environment and allocate the spectrum and power based on the sensing results. To this end, in this thesis, I develop a novel cooperative spectrum sensing scheme for cognitive radio networks (CRNs) based on machine learning techniques which are used for pattern classification. In this regard, unsupervised and supervised learning-based classification techniques are implemented for cooperative spectrum sensing. Secondly, I propose a novel joint channel and power allocation scheme for downlink transmission in cellular CRNs. I formulate the downlink resource allocation problem as a generalized spectral-footprint minimization problem. The channel assignment problem for secondary users is solved by applying a modified Hungarian algorithm while the power allocation subproblem is solved by using Lagrangian technique. Specifically, I propose a low-complexity modified Hungarian algorithm for subchannel allocation which exploits the local information in the cost matrix. Finally, I propose a novel dynamic common control channel-based medium access control (MAC) protocol for CRNs. Specifically, unlike the traditional dedicated control channel-based MAC protocols, the proposed MAC protocol eliminates the requirement of a dedicated channel for control information exchange. / October 2015

Cognitive radio networks

Resource allocation

Medium access control

MAC protocol

Spectrum sensing

Machine learning

Dynamic common control channel

OFDMA

Multiuser

cellular

Data Protection and Data Security Concept for Medical Applications in a Grid Computing Environment / Ein Datenschutz- und Datensicherheits-konzept für medizinischen Anwendungen in einer Grid-Computing Umgebung

Mohammed, Yassene

28 October 2008

No description available.

004 Informatik

Mathematics and Computer Science

Medical Grid Computing

Grid Computing

Data Protection

Authorization

Access Contorl

Access Control Models

Medizinisches Grid-Computing

Grid-Computing

Datenschutz

Autorisierung

Zugriffskontrolle

Zugriffskontrollmodelle

44.32

MED 250: Medizinische Informatik

Data ownership and interoperability for a decentralized social semantic web

SAMBRA, Andrei Vlad

19 November 2013

Ensuring personal data ownership and interoperability for decentralized social Web applications is currently a debated topic, especially when taking into consideration the aspects of privacy and access control. Since the user's data are such an important asset of the current business models for most social Websites, companies have no incentive to share data among each other or to offer users real ownership of their own data in terms of control and transparency of data usage. We have concluded therefore that it is important to improve the social Web in such a way that it allows for viable business models while still being able to provide increased data ownership and data interoperability compared to the current situation. To this regard, we have focused our research on three different topics: identity, authentication and access control. First, we tackle the subject of decentralized identity by proposing a new Web standard called "Web Identity and Discovery" (WebID), which offers a simple and universal identification mechanism that is distributed and openly extensible. Next, we move to the topic of authentication where we propose WebID-TLS, a decentralized authentication protocol that enables secure, efficient and user friendly authentication on the Web by allowing people to login using client certificates and without relying on Certification Authorities. We also extend the WebID-TLS protocol, offering delegated authentication and access delegation. Finally we present our last contribution, the Social Access Control Service, which serves to protect the privacy of Linked Data resources generated by users (e.g. pro le data, wall posts, conversations, etc.) by applying two social metrics: the "social proximity distance" and "social contexts"

[INFO:INFO_OH] Computer Science/Other

[INFO:INFO_OH] Informatique/Autre

Decentralized identity

Decentralized authentification

Data privacy

Access control

WebID

WebID-TLS

Semantic web

Medium Access Control, Packet Routing, and Internet Gateway Placement in Vehicular Ad Hoc Networks

Omar, Hassan Aboubakr

January 2014

Road accidents represent a serious social problem and are one of the leading causes of human death and disability on a global scale. To reduce the risk and severity of a road accident, a variety of new safety applications can be realized through wireless communications among vehicles driving nearby each other, or among vehicles and especially deployed road side units (RSUs), a technology known as a vehicular ad hoc network (VANET). Most of the VANET-enabled safety applications are based on broadcasting of safety messages by vehicles or RSUs, either periodically or in case of an unexpected event, such as a hard brake or dangerous road condition detection. Each broadcast safety message should be successfully delivered to the surrounding vehicles and RSUs without any excess delay, which is one of the main functions of a medium access control (MAC) protocol proposed for VANETs. This thesis presents VeMAC, a new multichannel time division multiple access (TDMA) protocol specifically designed to support the high priority safety applications in a VANET scenario. The ability of the VeMAC protocol to deliver periodic and event-driven safety messages in VANETs is demonstrated by a detailed delivery delay analysis, including queueing and service delays, for both types of safety messages. As well, computer simulations are conducted by using MATLAB, the network simulator ns-2, and the microscopic vehicle traffic simulator VISSIM, in order to evaluate the performance of the VeMAC protocol, in comparison with the IEEE 802.11p standard and the ADHOC MAC protocol (another TDMA protocol proposed for ad hoc networks). A real city scenario is simulated and different performance metrics are evaluated, including the network goodput, protocol overhead, channel utilization, protocol fairness, probability of a transmission collision, and safety message delivery delay. It is shown that the VeMAC protocol considerably outperforms the existing MAC schemes, which have significant limitations in supporting VANET safety applications. In addition to enhancing road safety, in-vehicle Internet access is one of the main applications of VANETs, which aims at providing the vehicle passengers with a low-cost access to the Internet via on-road gateways. This thesis presents a new strategy for deploying Internet gateways on the roads, in order to minimize the total cost of gateway deployment, while ensuring that a vehicle can connect to an Internet gateway (using multihop communications) with a probability greater than a specified threshold. This cost minimization problem is formulated by using binary integer programming, and applied for optimal gateway placement in a real city scenario. To the best of our knowledge, no previous strategy for gateway deployment has considered the probability of multihop connectivity among the vehicles and the deployed gateways. In order to allow a vehicle to discover the existence of an Internet gateway and to communicate with the gateway via multihops, a novel data packet routing scheme is proposed based on the VeMAC protocol. The performance of this cross-layer design is evaluated for a multichannel VANET in a highway scenario, mainly in terms of the end-to-end packet delivery delay. The packet queueing at each relay vehicle is considered in the end-to-end delay analysis, and numerical results are presented to study the effect of various parameters, such as the vehicle density and the packet arrival rate, on the performance metrics. The proposed VeMAC protocol is a promising candidate for MAC in VANETs, which can realize many advanced safety applications to enhance the public safety standards and improve the safety level of drivers/passengers and pedestrians on roads. On the other hand, the proposed gateway placement strategy and packet routing scheme represent a strong step toward providing reliable and ubiquitous in-vehicle Internet connectivity.

Medium Access Control

Packet Routing

Internet Gateway Placement

Vehicular Ad Hoc Networks

Time Division Multiple Access

Packet Delay Analysis

Road Safety Applications

In-Vehicle Internet Access

IEEE 802.11p

Reliable Broadcast

Enhancing security in distributed systems with trusted computing hardware

Reid, Jason Frederick

January 2007

The need to increase the hostile attack resilience of distributed and internet-worked computer systems is critical and pressing. This thesis contributes to concrete improvements in distributed systems trustworthiness through an enhanced understanding of a technical approach known as trusted computing hardware. Because of its physical and logical protection features, trusted computing hardware can reliably enforce a security policy in a threat model where the authorised user is untrusted or when the device is placed in a hostile environment. We present a critical analysis of vulnerabilities in current systems, and argue that current industry-driven trusted computing initiatives will fail in efforts to retrofit security into inherently flawed operating system designs, since there is no substitute for a sound protection architecture grounded in hardware-enforced domain isolation. In doing so we identify the limitations of hardware-based approaches. We argue that the current emphasis of these programs does not give sufficient weight to the role that operating system security plays in overall system security. New processor features that provide hardware support for virtualisation will contribute more to practical security improvement because they will allow multiple operating systems to concurrently share the same processor. New operating systems that implement a sound protection architecture will thus be able to be introduced to support applications with stringent security requirements. These can coexist alongside inherently less secure mainstream operating systems, allowing a gradual migration to less vulnerable alternatives. We examine the effectiveness of the ITSEC and Common Criteria evaluation and certification schemes as a basis for establishing assurance in trusted computing hardware. Based on a survey of smart card certifications, we contend that the practice of artificially limiting the scope of an evaluation in order to gain a higher assurance rating is quite common. Due to a general lack of understanding in the marketplace as to how the schemes work, high evaluation assurance levels are confused with a general notion of 'high security strength'. Vendors invest little effort in correcting the misconception since they benefit from it and this has arguably undermined the value of the whole certification process. We contribute practical techniques for securing personal trusted hardware devices against a type of attack known as a relay attack. Our method is based on a novel application of a phenomenon known as side channel leakage, heretofore considered exclusively as a security vulnerability. We exploit the low latency of side channel information transfer to deliver a communication channel with timing resolution that is fine enough to detect sophisticated relay attacks. We avoid the cost and complexity associated with alternative communication techniques suggested in previous proposals. We also propose the first terrorist attack resistant distance bounding protocol that is efficient enough to be implemented on resource constrained devices. We propose a design for a privacy sensitive electronic cash scheme that leverages the confidentiality and integrity protection features of trusted computing hardware. We specify the command set and message structures and implement these in a prototype that uses Dallas Semiconductor iButtons. We consider the access control requirements for a national scale electronic health records system of the type that Australia is currently developing. We argue that an access control model capable of supporting explicit denial of privileges is required to ensure that consumers maintain their right to grant or withhold consent to disclosure of their sensitive health information in an electronic system. Finding this feature absent in standard role-based access control models, we propose a modification to role-based access control that supports policy constructs of this type. Explicit denial is difficult to enforce in a large scale system without an active central authority but centralisation impacts negatively on system scalability. We show how the unique properties of trusted computing hardware can address this problem. We outline a conceptual architecture for an electronic health records access control system that leverages hardware level CPU virtualisation, trusted platform modules, personal cryptographic tokens and secure coprocessors to implement role based cryptographic access control. We argue that the design delivers important scalability benefits because it enables access control decisions to be made and enforced locally on a user's computing platform in a reliable way.

trusted computing

trusted computing hardware

trusted systems

operating system security

distributed systems security

smart card

security evaluation

tamper resistance

distance bounding protocol

side channel leakage

electronic cash

electronic health records

role-based access control

Channel based medium access control for ad hoc wireless networks

Ashraf, Manzur

January 2009

Opportunistic communication techniques have shown to provide significant performance improvements in centralised random access wireless networks. The key mechanism of opportunistic communication is to send back-to-back data packets whenever the channel quality is deemed "good". Recently there have been attempts to introduce opportunistic communication techniques in distributed wireless networks such as wireless ad hoc networks. In line of this research, we propose a new paradigm of medium access control, called Channel MAC based on the channel randomness and opportunistic communication principles. Scheduling in Channel MAC depends on the instance at which the channel quality improves beyond a threshold, while neighbouring nodes are deemed to be silent. Once a node starts transmitting, it will keep transmitting until the channel becomes "bad". We derive an analytical throughput equation of the proposed MAC in a multiple access environment and validate it by simulations. It is observed that Channel MAC outperforms IEEE 802.11 for all probabilities of good channel condition and all numbers of nodes. For higher number of nodes, Channel MAC achieves higher throughput at lower probabilities of good channel condition increasing the operating range. Furthermore, the total throughput of the network grows with increasing number of nodes considering negligible propagation delay in the network. A scalable channel prediction scheme is required to implement the practical Channel MAC protocol in practice. We propose a mean-value based channel prediction scheme, which provides prediction with enough accuracy to be used in the Channel MAC protocol. NS2 simulation result shows that the Channel MAC protocol outperforms the IEEE 802.11 in throughput due to its channel diversity mechanism in spite of the prediction errors and packet collisions. Next, we extend the Channel MAC protocol to support multi-rate communications. At present, two prominent multi-rate mechanisms, Opportunistic Auto Rate (OAR) and Receiver Based Auto Rate (RBAR) are unable to adapt to short term changes in channel conditions during transmission as well as to use optimum power and throughput during packet transmissions. On the other hand, using channel predictions, each source-destinations pair in Channel MAC can fully utilise the non-fade durations. We combine the scheduling of Channel MAC and the rate adaptive transmission based on the channel state information to design the 'Rate Adaptive Channel MAC' protocol. However, to implement the Rate adaptive Channel MAC, we need to use a channel prediction scheme to identify transmission opportunities as well as auto rate adaptation mechanism to select rates and number of packets to transmit during those times. For channel prediction, we apply the scheme proposed for the practical implementation of Channel MAC. We propose a "safety margin" based technique to provide auto rate adaptation. Simulation results show that a significant performance improvement can be achieved by Rate adaptive Channel MAC as compared to existing rate adaptive protocols such as OAR.

Ad hoc networks (Computer networks)

ad hoc networks

230202 Stochastic Analysis and Modelling

280204 Signal Processing

290901 Electrical Engineering

291704 Computer Communications Networks

291703 Digital Systems

medium access control

rate control

wireless networks

Security and privacy model for association databases

Kong, Yibing

Unknown Date

With the rapid development of information technology, data availability is improved greatly. Data may be accessed at anytime by people from any location. However,threats to data security and privacy arise as one of the major problems of the development of information systems, especially those information systems which contain personal information. An association database is a personal information system which contains associations between persons. In this thesis, we identify the security and privacy problems of association databases. In order to solve these problems, we propose a new security and privacy model for association databases equipped with both direct access control and inference control mechanisms. In this model, there are multiple criteria including, not only confidentiality, but also privacy and other aspects of security to classify the association. The methods used in the system are: The direct access control method is based on the mandatory model; The inference control method is based on both logic reasoning and probabilistic reasoning (Belief Networks). My contributions to security and privacy model for association databases and to inference control in the model include: Identification of security and privacy problems in association databases; Formal definition of association database model; Representation association databases as directed multiple graphs; Development of axioms for direct access control; Specification of the unauthorized inference problem; A method for unauthorized inference detection and control that includes: Development of logic inference rules and probabilistic inference rule; Application of belief networks as a tool for unauthorized inference detection and control.

Computer Sciences

Channel based medium access control for ad hoc wireless networks

Ashraf, Manzur

January 2009

Opportunistic communication techniques have shown to provide significant performance improvements in centralised random access wireless networks. The key mechanism of opportunistic communication is to send back-to-back data packets whenever the channel quality is deemed "good". Recently there have been attempts to introduce opportunistic communication techniques in distributed wireless networks such as wireless ad hoc networks. In line of this research, we propose a new paradigm of medium access control, called Channel MAC based on the channel randomness and opportunistic communication principles. Scheduling in Channel MAC depends on the instance at which the channel quality improves beyond a threshold, while neighbouring nodes are deemed to be silent. Once a node starts transmitting, it will keep transmitting until the channel becomes "bad". We derive an analytical throughput equation of the proposed MAC in a multiple access environment and validate it by simulations. It is observed that Channel MAC outperforms IEEE 802.11 for all probabilities of good channel condition and all numbers of nodes. For higher number of nodes, Channel MAC achieves higher throughput at lower probabilities of good channel condition increasing the operating range. Furthermore, the total throughput of the network grows with increasing number of nodes considering negligible propagation delay in the network. A scalable channel prediction scheme is required to implement the practical Channel MAC protocol in practice. We propose a mean-value based channel prediction scheme, which provides prediction with enough accuracy to be used in the Channel MAC protocol. NS2 simulation result shows that the Channel MAC protocol outperforms the IEEE 802.11 in throughput due to its channel diversity mechanism in spite of the prediction errors and packet collisions. Next, we extend the Channel MAC protocol to support multi-rate communications. At present, two prominent multi-rate mechanisms, Opportunistic Auto Rate (OAR) and Receiver Based Auto Rate (RBAR) are unable to adapt to short term changes in channel conditions during transmission as well as to use optimum power and throughput during packet transmissions. On the other hand, using channel predictions, each source-destinations pair in Channel MAC can fully utilise the non-fade durations. We combine the scheduling of Channel MAC and the rate adaptive transmission based on the channel state information to design the 'Rate Adaptive Channel MAC' protocol. However, to implement the Rate adaptive Channel MAC, we need to use a channel prediction scheme to identify transmission opportunities as well as auto rate adaptation mechanism to select rates and number of packets to transmit during those times. For channel prediction, we apply the scheme proposed for the practical implementation of Channel MAC. We propose a "safety margin" based technique to provide auto rate adaptation. Simulation results show that a significant performance improvement can be achieved by Rate adaptive Channel MAC as compared to existing rate adaptive protocols such as OAR.

Ad hoc networks (Computer networks)

ad hoc networks

230202 Stochastic Analysis and Modelling

280204 Signal Processing

290901 Electrical Engineering

291704 Computer Communications Networks

291703 Digital Systems

medium access control

rate control

wireless networks

Security and privacy model for association databases

Kong, Yibing

Unknown Date

With the rapid development of information technology, data availability is improved greatly. Data may be accessed at anytime by people from any location. However,threats to data security and privacy arise as one of the major problems of the development of information systems, especially those information systems which contain personal information. An association database is a personal information system which contains associations between persons. In this thesis, we identify the security and privacy problems of association databases. In order to solve these problems, we propose a new security and privacy model for association databases equipped with both direct access control and inference control mechanisms. In this model, there are multiple criteria including, not only confidentiality, but also privacy and other aspects of security to classify the association. The methods used in the system are: The direct access control method is based on the mandatory model; The inference control method is based on both logic reasoning and probabilistic reasoning (Belief Networks). My contributions to security and privacy model for association databases and to inference control in the model include: Identification of security and privacy problems in association databases; Formal definition of association database model; Representation association databases as directed multiple graphs; Development of axioms for direct access control; Specification of the unauthorized inference problem; A method for unauthorized inference detection and control that includes: Development of logic inference rules and probabilistic inference rule; Application of belief networks as a tool for unauthorized inference detection and control.

Computer Sciences