The feasibility of memory encryption and authentication

Owen, Donald Edward, Jr.

09 October 2013

This thesis presents an analysis of the implementation feasibility of RAM authentication and encryption. Past research as used simulations to establish that it is possible to authenticate and encrypt the contents of RAM with reasonable performance penalties by using clever implementations of tree data structures over the contents of RAM. However, previous work has largely bypassed implementation issues such as power consumption and silicon area required to implement the proposed schemes, leaving implementation details unspecified. This thesis studies the implementation cost of AES-GCM hardware and software solutions for memory authentication and encryption and shows that software solutions are infeasible because they are too costly in terms of performance and power, whereas hardware solutions are more feasible. / text

AES

GCM

DRAM

RAM

Encryption

Authentication

Authenticated query processing /

Papadopoulos, Stavros.

January 2010

Includes bibliographical references (p. 134-138).

Integrating biometric authentication into multiple applications

Breedt, Morné.

January 2005

Thesis (M. Sc.)(Computer science)--University of Pretoria, 2005. / Includes bibliographical references. Available on the Internet via the World Wide Web.

A dependable and secure approach for secret key establishment and operation in automotive CPS

Giri, Naresh Kumar

January 1900

Master of Science / Department of Computer Science / Arslan Munir / Modern automobiles incorporate a network of electronic control units (ECUs) that provides a range of features such as safety, driver assistance, infotainment. Such network of ECUs in a vehicle are connected to each other through buses, forming interconnections called intra-vehicle network. Bus technologies that are widely used in modern day automobiles are controller area network (CAN), local interconnect network (LIN), and media oriented systems transport (MOST). These bus technologies, however, do not possess any security or dependability features, and thus are susceptible to vulnerabilities. Such vulnerabilities allow attackers to mount passive attacks (e.g., snooping) and/or active attacks (e.g., fault injection). In this study, we propose a scheme for secure authentication of automotive ECUs. Our proposed scheme ensures that only authenticated ECUs can participate in communication over the intra-vehicle network/bus. ECU authentication is carried out using certificate-based authentication which is implemented using elliptic curve cryptography (ECC). The study also proposes a symmetric (session) key-establishment mechanism within intra-vehicular network to establish a common symmetric (session) key for all ECUs to communicate over the network. The key-establishment mechanism removes the need of storing symmetric keys in ECU memory permanently. The study incorporates key refreshment by assigning a certain lifetime/timeframe period to symmetric (session) key and then regularly updates session key after the expiration of each lifetime. Our proposed method provides confidentiality and integrity in intra-vehicle ECU communication without violating safety and real-time constraints of the vehicle. Our approach leverages multi-core ECUs to provide fault-tolerance by using redundant multi-threading (FT-RMT), performs quick error detection (FT-QED) and accelerate performance using lightweight checkpointing (CP).

Authentication

Symmetric key

Key generation

Key distribution

Secure Communication Scheme in Smart Home Environment

Jonnalagadda, Hari Krishna

28 June 2016

Internet of Things, has started to mark its existence from past few years. Right from its inception with a coke machine at Carnegie Mellon University, it has come a long way, connecting billions of devices to internet. This journey is well supported by the advancements in networking, hardware miniaturization and sensing capabilities. Diverse nature of applications of Internet of Things, has cut the communication barriers between the varieties of fields ranging from manufacturing industry to health-care industry. Smart Home is one such application of Internet of Things. Connectivity of home appliances, to achieve automation in living, defines Smart Home. Out of welter of applications that are derived from Internet of Things, this thesis concentrates on Smart Home. Smart Home, in practical is expected to conserve lot of energy, by achieving automation of home appliances, on par with best living experience. Existing technologies such as Z-wave, One-Net, ZigBee, Insteon, had already occupied the Smart Home communication. However, these technologies face the problem of identifying the smart devices uniquely and also exhibit security vulnerabilities. Proposed scheme exploits accelerometer fingerprinting to identify the smart devices uniquely. Security vulnerabilities of existing protocols are addressed by encrypting the data on move with CCM mode of AES encryption.

Security

Accelerometer

Gravity

Authentication

Automation

Computer Sciences

Factors impacting the adoption of biometric authentication in the local banking sector

Pooe, Antonio

08 November 2011

M.Tech. / This research is concerned with establishing the causes for the slow adoption of biometric authentication in the South African banking sector and constitutes exploratory research. It looks at the widely accepted means of authentication and delves deeper into why these modes may not be sufficient to protect sensitive data. The scope of the research is limited to the banking sector only. The first sections of the study establish what the biometric authentication norms are amongst international banking institutions. This is then followed by an environmental study of the South African approach to biometric authentication. Owing to the limited number of banks in South Africa compared to developed countries, the study is limited to the four major banking institutions in South Africa, namely ABSA, Standard Bank, Nedbank and First National Bank. An online survey was used to gather the required data for analysis. The general approach adopted to investigate the extent to which biometric authentication is used by the said four banks was to first measure the respondents’ knowledge of biometrics and to establish the level of exposure the respondents had to the said technology. The next step was then to establish the extent to which the participating banks had investigated the use of biometric authentication. This was followed by consideration of the current use of biometric authentication and lastly, the future use and user perceptions regarding various aspects of biometric authentication in the financial services sector. A matrix that identifies the factors perceived to be impacting the adoption of biometric authentication concludes the last chapter on user perception.

Biometry

Authentication

Banks and banking - Security measures

Multi-factor Authentication : System proposal and analysis of continuous authentication methods

Fält, Markus

January 2020

It is common knowledge that the average user has multiple online accounts which all require a password. Some studies have shown that the number password for the average user is around 25. Considering this, one can see that it is unreasonable to expect the average user to have 25 truly unique passwords. Because of this multi-factor authentication could potentially be used to reduce the number of passwords to remember while maintaining and possibly exceeding the security of unique passwords. This thesis therefore, aims to examine continuous authentication methods as well as proposing an authentication system for combining various authentication methods. This was done by developing an authentication system using three different authentication factors. This system used a secret sharing scheme so that the authentication factors could be weighted according to their perceived security. The system also proposes a secure storage method for the secret shares and the feasibility of this is shown. The continuous authentication methods tests were done by testing various machine learning methods on two public datasets. The methods were graded on accuracy and the rate at which the wrong user was accepted. This showed that random forest and decision trees worked well on the particular datasets. Ensemble learning was then tested to see how the two continuous factors performed once combined into a single classifier. This gave an equal error rate of around 5% which is comparable to state-of-the-art methods used for similar datasets.

continuous authentication

machine learning

Computer Systems

Datorsystem

Digital Receipts: A System to Detect the Compromise of Digital Certificates

Seeley, Nathaniel Allen

11 November 2006

The ease of copying digital materials creates difficulty in detecting the theft of digital certificates. Uneducated users frequently fail to protect their digital certificate keys by not encrypting them, storing them in insecure places, and using them unwisely. In addition, there is no way to prove that protocols involving certificates are completely secure. This thesis introduces a system to ameliorate these problems by detecting the compromise of digital certificates. It leverages dual logging messages sent via side channels to a trusted third party. This third party correlates these messages and automatically detects when an imposter presents a certificate based on the collected evidence.

authentication

digital certificate

X.509

Computer Sciences

Evaluation de la confiance dans un processus d'authentification / Trust evalution in an authentication process

Hatin, Julien

24 November 2017

Dans notre quotidien, le smartphone est devenu un outil indispensable pour effectuer nos tâches courantes. Accéder à des services en ligne depuis son téléphone mobile est devenu une action commune. Afin de s'authentifier à ces services parfois sensibles, la seule protection est généralement l'usage d'un mot de passe. Ces mots de passe pour être robustes doivent être de plus en plus longs. Ceci représente, sur les téléphones mobiles, une contrainte plus forte que pour les ordinateurs de bureau puisque les claviers tactiles disposent de moins de touches. D'autres méthodes d'authentification ont vu le jour sur téléphones mobiles comme la reconnaissance faciale sur les appareils android ou bien l'empreinte digitale qui gagne le marché des smartphones et même le domaine bancaire avec Apple Pay.Afin de simplifier l'authentification, la biométrie prend une part de plus en plus importante dans l'usage des téléphones mobiles. Au delà des capteurs dédiés à l'acquisition de données biométriques, il est aussi possible d'utiliser l'environnement du téléphone mobile pour authentifier les utilisateurs. Si les méthodes d'authentification tendent à se transformer pour devenir de plus en plus transparentes, cela amène deux questions :Comment utiliser ces nouvelles techniques d'authentification dans les processus actuels d'authentification ?Quels impacts ces nouvelles méthodes peuvent avoir sur la vie privée des utilisateurs ?L'objectif de cette thèse est de proposer des méthodes d'authentification transparentes qui soient respectueuses de la vie privée des utilisateurs tout en permettant leur intégration dans les systèmes actuels d'authentification.Dans le manuscrit de thèse, nous abordons ces deux questions en analysant tout d'abord les travaux existants sur la collecte des données permettant l'authentification sur téléphone mobile. Puis, une fois les données collectées, nous verrons les processus permettant la mise en place d'une authentification respectueuse de la vie privée. Enfin, nous évaluons concrètement ces méthodes d'authentification par la réalisation de prototypes à l'échelle industrielle. / In our daily life, the smartphone became an unavoidable tool to perform our common tasks.Accessing to online services from its mobile phone is an usual action.In order to authenticate to those services, that might be sensitive, the one and only protection is usually a password. Those passwords must be longer and longer to stay robust.This is a bigger constraint on mobile phones than on desktop computers.Other authentication solutions are dedicated to smartphones, like facial recognition on android and now Apple smartphones or the fingerprint that conquier new phones.To ease the authentication process, biometrics is more and more often used on mobile phones. In addition to the dedicated biometric sensors, it is also possible to use the phone environement to authenticate users.However, if authentication methods are becoming more and more transparent, it brings two questions:How to integrate those new methods within the actual authentication framework ?What is the impact of those new methods on users' privacy ?The main goal of the phD is to offers privacy compliant transparent authentication methods while integrating them in current authentication systems.In this document, we evaluates those two questions by first analyzing existing works on the data collection for transparent authentication on mobile phones. Then, once the data are collected, we will see wich process can enable the privacy protection. To conclude, we will evaluates concretly those solutions by building industrial prototypes.

Authentification Transparente

Transparent authentication

Trust,

Prrivacy protection

Malicious Manipulation in Service-Oriented Network, Software, and Mobile Systems: Threats and Defenses

Shen, Dakun

30 May 2019

This dissertation includes three approaches we have been designed to tackle threats and challenges in network, software, and mobile security. The first approach demonstrates a new class of content masking attacks against the Adobe PDF standard, causing documents to appear to humans dissimilar to the underlying content extracted by information-based services. The second work protects sensitive data in binaries from being corrupted by cyber attackers. The last work proposes a mechanism which utilizes the unique walking patterns inherent to humans and differentiate our work from other walking behavior studies by using it as first-order authentication and developing matching methods fast enough to act as an actual anti-theft system.

authentication

online services

System security

Computer Sciences