71 |
Misuse Patterns for the SSL/TLS ProtocolUnknown Date (has links)
The SSL/TLS is the main protocol used to provide secure data connection between a
client and a server. The main concern of using this protocol is to avoid the secure
connection from being breached. Computer systems and their applications are becoming
more complex and keeping these secure connections between all the connected components
is a challenge.
To avoid any new security flaws and protocol connections weaknesses, the SSL/TLS
protocol is always releasing newer versions after discovering security bugs and
vulnerabilities in any of its previous version. We have described some of the common
security flaws in the SSL/TLS protocol by identifying them in the literature and then by
analyzing the activities from each of their use cases to find any possible threats. These
threats are realized in the form of misuse cases to understand how an attack happens from
the point of the attacker. This approach implies the development of some security patterns
which will be added as a reference for designing secure systems using the SSL/TLS protocol. We finally evaluate its security level by using misuse patterns and considering
the threat coverage of the models. / Includes bibliography. / Dissertation (Ph.D.)--Florida Atlantic University, 2017. / FAU Electronic Theses and Dissertations Collection
|
72 |
Password-authenticated two-party key exchange with long-term securityUnknown Date (has links)
In the design of two-party key exchange it is common to rely on a Die-Hellman type hardness assumption in connection with elliptic curves. Unlike the case of nite elds, breaking multiple instances of the underlying hardness assumption is here considered substantially more expensive than breaking a single instance. Prominent protocols such as SPEKE [12] or J-PAKE [8, 9, 10] do not exploit this, and here we propose a password-authenticated key establishment where the security builds on the intractability of solving a specied number of instances v of the underlying computational problem. Such a design strategy seems particularly interesting when aiming at long-term security guarantees for a protocol, where expensive special purpose equipment might become available to an adversary. In this thesis, we give one protocol for the special case when v = 1 in the random oracle model, then we provide the generalized protocol in the random oracle model and a variant of the generalized protocol in the standard model for v being a polynomial of the security parameter `. / by WeiZheng Gao. / Thesis (Ph.D.)--Florida Atlantic University, 2012. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2012. Mode of access: World Wide Web.
|
73 |
A client puzzle based public-key authentication and key establishment protocol.January 2002 (has links)
Fung Chun-Kan. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2002. / Includes bibliographical references (leaves 105-114). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgements --- p.iv / List of Figures --- p.viii / List of Tables --- p.x / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Motivations and Objectives --- p.1 / Chapter 1.2 --- Authentication Protocol --- p.3 / Chapter 1.3 --- Security Technologies --- p.5 / Chapter 1.3.1 --- Cryptography --- p.5 / Chapter 1.3.2 --- Digital Certificate --- p.7 / Chapter 1.3.3 --- One-way Hash Function --- p.8 / Chapter 1.3.4 --- Digital Signature --- p.9 / Chapter 1.4 --- Thesis Organization --- p.9 / Chapter 2 --- Related Work --- p.11 / Chapter 2.1 --- Introduction --- p.11 / Chapter 2.2 --- Authentication and Key Establishment Protocols --- p.11 / Chapter 2.3 --- Denial-of-Service Attack Handling Methods --- p.15 / Chapter 2.4 --- Attacks on Authentication and Key Establishment Protocol --- p.18 / Chapter 2.4.1 --- Denial-of-Service Attack --- p.19 / Chapter 2.4.2 --- Replay Attack --- p.19 / Chapter 2.4.3 --- Man-in-the middle Attack --- p.21 / Chapter 2.4.4 --- Chosen-text Attack --- p.22 / Chapter 2.4.5 --- Interleaving Attack --- p.23 / Chapter 2.4.6 --- Reflection Attack --- p.25 / Chapter 2.5 --- Summary --- p.27 / Chapter 3 --- A DoS-resistant Authentication and Key Establishment Protocol --- p.29 / Chapter 3.1 --- Introduction --- p.29 / Chapter 3.2 --- Protocol Notations --- p.30 / Chapter 3.3 --- Protocol Descriptions --- p.30 / Chapter 3.4 --- An Improved Client Puzzle Protocol --- p.37 / Chapter 3.4.1 --- Review of Juels-Brainard Protocol --- p.37 / Chapter 3.4.2 --- Weaknesses of Juels-Brainard Protocol and Proposed Improvements --- p.39 / Chapter 3.4.3 --- Improved Client Puzzle Protocol --- p.42 / Chapter 3.5 --- Authentication Framework --- p.43 / Chapter 3.5.1 --- Client Architecture --- p.44 / Chapter 3.5.2 --- Server Architecture --- p.47 / Chapter 3.6 --- Implementations --- p.49 / Chapter 3.6.1 --- Software and Programming Tools --- p.49 / Chapter 3.6.2 --- The Message Formats --- p.50 / Chapter 3.5.3 --- Browser Interface --- p.51 / Chapter 3.6.4 --- Calculation of the Difficulty Level --- p.53 / Chapter 3.6.5 --- "(C, t) Non-Existence Verification" --- p.56 / Chapter 3.7 --- Summary --- p.57 / Chapter 4 --- Security Analysis and Formal Proof --- p.58 / Chapter 4.1 --- Introduction --- p.58 / Chapter 4.2 --- Security Analysis --- p.59 / Chapter 4.2.1 --- Denial-of-Service Attacks --- p.59 / Chapter 4.2.2 --- Replay Attacks.........; --- p.60 / Chapter 4.2.3 --- Chosen-text Attacks --- p.60 / Chapter 4.2.4 --- Interleaving Attacks --- p.61 / Chapter 4.2.5 --- Others --- p.62 / Chapter 4.3 --- Formal Proof Methods --- p.62 / Chapter 4.3.1 --- General-purpose Specification Languages and Verification Tools --- p.62 / Chapter 4.3.2 --- Expert System Approach --- p.63 / Chapter 4.3.3 --- Modal Logic Approach --- p.64 / Chapter 4.3.4 --- Algebraic Term-Rewriting Approach --- p.66 / Chapter 4.4 --- Formal Proof of the Proposed Protocol --- p.66 / Chapter 4.4.1 --- Notations --- p.67 / Chapter 4.4.2 --- The Proof --- p.68 / Chapter 4.5 --- Summary --- p.73 / Chapter 5 --- Experimental Results and Analysis --- p.75 / Chapter 5.1 --- Introduction --- p.75 / Chapter 5.2 --- Experimental Environment --- p.75 / Chapter 5.3 --- Experiments --- p.77 / Chapter 5.3.1 --- Computational Performance of the Puzzle Solving Operation at different Difficulty Levels --- p.77 / Chapter 5.3.2 --- Computational Performance of the Puzzle Generation and Puzzle Solution Verification --- p.79 / Chapter 5.3.3 --- Computational Performance of the Protocol Cryptographic Operations --- p.82 / Chapter 5.3.4 --- Computational Performance of the Overall Protocol Session --- p.84 / Chapter 5.3.5 --- Impact on the Server Load without Client Puzzles --- p.85 / Chapter 5.3.6 --- Impact on the Server Load with Client Puzzles --- p.88 / Chapter 5.3.7 --- Impact on the Server Response Time from the Puzzles --- p.97 / Chapter 5.4 --- Summary --- p.100 / Chapter 6 --- Conclusion and Future Work --- p.101 / Chapter 6.1 --- Concluding Remarks --- p.101 / Chapter 6.2 --- Contributions --- p.103 / Chapter 6.3 --- Future Work --- p.104 / Bibliography --- p.105
|
74 |
Hitch-hiking attacks in online social networks and their defense via malicious URL classification. / CUHK electronic theses & dissertations collectionJanuary 2012 (has links)
近年來,網絡的犯罪數量一直在迅速增加。現在,惡意軟件作者編寫惡意程序竊取用戶的個人信息,或提供基於垃圾郵件的營銷服務為利潤的地方。為了更有效地傳播惡意軟件,黑客已經開始瞄準流行的在線社交網絡服務(SNS)的 SNS用戶和服務的互動性之間固有的信任關係。一種常見的攻擊方法是惡意軟件自動登錄使用偷來的 SNS用戶憑據,然後提供接觸/被盜的用戶帳戶的朋友名單,他們通過在一些短消息嵌入惡意 URL(鏈接)。受害人然後認為是他們的朋友提供的鏈接,按一下被感染。然而,這種方法是有效的,惡意軟件來模仿人類類似的行為,它可以超越任何一個/兩個班輪對話。在這篇論文中,我們首先介紹一個新類型的攻擊,提供惡意網址 SNS用戶之間的合法對話。為了證明其概念,我們設計和實施名為 Hitchbot惡意軟件[1],其中包括多個攻擊源,為實現我們所提出的攻擊。特別是,當一個 SNS用戶發送一個鏈接/ URL到他/她的朋友,Hitchbot悄悄地取代類似,但惡意攔截在幾個可能的點之一,互動式輸入/輸出鏈接系統。由於惡意鏈接在一些適當的對話上下文之間的合法用戶交付,這使得它更難以對受害者(以及吊具)來實現攻擊,從而可以大幅增加轉換率。這方法也使 Hitchbot的繞過大多數現有的防禦計劃,主要是靠對用戶的行為或流量異常檢測。 Hitchbot是基於客戶端模塊的形式可以順利上常見的社交網絡服務,包括雅虎和微軟的郵件客戶端和其他基於 Web瀏覽器,如 Facebook和 MySpace的社交網絡服務的加息。為量化 Hitchbot的效力,我們已經研究,交換和處理對 URL操作時用戶的行為。最後,我們研究通過自動在線分類 /識別惡意網址的可行性。尤其是不同類型的屬性/惡意 URL分類功能的有效性進行量化,從不同的惡意網址數據庫中獲得數據的基礎上,我們也考慮實時的準確性,嚴格的延遲要求影響和權衡需求的惡意網址分類。 / The number of cyber crimes has continued to increase rapidly in the recent years. It is now commonplace for malware authors to write malicious programs for prot by stealing user personal information or providing spam-based marketing services. In order to spread malware more effectively, hackers have started to target popular online social networking services (SNS) due to the inherent trust-relationship between the SNS users and the interactive nature of the services. A common attacking approach is for a malware to automatically login using stolen SNS user cre¬dentials and then deliver malicious URLs (links) to the people on the contact/friend-list of the stolen user account by embedding them in some short messages. The victim then gets infected by clicking on the links thought to be delivered by their friends. However, for this approach to be effective, the malware has to mimic human-like behavior which can be quite challenging for anything beyond one/two-liner conversations. In this thesis, we first introduce a new type of attacks called the social hitch-hiking attacks which use a stealthier way to deliver malicious URLs by hitch-hiking on legitimate conversations among SNS users. As a proof-of-concept, we have designed and implemented a malware named Hitchbot [1] which incorporates multiple attack vectors for the realization of our proposed social hitch-hiking attacks. In particular, when a SNS user sends a link/URL to his/her friends, Hitchbot quietly replaces it with a similar-looking, but malicious one by intercepting the link at one of the several pos¬sible points along the interactive-input/output chain of the system. Since the malicious link is delivered within some proper conversation context between the legitimate users, this makes it much more difficult for the victim (which is also the spreader) to realize the attack and thus can increase the conversion rate substantially. The hitch-hiking approach also enables Hitchbot to bypass most existing defense schemes which mainly rely on user-behavior or traffic anomaly detection. Hitchbot is in form of a client-based module which can hitch-hike on common social networking services including the Yahoo and Microsoft Messaging clients and other web-browser-based social-networking services such as Facebook and Myspace. To quantify the effectiveness of Hitchbot, we have studied the behavior of users in exchanging, handling and operating on URLs. Lastly, we study the feasibility of defending hitching-hiking attacks via automated online classification/identification of malicious URLs. In particular, the effectiveness of different types of attributes/features used in malicious URL classification are quantified based on a data obtained from various malicious URL databases. We also consider the implications and trade-offis of stringent latency requirement on the accuracy of real-time, on-demand malicious URL classifications. / Detailed summary in vernacular field only. / Lam, Ka Chun. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2012. / Includes bibliographical references (leaves 43-48). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts also in Chinese. / Abstract --- p.i / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Background --- p.1 / Chapter 1.2 --- Organization --- p.4 / Chapter 2 --- Related Work --- p.6 / Chapter 2.1 --- Exploiting Social Networking Services --- p.6 / Chapter 2.1.1 --- Malware Spreading Channels in SNS --- p.7 / Chapter 2.1.2 --- Common Exploits on SNS platforms --- p.10 / Chapter 2.2 --- Recent defense mechanisms of Malware --- p.12 / Chapter 3 --- A New Class of Attacks via Social Hitch-hiking --- p.14 / Chapter 3.1 --- The Social Hitch-hiking Attack --- p.14 / Chapter 3.1.1 --- The Interactive User Input/Output Chain --- p.16 / Chapter 3.1.2 --- Four Attack Vectors --- p.17 / Chapter 4 --- Attack Evaluation and Measurement --- p.26 / Chapter 4.1 --- Comparison of Attack Vectors --- p.26 / Chapter 4.2 --- Attack Measurement --- p.27 / Chapter 4.3 --- Defense against Hitch-hiking Attacks --- p.29 / Chapter 5 --- Defense via Malicious URL Classification --- p.31 / Chapter 5.1 --- Methodology --- p.31 / Chapter 5.2 --- Attributes --- p.33 / Chapter 5.2.1 --- Lexical attributes --- p.34 / Chapter 5.2.2 --- Webpage content attributes --- p.34 / Chapter 5.2.3 --- Network attributes --- p.34 / Chapter 5.2.4 --- Host-based attributes --- p.35 / Chapter 5.2.5 --- Link popularity attributes --- p.36 / Chapter 5.3 --- Performance Evaluation and Discussions --- p.36 / Chapter 6 --- Conclusion and Future work --- p.41
|
75 |
Designing and implementing a network authentication service for providing a secure communication channelChance, Christopher P January 2010 (has links)
Typescript (photocopy). / Digitized by Kansas Correctional Industries / Department: Computer Science.
|
76 |
Defending against low-rate TCP attack: dynamic detection and protection.January 2005 (has links)
Sun Haibin. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2005. / Includes bibliographical references (leaves 89-96). / Abstracts in English and Chinese. / Abstract --- p.i / Chinese Abstract --- p.iii / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Background Study and Related Work --- p.5 / Chapter 2.1 --- Victim Exhaustion DoS/DDoS Attacks --- p.6 / Chapter 2.1.1 --- Direct DoS/DDoS Attacks --- p.7 / Chapter 2.1.2 --- Reflector DoS/DDoS Attacks --- p.8 / Chapter 2.1.3 --- Spoofed Packet Filtering --- p.9 / Chapter 2.1.4 --- IP Traceback --- p.13 / Chapter 2.1.5 --- Location Hiding --- p.20 / Chapter 2.2 --- QoS Based DoS Attacks --- p.22 / Chapter 2.2.1 --- Introduction to the QoS Based DoS Attacks --- p.22 / Chapter 2.2.2 --- Countermeasures to the QoS Based DoS Attacks --- p.22 / Chapter 2.3 --- Worm based DoS Attacks --- p.24 / Chapter 2.3.1 --- Introduction to the Worm based DoS Attacks --- p.24 / Chapter 2.3.2 --- Countermeasures to the Worm Based DoS Attacks --- p.24 / Chapter 2.4 --- Low-rate TCP Attack and RoQ Attacks --- p.26 / Chapter 2.4.1 --- General Introduction of Low-rate Attack --- p.26 / Chapter 2.4.2 --- Introduction of RoQ Attack --- p.27 / Chapter 3 --- Formal Description of Low-rate TCP Attacks --- p.28 / Chapter 3.1 --- Mathematical Model of Low-rate TCP Attacks --- p.28 / Chapter 3 2 --- Other forms of Low-rate TCP Attacks --- p.31 / Chapter 4 --- Distributed Detection Mechanism --- p.34 / Chapter 4.1 --- General Consideration of Distributed Detection . --- p.34 / Chapter 4.2 --- Design of Low-rate Attack Detection Algorithm . --- p.36 / Chapter 4.3 --- Statistical Sampling of Incoming Traffic --- p.37 / Chapter 4.4 --- Noise Filtering --- p.38 / Chapter 4.5 --- Feature Extraction --- p.39 / Chapter 4.6 --- Pattern Matching via the Dynamic Time Warping (DTW) Method --- p.41 / Chapter 4.7 --- Robustness and Accuracy of DTW --- p.45 / Chapter 4.7.1 --- DTW values for low-rate attack: --- p.46 / Chapter 4.7.2 --- DTW values for legitimate traffic (Gaussian): --- p.47 / Chapter 4.7.3 --- DTW values for legitimate traffic (Self-similar): --- p.48 / Chapter 5 --- Low-Rate Attack Defense Mechanism --- p.52 / Chapter 5.1 --- Design of Defense Mechanism --- p.52 / Chapter 5.2 --- Analysis of Deficit Round Robin Algorithm --- p.54 / Chapter 6 --- Fluid Model of TCP Flows --- p.56 / Chapter 6.1 --- Fluid Math. Model of TCP under DRR --- p.56 / Chapter 6.1.1 --- Model of TCP on a Droptail Router --- p.56 / Chapter 6.1.2 --- Model of TCP on a DRR Router --- p.60 / Chapter 6.2 --- Simulation of TCP Fluid Model --- p.62 / Chapter 6.2.1 --- Simulation of Attack with Single TCP Flow --- p.62 / Chapter 6.2.2 --- Simulation of Attack with Multiple TCP flows --- p.64 / Chapter 7 --- Experiments --- p.69 / Chapter 7.1 --- Experiment 1 (Single TCP flow vs. single source attack) --- p.69 / Chapter 7.2 --- Experiment 2 (Multiple TCP flows vs. single source attack) --- p.72 / Chapter 7.3 --- Experiment 3 (Multiple TCP flows vs. synchro- nized distributed low-rate attack) --- p.74 / Chapter 7.4 --- Experiment 4 (Network model of low-rate attack vs. Multiple TCP flows) --- p.77 / Chapter 8 --- Conclusion --- p.83 / Chapter A --- Lemmas and Theorem Derivation --- p.85 / Bibliography --- p.89
|
77 |
Network coding for security and error correction. / CUHK electronic theses & dissertations collectionJanuary 2008 (has links)
In this work, we consider the possibility and the effectiveness of implementing secure network coding and error-correcting network coding at the same time. Upon achieving this goal, information can be multicast securely to the sink nodes through a noisy network. Toward this end, we propose constructions of such codes and prove their optimality. After that, we extend the idea of generalized Hamming Weight [54] for the classical point-to-point communication channel to linear network coding. We also extend the idea of generalized Singleton bound to linear network coding. We further show that the generalized Hamming weight can completely characterize the security performance of linear code at the source node on a given linear network code. We then introduce the idea of Network Maximum Distance Separable code (NMDS code), which can be shown to play an important role in minimizing the information that an eavesdropper can obtain from the network. The problem of obtaining the optimal security performance is in fact equivalent to the problem of obtaining a Network Maximum Distance Separable code. / Network coding is one of the most important breakthroughs in information theory in recent years. The theory gives rise to a new concept regarding the role of nodes in a communication network. Unlike in existing networks where the nodes act as switches, in the paradigm of network coding, every node in the network can act as an encoder for the incoming information. With this new infrastructure, it is possible to utilize the full capacity of the network where it is impossible to do so without network coding. In the seminar paper by Ahlswede et al. [1] where network coding was introduced, the achievability of the maxflow bound for every single source multicast network by using network coding was also proved. By further exploring the possibility of linear network coding, Cai and Yeung introduced the idea of error-correcting network coding and secure network coding in [7] and [8] respectively. These papers launched another two important research areas in the field of network coding. / Ngai, Chi Kin. / Adviser: Yqung Wai Ho. / Source: Dissertation Abstracts International, Volume: 70-06, Section: B, page: 3696. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2008. / Includes bibliographical references (leaves 122-128). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. [Ann Arbor, MI] : ProQuest Information and Learning, [200-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts in English and Chinese. / School code: 1307.
|
78 |
On tracing attackers of distributed denial-of-service attack through distributed approaches. / CUHK electronic theses & dissertations collectionJanuary 2007 (has links)
For the macroscopic traceback problem, we propose an algorithm, which leverages the well-known Chandy-Lamport's distributed snapshot algorithm, so that a set of border routers of the ISPs can correctly gather statistics in a coordinated fashion. The victim site can then deduce the local traffic intensities of all the participating routers. Given the collected statistics, we provide a method for the victim site to locate the attackers who sent out dominating flows of packets. Our finding shows that the proposed methodology can pinpoint the location of the attackers in a short period of time. / In the second part of the thesis, we study a well-known technique against the microscopic traceback problem. The probabilistic packet marking (PPM for short) algorithm by Savage et al. has attracted the most attention in contributing the idea of IP traceback. The most interesting point of this IP traceback approach is that it allows routers to encode certain information on the attack packets based on a pre-determined probability. Upon receiving a sufficient number of marked packets, the victim (or a data collection node) can construct the set of paths the attack packets traversed (or the attack graph), and hence the victim can obtain the locations of the attackers. In this thesis, we present a discrete-time Markov chain model that calculates the precise number of marked packets required to construct the attack graph. / The denial-of-service attack has been a pressing problem in recent years. Denial-of-service defense research has blossomed into one of the main streams in network security. Various techniques such as the pushback message, the ICMP traceback, and the packet filtering techniques are the remarkable results from this active field of research. / The focus of this thesis is to study and devise efficient and practical algorithms to tackle the flood-based distributed denial-of-service attacks (flood-based DDoS attack for short), and we aim to trace every location of the attacker. In this thesis, we propose a revolutionary, divide-and-conquer trace-back methodology. Tracing back the attackers on a global scale is always a difficult and tedious task. Alternatively, we suggest that one should first identify Internet service providers (ISPs) that contribute to the flood-based DDoS attack by using a macroscopic traceback approach . After the concerned ISPs have been found, one can narrow the traceback problem down, and then the attackers can be located by using a microscopic traceback approach. / Though the PPM algorithm is a desirable algorithm that tackles the microscopic traceback problem, the PPM algorithm is not perfect as its termination condition is not well-defined in the literature. More importantly, without a proper termination condition, the traceback results could be wrong. In this thesis, we provide a precise termination condition for the PPM algorithm. Based on the precise termination condition, we devise a new algorithm named the rectified probabilistic packet marking algorithm (RPPM algorithm for short). The most significant merit of the RPPM algorithm is that when the algorithm terminates, it guarantees that the constructed attack graph is correct with a specified level of confidence. Our finding shows that the RPPM algorithm can guarantee the correctness of the constructed attack graph under different probabilities that the routers mark the attack packets and different structures of the network graphs. The RPPM algorithm provides an autonomous way for the original PPM algorithm to determine its termination, and it is a promising means to enhance the reliability of the PPM algorithm. / Wong Tsz Yeung. / "September 2007." / Adviser: Man Hon Wong. / Source: Dissertation Abstracts International, Volume: 69-08, Section: B, page: 4867. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2007. / Includes bibliographical references (p. 176-185). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. [Ann Arbor, MI] : ProQuest Information and Learning, [200-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts in English and Chinese. / School code: 1307.
|
79 |
FADE: secure overlay cloud storage with access control and file assured deletion. / Secure overlay cloud storage with access control and file assured deletionJanuary 2011 (has links)
Tang, Yang. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2011. / Includes bibliographical references (p. 60-65). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Policy-based File Assured Deletion --- p.7 / Chapter 2.1 --- Background --- p.7 / Chapter 2.2 --- Policy-based Deletion --- p.9 / Chapter 3 --- Basic Design of FADE --- p.13 / Chapter 3.1 --- Entities --- p.13 / Chapter 3.2 --- Deployment --- p.15 / Chapter 3.3 --- "Security Goals, Threat Models, and Assumptions" --- p.16 / Chapter 3.4 --- The Basics - File Upload/Download --- p.18 / Chapter 3.5 --- Policy Revocation for File Assured Deletion --- p.23 / Chapter 3.6 --- Multiple Policies --- p.23 / Chapter 3.7 --- Policy Renewal --- p.25 / Chapter 4 --- Extensions of FADE --- p.27 / Chapter 4.1 --- Access Control with ABE --- p.27 / Chapter 4.2 --- Multiple Key Managers --- p.31 / Chapter 5 --- Implementation --- p.35 / Chapter 5.1 --- Representation of Metadata --- p.36 / Chapter 5.2 --- Client --- p.37 / Chapter 5.3 --- Key Managers --- p.38 / Chapter 6 --- Evaluation --- p.40 / Chapter 6.1 --- Experimental Results on Time Performance of FADE --- p.41 / Chapter 6.1.1 --- Evaluation of Basic Design --- p.42 / Chapter 6.1.2 --- Evaluation of Extensions --- p.46 / Chapter 6.2 --- Space Utilization of FADE --- p.49 / Chapter 6.3 --- Cost Model --- p.51 / Chapter 6.4 --- Lessons Learned --- p.53 / Chapter 7 --- Related Work --- p.54 / Chapter 8 --- Conclusions --- p.58 / Bibliography --- p.60
|
80 |
Asymmetric reversible parametric sequences approach to design a multi-key secure multimedia proxy: theory, design and implementation.January 2003 (has links)
Yeung Siu Fung. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2003. / Includes bibliographical references (leaves 52-53). / Abstracts in English and Chinese. / Abstract --- p.ii / Acknowledgement --- p.v / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Multi-Key Encryption Theory --- p.7 / Chapter 2.1 --- Reversible Parametric Sequence --- p.7 / Chapter 2.2 --- Implementation of ARPSf --- p.11 / Chapter 3 --- Multimedia Proxy: Architectures and Protocols --- p.16 / Chapter 3.1 --- Operations to Request and Cache Data from the Server --- p.16 / Chapter 3.2 --- Operations to Request Cached Data from the Multimedia Proxy --- p.18 / Chapter 3.3 --- Encryption Configuration Parameters (ECP) --- p.19 / Chapter 4 --- Extension to multi-level proxy --- p.24 / Chapter 5 --- Secure Multimedia Library (SML) --- p.27 / Chapter 5.1 --- Proxy Pre-fetches and Caches Data --- p.27 / Chapter 5.2 --- Client Requests Cached Data From the Proxy --- p.29 / Chapter 6 --- Implementation Results --- p.31 / Chapter 7 --- Related Work --- p.40 / Chapter 8 --- Conclusion --- p.42 / Chapter A --- Function Prototypes of Secure Multimedia Library (SML) --- p.44 / Chapter A.1 --- CONNECTION AND AUTHENTICATION --- p.44 / Chapter A.1.1 --- Create SML Session --- p.44 / Chapter A.1.2 --- Public Key Manipulation --- p.44 / Chapter A.1.3 --- Authentication --- p.45 / Chapter A.1.4 --- Connect and Accept --- p.46 / Chapter A.1.5 --- Close Connection --- p.47 / Chapter A.2 --- SECURE DATA TRANSMISSION --- p.47 / Chapter A.2.1 --- Asymmetric Reversible Parametric Sequence and En- cryption Configuration Parameters --- p.47 / Chapter A.2.2 --- Bulk Data Encryption and Decryption --- p.48 / Chapter A.2.3 --- Entire Data Encryption and Decryption --- p.49 / Chapter A.3 --- Secure Proxy Architecture --- p.49 / Chapter A.3.1 --- Proxy-Server Connection --- p.49 / Chapter A.3.2 --- ARPS and ECP --- p.49 / Chapter A.3.3 --- Initial Sever Encryption --- p.50 / Chapter A.3.4 --- Proxy Re-Encryption --- p.51 / Chapter A.3.5 --- Client Decryption --- p.51 / Bibliography --- p.52
|
Page generated in 0.0788 seconds