Key recovery in a business environment

Rantos, Konstantinos

January 2001

No description available.

658

Encrypted communications

An Investigation of a Multi-Objective Genetic Algorithm applied to Encrypted Traffic Identification

Bacquet, Carlos

10 August 2010

This work explores the use of a Multi-Objective Genetic Algorithm (MOGA) for both, feature selection and cluster count optimization, for an unsupervised machine learning technique, K-Means, applied to encrypted traffic identification (SSH). The performance of the proposed model is benchmarked against other unsupervised learning techniques existing in the literature: Basic K-Means, semi-supervised K-Means, DBSCAN, and EM. Results show that the proposed MOGA, not only outperforms the other models, but also provides a good trade off in terms of detection rate, false positive rate, and time to build and run the model. A hierarchical version of the proposed model is also implemented, to observe the gains, if any, obtained by increasing cluster purity by means of a second layer of clusters. Results show that with the hierarchical MOGA, significant gains are observed in terms of the classification performances of the system.

Network Traffic Identification

Encrypted Traffic

Applications of Fully Homomorphic Encryption

Cetin, Gizem S

18 April 2019

Homomorphic encryption has progressed rapidly in both efficiency and versatility since its emergence in 2009. Meanwhile, a multitude of pressing privacy needs --- ranging from cloud computing to healthcare management to the handling of shared databases such as those containing genomics data --- call for immediate solutions that apply fully homomorpic encryption (FHE) and somewhat homomorphic encryption (SHE) technologies. Recent rapid progress in fully homomorphic encryption has catalyzed renewed efforts to develop efficient privacy preserving protocols. Several works have already appeared in the literature that provide solutions to these problems by employing leveled or somewhat homomorphic encryption techniques. Here, we propose efficient ways of adapting the most fundamental programming problems; boolean algebra, arithmetic in binary and higher radix representation, sorting, and search to the fully homomorphic encryption domain by focusing on the multiplicative depth of the circuits alongside the more traditional metrics. The reduced depth allows much reduced noise growth and thereby makes it possible to select smaller parameter sizes in leveled FHE instantiations resulting in greater efficiency savings. We begin by exploring already existing solutions to these programming problems, and analyze them in terms of homomorphic evaluation and memory costs. Most of these algorithms appear to be not the best candidates for FHE solutions, hence we propose new methods and improvements over the existing algorithms to optimize performance.

encrypted computing

fully homomorphic encryption

private computation

Secure Geometric Search on Encrypted Spatial Data

Wang, Boyang, Wang, Boyang

January 2017

Spatial data (e.g., points) have extensive applications in practice, such as spatial databases, Location-Based Services, spatial computing, social analyses, computational geometry, graph design, medical imaging, etc. Geometric queries, such as geometric range queries (i.e., finding points inside a geometric range) and nearest neighbor queries (i.e., finding the closest point to a given point), are fundamental primitives to analyze and retrieve information over spatial data. For example, a medical researcher can query a spatial dataset to collect information about patients in a certain geometric area to predict whether there will be a dangerous outbreak of a particular disease (e.g., Ebola or Zika). With the dramatic increase on the scale and size of data, many companies and organizations are outsourcing significant amounts of data, including significant amounts of spatial data, to public cloud data services in order to minimize data storage and query processing costs. For instance, major companies and organizations, such as Yelp, Foursquare and NASA, are using Amazon Web Services as their public cloud data services, which can save billions of dollars per year for those companies and organizations. However, due to the existence of attackers (e.g., a curious administrator or a hacker) on remote servers, users are worried about the leakage of their private data while storing and querying those data on public clouds. Searchable Encryption (SE) is an innovative technique to protect the data privacy of users on public clouds without losing search functionalities on the server side. Specifically, a user can encrypt its data with SE before outsourcing data to a public server, and this public server is able to search encrypted data without decryption. Many SE schemes have been proposed to support simple queries, such as keyword search. Unfortunately, how to efficiently and securely support geometric queries over encrypted spatial data remains open. In this dissertation, to protect the privacy of spatial data in public clouds while still maintaining search functions without decryption, we propose a set of new SE solutions to support geometric queries, including geometric range queries and nearest neighbor queries, over encrypted spatial data. The major contributions of this dissertation focus on two aspects. First, we enrich search functionalities by designing new solutions to carry out secure fundamental geometric search queries, which were not supported in previous works. Second, we minimize the performance gap between theory and practice by building novel schemes to perform geometric queries with highly efficient search time and updates over large-scale encrypted spatial data. Specifically, we first design a scheme supporting circular range queries (i.e., retrieving points inside a circle) over encrypted spatial data. Instead of directly evaluating compute-then-compare operations, which are inefficient over encrypted data, we use a set of concentric circles to represent a circular range query, and then verify whether a data point is on any of those concentric circles by securely evaluating inner products over encrypted data. Next, to enrich search functionalities, we propose a new scheme, which can support arbitrary geometric range queries, such as circles, triangles and polygons in general, over encrypted spatial data. By leveraging the properties of Bloom filters, we convert a geometric range search problem to a membership testing problem, which can be securely evaluated with inner products. Moving a step forward, we also build another new scheme, which not only supports arbitrary geometric range queries and sub-linear search time but also enables highly efficient updates. Finally, we address the problem of secure nearest neighbor search on encrypted large-scale datasets. Specifically, we modify the algorithm of nearest neighbor search in advanced tree structures (e.g., R-trees) by simplifying operations, where evaluating comparisons alone on encrypted data is sufficient to efficiently and correctly find nearest neighbors over datasets with millions of tuples.

Encrypted Data

Geometric Queries

Spatial Data

Rozšíření NetFlow záznamů pro zlepšení možností klasifikace šifrovaného provozu / Extending NetFlow Records for Increasing Encrypted Traffic Classification Capabilities

Šuhaj, Peter

January 2020

Master's thesis deals with selection of attributes proper for classification of encrypted traffic, with the extension of NetFlow entries with these attributes and with creating a tool for classify encrypted TLS traffic. The following attributes were selected: size of packets, inter-packet arrival times, number of packets in flow and size of the flow. Selection of attributes was followed by design of extending NetFlow records with these attributes for classifying encrypted traffic. Extension of records was implemented in language C for exporter of the company Flowmon Networks a.s.. Classifier for collector was implemented in language Python. Classifier is based on a model, for which training data were needed. The exporter contains the classifying algorithm too, the place of the classification can be set. The implementation was followed by creation of testing data and evaluation of the accuracy. The speed of the classifier was tested too. In the best case scenario 47% accuracy was achieved.

Anti-Tamper Databases: Querying Encrypted Databases

Chung, Sun S.

09 January 2006

No description available.

Database Security,

Querying Encrypted Databases,

Database Encryption

Design and implementation of a collaborative secure storage solution

Kangas, Fredrik, Wihlborg, Sebastian

January 2016

In the modern enterprises it is common that support and maintenance of IT environments are outsourced to third parties. In this setting, unencrypted confidential data may pose a problem since administrators maintaining the outsourced system can access confidential information if stored unencrypted. This thesis work, performed at ELITS, presents a solution to this problem; a design of a collaborative storage system where all files at rest (i.e. stored on disk) and in transit remain encrypted is proposed. The design uses a hybrid encryption scheme to protect the encryption keys used. The keys can safely be stored in a centralized database as well as sent to the clients without risk of unauthorized parties gaining access to the stored data. The design was also implemented as a proof of concept in order to establish that it was possible to realize.

Hybrid encryption system

Secure storage

Collaborative encrypted storage

Detektering av krypterade filer

Barkman, Linus

January 2011

In contemporary encryption the vast amount of text subject to cracking has brought about the demand for methods distinguish files more likely to be encrypted. The encryption software Truecrypt can encrypt files that are not possible to identify with a file signature. To solve the detection problem, an algorithm sensitive to the absence of structure in the very code of files was developed. The program was written in the programming language EnScript which is built into the forensic software suite EnCase. The essential part of the algorithm therefore deployes the statistic of a chi-square test for deviance from a uniform distribution to distinguish files with contents that appear to be random. The program managed to detect encrypted files that were created with Truecrypt. Test results indicate that the newly developed program is nearly double as fast and has at least the same accuracy in the detection as other pro- grams. The software is licensed under open source standard GNU GPL. The procedure developed will drastically facilitate for computer forensic experts to detect if any existing encrypted file is located on the hard drive.

Encrypted files

encrypted volumes

Computer forensic

EnCase

EnScript

Truecrypt

encrypted storage media

Krypterade filer

krypterade volymer

IT-forensik

EnCase

EnScript

Truecrypt

krypterad lagringsmedia

Information Systems

Information Systems

Monitoring of Video Streaming Quality from Encrypted Network Traffic : The Case of YouTube Streaming

Chebudie, Abiy Biru

January 2016

The video streaming applications contribute to a major share of the Internet traffic. Consequently, monitoring and management of video streaming quality has gained a significant importance in the recent years. The disturbances in the video, such as, amount of buffering and bitrate adaptations affect user Quality of Experience (QoE). Network operators usually monitor such events from network traffic with the help of Deep Packet Inspection (DPI). However, it is becoming difficult to monitor such events due to the traffic encryption. To address this challenge, this thesis work makes two key contributions. First, it presents a test-bed, which performs automated video streaming tests under controlled time-varying network conditions and measures performance at network and application level. Second, it develops and evaluates machine learning models for the detection of video buffering and bitrate adaptation events, which rely on the information extracted from packets headers. The findings of this work suggest that buffering and bitrate adaptation events within 60 second intervals can be detected using Random Forest model with an accuracy of about 70%. Moreover, the results show that the features based on time-varying patterns of downlink throughput and packet inter-arrival times play a distinctive role in the detection of such events.

Quality of Experience

Machine Learning

Encrypted video traffic classification

Video Streaming Quality

A TRUSTED STORAGE SYSTEM FOR THE CLOUD

Karumanchi, Sushama

01 January 2010

Data stored in third party storage systems like the cloud might not be secure since confidentiality and integrity of data are not guaranteed. Though cloud computing provides cost-effective storage services, it is a third party service and so, a client cannot trust the cloud service provider to store its data securely within the cloud. Hence, many organizations and users may not be willing to use the cloud services to store their data in the cloud until certain security guarantees are made. In this thesis, a solution to the problem of securely storing the client’s data by maintaining the confidentiality and integrity of the data within the cloud is developed. Five protocols are developed which ensure that the client’s data is stored only on trusted storage servers, replicated only on trusted storage servers, and guarantee that the data owners and other privileged users of that data access the data securely. The system is based on trusted computing platform technology [11]. It uses a Trusted Platform Module, specified by the Trusted Computing Group [11]. An encrypted file system is used to encrypt the user’s data. The system provides data security against a system administrator in the cloud.

Trusted Storage

Cloud Computing

Trusted Platform

Encrypted File System

Cloud Storage

Computer Sciences