Global ETD Search

301	Jedno-průchodová schémata autentizovaného šifrování / One-Pass Authenticated Encryption Homer, Miloslav January 2018 (has links) The topic of this thesis are mask based one-pass authenticated encryption schemes with associated data. Formal security requirements (AUTH and PRIV), scheme requirements as well as mask system requirements are specified. The- orems regarding fulfillment of security requirements are proven given specified scheme assumptions. The proof utilizes the game-hopping technique. The the- sis contains enumeration of masking systems as well as a selection of schemes with verification that requirements are fulfilled. Last but not least, this thesis presents an attack on the OPP scheme. Recommendation on fixing this scheme is also provided. 1
302	A Framework for Property-preserving Encryption in Wide Column Store Databases Waage, Tim 05 May 2017 (has links) No description available. 510 NoSQL Wide Colum Stores Property-preserving Encryption Database Security NoSQL Wide Colum Stores Property-preserving Encryption Database Security Informatik (PPN619939052)
303	PRACTICAL CONFIDENTIALITY-PRESERVING DATA ANALYTICS IN UNTRUSTED CLOUDS Savvas Savvides (9113975) 27 July 2020 (has links) <div> <div> <div> <p>Cloud computing offers a cost-efficient data analytics platform. This is enabled by constant innovations in tools and technologies for analyzing large volumes of data through distributed batch processing systems and real-time data through distributed stream processing systems. However, due to the sensitive nature of data, many organizations are reluctant to analyze their data in public clouds. To address this stalemate, both software-based and hardware-based solutions have been proposed yet all have substantial limitations in terms of efficiency, expressiveness, and security. In this thesis, we present solutions that enable practical and expressive confidentiality- preserving batch and stream-based analytics. We achieve this by performing computations over encrypted data using Partially Homomorphic Encryption (PHE) and Property-Preserving Encryption (PPE) in novel ways, and by utilizing remote or Trusted Execution Environment (TEE) based trusted services where needed.</p><p><br></p><p>We introduce a set of extensions and optimizations to PHE and PPE schemes and propose the novel abstraction of Secure Data Types (SDTs) which enables the application of PHE and PPE schemes in ways that improve performance and security. These abstractions are leveraged to enable a set of compilation techniques making data analytics over encrypted data more practical. When PHE alone is not expressive enough to perform analytics over encrypted data, we use a novel planner engine to decide the most efficient way of utilizing client-side completion, remote re-encryption, or trusted hardware re-encryption based on Intel Software Guard eXtensions (SGX) to overcome the limitations of PHE. We also introduce two novel symmetric PHE schemes that allow arithmetic operations over encrypted data. Being symmetric, our schemes are more efficient than the state-of-the-art asymmetric PHE schemes without compromising the level of security or the range of homomorphic operations they support. We apply the aforementioned techniques in the context of batch data analytics and demonstrate the improvements over previous systems. Finally, we present techniques designed to enable the use of PHE and PPE in resource-constrained Internet of Things (IoT) devices and demonstrate the practicality of stream processing over encrypted data.</p></div></div></div><div><div><div> </div> </div> </div> Distributed Computing Computer System Security Data Encryption Cloud computing Distributed processing of data Applied Crytpography Encrypted Databases Trusted Execution Environments Intel SGX Homomorphic Encryption Confidentiality
304	Data Encryption Standard Meissner, Robert 28 May 2002 (has links) Die heutige Informationsgesellschaft hat die Formen des menschlichen Handelns in vielen Bereichen des taeglichen Lebens veraendert. Die Moeglichkeit, Informationen über das Internet auszutauschen, draengt konventionelle Kommunikationsformen immer mehr in den Hintergrund. Gerade in den Bereichen eBusiness und ePayment, welche aufgrund der zunehmenden Globalisierung unabdingbar sind, spielen dabei die Sicherheit und die Authentitaet der uebertragenen Daten eine wichtige Rolle. Meine Seminararbeit stellt den Data Encryption Standard (DES) in seiner Funktionsweise vor, diskutiert kritisch dessen Sicherheit und gibt einen Ausblick auf neue Verschluesselungstechnologien, welche im Begriff sind, den Data Encryption Standard und seine verschiedenen Versionen abzuloesen. info:eu-repo/classification/ddc/004 ddc:004 DES Data Encryption Standard Electronic Banking Chiffrierung Kryptographie Verschlüsselung DEA Data Encryption Algorithm Datensicherheit Verschlüsselungsverfahren
305	Performance benchmarking of data-at-rest encryption in relational databases Istifan, Stewart, Makovac, Mattias January 2022 (has links) This thesis is based on measuring how Relational Database Management Systems utilizing data-at-rest encryption with varying AES key lengths impact the performance in terms of transaction throughput of operations through the process of a controlled experiment. By measuring the effect through a series of load tests followed by statistical analysis, the impact of adopting a specific data-at-rest encryption algorithm could be displayed. The results gathered from this experiment were measured regarding the average transactional throughput of SQL operations. An OLTP workload in the benchmarking tool HammerDB was used to generate a transactional workload. This, in turn, was used to perform load tests on SQL databases encrypted with different AES-key lengths. The data gathered from these tests then underwent statistical analysis to either keep or reject the stated hypotheses. The statistical analysis performed on the different versions of the AES-algorithm showed no significant difference in terms of transaction throughput concerning the results gathered from the load tests on MariaDB. However, statistically, significant differences are proven to exist when running the same tests on MySQL. These results answered our research question, "Is there a significant difference in transaction throughput between the AES-128, AES-192, and AES-256 algorithms used to encrypt data-at-rest in MySQL and MariaDB?". The conclusion is that the statistical evidence suggests a significant difference in transactional throughput between AES algorithms in MySQL but not in MariaDB. This conclusion led us to investigate further transactional database performance between MySQL and MariaDB, where a specific type of transaction is measured to determine if there was a difference in performance between the databases themselves using the same encryption algorithm. The statistical evidence confirmed that MariaDB vastly outperformed MySQL in transactional throughput. Data-at-rest encryption performance comparison relational database management system MariaDB MySQL advanced encryption standard (AES) Information Systems
306	Tribonacci Cat Map : A discrete chaotic mapping with Tribonacci matrix Fransson, Linnea January 2021 (has links) Based on the generating matrix to the Tribonacci sequence, the Tribonacci cat map is a discrete chaotic dynamical system, similar to Arnold's discrete cat map, but on three dimensional space. In this thesis, this new mapping is introduced and the properties of its matrix are presented. The main results of the investigation prove how the size of the domain of the map affects its period and explore the orbit lengths of non-trivial points. Different upper bounds to the map are studied and proved, and a conjecture based on numerical calculations is proposed. The Tribonacci cat map is used for applications such as 3D image encryption and colour encryption. In the latter case, the results provided by the mapping are compared to those from a generalised form of the map. Arnold's cat map Tribonacci matrix chaotic map discrete dynamical system linear recurrence sequence Trisano period 3D image encryption colour encryption Mathematics Matematik Discrete Mathematics Diskret matematik
307	Microcontrôleur à flux chiffré d'instructions et de données / Design and implementation of a microprocessor working with encrypted instructions and data Hiscock, Thomas 07 December 2017 (has links) Un nombre important et en constante augmentation de systèmes numériques nous entoure. Tablettes, smartphones et objets connectés ne sont que quelques exemples apparents de ces technologies omniprésentes, dont la majeure partie est enfouie, invisible à l'utilisateur. Les microprocesseurs, au cœur de ces systèmes, sont soumis à de fortes contraintes en ressources, sûreté de fonctionnement et se doivent, plus que jamais, de proposer une sécurité renforcée. La tâche est d'autant plus complexe qu'un tel système, par sa proximité avec l'utilisateur, offre une large surface d'attaque.Cette thèse, se concentre sur une propriété essentielle attendue pour un tel système, la confidentialité, le maintien du secret du programme et des données qu'il manipule. En effet, l'analyse du programme, des instructions qui le compose, est une étape essentielle dans la conception d'une attaque. D'autre part, un programme est amené à manipuler des données sensibles (clés cryptographiques, mots de passes, ...), qui doivent rester secrètes pour ne pas compromettre la sécurité du système.Cette thèse, se concentre sur une propriété essentielle attendue pour un tel système, la confidentialité, le maintien du secret du programme et des données qu'il manipule. Une première contribution de ces travaux est une méthode de chiffrement d'un code, basée sur le graphe de flot de contrôle, rendant possible l'utilisation d'algorithmes de chiffrement par flots, légers et efficaces. Protéger les accès mémoires aux données d'un programme s'avère plus complexe. Dans cette optique, nous proposons l'utilisation d'un chiffrement homomorphe pour chiffrer les données stockées en mémoire et les maintenir sous forme chiffrée lors de l'exécution des instructions. Enfin, nous présenterons l'intégration de ces propositions dans une architecture de processeur et les résultats d'évaluation sur logique programmable (FPGA) avec plusieurs programmes d'exemples. / Embedded processors are today ubiquitous, dozen of them compose and orchestrate every technology surrounding us, from tablets to smartphones and a large amount of invisible ones. At the core of these systems, processors gather data, process them and interact with the outside world. As such, they are excepted to meet very strict safety and security requirements. From a security perspective, the task is even more difficult considering the user has a physical access to the device, allowing a wide range of specifically tailored attacks.Confidentiality, in terms of both software code and data is one of the fundamental properties expected for such systems. The first contribution of this work is a software encryption method based on the control flow graph of the program. This enables the use of stream ciphers to provide lightweight and efficient encryption, suitable for constrained processors. The second contribution is a data encryption mechanism based on homomorphic encryption. With this scheme, sensible data remain encrypted not only in memory, but also during computations. Then, the integration and evaluation of these solutions on Field Programmable Gate Array (FPGA) with some example programs will be discussed. Sécurité matérielle Conception de processeurs Chiffrement de code Chiffrement par flots Chiffrement homomorphe Hardware Security Processor Design Software Encryption Stream Cipher Homomorphic Encryption 005.82
308	Granskning av konceptet ”Double Key Encryption” : En riskanalys utförd på en datakrypteringstjänst Brandt, Clemens, Mollgren, Theodor January 2023 (has links) Detta arbete bedömer risker associerade med implementeringen av en modifierad licensierad produkt, känd som Double Key Encryption (DKE), som tjänar till att kryptera interna dokument. DKE är en metodik framtagen av Microsoft, vilken kräver två nycklar för att dekryptera data. En av dessa nycklar innehas av tjänstägaren medan den andra tillhandahålls av Microsoft. En Managed Security Service Provider (MSSP) har givit uppdraget att utföra en riskanalys av deras befintliga DKE-tjänst för att identifiera potentiella sårbarheter och hot, vilka kan ha en inverkan på tjänstens prestanda och säkerhet. Analysen finner risker kopplade till tekniska säkerhetsbrister, underhåll och uppgradering av tjänsten, personalrelaterade risker, samt risker förknippade med användning.Studien identifierar totalt 10 olika hotscenarion, inklusive risk för stöld av DKE-nycklar, sårbarheter inom koden, möjlighet för attacker mot ohärdade DKE-servrar, samt risker associerade med underhåll och uppgradering av DKE-tjänsten. Andra risker inkluderar förlust av kunskap i samband med personalomsättning och användarrisker gällande potentiell överträdelse av lagar och regler. Riskutvärderingen genomförs genom att bedöma sannolikhet och konsekvens. Sannolikheten bedöms med hjälp av expertutlåtanden, medan konsekvensen bedöms baserat på potentiell skada på företagets rykte, ekonomisk påverkan och eventuella juridiska konsekvenser. Avslutningsvis kopplas identifierade risker till de tre grundläggande aspekterna av informationssäkerhet: konfidentialitet, integritet och tillgänglighet. En betydande mängd risker kategoriseras inom området för tillgänglighet, som utforskas ytterligare i arbetets diskussion. / The report assesses risks associated with the implementation of a modified licensed product ofMicrosoft’s Double Key Encryption (DKE), which serves to encrypt internal documents. DKE is a methodology developed by Microsoft that requires two keys to decrypt data. One key is held by the service provider while the other is provided by Microsoft. An MSSP has entrusted the authors with the task of conducting a risk analysis of their existing DKE service to identify potential vulnerabilities and threats that may impact the performance and security of the service. The analysis identifies risks related to technical security flaws, service maintenance and upgrades, personnel-related risks, and risks associated with usage. The study identifies a total of 10 risk scenarios, including risk of DKE key theft, vulnerabilities within the code, the possibility of attacks against non-hardened DKE servers, as well as risks associated with service maintenance and upgrades. Other risks include the loss of knowledge due to personnel turnover and user risks concerning potential violations of laws and regulations. The risk assessment is conducted by evaluating likelihood and consequences. Likelihood is assessed using expert opinions, while consequences are assessed based on potential harm to the company's reputation, financial impact, and potential legal consequences. In conclusion, the report links the identified risks to the three fundamental aspects of information security: confidentiality, integrity, and availability. A significant number of risks are categorized within the realm of availability. Double key encryption Encryption Case Study Risk Analysis Risk Assessment Information Security Kryptering Fallstudie Riskanalys Riskutvärdering Informationssäkerhet Engineering and Technology Teknik och teknologier
309	A Security and Privacy Audit of KakaoTalk’s End-to-End Encryption Schmidt, Dawin January 2016 (has links) End-to-end encryption is becoming a standard feature in popular mobile chat appli-cations (apps) with millions of users. In the two years a number of leading chat apps have added end-end encryption features including LINE, KakaoTalk, Viber, Facebook Messenger, and WhatsApp.However, most of these apps are closed-source and there is little to no independent ver-iﬁcation of their end-to-end encryption system design. These implementations may be a major concern as proprietary chat apps may make use of non-standard cryptographic algorithms that may not follow cryptography and security best practices. In addition, governments authorities may force chat app providers to add easily decryptable export-grade cryptography to their products. Further, mainstream apps have a large attack surface as they oﬀer a variety of features. As a result, there may be software vulnera-bilities that could be exploited by an attacker in order to compromise user’s end-to-end privacy. Another problem is that, despite being closed-source software, providers often market their apps as being so secure that even the provider is not able to decrypt messages. These marketing claims may be potentially misleading as most users do not have the technical knowledge to verify them.In this Master’s thesis we use KakaoTalk – the most popular chat app in South Korea – as a case study to perform a security and privacy assessment and audit of its “Secure Chat” opt-in end-to-end encryption feature. Also, we examine KakaoTalk’s Terms of Service policies to verify claims such as “[. . . ] Kakao’s server is unable to decrypt the encryption [. . . ]” from a technical perspective.The main goal of this work is to show how various issues in a product can add up to the potential for serious attack vectors against end-to-end privacy despite there being multiple layers of security. In particular, we show how a central public-key directory server makes the end-to-end encryption system vulnerable to well-known operator-site man-in-the-middle attacks. While this naive attack may seem obvious, we argue that (KakaoTalk) users should know about the strength and weaknesses of a particular design in order to make an informed decision whether to trust the security of a chat app or not. / End-to-end kryptering är en allt mer vanligt förekommande funktionalitet bland populära mobila chatttjänster (händanefter appar) med miljontals användare. Under de två senaste åren har många ledande chattappar, bland annat LINE, KakaoTalk, Viber, Facebook Messenger, och WhatsApp, börjat använda end-to-end kryptering. Dock så är de ﬂesta av dessa appar closed-source och det ﬁnns begränsad, eller ingen, fristående granskning av systemdesignen för deras end-to-end kryptering. Dessa implementationer kan innebära en stor risk då proprietära chattappar kan använda sig av kryptograﬁska algoritmer som inte följer best practice för säkerhet eller kryptograﬁ. Vidare så kan statliga myndigheter tvinga de som tillhandahåller chattappar att använda lättdekrypterad export-grade kryptograﬁ för sina produkter. Lägg till det att de ﬂesta vanliga appar har många ytor som kan attackeras, till följd av all funktionalitet de erbjuder. Som ett resultat av detta ﬁnns en risk för mjukvarubrister som kan utnyttjas av en hackare för att inkräkta på en användares end-to-end integritet. Ytterligare ett problem är att trots att det är closed-source mjukvara så marknadsför ofta appleverantörerna sina appar som att vara är så säkra att inte ens leverantörerna själva kan dekryptera användarnas meddelanden. Det som hävdas i marknadsföringen riskerar vara missledande eftersom de ﬂesta användarna inte har den tekniska kunskap som krävs för att kunna veriﬁera att det som hävdas är sant. I den här Master-uppsatsen använder vi KakaoTalk – den mest populära chattappen i Sydkorea – som en fallstudie för att granska och bedömma säkerhetens- och integritets-aspekterna hos deras valbara “Secure Chat” med end-to-end krypteringsfunktionalitet. Vi granskar även KakaoTalk’s användarvillkor för att kunna veriﬁera påståenden som att “[. . . ] Kakao’s server is unable to decrypt the encryption [. . . ]” från ett tekniskt perspektiv. Det huvudsakliga syftet med denna studien är att belysa hur olika brister i en produkt sammantagna kan skapa en risk för allvarliga vektorattacker mot end-to-end integriteten även fast det ﬁnns ﬂera skyddslager. Mer speciﬁkt visar vi hur en central katalogserver för public-keys gör end-to-end krypteringssystemet sårbart mot välkända operator-site man-in-the-middle-attacker. Trots att denna naiva typ av attack kan verka uppenbar, argumenterar vi för att (KakaoTalk) användare borde veta om styrkorna och svagheterna med en särskild systemdesign för att kunna göra ett informerat val för om de ska lita på säkerheten hos en chattapplikation eller inte. Secure Messaging End-to-end Encryption Android Security Secure Messaging End-to-end Encryption Android Security Elektroteknik och elektronik
310	SATELLITE GROUND STATION SECURITY USING SSH TUNNELING Mauldin, Kendall 10 1900 (has links) International Telemetering Conference Proceedings / October 20-23, 2003 / Riviera Hotel and Convention Center, Las Vegas, Nevada / As more satellite ground station systems use the Internet as a means of connectivity, the security of the ground stations and data transferred between stations becomes a growing concern. Possible solutions include software-level password authentication, link encryption, IP filtering, and several others. Many of these methods are being implemented in many different applications. SSH (Secure Shell) tunneling is one specific method that ensures a highly encrypted data link between computers on the Internet. It is used every day by individuals and organizations that want to ensure the security of the data they are transferring over the Internet. This paper describes the security requirements of a specific example of a ground station network, how SSH can be implemented into the existing system, software configuration, and operational testing of the revised ground network. Space Telemetry Satellite Networking Scalable Networking Ground Station Nanosatellite Security Encryption Secure Link

Search results