Guesswork and Entropy as Security Measures for Selective Encryption

Lundin, Reine

January 2012

More and more effort is being spent on security improvements in today's computer environments, with the aim to achieve an appropriate level of security. However, for small computing devices it might be necessary to reduce the computational cost imposed by security in order to gain reasonable performance and/or energy consumption. To accomplish this selective encryption can be used, which provides confidentiality by only encrypting chosen parts of the information. Previous work on selective encryption has chiefly focused on how to reduce the computational cost while still making the information perceptually secure, but not on how computationally secure the selectively encrypted information is.  Despite the efforts made and due to the harsh nature of computer security, good quantitative assessment methods for computer security are still lacking. Inventing new ways of measuring security are therefore needed in order to better understand, assess, and improve the security of computer environments. Two proposed probabilistic quantitative security measures are entropy and guesswork. Entropy gives the average number of guesses in an optimal binary search attack, and guesswork gives the average number of guesses in an optimal linear search attack. In information theory, a considerable amount of research has been carried out on entropy and on entropy-based metrics. However, the same does not hold for guesswork. In this thesis, we evaluate the performance improvement when using the proposed generic selective encryption scheme. We also examine the confidentiality strength of selectively encrypted information by using and adopting entropy and guesswork. Moreover, since guesswork has been less theoretical investigated compared to entropy, we extend guesswork in several ways and investigate some of its behaviors.

Computer security

security metrics

selective encryption

confidentiality

entropy

guesswork.

Towards Measurable and Tunable Security

Lundin, Reine

January 2007

<p>Many security services today only provides one security configuration at run-time, and cannot then utilize the trade-off between performance and security. In order to make use of this trade-off, tunable security services providing several security configurations that can be selected at run-time are needed. To be able to make intelligent choices on which security configuration to use for different situations we need to know how good they are, i.e., we need to order the different security configurations with respect to each security attribute using measures for both security and performance.</p><p>However, a key issue with computer security is that it is due to its complex nature hard to measure.</p><p>As the title of this thesis indicates, it discusses both security measures and tunable security services. Thus, it can be seen to consist of two parts. In the first part, discussing security measures for tunable security services, an investigation on the security implications of selective encryption by using guesswork as a security measure is made. Built on this an investigation of the relationship between guesswork and entropy. The result shows that guesswork,</p><p>after a minor redefinition, is equal to the sum of the entropy and the relative entropy.</p><p>The second part contributes to the area of tunable security services, e.g., services that provides several security configurations at run-time. In particular, we present the mobile Crowds (mCrowds) system,</p><p>an anonymity technology for the mobile Internet developed at Karlstad University, and a tunable encryption service, that is based on a selective encryption paradigm and designed as a middleware. Finally, an investigation of the tunable features provided by Mix-Nets and Crowds are done, using a conceptual model for tunable security services.</p>

tunable security

security measures

metrics

entropy

guesswork

privacy

anonymity

selective encryption

Computer science

Datavetenskap

Effects Of Web-based Multimedia Annotated Vocabulary Learning In Context Model On Foreign Language Vocabulary Retention Of Intermediate Level English Langauge Learners

Baturay, Meltem Huri

01 September 2007

The aim of this study was to investigate the effects web-based multimedia annotated vocabulary learning in context model and in spaced repetitions on vocabulary retention of intermediate level English language learners. The research study encompassed two main faces which was related to development of the material and implementation of it. In WEBVOCLE, which stands for web-based vocabulary learning material, the contextual presentation of vocabulary were enriched with audible online dictionary, pictures and animations / target words were repeated by the learners with interactive exercises, such as gap-filling, cloze and multiple choice test, games, puzzles, in &lsquo / spaced repetitions&rsquo / . In the study both qualitative and quantitative data were gathered through attitude questionnaires, checklists, interviews, focus group interviews and through vocabulary retention tests. The qualitative data were analyzed according to qualitative data analysis techniques and quantitative data were analyzed using SPSS statistics software. Feedback obtained from the learners demonstrated that they not only developed a positive attitude toward English vocabulary language learning but also increased their vocabulary retention level of the target vocabulary through spaced repetitions.

LB Academic Degrees 2381-2391

Towards Measurable and Tunable Security

Lundin, Reine

January 2007

Many security services today only provides one security configuration at run-time, and cannot then utilize the trade-off between performance and security. In order to make use of this trade-off, tunable security services providing several security configurations that can be selected at run-time are needed. To be able to make intelligent choices on which security configuration to use for different situations we need to know how good they are, i.e., we need to order the different security configurations with respect to each security attribute using measures for both security and performance. However, a key issue with computer security is that it is due to its complex nature hard to measure. As the title of this thesis indicates, it discusses both security measures and tunable security services. Thus, it can be seen to consist of two parts. In the first part, discussing security measures for tunable security services, an investigation on the security implications of selective encryption by using guesswork as a security measure is made. Built on this an investigation of the relationship between guesswork and entropy. The result shows that guesswork, after a minor redefinition, is equal to the sum of the entropy and the relative entropy. The second part contributes to the area of tunable security services, e.g., services that provides several security configurations at run-time. In particular, we present the mobile Crowds (mCrowds) system, an anonymity technology for the mobile Internet developed at Karlstad University, and a tunable encryption service, that is based on a selective encryption paradigm and designed as a middleware. Finally, an investigation of the tunable features provided by Mix-Nets and Crowds are done, using a conceptual model for tunable security services.

tunable security

security measures

metrics

entropy

guesswork

privacy

anonymity

selective encryption

Computer Sciences

Datavetenskap (datalogi)