51 |
A Security Framework for Wireless Sensor NetworksZia, Tanveer January 2008 (has links)
Doctor of Philosophy (PhD) / Sensor networks have great potential to be employed in mission critical situations like battlefields but also in more everyday security and commercial applications such as building and traffic surveillance, habitat monitoring and smart homes etc. However, wireless sensor networks pose unique security challenges. While the deployment of sensor nodes in an unattended environment makes the networks vulnerable to a variety of potential attacks, the inherent power and memory limitations of sensor nodes makes conventional security solutions unfeasible. Though there has been some development in the field of sensor network security, the solutions presented thus far address only some of security problems faced. This research presents a security framework WSNSF (Wireless Sensor Networks Security Framework) to provide a comprehensive security solution against the known attacks in sensor networks. The proposed framework consists of four interacting components: a secure triple-key (STKS) scheme, secure routing algorithms (SRAs), a secure localization technique (SLT) and a malicious node detection mechanism. Singly, each of these components can achieve certain level of security. However, when deployed as a framework, a high degree of security is achievable. WSNSF takes into consideration the communication and computation limitations of sensor networks. While there is always a trade off between security and performance, experimental results prove that the proposed framework can achieve high degree of security with negligible overheads.
|
52 |
Ανάπτυξη μηχανισμών ΙΕΕΕ 802.15.4 σε πλατφόρμα περιορισμένων πόρων με επεξεργαστή MSP430 / Implementation of IEEE 802.15.4 mechanisms an a limited resources platform with MSP 430 microcontrollerΚατσαρός, Κωνσταντίνος 01 September 2009 (has links)
Στη διπλωματική αυτή μελετήσαμε και υλοποιήσαμε μηχανισμούς ασφαλείας στο επίπεδο προσπέλασης μέσου (MAC) σε ένα ασύρματο δίκτυο αισθητήρων που βασίζονται στο πρότυπο ΙΕΕΕ 802.15.4. Συγκεκριμένα, ξεκινώντας από την υλοποίηση του επιπέδου MAC που υπάρχει στο TinyOS για την πλατφόρμα TelosB, αλλάξαμε το μηχανησμό backoff του CSMA-CA αλγορίθμου ώστε να γίνει συμβατός με το πρότυπο 802.15.4. Επίσης αναπτύξαμε της κατάλλήλες μεθόδους ώστε να ενσωματώσουμε στην υλοποίηση μηχανισμους ασφαλείας. Για το δεύτερο, αναπτύξαμε τον οδηγό (driver) για το ολοκληρωμένο CC2420 radio και κάναμε τις απαραίτητες πειραματικές μετρήσεις συγκρίνοντας το σύστημα σε τρείς λειτουργίες, δηλαδη χωρίς ασφάλεια, με ασφάλεια υλοποιημένη με λογισμικό (SW security) και με ασφάλεια χρησιμοποιώντας το ολοκληρωμενο CC2420 (HW security). Τέλος, μελετήθηκαν οι κύριοι μηχανισμοί διαχείρισης και διανομης των κλειδιών σε ένα δίκτυο και υλοποιήθηκαν δύο από αυτά τα μοντέλα. Το πρώτο βασίζεται στην πιθανολογική πρό-διανομη των κλειδιών ενώ το δεύτερο χρησιμοποιεί μηχανισμους ασυμμετρης κρυπτογραφίας, συγκεκριμένα ECC (elliptic curve cryptography) για να εγκαταστησει συμμετρικά κλειδιά στους κόμβους του δικτύου. / The thesis dealt with the implementation of the main medium access and security mechanisms in a wireless sensor network based on the IEEE 802.15.4 standard. More specifically, starting from the tinyos2.1 medium access implementation on the TelosB platform, the backoff mechanism was altered, in order to become fully 802.15.4 compliant, while the appropriate mechanisms were also developed in order to introduce the protocol's security features in the stack. For the latter, a driver for the CC2420 chip was developed and energy and performance meassurements were conducted, comparing the system under three modes of operation, namely with no security, with SW encryption/authentication and with HW encryption/authentication. Finally, the main mechanisms of key management and distribution in a deployed wireless sensor network were studied and developed. Specifically, we implemented two key management schemes. The first was a probalistic pre-distribution mechanism and the second an ECC (elliptic curve cryptography) mechanism of public cryptography in order to install symmetric keys on the motes.
|
53 |
Secure communications for critical infrastructure control systemsDawson, Robert Edward January 2008 (has links)
In March 2000, 1 million litres of raw sewage was released into the water system of Maroochy Shire on Queensland’s sunshine coast. This environmental disaster was caused by a disgruntled ex-contractor using a radio transmitter to illicitly access the electronically controlled pumps in the control system. In 2007 CNN screened video footage of an experimental attack against a electrical generator. The attack caused the generator to shake and smoke, visually showing the damage caused by cyber attack. These attacks highlight the importance of securing the control systems which our critical infrastructures depend on. This thesis addresses securing control systems, focusing on securing the communications for supervisory control and data acquisition (SCADA) systems. We review the architectures of SCADA systems and produce a list of the system constraints that relate to securing these systems. With these constraints in mind, we survey both the existing work in information and SCADA security, observing the need to investigate further the problem of secure communications for SCADA systems. We then present risk modelling techniques, and model the risk in a simple SCADA system, using the ISM, a software tool for modelling information security risk. In modelling the risk, we verify the hypothesis that securing the communications channel is an essential part of an effective security strategy for SCADA systems. After looking at risk modelling, and establishing the value of securing communications, we move on to key management for SCADA systems. Appropriate key management techniques are a crucial part of secure communications, and form an important part of the contributions made in this work. We present a key management protocol that has been designed to run under the constraints specific to SCADA systems. A reductionist security proof is developed for a simplified version of the protocol, showing it is secure in the Bellare Rogaway model.
|
54 |
A Security Framework for Wireless Sensor NetworksZia, Tanveer January 2008 (has links)
Doctor of Philosophy (PhD) / Sensor networks have great potential to be employed in mission critical situations like battlefields but also in more everyday security and commercial applications such as building and traffic surveillance, habitat monitoring and smart homes etc. However, wireless sensor networks pose unique security challenges. While the deployment of sensor nodes in an unattended environment makes the networks vulnerable to a variety of potential attacks, the inherent power and memory limitations of sensor nodes makes conventional security solutions unfeasible. Though there has been some development in the field of sensor network security, the solutions presented thus far address only some of security problems faced. This research presents a security framework WSNSF (Wireless Sensor Networks Security Framework) to provide a comprehensive security solution against the known attacks in sensor networks. The proposed framework consists of four interacting components: a secure triple-key (STKS) scheme, secure routing algorithms (SRAs), a secure localization technique (SLT) and a malicious node detection mechanism. Singly, each of these components can achieve certain level of security. However, when deployed as a framework, a high degree of security is achievable. WSNSF takes into consideration the communication and computation limitations of sensor networks. While there is always a trade off between security and performance, experimental results prove that the proposed framework can achieve high degree of security with negligible overheads.
|
55 |
A Lab System for Secret Sharing / Utveckling av laborationssystem för secret sharingOlsson, Fredrik January 2004 (has links)
Finnegan Lab System is a graphical computer program for learning how secret sharing works. With its focus on the algorithms and the data streams, the user does not have to consider machine-specific low-level details. It is highly modularised and is not restricted to secret sharing, but can easily be extended with new functions, such as building blocks for Feistel networks or signal processing. This thesis describes what secret sharing is, the development of a new lab system designed for secret sharing and how it can be used.
|
56 |
Securing Safebook : Secure Data Access Control and Key Management for SafebookAli, Waqas Liaqat January 2013 (has links)
Online social networks have become a fast and efficient way of sharing information and experiences. Over the past few years the trend of using social networks has drastically increased with an enormous amount of users’ private contents injected into the providers’ data centers. This has raised concerns about how the users’ contents are protected and how the privacy of users is preserved by the service providers. Moreover, current social networks have been subject to much criticism over their privacy settings and access control mechanism. The providers own the users’ contents and these contents are subject to potential misuse. Many socially engineered attacks have exposed user contents due to the lack of sufficient privacy and access control. These security and privacy threats are addressed by Project Safebook, a distributed peer-to-peer online social networking solution leveraging real life trust. By design Safebook decentralizes data storage and thus the control over user content is no longer in the service provider’s hands. Moreover, Safebook uses an anonymous routing technique to ensure communication privacy between different users. This thesis project addresses privacy aware data management for Safebook users and a data access control solution to preserve users’ data privacy and visibility utilizing a peer to peer paradigm. The solution focuses on three sub-problems: (1) preserving the user’s ownership of user data, (2) providing an access control scheme which supports fine grained access rights, and (3) secure key management. In our proposed system, the user profile is defined over a collection of small data artifacts. An artifact is the smallest logical entity of a profile. An artifact could be a user’s status tweak, text comment, photo album metadata, or multimedia contents. These artifacts are then logically arranged to form a hierarchical tree, call the User Profile Hierarchy. The root of the profile hierarchy is the only entry point exposed by Safebook from where the complete user profile can be traversed. The visibility of portions of the user profile can be defined by exposing a subset of profile hierarchy. This requires limiting access to child artifacts, by encrypting the connectivity information with specific access keys. Each artifact is associated with a dynamic access chain, which is an encrypted string and contains the information regarding the child nodes. A dynamic access chain is generated using a stream cipher, where each child’s unique identifier is encrypted with its specific access key and concatenated to form the dynamic access chain. The decryption process will reveal only those child artifacts whose access keys are shared. The access keys are managed in a hierarchical manner over the profile hierarchy. Child artifacts inherit the parent’s access key or their access key can be overridden with a new key. In this way, fine grained access rights can be achieved over a user’s artifacts. Remote users can detect changes in a specific branch of a profile hierarchy and fetch new artifacts through our proposed profile hierarchy update service. On top of the proposed access control scheme, any social networking abstraction (such as groups, circles, badges, etc.) can be easily implemented. / Online sociala nätverk har blivit ett snabbt och effektivt sätt att dela information och erfarenheter. Under de senaste åren har trenden med att använda sociala nätverk har ökat drastiskt med en enorm mängd av användarnas privata innehåll injiceras in i leverantörernas datacenter. Detta har väckt farhågor om hur användarnas innehåll skyddas och hur användarnas integritet bevaras av tjänsteleverantörerna. Dessutom har nuvarande sociala nätverk varit föremål för mycket kritik över sina sekretessinställningar och åtkomstkontroll. Leverantörerna äger användarnas innehåll och dessa innehåll är föremål för potentiellt missbruk. Många socialt konstruerade attacker har utsatt användarnas innehåll på grund av bristen på tillräcklig integritet och åtkomstkontroll. Dessa säkerhets-och privatliv hot hanteras av Project Safebook, en distribuerad peer-to-peer sociala nätverk online-lösning utnyttja verkliga livet förtroende. Genom design Safebook decentralizes datalagring och därmed kontrollen över användarens innehåll är inte längre i tjänsteleverantörens händer. Dessutom använder Safebook en anonym routing teknik för att säkerställa kommunikationen sekretess mellan olika användare. Detta examensarbete behandlar sekretess medvetna datahantering för Safebook användare och åtkomstkontroll lösning för att bevara användarnas integritet och synlighet använder en peer to peer paradigm. Lösningen fokuserar på tre delproblem: (1) bevara användarens ägande av användardata, (2) att tillhandahålla ett system för åtkomstkontroll som stöder finkorniga åtkomsträttigheter, samt (3) säkra nyckelhantering. I vårt föreslagna systemet, användaren profilen som definieras över en samling av små data-artefakter. En artefakt är det minsta logisk enhet i en profil. En artefakt kan vara en användares status tweak, text kommentar, fotoalbum metadata, eller multimedieinnehåll. Dessa artefakter då är logiskt ordnade att bilda ett hierarkiskt träd, ring Användarprofil Hierarki. Roten till profilen hierarkin är den enda inkörsporten exponeras genom Safebook varifrån hela användarprofil kan passeras. Synligheten av delar av användarprofilen kan definieras genom att exponera en delmängd av profilen hierarki. Detta kräver att begränsa tillgången till barn artefakter, genom att kryptera uppkopplingen informationen med särskilda snabbtangenter. Varje artefakt är associerad med en dynamisk tillgång kedja, som är en krypterad sträng och innehåller information om de underordnade noder. En dynamisk tillgång kedjan genereras med hjälp av en ström chiffer, där varje barns unika identifierare är krypterad med dess specifika tillgången knapp och sammanfogas för att bilda den dynamiska tillgång kedjan. Dekrypteringsprocessen avslöjar endast de barn artefakter vars tillgång nycklar delas. De snabbtangenter hanteras på ett hierarkiskt sätt över profilen hierarkin. Barn artefakter ärva föräldrarnas tillgång nyckel eller deras åtkomstnyckeln kan åsidosättas med en ny nyckel. På detta sätt kan finkorniga åtkomsträttigheter uppnås över en användares artefakter. Fjärranvändare kan upptäcka förändringar i en viss gren av en profil hierarki och hämta nya artefakter genom vår föreslagna profil hierarki uppdateringstjänst. Ovanpå den föreslagna åtkomstkontroll system kan alla sociala nätverk abstraktion (t.ex. grupper, cirklar, märken, osv.) lätt genomföras.
|
57 |
Symmetric Key Management for Mobile Financial Applications : A Key Hierarchy ApproachAzam, Junaid January 2013 (has links)
In recent times the usage of smart phones has significantly increased. Businesses are transforming to make more out of smart phones. As a consequence, there is an increasing demand to have more and more mobile applications. Among other areas, mobile applications are also being used to make financial transactions. Applications used for financial transactions need to be more reliable and have end-to-end security. To implement security we heavily depend on cryptography and the heart of cryptography is the keys which are used in cryptographic processes (encryption/decryption). Therefore, it is essential not only to protect, but also to properly manage these keys, so that a robust and secure system can be achieved. This research work provides a complete implementation of symmetric key management for mobile phone applications with a focus on financial data using a key hierarchy approach. We have developed a key management system which allows smart phones to download the cryptographic key hierarchy. This key hierarchy is used to encrypt and decrypt financial data, such as PIN and other transaction information. Using this application (key management system), we can achieve an end-to-end security between client (mobile phones) and payment server (banking server). This research work presents implementation of key management system for Android OS only.
|
58 |
Key management with a trusted third party using LoRaWAN protocol : A study case for E2E securityRalambotiana, Miora January 2018 (has links)
Nowadays, Internet of Things (IoT) applications are gaining more importance in people’s everyday life. Depending of their usage (for long or short distance communications, using low or high power devices, etc.), several standards exist. In this study, the focus is on Low Power Wide Area Networks (LPWAN) and particularly a protocol which is raising in popularity for long-range low-power communications in IoT: LoRaWAN. LoRaWAN is still at an early stage and has been mainly used in use cases where the network server was managing the keys ensuring confidentiality and integrity of the data. Gemalto has raised the issue of interest conflicts in the case where the network operator and the application provider are two distinct entities: if the end-device and the application server are exchanging sensitive data, the network server should not be able to read them. In order to solve this problem, an architecture using a trusted third party to generate and manage the keys has been implemented during this project. The following research aims at finding security threats and weaknesses on the confidentiality and integrity of the data and devices’ authentication in this study case. The LoRaWAN protocol and key management in general were studied first before describing the studied system and finding the possible attacks exploring its vulnerabilities on the mentioned points via an attack tree. These attacks were simulated in order to define their consequences on the system and according to them, security improvements on the architecture was proposed based on previous work on the topic and exploration on potential countermeasures. / Idag blir Internet av saker (IoT) applikationer allt viktigare i människors vardag. Beroende på användningen (för långeller kortdistanskommunikation, med låga eller höga effektenheter etc.) finns flera standarder. I denna studie ligger fokus på Low Power Wide Area Networks (LPWAN) och i synnerhet ett protokoll som ökar i popularitet för långsiktig lågkapacitetskommunikation i IoT: LoRaWAN. LoRaWAN är fortfarande på ett tidigt stadium och har i huvudsak använts i användarfall där nätverksservern hanterade nycklarna som säkerställer konfidentialitet och integritet av data. Gemalto har tagit upp frågan om intressekonflikter i det fall nätverksoperatören och programleverantören är två separata enheter: Om slutanordningen och applikationsservern utbyter känslig data, ska nätverksservern inte kunna läsa dem. För att lösa detta problem har en arkitektur som använder en betrodd tredje part för att generera och hantera nycklarna implementerats under det här projektet. Följande forskning syftar till att hitta säkerhetshot och svagheter om konfidentialiteten och integriteten hos data och enheternas autentisering i detta studiefall. LoRaWAN-protokollet och nyckelhanteringen i allmänhet kommer att studeras först innan författaren beskriver det studerade systemet och upptäcker de eventuella attacker som undersöker sårbarheten på de nämnda punkterna via ett angreppsträd. Dessa attacker kommer att simuleras för att definiera deras konsekvenser på systemet och enligt dem kommer säkerhetsförbättringar på arkitekturen att föreslås utifrån tidigare arbete med ämnet och undersökning av potentiella motåtgärder
|
59 |
[en] HX: A PROPOSAL OF A NEW STREAM CIPHER BASED ON COLLISION RESISTANT HASH FUNCTIONS / [pt] HX: UMA PROPOSTA DE UMA NOVA CIFRA DE FLUXO BASEADA EM FUNÇÕES DE HASH RESISTENTES À COLISÃOMARCIO RICARDO ROSEMBERG 25 March 2021 (has links)
[pt] No futuro próximo, viveremos em cidades inteligentes. Nossas casas, nossos carros e a maioria dos nossos equipamentos estarão interconectados. Se a infraestrutura das cidades inteligentes não fornecerem privacidade e segurança, os cidadãos ficarão relutantes em participar e as principais vantagens de uma cidade inteligente irão se dissolver. Vários algoritmos de criptografia recentemente foram quebrados ou enfraquecidos e os comprimentos das chaves estão aumentando, conforme cresce o poder computacional. Um estudo recente descobriu que 93 porcento de 20.000 aplicações Android tinham violado uma ou mais regras de criptografia. Essas violações enfraquecem a criptografia ou as inutiliza. Outro problema é a autenticação. Uma chave privada comprometida de única autoridade de certificação intermediária pode comprometer toda cidade inteligente que utilizar certificados digitais para autenticação. Neste trabalho, investigamos por que tais violações ocorrem. Propomos o HX: um algoritmo de criptografia modular baseado em funções de hash resistentes à colisão que reduz automaticamente as violações de regras de criptografia e o HXAuth: um protocolo de autenticação de chave simétrica para trabalhar em conjunto com o SRAP ou independentemente, com um segredo previamente partilhado. Nossos experimentos apontam na direção de que a maioria dos desenvolvedores não tem o conhecimento básico necessário em criptografia para utilizar corretamente um algoritmo de criptografia. Nossos experimentos também provam que o HX é seguro, modular e é mais forte, mais eficaz e mais eficiente do que o AES, o Salsa20 e o HC-256. / [en] In the near future, we will live in smart cities. Our house, our car and most of our appliances will be interconnected. If the infrastructure of the smart cities fails to provide privacy and security, citizens will be reluctant to participate and the main advantages of a smart city will dissolve. Several encryption algorithms have been broken recently or significantly weakened and key lengths are increasing as computing power availability grows. In addition to the ever growing computing power a recent study discovered that 93 percent from 20,000 Android applications had violated one or more cryptographic rules. Those violations either weaken the encryption or render them useless. Another problem is authentication. A single compromised private key from any intermediate certificate authority can compromise every smart city which will use digital certificates for authentication. In this work, we investigate why such violations occur and we propose: HX, a modular encryption algorithm based on Collision Resistant Hash Functions that automatically mitigates cryptographic rules violations and HXAuth, a symmetric key authentication protocol to work in tandem with Secure RDF Authentication Protocol (SRAP) or independently with a pre-shared secret. Our experiments points in the direction that most developers do not have the necessary background in cryptography to correctly use encryption algorithms, even those who believed they had. Our experiments also prove HX is safe, modular and is stronger, more effective and more efficient than AES, Salsa20 and HC-256.
|
60 |
Secure Satellite Communication : A system design for cybersecurity in spaceWallin, Lucas January 2024 (has links)
This thesis presents an in-depth exploration of designing a cybersecurity system for satellitecommunication, addressing cyberthreats as the space industry transitions from security byobscurity in mission specific designs to the use of mass-produced components. To counteract these threats, a comprehensive security system must be implemented,considering all facets of satellite communication, from key management and encryption to digitalsignatures, digital certificates, and hardware security modules (HSMs). The role of HSMs insecurely storing cryptographic keys and performing cryptographic operations is emphasized,highlighting their importance in protecting sensitive data. A partial implementation of the digital signature component demonstrates the practicalimportance of using HSMs for key storage, underscoring the feasibility of the proposed systemin real-world applications. The findings indicate that established protocols and algorithms, when combined effectively, can provide robust security solutions for satellite communication. This research contributes to the development of secure satellite communication systems byoffering a detailed security design tailored to the specific needs and challenges of the spaceenvironment. It provides a framework for future implementations, ensuring that satellite systemscan operate securely and efficiently in an increasingly interconnected and vulnerable digitallandscape.
|
Page generated in 0.0821 seconds