251 |
Handling uncertainty in intrusion analysisZomlot, Loai M. M. January 1900 (has links)
Doctor of Philosophy / Department of Computing and Information Sciences / Xinming Ou / Intrusion analysis, i.e., the process of combing through Intrusion Detection System (IDS) alerts and audit logs to identify true successful and attempted attacks, remains a difficult problem in practical network security defense. The primary cause of this problem is the high false positive rate in IDS system sensors used to detect malicious activity. This high false positive rate is attributed to an inability to differentiate nearly certain attacks from those that are merely possible. This inefficacy has created high uncertainty in intrusion analysis and consequently causing an overwhelming amount of work for security analysts. As a solution, practitioners typically resort to a specific IDS-rules set that precisely captures specific attacks. However, this results in failure to discern other forms of the targeted attack because an attack’s polymorphism reflects human intelligence. Alternatively, the addition of generic rules so that an activity with remote indication of an attack will trigger an alert, requires the security analyst to discern true alerts from a multitude of false alerts, thus perpetuating the original problem. The perpetuity of this trade-off issue is a dilemma that has puzzled the cyber-security community for years.
A solution to this dilemma includes reducing uncertainty in intrusion analysis by making IDS-nearly-certain alerts prominently discernible. Therefore, I propose alerts prioritization, which can be attained by integrating multiple methods. I use IDS alerts correlation by building attack scenarios in a ground-up manner. In addition, I use Dempster-Shafer Theory (DST), a non-traditional theory to quantify uncertainty, and I propose a new method for fusing non-independent alerts in an attack scenario. Finally, I propose usage of semi-supervised learning to capture an organization’s contextual knowledge, consequently improving prioritization. Evaluation of these approaches was conducted using multiple datasets. Evaluation results strongly indicate that the ranking provided by the approaches gives good prioritization of IDS alerts based on their likelihood of indicating true attacks.
|
252 |
Protocolo de comunicação segura para plataforma de distribuição de vídeo em redes sobrepostas. / Protocol of secure communication for video distribution platform on overlay networks.Pimentel, Hélcio Machado 07 July 2011 (has links)
As redes de distribuição de vídeo têm sido amplamente utilizadas na atualidade pela Internet. O sucesso de Portais de Vídeo evidencia tal uso. Por poderem ser redes de grande porte, há uma grande preocupação com as vulnerabilidades existentes nessas redes. A comunicação de seus elementos deve ser segura o bastante para garantir a disponibilidade, o sigilo e integridade de suas mensagens e a autenticidade dos seus elementos. Este trabalho apresenta um protocolo de comunicação segura que busca atender a tais necessidades de uma maneira eficiente - pois consegue atender aos requisitos de desempenho na entrega do conteúdo aos usuários - e genérica - pois pode ser utilizado em outras plataformas de distribuição. A validação do trabalho é feita de maneira a mostrar que a proposta consegue atender aos requisitos de um sistema de distribuição de vídeo seguro. / Video delivery network has been widely used across the Internet nowadays. The success of Video Portals is an evidence of this use. Due to its potential to turn into large infrastructures, there is a concern about its vulnerabilities. The communication among its elements must be secure enough to guarantee the availability, the secrecy and integrity of messages and the authenticity of its elements. We present in this work a secure communication protocol to meet such requisites in an efficient - since it meets the performance requisites for delivering the content to the users - and generic way - because it can be used by other distribution systems. The validity of this work is done in order to show that this proposal can meet the requisites of a secure video delivery system.
|
253 |
Parametrização e otimização de criptografia de curvas elípticas amigáveis a emparelhamentos. / Parameterization and optmization of pairing-friendly elliptic curves.Pereira, Geovandro Carlos Crepaldi Firmino 27 April 2011 (has links)
A tendência para o futuro da tecnologia é a produção de dispositivos eletrônicos e de computação cada vez menores. Em curto e médio prazos, ainda há poucos recursos de memória e processamento neste ambiente. A longo prazo, conforme a Física, a Química e a Microeletrônica se desenvolvem, constata-se significativo aumento na capacidade de tais dispositivos. No intervalo de curto e médio prazos, entre 20 e 50 anos, até que a tecnologia tenha avanços, soluções leves de software se vêem necessárias. No Brasil, o protocolo de assinatura digital RSA é o mais amplamente adotado, sendo obsolescente como padrão. O problema é que os avanços tecnológicos impõem um aumento considerável no tamanho das chaves criptográficas para que se mantenha um nível de segurança adequado, resultando efeitos indesejáveis em tempo de processamento, largura de banda e armazenamento. Como solução imediata, temos a criptografia de curvas elípticas sendo mais adequada para utilização por órgãos públicos e empresas. Dentro do estudo de curvas elípticas, este trabalho contribui especificamente com a introdução de uma nova subfamília das curvas amigáveis a emparelhamento Barreto-Naehrig (BN). A subfamília proposta tem uma descrição computacionalmente simples, tornando-a capaz de oferecer oportunidades de implementação eficiente. A escolha das curvas BN também se baseia no fato de possibilitarem uma larga faixa de níveis práticos de segurança. A partir da subfamília introduzida foram feitas algumas implementações práticas começando com algoritmos mais básicos de operações em corpos de extensão, passando por algoritmos de aritmética elíptica e concluindo com o cálculo da função de emparelhamento. A combinação da nova subfamília BN com a adoção de técnicas de otimização, cuidadosamente escolhidas, permitiu a mais eficiente implementação do emparelhamento Ate ótimo, operação bastante útil em aplicações criptográficas práticas. / The trend for the future consists of steadfast shrinking of electrical and computing devices. In the short to medium term, one will still find constrained storage and processing resources in that environment. In the long run, as Physics, Chemistry and Microelectronics progress, the capabilities of such devices are likely to increase. In 20 to 50 years from now, until technology has firm advances, lightweight software solutions will be needed. In Brazil, the most widely adopted signature protocol, the RSA scheme, is obsolescent as a standard. The problem is that technological advances impose a considerable increase in cryptographic key sizes in order to maintain a suitable security level, bringing about undesirable effects in processing time, bandwidth occupation and storage requirements. As an immediate solution, we have the Elliptic Curve Cryptography which is more suitable for utilization in public agencies and industry. In the field of elliptic curves, this work contributes specifically with the introduction of a new subfamily of the pairing-friendly Barreto-Naehrig (BN) curves. The proposed subfamily has a computationally simple description, and makes it able to offer opportunities for efficient implementation. The choice of the BN curves is also based on the fact that they allow a range of practical security levels. Furthermore, there were made practical implementations from the introduced subfamily, like the most basic extension fields algorithms, elliptic curve arithmetic and pairing computation. The adoption of the new BN subfamily with carefully chosen optimization techniques allowed the most efficient implementation of the optimal Ate pairing, which is a very useful operation in many practical cryptographic applications.
|
254 |
Methods to improve certificate linkage and revocation procedures in vehiculat networks. / Métodos para melhorar os procedimentos de ligação e revogação de certificados em redes veiculares.Ferraz, Leonardo Tórtora Devienne 19 February 2019 (has links)
Vehicular communication technologies, also called Vehicle-to-everything (V2X) systems, are expected to become common in the future, providing better effciency and safety in transportation. This envisioned large-scale deployment, however, critically depends on addressing some requirements. For example, to prevent abuse by drivers, messages exchanged among authorized vehicles must be authenticated, which implies the need of a Vehicular Public Key Infrastructure (VPKI). Unlike traditional Public Key Infrastructures (PKIs), though, VPKIs are also expected to preserve the drivers\' privacy; in particular, neither eavesdroppers or system entities should be able to easily identify or track the movements of vehicles using non-revoked certificates. One promising VPKI solution, which copes with such requirements and is among the main candidates for standardization in the United States and Europe, is Security Credential Management System (SCMS). In this thesis, aiming to address shortcomings identified in the SCMS architecture, three main contributions are provided. First, a mechanism for improving the exibility of revocation is described, allowing certificates and their owner\'s privacy to be temporarily revoked in an eficient manner; this functionality is useful, for example, in case a software malfunction is detected and a patch still needs to be released. Second, two birthday attacks against SCMS\'s certificate revocation process are detailed and then fixed, thus preventing the system\'s security degradation with the number of issued and revoked certificates. Finally, a method is proposed which simplifies SCMS\'s system architecture, removing the need for the so-called Linkage Authorities (LAs); this not only reduces the cost for SCMS\'s deployment, but also improves its security and privacy due to the removal of one potential point of failure/collusion. / Espera-se que as tecnologias de comunicação veicular, também chamadas de sistemas V2X (Vehicle-to-everything, em inglês), se tornem comuns no futuro, proporcionando melhor eficiência e segurança no transporte. Essa implantação planejada em larga escala, no entanto, depende criticamente de abordar alguns requisitos. Por exemplo, para prevenir abusos por motoristas, mensagens trocadas entre veículos autorizados devem ser autenticadas, o que implica na necessidade de uma Infraestrutura de Chaves Públicas Veicular (VPKI, do inglês, Vehicular Public Key Infrastructure). Diferente de Infraestruturas de Chaves Públicas (ICPs) tradicionais, porém, é esperado também que as VPKIs preservem a privacidade dos motoristas; em particular, que nem bisbilhoteiros, nem entidades do sistema possam identificar veículos ou rastrear seus movimentos facilmente utilizando certificados n~ao revogados. Uma solução promissora para VPKI, que lida com tais requisitos e está entre os principais candidatos para padronização nos Estados Unidos e na Europa é o Sistema de gerenciamento de credenciais de segurança (SCMS, do inglês, Security Credential Management System). Nessa dissertação, com o objetivo de abordar deficiências identificadas na arquitetura do SCMS, são fornecidas três contribuições principais. Primeiro, um mecanismo para melhorar a exibilidade do processo de revogação é descrito, permitindo que certificados e a privacidade de seus proprietários sejam revogados temporariamente de maneira eficiente; essa funcionalidade é útil, por exemplo, em caso de uma falha de software ser detectada e ser necessário a liberação de uma correção. Em segundo lugar, dois ataques do aniversário contra o processo de revogação do SCMS são detalhados e posteriormente corrigidos, assim, prevenindo a degradação de segurança do sistema com o número de certificados emitidos e revogados. Por fim, é proposto um método que simplifica a arquitetura do sistema SCMS, removendo a necessidade das chamadas Autoridades de Ligação (LAs, do inglês, Linkage Authorites); o que não só reduz o custo de implantação do SCMS, mas também aumenta sua segurança e privacidade devido à remoção de um potencial ponto de falha/conluio.
|
255 |
Parametrização e otimização de criptografia de curvas elípticas amigáveis a emparelhamentos. / Parameterization and optmization of pairing-friendly elliptic curves.Geovandro Carlos Crepaldi Firmino Pereira 27 April 2011 (has links)
A tendência para o futuro da tecnologia é a produção de dispositivos eletrônicos e de computação cada vez menores. Em curto e médio prazos, ainda há poucos recursos de memória e processamento neste ambiente. A longo prazo, conforme a Física, a Química e a Microeletrônica se desenvolvem, constata-se significativo aumento na capacidade de tais dispositivos. No intervalo de curto e médio prazos, entre 20 e 50 anos, até que a tecnologia tenha avanços, soluções leves de software se vêem necessárias. No Brasil, o protocolo de assinatura digital RSA é o mais amplamente adotado, sendo obsolescente como padrão. O problema é que os avanços tecnológicos impõem um aumento considerável no tamanho das chaves criptográficas para que se mantenha um nível de segurança adequado, resultando efeitos indesejáveis em tempo de processamento, largura de banda e armazenamento. Como solução imediata, temos a criptografia de curvas elípticas sendo mais adequada para utilização por órgãos públicos e empresas. Dentro do estudo de curvas elípticas, este trabalho contribui especificamente com a introdução de uma nova subfamília das curvas amigáveis a emparelhamento Barreto-Naehrig (BN). A subfamília proposta tem uma descrição computacionalmente simples, tornando-a capaz de oferecer oportunidades de implementação eficiente. A escolha das curvas BN também se baseia no fato de possibilitarem uma larga faixa de níveis práticos de segurança. A partir da subfamília introduzida foram feitas algumas implementações práticas começando com algoritmos mais básicos de operações em corpos de extensão, passando por algoritmos de aritmética elíptica e concluindo com o cálculo da função de emparelhamento. A combinação da nova subfamília BN com a adoção de técnicas de otimização, cuidadosamente escolhidas, permitiu a mais eficiente implementação do emparelhamento Ate ótimo, operação bastante útil em aplicações criptográficas práticas. / The trend for the future consists of steadfast shrinking of electrical and computing devices. In the short to medium term, one will still find constrained storage and processing resources in that environment. In the long run, as Physics, Chemistry and Microelectronics progress, the capabilities of such devices are likely to increase. In 20 to 50 years from now, until technology has firm advances, lightweight software solutions will be needed. In Brazil, the most widely adopted signature protocol, the RSA scheme, is obsolescent as a standard. The problem is that technological advances impose a considerable increase in cryptographic key sizes in order to maintain a suitable security level, bringing about undesirable effects in processing time, bandwidth occupation and storage requirements. As an immediate solution, we have the Elliptic Curve Cryptography which is more suitable for utilization in public agencies and industry. In the field of elliptic curves, this work contributes specifically with the introduction of a new subfamily of the pairing-friendly Barreto-Naehrig (BN) curves. The proposed subfamily has a computationally simple description, and makes it able to offer opportunities for efficient implementation. The choice of the BN curves is also based on the fact that they allow a range of practical security levels. Furthermore, there were made practical implementations from the introduced subfamily, like the most basic extension fields algorithms, elliptic curve arithmetic and pairing computation. The adoption of the new BN subfamily with carefully chosen optimization techniques allowed the most efficient implementation of the optimal Ate pairing, which is a very useful operation in many practical cryptographic applications.
|
256 |
Protocolo de comunicação segura para plataforma de distribuição de vídeo em redes sobrepostas. / Protocol of secure communication for video distribution platform on overlay networks.Hélcio Machado Pimentel 07 July 2011 (has links)
As redes de distribuição de vídeo têm sido amplamente utilizadas na atualidade pela Internet. O sucesso de Portais de Vídeo evidencia tal uso. Por poderem ser redes de grande porte, há uma grande preocupação com as vulnerabilidades existentes nessas redes. A comunicação de seus elementos deve ser segura o bastante para garantir a disponibilidade, o sigilo e integridade de suas mensagens e a autenticidade dos seus elementos. Este trabalho apresenta um protocolo de comunicação segura que busca atender a tais necessidades de uma maneira eficiente - pois consegue atender aos requisitos de desempenho na entrega do conteúdo aos usuários - e genérica - pois pode ser utilizado em outras plataformas de distribuição. A validação do trabalho é feita de maneira a mostrar que a proposta consegue atender aos requisitos de um sistema de distribuição de vídeo seguro. / Video delivery network has been widely used across the Internet nowadays. The success of Video Portals is an evidence of this use. Due to its potential to turn into large infrastructures, there is a concern about its vulnerabilities. The communication among its elements must be secure enough to guarantee the availability, the secrecy and integrity of messages and the authenticity of its elements. We present in this work a secure communication protocol to meet such requisites in an efficient - since it meets the performance requisites for delivering the content to the users - and generic way - because it can be used by other distribution systems. The validity of this work is done in order to show that this proposal can meet the requisites of a secure video delivery system.
|
257 |
Usable Firewall Rule SetsVoronkov, Artem January 2017 (has links)
Correct functioning is the most important requirement for any system. Nowadays there are a lot of threats to computer systems that undermine confidence in them and, as a result, force a user to abandon their use. Hence, a system cannot be trusted if there is no proper security provided. Firewalls are an essential component of network security and there is an obvious need for their use. The level of security provided by a firewall depends on how well it is configured. Thus, to ensure the proper level of network security, it is necessary to have properly configured firewalls. However, setting up the firewall correctly is a very challenging task. These configuration files might be hard to understand even for system administrators. This is due to the fact that these configuration files have a certain structure: the higher the position of a rule in the rule set, the higher priority it has. Challenging problems arise when a new rule is being added to the set, and a proper position, where to place it, needs to be found. Misconfiguration might sooner or later be made and that will lead to an inappropriate system's security. This brings us to the usability problem associated with the configuration of firewalls. The overall aim of this thesis is to identify existing firewall usability gaps and to mitigate them. To achieve the first part of the objective, we conducted a series of interviews with system administrators. In the interviews, system administrators were asked about the problems they face when dealing with firewalls. After having ascertained that the usability problems exist, we turned to literature to get an understanding on the state-of-the-art of the field and therefore conducted a systematic literature review. This review presents a classification of available solutions and identifies open challenges in this area. To achieve the second part of the objective, we started working on one identified challenge. A set of usability metrics was proposed and mathematically formalized. A strong correlation between our metrics and how system administrators describe usability was identified. / Network security is an important aspect that must be taken into account. Firewalls are systems that are used to make sure that authorized network traffic is allowed and unauthorized traffic is prohibited. However, setting up a firewall correctly is a challenging task. Their configuration files might be hard to understand even for system administrators. The overall aim of this thesis is to identify firewall usability gaps and to mitigate them. To achieve the first part of the objective, we conduct a series of interviews with system administrators. In the interviews, system administrators are asked about the problems they face when dealing with firewalls. After having ascertained that the usability problems exist, we conduct a systematic literature review to get an understanding on the state of the art of the field. This review classifies available solutions and identifies open challenges. To achieve the second part of the objective, a set of usability metrics is proposed and mathematically formalized. A strong correlation between our metrics and how system administrators describe usability is identified. / HITS, 4707
|
258 |
Security Infrastructure and Applicationsfor Mobile AgentsShibli, Awais January 2010 (has links)
Research areas of this dissertation are security for mobile agents, for applications based on mobile agents, and for distributed network environments in which mobile agents execute. Mobile agents paradigm has captured researchers’ and industry’s interests long time ago because of its innovative capabilities and attractive applications. The ability of mobile agents to autonomously migrate from host to host, transferring their code and internal state, enables them to accomplish tasks in network and distributed environments more conveniently, robustly, and efficiently than traditional client-server applications. But, in spite of significant benefits of the mobile agent paradigm, the technology is still mainly in a research domain and so far it has not been adopted on a large scale by the industry and users. One of the reasons for that is security related issues and security concerns. Current research in the area of mobile agents’ security is focused mainly on protection and security of agents and agents’ runtime platforms. But most of the currently available mobile agent systems do not support comprehensive security requirements for a general mobile agents paradigm. Therefore, there is a need for a complete and comprehensive security infrastructure for mobile agents, not only in the form of security services and mechanisms for agents’ runtime execution, but also as a complete set of infrastructural components, along with methodology for creation, classification, adoption, and validation of mobile agents before their deployment in real-environments. In addition, protection of mobile agents code and their baggage during execution is also needed. The lack of such concept, infrastructure and security solutions is hindrance for wider adoption of mobile agent systems at the time of this research. In our research, we solve these comprehensive requirements with solutions that can be classified in two groups: The first group is solutions for designing, implementation and deployment of a security infrastructure for mobile agents, along with methodology for secure deployment and execution of mobile agents. The proposed infrastructure for mobile agents is based on a methodology for creation, classification and validation of trusted mobile agents. It includes security architecture for publishing, discovery and adoption of mobile agents. Moreover, it provides integrated system for mobile agent deployment that supports launching, authorization and execution of mobile agents. Mobile agents execution is based on a protective approach, as compared to traditional detective or preventive methods, that not only provides code protection, but code execution and data privacy as well. The second group is solutions for use of security infrastructure and, in particular, secure and trusted mobile agents for real-life applications. The main result in this group is the design and implementation of a network intrusion detection and prevention system based on mobile agents. The system efficiently solves several problems of existing IDS/IPS. It can detect new vulnerabilities before they are exploited by hackers, it can process and filter large volumes of log entries, it reacts to intrusions in real–time, it provides protection against unknown attacks, it supports and improves commercial IDS/IPS products, and it also efficiently handles software patches. The system not only improves use of existing popular IDS/IPS, but it also eliminates several of their core problems. In addition, it is self–protected by full encryption, both of mobile agents and their execution platforms, and therefore not vulnerable to attacks against its own components and resources. / QC20100525
|
259 |
On The Efficiency Of Authentication Protocols, Digital Signatures And Their Applications In E-health: A Top-down ApproachBicakci, Kemal 01 September 2003 (has links) (PDF)
Choosing an authentication protocol or a digital signature algorithm becomes more challenging when performance constraints are of concern. In this thesis, we discuss the possible options in a top-down approach and
propose viable alternatives for the efficiency criteria.
Before all the technical discussions, we argue that identifying
prerequisites, threats and risks on an organizational context has utmost importance so that effective solutions can be delivered at a reasonable cost. For instance, one approach to solve the performance problem is to relax the security requirements if it is allowable and use one-time
passwords as the more efficient entity authentication protocol. SCOTP is the first protocol proposed in this study which improves the security and flexibility of one-time passwords.
After requirements are set up, another high-efficiency solution is based on new designs of improved protocols. These new protocols might utilize the trade-offs between efficiency of distinct system parameters such as communication versus computational load. SAOTS is our new protocol designed to improve the performance and increase the round efficiency of server-assisted signature protocols.
With an example in e-health, we also demonstrate that efficiency can be provided on the implementation level as well, the last step in the chain. EVEREST is the third proposal in this thesis which improves the real-time efficiency of digital signatures concerning the fact that the medical images are huge in size and to verify the signature a considerable amount of time is spent to compute the hash of the image file.
|
260 |
Quantifying Computer Network SecurityBurchett, Ian 01 December 2011 (has links)
Simplifying network security data to the point that it is readily accessible and usable by a wider audience is increasingly becoming important, as networks become larger and security conditions and threats become more dynamic and complex, requiring a broader and more varied security staff makeup. With the need for a simple metric to quantify the security level on a network, this thesis proposes: simplify a network’s security risk level into a simple metric. Methods for this simplification of an entire network’s security level are conducted on several characteristic networks. Identification of computer network port vulnerabilities from NIST’s Network Vulnerability Database (NVD) are conducted, and via utilization of NVD’s Common Vulnerability Scoring System values, composite scores are created for each computer on the network, and then collectively a composite score is computed for the entire network, which accurately represents the health of the entire network. Special concerns about small numbers of highly vulnerable computers or especially critical members of the network are confronted.
|
Page generated in 0.0455 seconds