<b>USER-CENTERED DATA ACCESS CONTROL TECHNIQUES FOR SECURE AND PRIVACY-AWARE MOBILE SYSTEMS</b>

Reham Mohamed Sa Aburas (18857674)

25 June 2024

<p dir="ltr">The pervasive integration of mobile devices in today’s modern world, e.g., smartphones, IoT, and mixed-reality devices, has transformed various domains, enhancing user experiences, yet raising concerns about data security and privacy. Despite the implementation of various measures, such as permissions, to protect user privacy-sensitive data, vulnerabilities persist. These vulnerabilities pose significant threats to user privacy, including the risk of side-channel attacks targeting low-permission sensors. Additionally, the introduction of new permissions, such as the App Tracking Transparency framework in iOS, seeks to enhance user transparency and control over data sharing practices. However, these framework designs are accompanied by ambiguous developer guidelines, rendering them susceptible to deceptive patterns. These patterns can influence user perceptions and decisions, undermining the intended purpose of these permissions. Moreover, the emergence of new mobile technologies, e.g., mixed-reality devices, presents novel challenges in ensuring secure data sharing among multiple users in collaborative environments, while preserving usability.</p><p dir="ltr">In this dissertation, I focus on developing user-centered methods for enhancing the security and privacy of mobile system, navigating through the complexities of unsolicited data access strategies and exploring innovative approaches to secure device authentication and data sharing methodologies.</p><p dir="ltr">To achieve this, first, I introduce my work on the iStelan system, a three-stage side-channel attack. This method exploits the low-permission magnetometer sensor in smartphones to infer user sensitive touch data and application usage patterns. Through an extensive user study, I demonstrate the resilience of iStelan across different scenarios, surpassing the constraints and limitations of prior research efforts.</p><p dir="ltr">Second, I present my analysis and study on the App Tracking Transparency permission in iOS. Specifically, my work focuses on analyzing and detecting the dark patterns employed by app developers in the permission alerts to obtain user consent. I demonstrate my findings on the dark patterns observed in permission alerts on a large-scale of apps collected from Apple’s store, using both static and dynamic analysis methods. Additionally, I discuss the application of a between-subject user study to evaluate users’ perceptions and understanding when exposed to different alert patterns.</p><p dir="ltr">Lastly, I introduce StareToPair, a group pairing system that leverages multi-modal sensing technologies in mixed-reality devices to enable secure data sharing in collaborative settings. StareToPair employs a sophisticated threat model capable of addressing various real-world scenarios, all while ensuring high levels of scalability and usability.</p><p dir="ltr">Through rigorous investigation, theoretical analysis and user studies, my research endeavors enhance the field of security and privacy for mobile systems. The insights gained from these studies offer valuable guidance for future developments in mobile systems, ultimately contributing to the design of user-centered secure and privacy-aware mobile ecosystems.</p>

Data security and protection

System and network security

Mobile computing

Mobile Security & Privacy

Usable Security

Heterogeneous Networks: from integration to mobility

Qachri, Naïm

16 September 2015

Français:La notion de réseaux hétérogènes correspond à l’intégration de plusieurs technologies de transmission de données sans-fil dans le but d’accroitre la qualité de service des communications dans les réseaux mobiles.Historiquement, les mécanismes de sécurité des réseaux mobiles et sans-fil ont été largement focalisés sur la protection d’équipement utilisateur au niveau du dernier saut de communication et sur base d’une connectivité simple et unique. Cette connectivité, réduite à sa plus simple expression, a restraint le développement des protocoles de sécurité à des protocoles bi-parties, qui couvrent l’authentification des équipements utilisateurs et le chiffrement sur des communicationsLes mécanismes de sécurité et de cryptographie ne sont donc pas suffisants pour protéger correctement et efficacement des connections parallèles ou leur mobilité au sein de réseaux hétérogènes. Le but de cette thèse de doctorat, à travers quatre contributions personnelles, est d’apporter de nouveaux mécanismes et protocoles de sécurité afin de protéger au mieux les réseaux hétérogènes:• La première contribution se focalise sur le développement d’une nouvelle primitive cryptographique pour la protection des transmissions sans-fil. La propriété principale de celle-ci est de protéger les trames en cas de capture. Cette primitive introduit, notamment, la notion de force brute probabiliste (ce qui veut dire qu’un attaquant ne peut pas choisir parmi différentes clés équiprobables laquelle est effectivement utilisée).• La seconde contribution propose un nouveau protocole pour gérer d’une manière sure et efficace la mobilité des équipements utilisateurs entre différentes technologies au sein de réseaux hétérogènes.• La troisième contribution couvre la gestion des clés maîtres des utilisateurs, embarqués au sein des cartes SIM, utilisées au sein des réseaux d’opérateurs mobiles. Nos protocoles et mécanismes automa- tisent des changements réguliers et sûrs de la clé maître, et ajoutent de la diversité dans la gestion des clés de sessions pour minimiser l’impact en cas de révélation de ces dernières (par le biais d’un vol de base de donnée, par exemple)• La quatrième contribution introduit un nouveau paradigme de connectivité pour les réseaux mo- biles basé sur des communications 1−à−n. Le paradigme redéfinit les frontières de sécurité et place l’équipement utilisateur au centre d’un groupe authentifié mobile. Par conséquent, le changement de paradigme mène à la création de nouveaux protocoles pour l’authentification, la gestion de la mo- bilité et la négociation protégées de clés afin de fournir une protection de bout en bout entre deux équipements utilisateurs ou plus. / English:Heterogeneous Networks (HetNets) is the integration of multiple wireless technologies to increase the quality of service of the communications in mobile networks. This evolution is the next generation of Public Land Mobile Networks (PLMNs).Mobile and wireless network security mechanisms have largely focused on the protection of the User Equipment (UE) within the last mile (the last hop of the communication in the chain of connected devices) and on single connections. The single connectivity has reduced the development of the security to two party protocols, and they cover the authentication of the UE to the mobile network and the encryption on a single channel based on homogeneous communications through a unique technology.The current security and cryptographic mechanisms are not sufficient to protect correctly, and efficiently, parallel connections or their mobility in HetNets. The purpose of the PhD Thesis is to bring new security protocols and mechanisms to protect HetNets.The contributions, that are brought by the thesis, follow the evolution of HetNets through 4 contributions by starting from the wireless transmissions to the largest frame of HetNets architecture:• The first contribution focuses on the development of an new cryptographic primitives for wireless transmissions. The main property is to protect the frame from eavesdropping. The primitive introduces the notion of probabilistic brute force (meaning that an attacker cannot decide among different keys which the used one).• The second contribution proposes a new protocol to manage efficiently and securely the mobility of the UEs between different technologies inside HetNets.• The third contribution covers the management of the master secrets, embedded within the Universal Subscriber Identity Module (USIM), in large PLMNs. Our mechanisms and protocols automate regular and secure changes of the master secret, and they add diversity in the management of session keys to minimize the impact of key leakages (in case of credential database theft, for instance).• The fourth contribution introduces a new connectivity paradigm for mobile networks based on one-to- many communications. The paradigm redesigns the security borders and puts the UE in the center of a mobile authenticated group. Therefore, the paradigm shift leads to new security protocols for authentication, mobility management, and secure negotiation to provide end-to-end encryption between two or more UEs. / Doctorat en Sciences / info:eu-repo/semantics/nonPublished

Sciences exactes et naturelles

Technologie de la sécurité

Informatique générale

sécurité informatique

réseaux hétérogénes

sécurité

mobile network security

wireless network security

computer security

security architecture

protocols

cryptography

protocoles

cryptographie

heterogeneous networks

HetNets

A framework for higher academic institutions in the republic of South Africa to mitigate network security threats and attacks.

Mohapi, Matrinta Josephine

06 1900

M. Tech. (Department of Information and Communication Technology, Faculty of Applied and Computer Sciences), Vaal University of Technology. / The computer networks of higher academic institutions play a significant role in the academic lives of students and staff in terms of offering them an environment for teaching and learning. These institutions have introduced several educational benefits such as the use of digital libraries, cluster computing, and support for distance learning. As a result, the use of networking technologies has improved the ability of students to acquire knowledge, thereby providing a supportive environment for teaching and learning. However, academic networks are constantly being attacked by viruses, worms, and the intent of malicious users to compromise perceived secured systems. Network security threats and cyber-attacks are significant challenges faced by higher academic institutions that may cause a negative impact on systems and Information and Communications Technology (ICT) resources. For example, the infiltration of viruses and worms into academic networks can destroy or corrupt data and by causing excessive network traffic, massive delays may be experienced. This weakens the ability of the institution to function properly, and results in prolonged downtime and the unavailability of Information Technology (IT) services. This research determines challenges faced by higher academic institutions, identifies the type of security measures used at higher academic institutions, and how network security could be addressed and improved to protect against network security threats and attacks. Two research approaches were adopted, namely a survey and an experiment. Survey questionnaires were distributed to IT technical staff at higher academic institutions in Gauteng province to determine the challenges they face in terms of securing their networks. It is crucial that network security takes on a prominent role when managing higher academic institutions‘ networks. The results of the study reveal several challenges such as budget constraints, inadequate security measures, lack of enforcing network security policies, and lack of penetration testing on systems and the network. The results also reveal that the implementation of security measures can and does address network security threats and attacks. It is therefore extremely important for higher academic institutions to implement proper security measures to help mitigate network security threats and attacks. The framework proposed is based on the results from the research study to help mitigate network security threats and attacks at higher academic institutions.

Academic networks

Cyber-attacks

Higher academic institutions

Network

Network security attacks

Network security threats

Vulnerabilities

Dissertations, Academic -- South Africa

Computer networks -- Security measures

Computer security

Cyberspace -- Security measures

Computer crimes -- Prevention

Advancing DDoS Detection in 5GNetworks Through Machine Learningand Deep Learning Techniques

Bomidika, Sai Teja Reddy

January 2024

This thesis explores the development and validation of advanced Machine Learning (ML) and Deep Learning (DL) algorithms for detecting Distributed Denial of Service (DDoS) attacks within 5th Generation (5G) telecommunications networks. As 5G technologies expand, the vulnerability of these networks to cyber threats that compromise service integrity increases, necessitating robust detection mechanisms. The primary aim of this research is to develop and validate ML and DL algorithms that effectively detect DDoS attacks within 5G telecommunications networks. These algorithms will leverage real-time data processing to enhance network security protocols and improve resilience against cyber threats. A robust simulated environment using free 5GC and UERANSIM was established to mimic the complex dynamics of 5G networks. This facilitated the controlled testing of various ML and DL models under both normal and attack conditions. The models developed and tested include Bidirectional Encoder Representations from Transformer (BERT), Bidirectional Long Short-Term Memory (BiLSTM), Multilayer Perceptron (MLP), a Custom Convolutional Neural Network (CNN), Random Forest, Support Vector Machine (SVM), and XGBoost. The ensemble model combining Random Forest and XGBoost showed superior performance, making it suitable for the dynamic 5G environment. However, the study also highlights the complications of ensemble models, such as increased computational complexity and resource demands, which may limit their practicality in resource-constrained settings. This thesis addresses a critical research gap by evaluating modern DL techniques, traditional ML models, and ensemble methods within a simulated 5G environment. This comparative analysis helps identify the most effective approach for real-time DDoS detection, balancing accuracy, complexity, and resource efficiency. The findings indicate that the tailored ML, DL and Ensemble models developed are highly effective in detecting DDoS attacks, demonstrating high accuracy and efficiency in real-time threat detection. This highlights the potential for these models to be adapted for real-world applications in modern telecommunications infrastructures. In conclusion, this thesis contributes substantially to the field of cybersecurity in 5G networks by demonstrating that ML and DL models, developed and tested in a sophisticated simulated environment, can significantly enhance network security protocols. These models offer promising approaches to securing emerging telecommunications infrastructures against continuously evolving cyber threats, thus supporting the stability and reliability of 5G networks globally.

5G Telecommunications Networks

DDoS detection

machine learning

deep learning

network security

Simulation-based Analysis

Network Security

Ensemble mechanism

Recurrent Neural Network (RNN)

BERT

BiLSTM

Attack Detection Performance.

Telecommunications

Telekommunikation

A comprehensive approach to enterprise network security management

Homer, John

January 1900

Doctor of Philosophy / Department of Computing and Information Sciences / Xinming (Simon) Ou / Enterprise network security management is a vitally important task, more so now than ever before. Networks grow ever larger and more complex, and corporations, universities, government agencies, etc. rely heavily on the availability of these networks. Security in enterprise networks is constantly threatened by thousands of known software vulnerabilities, with thousands more discovered annually in a wide variety of applications. An overwhelming amount of data is relevant to the ongoing protection of an enterprise network. Previous works have addressed the identification of vulnerabilities in a given network and the aggregated collection of these vulnerabilities in an attack graph, clearly showing how an attacker might gain access to or control over network resources. These works, however, do little to address how to evaluate or properly utilize this information. I have developed a comprehensive approach to enterprise network security management. Compared with previous methods, my approach realizes these issues as a uniform desire for provable mitigation of risk within an enterprise network. Attack graph simplification is used to improve user comprehension of the graph data and to enable more efficient use of the data in risk assessment. A sound and effective quantification of risk within the network produces values that can form a basis for valuation policies necessary for the application of a SAT solving technique. SAT solving resolves policy conflicts and produces an optimal reconfiguration, based on the provided values, which can be verified by a knowledgeable human user for accuracy and applicability within the context of the enterprise network. Empirical study shows the effectiveness and efficiency of these approaches, and also indicates promising directions for improvements to be explored in future works. Overall, this research comprises an important step toward a more automated security management initiative.

Enterprise network security analysis

Risk assessment

Attack Graph

Security metric

Computer Science (0984)

A novel intrusion detection system (IDS) architecture : attack detection based on snort for multistage attack scenarios in a multi-cores environment

Pagna Disso, Jules Ferdinand

January 2010

Recent research has indicated that although security systems are developing, illegal intrusion to computers is on the rise. The research conducted here illustrates that improving intrusion detection and prevention methods is fundamental for improving the overall security of systems. This research includes the design of a novel Intrusion Detection System (IDS) which identifies four levels of visibility of attacks. Two major areas of security concern were identified: speed and volume of attacks; and complexity of multistage attacks. Hence, the Multistage Intrusion Detection and Prevention System (MIDaPS) that is designed here is made of two fundamental elements: a multistage attack engine that heavily depends on attack trees and a Denial of Service Engine. MIDaPS were tested and found to improve current intrusion detection and processing performances. After an intensive literature review, over 25 GB of data was collected on honeynets. This was then used to analyse the complexity of attacks in a series of experiments. Statistical and analytic methods were used to design the novel MIDaPS. Key findings indicate that an attack needs to be protected at 4 different levels. Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use legitimate actions, MIDaPS uses a novel approach of attack trees to trace the attacker's actions. MIDaPS was tested and results suggest an improvement to current system performance by 84% whilst detecting DDOS attacks within 10 minutes.

004

Exploiting Rogue Signals to Attack Trust-based Cooperative Spectrum Sensing in Cognitive Radio Networks

Jackson, David

29 April 2013

Cognitive radios are currently presented as the solution to the ever-increasing spectrum shortage problem. However, their increased capabilities over traditional radios introduce a new dimension of security threats. Cooperative Spectrum Sensing (CSS) has been proposed as a means to protect cognitive radio networks from the well known security threats: Primary User Emulation (PUE) and Spectrum Sensing Data Falsification (SSDF). I demonstrate a new threat to trust-based CSS protocols, called the Rogue Signal Framing (RSF) intrusion. Rogue signals can be exploited to create the illusion of malicious sensors which leads to the framing of innocent sensors and consequently, their removal from the shared spectrum sensing. Ultimately, with fewer sensors working together, the spectrum sensing is less robust for making correct spectrum access decisions. The simulation experiments illustrate the impact of RSF intrusions which, in severe cases, shows roughly 40\% of sensors removed. To mitigate the RSF intrusion's damage to the network's trust, I introduce a new defense based on community detection from analyzing the network's Received Signal Strength (RSS) diversity. Tests show a 95\% damage reduction in terms of removed sensors from the shared spectrum sensing, thus retaining the benefits of CSS protocols.

Cognitive Radio

Cooperative Spectrum Sensing

Reputation Scheme

Rogue Signal

Wireless Network Security

Computer Sciences

Physical Sciences and Mathematics

Handling uncertainty in intrusion analysis

Zomlot, Loai M. M.

January 1900

Doctor of Philosophy / Department of Computing and Information Sciences / Xinming Ou / Intrusion analysis, i.e., the process of combing through Intrusion Detection System (IDS) alerts and audit logs to identify true successful and attempted attacks, remains a difficult problem in practical network security defense. The primary cause of this problem is the high false positive rate in IDS system sensors used to detect malicious activity. This high false positive rate is attributed to an inability to differentiate nearly certain attacks from those that are merely possible. This inefficacy has created high uncertainty in intrusion analysis and consequently causing an overwhelming amount of work for security analysts. As a solution, practitioners typically resort to a specific IDS-rules set that precisely captures specific attacks. However, this results in failure to discern other forms of the targeted attack because an attack’s polymorphism reflects human intelligence. Alternatively, the addition of generic rules so that an activity with remote indication of an attack will trigger an alert, requires the security analyst to discern true alerts from a multitude of false alerts, thus perpetuating the original problem. The perpetuity of this trade-off issue is a dilemma that has puzzled the cyber-security community for years. A solution to this dilemma includes reducing uncertainty in intrusion analysis by making IDS-nearly-certain alerts prominently discernible. Therefore, I propose alerts prioritization, which can be attained by integrating multiple methods. I use IDS alerts correlation by building attack scenarios in a ground-up manner. In addition, I use Dempster-Shafer Theory (DST), a non-traditional theory to quantify uncertainty, and I propose a new method for fusing non-independent alerts in an attack scenario. Finally, I propose usage of semi-supervised learning to capture an organization’s contextual knowledge, consequently improving prioritization. Evaluation of these approaches was conducted using multiple datasets. Evaluation results strongly indicate that the ranking provided by the approaches gives good prioritization of IDS alerts based on their likelihood of indicating true attacks.

Enterprise network security

Intrusion detection and analysis

Machine learning

Reason about uncertainty

Dempster-Shafer Theory

Computer Science (0984)

Protocolo de comunicação segura para plataforma de distribuição de vídeo em redes sobrepostas. / Protocol of secure communication for video distribution platform on overlay networks.

Pimentel, Hélcio Machado

07 July 2011

As redes de distribuição de vídeo têm sido amplamente utilizadas na atualidade pela Internet. O sucesso de Portais de Vídeo evidencia tal uso. Por poderem ser redes de grande porte, há uma grande preocupação com as vulnerabilidades existentes nessas redes. A comunicação de seus elementos deve ser segura o bastante para garantir a disponibilidade, o sigilo e integridade de suas mensagens e a autenticidade dos seus elementos. Este trabalho apresenta um protocolo de comunicação segura que busca atender a tais necessidades de uma maneira eficiente - pois consegue atender aos requisitos de desempenho na entrega do conteúdo aos usuários - e genérica - pois pode ser utilizado em outras plataformas de distribuição. A validação do trabalho é feita de maneira a mostrar que a proposta consegue atender aos requisitos de um sistema de distribuição de vídeo seguro. / Video delivery network has been widely used across the Internet nowadays. The success of Video Portals is an evidence of this use. Due to its potential to turn into large infrastructures, there is a concern about its vulnerabilities. The communication among its elements must be secure enough to guarantee the availability, the secrecy and integrity of messages and the authenticity of its elements. We present in this work a secure communication protocol to meet such requisites in an efficient - since it meets the performance requisites for delivering the content to the users - and generic way - because it can be used by other distribution systems. The validity of this work is done in order to show that this proposal can meet the requisites of a secure video delivery system.

Communication Protocol

Distributed Systems

Network Security

Protocolos de Comunicação

Segurança em Redes

Sistemas Distribuídos

Vídeo (Distribuição)

Video (Distribution)

Parametrização e otimização de criptografia de curvas elípticas amigáveis a emparelhamentos. / Parameterization and optmization of pairing-friendly elliptic curves.

Pereira, Geovandro Carlos Crepaldi Firmino

27 April 2011

A tendência para o futuro da tecnologia é a produção de dispositivos eletrônicos e de computação cada vez menores. Em curto e médio prazos, ainda há poucos recursos de memória e processamento neste ambiente. A longo prazo, conforme a Física, a Química e a Microeletrônica se desenvolvem, constata-se significativo aumento na capacidade de tais dispositivos. No intervalo de curto e médio prazos, entre 20 e 50 anos, até que a tecnologia tenha avanços, soluções leves de software se vêem necessárias. No Brasil, o protocolo de assinatura digital RSA é o mais amplamente adotado, sendo obsolescente como padrão. O problema é que os avanços tecnológicos impõem um aumento considerável no tamanho das chaves criptográficas para que se mantenha um nível de segurança adequado, resultando efeitos indesejáveis em tempo de processamento, largura de banda e armazenamento. Como solução imediata, temos a criptografia de curvas elípticas sendo mais adequada para utilização por órgãos públicos e empresas. Dentro do estudo de curvas elípticas, este trabalho contribui especificamente com a introdução de uma nova subfamília das curvas amigáveis a emparelhamento Barreto-Naehrig (BN). A subfamília proposta tem uma descrição computacionalmente simples, tornando-a capaz de oferecer oportunidades de implementação eficiente. A escolha das curvas BN também se baseia no fato de possibilitarem uma larga faixa de níveis práticos de segurança. A partir da subfamília introduzida foram feitas algumas implementações práticas começando com algoritmos mais básicos de operações em corpos de extensão, passando por algoritmos de aritmética elíptica e concluindo com o cálculo da função de emparelhamento. A combinação da nova subfamília BN com a adoção de técnicas de otimização, cuidadosamente escolhidas, permitiu a mais eficiente implementação do emparelhamento Ate ótimo, operação bastante útil em aplicações criptográficas práticas. / The trend for the future consists of steadfast shrinking of electrical and computing devices. In the short to medium term, one will still find constrained storage and processing resources in that environment. In the long run, as Physics, Chemistry and Microelectronics progress, the capabilities of such devices are likely to increase. In 20 to 50 years from now, until technology has firm advances, lightweight software solutions will be needed. In Brazil, the most widely adopted signature protocol, the RSA scheme, is obsolescent as a standard. The problem is that technological advances impose a considerable increase in cryptographic key sizes in order to maintain a suitable security level, bringing about undesirable effects in processing time, bandwidth occupation and storage requirements. As an immediate solution, we have the Elliptic Curve Cryptography which is more suitable for utilization in public agencies and industry. In the field of elliptic curves, this work contributes specifically with the introduction of a new subfamily of the pairing-friendly Barreto-Naehrig (BN) curves. The proposed subfamily has a computationally simple description, and makes it able to offer opportunities for efficient implementation. The choice of the BN curves is also based on the fact that they allow a range of practical security levels. Furthermore, there were made practical implementations from the introduced subfamily, like the most basic extension fields algorithms, elliptic curve arithmetic and pairing computation. The adoption of the new BN subfamily with carefully chosen optimization techniques allowed the most efficient implementation of the optimal Ate pairing, which is a very useful operation in many practical cryptographic applications.

Algebraic curves

Algorithms

Algoritmos

Bilinear pairings

Corpos finitos

Criptologia

Cryptology

Curvas algébricas

Emparelhamentos bilineares

Finite fields

Network security

Segurança de redes