Understanding Information Security Culture in an Organization: An Interpretive Case Study

Bess, Donald Arlo

01 January 2012

Information systems are considered to be a critical and strategic part of most organizations today. Because of this it has become increasingly important to ensure that there is an effective information security program in place protecting those information systems. It has been well established by researchers that the success of an information security program is heavily dependent upon the actions of the organizational members that interact with the information security program. Because of the interaction between people and the information security program an appropriate information security culture is required to effectively influence and control the actions of the members within that organization. While the importance of an information security culture has been well established by researchers there has been little research conducted to date that assist in understanding and managing information security culture within organizations. To expand the body of knowledge in this area this study will explore the information security culture of a large organization using interpretive case study methodology. The use of semi-structured interviews to collect data has allowed the researcher to report back their interpretation of shared meanings, consciousness, language and artifacts observed while at the research site. Structuration theory was applied as a theoretical lens with which to better understand information security culture and explore ways in which organizations can better understand and manage information security culture. We found structures of signification and legitimacy were the most influential on employee's behavior towards information security. While the structure of domination exerted minimal influence over employee's behavior. This research study contributes to the existing body of knowledge regarding information security culture by examining the role of structural properties exhibited within information security culture. Structural properties of information security culture have not been adequately considered within the existing literature. By expanding our understanding of the role of social structures such as systems of meaning, power and legitimacy on information security culture researchers will have a deeper understanding of this phenomena call information security culture. This will enable us to better understand how to develop and manage an appropriate information security culture.

Information Security Culture

Computer Sciences

Extracting Windows event logs using memory forensics

Veca, Matthew

18 December 2015

Abstract Microsoft’s Windows Operating System provides a logging service that collects, filters and stores event messages from the kernel and applications into log files (.evt and .evtx). Volatility, the leading open source advanced memory forensic suite, currently allows users to extract these events from memory dumps of Windows XP and Windows 2003 machines. Currently there is no support for users to extract the event logs (.evtx) from Windows Vista, Win7 or Win8 memory dumps, and Volatility users have to rely on outside software in order to do this. This thesis discusses a newly developed evtxlogs.py plugin for Volatility, which allows users the same functionality with Windows Vista, Win7 and Win8 that they had with Windows XP and Win 2003’s evtlogs.py plugin. The plugin is based on existing mechanisms for parsing Windows Vista-format event logs, but adds fully integrated support for these logs to Volatility.

evtx

Volatility

evtxlogs.py

Information Security

IP Communication in Wireless Sensor Networks : Security Aspects to be Considered when Implementing 6LoWPAN

Höglund, Eja

January 2016

This paper has covered some security aspects to consider when deploying 6LoWPAN in wireless sensor networks. The issues mentioned in this paper revolve around encryption and authentication methods as well as key distribution mechanism. Security features at the link and network layer have been evaluated and the conclusion is that both do provide with good security but it is not always sufficient. For example, hop-by-hop security at the link layer could be really strong if you are in control of all links between source and destination, however, when transmitting data over the Internet this is rarely the case. As an alternative the network layer provide with an end-to-end solution with a compressed version of IPsec, but due to insufficient models for key distribution the keys are required to be distributed manually. This means that there is no support for asymmetric keys in a wireless sensor network at the time, but further research might solve these issues.

6LoWPAN

wireless

sensor networks

security

Nové přístupy v oblasti kryptologie: využití biologického materiálu / New approaches in a field of cryptology: using a biological material

Jeřábková, Kamila

January 2010

Biological cryptology, a new branch of cryptology combines computer science and chemistry together. It uses biological molecules, such as DNA, RNA, PNA or proteins, or it is inspired by biological principles happening in living cells. Biological cryptology is still in the development stage, so the goal of my Master thesis is to describe existing biological cryptologic methods and to draw interest in this new field. Thus the first chapter states advantages of biological cryptology. Then three big chapters follow afterwards, describing chemical background, DNA computing and the most importantly a field of DNA cryptology. In the last chapter I summarized drawbacks which turned up while I was studying those methods and which need to be handled before biological cryptology moves from labs into our normal lives.

Estimation of retirement adequacy targets for one- and two-adult households from official South African data

Butler, Megan

23 February 2012

M.Sc., Faculty of Science, University of the Witwatersrand, 2011 / Retirement adequacy targets provide an indication as to how much wealth is needed at retirement to provide for an adequate retirement income. These targets have design and strategy implications for social security systems and retirement funds and can be used by individuals to assess their preparedness for retirement. The primary aim of this research was to estimate retirement adequacy targets for one- and two-adult households from Statistics South Africa’s Income and Expenditure Survey 2005/2006. Retirement adequacy targets were expressed as wealth-earnings ratios, defined as the multiple of salary at retirement required for a comfortably adequate retirement. The targets would be sufficient to provide for the higher of the preretirement lifestyle or subsistence living. An important subsidiary aim was to examine consumption behaviour at and in retirement. Non-healthcare consumption was not found to change at retirement if income levels remained at pre-retirement levels. For certain households, healthcare expenditure may increase on retirement and may be funded from the contributions to retirement savings that are no longer required in retirement. The retirement adequacy targets decreased with retirement age but there was not a clear relationship between retirement savings rates and the targets. Retirement adequacy targets decreased with income but were complex functions of household composition, sex of the head of the household, type of settlement, age, home ownership and the retirement savings rate. Where household members retired at different times, the earnings of the younger person during the semi-retirement phase reduced the targets substantially. The retirement adequacy targets estimated implied that the replacement ratio targets used by retirement funds and those suggested in the literature would not provide an adequate retirement income for most households. The results may thus have a significant impact on retirement planning in the future.

Pensions

Social security

Wealth

Retirement

Perception of employees concerning information security policy compliance : case studies of a European and South African university

Lububu, Steven

January 2018

Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2018. / This study recognises that, regardless of information security policies, information about institutions continues to be leaked due to the lack of employee compliance. The problem is that information leakages have serious consequences for institutions, especially those that rely on information for its sustainability, functionality and competitiveness. As such, institutions ensure that information about their processes, activities and services are secured, which they do through enforcement and compliance of policies. The aim of this study is to explore the extent of non-compliance with information security policy in an institution. The study followed an interpretive, qualitative case study approach to understand the meaningful characteristics of the actual situations of security breaches in institutions. Qualitative data was collected from two universities, using semi-structured interviews, with 17 participants. Two departments were selected: Human Resources and the Administrative office. These two departments were selected based on the following criteria: they both play key roles within an institution, they maintain and improve the university’s policies, and both departments manage and keep confidential university information (Human Resources transects and keeps employees’ information, whilst the Administrative office manages students’ records). This study used structuration theory as a lens to view and interpret the data. The qualitative content analysis was used to analyse documentation, such as brochures and information obtained from the websites of the case study’s universities. The documentation was then further used to support the data from the interviews. The findings revealed some factors that influence non-compliance with regards to information security policy, such as a lack of leadership skills, favouritism, fraud, corruption, insufficiency of infrastructure, lack of security education and miscommunication. In the context of this study, these factors have severe consequences on an institution, such as the loss of the institution’s credibility or the institution’s closure. Recommendations for further study are also made available.

Computer security

Computer networks -- Security measures

Data protection

Behavioural monitoring via network communications

Alotibi, Gaseb

January 2017

It is commonly acknowledged that using Internet applications is an integral part of an individual’s everyday life, with more than three billion users now using Internet services across the world; and this number is growing every year. Unfortunately, with this rise in Internet use comes an increasing rise in cyber-related crime. Whilst significant effort has been expended on protecting systems from outside attack, only more recently have researchers sought to develop countermeasures against insider attack. However, for an organisation, the detection of an attack is merely the start of a process that requires them to investigate and attribute the attack to an individual (or group of individuals). The investigation of an attack typically revolves around the analysis of network traffic, in order to better understand the nature of the traffic flows and importantly resolves this to an IP address of the insider. However, with mobile computing and Dynamic Host Control Protocol (DHCP), which results in Internet Protocol (IP) addresses changing frequently, it is particularly challenging to resolve the traffic back to a specific individual. The thesis explores the feasibility of profiling network traffic in a biometric-manner in order to be able to identify users independently of the IP address. In order to maintain privacy and the issue of encryption (which exists on an increasing volume of network traffic), the proposed approach utilises data derived only from the metadata of packets, not the payload. The research proposed a novel feature extraction approach focussed upon extracting user-oriented application-level features from the wider network traffic. An investigation across nine of the most common web applications (Facebook, Twitter, YouTube, Dropbox, Google, Outlook, Skype, BBC and Wikipedia) was undertaken to determine whether such high-level features could be derived from the low-level network signals. The results showed that whilst some user interactions were not possible to extract due to the complexities of the resulting web application, a majority of them were. Having developed a feature extraction process that focussed more upon the user, rather than machine-to-machine traffic, the research sought to use this information to determine whether a behavioural profile could be developed to enable identification of the users. Network traffic of 27 users over 2 months was collected and processed using the aforementioned feature extraction process. Over 140 million packets were collected and processed into 45 user-level interactions across the nine applications. The results from behavioural profiling showed that the system is capable of identifying users, with an average True Positive Identification Rate (TPIR) in the top three applications of 87.4%, 75% and 61.9% respectively. Whilst the initial study provided some encouraging results, the research continued to develop further refinements which could improve the performance. Two techniques were applied, fusion and timeline analysis techniques. The former approach sought to fuse the output of the classification stage to better incorporate and manage the variability of the classification and resulting decision phases of the biometric system. The latter approach sought to capitalise on the fact that whilst the IP address is not reliable over a period of time due to reallocation, over shorter timeframes (e.g. a few minutes) it is likely to reliable and map to the same user. The results for fusion across the top three applications were 93.3%, 82.5% and 68.9%. The overall performance adding in the timeline analysis (with a 240 second time window) on average across all applications was 72.1%. Whilst in terms of biometric identification in the normal sense, 72.1% is not outstanding, its use within this problem of attributing misuse to an individual provides the investigator with an enormous advantage over existing approaches. At best, it will provide him with a user’s specific traffic and at worst allow them to significantly reduce the volume of traffic to be analysed.

004.6

On forging ElGamal signature and other attacks.

January 2000

by Chan Hing Che. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2000. / Includes bibliographical references (leaves 59-[61]). / Abstracts in English and Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Background --- p.8 / Chapter 2.1 --- Abstract Algebra --- p.8 / Chapter 2.1.1 --- Group --- p.9 / Chapter 2.1.2 --- Ring --- p.10 / Chapter 2.1.3 --- Field --- p.11 / Chapter 2.1.4 --- Useful Theorems in Number Theory --- p.12 / Chapter 2.2 --- Discrete Logarithm --- p.13 / Chapter 2.3 --- Solving Discrete Logarithm --- p.14 / Chapter 2.3.1 --- Exhaustive Search --- p.14 / Chapter 2.3.2 --- Baby Step Giant Step --- p.15 / Chapter 2.3.3 --- Pollard's rho --- p.16 / Chapter 2.3.4 --- Pohlig-Hellman --- p.18 / Chapter 2.3.5 --- Index Calculus --- p.23 / Chapter 3 --- Forging ElGamal Signature --- p.26 / Chapter 3.1 --- ElGamal Signature Scheme --- p.26 / Chapter 3.2 --- ElGamal signature without hash function --- p.29 / Chapter 3.3 --- Security of ElGamal signature scheme --- p.32 / Chapter 3.4 --- Bleichenbacher's Attack --- p.34 / Chapter 3.4.1 --- Constructing trapdoor --- p.36 / Chapter 3.5 --- Extension to Bleichenbacher's attack --- p.37 / Chapter 3.5.1 --- Attack on variation 3 --- p.38 / Chapter 3.5.2 --- Attack on variation 5 --- p.39 / Chapter 3.5.3 --- Attack on variation 6 --- p.39 / Chapter 3.6 --- Digital Signature Standard(DSS) --- p.40 / Chapter 4 --- Quadratic Field Sieve --- p.47 / Chapter 4.1 --- Quadratic Field --- p.47 / Chapter 4.1.1 --- Integers of Quadratic Field --- p.48 / Chapter 4.1.2 --- Primes in Quadratic Field --- p.49 / Chapter 4.2 --- Number Field Sieve --- p.50 / Chapter 4.3 --- Solving Sparse Linear Equations Over Finite Fields --- p.53 / Chapter 4.3.1 --- Lanczos and conjugate gradient methods --- p.53 / Chapter 4.3.2 --- Structured Gaussian Elimination --- p.54 / Chapter 4.3.3 --- Wiedemann Algorithm --- p.55 / Chapter 5 --- Conclusion --- p.57 / Bibliography --- p.59

Digital signatures

Computer security

Logarithms

Combating rotation, dilation and translation in digital watermarking.

January 2000

by Yeung Siu Wai. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2000. / Includes bibliographical references (leaves 59-[62]). / Abstracts in English and Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Background --- p.4 / Chapter 2.1 --- Properties of a digital watermarking system --- p.5 / Chapter 2.2 --- Digital watermarking in still images: Spatial-domain vs Frequency- domain --- p.7 / Chapter 2.3 --- Capacity in digital watermarking --- p.8 / Chapter 3 --- A watermarking system --- p.10 / Chapter 3.1 --- Implementation of a watermarking system --- p.10 / Chapter 3.1.1 --- Embedding watermark --- p.11 / Chapter 3.1.2 --- Detecting watermark --- p.14 / Chapter 3.2 --- Robustness testing on the watermarking system --- p.18 / Chapter 3.3 --- Geometric attacks to the watermark system --- p.18 / Chapter 3.3.1 --- "The three distortions: Translation, Dilation and Rotation" --- p.19 / Chapter 3.3.2 --- The commutative property of rotation and dilation --- p.25 / Chapter 3.3.3 --- Implementation of geometric transform --- p.25 / Chapter 4 --- General Defense on Geometric Distortions --- p.28 / Chapter 4.1 --- Special designed watermark --- p.29 / Chapter 4.1.1 --- Ring-shaped watermark --- p.29 / Chapter 4.1.2 --- Phase Taylor invariance --- p.30 / Chapter 4.1.3 --- "Rotation, dilation and translation invariant watermark" --- p.31 / Chapter 4.2 --- Distortion detection --- p.34 / Chapter 4.2.1 --- Brute-force method --- p.35 / Chapter 4.2.2 --- Interactive method --- p.37 / Chapter 5 --- Specific Defense in Geometric Distortions - Phase angle com- parison --- p.43 / Chapter 5.1 --- Translation Detection --- p.44 / Chapter 5.2 --- Dilation Detection --- p.46 / Chapter 5.3 --- Rotation Detection --- p.49 / Chapter 6 --- Further work --- p.54 / Chapter 6.1 --- Large scale distortion detection --- p.54 / Chapter 6.2 --- Mixed geometric distortions --- p.55 / Chapter 7 --- Conclusion --- p.57 / Bibliography --- p.59

Computer security

Watermarks--Data processing

Transmit design optimization for wireless physical layer security. / CUHK electronic theses & dissertations collection

January 2012

在信息傳輸過程中如何保證信息的安全性是通信中的重要問題之一。目前常用的保密傳輸方式是基於密鑰的加密技術，但是隨著現代無線通信網絡的發展和計算資源的不斷豐富，基於密鑰的技術在無線網絡中的應用正面臨着巨大挑戰。這些挑戰一方面來自於無線介質的開放性使得竊聽更為容易，另一方面由於動態無線網絡和自組織無線網絡的發展使得密鑰的發布和管理更為困難。因此，為解決密鑰技術所面臨的挑戰，基於物理層的保密傳輸技術研究在近些年受到了很大關注。該技術最早在七十年代由Wyner 提出，其核心思想是利用無線信道的隨機性和目標用戶與竊聽者間無線信道容量的差異，通過對發射信號進行編碼設計使得目標用戶能正確解碼信息但竊聽者卻不能。該技術的關鍵問題之一是如何對發射信號進行設計從而提高保密信息的傳輸速率（或保密容量）。本論文的主要工作即是以此出發，旨在研究不同通信場景下最優化發射信號的設計，具體而言，本論文主要研究了以下場景下的最優發射信號設計： / 本論文的第一部分考慮一個多天線的發射機傳輸保密信息給一個單天線的目標用戶，同時有多個多天線的偷聽者在偷聽的場景。我們的目標是設計最優化發射信號使得保密信息傳輸速率最大化。該優化問題的難點在於保密信息速率函數是發射信號的一個非凸函數，因而很難求解到全局最優解。我們通過運用凸鬆弛技術證明這個非凸優化問題的全局最優解可以由它的凸鬆弛問題得到，並且我們證明了最優化的發射信號方案是採用波束聚焦。以上結論在發射機完全知道和部分知道接收機的信道信息時均成立。 / 本論文的第二部分是在第一部分的基礎上考慮在發射信號中加入人為噪聲以輔助保密信息的傳輸。具體而言，發射機可以分配部分功率來發射人為噪聲以達到干擾竊聽者的接收的目的。儘管在現有很多研究中已經證明了這種人為噪聲輔助的發射方式可有效提高保密信息傳輸速率，但是如何對保密信號和人為噪聲進行聯合優化設計使得保密傳輸速率最大化的問題一直未能有效解決。在本論文中，我們給出了一種保密信號和人為噪聲聯合最優化的求解方案。該方案是基於優化理論中的半正定規劃算法來獲得全局最優解，並且該算法在發射機完全知道和部分知道接收機信道信息時均適用。 / 本論文的第三部分主要考慮的是發射機、目標用戶和偷聽者均是多天線情況下，最大化保密信息容量的發射信號設計問題。該優化問題可以看作是之前單天線目標用戶的一個推廣，但較之前的最優信號設計問題更加具有挑戰性。在目前已知的工作中，該優化問題還沒有一個有效的多項式時間算法能求解到全局最優解。這裡，我們提出了一種基於交替優化算法的發射信號設計方案來獲得（局部）最優發射信號設計。我們證明該交替優化算法可以通過迭代注水算法來實現，因而具有很低的複雜度，並且該算法可以保證收斂到原最優化問題的穩定點，因而可以在多數情況下獲得（局部）最優解。同時在該部分，我們也研究了在發射機部分知道信道信息狀態時魯棒性發射信號的設計問題，並給出了基於交替優化算法的魯棒發射信號設計。 / 除以上提到的主要結果，本論文還考慮了多播保密信息速率最優化發射信號設計，和具有中斷概率約束的保密信息速率最優化發射信號的設計。 / Security is one of the most important issues in communications. Conventional techniques for achieving confidentiality in communication networks are based on cryptographic encryption. However, for wireless networks, this technique is faced with more challenges due to the open nature of the wireless medium as well as the dynamic topology of mobile networks. In the 1970's, Wyner proposed a physical layer-based approach to achieve perfectly secure communication without using encryption. One of the key problems of Wyner's approach is how to optimally design the transmit signal such that a high secrecy rate (i.e., the data rate at which the confidential information can be securely transmitted) can be achieved. In our work, we aim to solve this transmit signal optimization problem under various scenarios using convex optimization techniques. Specifically, the thesis consists of the following three main parts: / In the first part, we consider a multi-input single-output (MISO) scenario, where a multi-antenna transmitter sends confidential information to a singleantenna legitimate receiver, in the presence of multiple multi-antenna eavesdroppers. Our goal is to maximize an achievable secrecy rate by appropriately designing the transmit signal. The challenge of this secrecy rate maximization (SRM) problem is that it is a nonconvex optimization problem by nature. We show, by convex relaxation, that this seemingly nonconvex SRM problem admits a convex equivalent under both perfect and imperfect channel state information (CSI) cases. Our result also indicates that transmit beamforming is an optimal transmit strategy, irrespective of the number of eavesdroppers and the number of antennas employed by each eavesdropper. This provides a useful design guideline for practical implementations. / In the second part, we consider a scenario where the transmitter is able to simultaneously generate artificial noise (AN) to interfere the eavesdroppers during the transmission of the confidential message. While the efficacy of AN in improving the system security has been demonstrated in many existing works, how to jointly optimize the AN and the transmit signal is still an unsolved problem. In this part, we solve this AN-aided SRM problem under the same scenario as the first part, and give an efficient, semidefinite program (SDP)- based line search approach to obtain an optimal transmit signal and AN design under both perfect and imperfect-CSI situations. / In the last part, we consider a secrecy capacity maximization (SCM) problem for a multi-input multi-output (MIMO) scenario, where the legitimate receiver and the eavesdropper are both equipped with multiple antennas. This MIMOSCM problem is a generalization of the previous MISO-SRM problems. So far there is no known efficient algorithm to solve this problem in a global optimal manner. Herein, we propose an alternating optimization algorithm to tackle the SCM problem. The proposed algorithm has a nice iterative water-filling interpretation and is guaranteed to converge to a stationary solution of the MIMO-SCM problem. Extensions to robust SCM are also investigated in this part. / Besides the above three main results, this thesis also developed some approximate solutions to the multicast SRM of multiple MISO legitimate channels overheard by multiple MIMO eavesdroppers, and to the outage-constrained SRM of an MISO legitimate channel overheard by multiple MISO eavesdroppers. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Li, Qiang. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2012. / Includes bibliographical references. / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstract also in Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Contributions of This Thesis --- p.3 / Chapter 1.2 --- Organization of This Thesis --- p.5 / Chapter 2 --- Fundamentals of Physical-Layer Secrecy --- p.6 / Chapter 2.1 --- Elements of Information Theoretic Security --- p.6 / Chapter 2.2 --- Transmit Design for Physical-layer Secrecy: State-of-the-Art --- p.14 / Chapter 2.2.1 --- MISO Secrecy Capacity Maximization --- p.14 / Chapter 2.2.2 --- MIMO Secrecy Capacity Maximization --- p.17 / Chapter 2.2.3 --- AN-aided Secrecy Rate Maximization --- p.21 / Chapter 2.2.4 --- Secrecy Rate Maximization with Additional Covariance Constraints --- p.24 / Chapter 2.2.5 --- Robust Transmit Design for Physical-Layer Secrecy under Imperfect CSI --- p.28 / Chapter 2.3 --- Summary --- p.36 / Chapter 2.4 --- Appendix: GSVD --- p.37 / Chapter 3 --- MISOMEs Secrecy Rate Maximization --- p.38 / Chapter 3.1 --- System Model and Problem Statement --- p.39 / Chapter 3.1.1 --- System Model --- p.39 / Chapter 3.1.2 --- Problem Statement --- p.40 / Chapter 3.2 --- An SDP Approach to SRM Problem (3.4) --- p.43 / Chapter 3.2.1 --- The Secrecy-Rate Constrained Problem --- p.44 / Chapter 3.2.2 --- The Secrecy-Rate Maximization Problem --- p.46 / Chapter 3.3 --- Secrecy-Rate Optimization with Imperfect CSI --- p.49 / Chapter 3.3.1 --- Robust Secrecy-Rate Problem Formulations --- p.49 / Chapter 3.3.2 --- The Robust Secrecy-Rate Constrained Problem --- p.50 / Chapter 3.3.3 --- The Robust Secrecy-Rate Maximization Problem --- p.53 / Chapter 3.4 --- Simulation Results --- p.55 / Chapter 3.4.1 --- The Perfect CSI Case --- p.56 / Chapter 3.4.2 --- The Imperfect CSI Case --- p.58 / Chapter 3.5 --- Summary --- p.59 / Chapter 3.6 --- Appendix --- p.61 / Chapter 3.6.1 --- Proof of Proposition 3.1 --- p.61 / Chapter 3.6.2 --- Verifying Slater's Constraint Qualification for Problem (3.10) --- p.63 / Chapter 3.6.3 --- Proof of Theorem 3.1 --- p.63 / Chapter 3.6.4 --- Relationship between Super-Eve Design and the Optimal SDP Design --- p.65 / Chapter 3.6.5 --- Proof of Proposition 3.4 --- p.67 / Chapter 3.6.6 --- Proof of Proposition 3.5 --- p.70 / Chapter 3.6.7 --- Worst-case Secrecy Rate Calculation --- p.71 / Chapter 4 --- Multicast Secrecy Rate Maximization --- p.73 / Chapter 4.1 --- System Model and Problem Statement --- p.74 / Chapter 4.2 --- An SDP Approximation to Problem (4.2) --- p.75 / Chapter 4.3 --- Simulation Results --- p.78 / Chapter 4.4 --- Summary --- p.79 / Chapter 4.5 --- Appendix --- p.81 / Chapter 4.5.1 --- Proof of Proposition 4.1 --- p.81 / Chapter 4.5.2 --- Proof of Theorem 4.1 --- p.82 / Chapter 5 --- AN-aided MISOMEs Secrecy Rate Maximization --- p.85 / Chapter 5.1 --- System Model and Problem Statement --- p.86 / Chapter 5.1.1 --- System Model --- p.86 / Chapter 5.1.2 --- Problem Statement --- p.87 / Chapter 5.2 --- An SDP-based Approach to the SRM Problem --- p.89 / Chapter 5.2.1 --- A Tight Relaxation of the SRM Problem (5.4) --- p.90 / Chapter 5.2.2 --- An SDP-based Line Search Method for the Relaxed SRM Problem (5.9) --- p.92 / Chapter 5.3 --- Robust Transmit Design for Worst-Case SRM --- p.94 / Chapter 5.3.1 --- Worst-Case Robust SRM Problem Formulation --- p.95 / Chapter 5.3.2 --- A Tight Relaxation of the WCR-SRM Problem (5.17) --- p.96 / Chapter 5.3.3 --- An SDP-based Line Search Method for the RelaxedWCRSRM Problem (5.23) --- p.98 / Chapter 5.4 --- Robust Transmit Design for Outage SRM --- p.100 / Chapter 5.4.1 --- A Sphere-bounding Safe Approximation to OCR-SRM Problem (5.29) --- p.101 / Chapter 5.5 --- Simulation Results --- p.103 / Chapter 5.5.1 --- The Perfect-CSI Case --- p.104 / Chapter 5.5.2 --- The Imperfect-CSI: Bounded Spherical Uncertainty --- p.105 / Chapter 5.5.3 --- The Imperfect-CSI: Gaussian Random Uncertainty --- p.108 / Chapter 5.6 --- Summary --- p.111 / Chapter 5.7 --- Appendix --- p.112 / Chapter 5.7.1 --- Proof of Proposition 5.1 --- p.112 / Chapter 5.7.2 --- Proof of Theorem 5.1 --- p.114 / Chapter 5.7.3 --- Proof of Theorem 5.2 --- p.117 / Chapter 6 --- Outage Secrecy Rate Maximization for MISOSEs --- p.120 / Chapter 6.1 --- System Model and Problem Statement --- p.121 / Chapter 6.2 --- A Bernstein-type Inequality-Based Safe Approximation to Problem (6.2) --- p.122 / Chapter 6.3 --- Simulation Results --- p.127 / Chapter 6.4 --- Summary --- p.128 / Chapter 6.5 --- Appendix --- p.129 / Chapter 6.5.1 --- Proof of Lemma 6.1 --- p.129 / Chapter 6.5.2 --- Proof of Proposition 6.1 --- p.130 / Chapter 7 --- MIMOME Secrecy Rate Maximization --- p.134 / Chapter 7.1 --- An Alternating Optimization Approach to the MIMO-SCM Problem (7.1) --- p.135 / Chapter 7.2 --- An Alternating Optimization Approach to theWorst-case MIMOSCM Problem --- p.140 / Chapter 7.3 --- An Alternating Optimization Approach to the Outageconstrained SCM --- p.142 / Chapter 7.4 --- Simulation Results --- p.145 / Chapter 7.4.1 --- The Perfect CSI Case --- p.146 / Chapter 7.4.2 --- The Imperfect CSI case --- p.149 / Chapter 7.5 --- Summary --- p.150 / Chapter 7.6 --- Appendix --- p.153 / Chapter 7.6.1 --- Proof of Proposition 7.1 --- p.153 / Chapter 7.6.2 --- Proof of the monotonicity of Tr(W? ) w.r.t. --- p.154 / Chapter 7.6.3 --- Proof of Proposition 7.2 --- p.155 / Chapter 8 --- Conclusion --- p.157 / Chapter 8.1 --- Summary --- p.157 / Chapter 8.2 --- Future Directions --- p.158 / Bibliography --- p.161