Capacidade de sigilo e indisponibilidade de sigilo em sistemas MIMOME / Secrecy capacity and secrecy outage probability in MIMOME systems

Guerreiro, André Saito, 1986-

25 August 2018

Orientador: Gustavo Fraidenraich / Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-25T15:23:35Z (GMT). No. of bitstreams: 1 Guerreiro_AndreSaito_M.pdf: 2368603 bytes, checksum: 297e17dce61316c0a4184fc3db28066c (MD5) Previous issue date: 2014 / Resumo: Neste trabalho, considera-se a transmissão de mensagem confidencial em um canal sem fio em que transmissor, receptor e escuta possuem múltiplas antenas. O trabalho divide-se em duas partes. Na primeira parte analisamos a capacidade de sigilo ergódica e a probabilidade de indisponibilidade de sigilo para os cenários em que o canal é ergódico e não ergódico respectivamente, ambos na presença de desvanecimento estacionário com distribuição Rayleigh e considerando conhecimento do estado do canal (CSI) no receptor e na escuta. No cenário ergódico, deriva-se uma nova expressão fechada para a capacidade ergódica de sistemas em que há conhecimento do estado do canal no transmissor (CSIT) do canal principal e do canal de escuta, no qual permite-se que matriz covariância varie no tempo. Também deriva-se um limite inferior para capacidade de sigilo com CSIT, no qual a matriz covariância é fixa no período de transmissão. A primeira expressão é restrita ao limite da alta relação sinal ruído (SNR), n_t antenas no transmissor, n_r antenas no receptor (n_r > n_t) e n_e=n_t antenas na escuta (arranjo n_t x n_r x n_t). A segunda expressão é restrita ao arranjo de antenas n_t x n_t x n_t e potência do ruído do canal principal e do canal de escuta iguais. No cenário não ergódico, deriva-se uma nova expressão fechada para a probabilidade de indisponibilidade de sigilo no limite da alta SNR, em um arranjo de antenas 2 nr x 2 com n_r > 2. Também calcula-se um limite superior para a probabilidade de indisponibilidade de sigilo para outros arranjos de antena. Na segunda parte, considera-se uma escuta ativa que é capaz de atacar de forma inteligente o processo de estimação de canal. Focando em sistemas de transmissão baseados na decomposição generalizada em valores singulares (GSVD), diferentes técnicas de ataque são propostas e simulações computacionais são utilizadas para avaliar a eficiência de cada uma delas / Abstract: In this thesis, we consider the transmission of confidential information over a multiple-input multiple-output multiple-eavesdropper (MIMOME) wireless channel. The content is largely divided in two. In the first part we analyse the ergodic secrecy capacity and the secrecy outage probability in the ergodic and non-ergodic scenario respectively, both with stationary Rayleigh distributed fading channels and channel state information (CSI) at the receiver and eavesdropper. For the ergodic scenario we derive a new closed-form expression for the ergodic secrecy capacity with channel state information at the transmitter (CSIT) of the main and the eavesdropper channels, allowing the covariance matrix to be time-varying. A lower bound for the ergodic capacity with CSIT, in which the covariance matrix is fixed for the entire transmission period is also derived. The first expression is restricted to the high-SNR limit, with n_t transmit antennas, n_r receive antennas (n_r >= n_t) and n_e=n_t eavesdropper antennas (n_t x n_r x n_t setup). The second expression is restricted to the n_t x n_t x n_t antenna setup and equal noise power at both channels. For the non-ergodic scenario, we derive a new closed-form expression for the secrecy outage probability in the high-SNR limit, in a 2x n_r x 2 setup with n_r \ge 2. We also calculate an upper-bound for the secrecy outage probability in other antenna setups. In the second part we consider an eavesdropper which is able to attack the channel sounding process through intelligent jamming. We focus on transmission systems based on generalized singular value decomposition (GSVD). We propose and analyze, through computer simulations, the efficiency of several attack techniques that intend to disrupt the secret communication between legitimate users / Mestrado / Telecomunicações e Telemática / Mestre em Engenharia Elétrica

Sistemas de comunicação sem fio

Radio - Transmissores e transmissão

Wireless communication systems

Radio - Transmitters and transmission

Malware Behavior = Comportamento de programas maliciosos / Comportamento de programas maliciosos

Grégio, André Ricardo Abed

21 August 2018

Orientadores: Mario Jino, Paulo Licio de Geus / Tese (doutorado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-21T16:40:48Z (GMT). No. of bitstreams: 1 Gregio_AndreRicardoAbed_D.pdf: 5158672 bytes, checksum: 12a24da95543bac78fd3f047f7415314 (MD5) Previous issue date: 2012 / Resumo: Ataques envolvendo programas maliciosos (malware) s~ao a grande ameaça atual _a segurança de sistemas. Assim, a motivação desta tese _e estudar o comportamento de malware e como este pode ser utilizado para fins de defesa. O principal mecanismo utilizado para defesa contra malware _e o antivírus (AV). Embora seu propósito seja detectar (e remover) programas maliciosos de máquinas infectadas, os resultados desta detecção provêem, para usuários e analistas, informações insuficientes sobre o processo de infecção realizado pelo malware. Além disso, não há um padrão de esquema de nomenclatura para atribuir, de maneira consistente, nomes de identificação para exemplares de malware detectados, tornando difícil a sua classificação. De modo a prover um esquema de nomenclatura para malware e melhorar a qualidade dos resultados produzidos por sistemas de análise dinâmica de malware, propõe-se, nesta tese, uma taxonomia de malware com base nos comportamentos potencialmente perigosos observados durante vários anos de análise de exemplares encontrados em campo. A meta principal desta taxonomia _e ser clara, de simples manutenção e extensão, e englobar tipos gerais de malware (worms, bots, spyware). A taxonomia proposta introduz quatro classes e seus respectivos comportamentos de alto nível, os quais representam atividades potencialmente perigosas. Para avaliá-la, foram utilizados mais de 12 mil exemplares únicos de malware pertencentes a diferentes classes (atribuídas por antivírus). Outras contribuições provenientes desta tese incluem um breve histórico dos programas maliciosos e um levantamento das taxonomias que tratam de tipos específicos de malware; o desenvolvimento de um sistema de análise dinâmica para extrair pefis comportamentais de malware; a especializa- _c~ao da taxonomia para lidar com exemplares de malware que roubam informações (stealers), conhecidos como bankers, a implementação de ferramentas de visualização para interagir com traços de execução de malware e, finalmente, a introdução de uma técnica de agrupamento baseada nos valores escritos por malware na memória e nos registradores / Abstract: Attacks involving malicious software (malware) are the major current threats to systems security. The motivation behind this thesis is to study malware behavior with that purpose. The main mechanism used for defending against malware is the antivirus (AV) tool. Although the purpose of an AV is to detect (and remove) malicious programs from infected machines, this detection usually provides insufficient information for users and analysts regarding the malware infection process. Furthermore, there is no standard naming scheme for consistently labeling detected malware, making the malware classification process harder. To provide a meaningful naming scheme, as well as to improve the quality of results produced by dynamic analysis systems, we propose a malware taxonomy based on potentially dangerous behaviors observed during several years of analysis of malware found in the wild. The main goal of the taxonomy is, in addition to being simple to understand, extend and maintain, to embrace general types of malware (e.g., worms, bots, spyware). Our behavior-centric malware taxonomy introduces four classes and their respective high-level behaviors that represent potentially dangerous activities. We applied our taxonomy to more than 12 thousand unique malware samples from different classes (assigned by AV scanners) to show that it is useful to better understand malware infections and to aid in malware-related incident response procedures. Other contributions of our work are: a brief history of malware and a survey of taxonomies that address specific malware types; a dynamic analysis system to extract behavioral profiles from malware; specialization of our taxonomy to handle information stealers known as bankers; proposal of visualization tools to interact with malware execution traces and, finally, a clustering technique based on values that malware writes into memory or registers / Doutorado / Engenharia de Computação / Doutor em Engenharia Elétrica

Software - Segurança

Virus de computador

Classificação

Computer networks - Security measures

Software - Security

Computer virus

Taxonomy

Autenticação de circuitos integrados usando physical unclonable functions / Authentication of integrated circuits using physical unclonable functions

Santana, Marcelo Fontes, 1983-

21 August 2018

Orientadores: Guido Costa Souza de Araújo, Mario Lúcio Côrtes / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-21T20:47:12Z (GMT). No. of bitstreams: 1 Santana_MarceloFontes_M.pdf: 4262688 bytes, checksum: 3e2635e36cd3272eb4bd09c07b05bf63 (MD5) Previous issue date: 2012 / Resumo: O resumo, poderá ser visualizado no texto completo da tese digital / Abstract The abstract is available with the full electronic document / Mestrado / Ciência da Computação / Mestre em Ciência da Computação

Funções físicas inclonáveis

Autenticação (Circuitos integrados)

Variações do processo de fabricação

Par de desafio-resposta

Physical unclonable function

Authentication (Integrated circuits)

Manufacturing process variations

Hardware security measures

Challenge-response pairs

Vers une détection à la source des activités malveillantes dans les clouds publics : application aux attaques de déni de service / Toward a source based detection of malicious activities in public clouds : application to denial of service attacks

Hammi, Badis

29 September 2015

Le cloud computing, solution souple et peu couteuse, est aujourd'hui largement adopté pour la production à grande échelle de services IT. Toutefois, des utilisateurs malveillants tirent parti de ces caractéristiques pour bénéficier d'une plate-forme d'attaque prête à l'emploi dotée d'une puissance colossale. Parmi les plus grands bénéficiaires de cette conversion en vecteur d’attaque, les botclouds sont utilisés pour perpétrer des attaques de déni de service distribuées (DDoS) envers tout tiers connecté à Internet.Si les attaques de ce type, perpétrées par des botnets ont été largement étudiées par le passé, leur mode opératoire et leur contexte de mise en œuvre sont ici différents et nécessitent de nouvelles solutions. Pour ce faire, nous proposons dans le travail de thèse exposé dans ce manuscrit, une approche distribuée pour la détection à la source d'attaques DDoS perpétrées par des machines virtuelles hébergées dans un cloud public. Nous présentons tout d'abord une étude expérimentale qui a consisté à mettre en œuvre deux botclouds dans un environnement de déploiement quasi-réel hébergeant une charge légitime. L’analyse des données collectées permet de déduire des invariants comportementaux qui forment le socle d'un système de détection à base de signature, fondé sur une analyse en composantes principales. Enfin, pour satisfaire au support du facteur d'échelle, nous proposons une solution de distribution de notre détecteur sur la base d'un réseau de recouvrement pair à pair structuré qui forme une architecture hiérarchique d'agrégation décentralisée / Currently, cloud computing is a flexible and cost-effective solution widely adopted for the large-scale production of IT services. However, beyond a main legitimate usage, malicious users take advantage of these features in order to get a ready-to-use attack platform, offering a massive power. Among the greatest beneficiaries of this cloud conversion into an attack support, botclouds are used to perpetrate Distributed Denial of Service (DDoS) attacks toward any third party connected to the Internet.Although such attacks, when perpetrated by botnets, have been extensively studied in the past, their operations and their implementation context are different herein and thus require new solutions. In order to achieve such a goal, we propose in the thesis work presented in this manuscript, a distributed approach for a source-based detection of DDoS attacks perpetrated by virtual machines hosted in a public cloud. Firstly, we present an experimental study that consists in the implementation of two botclouds in a real deployment environment hosting a legitimate workload. The analysis of the collected data allows the deduction of behavioural invariants that form the basis of a signature based detection system. Then, we present in the following a detection system based on the identification of principal components of the deployed botclouds. Finally, in order to deal with the scalability issues, we propose a distributed solution of our detection system, which relies on a mesh peer-to- peer architecture resulting from the overlap of several overlay trees

Informatique dans les nuages

Attaques par déni de service

Expériences

Cloud computing

Computer networks -- Security measures

Denial of service attacks

Experimental approach

005.8

The Relationship Between Level of Security Clearance and Stress in Engineering and Design Personnel

Luce, Lauri D. (Lauri Diane)

05 1900

The present study investigated the relationship between level of security clearance in engineering occupations and stress. A total of 63 male employees in the field of engineering and design with varying levels of security clearance employed by a large Southwestern defense company participated in the study. Data was obtained utilizing the Engineering Stress Questionnaire which measures sources of stress, work locus of control, social support, job difficulty, job characteristics, perceived stress, and demographic variables. T-tests revealed no statistically significant differences between employees with low security clearances and high security clearances with regard to perceived stress level. However, correlational support was found for hypotheses involving social support, job difficulty, job characteristics, sources of stress, and perceived stress. Path analysis was performed to investigate the impact of variable relationships.

security clearance

stress levels

engineering occupations

Engineers -- Job stress.

Service oriented architecture governance tools within information security

Mokgosi, Letlhogonolo

07 June 2012

M.Tech. / Service Oriented Architecture has many advantages. For example, organisations can align business with Information Technology, reuse the developed functionality, reduce development and maintain cost for applications. Organisations adopt Service Oriented Architecture with the aim of automating and integrating business processes. However, it has information security vulnerabilities that should be considered. For example, applications exchange information across the Internet, where it can be tampered with. Information security is therefore one of the crucial qualities that need to be satisfied within information systems. This dissertation addresses the issue of information security within Service Oriented Architecture applications. Some organisations rely on Service Oriented Architecture governance tools when securing information in their Service Oriented Architecture environment. However, they may purchase them without investigating whether they include information security. The aim of this dissertation is to analyse whether these tools include information security. Each tool is benchmarked against the five information security services, defined by the ISO 7498/2 document and including identification and authentication, authorisation, confidentiality, integrity and non-repudiation. The dissertation concludes with a table summarising the results. This dissertation offers decision-makers information that can assist them in analysing whether Service Oriented Architecture governance tools includes information security. It also assists organisations to be aware of security vulnerabilities within Service Oriented Architecture applications, and the consequences that may arise if information security measures are ignored.

Information security

Computer security

Information technology management

Management information systems

Computer networks - Security measures

Computer network architectures

Software architecture

Computer architecture

Smart grid critical information infrastructure protection through multi-agency

Mavee, Sheu Menete Alexandre

30 June 2015

M.Com. (Informatics) / Critical Infrastructure is the term used to describe assets that are of utmost importance, or in other words, essential in the functioning of an environment. Societies depend on their critical infrastructure in order to maintain and continuously improve on their population’s standard of living. The creation of more self-sustainable methods of energy consumption and generation drives towards the creation of a better and more efficient evolution of the power grid critical infrastructure, named the smart grid. The introduction of the smart grid brought in a paradigm shift towards the practices used to manage the generation and distribution of electric power. The introduction of highly capable information systems to intrinsically work with current power grid technologies provided the ability to enhance economic and environmental efficiency of power systems. Although providing a wide variety of benefits, such information systems also created new points of vulnerabilities, which if exploited, place the smart grid at risk of disruptions. In order to address the security issues that occur at the application and data exchange level of smart grid information systems, the dissertation proposed the use of a security model to protect the smart grid. The Multi-Agent Smart Grid Security (MA-SGS) model is based on the use of multiple autonomous intelligent software agents which attempt to create operational stability and efficiency in the smart grid...

Interconnected electric utility systems

Smart power grids

Electric power distribution - Automation

The legal aspects of cybercrime in Nigeria : an analysis with the UK provisions

Ibekwe, Chibuko Raphael

January 2015

Cybercrime offences know no limits to physical geographic boundaries and have continued to create unprecedented issues regarding to the feasibility and legitimacy of applying traditional legislations based on geographic boundaries. These offences also come with procedural issues of enforcement of the existing legislations and continue to subject nations with problems unprecedented to its sovereignty and jurisdictions. This research is a critical study on the legal aspects of cybercrime in Nigeria, which examines how laws and regulations are made and applied in a well-established system to effectively answer questions raised by shortcomings on the implementation of cybercrime legislations, and critically reviews various laws in Nigeria relating or closely related to cybercrime. This research will provide insight into current global cybercrime legislations and the shortfalls to their procedural enforcement; and further bares the cybercrime issues in Nigeria while analysing and proffering a critique to the provisions as provided in the recently enacted Nigerian Cybercrime (Prohibition and Prevention) Act 2015, in contradistinction to the existing legal framework in the United Kingdom and the other regional enactments like the Council of Europe Convention on Cybercrime, African Union Convention on Cybersecurity and Personal Data Protection 2014, and the ECOWAS Directive on Cybercrime 2011.

364.16

DNS traffic based classifiers for the automatic classification of botnet domains

Stalmans, Etienne Raymond

January 2014

Networks of maliciously compromised computers, known as botnets, consisting of thousands of hosts have emerged as a serious threat to Internet security in recent years. These compromised systems, under the control of an operator are used to steal data, distribute malware and spam, launch phishing attacks and in Distributed Denial-of-Service (DDoS) attacks. The operators of these botnets use Command and Control (C2) servers to communicate with the members of the botnet and send commands. The communications channels between the C2 nodes and endpoints have employed numerous detection avoidance mechanisms to prevent the shutdown of the C2 servers. Two prevalent detection avoidance techniques used by current botnets are algorithmically generated domain names and DNS Fast-Flux. The use of these mechanisms can however be observed and used to create distinct signatures that in turn can be used to detect DNS domains being used for C2 operation. This report details research conducted into the implementation of three classes of classification techniques that exploit these signatures in order to accurately detect botnet traffic. The techniques described make use of the traffic from DNS query responses created when members of a botnet try to contact the C2 servers. Traffic observation and categorisation is passive from the perspective of the communicating nodes. The first set of classifiers explored employ frequency analysis to detect the algorithmically generated domain names used by botnets. These were found to have a high degree of accuracy with a low false positive rate. The characteristics of Fast-Flux domains are used in the second set of classifiers. It is shown that using these characteristics Fast-Flux domains can be accurately identified and differentiated from legitimate domains (such as Content Distribution Networks exhibit similar behaviour). The final set of classifiers use spatial autocorrelation to detect Fast-Flux domains based on the geographic distribution of the botnet C2 servers to which the detected domains resolve. It is shown that botnet C2 servers can be detected solely based on their geographic location. This technique is shown to clearly distinguish between malicious and legitimate domains. The implemented classifiers are lightweight and use existing network traffic to detect botnets and thus do not require major architectural changes to the network. The performance impact of implementing classification of DNS traffic is examined and it is shown that the performance impact is at an acceptable level.

Denial of service attacks -- Research

Computer security -- Research

Malware (Computer software)

Spam (Electronic mail)

Phishing

Command and control systems

Sécurité de l’information par stéganographie basée sur les séquences chaotiques / Information security by steganography based on chaotic sequences

Battikh, Dalia

18 May 2015

La stéganographie est l’art de la dissimulation de l’information secrète dans un médium donné (cover) de sorte que le médium résultant (stégo) soit quasiment identique au médium cover. De nos jours, avec la mondialisation des échanges (Internet, messagerie et commerce électronique), s’appuyant sur des médiums divers (son, image, vidéo), la stéganographie moderne a pris de l’ampleur. Dans ce manuscrit, nous avons étudié les méthodes de stéganographie LSB adaptatives, dans les domaines spatial et fréquentiel (DCT, et DWT), permettant de cacher le maximum d’information utile dans une image cover, de sorte que l’existence du message secret dans l’image stégo soit imperceptible et pratiquement indétectable. La sécurité du contenu du message, dans le cas de sa détection par un adversaire, n’est pas vraiment assurée par les méthodes proposées dans la littérature. Afin de résoudre cette question, nous avons adapté et implémenté deux méthodes (connues) de stéganographie LSB adaptatives, en ajoutant un système chaotique robuste permettant une insertion quasi-chaotique des bits du message secret. Le système chaotique proposé consiste en un générateur de séquences chaotiques robustes fournissant les clés dynamiques d’une carte Cat 2-D chaotique modifiée. La stéganalyse universelle (classification) des méthodes de stéganographie développées est étudiée. A ce sujet, nous avons utilisé l’analyse discriminante linéaire de Fisher comme classifieur des vecteurs caractéristiques de Farid, Shi et Wang. Ce choix est basé sur la large variété de vecteurs caractéristiques testés qui fournissent une information sur les propriétés de l’image avant et après l’insertion du message. Une analyse des performances des trois méthodes de stéganalyse développées, appliquées sur des images stégo produites par les deux méthodes de stéganographie LSB adaptatives proposées, est réalisée. L’évaluation des résultats de la classification est réalisée par les paramètres: sensibilité, spécificité, précision et coefficient Kappa. / Steganography is the art of the dissimulation of a secret message in a cover medium such that the resultant medium (stego) is almost identical to the cover medium. Nowadays, with the globalization of the exchanges (Internet, messaging and e-commerce), using diverse mediums (sound, embellish with images, video), modern steganography is widely expanded. In this manuscript, we studied adaptive LSB methods of stéganography in spatial domain and frequency domain (DCT, and DWT), allowing of hiding the maximum of useful information in a cover image, such that the existence of the secret message in the stégo image is imperceptible and practically undetectable. Security of the message contents, in the case of its detection by an opponent, is not really insured by the methods proposed in the literature. To solve this question, we adapted and implemented two (known) methods of adaptive stéganographie LSB, by adding a strong chaotic system allowing a quasi-chaotic insertion of the bits of the secret message. The proposed chaotic system consists of a generator of strong chaotic sequences, supplying the dynamic keys of a modified chaotic 2D Cat map. Universal steganalysis (classification) of the developed methods of stéganography, is studied. On this question, we used the linear discriminating analysis of Fisher as classifier of the characteristic vectors of Farid, Shi and Wang. This choice is based on the wide variety of tested characteristic vectors that give an information about the properties of the image before and after message insertion. An analysis of the performances of three developed methods of steganalysis, applied to the produced stego images by the proposed adaptive methods of stéganography, is realized. Performance evaluation of the classification is realized by using the parameters: sensibility, specificity, precision and coefficient Kappa.

Stéganographie

Stéganalyse

Séquences chaotiques

Stéganographie spatiale

Stéganographie fréquentielle

Cryptography

Digital communications

Steganography

Steganography

Chaotic sequences

Spatial domain

Frequency domain

621