21 |
Optimal Consumer-Centric Delay-Efficient Security Management in Multi-Agent Networks: A Game and Mechanism Design Theoretic ApproachSchlake, Farimehr 01 May 2012 (has links)
The main aspiration behind the contributions of this research work is the achievement of simultaneuos delay-efficiency, autonomy, and security through innovative protocol design to address complex real-life problems. To achieve this, we take a holistic approach. We apply theoretical mathematical modeling implementing implications of social-economic behavioral characteristics to propose a cross-layer network security protocol. We further complement this approach by a layer-specific focus with implementations at two lower OSI layers.
For the cross-layer design, we suggest the use of game and mechanism design theories. We design a network-wide consumer-centric and delay-efficient security protocol, DSIC-S. It induces a Dominant Strategy Incentive Compatible equilibrium among all rational and selfish nodes. We prove it is network-wide socially desirable and Pareto optimal. We address resource management and delay-efficiency through synergy of several design aspects. We propose a scenario-based security model with different levels. Furthermore, we design a valuation system to integrate the caused delay in selection of security algorithms at each node without consumer's knowledge of the actual delays. We achieve this by incorporating the consumer's valuation system, in the calculation of the credit transfers through the Vickrey-Clarke-Groves (VCG) payments with Clarke's pivotal rule. As the utmost significant contribution of this work, we solve the revelation theorem's problem of misrepresentation of agents' private information in mechanism design theory through the proposed design. We design an incentive model and incorporate the valuations in the incentives. The simulations validate the theoretical results. They prove the significance of this model and among others show the correlation of the credit transfers to actual delays and security valuations.
In the layer-specific approach for the network-layer, we implement the DSIC-S protocol to extend current IPsec and IKEv2 protocols. IPsec-O and IKEv2-O inherit the strong properties of DSIC-S through the proposed extensions.
Furthermore, we propose yet another layer-specific protocol, the SME_Q, for the datalink layer based on ATM. We develop an extensive simulation software, SMEQSIM, to simulate ATM security negotiations. We simulate the proposed protocol in a comprehensive real-life ATM network and prove the significance of this research work. / Ph. D.
|
22 |
Metody návrhu bezpečnostních protokolů / Methods of the Security Protocols DesignMíchal, Luboš Unknown Date (has links)
The security protocols are widely used for providing safe communication. They are used for creating private communication channels in unsecured area. This thesis deals with the design of such protocols and their properties. The first part deals with properties and requirements of designed protocol as well as with the most common attacks on protocols. In the second part, the method of trace formula is described in more detail. This method is used for analytic design of security protocols. Later, the library of automated functions was created upon the principles of the method. The library support both the handling of protocol properties and protocol design. The thesis concludes with some examples of generated protocols.
|
23 |
Infrastructure de gestion de la confiance sur internet / Trust management infrastructure for internetVu, Van-Hoan 03 December 2010 (has links)
L'établissement de la confiance est un problème qui se pose en permanence dans la vie quotidienne. Nous avons toujours besoin d'évaluer la confiance que l'on a en quelqu'un avant de décider d'entreprendre une action avec. Il s'agit bien évidemment d'une question très importante pour les applications de l'Internet où il est de plus en plus rare d'engager une transaction avec des personnes ou des entités que l'on connaîtrait au préalable. La confiance est un élément clé pour le développement et le bon fonctionnement des applications d’e-commerce et par extension de tous les services qui amènent à des interactions avec des inconnus.Le but de cette thèse est de proposer une infrastructure de gestion de la confiance qui permette à chaque participant d'exprimer sa propre politique de confiance ; politique qui guidera le comportement des applications qui fournissent ou qui permettent d'accéder à des services. Cette infrastructure met en œuvre des mécanismes de négociation qui vont permettre d'établir une confiance mutuelle entre les différents participants d'une transaction. Un des points importants de notre proposition est d'offrir un langage d'expression des politiques qui permet d'utiliser toutes les sources d'informations disponibles telles que les qualifications (credentials), la notion de réputation, de recommandation, de risque pour exprimersa politique de confiance. / Trust establishment is an important problem which often arises everyday. We need to assess the trust in someone or something before making decisions on their actions. It is also a very important problem for Internet applications where participants of a system are virtual entities. The trust establishment is a key factor for e-commerce applications and services which involve interactions with unknown users.The objective of this thesis is to build an infrastructure for trust management which allows each participant to express his own security policy. The security policy is a way for the participant to define his own access control to his own resources and services. The infrastructure provides a trust negotiation mechanism that allows two participants to establish a mutual trust between them for interactions.The important point of our proposal of an infrastructure for trust management is that we use all available information such as credentials (signed certificates), reputations, recommendations or risk information about the peer to make decisions on trust. All these factors are expressed in the security policy by using our proposed policy language.
|
24 |
Security of NFC applicationsPham, Thi Van Anh January 2013 (has links)
Near Field Communication (NFC) refers to a communication technology that enables an effortless connection and data transfers between two devices by putting them in a close proximity. Besides contactless payment and ticketing applications, which were the original key drivers of this technology, a large number of novel use cases can benefit from this rapidly developing technology, as has been illustrated in various NFC-enabled application proposals and pilot trials. Typical NFC-enabled systems combine NFC tags, NFC-enabled mobile phones, and online servers. This thesis explores the trust relationships, security requirements, and security protocol design in these complex systems. We study how to apply the security features of different types of NFC tags to secure NFC applications. We first examine potential weaknesses and problems in some novel use cases where NFC can be employed. Thereafter, we analyze the requirements and propose our system design to secure each use case. In addition, we developed proof-of-concept implementations for two of our proposed protocols: an NFCenabled security-guard monitoring system and an NFC-enabled restaurant menu. For the former use case, we also formally verified our proposed security protocol. Our analysis shows that among the discussed tags, the NFC tags based on secure memory cards have the least capability and flexibility. Their built-in three-pass mutual authentication can be used to prove the freshness of the event when the tag is tapped. The programmable contactless smart cards are more flexible because they can be programmed to implement new security protocols. In addition, they are able to keep track of a sequence number and can be used in systems that do not require application-specific software on the mobile phone. The sequence number enforces the order of events, thus providing a certain level of replay prevention. The most powerful type of tag is the emulated card since it provides a clock, greater computational capacity, and possibly its own Internet connection, naturally at higher cost of deployment. / Near Field Communication (NFC) hänvisar till en kommunikationsteknik som möjliggör en enkel anslutning och dataöverföring mellan två enheter genom att sätta dem i en närhet. Förutom kontaktlös betalning och biljetthantering ansökningar, vilket var den ursprungliga viktiga drivkrafter för denna teknik, kan ett stort antal nya användningsfall dra nytta av denna snabbt växande teknik, som har visats i olika NFC-aktiverade program förslag och pilotförsök. Typiska NFC-applikationer kombinerar NFC-taggar, NFC-kompatibla mobiltelefoner och online-servrar. Denna avhandling utforskar förtroenderelationer, säkerhetskrav och säkerhetsprotokoll utformning i dessa komplexa system. Vi studerar hur man kan tillämpa de säkerhetsfunktioner för olika typer av NFC-taggar för att säkra NFC-applikationer. Vi undersöker först potentiella svagheter och problem i vissa nya användningsfall där NFC kan användas. Därefter analyserar vi de krav och föreslå vårt system design för att säkra varje användningsfall. Dessutom utvecklade vi proof-of-concept implementationer för två av våra föreslagna protokoll: en NFC-aktiverad säkerhet-guard övervakningssystem och en NFC-aktiverad restaurang meny. Dessutom, för fd bruk fallet, kontrollerade vi formellt vår föreslagna säkerhetsprotokoll. Vår analys visar att bland de diskuterade taggar, NFC taggar som baseras på säkra minneskort har minst kapacitet och dlexibilitet. Deras inbyggda trepass ömsesidig autentisering kan användas för att bevisa färskhet av händelsen när taggen tappas. De programmerbara beröringsfria smarta kort är mer flexibla eftersom de kan programmeras för att genomföra nya säkerhetsprotokoll. Dessutom kan de hålla reda på ett löpnummer och kan användas i system som inte kräver ansökan-specik mjukvara på mobiltelefonen. Sekvensnumret framtvingar ordning av händelser, vilket ger en viss nivå av replay förebyggande. Den mest kraftfulla typen av taggen är den emulerade kortet eftersom det ger en klocka, större beräkningskapacitet, och möjligen sin egen Internet-anslutning, naturligtvis till högre kostnad för utplacering.
|
25 |
Securing Network Connected Applications with Proposed Security ModelsKonstantaras, Dimitrios, Tahir, Mustafa January 2008 (has links)
<p>In today’s society, serious organizations need protection against both internal and external attacks. There are many different technologies available that organizations can incorporate into their organization in order to enhance security for their networking applications. Unfortunately, security is way to often considered as an afterthought and therefore implemented as an external part of the applications. This is usually performed by introducing general security models and technologies.</p><p>However, an already developed, well structured and considered security approach – with proper implementation of security services and mechanisms – different security models can be used to apply security</p><p>within the security perimeter of an organization. It can range from built into the application to the edge of a private network, e.g. an appliance. No matter the choice, the involved people must possess security expertise to deploy the proposed security models in this paper, that have the soul purpose to secure applications.</p><p>By using the Recommendation X.800 as a comparison framework, the proposed models will be analyzed in detail and evaluated of how they provide the security services concerned in X.800. By reasoning about what security services that ought to be implemented in order to prevent or detect diverse security attacks, the organization needs to carry out a security plan and have a common understanding of the defined security policies.</p><p>An interesting finding during our work was that, using a methodology that leads to low KLOC-values results in high security, though low KLOC-values and high security go hand-in-hand.</p>
|
26 |
Securing Network Connected Applications with Proposed Security ModelsKonstantaras, Dimitrios, Tahir, Mustafa January 2008 (has links)
In today’s society, serious organizations need protection against both internal and external attacks. There are many different technologies available that organizations can incorporate into their organization in order to enhance security for their networking applications. Unfortunately, security is way to often considered as an afterthought and therefore implemented as an external part of the applications. This is usually performed by introducing general security models and technologies. However, an already developed, well structured and considered security approach – with proper implementation of security services and mechanisms – different security models can be used to apply security within the security perimeter of an organization. It can range from built into the application to the edge of a private network, e.g. an appliance. No matter the choice, the involved people must possess security expertise to deploy the proposed security models in this paper, that have the soul purpose to secure applications. By using the Recommendation X.800 as a comparison framework, the proposed models will be analyzed in detail and evaluated of how they provide the security services concerned in X.800. By reasoning about what security services that ought to be implemented in order to prevent or detect diverse security attacks, the organization needs to carry out a security plan and have a common understanding of the defined security policies. An interesting finding during our work was that, using a methodology that leads to low KLOC-values results in high security, though low KLOC-values and high security go hand-in-hand.
|
27 |
A Comprehensive Taxonomy of Attacks and Mitigations in IoT Wi-Fi Networks : physical and data-link layerAlmjamai, Sarmed January 2022 (has links)
The number of Internet of Things (IoT) devices is rising and Wireless Fidelity (Wi-Fi) networks are still widely used in IoT networks. Security protocols such as Wi-Fi Protected Access 2 (WPA2) are still in use in most Wi-Fi networks, but Wi-Fi Protected Access 3 (WPA3) is making its way as the new security standard. These security protocols are crucial in Wi-Fi networks with energy and memory-constrained devices because of adversaries that could breach confidentiality, integrity, and availability of networks through various attacks. Many research papers exist on single Wi-Fi attacks, and the strengths and weaknesses of security protocols and Wi-Fi standards. This thesis aims to provide a detailed overview of Wi-Fi attacks and corresponding mitigation techniques against IoT Wi-Fi networks in a comprehensive taxonomy. In addition tools are mentioned for each Wi-Fi attack that allows, e.g., professionals or network administrators to test the chosen Wi-Fi attacks against their IoT networks. Four types of attack (categories) were defined, Man-in-the-Middle (MitM), Key-recovery, Traffic Decryption, and Denial of Service (DoS) attacks. A set of Wi-Fi attack features were defined and decribed. The features included the security protocol and security mode, the layer (physical or data-link) that an attack targets, and the network component interaction required to allow a Wi-Fi attack to execute successfully. In total, 20 Wi-Fi attacks were selected with relevance to IoT in Wi-Fi networks based on some criteria. Additonally, each Wi-Fi attack consist of a description of possible consequences/results an adversary can achieve, such as eavesdropping, data theft, key recovery, and many more. Flow charts were also added to give the reader a visual perspective on how an attack works. As a result, tables were created for each relevant security protocol and the Open Systems Interconnection (OSI) layers to create a overview of mitigations and available tools for each attack. Furthermore, WPA3 was discussed on how it solves some shortcomings of WPA2 but has vulnerabilities of it own that lie in the design of the 4-way and dragonfly handshake itself. In conclusion, development and proper vulnerability tests on the Wi-Fi standards and security protocols have to be conducted to improve and reduce the possibility of current and upcoming vulnerabilities.
|
28 |
GARBLED COMPUTATION: HIDING SOFTWARE, DATAAND COMPUTED VALUESShoaib Amjad Khan (19199497) 27 July 2024 (has links)
<p dir="ltr">This thesis presents an in depth study and evaluation of a class of secure multiparty protocols that enable execution of a confidential software program $\mathcal{P}$ owned by Alice, on confidential data $\mathcal{D}$ owned by Bob, without revealing anything about $\mathcal{P}$ or $\mathcal{D}$ in the process. Our initial adverserial model is an honest-but-curious adversary, which we later extend to a malicious adverarial setting. Depending on the requirements, our protocols can be set up such that the output $\mathcal{P(D)}$ may only be learned by Alice, Bob, both, or neither (in which case an agreed upon third party would learn it). Most of our protocols are run by only two online parties which can be Alice and Bob, or alternatively they could be two commodity cloud servers (in which case neither Alice nor Bob participate in the protocols' execution - they merely initialize the two cloud servers, then go offline). We implemented and evaluated some of these protocols as prototypes that we made available to the open source community via Github. We report our experimental findings that compare and contrast the viability of our various approaches and those that already exist. All our protocols achieve the said goals without revealing anything other than upper bounds on the sizes of program and data.</p><p><br></p>
|
Page generated in 0.0691 seconds