Security of Non-Volatile Memories - Attack Models, Analyses, and Counter-Measures

Jang, Jae-Won

01 January 2015

The unprecedented demand for performance in the latest technologies will ultimately require changes in the way we design cache. Emerging high density embedded memories such as Spin-Transfer Torque Random Access Memory (STTRAM) have emerged as a possible candidate for universal memory due to its high speed, low power, non-volatility, and low cost. Although attractive, STTRAM is susceptible to contactless tampering through malicious exposure to magnetic field with the intention to steal or modify the bitcell content. In this thesis, we explore various attack techniques on STTRAM and then propose a novel array-based sensor to detect the polarity and magnitude of such attacks and then propose two design techniques to mitigate the attack. With our research, we have been able to successfully implement and accurately detect an attack while providing sufficient compensation window (few ns to ~100 us) to enable proactive protection measures. Finally, we show that variable-strength ECC can adapt correction capability to tolerate failures with various strength of an attack.

Contactless Tampering

On-Chip Tamper Mitigation

Replica

Variable ECC

Computer Engineering

The Effect of Image Preprocessing Techniques and Varying JPEG Quality on the Identifiability of Digital Image Splicing Forgery

January 2015

abstract: Splicing of digital images is a powerful form of tampering which transports regions of an image to create a composite image. When used as an artistic tool, this practice is harmless but when these composite images can be used to create political associations or are submitted as evidence in the judicial system they become more impactful. In these cases, distinction between an authentic image and a tampered image can become important. Many proposed approaches to image splicing detection follow the model of extracting features from an authentic and tampered dataset and then classifying them using machine learning with the goal of optimizing classification accuracy. This thesis approaches splicing detection from a slightly different perspective by choosing a modern splicing detection framework and examining a variety of preprocessing techniques along with their effect on classification accuracy. Preprocessing techniques explored include Joint Picture Experts Group (JPEG) file type block line blurring, image level blurring, and image level sharpening. Attention is also paid to preprocessing images adaptively based on the amount of higher frequency content they contain. This thesis also recognizes an identified problem with using a popular tampering evaluation dataset where a mismatch in the number of JPEG processing iterations between the authentic and tampered set creates an unfair statistical bias, leading to higher detection rates. Many modern approaches do not acknowledge this issue but this thesis applies a quality factor equalization technique to reduce this bias. Additionally, this thesis artificially inserts a mismatch in JPEG processing iterations by varying amounts to determine its effect on detection rates. / Dissertation/Thesis / Masters Thesis Computer Science 2015

Computer science

Image Splicing Detection

Image Tampering

Passive Detection

Preprocessing

Use of Event Studies to Estimate Brand Value: A Comparison of Methodologies

Pearsall, Nels A.

08 July 2002

Stock market event studies are often used to estimate the impact of an unanticipated event on stock returns of a company. Traditionally, these analyses focus on developing estimates of abnormal returns attributed to the event or some measure of post-event loss in shareholder value. In 1989 Mark Mitchell used an event study to estimate the impact of the 1982 Tylenol poisonings on Johnson & Johnson's share returns. Mark Mitchell was able to demonstrate that (1) Johnson & Johnson share returns were significantly impacted by the poisonings, and (2) such an impact translated, at least in part, to a depreciation of brand name capital. This study sets forth the basic framework of Mark Mitchell's 1989 analysis and wherever appropriate, provides possible alternatives to his methodologies. Using several alternative approaches including, but not necessarily limited to, consideration of the incremental values associated with the Tylenol brand name, cost to develop the brand, alternative market factors, and changes in income streams I compare changes in brand value to brand name capital depreciation estimated by Mitchell. In some instances the aforementioned approaches are used in conjunction with aspects of Mitchell's methodology. The results tend to provide more accurate estimates of the loss in brand value possibly associated with the 1982 poisonings. / Master of Arts

Intellectual Property

Product Tampering

Damages

Event Study

Market Analysis

The effects of urine adulteration with oxidants before drug analysis with LC-HRMS and CEDIA

Nilsson, Anna

January 2022

In drug analysis, different kinds of immunoassays are often used as an initial screening for urine samples. The positive screening results are then followed by a confirmatory test, which consists of mass spectrometry methods to detect the drugs. The confirmatory tests are considered to be more resistant to manipulation than the screening tests. If the tested person wants to obtain a false negative result in the drug analysis, there are a lot of different manipulation strategies available today. Manipulation of urine with oxidants before the drug analysis, oxidizes the drugs, and obtains negative results. The aim of this study was to investigate how the results of the drug analysis with the screening test; cloned enzyme donor immunoassay (CEDIA) and the confirmatory test; liquid chromatography- high resolution mass spectrometry (LC-HRMS), were affected when the urine was manipulated with oxidants before the analysis.  Four different oxidants (pyridinium chlorochromate, hypochlorite, sodium nitrite and povidone iodine) in three different concentrations, were investigated and evaluated on 37 different drugs with LC-HRMS. The most effective oxidant and the most adulterated drugs were then further investigated with LC-HRMS, CEDIA and with urine adulteration test strips. The results of the drug analysis were affected by the oxidants with both the CEDIA, and LC-HRMS analysis. All samples containing pyridinium chlorochromate and hypochlorite obtained negative results with CEDIA. With LC-HRMS, the tested samples containing 1 % hypochlorite effectively lowered the drug concentrations under the cut-off. Adulteration tests can be used to identify urine samples, manipulated with oxidants.

Drugs of abuse

Manipulation

Mass spectrometry

Narcotics

Tampering

Biomedical Laboratory Science/Technology

Adaptive Camera Tamper Detection For Video Surveillance

Saglam, Ali

01 June 2009

Criminals often resort to camera tampering to prevent capture of their actions. Many surveillance systems left unattended and videos surveillance system operators lose their concentration after a short period of time. Many important Real-time automated detection of video camera tampering cases is important for timely warning of the operators. Tampering can be defined as deliberate physical actions on a video surveillance camera and is generally done by obstructing the camera view by a foreign object, displacing the camera and changing the focus of the camera lens. In automated camera tamper detection systems, low false alarm rates are important as reliability of these systems is compromised by unnecessary alarms and consequently the operators start ignoring the warnings. We propose adaptive algorithms to detect and identify such cases with low false alarms rates in typical surveillance scenarios where there is significant activity in the scene. We also give brief information about the camera tampering detection algorithms in the literature. In this thesis we compare performance of the proposed algorithms to the algorithms in the literature by experimenting them with a set of test videos.

Intelligent Decision Support Systems for Compliance Options : A Systematic Literature Review and Simulation

PATTA, SIVA VENKATA PRASAD

January 2019

The project revolves around logistics and its adoption to the new rules. Theobjective of this project is to focus on minimizing data tampering to the lowest level possible.To achieve the set goals in this project, Decision support system and simulation havebeen used. However, to get clear insight about how they can be implemented, a systematicliterature review (Case Study incl.) has been conducted, followed by interviews with personnelat Kakinada port to understand the real-time complications in the field. Then, a simulatedexperiment using real-time data from Kakinada port has been conducted to achieve the set goalsand improve the level of transparency on all sides i.e., shipper, port and terminal.

Verified Gross mass

International Maritime Organization

Safety of Life at Sea

Decision Support System

Simulation

Data Tampering

Support vector machine (SVM)

Computer Sciences

Datavetenskap (datalogi)

Выявление признаков постобработки изображений : магистерская диссертация / Photo tampering detecton

Antselevich, A. A., Анцелевич, А. А.

January 2015

An algorithm, which is able to find out, whether a given digital photo was tampered, and to generate tampering map, which depicts the processed parts of the image, was analyzed in details and implemented. The software was also optimized, deeply tested, the modes giving the best quality were found. The program can be launched on a usual user PC. / В процессе работы был детально разобран и реализован алгоритм поиска признаков постобработки в изображениях. Разработанное приложение было оптимизировано, было проведено его тестирование, были найдены режимы работы приложения с более высокими показателями точности. Реализованное приложение может быть запущено на обычном персональном компьютере. Помимо информации о наличии выявленных признаков постобработки полученное приложение генерирует карту поданного на вход изображения, на которой выделены его участки, возможно подвергнутые постобработке.

MASTER'S THESIS

IMAGE FORGERY

PHOTO TAMPERING

IMAGE SEGMENTATION

GRAPH

NORMALIZED CUT

DUPLICATES

ОБРАБОТКА

ГРАФ

ДУБЛИКАТЫ

Food Defense Among Meat Processing and Food Service Establishments in Kentucky

Webb-Yeates, Morgan

01 May 2013

Agroterrorism is the deliberate introduction of a plant or animal disease with thegoal of causing fear, economic instability, illness, or death. After the 2002 terroristattacks on the World Trade Center, the security of the food supply is of increasingconcern to the United States. A major incidence of agroterrorism or food tampering would have far reaching impacts on the economy and public health. The first objective of this project was to determine knowledge and concern of agroterrorism in meat processing facilities in Kentucky, and to determine knowledge and concern of food tampering and food defense in food service establishments in Warren County, Kentucky. The second objective was to determine security strategies that were being implemented by these facilities. Two separate surveys, one for meat processors and the other for food service establishments, were designed to meet these objectives. An observational study was conducted for meat processing facilities. It was found that these facilities were generally unconcerned with agroterrorism, although a reasonable amount of security implementations were in place at these facilities. A statistical comparison between restaurants and non-restaurant food service establishments, such as schools, hospitals, and hotels, was performed. Both types of food service establishments expressed little concern about a food tampering event. Non- restaurant food service establishments were slightly more concerned than restaurants about both food tampering and food defense.

Agroterrorism

Bioterrorism

Food Tampering

Food Security

Food-Safety Measures

Food Adulteration and Inspection

Food Supply-Security Measures

Agriculture-Security Measures

Agriculture

Food and Drug Law

Food Microbiology

Food Processing

Food Science

National Security

A legal analysis of the study of the scientific evidence of Deoxyribonucleic Acid (DNA)

Harry, Lionel David

08 October 2020

This study analyses how DNA evidence can be distorted by the behaviour of criminal investigators and role-players within the Criminal Justice System (CJS). This has a negative impact on justice resulting in further criminality. The study has resulted in revelatory weaknesses owing to constitutional violations which cause sound evidence to become futile as it will not be admissible in court. Justice is aborted. The researcher has further explained the properties of the pertinent terms, such as: mental illness, psycho-social functioning, DNA, forensic investigator, forensic psychology, and courts. Concepts are building blocks, hermeneutical distortion leads to the frustrating of what justice intends and this, in turn, leads to poor criminal investigation performance. It is submitted that not only ineptness, but also deception possibly evolves from genotypic to phenotypic type which causes unwelcome behaviour within the criminal justice system to surface. The frequency of monitoring psychological behaviour amongst criminal investigations is low, and it, therefore, also contributes to delict and the miscarriage of justice occurs. / Police Practice / M.A. (Criminal Justice)

345.660019

DNA -- Analysis

DNA fingerprinting -- South Africa

Evidence tampering -- South Africa

Judicial error -- South Africa

Forensic psychology -- South Africa

Web Penetration testing : Finding and evaluating vulnerabilities in a web page based on C#, .NET and Episerver

Lundquist Amir, Ameena, Khudur, Ivan

January 2022

Today’s society is highly dependent on functional and secure digital resources, to protect users and to deliver different kinds of services. To achieve this, it is important to evaluate the security of such resources, to find vulnerabilities and handle them before they are exploited. This study aimed to see if web applications based on C#, .NET and Episerver had vulnerabilities, by performing different penetration tests and a security audit. The penetration tests utilized were SQL injection, Cross Site Scripting, HTTP request tampering and Directory Traversal attacks. These attacks were performed using Kali Linux and the Burp Suite tool on a specific web application. The results showed that the web application could withstand the penetration tests without disclosing any personal or sensitive information. However, the web application returned many different types of HTTP error status codes, which could potentially reveal areas of interest to a hacker. Furthermore, the security audit showed that it was possible to access the admin page of the web application with nothing more than a username and password. It was also found that having access to the URL of a user’s invoice file was all that was needed to access it. / Dagens samhälle är starkt beroende av funktionella och säkra digitala resurser, för att skydda användare och för att leverera olika typer av tjänster. För att uppnå detta är det viktigt att utvärdera säkerheten för sådana resurser för att hitta sårbarheter och hantera dem innan de utnyttjas. Denna studie syftar till att se om webapplikationer baserade på C#, .NET och Episerver har sårbarheter, genom att utföra olika penetrationstester och genom att göra en säkerhetsgranskning. Penetrationstesterna som användes var SQL-injektion, Cross Site Scripting, HTTP-förfrågningsmanipulering och Directory Traversal-attacker. Dessa attacker utfördes med Kali Linux och Burp Suite-verktygen på en specifik webbapplikation. Resultaten visade att webbapplikationen klarade penetrationstesterna utan att avslöja någon personlig eller känslig information. Webbapplikationen returnerade dock många olika typer av HTTP-felstatuskoder, som potentiellt kan avslöja områden av intresse för en hackare. Vidare visade säkerhetsgranskningen att det var möjligt att komma åt webbapplikationens adminsida med inget annat än ett användarnamn och lösenord. Det visade sig också att allt som behövdes för att komma åt en användares fakturafiler var webbadressen.

Ethical hacking

Penetration testing

Cybersecurity

DREAD

HTTP

HTTPS

Episerver

Kali Linux

Burp Suite

SQL injection

XSS

HTTP Method Tampering

Directory Traversal

HSTS

IDOR

Authentication

MFA

Computer and Information Sciences

Data- och informationsvetenskap