Dissertations / Theses on the topic 'Attack by observation'

Critical infrastructures include sectors such as energy resources, finance, food and water distribution, health, manufacturing and government services. In recent years, critical infrastructures have become increasingly dependent on ICT; more interconnected and are often, as a result, linked to the Internet. Consequently, this makes these systems more vulnerable and increases the threat of cyber-attack. In addition, the growing use of wireless networks means that infrastructures can be more susceptible to a direct digital attack than ever before. Traditionally, protecting against environmental threats was the main focus of critical infrastructure preservation. Now, however, with the emergence of cyber-attacks, the focus has changed and infrastructures are facing a different danger with potentially debilitating consequences. Current security techniques are struggling to keep up to date with the sheer volume of innovative and emerging attacks; therefore, considering fresh and adaptive solutions to existing computer security approaches is crucial. The research presented in this thesis, details the use of behavioural observation for critical infrastructure security support. Our observer system monitors an infrastructure’s behaviour and detects abnormalities, which are the result of a cyber-attack taking place. By observing subtle changes in system behaviours, an additional level of support for critical infrastructure security is provided through a plug-in device, which operates autonomously and has no negative impact on data flow. Behaviour is evaluated using mathematical classifications to assess the data and detect changes. The subsequent results achieved during the data classification process were high and successful. Our observer approach was able to accurately classify 98.138 % of the normal and abnormal system behaviours produced by a simulation of a critical infrastructure, using nine data classifiers.

This PhD thesis focuses on the study, the hardware design, the theoretical and practical validation, and eventually the comparison of different arithmetic operators for cryptosystems based on elliptic curves (ECC). Provided solutions must be robust against some side-channel attacks, and efficient at a hardware level (execution speed and area). In the case of ECC, we want to protect the secret key, a large integer, used in the scalar multiplication. Our protection methods use representations of numbers, and behaviour of algorithms to make more difficult some attacks. For instance, we randomly change some representations of manipulated numbers while ensuring that computed values are correct. Redundant representations like signed-digit representation, the double- (DBNS) and multi-base number system (MBNS) have been studied. A proposed method provides an on-the-fly MBNS recoding which operates in parallel to curve-level operations and at very high speed. All recoding techniques have been theoretically validated, simulated extensively in software, and finally implemented in hardware (FPGA and ASIC). A side-channel attack called template attack is also carried out to evaluate the robustness of a cryptosystem using a redundant number representation. Eventually, a study is conducted at the hardware level to provide an ECC cryptosystem with a regular behaviour of computed operations during the scalar multiplication so as to protect against some side-channel attacks.

Cette thèse porte sur le développement et l'évaluation de protections contrant simultanément des attaques par perturbation (FA) et des attaques par observation (SCA) dans le contexte de la cryptographie basée sur les courbes elliptiques (ECC). Deux protections ont été proposées pour la multiplication scalaire (SM), l'opération principale d'ECC. La première, nommée vérification de point (PV), permet une uniformisation de la SM grâce à une vérification de l'appartenance du point courant à la courbe. La SM ainsi obtenue est uniforme et donc résistante aux SPA mais aussi résistante à certaines FA. La seconde, nommée compteur d'itérations (IC), protège le scalaire contre certaines FA, tout en ayant un comportement uniforme et avec un très faible surcoût. Ces deux protections ont été implantées sur un microcontrôleur Cortex M0 pour les courbes de Weierstrass et de Montgomery, et ce pour différents types de coordonnées. Le surcoût de ces méthodes varie entre 48 % et 62 % dans le pire des cas (lorsque la PV est réalisée à chaque itération de la SM). Cela est moindre que celui des protections de bases habituelles contre les SCA. Un simulateur d'activité théorique au niveau arithmétique est également proposé. Il reproduit l'architecture d'un microcontrôleur 32 bits très simple. L'activité théorique est modélisée grâce à la variation du poids de Hamming des données manipulées lors de l'exécution. Grâce à ce simulateur, l'impact des opérandes sur l'activité des unités arithmétiques a pu être illustré. De plus, des attaques SPA et DPA furent réalisées pour évaluer les protections précédentes. Nos protections montrent une amélioration de la sécurité
This thesis deals with protection development and evaluation against fault attacks (FA) and side channel attacks (SCA) simultaneously. These protections have been developed for elliptic curves cryptography (ECC) and its main operation, the scalar multiplication (MS). Two protections have been proposed. The first is point verification (PV) checking that the current point is effectively on the curve, with a uniformization behavior. Thus, this new SM with PV is robust against some FAs and also SPA, since it is uniform. The second one is called counter iteration (IC). ICC protects the scalar against major FAs with a uniform behavior. Its overhead is very small. Our protections have been implemented on Cortex M0 microcontroller for Weiertrass and Montgomery curves and for different types of coordinates. The overhead is between 48 % and 62 %, in the worst case (when the PV is made at each SM iteration). This overhead is smaller than overhead of usual basic protections against SPA. A theorical activity simulator has also been developed. It reproduces the architecture of a simple 32-bit microcontroller. Theoric activity is modeled by the Hamming weigh variations of manipulated data during execution. Thanks to the simulator, the impact of operands is illustrated for arithmetic units. Moreover, SPA and DPA attacks were made for evaluating our protections. Our protections show some security improvements

Cette thèse porte sur les attaques par observations. Ces attaques étudient les variations d'émanation d'un composant pour retrouver une clé secrète. Ces émanations peuvent être multiples, par exemple, la consommation de courant électrique, le rayonnement électromagnétique, etc. Généralement, ces attaques font appel à des méthodes statistiques pour examiner la relation entre les émanations du composant et des modèles de consommation imaginés par l'attaquant. Trois axes sont développés dans cette thèse. Dans un premier temps, nous avons implémenté différentes attaques par observations sur des cartes graphiques en utilisant l'API OpenCL. Ces implémentations sont plus performantes que les implémentations classiques, ce qui permet à un attaquant de pouvoir traiter plus de données. Dans un second temps, nous avons proposé l'utilisation du MIC dans le cadre des attaques par observations. L'avantage du MIC, par rapport à l'information mutuelle, est sa facilité de calcul, ne dépendant pas de choix de noyau ou de taille de fenêtre. Son utilisation dans une attaque par observations est donc aisée, même si, la complexité des calculs à effectuer est souvent très importante. Enfin, nous avons introduit une nouvelle attaque, basée sur la distribution jointe de l'entrée et de la sortie de fonction cryptographique. Si cette distribution varie en fonction de la valeur de la clé impliquée par la fonction, on est capable de retrouver la clé secrète utilisée par le composant. Cette nouvelle attaque a la particularité de ne nécessiter ni la connaissance du texte clair, ni la connaissance du texte chiffré, ce qui lui permet d'être efficace même en présence de certaines contre-mesures
The main subject of this manuscript is the Side Channel Attacks. These attacks investigate the variation of device emanations to retrieve a secret key. These emanations can be the power consumption, the electromagnetic radiation, etc. Most of the time, those attacks use statistical methods to examine the relationship between the emanations and some leakage models supposed by the attacker. Three main axis are developed here. First, we have implemented many side channel attacks on GPGPU using the API OpenCL. These implementations are more effective than the classical ones, so an attacker can exploit more data. Then, in order to provide a new side channel attack, we have suggested the use of a new dependency measurement proposed by Reshef et al., the MIC. The MIC is more advantageous than the mutual information, because its computation does not depend of a kernel choice nor a windows size. So, its use in side channel analysis is simple, even if the time complexity is large. Finally, we have introduced a new attack based on the join distribution of the input and the output of a cryptographic sub-function. If the distribution depends on the key used in the function, we can retrieve the secret key. This attack can be efficient even in presence of some countermeasures because it does not required the knowledge of both plain text or cipher text

Asphalt and concrete reclamation machines are used to cut roadways when a repair is required. The performance of these machines can affect the quality of road repairs, and cost/profitability for both contractors and governments. We believe that several performance characteristics in reclamation machines are governed by the placement and pattern of cutting picks on the cutter head. Previous studies, focused on mining and excavation applications, have shown strong correlation between placement and wear. The following study employs a screening experiment (observational study) to find significant contributors to tool wear, in applications of asphalt milling or reclamation. We have found that picks fail by two primary modes: tip breakage, and body abrasive wear. Results indicate that the circumferential spacing of a bit, relative to neighboring bits, has the strongest effect on tip breakage. We have also shown that bit skew angle has a large positive effect on body abrasive wear.

Notre thèse stipule qu'au vu de l'ampleur des agissements malveillants dans l'Internet, les logiciels d'extrémité doivent être surveillés. Pour limiter le nombre de points de surveillance, nous proposons de surveiller les logiciels depuis un point d'interconnexion. Nous avons dans ce but conçu Luth, un outil permettant de composer et de paralléliser un ensemble d'inspecteurs de points d'interconnexion (appelés MI) qui implémentent des mini IDS, IPS ou pare-feux, tout en vérifiant la correction et l'optimalité de ces derniers, à l'aide d'un langage de configuration et des algorithmes associés. Nous utilisons ensuite cet outil pour surveiller des logiciels d'extrémité permettant l'observation de trafic malveillant. Premièrement, après avoir démontré la nécessité de surveiller des pots de miels collecteurs de logiciels malveillants en concevant une attaque originale, nous montrons comment nous configurons Luth pour bloquer les attaques précédemment créées tout en laissant passer les attaques émulées par le pot de miel. Dans un second temps, nous utilisons Luth pour implémenter un bac-à-sable permettant d'analyser dynamiquement et aussi sûrement que voulu, les communications réseaux des logiciels malveillants. Nous montrons comment les informations obtenues par cette analyse permettent de regrouper ces logiciels et ainsi de limiter le nombre de binaires à analyser manuellement. Ensuite nous montrons comment nous générons automatiquement des signatures permettant la détection de ces virus depuis un point d'interconnexion
Our Ph.D states that given the magnitude of malicious behavior in the Internet, end-host software must be monitored. To limit the number of monitoring points, we propose to monitor the software from an interconnection point, i.e. a midpoint. We have designed for this purpose Luth, a tool to compose and parallelize a set of midpoint inspectors (MI) that implement mini IDS, IPS or firewall-s, while checking the correction and optimality of the resulting inspection tree, using a configuration language, its interpreter and associated algorithms. We then configure this tool to monitor some end-host software used to observe malicious traffic. First, we demonstrate why malware downloading honeypots must be monitored by designing an original attack. Then, we show how we configure Luth to block these attacks while accepting the intrusions emulated by the honeypot. In a second step, we use Luth to implement a sandbox that analyzes dynamically and as safely as wanted malware's network communications. We show how the information obtained by this analysis enables us to cluster the analyzed malware and therefore limit the number of malware to analyze manually. Finally, we show how we automatically generate signatures from this analysis to detect those malware from a midpoint device

Introduction: The most appropriate airway management technique for use by paramedics in out-of-hospital cardiac arrest is yet to be determined and evidence relating to the influence of airway management strategy on outcome remains equivocal. In cases where return of spontaneous circulation (ROSC) occurs following out-of-hospital cardiac arrest, patients may undergo direct transfer to a specialist heart attack centre (HAC) where the post resuscitation 12 lead ECG demonstrates evidence of ST elevation myocardial infarction. To date, no studies have investigated the role of airway management strategy on outcomes in this sub-set of patients. The AMICABLE (Airway Management In Cardiac Arrest, Basic, Laryngeal mask airway, Endotracheal intubation) study therefore sought to investigate the influence of prehospital airway management strategy on outcomes in patients transferred by the ambulance service directly to a HAC post ROSC. Methods: Adults with ROSC post out-of-hospital cardiac arrest who met local criteria for transfer to a HAC were identified prospectively. Ambulance records were reviewed to determine prehospital airway management approach and collect physiological and demographic data. HAC notes were obtained to determine in-hospital course and quantify neurological outcome via the Cerebral Performance Category (CPC) scale. Neurologically intact survivors were contacted post discharge to assess quality of life via the SF-36 health survey. Statistical analyses were performed via Chi-square, Mann Whitney U test, odds ratios, and binomial logistic regression. Results: A total of 220 patients were recruited between August 2013 and August 2014, with complete outcome data available for 209. The age of patients ranged from 22-96 years and 71.3% were male (n=149). Airway management was undertaken using a supraglottic airway (SGA) in 72.7% of cases (n=152) with the remainder undergoing endotracheal intubation (ETI). There was no significant difference in the proportion of patients with good neurological outcome (CPC 1&2) between the SGA and ETI groups (p=.286). Similarly, binomial logistic regression incorporating factors known to influence outcome demonstrated no significant difference between the SGA and ETI groups (Adjusted OR 0.725, 95% CI 0.337-1.561). Clinical and demographic variables associated with good neurological outcome included the presence of a shockable rhythm (p < .001), exposure to angiography (p < .001), younger age (p < .001) and shorter time to ROSC (p < .001). Due to an inadequate response rate (25.4%, n=15) analysis of SF36 data was limited to descriptive statistics. Limitations: The study only included patients who achieved ROSC and met the criteria for direct transfer to a HAC. Results are therefore not generalisable to more heterogenous resuscitation populations. Accuracy of clinical decision making and ECG interpretation were not assessed and therefore some patients included in the study may have been inappropriately transferred to a HAC. The low SF-36 survey response rate limited the level of neurological outcome analysis that could be undertaken. Conclusion: In this study, there was no significant difference in the proportion of good neurological outcomes in patients managed with SGA versus ETI during cardiac arrest. Further research incorporating randomised controlled trials is required to provide more definitive evidence in relation to the optimal airway management strategy in out-of-hospital cardiac arrest.

Cette thèse se situe dans la cryptanalyse physique des algorithmes de chiffrement par blocs. Un algorithme cryptographique est conçu pour être mathématiquement robuste. Cependant, une fois implémenté dans un circuit, il est possible d'attaquer les failles de ce dernier. Par opposition à la cryptanalyse classique, on parle alors d'attaques physiques. Celles-ci ne permettent pas d'attaquer l'algorithme en soi, mais son implémentation matérielle. Il existe deux grandes familles d'attaques physiques différentes : les attaques par observation du circuit durant le chiffrement, et les attaques par injections de fautes, qui analysent l'effet d'une perturbation intentionnelle sur le fonctionnement du circuit. Les attaques physiques ont deux types d'objectifs : rechercher la clé ou faire de la rétro-conception (retrouver une partie d'un algorithme de chiffrement privé, ex : s-boxes modifiées). Bien que leurs principes semblent distincts, cette thèse présente un formalisme qui permet d'unifier toutes ces attaques. L'idée est de décrire les attaques physiques de façon similaire, afin de pouvoir les comparer. De plus, ce formalisme a permis de mettre en évidence de nouvelles attaques. Des travaux novateurs ayant pour objet de retrouver la clé de chiffrement d'un AES, uniquement avec la consommation de courant ont été menés. Une nouvelle attaque de type FIRE (Fault Injection for Reverse Engineering) pour retrouver les s-boxes d'un pseudo DES est également présentée dans la thèse. Ce travail a abouti sur une réflexion plus générale, sur les attaques par injections de fautes dans les schémas de Feistel classiques et généralisés
The main subject of this work is the physical cryptanalysis of blocks ciphers. Even if cryptographic algorithms are properly designed mathematically, they may be vulnerable to physical attacks. Physical attacks are mainly divided in two families: the side channel attacks which are based on the observation of the circuit behaviour during the computation, and the fault injection attacks which consist in disturbing the computation in order to alter the correct progress of the algorithm. These attacks are used to target the cipher key or to reverse engineer the algorithm. A formalism is proposed in order to describe the two families in a unified way. Unifying the different attacks under a same formalism allows to deal with them with common mathematical tools. Additionally, it allows a comparison between different attacks. Using this framework, a generic method to assess the vulnerabilities of generalized Feistel networks to differential fault analysis is presented. This work is furthermore extended to improve a FIRE attack on DES-like cryptosystems with customized s-boxes

碩士
國立臺灣師範大學
政治學研究所
99
In this study, 2008 Mumbai terrorist attack is the observation basis in order to explain the relation that between terrorist attacks and India-Pakistan conflict. All contents strive to explore "What are the impacts in the context of India-Pakistan conflict and terrorism development to the South Asia regional security?" This study used four research methods, they were literature review method, historical research methods, case study analysis and induction method. Purpose of this study is integrated exploring on the following items : First, the India-Pakistan conflict attributions and meanings under history development; Second, the impacts of India-Pakistan conflict’s to the South Asian regional security; Third, the impacts of India-Pakistan terrorist development to South Asia regional security; Fourth, making example about major terrorist attack, exploring the impacts of India-Pakistan relation; Fifth, India, Pakistan and international actions to the terrorism. This study found the following three points: First, solving the economic, social and political problem of uneven development in India and Pakistan are both urgent. Kashmir is the priority region. Second, India and Pakistan must to make greater effort to "inner force" and "external force" on anti-terrorism actions. Third, using the international powers (international organizations) to exert pressure in order to promote peaceful development between India and Pakistan, and the South Asia regional security stability as well.

碩士
國立臺中教育大學
資訊工程學系
105
Common PIN-entry schemes are vulnerable to observation attacks, in which the adversary can obtain the user’s PIN by using shoulder-surfing attacks or camera recording attacks. Therefore, some observation attacks resistant PIN-entry schemes have been proposed. However, none of these observation attacks resistant PIN-entry schemes can achieve both sufficient security and high usability. To solve this problem, audios have been used by some observation attacks resistant PIN-entry schemes as secondary channels for sending secret information from the system to the user. In this thesis, we analyze the security and usability of three representative audio-based observation attacks resistant PIN-entry schemes for mobile devices, including Phone Lock, ColorLock, and LinA. However, as the user has to carry an earphone with him in existing audio-based observation attacks resistant PIN-entry schemes, the usability of existing audio-based observation attacks resistant PIN-entry schemes is not ideal. Thus, we propose a simple audio-based observation attacks resistant PIN-Entry scheme, Audio-PES (Audio PIN Entry Scheme), in which the device’s receiver is used by the system to covertly transmit secret information to the user at low volume so that earphones are not required. However, the usability of Audio-PES is still unsatisfactory for some high-efficiency applications. Thus, we propose another audio-based observation attacks resistant PIN-Entry scheme, O-Audio-PES (Overlapping Audio PIN Entry Scheme), in which earphones are also not required. By using the technique of overlapping the user’s responses, the login time can be reduced. On the other hand, in existing audio-based observation attacks resistant PIN-entry schemes, the transmission efficiency of secret information is insufficient. Therefore, we propose the third audio-based observation attacks resistant PIN-entry scheme, D-Audio-PES (Dual Tone Audio PIN Entry Scheme), in which earphones are also not required. By using the technology of dual tone, the usability can be improved. Finally, we compare the security and usability of the proposed three schemes and three existing representative schemes. The application developers can choose the audio-based observation attacks resistant PIN-entry scheme suitable for the application environments.

碩士
國立臺中教育大學
資訊工程學系
104
Common PIN-entry schemes are vulnerable to observation attacks, in which the adversary can obtain the user’s PIN by using shoulder-surfing attacks or camera recording attacks. To enhance the resistance to observation attacks, some observation attacks resistant PIN-entry schemes have been proposed. However, none of existing observation attacks resistant PIN-entry schemes can achieve both good security and high usability. To solve this problem, haptics have been used as secondary channels for sending secret information from the system to the user. In this thesis, we analyze the security and usability of three representative observation attacks resistant PIN-entry schemes for mobile devices based on haptics, including Phone Lock, TimeLock, and VibraInput. However, in existing observation attacks resistant PIN-entry schemes based on haptics, the user cannot choose the efficiency-security setting suitable for him. Thererfore, we propose a flexible observation attacks resistant PIN-entry scheme, Flex-HapPIN, in which the user can choose the efficiency-security setting suitable for him. Howerver, the usability of FlexHapPIN is still unsatisfactory for some high-efficiency applications. Thus, we propose a rapid observation attacks resistant PIN-entry scheme, Rap-HapPIN, in which the user can efficiently log into the system. Recently, touchscreen devices providing localized haptic feedback have been designed, developed, and/or implemented. It is likely that touchscreen devices providing localized haptic feedback will be available for common users in the near future. Thererfore, we propose a new observation attacks resistant PIN-entry scheme, Loc-HapPIN, for touchscreen devices providing localized haptic feedback. By using the technology of localized haptic feedback, the usability and the resistance to observation attacks are improved. Furthermore, the user can also choose the efficiency-security setting suitable for him.

碩士
國立臺中教育大學
資訊工程學系
103
Common textual password schemes and graphical password schemes are vulnerable to observation attacks, in which the adversary can obtain the user's password information while users in the login process by using the shoulder-surfing attack and/or the hidden-camera attack. In 2002, Sobrado and Birget proposed three observation attacks resistant graphical password schemes. Since then, many graphical password schemes with different degrees of resistance to observation attacks have been proposed. However, none of these schemes can achieve both sufficient security and good usability. Herein, we propose an enhanced observation attacks resistant graphical password scheme, NIL, based on moving icons. This memory interference can be reduced by combining simple numbers, icons, and locations. We show that NIL can achieve both sufficient security and good usability for general environments. However, the average login time of NIL is still too long for high-efficiency environments. In addition, the resistance of NIL to observation attacks is insufficient for high threat environments. Therefore, we also propose a modified version of NIL, NILplus. By using earphones, NILplus can significantly decrease the average login time. In addition, the success probability of NILplus to observation attacks will remain extremely low even if the adversary has observed the user's login sessions many times. Furthermore, NILplus is also superior to the NIL with respect to the password space while the resistance of NILplus to accidental login roughly equals NIL.

碩士
國立臺中教育大學
資訊工程學系
107
Personal Identification Number (PIN) is a numeric password that can be used for user authentication. The major advantage of using PIN is low memory burden and low operation burden. In particular, PIN authentication usually will not cause the problems of privacy violation and non-replacement, which cannot be fully avoided in authentication methods based on biometrics. So far, PIN is still widely used in many application systems for authenticating users. However, since common PIN authentication schemes cannot resist observation attacks, in which the adversary can obtain the user’s PIN by using shoulder-surfing attacks and/or camera recording attacks, many observation attacks resistant PIN authentication schemes have been proposed. However, none of existing observation attacks resistant PIN authentication schemes can achieve both high security and good usability. To improve the resistance to observation attacks, we propose an earphones free audio based observation attacks resistant PIN authentication scheme — A-PAS, which uses a dual-tone mechanism to speed up the login process to improve usability, using mobile devices. Next, for environments with high security requirements, we propose another earphones free audio based observation attacks resistant PIN authentication scheme — A-PASPLUS, based on our improved dual-tone mechanism. Although the login time of A-PASPLUS may be slightly longer, its resistance to accidental login is strengthened. Furthermore, to reduce the user’s login time, we propose an earphones free visual-audio based observation attacks resistant PIN authentication scheme — VA-PAS, in which the mobile device’s receiver and touchscreen are used to speed up the user’s login process. However, VA-PAS is not suitable for noisy environments. Considering most current mobile devices provide multiple sensory interfaces and mechanisms, we propose an earphones free visual-audio-haptic based observation attacks resistant PIN authentication scheme — VAH-PAS, which uses the haptic feedback mechanism to reduce the possibility of leaking secret voice prompts in the situation that the mobile device’s receiver does not fit snugly to the user’s ear. Compared with VA-PAS, VAH-PAS is more suitable for noisy environments and for mild hearing-impaired users. Finally, we compare the proposed schemes with some existing representative observation attacks resistant PIN authentication schemes. The system designers and the users can choose the suitable observation attacks resistant PIN authentication schemes according to the security and usability requirements for their application environments.