To see the other types of publications on this topic, follow the link: Firewalls (Computer security) Computer networks Cryptography.
Dissertations / Theses on the topic 'Firewalls (Computer security) Computer networks Cryptography'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Firewalls (Computer security) Computer networks Cryptography.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Savacool, Richard. "Firewall resistance to metaferography in network communications /." Online version of thesis, 2010. http://hdl.handle.net/1850/12272.
Full text
2
Rumelioglu, Sertac. "Evaluation of Embedded Firewall System." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2005. http://library.nps.navy.mil/uhtbin/hyperion/05Mar%5FRumelioglu.pdf.
Full text
3
Farley, Ryan Joseph. "Parallel firewall designs for high-speed networks /." Electronic thesis, 2005. http://etd.wfu.edu/theses/available/etd-12142005-194043/.
Full text
4
Felker, Keith A. "Security and efficiency concerns with distributed collaborative networking environments /." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03sep%5FFelker.pdf.
Full text
5
Atkins, William Dee. "Design and implementation of a hardened distributed network endpoint security system for improving the security of internet protocol-based networks." Diss., Rolla, Mo. : University of Missouri-Rolla, 2007. http://scholarsmine.umr.edu/thesis/pdf/Final_Thesis_09007dcc8031d3b0.pdf.
Full textAbstract:
Thesis (M.S.)--University of Missouri--Rolla, 2007.Vita. The entire thesis text is included in file. Title from title screen of thesis/dissertation PDF file (viewed April 11, 2007) Includes bibliographical references (p. 54-55).
6
Asarcıklı, Şükran Tuğlular Tuğkan. "Firewall monitoring using intrusion detection systems/." [s.l.]: [s.n.], 2005. http://library.iyte.edu.tr/tezler/master/bilgisayaryazilimi/T000390.pdf.
Full text
7
Felker, Keith A. "Security and efficiency concerns with distributed collaborative networking environments." Thesis, Monterey, California. Naval Postgraduate School, 2009. http://hdl.handle.net/10945/852.
Full textAbstract:
Approved for public release, distribution unlimitedThe progression of technology is continuous and the technology that drives interpersonal communication is not an exception. Recent technology advancements in the areas of multicast, firewalls, encryption techniques, and bandwidth availability have made the next level of interpersonal communication possible. This thesis answers why collaborative environments are important in today's online productivity. In doing so, it gives the reader a comprehensive background in distributed collaborative environments, answers how collaborative environments are employed in the Department of Defense and industry, details the effects network security has on multicast protocols, and compares collaborative solutions with a focus on security. The thesis ends by providing a recommendation for collaborative solutions to be utilized by NPS/DoD type networks. Efficient multicast collaboration, in the framework of security is a secondary focus of this research. As such, it takes security and firewall concerns into consideration while comparing and contrasting both multicast-based and non-multicast-based collaborative solutions.
8
Tang, Wai-hung. "An anonymity scheme for file retrieval systems." Click to view the E-thesis via HKUTO, 2008. http://sunzi.lib.hku.hk/hkuto/record/B40887972.
Full text
9
Givens, Mark Allen. "Modeling and analyzing intrusion attempts to a computer network operating in a defense-in-depth posture." Thesis, View thesis View thesis via DTIC web site, 2004. http://handle.dtic.mil/100.2/ADA427180.
Full textAbstract:
Thesis (M.S.)--Naval Postgraduate School, 2004.Title from title screen (viewed Mar. 15, 2005). "September 2004." "ADA427180"--URL. Includes bibliographical references (p. 89-90). Also issued in paper format.
10
Snyder, Walter C. "Evaluating the effectiveness of packet filter firewall applications in a "dual stack" Internet Protocol environment /." Online version of thesis, 2010. http://hdl.handle.net/1850/12263.
Full text
11
Onions, Paul David. "A high-speed integrated circuit with applications to RSA cryptography." Thesis, University of Plymouth, 1995. http://hdl.handle.net/10026.1/337.
Full textAbstract:
The rapid growth in the use of computers and networks in government, commercial and private communications systems has led to an increasing need for these systems to be secure against unauthorised access and eavesdropping. To this end, modern computer security systems employ public-key ciphers, of which probably the most well known is the RSA ciphersystem, to provide both secrecy and authentication facilities. The basic RSA cryptographic operation is a modular exponentiation where the modulus and exponent are integers typically greater than 500 bits long. Therefore, to obtain reasonable encryption rates using the RSA cipher requires that it be implemented in hardware. This thesis presents the design of a high-performance VLSI device, called the WHiSpER chip, that can perform the modular exponentiations required by the RSA cryptosystem for moduli and exponents up to 506 bits long. The design has an expected throughput in excess of 64kbit/s making it attractive for use both as a general RSA processor within the security function provider of a security system, and for direct use on moderate-speed public communication networks such as ISDN. The thesis investigates the low-level techniques used for implementing high-speed arithmetic hardware in general, and reviews the methods used by designers of existing modular multiplication/exponentiation circuits with respect to circuit speed and efficiency. A new modular multiplication algorithm, MMDDAMMM, based on Montgomery arithmetic, together with an efficient multiplier architecture, are proposed that remove the speed bottleneck of previous designs. Finally, the implementation of the new algorithm and architecture within the WHiSpER chip is detailed, along with a discussion of the application of the chip to ciphering and key generation.
12
Ng, Ching Yu. "Contributions to security in wireless ad-hoc networks." Access electronically, 2005. http://www.library.uow.edu.au/adt-NWU/public/adt-NWU20060320.153622/index.html.
Full textAbstract:
Thesis (M.Comp.Sc.)--University of Wollongong, 2005.Typescript. This thesis is subject to a 6 month embargo (12/12/05 to 12/06/06) and may only be viewed and copied with the permission of the author. For further information please Contact the Archivist. Includes bibliographical references: leaf 65-72.
13
Tang, Jin. "Mobile IPv4 Secure Access to Home Networks." Diss., Georgia Institute of Technology, 2006. http://hdl.handle.net/1853/11536.
Full textAbstract:
With the fast development of wireless networks and devices, Mobile
IP is expected to be used widely so that mobile users can access
the Internet anywhere, anytime without interruption. However, some
problems, such as firewall traversal and use of private IP
addresses, restrict use of Mobile IP. The objective of this thesis
is to design original schemes that can enable a mobile node at
abroad to access its home network as well as the Internet securely
and that can help Mobile IP to be used widely and commercially.
Our solutions are secure, efficient, and scalable. They can be
implemented and maintained easily. In this thesis, we mainly
consider Mobile IPv4, instead of Mobile IPv6. Three research
topics are discussed. In each topic, the challenges are
investigated and the new solutions are presented.
The first research topic solves the firewall traversal problems in
Mobile IP. A mobile node cannot access its firewall-protected home
network if it fails the authentication by the firewall. We propose
that an IPsec tunnel be established between the firewall and the
foreign agent for firewall traversal and that an IPsec transport
security association be shared by the mobile node and a
correspondent node for end-to-end security.
The second topic researches further on firewall traversal problems
and investigates the way of establishing security associations
among network entities. A new security model and a new key
distribution method are developed. With the help of the security
model and keys, the firewall and the relevant network entities set
up IPsec security associations to achieve firewall traversal.
A mobile node from a private home network cannot communicate with
other hosts with its private home address when it is visiting a
public foreign network. A novel and useful solution is presented
in the third research topic. We suggest that the mobile node use
its Network Access Identifier (NAI) as its identification and
obtain a public home address from its home agent. In addition, a
new tunnel between the mobile node and its home agent is proposed.
14
Tang, Wai-hung, and 鄧偉雄. "An anonymity scheme for file retrieval systems." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2008. http://hub.hku.hk/bib/B40887972.
Full text
15
Whitney, Justin D. "The wisdom of crowds as a model for trust and security in peer groups." Link to electronic thesis, 2005. http://www.wpi.edu/Pubs/ETD/Available/etd-092905-183353/.
Full text
16
Kurnio, Hartono. "Contributions to group key distribution schemes." Access electronically, 2005. http://www.library.uow.edu.au/adt-NWU/public/adt-NWU20060509.103409/index.html.
Full text
17
Kwok, Hon-man Sammy, and 郭漢文. "A scalable and secure networking paradigm using identity-based cryptography." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2011. http://hub.hku.hk/bib/B46971713.
Full text
18
Marjanovic, Uros. "Exploration of a method for constructing an industrial ethernet with ethernet enabled devices in an industrial environment using a Cisco adaptive security appliance /." View online, 2009. http://repository.eiu.edu/theses/docs/32211131565124.pdf.
Full text
19
Al-Shareeda, Sarah Yaseen Abdulrazzaq. "Enhancing Security, Privacy, and Efficiency of Vehicular Networks." The Ohio State University, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=osu150032914711847.
Full text
20
Baek, Joonsang 1973. "Construction and formal security analysis of cryptographic schemes in the public key setting." Monash University, School of Network Computing, 2004. http://arrow.monash.edu.au/hdl/1959.1/5243.
Full text
21
Zhang, Cong, and 張聰. "Design of Anonymity scheme for communication systems." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2002. http://hub.hku.hk/bib/B31228100.
Full text
22
Patel, Ketaki Animesh. "Multiplexing high speed quantum key distribution with conventional data on a single optical fibre." Thesis, University of Cambridge, 2015. https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.708533.
Full text
23
Srivatsa, Mudhakar. "Security Architecture and Protocols for Overlay Network Services." Diss., Georgia Institute of Technology, 2007. http://hdl.handle.net/1853/16284.
Full textAbstract:
Conventional wisdom suggests that in order to build a secure system, security must be an integral component in the system design. However, cost considerations drive most system designers to channel their efforts on the system's performance, scalability and usability. With little or no emphasis on security, such systems are vulnerable to a wide range of attacks that can potentially compromise confidentiality, integrity and availability of sensitive data. It is often cumbersome to redesign and implement massive systems with security as one of the primary design goals. This thesis advocates a proactive approach that cleanly retrofits security solutions into existing system architectures. The first step in this approach is to identify security threats, vulnerabilities and potential attacks on a system or an application. The second step is to develop security tools in the form of customizable and configurable plug-ins that address these security issues and minimally modify existing system code, while preserving its performance and scalability metrics.
This thesis uses overlay network applications to shepherd through and address challenges involved in supporting security in large scale distributed systems. In particular, the focus is on two popular applications: publish/subscribe networks and VoIP networks. Our work on VoIP networks has for the first time identified and formalized caller identification attacks on VoIP networks. We have identified two attacks: a triangulation based timing attack on the VoIP network's route set up protocol and a flow analysis attack on the VoIP network's voice session protocol. These attacks allow an external observer (adversary) to uniquely (nearly) identify the true caller (and receiver) with high probability. Our work on the publish/subscribe networks has resulted in the development of an unified framework for handling event confidentiality, integrity, access control and DoS attacks, while incurring small overhead on the system. We have proposed a key isomorphism paradigm to preserve the confidentiality of events on publish/subscribe networks while permitting scalable content-based matching and routing. Our work on overlay network security has resulted in a novel information hiding technique on overlay networks. Our solution represents the first attempt to transparently hide the location of data items on an overlay network.
24
Ambers, Vanessa P. Kelly Amanda M. "Installation, configuration and operational testing of a PKI certificate server and its supporting services /." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2004. http://library.nps.navy.mil/uhtbin/hyperion/04Jun%5FAmbers.pdf.
Full textAbstract:
Thesis (M.S. in Information Technology Management)--Naval Postgraduate School, June 2004.Thesis advisor(s): J.D. Fulp, Dan C. Boger. Includes bibliographical references (p. 159-160). Also available online.
25
Butun, Ismail. "Prevention and Detection of Intrusions in Wireless Sensor Networks." Scholar Commons, 2013. http://scholarcommons.usf.edu/etd/4449.
Full textAbstract:
Wireless Sensor Networks (WSNs) continue to grow as one of the most exciting and challenging research areas of engineering. They are characterized by severely constrained computational and energy
resources and also restricted by the ad-hoc network operational
environment. They pose unique challenges, due to limited power
supplies, low transmission bandwidth, small memory sizes and limited energy. Therefore, security techniques used in traditional networks cannot be directly adopted. So, new ideas and approaches are needed, in order to increase the overall security of the network. Security applications in such resource constrained WSNs with minimum overhead provides significant challenges, and is the main focus of this dissertation.
There is no "one size fits all" solution in defending WSNs against intrusions and attacks. Therefore, intrusions and attacks against WSNs should be carefully examined to reveal specific vulnerabilities associated with them, before beginning the design of any kind of intrusion prevention and detection systems. By following this rationale, the dissertation starts with providing information regarding the WSNs, types of attacks towards WSNs, and the methods on how to prevent and detect them. Then, in order to secure WSNs, a security provisioning plan is provided.
In general, the following processes may be involved in securing WSNs: Intrusion Prevention, Intrusion Detection, and Intrusion
Mitigation. This dissertation presents solutions (algorithms and
schemes) to the first two lines of defenses of the security
provisioning plan, namely, Intrusion Prevention and Intrusion
Detection.
As a first line of defense in securing WSNs, this dissertation
presents our proposed algorithm ("Two-Level User Authentication" scheme) as an Intrusion Prevention System (IPS) for WSNs. The algorithm uses two-level authentication between a sensor node and a user. It is designed for heterogeneous WSNs, meaning that
the network consists of two components: regular nodes and more
powerful cluster heads. The proposed scheme is evaluated both
analytically and also in a simulation environment, by comparing it
to the current state-of-the-art schemes in the literature.
A comprehensive and systematic survey of the state-of-the-art in
Intrusion Detection Systems (IDSs) that are proposed for Mobile
Ad-Hoc Networks (MANETs) and WSNs is presented. Firstly, detailed
information about IDSs is provided. This is followed by the analysis
and comparison of each scheme along with their advantages and
disadvantages from the perspective of security. Finally, guidelines
on IDSs that are potentially applicable to WSNs are provided. Overall, this work would be very helpful to the researchers in developing their own IDSs for their WSNs.
Clustering (of the nodes) is very important for WSNs not only in
data aggregation, but also in increasing the overall performance of
the network, especially in terms of total life-time. Besides, with the help of clustering, complex intrusion prevention and detection algorithms can be implemented. Therefore, background on the
clustering algorithms is provided and then a clustering algorithm
for WSNs is proposed, that is both power and connectivity aware. The proposed algorithm provides higher energy efficiency and increases the life-time of the network. In evaluating the proposed clustering algorithm (in a simulation environment by comparing its' performance to the previously proposed algorithm, namely Kachirski et al.'s algorithm), it is demonstrated that the proposed algorithm
improves energy efficiency in WSNs.
Finally, an IDS framework based on multi-level clustering for
hierarchical WSNs is proposed. It is based upon (the nodes use our
proposed clustering algorithm while forming their clusters) the
clustering algorithm that is proposed in this dissertation. The
framework provides two types of intrusion detection approaches,
namely "Downwards-IDS (D-IDS)" to detect the abnormal behavior (intrusion) of the subordinate (member) nodes and "Upwards-IDS (U-IDS)" to detect the abnormal behavior of the cluster heads. By using analytical calculations, the optimum parameters for the D-IDS (number of maximum hops) and U-IDS (monitoring group size) of the framework are evaluated and presented.
Overall, this dissertation research contributes to the first two lines of defenses towards the security of WSNs, namely, IPS and IDS.
Furthermore, the final contribution of this dissertation is towards
the topology formation of the WSNs (especially for the hierarchical
WSNs), namely, clustering; which would be very useful in implementation of the IPS and IDS systems that are presented in this dissertation.
26
Macdonell, James Patrick. "MiniCA: A web-based certificate authority." CSUSB ScholarWorks, 2007. https://scholarworks.lib.csusb.edu/etd-project/3256.
Full textAbstract:
The MiniCA project is proposed and developed to address growing demand for inexpensive access to security features such as privacy, strong authentication, and digital signatures. These features are integral to public-key encryption technologies. The audience for whom the software project is intended includes, technical staff requiring certificates for use in SSL applications (i.e. a secure web-site) at California State University, San Bernardino.
27
Go, Hiu-wing, and 吳曉頴. "Forward security and certificate management in mobile AD Hoc networks." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2004. http://hub.hku.hk/bib/B30331080.
Full text
28
Al-Ibrahim, Mohamed Hussain. "Source authentication in group communication." Thesis, Electronic version, 2005. http://hdl.handle.net/1959.14/549.
Full textAbstract:
Title from screen page; viewed 10 Oct 2005.Thesis (PhD)--Macquarie University, Division of Information and Communication Sciences, Dept. of Computing, 2004.
Bibliography: leaves 163-175.
Introduction -- Cryptographic essentials -- Multicast: structure and security -- Authentication of multicast streams -- Authentication of concast communication -- Authentication of transit flows -- One-time signatures for authenticating group communication -- Authentication of anycast communication -- Authentication of joining operation - Conclusion and future directions.
Electronic publication; full text available in PDF format.
Multicast is a relatively new and emerging communication mode in which a sender sends a message to a group of recipients in just one connection establishment... reducing broadband overhead and increasing resource utilization in the already congested and contented network... The focus of the research in this area has been in two directions: first, building an efficient routing infrastructure, and secondly, building a sophisticated security infrastructure. The focus of this work is on the second issue.
An ideal authenticated multicast environment ... provides authenticity for all the communication operations in the system... We ... propose a comprehensive solution to the problem ... for all its possible operations... 1. one-to-one (or joining mode) 2. one-to-many (or broadcast mode) 3. many-to-one (or concast mode) 4. intermediate (or transit mode) ... We study the ... mode known as anycast, in which a server is selected from a group of servers. Further we develop ... schemes for group-based communication exploiting the distinct features of one-time signatures... cover situations when a threshold number of participants are involved and ... where a proxy signer is required.
Electronic reproduction.
Mode of access: World Wide Web.
Also available in a print form
29
Prakash, Abhinav. "Rendering Secured Connectivity in a Wireless IoT Mesh Network with WPAN's and VANET's." University of Cincinnati / OhioLINK, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1491557510577536.
Full text
30
Lai, Chun-Pong. "Several variants and generalizations of Shamir's secret sharing scheme /." View Abstract or Full-Text, 2002. http://library.ust.hk/cgi/db/thesis.pl?COMP%202002%20LAI.
Full textAbstract:
Thesis (M. Phil.)--Hong Kong University of Science and Technology, 2002.Includes bibliographical references (leaves 55-58). Also available in electronic version. Access restricted to campus users.
31
Jagetia, Mohit. "DESIGN AND HARDWARE IMPLEMENTATION OF A NOVEL SCRAMBLING SECURITY ALGORITHM FOR ROBUST WIRELESS LOCAL AREA NETWORKS." Master's thesis, University of Central Florida, 2004. http://digital.library.ucf.edu/cdm/ref/collection/ETD/id/4402.
Full textAbstract:
The IEEE802.11 standard for wireless networks includes a Wired Equivalent Privacy (WEP) protocol, which is a popular wireless secure communication stream cipher protocol approach to network security used to protect link-layer communications from eavesdropping and other attacks. It allows user to communicate with the user; sharing the public key over a network. It provides authentication and encrypted communications over unsecured channels. However, WEP protocol has an inherent security flaw. It is vulnerable to the various attacks, various experiments has proved that WEP fails to achieve its security goals. This thesis entails designing, evaluating and prototyping a wireless security infrastructure that can be used with the WEP protocol optionally, thus reducing the security vulnerabilities. We have studied the flaws of WEP and the reasons for their occurrence, and we provide the design and implementation of a novel scheme in Matlab and VHDL to improve the security of WEP in all aspects by a degree of 1000. The architecture was designed with a consideration for least increment in hardware, thus achieving power and cost efficiency. It also provides flexibility for optional implementation with the available technology by being able to be bypassed by the technology, which allows for non-replacement of existing hardware, common on both, the WEP and the proposed protocols, on the fly.M.S.
Department of Electrical and Computer Engineering
Engineering and Computer Science
Electrical and Computer Engineering
32
Chan, Kevin Sean. "Towards securing networks of resource constrained devices a study of cryptographic primitives and key distribution schemes /." Diss., Atlanta, Ga. : Georgia Institute of Technology, 2008. http://hdl.handle.net/1853/26651.
Full textAbstract:
Thesis (Ph.D)--Electrical and Computer Engineering, Georgia Institute of Technology, 2009.Committee Chair: Fekri, Faramarz; Committee Member: James McClellan; Committee Member: John Copeland; Committee Member: Steven McLaughlin; Committee Member: Yajun Mei. Part of the SMARTech Electronic Thesis and Dissertation Collection.
33
Harrison, Willie K. "Physical-layer security: practical aspects of channel coding and cryptography." Diss., Georgia Institute of Technology, 2012. http://hdl.handle.net/1853/44818.
Full textAbstract:
In this work, a multilayer security solution for digital communication systems is provided by considering the joint effects of physical-layer security channel codes with application-layer cryptography. We address two problems: first, the cryptanalysis of error-prone ciphertext; second, the design of a practical physical-layer security coding scheme. To our knowledge, the cryptographic attack model of the noisy-ciphertext attack is a novel concept. The more traditional assumption that the attacker has the ciphertext is generally assumed when performing cryptanalysis. However, with the ever-increasing amount of viable research in physical-layer security, it now becomes essential to perform the analysis when ciphertext is unreliable. We do so for the simple substitution cipher using an information-theoretic framework, and for stream ciphers by characterizing the success or failure of fast-correlation attacks when the ciphertext contains errors. We then present a practical coding scheme that can be used in conjunction with cryptography to ensure positive error rates in an eavesdropper's observed ciphertext, while guaranteeing error-free communications for legitimate receivers. Our codes are called stopping set codes, and provide a blanket of security that covers nearly all possible system configurations and channel parameters. The codes require a public authenticated feedback channel. The solutions to these two problems indicate the inherent strengthening of security that can be obtained by confusing an attacker about the ciphertext, and then give a practical method for providing the confusion. The aggregate result is a multilayer security solution for transmitting secret data that showcases security enhancements over standalone cryptography.
34
Ozan, Orhan. "Denial of service attacks on 802.1X security protocol." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2004. http://library.nps.navy.mil/uhtbin/hyperion/04Mar%5FOzan.pdf.
Full text
35
Kelly, Amanda M., and Vanessa P. Ambers. "Installation, configuration and operational testing of a PKI certificate server and its supporting services." Thesis, Monterey California. Naval Postgraduate School, 2004. http://hdl.handle.net/10945/1615.
Full textAbstract:
Approved for public release; distribution is unlimitedPublic key infrastructure (PKI) was created to provide the basic services of confidentiality, authenticity, integrity and non-repudiation for sensitive information that may traverse public (un-trusted) networks. This thesis provides a brief description of the background and functional components of a PKI, and then "builds" a PKI to be used for research at the Naval Postgraduate School (NPS). Deficiencies of this PKI with respect to DoD PKI policy are delineated. The thesis addresses details of software selection, installation, configuration and operation; using Netscape's Certificate Management System as its Certificate Authority application of choice. The functionality of this PKI was validated by testing all major certificate lifecycle events (creation, archival, revocation, validation, etc.) All but two of these tests were successful-key escrow and revocation checking-and thus these two remain to be addressed by further work to make the NPS PKI fully functional.
First Lieutenant, United States Air Force
Lieutenant Commander, United States Navy
36
Chen, YiQun. "Contributions to privacy preserving with ring signatures." Access electronically, 2006. http://www.library.uow.edu.au/adt-NWU/public/adt-NWU20070104.134826/index.html.
Full text
37
CHENG, YI. "Security Mechanisms for Mobile Ad Hoc and Wireless Sensor Networks." University of Cincinnati / OhioLINK, 2008. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1212076752.
Full text
38
Qachri, Naïm. "Heterogeneous Networks: from integration to mobility." Doctoral thesis, Universite Libre de Bruxelles, 2015. http://hdl.handle.net/2013/ULB-DIPOT:oai:dipot.ulb.ac.be:2013/216693.
Full textAbstract:
Français:La notion de réseaux hétérogènes correspond à l’intégration de plusieurs technologies de transmission de données sans-fil dans le but d’accroitre la qualité de service des communications dans les réseaux mobiles.Historiquement, les mécanismes de sécurité des réseaux mobiles et sans-fil ont été largement focalisés sur la protection d’équipement utilisateur au niveau du dernier saut de communication et sur base d’une connectivité simple et unique. Cette connectivité, réduite à sa plus simple expression, a restraint le développement des protocoles de sécurité à des protocoles bi-parties, qui couvrent l’authentification des équipements utilisateurs et le chiffrement sur des communicationsLes mécanismes de sécurité et de cryptographie ne sont donc pas suffisants pour protéger correctement et efficacement des connections parallèles ou leur mobilité au sein de réseaux hétérogènes. Le but de cette thèse de doctorat, à travers quatre contributions personnelles, est d’apporter de nouveaux mécanismes et protocoles de sécurité afin de protéger au mieux les réseaux hétérogènes:• La première contribution se focalise sur le développement d’une nouvelle primitive cryptographique pour la protection des transmissions sans-fil. La propriété principale de celle-ci est de protéger les trames en cas de capture. Cette primitive introduit, notamment, la notion de force brute probabiliste (ce qui veut dire qu’un attaquant ne peut pas choisir parmi différentes clés équiprobables laquelle est effectivement utilisée).• La seconde contribution propose un nouveau protocole pour gérer d’une manière sure et efficace la mobilité des équipements utilisateurs entre différentes technologies au sein de réseaux hétérogènes.• La troisième contribution couvre la gestion des clés maîtres des utilisateurs, embarqués au sein des cartes SIM, utilisées au sein des réseaux d’opérateurs mobiles. Nos protocoles et mécanismes automa- tisent des changements réguliers et sûrs de la clé maître, et ajoutent de la diversité dans la gestion des clés de sessions pour minimiser l’impact en cas de révélation de ces dernières (par le biais d’un vol de base de donnée, par exemple)• La quatrième contribution introduit un nouveau paradigme de connectivité pour les réseaux mo- biles basé sur des communications 1−à−n. Le paradigme redéfinit les frontières de sécurité et place l’équipement utilisateur au centre d’un groupe authentifié mobile. Par conséquent, le changement de paradigme mène à la création de nouveaux protocoles pour l’authentification, la gestion de la mo- bilité et la négociation protégées de clés afin de fournir une protection de bout en bout entre deux équipements utilisateurs ou plus.English:Heterogeneous Networks (HetNets) is the integration of multiple wireless technologies to increase the quality of service of the communications in mobile networks. This evolution is the next generation of Public Land Mobile Networks (PLMNs).Mobile and wireless network security mechanisms have largely focused on the protection of the User Equipment (UE) within the last mile (the last hop of the communication in the chain of connected devices) and on single connections. The single connectivity has reduced the development of the security to two party protocols, and they cover the authentication of the UE to the mobile network and the encryption on a single channel based on homogeneous communications through a unique technology.The current security and cryptographic mechanisms are not sufficient to protect correctly, and efficiently, parallel connections or their mobility in HetNets. The purpose of the PhD Thesis is to bring new security protocols and mechanisms to protect HetNets.The contributions, that are brought by the thesis, follow the evolution of HetNets through 4 contributions by starting from the wireless transmissions to the largest frame of HetNets architecture:• The first contribution focuses on the development of an new cryptographic primitives for wireless transmissions. The main property is to protect the frame from eavesdropping. The primitive introduces the notion of probabilistic brute force (meaning that an attacker cannot decide among different keys which the used one).• The second contribution proposes a new protocol to manage efficiently and securely the mobility of the UEs between different technologies inside HetNets.• The third contribution covers the management of the master secrets, embedded within the Universal Subscriber Identity Module (USIM), in large PLMNs. Our mechanisms and protocols automate regular and secure changes of the master secret, and they add diversity in the management of session keys to minimize the impact of key leakages (in case of credential database theft, for instance).• The fourth contribution introduces a new connectivity paradigm for mobile networks based on one-to- many communications. The paradigm redesigns the security borders and puts the UE in the center of a mobile authenticated group. Therefore, the paradigm shift leads to new security protocols for authentication, mobility management, and secure negotiation to provide end-to-end encryption between two or more UEs.
Doctorat en Sciences
info:eu-repo/semantics/nonPublished
39
Coetzee, Dirk Badenhorst. "The development of an efficient and secure product entitlement system for Pay-TV in modern attack scenarios." Thesis, Stellenbosch : Stellenbosch University, 2013. http://hdl.handle.net/10019.1/80292.
Full textAbstract:
Thesis (MScEng)--Stellenbosch University, 2013.ENGLISH ABSTRACT: A secure product entitlement system allows one party, such as a pay-TV operator, to broadcast the same collection of information to several receiving parties while only allowing a certain subset of the receiving parties to access the information. This system must still be secure in the scenario where all receiving parties who are not allowed access to the information, pool their resources in an attempt to gain access to the information. Such a product entitlement system must also be bandwidth e cient since it can be deployed in networks where bandwidth is at a premium. The foundations of modern encryption techniques is reviewed and a survey of existing techniques, used to secure content in broadcast environments, is studied. From this collection of techniques two were identi ed as bandwidth e cient and are discussed in more detail before being implemented. An attempt is then made to design a new secure bandwidth e cient encryption scheme for protecting content in a broadcast environment. Several iterations of the design is detailed, including the security aw which makes each design insecure. The nal design was implemented and compared in several metrics to the two previously selected bandwidth e cient schemes. A framework to test the correctness of the schemes over a network is also designed and implemented. Possible future avenues of research are identi ed with regards to creating a secure broadcast encryption scheme and improving the software solution in which to use such a scheme.
AFRIKAANSE OPSOMMING: 'n Veilige produk-aanspraak-stelsel stel een party, soos byvoorbeeld 'n betaal-TV-operateur, in staat om dieselfde versameling inligting na verskeie partye uit te saai, terwyl slegs 'n bepaalde deelversameling van die ontvangende partye toegelaat sal word om toegang tot die inligting te bekom. Hierdie stelsel moet steeds die inligting beskerm in die geval waar al die ontvangende partye wat toegang geweier word, hul hulpbronne saamsmee in 'n poging om toegang te verkry. So 'n produk-aanspraak-stelsel moet ook bandwydte doeltre end benut, aangesien dit gebruik kan word in netwerke waar bandwydte baie duur is. Die fondamente van die moderne enkripsietegnieke word hersien. 'n Opname van bestaande tegnieke wat gebruik word om inligting te beskerm in 'n uitsaai omgewing word bestudeer. Uit hierdie versameling tegnieke word twee geïdenti seer as tegnieke wat bandwydte doeltre end benut en word meer volledig bespreek voordat dit geïmplementeer word. 'n Poging word dan aangewend om 'n nuwe veilige bandwydte doeltre ende enkripsietegniek te ontwerp vir die beskerming van inligting wat uitgesaai word. Verskeie iterasies van die ontwerp word uiteengesit, met 'n bespreking van die sekuriteitsfout wat elke ontwerp onveilig maak. Die nale ontwerp is geïmplementeer en aan die hand van verskeie maatstawwe vergelyk met die twee bandwydte doeltre ende tegnieke, wat voorheen gekies is. 'n Raamwerk om die korrektheid van die tegnieke oor 'n netwerk te toets, is ook ontwerp en geïmplementeer. Moontlike toekomstige rigtings van navorsing word geïdenti seer met betrekking tot die skep van 'n veilige uitsaai enkripsietegniek en die verbetering van die sagtewareoplossing wat so 'n tegniek gebruik.
40
Oliveira, Leonardo Barbosa e. 1979. "Distribuição de chaves criptograficas em redes de sensores sem fio." [s.n.], 2008. http://repositorio.unicamp.br/jspui/handle/REPOSIP/276021.
Full textAbstract:
Orientador: Ricardo DahabTese (doutorado) - Universidade Estadual de Campinas, Instituto de Computação
Made available in DSpace on 2018-08-12T16:21:53Z (GMT). No. of bitstreams: 1 Oliveira_LeonardoBarbosae_D.pdf: 1449415 bytes, checksum: 3afcf327f38f617ba90013567a864e6c (MD5) Previous issue date: 2008
Resumo: Redes de Sensores Sem Fio (RSSFs) são compostas em sua maioria por pequenos nós sensores dotados de recursos extremamente limitados. Estes, por sua vez, se comunicam com o mundo externo através de nós poderosos chamados de sorvedouros ou estações rádio base. RSSFs são empregadas com o objetivo de monitorar regiões, oferecendo dados sobre a área monitorada para o resto do sistema. Tais redes podem ser utilizadas para diferentes aplicações, tais como operações de resgate em áreas de conflito/desastre, espionagem industrial e detecção de exploração ilegal de recursos naturais. Em RSSFs existem aplicações críticas nas quais propriedades de segurança são de vital importância. Segurança, por sua vez, é comumente alavancada através de esquemas de distribuição de chaves. A maioria dos padrões de distribuição de chaves presentes na literatura, todavia, não são apropriados para RSSFs: métodos baseados em esquemas de chave pública convencionais, devido aos seus requisitos de processamento e banda; chaves de grupo, em função das suas vulnerabilidades de segurança; e chaves par-a-par (pairwise), por causa da baixa escalabilidade. Um outro dado é que há uma vasta gama de arquiteturas propostas para RSSFs e que uma mesma técnica de distribuição de chaves pode ser a melhor para uma, mas não para outra, visto que diferentes arquiteturas de rede exibem padrões de comunicação distintos. Em outras palavras, não existe uma panacéia, e mecanismos de distribuição de chaves para RSSFs devem, portanto, levar em consideração as idiossincrasias das arquiteturas para as quais são projetadas. Tudo isso torna extremamente difícil e desafiadora a tarefa de dotar RSSFs de segurança. O objetivo deste trabalho foi propor soluções de distribuição de chaves que, concomitantemente, (i) fossem compatíveis com os recursos dos sensores e (ii) considerassem as particularidades das arquiteturas para as quais são propostas. Como será mostrado ao longo desta tese, iniciamos nosso trabalho com soluções personalizadas para certas arquiteturas de RSSFs e evoluímos para soluções flexíveis em que a segurança é alavancada de forma não interativa - o que é ideal para este tipo de rede. Até onde sabemos, nosso trabalho é pioneiro em soluções de segurança para RSSFs hierárquicas e em distribuição de chaves de forma autenticada e não interativa, usando Criptografia Baseada em Identidade, neste tipo de rede.
Abstract: Wireless sensor networks (WSNs) are ad hoc networks comprised mainly of small sensor nodes with limited resources and one or more base stations, which are much more powerful laptop-class nodes that connect the sensor nodes to the rest of the world. WSNs are used for monitoring purposes, providing information about the area being monitored to the rest of the system. Application areas range from battlefield reconnaissance and emergency rescue operations to surveillance and environmental protection. There are also critical WSN applications in which security properties are of paramount importance. Security, in turn, is frequently bootstrapped through key distribution schemes. Most of the key distribution techniques, however, are ill-suited to WSNs: public key based distribution, because of its processing and bandwidth requirements; global keying, because of its security vulnerabilities; complete pairwise keying, because of its memory requirements. It is worth noting, however, that a large number of WSN architectures have been proposed and a key distribution solution that is well suited to one architecture is likely not to be the best for another, as different network architectures exhibit different communication patterns. In other words, there is no panacea and the design of a key distribution scheme must therefore be driven by the peculiarities of the WSN architecture in question. This all makes extremely hard and challenging the objective of securing WSNs. In this work, we aimed at proposing key distribution schemes that are both (i) lightweight and (ii) able to fulfill architecture-specific needs. As it will be shown throughout this thesis, we began our work with customized solutions for certain types of WSNs and then, subsequently, turned our attention to more flexible solutions, where security is bootstrapped in a non-interactive way through the use of Identity-Based Cryptography.
Doutorado
Teoria da Computação
Doutor em Ciência da Computação
41
Pigatto, Daniel Fernando. "Segurança em sistemas embarcados críticos - utilização de criptografia para comunicação segura." Universidade de São Paulo, 2012. http://www.teses.usp.br/teses/disponiveis/55/55134/tde-06092012-154011/.
Full textAbstract:
Este trabalho contempla o estudo de algoritmos criptográficos para assegurar a comunicação entre sistemas embarcados críticos tendo em vista o grande crescimento na utilização e disseminação desse tipo de sistema, bem como a alta necessidade em se assegurar as informações que são enviadas e recebidas. Um dos desafios a serem contemplados é o estudo e a avaliação do impacto no desempenho desses sistemas, levando em consideração limitações de recursos inerentes a esta plataforma e a criticidade da comunicação em sistemas de tempo real. Os experimentos realizados são de cunho prático por meio de um protótipo implementado em kits Gumstix Overo EVM. Os resultados avaliam os principais algoritmos de criptografia, provendo informações que podem auxiliar na escolha de uma solução criptográfica própria para ambientes embarcadosThis research includes the study of cryptographic algorithms to ensure communication among critical embedded systems, considering the large growth of application and dissemination of this type of system, as well as the high necessity to ensure the security of information that is exchanged. One of the challenges to be addressed is the study and evaluation of the performance impact in these systems, considering resource constraints inherent to the platform and the criticality of the communication in real-time systems. The experiments are of practical lead through a prototype implemented in Gumstix Overo EVM kits. The results evaluate the main encryption algorithms, providing information that may help in choosing a cryptographic solution suitable for embedded environments
42
Thames, John Lane. "Advancing cyber security with a semantic path merger packet classification algorithm." Diss., Georgia Institute of Technology, 2012. http://hdl.handle.net/1853/45872.
Full textAbstract:
This dissertation investigates and introduces novel algorithms, theories, and supporting frameworks to significantly improve the growing problem of Internet security. A distributed firewall and active response architecture is introduced that enables any device within a cyber environment to participate in the active discovery and response of cyber attacks. A theory of semantic association systems is developed for the general problem of knowledge discovery in data. The theory of semantic association systems forms the basis of a novel semantic path merger packet classification algorithm. The theoretical aspects of the semantic path merger packet classification algorithm are investigated, and the algorithm's hardware-based implementation is evaluated along with comparative analysis versus content addressable memory. Experimental results show that the hardware implementation of the semantic path merger algorithm significantly outperforms content addressable memory in terms of energy consumption and operational timing.
43
Gouvêa, Conrado Porto Lopes 1984. "Implementação em software de criptografia baseada em emparelhamentos para redes de sensores usando o microcontrolador MSP430." [s.n.], 2010. http://repositorio.unicamp.br/jspui/handle/REPOSIP/275806.
Full textAbstract:
Orientador: Julio César López HernándezDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação
Made available in DSpace on 2018-08-16T09:36:03Z (GMT). No. of bitstreams: 1 Gouvea_ConradoPortoLopes_M.pdf: 1643588 bytes, checksum: 84895f14e5bab746796d6ca64e8287cf (MD5) Previous issue date: 2010
Resumo: Redes de sensores sem fio têm se tornado populares recentemente e possuem inúmeras aplicações. Contudo, elas apresentam o desafio de como proteger suas comunicações utilizando esquemas criptográficos, visto que são compostas por dispositivos de capacidade extremamente limitada. Neste trabalho é descrita uma implementação eficiente em software, para redes de sensores sem fio, de duas tecnologias de criptografia pública: a Criptografia Baseada em Emparelhamentos (CBE) e a Criptografia de Curvas Elípticas (CCE). Nossa implementação foca a família de microcontroladores MSP430 de 16 bits, utilizada em sensores como o Tmote Sky e TelosB. Em particular, para a CBE, foram implementados algoritmos para o cálculo de emparelhamentos nas curvas MNT e BN sobre corpos primos; para a CCE, foi implementado o esquema de assinatura ECDSA sobre corpos primos para os níveis de segurança de 80 e 128 bits. As principais contribuições deste trabalho são um estudo aprofundado dos algoritmos de emparelhamentos bilineares e novas otimizações na aritmética de corpos primos para a MSP430, que consequentemente melhoram o desempenho dos criptossistemas de CBE e CCE em tal plataforma
Abstract: Wireless sensor networks have become popular recently and provide many applications. However, the deployment of cryptography in sensor networks is a challenging task, given their limited computational power and resource-constrained nature. This work presents an efficient software implementation, for wireless sensor networks, of two public-key systems: Pairing-Based Cryptography (PBC) and Elliptic Curve Cryptography (ECC). Our implementation targets the MSP430 microcontroller, which is used in some sensors including the Tmote Sky and TelosB. For the PBC, we have implemented algorithms for pairing computation on MNT and BN curves over prime fields; for the ECC, the signature scheme ECDSA over prime fields for the 80-bit and 128-bit security levels. The main contributions of this work are an in-depth study of bilinear pairings algorithms and new optimizations for the prime field arithmetic in the MSP430, which improves the running times of the PBC and ECC cryptosystems on the platform
Mestrado
Teoria da Computação
Mestre em Ciência da Computação
44
Lafourcade, Pascal. "Sécurité assistée par ordinateur pour les primitives cryptgraphiques, les protocoles de vote électronique et les réseaux de capteurs sans fil." Habilitation à diriger des recherches, Université de Grenoble, 2012. http://tel.archives-ouvertes.fr/tel-00807568.
Full textAbstract:
La sécurité est une des préoccupations principales de l'informatique moderne. De plus en plus de personnes utilisent un ordinateur pour des opérations sensibles comme pour des transferts bancaires, des achats sur internet, le payement des impôts ou même pour voter. La plupart de ces utilisateurs ne savent pas comment la sécurité est assurée, par conséquence ils font totalement confiance à leurs applications. Souvent ces applications utilisent des protocoles cryptographiques qui sont sujet à erreur, comme le montre la célèbre faille de sécurité découverte sur le protocole de Needham-Schroeder dix-sept ans après sa publication. Ces erreurs proviennent de plusieurs aspects : -- Les preuves de primitives cryptographiques peuvent contenir des erreurs. -- Les propriétés de sécurité ne sont pas bien spécifiées, par conséquence, il n'est pas facile d'en faire la preuve. -- Les hypothèses faites sur le modèle de l'intrus sont trop restrictives. Dans cette habilitation, nous présentons des méthodes formelles pour vérifier la sécurité selon ces trois aspects. Tout d'abord, nous construisons des logiques de Hoare afin de prouver la sécurité de primitives cryptographiques comme les chiffrements à clef publique, les modes de chiffrement asymétriques et les codes d'authentification de message ( Message authentication codes, MACs). Nous étudions aussi les protocoles de votes électroniques et les réseaux de capteus sans fil ( Wireless Sensor Networks, WSNs ). Dans ces deux domaines, nous analysons les propriétés de sécurité afin de les modéliser formellement. Ensuite nous développons des techniques appropriées afin de les vérifier.
45
Van, der Walt Estee. "An audit and risk handling prototype for firewall technology." Thesis, 2008. http://hdl.handle.net/10210/516.
Full textAbstract:
Throughout the years, computer networks have grown in size and complexity. This growth attributed to the need for network security. As more and more people use computers and the Internet, more confidential documentation are being kept on computers and sent to other locations over a network. To implement network security, the security administrator should firstly identify all the needs, resources, threats and risks of the organisation to ensure that all areas of the network is included within the network security policy. The network security policy contains, amongst others, the information security services needed within the organisation’s network for security. These information security services can be implemented via many different security mechanisms. Firewalls are but one of these security mechanisms. Today, firewalls are implemented in most organisations for network security purposes. The author, however, feels that the implementation of only a firewall is not enough. Tools such as log file analysers and risk analysers can be added to firewall technology to investigate and analyse the current network security status further for an indication of network failure or attacks not easily detectable by firewalls. Firewalls and these tools do, however, also have their own problems. Firewalls rarely use the information stored within its log files and the risk handling services provided are not very effective. Most analysis tools use only one form of log file as input and therefore report on only one aspect of the network’s security. The output of the firewalls is rarely user-friendly and is often not real-time. The detection of security problems is consequently a very difficult task for any security administrator. To address the problems, the researcher has developed a prototype that improves on these problems. The firewall analyser (FA) is a prototype of an An audit and risk handling prototype for firewall technology Page iii analysis tool that performs log file- and risk analysis of the underlying networks of the organisation. Although the prototype represents only an example of the functionality added to a firewall, it illustrates the concept of the necessity and value of implementing such a tool for network security purposes. The FA solves the problems found in firewalls, log file- and risk analysis tools by reporting on the latest security status of the network through the use of a variety of log files. The FA uses not only the firewall log files as input to cover a greater area of the network in its analysis process, but also Windows NT log files. The real-time reports of the FA are user-friendly and aid the security administrator immensely in the process of implementing and enforcing network security.Eloff, J.H.P., Prof.
46
"E-commerce and its derived applications: smart card certificate system and recoverable and untraceable electronic cash." 2001. http://library.cuhk.edu.hk/record=b5895907.
Full textAbstract:
by Liu Kai Sui.Thesis (M.Phil.)--Chinese University of Hong Kong, 2001.
Includes bibliographical references (leaves 67-71).
Abstracts in English and Chinese.
Chapter 1. --- Introduction --- p.1
Chapter 1.1 --- Security and E-commerce --- p.3
Chapter 1.2 --- E-commerce: More than Commercial Activities --- p.4
Chapter 1.3 --- What This Thesis Contains --- p.5
Chapter 2. --- Introduction to Cryptographic Theories --- p.7
Chapter 2.1 --- Six Cryptographic Primitives --- p.7
Chapter 2.1.1 --- Symmetric Encryption --- p.8
Chapter 2.1.2 --- Asymmetric Encryption --- p.8
Chapter 2.1.3 --- Digital Signature --- p.9
Chapter 2.1.4 --- Message Digest --- p.9
Chapter 2.1.5 --- Digital Certificate and Certificate Authority --- p.10
Chapter 2.1.6 --- Zero-Knowledge Proof --- p.11
Chapter 2.2 --- The RSA Public Key Cryptosystem --- p.12
Chapter 2.3 --- The ElGamal Public Key Encryption Scheme --- p.13
Chapter 2.4 --- Elliptic Curve Cryptosystem --- p.14
Chapter 2.4.1 --- The Algorithm of Elliptic Curve Cryptosystem --- p.15
Chapter 2.5 --- Different kinds of Digital Signature --- p.16
Chapter 2.5.1 --- RSA Digital Signature --- p.16
Chapter 2.5.2 --- Elliptic Curve Nyberg-Rueppel Digital Signature --- p.16
Chapter 2.6 --- Blind Signature --- p.17
Chapter 2.7 --- Cut-and-choose protocol --- p.18
Chapter 2.8 --- Diffie-Hellman Key Exchange --- p.19
Chapter 3. --- "Introduction to E-commerce, M-commerce and Rich Media M-commerce" --- p.20
Chapter 3.1 --- 1st Generation of E-commerce --- p.21
Chapter 3.2 --- 2nd Generation of E-commerce ´ؤ M-commerce --- p.21
Chapter 3.3 --- 3rd Generation of E-commerce - Rich Media M-commerce --- p.23
Chapter 3.4 --- Payment Systems used in E-commerce --- p.23
Chapter 3.4.1 --- Electronic Cash --- p.23
Chapter 3.4.2 --- Credit Card --- p.24
Chapter 3.4.3 --- Combined Payment System --- p.24
Chapter 4. --- Introduction to Smart Card --- p.25
Chapter 4.1 --- What is Smart Card? --- p.25
Chapter 4.2 --- Advantages of Smart Cards --- p.26
Chapter 4.2.1 --- Protable Device --- p.26
Chapter 4.2.2 --- Multi-applications --- p.26
Chapter 4.2.3 --- Computation Power --- p.26
Chapter 4.2.4 --- Security Features --- p.27
Chapter 4.3 --- What can Smart Cards Do? --- p.27
Chapter 4.4 --- Java Card --- p.28
Chapter 5. --- A New Smart Card Certificate System --- p.30
Chapter 5.1 --- Introduction --- p.31
Chapter 5.2 --- Comparison between RSA and ECC --- p.32
Chapter 5.3 --- System Architecture --- p.33
Chapter 5.3.1 --- System Setup --- p.33
Chapter 5.3.2 --- Apply for a certificate --- p.34
Chapter 5.3.3 --- Verification of Alice --- p.35
Chapter 5.3.4 --- "Other Certificates ´ؤ the ""Hyper-Link"" concept" --- p.36
Chapter 5.3.4.1 --- "Generation of the ""hyper-link""" --- p.37
Chapter 5.3.4.2 --- "Verification ofAlice using the ""hyper-link""" --- p.37
Chapter 5.3.5 --- Multiple Applications --- p.38
Chapter 5.4 --- Security Analysis --- p.39
Chapter 5.4.1 --- No Crypto-processor is needed --- p.40
Chapter 5.4.2 --- PIN Protect --- p.40
Chapter 5.4.3 --- Digital Certificate Protect --- p.40
Chapter 5.4.4 --- Private Key is never left the smart card --- p.41
Chapter 5.5 --- Extensions --- p.41
Chapter 5.5.1 --- Biometrics Security --- p.41
Chapter 5.5.2 --- E-Voting --- p.41
Chapter 5.6 --- Conclusion --- p.42
Chapter 6. --- Introduction to Electronic Cash --- p.44
Chapter 6.1 --- Introduction --- p.44
Chapter 6.2 --- The Basic Requirements --- p.45
Chapter 6.3 --- Advantages of Electronic Cash over other kinds of payment systems --- p.46
Chapter 6.3.1 --- Privacy --- p.46
Chapter 6.3.2 --- Off-line payment --- p.47
Chapter 6.3.3 --- Suitable for Small Amount Payment --- p.47
Chapter 6.4 --- Basic Model of Electronic Cash --- p.48
Chapter 6.5 --- Examples of Electronic Cash --- p.49
Chapter 6.5.1 --- eCash --- p.49
Chapter 6.5.2 --- Mondex --- p.49
Chapter 6.5.3 --- Octopus Card --- p.50
Chapter 7. --- A New Recoverable and Untraceable Electronic Cash --- p.51
Chapter 7.1 --- Introduction --- p.52
Chapter 7.2 --- The Basic Idea --- p.52
Chapter 7.3 --- S. Brand's Single Term E-cash Protocol --- p.54
Chapter 7.3.1 --- The Setup of the System --- p.54
Chapter 7.3.2 --- The Withdrawal Protocol --- p.54
Chapter 7.3.3 --- The Payment Protocol --- p.55
Chapter 7.3.4 --- The Deposit Protocol --- p.56
Chapter 7.4 --- The Proposed Protocol --- p.57
Chapter 7.4.1 --- The Withdrawal Protocol --- p.57
Chapter 7.4.2 --- The Payment Protocol --- p.58
Chapter 7.4.3 --- The Deposit Protocol --- p.58
Chapter 7.4.4. --- The Recovery Protocol --- p.59
Chapter 7.5 --- Security Analysis --- p.60
Chapter 7.5.1 --- Conditional Untraceability --- p.60
Chapter 7.5.2 --- Cheating --- p.60
Chapter 7.6 --- Extension --- p.60
Chapter 7.7 --- Conclusion --- p.62
Chapter 8. --- Conclusion --- p.63
Appendix: Paper derived from this thesis --- p.66
Bibliography --- p.67
47
"A client puzzle based public-key authentication and key establishment protocol." 2002. http://library.cuhk.edu.hk/record=b5891267.
Full textAbstract:
Fung Chun-Kan.Thesis (M.Phil.)--Chinese University of Hong Kong, 2002.
Includes bibliographical references (leaves 105-114).
Abstracts in English and Chinese.
Abstract --- p.i
Acknowledgements --- p.iv
List of Figures --- p.viii
List of Tables --- p.x
Chapter 1 --- Introduction --- p.1
Chapter 1.1 --- Motivations and Objectives --- p.1
Chapter 1.2 --- Authentication Protocol --- p.3
Chapter 1.3 --- Security Technologies --- p.5
Chapter 1.3.1 --- Cryptography --- p.5
Chapter 1.3.2 --- Digital Certificate --- p.7
Chapter 1.3.3 --- One-way Hash Function --- p.8
Chapter 1.3.4 --- Digital Signature --- p.9
Chapter 1.4 --- Thesis Organization --- p.9
Chapter 2 --- Related Work --- p.11
Chapter 2.1 --- Introduction --- p.11
Chapter 2.2 --- Authentication and Key Establishment Protocols --- p.11
Chapter 2.3 --- Denial-of-Service Attack Handling Methods --- p.15
Chapter 2.4 --- Attacks on Authentication and Key Establishment Protocol --- p.18
Chapter 2.4.1 --- Denial-of-Service Attack --- p.19
Chapter 2.4.2 --- Replay Attack --- p.19
Chapter 2.4.3 --- Man-in-the middle Attack --- p.21
Chapter 2.4.4 --- Chosen-text Attack --- p.22
Chapter 2.4.5 --- Interleaving Attack --- p.23
Chapter 2.4.6 --- Reflection Attack --- p.25
Chapter 2.5 --- Summary --- p.27
Chapter 3 --- A DoS-resistant Authentication and Key Establishment Protocol --- p.29
Chapter 3.1 --- Introduction --- p.29
Chapter 3.2 --- Protocol Notations --- p.30
Chapter 3.3 --- Protocol Descriptions --- p.30
Chapter 3.4 --- An Improved Client Puzzle Protocol --- p.37
Chapter 3.4.1 --- Review of Juels-Brainard Protocol --- p.37
Chapter 3.4.2 --- Weaknesses of Juels-Brainard Protocol and Proposed Improvements --- p.39
Chapter 3.4.3 --- Improved Client Puzzle Protocol --- p.42
Chapter 3.5 --- Authentication Framework --- p.43
Chapter 3.5.1 --- Client Architecture --- p.44
Chapter 3.5.2 --- Server Architecture --- p.47
Chapter 3.6 --- Implementations --- p.49
Chapter 3.6.1 --- Software and Programming Tools --- p.49
Chapter 3.6.2 --- The Message Formats --- p.50
Chapter 3.5.3 --- Browser Interface --- p.51
Chapter 3.6.4 --- Calculation of the Difficulty Level --- p.53
Chapter 3.6.5 --- "(C, t) Non-Existence Verification" --- p.56
Chapter 3.7 --- Summary --- p.57
Chapter 4 --- Security Analysis and Formal Proof --- p.58
Chapter 4.1 --- Introduction --- p.58
Chapter 4.2 --- Security Analysis --- p.59
Chapter 4.2.1 --- Denial-of-Service Attacks --- p.59
Chapter 4.2.2 --- Replay Attacks.........; --- p.60
Chapter 4.2.3 --- Chosen-text Attacks --- p.60
Chapter 4.2.4 --- Interleaving Attacks --- p.61
Chapter 4.2.5 --- Others --- p.62
Chapter 4.3 --- Formal Proof Methods --- p.62
Chapter 4.3.1 --- General-purpose Specification Languages and Verification Tools --- p.62
Chapter 4.3.2 --- Expert System Approach --- p.63
Chapter 4.3.3 --- Modal Logic Approach --- p.64
Chapter 4.3.4 --- Algebraic Term-Rewriting Approach --- p.66
Chapter 4.4 --- Formal Proof of the Proposed Protocol --- p.66
Chapter 4.4.1 --- Notations --- p.67
Chapter 4.4.2 --- The Proof --- p.68
Chapter 4.5 --- Summary --- p.73
Chapter 5 --- Experimental Results and Analysis --- p.75
Chapter 5.1 --- Introduction --- p.75
Chapter 5.2 --- Experimental Environment --- p.75
Chapter 5.3 --- Experiments --- p.77
Chapter 5.3.1 --- Computational Performance of the Puzzle Solving Operation at different Difficulty Levels --- p.77
Chapter 5.3.2 --- Computational Performance of the Puzzle Generation and Puzzle Solution Verification --- p.79
Chapter 5.3.3 --- Computational Performance of the Protocol Cryptographic Operations --- p.82
Chapter 5.3.4 --- Computational Performance of the Overall Protocol Session --- p.84
Chapter 5.3.5 --- Impact on the Server Load without Client Puzzles --- p.85
Chapter 5.3.6 --- Impact on the Server Load with Client Puzzles --- p.88
Chapter 5.3.7 --- Impact on the Server Response Time from the Puzzles --- p.97
Chapter 5.4 --- Summary --- p.100
Chapter 6 --- Conclusion and Future Work --- p.101
Chapter 6.1 --- Concluding Remarks --- p.101
Chapter 6.2 --- Contributions --- p.103
Chapter 6.3 --- Future Work --- p.104
Bibliography --- p.105
48
Ur, Rahman Sumair. "Security for Rural Public Computing." Thesis, 2008. http://hdl.handle.net/10012/3986.
Full textAbstract:
Current research on securing public computing infrastructure like Internet kiosks has focused on the use of smartphones to establish trust in a computing platform or to offload the processing of sensitive information, and the use of new cryptosystems such as Hierarchical Identity-based Encryption (HIBE) to protect kiosk user data. Challenges posed by rural kiosks, specifically (a) the absence of specialized hardware features such as Trusted Platform Modules (TPMs) or a modifiable BIOS in older recycled PCs, (b) the potential use of periodically disconnected links between kiosks and the Internet, (c) the absence of a production-ready implementation of HIBE and (d) the limited availability of smartphones in most developing regions make these approaches difficult, if not impossible, to implement in a rural public computing scenario. In this thesis, I present a practical, unobtrusive and easy-to-use security architecture for rural public computing that uses a combination of physical and cryptographic mechanisms to protect user data, public computing infrastructure and handheld devices that access this infrastructure. Key contributions of this work include (a) a detailed threat analysis of such systems with a particular focus on rural Internet kiosks and handheld devices, (b) a security architecture for rural public computing infrastructure that does not require any specialized hardware, (c) an application-independent and backward-compatible security API for securely sending and receiving data between these systems and the Internet that can operate over delay tolerant links,
(d) an implementation of my scheme for rural Internet kiosks and (e) a performance evaluation of this implementation to demonstrate its feasibility.
49
Ling, Jie. "Smart card fault attacks on public key and elliptic curve cryptography." Thesis, 2014. http://hdl.handle.net/1805/5967.
Full textAbstract:
Indiana University-Purdue University Indianapolis (IUPUI)Blömmer, Otto, and Seifert presented a fault attack on elliptic curve scalar multiplication called the Sign Change Attack, which causes a fault that changes the sign of the accumulation point. As the use of a sign bit for an extended integer is highly unlikely, this appears to be a highly selective manipulation of the key stream. In this thesis we describe two plausible fault attacks on a smart card implementation of elliptic curve cryptography. King and Wang designed a new attack called counter fault attack by attacking the scalar multiple of discrete-log cryptosystem. They then successfully generalize this approach to a family of attacks. By implementing King and Wang's scheme on RSA, we successfully attacked RSA keys for a variety of sizes. Further, we generalized the attack model to an attack on any implementation that uses NAF and wNAF key.
50
Hoeper, Katrin. "Authentication and Key Exchange in Mobile Ad Hoc Networks." Thesis, 2007. http://hdl.handle.net/10012/3228.
Full textAbstract:
Over the past decade or so, there has been rapid growth in wireless and mobile applications technologies. More recently, an
increasing emphasis has been on the potential of infrastructureless wireless mobile networks that are easy, fast and inexpensive to set up, with the view that such technologies will enable numerous new applications in a wide range of areas. Such networks are commonly referred to as mobile ad hoc networks (MANETs). Exchanging sensitive information over unprotected
wireless links with unidentified and untrusted endpoints demand the deployment of security in MANETs. However, lack of infrastructure, mobility and resource constraints of devices, wireless communication links and other unique features of MANETs induce new challenges that make implementing security a very
difficult task and require the design of specialized solutions.
This thesis is concerned with the design and analysis of security solutions for MANETs. We identify the initial exchange of authentication and key credentials, referred to as pre-authentication, as well as authentication and key exchange as primary security goals. In particular, the problem of pre-authentication has been widely neglected in existing security solutions, even though it is a necessary prerequisite for other security goals. We are the first to classify and analyze different methods of achieving pairwise pre-authentication in MANETs. Out of this investigation, we identify identity-based cryptographic (IBC) schemes as well-suited to secure MANET applications that have no sufficient security solutions at this time.
We use pairing-based IBC schemes to design an authentication and key exchange framework that meets the special requirements of MANETs. Our solutions are comprised of algorithms that allow for efficient and secure system set up, pre-authentication, mutual authentication, key establishment, key renewal, key revocation and key escrow prevention. In particular, we present the first fully self-organized key revocation scheme for MANETs that does not require any trusted third party in the network. Our revocation scheme can be used to amend existing IBC solutions, be seamlessly integrated in our security framework and even be adopted to conventional public key solutions for MANETs. Our scheme is based on propagated accusations and once the number of received accusations against a node reaches a defined threshold, the keys of the accused nodes are revoked. All communications are cryptographically protected, but unlike other proposed schemes, do not require computationally demanding digital signatures. Our scheme is the first that efficiently and securely enables nodes to revoke their own keys. Additionally, newly joining nodes can obtain previous accusations without performing computationally demanding operations such as verifying digital signatures. Several security and performance parameters make our scheme adjustable to the hostility of the MANET environment and the degree of resource
constraints of network and devices. In our security analysis we show how security parameters can be selected to prevent attacks by colluding nodes and roaming adversaries.
In our proposed security framework, we utilize special properties of pairing-based keys to design an efficient and secure method for pairwise pre-authentication and a set of ID-based authenticated key exchange protocols. In addition, we present a format for ID-based public keys that, unlike other proposed formats, allows key renewal before the start of a new expiry interval. Finally, we are the first to discuss the inherent key escrow property of IBC schemes in the context of MANETs. Our analysis shows that some special features of MANETs significantly limit the escrow capabilities of key generation centers (KGCs). We propose a novel concept of spy nodes that can be utilized by KGCs to increase their escrow capabilities and analyze the probabilities of successful escrow attacks with and without spy nodes.
In summary, we present a complete authentication and key exchange framework that is tailored for MANET applications that have previously lacked such security solutions. Our solutions can be implemented using any pairing-based IBC scheme. The component design allows for the implementation of single schemes to amend existing solutions that do not provide certain functionalities. The introduction of several security and performance parameters make our solutions adjustable to different levels of resource constraints and security needs. In addition, we present extensions
that make our solutions suitable for applications with sporadic infrastructure access as envisioned in the near future.