Physical Sciences and Mathematics Commons^™

Improving Routing Security Using A Decentralized Public Key Distribution Algorithm, Jeremy C. Goold

Theses and Dissertations

Today's society has developed a reliance on networking infrastructures. Health, financial, and many other institutions deploy mission critical and even life critical applications on local networks and the global Internet. The security of this infrastructure has been called into question over the last decade. In particular, the protocols directing traffic through the network have been found to be vulnerable. One such protocol is the Open Shortest Path First (OSPF) protocol. This thesis proposes a security extension to OSPF containing a decentralized certificate authentication scheme (DecentCA) that eliminates the single point of failure/attack present in current OSPF security extensions. An analysis …

Secure Context-Sensitive Authorization, Kazuhiro Minami, David Kotz

Dartmouth Scholarship

There is a recent trend toward rule-based authorization systems to achieve flexible security policies. Also, new sensing technologies in pervasive computing make it possible to define context-sensitive rules, such as “allow database access only to staff who are currently located in the main office.” However, these rules, or the facts that are needed to verify authority, often involve sensitive context information. This paper presents a secure context-sensitive authorization system that protects confidential information in facts or rules. Furthermore, our system allows multiple hosts in a distributed environment to perform the evaluation of an authorization query in a collaborative way; we …

An Efficient Scheme For Authenticating Public Keys In Sensor Networks, Wenliang Du, Ronghua Wang, Peng Ning

Electrical Engineering and Computer Science - All Scholarship

With the advance of technology, Public Key Cryptography (PKC) will sooner or later be widely used in wireless sensor networks. Recently, it has been shown that the performance of some public key algorithms, such as Elliptic Curve Cryptography (ECC), is already close to being practical on sensor nodes. However, the energy consumption of PKC is still expensive, especially compared to symmetric-key algorithms. To maximize the lifetime of batteries, we should minimize the use of PKC whenever possible in sensor networks. This paper investigates how to replace one of the important PKC operations–the public key authentication–with symmetric key operations that are …

Searching For High-Value Rare Events With Uncheatable Grid Computing, Wenliang Du, Michael T. Goodrich

Electrical Engineering and Computer Science - All Scholarship

High-value rare-event searching is arguably the most natural application of grid computing, where computational tasks are distributed to a large collection of clients (which comprise the computation grid) in such a way that clients are rewarded for performing tasks assigned to them. Although natural, rare-event searching presents significant challenges for a computation supervisor, who partitions and distributes the search space out to clients while contending with “lazy” clients, who don’t do all their tasks, and “hoarding ” clients, who don’t report rare events back to the supervisor. We provide schemes, based on a technique we call chaff injection, for efficiently …

Searching For High-Value Rare Events With Uncheatable Grid Computing, Wenliang Du, Michael T. Goodrich

Electrical Engineering and Computer Science - All Scholarship

High-value rare-event searching is arguably the most natural application of grid computing, where computational tasks are distributed to a large collection of clients (which comprise the computation grid) in such a way that clients are rewarded for performing tasks assigned to them. Although natural, rare-event searching presents significant challenges for a computation supervisor, who partitions and distributes the search space out to clients while contending with “lazy” clients, who don’t do all their tasks, and “hoarding ” clients, who don’t report rare events back to the supervisor. We provide schemes, based on a technique we call chaff injection, for efficiently …

Security Analysis Of Michael: The Ieee 802.11i Message Integrity Code, Jianyong Huang, Jennifer Seberry, Willy Susilo, Martin W. Bunder

Faculty of Informatics - Papers (Archive)

The latest IEEE 802.11i uses a keyed hash function, called Michael, as the message integrity code. This paper describes some properties and weaknesses of Michael. We provide a necessary and sufficient condition for finding collisions of Michael. Our observation reveals that the collision status of Michael only depends on the second last block message and the output of the block function in the third last round. We show that Michael is not collision-free by providing a method to find collisions of this keyed hash function. Moreover, we develop a method to find fixed points of Michael. If the output …

Active Security Mechanisms For Wireless Sensor Networks And Energy Optimization For Passive Security Routing, Lydia Ray

LSU Doctoral Dissertations

Wireless sensor networks consisting of numerous tiny low power autonomous sensor nodes provide us with the remarkable ability to remotely view and interact with the previously unobservable physical world. However, incorporating computation intensive security measures in sensor networks with limited resources is a challenging research issue. The objective of our thesis is to explore different security aspects of sensor networks and provide novel solutions for significant problems. We classify security mechanisms into two categories - active category and passive category. The problem of providing a secure communication infrastructure among randomly deployed sensor nodes requires active security measurements. Key pre-distribution is …

Energy-Rate Based Mac Protocol For Wireless Sensor Networks And Key Pre-Distribution Schemes, Ramaraju Kalidindi

LSU Master's Theses

Sensor networks are typically unattended because of their deployment in hazardous, hostile or remote environments. This makes the problem of conserving energy at individual sensor nodes challenging. S-MAC and PAMAS are two MAC protocols which periodically put nodes (selected at random) to sleep in order to achieve energy savings. Unlike these protocols, we propose an approach in which node duty cycles (i.e sleep and wake schedules) are based on their criticality. A distributed algorithm is used to find sets of winners and losers, who are then assigned appropriate slots in our TDMA based MAC protocol. We introduce the concept of …

Recommendations For Wireless Network Security Policy: An Analysis And Classification Of Current And Emerging Threats And Solutions For Different Organisations, Andrew Woodward

Research outputs pre 2011

Since their inception, 802.11 wireless networks have been plagued by a wide range of security problems. These problems relate to both data security and denial of service attacks, and there have been many solutions created by different vendors address these problems. However, the number of different types of attack, and the many possible solutions, makes it a difficult task to put in place an appropriate wireless network security policy. Such a policy must address both the size and nature of the enterprise, and the resources available to it. Measures such as WEP and MAC filtering are only appropriate for home …

Physician Secure Thyself, Patricia Williams

Research outputs pre 2011

Whilst discussion rages on the issues relating to security of medical data and the reason why it is important, there is little published information on how to tackle even basic security challenges for medical practice in Australia. Research suggests an underestimation of the threats to medical data by medical practitioners, hence there is sufficient reason to promote development of tools to assist medical practice with technical issues they are unfamiliar with. This paper provides an initial dialogue on how these security issues should be addressed. Included is a framework for risk assessment and elaboration of the implementation process to make …

The Underestimation Of Threats To Patients Data In Clinical Practice, Patricia Williams

Research outputs pre 2011

Issues in the security of medical data present a greater challenge than in other data security environments. The complexity of the threats and ethics involved, coupled with the poor management of these threats makes the protection of data in clinical practice problematic. This paper discusses the security threats to medical data in terms of confidentiality, privacy, integrity, misuse and availability, and reviews the issue of responsibility with reference to clinical governance. Finally. the paper uncovers some of the underlying reasons for the underestimation of the threats to medical data by the medical profession.

Jess – A Java Security Scanner For Eclipse, Russell Spitler

Honors Theses

Secure software is the responsibility of every developer. In order to help a developer with this responsibility there are many automated source code security auditors. These tools perform a variety of functions, from finding calls to insecure functions to poorly generated random numbers. These programs have existed for years and perform the security audit with varying degrees of success.

Largely missing in the world of programming is such a security auditor for the Java programming language. Currently, Fortify Software produces the only Java source code security auditor; this is a commercially available package.

This void is what inspired JeSS, Java …

The Kerf Toolkit For Intrusion Analysis, Javed Aslam, Sergey Bratus, David Kotz, Ronald Peterson

Dartmouth Scholarship

No abstract provided.

Protecting The Communication Structure In Sensor Networks, S. Olariu, Q. Xu, M. Eltoweissy, A. Wadaa

Computer Science Faculty Publications

In the near future wireless sensor networks will be employed in a wide variety of applications establishing ubiquitous networks that will pervade society. The inherent vulnerability of these massively deployed networks to a multitude of threats, including physical tampering with nodes exacerbates concerns about privacy and security. For example, denial of service attacks (DoS) that compromise or disrupt communications or target nodes serving key roles in the network, e.g. sink nodes, can easily undermine the functionality as well as the performance delivered by the network. Particularly vulnerable are the components of the communications or operation infrastructure. Although, by construction, most …

Network-Layer Selective Security, Casey T. Deccio

Theses and Dissertations

The Internet and other large computer networks have become an integral part of numerous daily processes. Security at the network layer is necessary to maintain infrastructure survivability in the case of cyber attacks aimed at routing protocols. In order to minimize undesired overhead associated with added security at this level, the notion of selective security is proposed. This thesis identifies elements in network topologies that are most important to the survivability of the network. The results show that the strategic placement of network security at critical elements will improve overall network survivability without the necessity of universal deployment.

Kerf: Machine Learning To Aid Intrusion Analysts, Javed Aslam, Sergey Bratus, David Kotz, Ron Peterson, Daniela Rus

Dartmouth Scholarship

Kerf is a toolkit for post-hoc intrusion analysis of available system logs and some types of network logs. It takes the view that this process is inherently interactive and iterative: the human analyst browses the log data for apparent anomalies, and tests and revises his hypothesis of what happened. The hypothesis is alternately refined, as information that partially confirms the hypothesis is discovered, and expanded, as the analyst tries new avenues that broaden the investigation.

Preserving Trust Across Multiple Sessions In Open Systems, Fuk-Wing Thomas Chan

Theses and Dissertations

Trust negotiation, a new authentication paradigm, enables strangers on the Internet to establish trust through the gradual disclosure of digital credentials and access control policies. Previous research in trust negotiation does not address issues in preserving trust across multiple sessions. This thesis discusses issues in preserving trust between parties who were previously considered strangers. It also describes the design and implementation of trust preservation in TrustBuilder, a prototype trust negotiation system. Preserving trust information can reduce the frequency and cost of renegotiation. A scenario is presented that demonstrates that a server supporting trust preservation can recoup the cost of the …

Steganographic Schemes For File System And B-Tree, Hwee Hwa Pang, Kian-Lee Tan, Xuan Zhou

Research Collection School Of Computing and Information Systems

While user access control and encryption can protect valuable data from passive observers, these techniques leave visible ciphertexts that are likely to alert an active adversary to the existence of the data. We introduce StegFD, a steganographic file driver that securely hides user-selected files in a file system so that, without the corresponding access keys, an attacker would not be able to deduce their existence. Unlike other steganographic schemes proposed previously, our construction satisfies the prerequisites of a practical file system in ensuring the integrity of the files and maintaining efficient space utilization. We also propose two schemes for implementing …

Food Based Approaches For A Healthy Nutrition In Africa, Mamoudou Hama Dicko

Pr. Mamoudou H. DICKO, PhD

The latest estimates of the FAO demonstrate the problems of the fight against hunger. These problems are manifested by the ever-increasing number of chronically undernourished people worldwide. Their numbers during the 1999-2001 period were estimated at about 840 million of which 798 million live in developing countries. Sub-Saharan Africa alone represented 198 million of those. In this part of Africa the prevalence of undernourishment ranges from 5-34%, causing growth retardation and insufficient weight gain among one third of the children under five years of age and resulting in a mortality of 5-15% among these children. Malnutrition resulting from undernourishment is …

Privacy-Preserving Multivariate Statistical Analysis: Linear Regression And Classification, Wenliang Du, Yunghsiang S. Han, Shigang Chen

Electrical Engineering and Computer Science - All Scholarship

Analysis technique that has found applications in various areas. In this paper, we study some multivariate statistical analysis methods in Secure 2-party Computation (S2C) framework illustrated by the following scenario: two parties, each having a secret data set, want to conduct the statistical analysis on their joint data, but neither party is willing to disclose its private data to the other party or any third party. The current statistical analysis techniques cannot be used directly to support this kind of computation because they require all parties to send the necessary data to a central place. In this paper, We define …

The Psychology Of Intelligent Video Analysis, Ibpp Editor

International Bulletin of Political Psychology

This article examines issues surrounding software-enhanced video analysis in an intelligence context.

Making The Key Agreement Protocol In Mobile Ad Hoc Network More Efficient, Gang Yao, Kui Ren, Feng Bao, Robert H. Deng, Dengguo Feng

Research Collection School Of Computing and Information Systems

Mobile ad hoc networks offer convenient infrastructureless communications over the shared wireless channel. However, the nature of mobile ad hoc networks makes them vulnerable to security attacks, such as passive eavesdropping over the wireless channel and denial of service attacks by malicious nodes. To ensure the security, several cryptography protocols are implemented. Due to the resource scarcity in mobile ad hoc networks, the protocols must be communication efficient and need as less computational power as possible. Broadcast communication is an important operation for many application in mobile ad hoc networks. To securely broadcast a message, all the members in the …

Trust Negotiation For Authentication And Authorization In Healthcare Information Systems, Charles D. Knutson, Kent E. Seamons, Tore L. Sundelin, David K. Vawdrey

Faculty Publications

The expanding availability of health information in an electronic format is strategic for industry-wide efforts to improve the quality and reduce the cnst of health care. The implementation of electronic medical record systems has been hindered by inadequate security provisions. This paper describes the use of frust negotiation as a framework for providing authentication and access control services in healthcare information systems. nust negotiation enables two parties with no pre-existing relationship to establish the trust necessary to perform sensitive transactions via the mutual disclosure of attributes contained within digital credentials. An extension of this system, surrogate irusf negoikiion is introduced …

Application Adaptive Bandwidth Management Using Real-Time Network Monitoring., Amit Grover

Electronic Theses and Dissertations

Application adaptive bandwidth management is a strategy for ensuring secure and reliable network operation in the presence of undesirable applications competing for a network’s crucial bandwidth, covert channels of communication via non-standard traffic on well-known ports, and coordinated Denial of Service attacks. The study undertaken here explored the classification, analysis and management of the network traffic on the basis of ports and protocols used, type of applications, traffic direction and flow rates on the East Tennessee State University’s campus-wide network. Bandwidth measurements over a nine-month period indicated bandwidth abuse of less than 0.0001% of total network bandwidth. The conclusion suggests …

The Kerf Toolkit For Intrusion Analysis (Poster Abstract), Javed Aslam, Sergey Bratus, David Kotz, Ron Peterson, Daniela Rus, Brett Tofel

Dartmouth Scholarship

We consider the problem of intrusion analysis and present the Kerf toolkit, whose purpose is to provide an efficient and flexible infrastructure for the analysis of attacks. The Kerf toolkit includes a mechanism for securely recording host and network logging information for a network of workstations, a domain-specific language for querying this stored data, and an interface for viewing the results of such a query, providing feedback on these results, and generating new queries in an iterative fashion. We describe the architecture of Kerf in detail, present examples to demonstrate the power of our query language, and discuss the performance …

Protecting Sensitive Credential Content During Trust Negotiation, Ryan D. Jarvis

Theses and Dissertations

Keeping sensitive information private in a public world is a common concern to users of digital credentials. A digital credential may contain sensitive attributes certifying characteristics about its owner. X.509v3, the most widely used certificate standard, includes support for certificate extensions that make it possible to bind multiple attributes to a public key contained in the certificate. This feature, although convenient, potentially exploits the certificate holder's private information contained in the certificate. There are currently no privacy considerations in place to protect the disclosure of attributes in a certificate. This thesis focuses on protecting sensitive credential content during trust negotiation …

A Case Study In The Security Of Network-Enabled Devices, Simeon Xenitellis, Craig Valli

Research outputs pre 2011

It is becoming increasingly common for appliances and other electronic devices to be network-enabled for usability and automation purposes. There have been fears that malicious users can control such devices remotely. Since the installation base of such network-enabled household devices is still relatively small, we examine the types of vulnerabilities that another such applicance has, the network-enabled printer, which is commonly found in the education and business sector. In this paper we analyse the source of the vulnerabilities and present detailed threat scenarios. In addition, we examine four organisations in Australia and Europe. Based on the results of the case …

Future Directions For Mobile-Agent Research, David Kotz, Robert Gray, Daniela Rus

Dartmouth Scholarship

The field of mobile agents should shift its emphasis toward mobile code, in all its forms, rather than continue focusing on mobile agents. The development of modular components will help application designers take advantage of code mobility without having to rewrite their applications to fit in monolithic, mobile agent systems.

A Practical Approach To Solve Secure Multi-Party Computation Problems, Wenliang Du, Zhijun Zhan

Electrical Engineering and Computer Science - All Scholarship

Secure Multi-party Computation (SMC) problems deal with the following situation: Two (or many) parties want to jointly perform a computation. Each party needs to contribute its private input to this computation, but no party should disclose its private inputs to the other parties, or to any third party. With the proliferation of the Internet, SMC problems becomes more and more important. So far no practical solution has emerged, largely because SMC studies have been focusing on zero information disclosure, an ideal security model that is expensive to achieve. Aiming at developing practical solutions to SMC problems, we propose a new …

If You Go Down The Internet Today - Deceptive Honeypots, Craig Valli, Suen Yek

Research outputs pre 2011

This is preliminary research into the effectiveness of deceptive defensive measures in particular honeypots that use deceit as a primary defensive and offensive mechanism. Initial research has been conducted using the Deception Tool Kit and its ability to fool commonly available network scanning tools such as Nessus and Nmap The preliminary research indicates that these deceptive tools have a place in modern network defence architecture.