260 resultados para Sulfate Attack
Resumo:
A5/1 is a shift register based stream cipher which uses a majority clocking rule to update its registers. It is designed to provide privacy for the GSM system. In this paper, we analyse the initialisation process of A5/1. We demonstrate a sliding property of the A5/1 cipher, where every valid internal state is also a legitimate loaded state and multiple key-IV pairs produce phase shifted keystream sequences. We describe a possible ciphertext only attack based on this property.
Resumo:
A complex attack is a sequence of temporally and spatially separated legal and illegal actions each of which can be detected by various IDS but as a whole they constitute a powerful attack. IDS fall short of detecting and modeling complex attacks therefore new methods are required. This paper presents a formal methodology for modeling and detection of complex attacks in three phases: (1) we extend basic attack tree (AT) approach to capture temporal dependencies between components and expiration of an attack, (2) using enhanced AT we build a tree automaton which accepts a sequence of actions from input message streams from various sources if there is a traversal of an AT from leaves to root, and (3) we show how to construct an enhanced parallel automaton that has each tree automaton as a subroutine. We use simulation to test our methods, and provide a case study of representing attacks in WLANs.
Resumo:
Smartphones started being targets for malware in June 2004 while malware count increased steadily until the introduction of a mandatory application signing mechanism for Symbian OS in 2006. From this point on, only few news could be read on this topic. Even despite of new emerging smartphone platforms, e.g. android and iPhone, malware writers seemed to lose interest in writing malware for smartphones giving users an unappropriate feeling of safety. In this paper, we revisit smartphone malware evolution for completing the appearance list until end of 2008. For contributing to smartphone malware research, we continue this list by adding descriptions on possible techniques for creating the first malware(s) for Android platform. Our approach involves usage of undocumented Android functions enabling us to execute native Linux application even on retail Android devices. This can be exploited to create malicious Linux applications and daemons using various methods to attack a device. In this manner, we also show that it is possible to bypass the Android permission system by using native Linux applications.
Resumo:
Pyrite and chalcopyrite mineral samples from Mangampet barite mine, Kadapa, Andhra Pradesh, India are used in the present study. XRD data indicate that the pyrite mineral has a face centered cubic lattice structure with lattice constant 5.4179 Å. Also it possesses an average particle size of 91.9 nm. An EPR study on the powdered samples confirms the presence of iron in pyrite and iron and Mn(II) in chalcopyrite. The optical absorption spectrum of chalcopyrite indicates presence of copper which is in a distorted octahedral environment. NIR results confirm the presence of water fundamentals and Raman spectrum reveals the presence of water and sulfate ions.
Resumo:
In the modern connected world, pervasive computing has become reality. Thanks to the ubiquity of mobile computing devices and emerging cloud-based services, the users permanently stay connected to their data. This introduces a slew of new security challenges, including the problem of multi-device key management and single-sign-on architectures. One solution to this problem is the utilization of secure side-channels for authentication, including the visual channel as vicinity proof. However, existing approaches often assume confidentiality of the visual channel, or provide only insufficient means of mitigating a man-in-the-middle attack. In this work, we introduce QR-Auth, a two-step, 2D barcode based authentication scheme for mobile devices which aims specifically at key management and key sharing across devices in a pervasive environment. It requires minimal user interaction and therefore provides better usability than most existing schemes, without compromising its security. We show how our approach fits in existing authorization delegation and one-time-password generation schemes, and that it is resilient to man-in-the-middle attacks.
Resumo:
We consider Cooperative Intrusion Detection System (CIDS) which is a distributed AIS-based (Artificial Immune System) IDS where nodes collaborate over a peer-to-peer overlay network. The AIS uses the negative selection algorithm for the selection of detectors (e.g., vectors of features such as CPU utilization, memory usage and network activity). For better detection performance, selection of all possible detectors for a node is desirable but it may not be feasible due to storage and computational overheads. Limiting the number of detectors on the other hand comes with the danger of missing attacks. We present a scheme for the controlled and decentralized division of detector sets where each IDS is assigned to a region of the feature space. We investigate the trade-off between scalability and robustness of detector sets. We address the problem of self-organization in CIDS so that each node generates a distinct set of the detectors to maximize the coverage of the feature space while pairs of nodes exchange their detector sets to provide a controlled level of redundancy. Our contribution is twofold. First, we use Symmetric Balanced Incomplete Block Design, Generalized Quadrangles and Ramanujan Expander Graph based deterministic techniques from combinatorial design theory and graph theory to decide how many and which detectors are exchanged between which pair of IDS nodes. Second, we use a classical epidemic model (SIR model) to show how properties from deterministic techniques can help us to reduce the attack spread rate.
Resumo:
In urban locations in Australia and elsewhere, public space may be said to be under attack from developers and also from attempts by civic authorities to oversee and control it (Davis 1995, Mitchell 2003, Watson 2006, Iveson 2006). The use of public space use by young people in particular, raises issues in Australia and elsewhere in the world. In a context of monitoring and control procedures, young people’s use of public space is often viewed as a threat to the prevailing social order (Loader 1996, White 1998, Crane and Dee 2001). This paper discusses recent technological developments in the surveillance, governance and control of public space used by young people, children and people of all ages.
Resumo:
Trivium is a bit-based stream cipher in the final portfolio of the eSTREAM project. In this paper, we apply the approach of Berbain et al. to Trivium-like ciphers and perform new algebraic analyses on them, namely Trivium and its reduced versions: Trivium-N, Bivium-A and Bivium-B. In doing so, we answer an open question in the literature. We demonstrate a new algebraic attack on Bivium-A. This attack requires less time and memory than previous techniques which use the F4 algorithm to recover Bivium-A's initial state. Though our attacks on Bivium-B, Trivium and Trivium-N are worse than exhaustive keysearch, the systems of equations which are constructed are smaller and less complex compared to previous algebraic analysis. Factors which can affect the complexity of our attack on Trivium-like ciphers are discussed in detail.
Resumo:
Pretreatments of sugarcane bagasse for saccharification using different acid-catalysed imidazolium IL solutions (containing 20% water) at 130 °C for 30 min were investigated. At the same solution pH, pretreatment effectiveness in terms of glucan digestibility, delignification and xylan removal were similar for aqueous 1-butyl-3-methylimidazolium methane sulfonate (BMIMCH3SO3), 1-butyl-3-methylimidazolium methyl sulfate (BMIMCH3SO4), 1-ethyl-3-methylimidazolium chloride (EMIMCl) and 1-butyl-3-methylimidazolium chloride (BMIMCl). Decreasing solution pH of aqueous IL systems from 6.0 to 0.4 increased bagasse delignification and xylan removal, and as a result, improved glucan digestibility. The glucan digestibilities for bagasse samples pretreated by IL solutions with pH ≤ 0.9 were > 90% after 72 h of enzymatic hydrolysis. Without pH adjustment, the effectiveness of these aqueous IL solutions (except BMIMCH3SO3 because of its low natural pH of 0.9) to deconstruct the biomass was poor and the glucan digestibilities of pretreated bagasse samples were < 20%. These results show that pretreatment effectiveness of aqueous imidazolium ILs can simply be estimated from solution pH rather than hydrogen bond basicity (β) of the IL solution.
Resumo:
Water and ammonium retention by sandy soils may be low and result in leaching of applied fertiliser. To increase water and nutrient retention, zeolite is sometimes applied as a soil ameliorant for high value land uses including turf and horticulture. We have used a new modified kaolin material (MesoLite) as a soil amendment to test the efficiency of NH4+ retention and compared the results with natural zeolite. MesoLite is made by caustic reaction of kaolin at temperature between 80-95°C; although it has a moderate surface area, its cation exchange capacity is very high;(SA=13m2/g,CEC=500meq/100g). A 13cm tall sand column filled with ~450g of sandy soil homogeneously mixed with 1, 2, 4, and 8g of MesoLite or natural zeolite per 1kg of soil was prepared. After saturation with local bore water, concentrated ammonium sulfate solution was injected at the base. Then, bore water was passed from bottom to top through the column at amounts up to 6 pore volumes and at a constant flow rate of 10ml/min using a peristaltic pump. Concentrations of leached NH4+ were determined using an AutoAnalyser. The concentration of NH4+ leached from the column with 0.4% MesoLite was greatly (90%) reduced relative to unamended soil. Under these conditions NH4+ retention by the soil-MesoLite mixture was 11.5 times more efficient than the equivalent soil-natural zeolite mixture. Glasshouse experiments conducted in a separate study show that NH4+ adsorbed by MesoLite is available to plants.
Resumo:
Authenticated Encryption (AE) is the cryptographic process of providing simultaneous confidentiality and integrity protection to messages. This approach is more efficient than applying a two-step process of providing confidentiality for a message by encrypting the message, and in a separate pass providing integrity protection by generating a Message Authentication Code (MAC). AE using symmetric ciphers can be provided by either stream ciphers with built in authentication mechanisms or block ciphers using appropriate modes of operation. However, stream ciphers have the potential for higher performance and smaller footprint in hardware and/or software than block ciphers. This property makes stream ciphers suitable for resource constrained environments, where storage and computational power are limited. There have been several recent stream cipher proposals that claim to provide AE. These ciphers can be analysed using existing techniques that consider confidentiality or integrity separately; however currently there is no existing framework for the analysis of AE stream ciphers that analyses these two properties simultaneously. This thesis introduces a novel framework for the analysis of AE using stream cipher algorithms. This thesis analyzes the mechanisms for providing confidentiality and for providing integrity in AE algorithms using stream ciphers. There is a greater emphasis on the analysis of the integrity mechanisms, as there is little in the public literature on this, in the context of authenticated encryption. The thesis has four main contributions as follows. The first contribution is the design of a framework that can be used to classify AE stream ciphers based on three characteristics. The first classification applies Bellare and Namprempre's work on the the order in which encryption and authentication processes take place. The second classification is based on the method used for accumulating the input message (either directly or indirectly) into the into the internal states of the cipher to generate a MAC. The third classification is based on whether the sequence that is used to provide encryption and authentication is generated using a single key and initial vector, or two keys and two initial vectors. The second contribution is the application of an existing algebraic method to analyse the confidentiality algorithms of two AE stream ciphers; namely SSS and ZUC. The algebraic method is based on considering the nonlinear filter (NLF) of these ciphers as a combiner with memory. This method enables us to construct equations for the NLF that relate the (inputs, outputs and memory of the combiner) to the output keystream. We show that both of these ciphers are secure from this type of algebraic attack. We conclude that using a keydependent SBox in the NLF twice, and using two different SBoxes in the NLF of ZUC, prevents this type of algebraic attack. The third contribution is a new general matrix based model for MAC generation where the input message is injected directly into the internal state. This model describes the accumulation process when the input message is injected directly into the internal state of a nonlinear filter generator. We show that three recently proposed AE stream ciphers can be considered as instances of this model; namely SSS, NLSv2 and SOBER-128. Our model is more general than a previous investigations into direct injection. Possible forgery attacks against this model are investigated. It is shown that using a nonlinear filter in the accumulation process of the input message when either the input message or the initial states of the register is unknown prevents forgery attacks based on collisions. The last contribution is a new general matrix based model for MAC generation where the input message is injected indirectly into the internal state. This model uses the input message as a controller to accumulate a keystream sequence into an accumulation register. We show that three current AE stream ciphers can be considered as instances of this model; namely ZUC, Grain-128a and Sfinks. We establish the conditions under which the model is susceptible to forgery and side-channel attacks.
Resumo:
Denial-of-service (DoS) attacks are a growing concern to networked services like the Internet. In recent years, major Internet e-commerce and government sites have been disabled due to various DoS attacks. A common form of DoS attack is a resource depletion attack, in which an attacker tries to overload the server's resources, such as memory or computational power, rendering the server unable to service honest clients. A promising way to deal with this problem is for a defending server to identify and segregate malicious traffic as earlier as possible. Client puzzles, also known as proofs of work, have been shown to be a promising tool to thwart DoS attacks in network protocols, particularly in authentication protocols. In this thesis, we design efficient client puzzles and propose a stronger security model to analyse client puzzles. We revisit a few key establishment protocols to analyse their DoS resilient properties and strengthen them using existing and novel techniques. Our contributions in the thesis are manifold. We propose an efficient client puzzle that enjoys its security in the standard model under new computational assumptions. Assuming the presence of powerful DoS attackers, we find a weakness in the most recent security model proposed to analyse client puzzles and this study leads us to introduce a better security model for analysing client puzzles. We demonstrate the utility of our new security definitions by including two hash based stronger client puzzles. We also show that using stronger client puzzles any protocol can be converted into a provably secure DoS resilient key exchange protocol. In other contributions, we analyse DoS resilient properties of network protocols such as Just Fast Keying (JFK) and Transport Layer Security (TLS). In the JFK protocol, we identify a new DoS attack by applying Meadows' cost based framework to analyse DoS resilient properties. We also prove that the original security claim of JFK does not hold. Then we combine an existing technique to reduce the server cost and prove that the new variant of JFK achieves perfect forward secrecy (the property not achieved by original JFK protocol) and secure under the original security assumptions of JFK. Finally, we introduce a novel cost shifting technique which reduces the computation cost of the server significantly and employ the technique in the most important network protocol, TLS, to analyse the security of the resultant protocol. We also observe that the cost shifting technique can be incorporated in any Diffine{Hellman based key exchange protocol to reduce the Diffie{Hellman exponential cost of a party by one multiplication and one addition.
Resumo:
The thermal decomposition of hydronium jarosite and ammoniojarosite was studied using thermogravimetric analysis and mass spectrometry, in situ synchrotron X-ray diffraction and infrared emission spectroscopy. There was no evidence for the simultaneous loss of water and sulfur dioxide during the desulfonation stage as has previously been reported for hydronium jarosite. Conversely, all hydrogen atoms are lost during the dehydration and dehydroxylation stage from 270 to 400 °C and no water, hydroxyl groups or hydronium ions persist after 400 °C. The same can be said for ammoniojarosite. The first mass loss step during the decomposition of hydronium jarosite has been assigned to the loss of the hydronium ion via protonation of the surrounding hydroxyl groups to evolve two water molecules. For ammoniojarosite, this step corresponds to the protonation of a hydroxyl group by ammonium, so that ammonia and water are liberated simultaneously. Iron(II) sulfate was identified as a possible intermediate during the decomposition of ammoniojarosite (421–521 °C) due to a redox reaction between iron(III) and the liberated ammonia during decomposition. Iron(II) ions were also confirmed with the 1,10-phenanthroline test. Iron(III) sulfate and other commonly suggested intermediates for hydronium and ammoniojarosite decomposition are not major crystalline phases; if they are formed, then they most likely exist as an amorphous phase or a different low temperature phases than usual.
Resumo:
This paper presents a nonlinear gust-attenuation controller based on constrained neural-network (NN) theory. The controller aims to achieve sufficient stability and handling quality for a fixed-wing unmanned aerial system (UAS) in a gusty environment when control inputs are subjected to constraints. Constraints in inputs emulate situations where aircraft actuators fail requiring the aircraft to be operated with fail-safe capability. The proposed controller enables gust-attenuation property and stabilizes the aircraft dynamics in a gusty environment. The proposed flight controller is obtained by solving the Hamilton-Jacobi-Isaacs (HJI) equations based on an policy iteration (PI) approach. Performance of the controller is evaluated using a high-fidelity six degree-of-freedom Shadow UAS model. Simulations show that our controller demonstrates great performance improvement in a gusty environment, especially in angle-of-attack (AOA), pitch and pitch rate. Comparative studies are conducted with the proportional-integral-derivative (PID) controllers, justifying the efficiency of our controller and verifying its suitability for integration into the design of flight control systems for forced landing of UASs.
Resumo:
Detailed mechanisms for the formation of hydroxyl or alkoxyl radicals in the reactions between tetrachloro-p-benzoquinone (TCBQ) and organic hydroperoxides are crucial for better understanding the potential carcinogenicity of polyhalogenated quinones. Herein, the mechanism of the reaction between TCBQ and H2O2 has been systematically investigated at the B3LYP/6-311++G** level of theory in the presence of different numbers of water molecules. We report that the whole reaction can easily take place with the assistance of explicit water molecules. Namely, an initial intermediate is formed first. After that, a nucleophilic attack of H2O2 onto TCBQ occurs, which results in the formation of a second intermediate that contains an OOH group. Subsequently, this second intermediate decomposes homolytically through cleavage of the O-O bond to produce a hydroxyl radical. Energy analyses suggest that the nucleophilic attack is the rate-determining step in the whole reaction. The participation of explicit water molecules promotes the reaction significantly, which can be used to explain the experimental phenomena. In addition, the effects of F, Br, and CH3 substituents on this reaction have also been studied.
