7 resultados para attack models
em Deakin Research Online - Australia
Resumo:
In the last decade RFID technology has become a major contender for managing large scale logistics operations and generating and distributing the massive amount of data involved in such operations. One of the main obstacles to the widespread deployment and adoption of RFID systems is the security issues inherent in them. This is compounded by a noticeable lack of literature on how to identify the vulnerabilities of a RFID system and then effectively identify and develop counter measures to combat the threats posed by those vulnerabilities. In this chapter, the authors develop a conceptual framework for analysing the threats, attacks, and security requirements pertaining to networked RFID systems. The vulnerabilities of, and the threats to, the system are identified using the threat model. The security framework itself consists of two main concepts: (1) the attack model, which identifies and classifies the possible attacks, and (2) the system model, which identifies the security requirements. The framework gives readers a method with which to analyse the threats any given system faces. Those threats can then be used to identify the attacks possible on that system and get a better understanding of those attacks. It also allows the reader to easily identify all the security requirements of that system and identify how those requirements can be met.
Resumo:
The salt attack of Fired Clay Bricks (FCBs) causes surface damage that is aesthetically displeasing and eventually leads to structural damage. Methods for determining the resistances of FCBs to salt weathering have mainly tried to simulate the process by using accelerating aging tests. Most research in this area has concentrated on the types of salt that can cause damage and the damage that occurs during accelerated aging tests. This approach has lead to the use of accelerated aging tests as standard methods for determining resistance. Recently, it has been acknowledged that are not the most reliable way to determine salt attack resistance for all FCBs in all environments. Few researchers have examined FCBs with the aim of determining which material and mechanical properties make a FCB resistant to salt attack. The aim of this study was to identify the properties that were significant to the resistance of FCBs to salt attack. In doing so, this study aids in the development of a better test method to assess the resistance of FCBs to salt attack. The current Australian Standard accelerated aging test was used to measure the resistance of eight FCBs to salt attack using sodium sulfate and sodium chloride. The results of these tests were compared to the water absorption properties and the total porosity of FCBs. An empirical relationship was developed between the twenty-four-hour water absorption value and the number of cycles to failure from sodium sulfate tests. The volume of sodium chloride solution was found to be proportional to the total porosity of FCBs in this study. A phenomenological discussion of results led to a new mechanism being presented to explain the derivation of stress during salt crystallisation of anhydrous and hydratable salts. The mechanical properties of FCBs were measured using compression tests. FCBs were analysed as cellular materials to find that the elastic modules of FCBs was equivalent for extruded FCBs that had been fired a similar temperatures and time. Two samples were found to have significantly different elastic moduli of the solid microstructure. One of these samples was a pressed brick that was stiffer due to the extra bond that is obtained during sintering a closely packed structure. The other sample was an extruded brick that had more firing temperature and time compared with the other samples in this study. A non-destructive method was used to measure the indentation hardness and indentation stress-strain properties of FCBs. The indentation hardness of FCBs was found to be proportional to the uniaxial compression strength. In addition, the indentation hardness had a better linear correlation to the total porosity of FCBs except for those samples that had different elastic moduli of the solid microstructure. Fractography of exfoliated particles during salt cycle tests and compression tests showed there was a similar pattern of fracture during each failure. The results indicate there were inherent properties of a FCB that determines the size and shape of fractured particles during salt attack. The microstructural variables that determined the fracture properties of FCBs were shown to be important variables to include in future models that attempt to estimate the resistance of FCBs to salt attack.
Resumo:
In its current form, RFID system are susceptible to a range of malevolent attacks. With the rich business intelligence that RFID infrastructure could possibly carry, security is of paramount importance. In this paper, we formalise various threat models due tag cloning on the RFID system. We also present a simple but efficient and cost effect technique that strengthens the resistance of RFID tags to cloning attacks. Our techniques can even strengthen tags against cloning in environments with untrusted reading devices.
Resumo:
SQL injection vulnerabilities poses a severe threat to web applications as an SQL Injection Attack (SQLIA) could adopt new obfuscation techniques to evade and thwart countermeasures such as Intrusion Detection Systems (IDS). SQLIA gains access to the back-end database of vulnerable websites, allowing hackers to execute SQL commands in a web application resulting in financial fraud and website defacement. The lack of existing models in providing protections against SQL injection has motivated this paper to present a new and enhanced model against web database intrusions that use SQLIA techniques. In this paper, we propose a novel concept of negative tainting along with SQL keyword analysis for preventing SQLIA and described our that we implemented. We have tested our proposed model on all types of SQLIA techniques by generating SQL queries containing legitimate SQL commands and SQL Injection Attack. Evaluations have been performed using three different applications. The results show that our model protects against 100% of tested attacks before even reaching the database layer.
Resumo:
DDoS attacks are one of the major threats to Internet services. Sophisticated hackers are mimicking the features of legitimate network events, such as flash crowds, to fly under the radar. This poses great challenges to detect DDoS attacks. In this paper, we propose an attack feature independent DDoS flooding attack detection method at local area networks. We employ flow entropy on local area network routers to supervise the network traffic and raise potential DDoS flooding attack alarms when the flow entropy drops significantly in a short period of time. Furthermore, information distance is employed to differentiate DDoS attacks from flash crowds. In general, the attack traffic of one DDoS flooding attack session is generated by many bots from one botnet, and all of these bots are executing the same attack program. As a result, the similarity among attack traffic should higher than that among flash crowds, which are generated by many random users. Mathematical models have been established for the proposed detection strategies. Analysis based on the models indicates that the proposed methods can raise the alarm for potential DDoS flooding attacks and can differentiate DDoS flooding attacks from flash crowds with conditions. The extensive experiments and simulations confirmed the effectiveness of our proposed detection strategies.
Resumo:
We present a study of security in certificateless signatures. We divide potential adversaries according to their attack power, and for the first time, three new kinds of adversaries are introduced into certificateless signatures. They are Normal Adversary, Strong Adversary and Super Adversary (ordered by their attack power). Combined with the known Type I Adversary and Type II Adversary in certificateless cryptography, we then define the security of certificateless signatures in different attack scenarios. Our new security models, together with others in the literature, provide a clear definition of the security in certificateless signatures. Two concrete schemes with different security levels are also proposed in this paper. The first scheme, which is proven secure (in the random oracle model) against Normal Type I and Super Type II adversaries, has the shortest signature length among all known certificateless signature schemes. The second scheme is secure (in the random oracle model) against Super Type I and Type II adversaries. Compared with another scheme that has a similar security level, our second scheme requires less operational cost but a little longer signature length. Two server-aided verification protocols are also proposed to reduce the verification cost on the verifier.
Resumo:
The ‘wear mode diagram’ has been commonly used to classify the deformation regime of the soft work-piece during scratching, into three modes: ploughing, wedge formation and cutting. The scratch test is usedto evaluate wear modes and material removal associated with wear. There are different damage models in the literature used for the description of material behaviour after damage initiation under different loadingconditions. However, there has been little analysis to compare damage models during scratch test conditions. The first aim of this work is first to use a finite element modelling package (Abaqus/Explicit) to build a 3Dmodel to capture deformation modes during scratching with indenters with different attack angles. Three different damage models are incorporated into the model and patterns of damage initiation and propagation arecompared with experimental results from the literature. This work highlights the role of the damage model in accurately capturing wear modes and material removal during two body sliding interactions.
