885 resultados para Observer attack
Resumo:
This paper presents a formal methodology for attack modeling and detection for networks. Our approach has three phases. First, we extend the basic attack tree approach 1 to capture (i) the temporal dependencies between components, and (ii) the expiration of an attack. Second, using the enhanced attack trees (EAT) we build a tree automaton that accepts a sequence of actions from input stream if there is a traverse of an attack tree from leaves to the root node. Finally, we show how to construct an enhanced parallel automaton (EPA) that has each tree automaton as a subroutine and can process the input stream by considering multiple trees simultaneously. As a case study, we show how to represent the attacks in IEEE 802.11 and construct an EPA for it.
Resumo:
The Modicon Communication Bus (Modbus) protocol is one of the most commonly used protocols in industrial control systems. Modbus was not designed to provide security. This paper confirms that the Modbus protocol is vulnerable to flooding attacks. These attacks involve injection of commands that result in disrupting the normal operation of the control system. This paper describes a set of experiments that shows that an anomaly-based change detection algorithm and signature-based Snort threshold module are capable of detecting Modbus flooding attacks. In comparing these intrusion detection techniques, we find that the signature-based detection requires a carefully selected threshold value, and that the anomaly-based change detection algorithm may have a short delay before detecting the attacks depending on the parameters used. In addition, we also generate a network traffic dataset of flooding attacks on the Modbus control system protocol.
Resumo:
Numeric set watermarking is a way to provide ownership proof for numerical data. Numerical data can be considered to be primitives for multimedia types such as images and videos since they are organized forms of numeric information. Thereby, the capability to watermark numerical data directly implies the capability to watermark multimedia objects and discourage information theft on social networking sites and the Internet in general. Unfortunately, there has been very limited research done in the field of numeric set watermarking due to underlying limitations in terms of number of items in the set and LSBs in each item available for watermarking. In 2009, Gupta et al. proposed a numeric set watermarking model that embeds watermark bits in the items of the set based on a hash value of the items’ most significant bits (MSBs). If an item is chosen for watermarking, a watermark bit is embedded in the least significant bits, and the replaced bit is inserted in the fractional value to provide reversibility. The authors show their scheme to be resilient against the traditional subset addition, deletion, and modification attacks as well as secondary watermarking attacks. In this paper, we present a bucket attack on this watermarking model. The attack consists of creating buckets of items with the same MSBs and determine if the items of the bucket carry watermark bits. Experimental results show that the bucket attack is very strong and destroys the entire watermark with close to 100% success rate. We examine the inherent weaknesses in the watermarking model of Gupta et al. that leave it vulnerable to the bucket attack and propose potential safeguards that can provide resilience against this attack.
Resumo:
At Crypto 2008, Shamir introduced a new algebraic attack called the cube attack, which allows us to solve black-box polynomials if we are able to tweak the inputs by varying an initialization vector. In a stream cipher setting where the filter function is known, we can extend it to the cube attack with annihilators: By applying the cube attack to Boolean functions for which we can find low-degree multiples (equivalently annihilators), the attack complexity can be improved. When the size of the filter function is smaller than the LFSR, we can improve the attack complexity further by considering a sliding window version of the cube attack with annihilators. Finally, we extend the cube attack to vectorial Boolean functions by finding implicit relations with low-degree polynomials.
Resumo:
This paper presents a nonlinear observer for estimating parameters associated with the restoring term of a roll motion model of a marine vessel in longitudinal waves. Changes in restoring, also referred to as transverse stability, can be the result of changes in the vessel's centre of gravity due to, for example, water on deck and also in changes in the buoyancy triggered by variations in the water-plane area produced by longitudinal waves -- propagating along the fore-aft direction along the hull. These variations in the restoring can change dramatically the dynamics of the roll motion leading to dangerous resonance. Therefore, it is of interest to estimate and detect such changes.
Resumo:
We present a text watermarking scheme that embeds a bitstream watermark Wi in a text document P preserving the meaning, context, and flow of the document. The document is viewed as a set of paragraphs, each paragraph being a set of sentences. The sequence of paragraphs and sentences used to embed watermark bits is permuted using a secret key. Then, English language sentence transformations are used to modify sentence lengths, thus embedding watermarking bits in the Least Significant Bits (LSB) of the sentences’ cardinalities. The embedding and extracting algorithms are public, while the secrecy and security of the watermark depends on a secret key K. The probability of False Positives is extremely small, hence avoiding incidental occurrences of our watermark in random text documents. Majority voting provides security against text addition, deletion, and swapping attacks, further reducing the probability of False Positives. The scheme is secure against the general attacks on text watermarks such as reproduction (photocopying, FAX), reformatting, synonym substitution, text addition, text deletion, text swapping, paragraph shuffling and collusion attacks.
Resumo:
A well-known attack on RSA with low secret-exponent d was given by Wiener about 15 years ago. Wiener showed that using continued fractions, one can efficiently recover the secret-exponent d from the public key (N,e) as long as d < N 1/4. Interestingly, Wiener stated that his attack may sometimes also work when d is slightly larger than N 1/4. This raises the question of how much larger d can be: could the attack work with non-negligible probability for d=N 1/4 + ρ for some constant ρ > 0? We answer this question in the negative by proving a converse to Wiener’s result. Our result shows that, for any fixed ε > 0 and all sufficiently large modulus lengths, Wiener’s attack succeeds with negligible probability over a random choice of d < N δ (in an interval of size Ω(N δ )) as soon as δ > 1/4 + ε. Thus Wiener’s success bound d
Resumo:
NLS is one of the stream ciphers submitted to the eSTREAM project. We present a distinguishing attack on NLS by Crossword Puzzle (CP) attack method which is introduced in this paper. We build the distinguisher by using linear approximations of both the non-linear feedback shift register (NFSR) and the nonlinear filter function (NLF). Since the bias of the distinguisher depends on the Konst value, which is a key-dependent word, we present the graph showing how the bias of distinguisher vary with Konst. In result, we estimate the bias of the distinguisher to be around O(2^−30). Therefore, we claim that NLS is distinguishable from truly random cipher after observing O(2^60) keystream words. The experiments also show that our distinguishing attack is successful on 90.3% of Konst among 2^32 possible values. We extend the CP attack to NLSv2 which is a tweaked version of NLS. In result, we build a distinguisher which has the bias of around 2− 48. Even though this attack is below the eSTREAM criteria (2^−40), the security margin of NLSv2 seems to be too low.
Resumo:
We present a distinguishing attack against SOBER-128 with linear masking. We found a linear approximation which has a bias of 2^− − 8.8 for the non-linear filter. The attack applies the observation made by Ekdahl and Johansson that there is a sequence of clocks for which the linear combination of some states vanishes. This linear dependency allows that the linear masking method can be applied. We also show that the bias of the distinguisher can be improved (or estimated more precisely) by considering quadratic terms of the approximation. The probability bias of the quadratic approximation used in the distinguisher is estimated to be equal to O(2^− − 51.8), so that we claim that SOBER-128 is distinguishable from truly random cipher by observing O(2^103.6) keystream words.
Resumo:
In a paper published in FSE 2007, a way of obtaining near-collisions and in theory also collisions for the FORK-256 hash function was presented [8]. The paper contained examples of near-collisions for the compression function, but in practice the attack could not be extended to the full function due to large memory requirements and computation time. In this paper we improve the attack and show that it is possible to find near-collisions in practice for any given value of IV. In particular, this means that the full hash function with the prespecified IV is vulnerable in practice, not just in theory. We exhibit an example near-collision for the complete hash function.
Resumo:
Bushfires are regular occurrences in the Australian landscape which can, under adverse weather conditions, give rise to losses of life, property, infrastructure, environmental and cultural values. Where property loss is involved, historical surveys of house losses have focussed on ember, radiant heat and flame contact as key bushfire attack mechanisms. Although often noted, little work has been done to quantify the impact of fire generated or fire enhanced wind and pyro-convective events on house loss and to improve construction practice within Australia. It is well known that strong winds are always associated with bushfire events. It is less well known, although increasingly shown through anecdotal evidence, that bushfires are not a passive companion of wind, but indeed they interact with winds and can together cause significant damages to exposed buildings and ecological structures. Previous studies have revealed the effects of wind, fire and structure interactions with the result of increased pressure coefficient distributions on the windward side of a building downstream of a fire front. This paper presents a further analysis of the result in relations to the relevant standards and fire weather conditions. A review of wind code and bushfire code was conducted. Based on the result of the current study, the authors believe it is necessary to consider wind as an attack mechanism in bushfire events. The results of the study will also have implications on bushfire emergency management, design of emergency shelters, perception of danger, emergency evacuation and on risk assessment.
Resumo:
NLS is a stream cipher which was submitted to the eSTREAM project. A linear distinguishing attack against NLS was presented by Cho and Pieprzyk, which was called Crossword Puzzle (CP) attack. NLSv2 is a tweak version of NLS which aims mainly at avoiding the CP attack. In this paper, a new distinguishing attack against NLSv2 is presented. The attack exploits high correlation amongst neighboring bits of the cipher. The paper first shows that the modular addition preserves pairwise correlations as demonstrated by existence of linear approximations with large biases. Next, it shows how to combine these results with the existence of high correlation between bits 29 and 30 of the S-box to obtain a distinguisher whose bias is around 2^−37. Consequently, we claim that NLSv2 is distinguishable from a random cipher after observing around 2^74 keystream words.
Resumo:
Generally wireless sensor networks rely of many-to-one communication approach for data gathering. This approach is extremely susceptible to sinkhole attack, where an intruder attracts surrounding nodes with unfaithful routing information, and subsequently presents selective forwarding or change the data that carry through it. A sinkhole attack causes an important threat to sensor networks and it should be considered that the sensor nodes are mostly spread out in open areas and of weak computation and battery power. In order to detect the intruder in a sinkhole attack this paper suggests an algorithm which firstly finds a group of suspected nodes by analyzing the consistency of data. Then, the intruder is recognized efficiently in the group by checking the network flow information. The proposed algorithm's performance has been evaluated by using numerical analysis and simulations. Therefore, accuracy and efficiency of algorithm would be verified.
Resumo:
Swietenia macrophylla King (Meliaceae: Swietenioideae) provides one of the premier timbers of the world. The mahogany shoot borer Hypsipyla robusta Moore (Lepidoptera: Pyralidae) is an economically important pest of S. macrophylla throughout Asia, Africa and the Pacific. No viable method of controlling this pest is known. Previous observations have suggested that the presence of overhead shade may reduce attack by H. robusta, but this has not been investigated experimentally. This research was therefore designed to assess the influence of light availability on shoot-borer attack on S. macrophylla, by establishing seedlings under three different artificial shade regimes, then using these seedlings to test oviposition preference of adult moths, neonate larval survival and growth and development of shoot borer larvae. Oviposition preference of shoot borer moths was tested on leaves from seedlings grown under artificial shade for 63 weeks. A significant difference in choice was recorded between treatments, with 27.4 ± 1.5 eggs laid under high shade and 87.1 ± 1.8 under low shade. Neonate larval survival on early flushing leaflets of S. macrophylla did not differ significantly between shade treatments. Larval growth rate, estimated by measuring daily frass width, was significantly higher for those larvae fed on seedlings from the high and medium shade treatments (0.1 mm/day), than the low shade treatment (0.06 mm/day). In laboratory-reared larvae, the total mass of frass produced was significantly higher in the high shade treatment (0.4 g) than under the low shade treatment (0.2 g). Longer tunnel lengths were bored by larvae in plants grown under high shade (12.0 ± 2.4 cm) than under low shade (7.07 ± 1.9 cm). However, pupal mass under low shade was 48% higher than that under the high shade treatment, suggesting that plants grown under high shade were of lower nutritional quality for shoot borer larvae. These results indicate that shading of mahogany seedlings may reduce the incidence of shoot borer attack, by influencing both oviposition and larval development. The establishment of mahogany under suitable shade regimes may therefore provide a basis for controlling shoot borer attack using silvicultural approaches.