918 resultados para Algebraic attack


Relevância:

20.00% 20.00%

Publicador:

Resumo:

Despite the large applicability of the field capacity (FC) concept in hydrology and engineering, it presents various ambiguities and inconsistencies due to a lack of methodological procedure standardization. Experimental field and laboratory protocols taken from the literature were used in this study to determine the value of FC for different depths in 29 soil profiles, totaling 209 soil samples. The volumetric water content (θ) values were also determined at three suction values (6 kPa, 10 kPa, 33 kPa), along with bulk density (BD), texture (T) and organic matter content (OM). The protocols were devised based on the water processes involved in the FC concept aiming at minimizing hydraulic inconsistencies and procedural difficulty while maintaining the practical meaning of the concept. A high correlation between FC and θ(6 kPa) allowed the development of a pedotransfer function (Equation 3) quadratic for θ(6 kPa), resulting in an accurate and nearly bias-free calculation of FC for the four database geographic areas, with a global root mean squared residue (RMSR) of 0.026 m3·m-3. At the individual soil profile scale, the maximum RMSR was only 0.040 m3·m-3. The BD, T and OM data were generally of a low predicting quality regarding FC when not accompanied by the moisture variables. As all the FC values were obtained by the same experimental protocol and as the predicting quality of Equation 3 was clearly better than that of the classical method, which considers FC equal to θ(6), θ(10) or θ(33), we recommend using Equation 3 rather than the classical method, as well as the protocol presented here, to determine in-situ FC.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

Eucalyptus spp genus is economically important to different industry fields. There are pests that damage the development of eucalypts and Glycaspis brimblecombei, a sap-sucking insect, is one of them. Studies about this insect attack to the eucalypts showed preferences. This work aim was to compare the preferences of the insect with thermoanalytical characteristics of different eucalypts (susceptible, less susceptible and resistant to Glycaspis brimblecombei) essential oils. The leaves of six species of Eucalyptus were crushed and the essential oil was extracted using Clevenger apparatus. The Shimadzu DTG-60H was used to analyze the samples. The results showed that the samples from more susceptible eucalypts had total mass loss at about 124ºC to 156ºC, lower than samples from more resistant eucalypts (from 168ºC to 175ºC). Furthermore, the study suggests that the susceptibility or the resistance of eucalypts to the pest may be related to their essential oil composition and concentration of monoterpenes and sesquiterpenes.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Bid opening in e-auction is efficient when a homomorphic secret sharing function is employed to seal the bids and homomorphic secret reconstruction is employed to open the bids. However, this high efficiency is based on an assumption: the bids are valid (e.g., within a special range). An undetected invalid bid can compromise correctness and fairness of the auction. Unfortunately, validity verification of the bids is ignored in the auction schemes employing homomorphic secret sharing (called homomorphic auction in this paper). In this paper, an attack against the homomorphic auction in the absence of bid validity check is presented and a necessary bid validity check mechanism is proposed. Then a batch cryptographic technique is introduced and applied to improve the efficiency of bid validity check.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

In this work, we examine unbalanced computation between an initiator and a responder that leads to resource exhaustion attacks in key exchange protocols. We construct models for two cryp-tographic protocols; one is the well-known Internet protocol named Secure Socket Layer (SSL) protocol, and the other one is the Host Identity Protocol (HIP) which has built-in DoS-resistant mechanisms. To examine such protocols, we develop a formal framework based on Timed Coloured Petri Nets (Timed CPNs) and use a simulation approach provided in CPN Tools to achieve a formal analysis. By adopting the key idea of Meadows' cost-based framework and re¯ning the de¯nition of operational costs during the protocol execution, our simulation provides an accurate cost estimate of protocol execution compar- ing among principals, as well as the percentage of successful connections from legitimate users, under four di®erent strategies of DoS attack.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

We present the first detailed application of Meadows’s cost-based modelling framework to the analysis of JFK, an Internet key agreement protocol. The analysis identifies two denial of service attacks against the protocol that are possible when an attacker is willing to reveal the source IP address. The first attack was identified through direct application of a cost-based modelling framework, while the second was only identified after considering coordinated attackers. Finally, we demonstrate how the inclusion of client puzzles in the protocol can improve denial of service resistance against both identified attacks.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Denial-of-service attacks (DoS) and distributed denial-of-service attacks (DDoS) attempt to temporarily disrupt users or computer resources to cause service un- availability to legitimate users in the internetworking system. The most common type of DoS attack occurs when adversaries °ood a large amount of bogus data to interfere or disrupt the service on the server. The attack can be either a single-source attack, which originates at only one host, or a multi-source attack, in which multiple hosts coordinate to °ood a large number of packets to the server. Cryptographic mechanisms in authentication schemes are an example ap- proach to help the server to validate malicious tra±c. Since authentication in key establishment protocols requires the veri¯er to spend some resources before successfully detecting the bogus messages, adversaries might be able to exploit this °aw to mount an attack to overwhelm the server resources. The attacker is able to perform this kind of attack because many key establishment protocols incorporate strong authentication at the beginning phase before they can iden- tify the attacks. This is an example of DoS threats in most key establishment protocols because they have been implemented to support con¯dentiality and data integrity, but do not carefully consider other security objectives, such as availability. The main objective of this research is to design denial-of-service resistant mechanisms in key establishment protocols. In particular, we focus on the design of cryptographic protocols related to key establishment protocols that implement client puzzles to protect the server against resource exhaustion attacks. Another objective is to extend formal analysis techniques to include DoS- resistance. Basically, the formal analysis approach is used not only to analyse and verify the security of a cryptographic scheme carefully but also to help in the design stage of new protocols with a high level of security guarantee. In this research, we focus on an analysis technique of Meadows' cost-based framework, and we implement DoS-resistant model using Coloured Petri Nets. Meadows' cost-based framework is directly proposed to assess denial-of-service vulnerabil- ities in the cryptographic protocols using mathematical proof, while Coloured Petri Nets is used to model and verify the communication protocols using inter- active simulations. In addition, Coloured Petri Nets are able to help the protocol designer to clarify and reduce some inconsistency of the protocol speci¯cation. Therefore, the second objective of this research is to explore vulnerabilities in existing DoS-resistant protocols, as well as extend a formal analysis approach to our new framework for improving DoS-resistance and evaluating the performance of the new proposed mechanism. In summary, the speci¯c outcomes of this research include following results; 1. A taxonomy of denial-of-service resistant strategies and techniques used in key establishment protocols; 2. A critical analysis of existing DoS-resistant key exchange and key estab- lishment protocols; 3. An implementation of Meadows's cost-based framework using Coloured Petri Nets for modelling and evaluating DoS-resistant protocols; and 4. A development of new e±cient and practical DoS-resistant mechanisms to improve the resistance to denial-of-service attacks in key establishment protocols.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Health Information Systems (HIS) make extensive use of Information and Communication Technologies (ICT). The use of ICT aids in improving the quality and efficiency of healthcare services by making healthcare information available at the point of care (Goldstein, Groen, Ponkshe, and Wine, 2007). The increasing availability of healthcare data presents security and privacy issues which have not yet been fully addressed (Liu, Caelli, May, and Croll, 2008a). Healthcare organisations have to comply with the security and privacy requirements stated in laws, regulations and ethical standards, while managing healthcare information. Protecting the security and privacy of healthcare information is a very complex task (Liu, May, Caelli and Croll, 2008b). In order to simplify the complexity of providing security and privacy in HIS, appropriate information security services and mechanisms have to be implemented. Solutions at the application layer have already been implemented in HIS such as those existing in healthcare web services (Weaver et al., 2003). In addition, Discretionary Access Control (DAC) is the most commonly implemented access control model to restrict access to resources at the OS layer (Liu, Caelli, May, Croll and Henricksen, 2007a). Nevertheless, the combination of application security mechanisms and DAC at the OS layer has been stated to be insufficient in satisfying security requirements in computer systems (Loscocco et al., 1998). This thesis investigates the feasibility of implementing Security Enhanced Linux (SELinux) to enforce a Role-Based Access Control (RBAC) policy to help protect resources at the Operating System (OS) layer. SELinux provides Mandatory Access Control (MAC) mechanisms at the OS layer. These mechanisms can contain the damage from compromised applications and restrict access to resources according to the security policy implemented. The main contribution of this research is to provide a modern framework to implement and manage SELinux in HIS. The proposed framework introduces SELinux Profiles to restrict access permissions over the system resources to authorised users. The feasibility of using SELinux profiles in HIS was demonstrated through the creation of a prototype, which was submitted to various attack scenarios. The prototype was also subjected to testing during emergency scenarios, where changes to the security policies had to be made on the spot. Attack scenarios were based on vulnerabilities common at the application layer. SELinux demonstrated that it could effectively contain attacks at the application layer and provide adequate flexibility during emergency situations. However, even with the use of current tools, the development of SELinux policies can be very complex. Further research has to be made in order to simplify the management of SELinux policies and access permissions. In addition, SELinux related technologies, such as the Policy Management Server by Tresys Technologies, need to be researched in order to provide solutions at different layers of protection.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

The research presented in this thesis addresses inherent problems in signaturebased intrusion detection systems (IDSs) operating in heterogeneous environments. The research proposes a solution to address the difficulties associated with multistep attack scenario specification and detection for such environments. The research has focused on two distinct problems: the representation of events derived from heterogeneous sources and multi-step attack specification and detection. The first part of the research investigates the application of an event abstraction model to event logs collected from a heterogeneous environment. The event abstraction model comprises a hierarchy of events derived from different log sources such as system audit data, application logs, captured network traffic, and intrusion detection system alerts. Unlike existing event abstraction models where low-level information may be discarded during the abstraction process, the event abstraction model presented in this work preserves all low-level information as well as providing high-level information in the form of abstract events. The event abstraction model presented in this work was designed independently of any particular IDS and thus may be used by any IDS, intrusion forensic tools, or monitoring tools. The second part of the research investigates the use of unification for multi-step attack scenario specification and detection. Multi-step attack scenarios are hard to specify and detect as they often involve the correlation of events from multiple sources which may be affected by time uncertainty. The unification algorithm provides a simple and straightforward scenario matching mechanism by using variable instantiation where variables represent events as defined in the event abstraction model. The third part of the research looks into the solution to address time uncertainty. Clock synchronisation is crucial for detecting multi-step attack scenarios which involve logs from multiple hosts. Issues involving time uncertainty have been largely neglected by intrusion detection research. The system presented in this research introduces two techniques for addressing time uncertainty issues: clock skew compensation and clock drift modelling using linear regression. An off-line IDS prototype for detecting multi-step attacks has been implemented. The prototype comprises two modules: implementation of the abstract event system architecture (AESA) and of the scenario detection module. The scenario detection module implements our signature language developed based on the Python programming language syntax and the unification-based scenario detection engine. The prototype has been evaluated using a publicly available dataset of real attack traffic and event logs and a synthetic dataset. The distinct features of the public dataset are the fact that it contains multi-step attacks which involve multiple hosts with clock skew and clock drift. These features allow us to demonstrate the application and the advantages of the contributions of this research. All instances of multi-step attacks in the dataset have been correctly identified even though there exists a significant clock skew and drift in the dataset. Future work identified by this research would be to develop a refined unification algorithm suitable for processing streams of events to enable an on-line detection. In terms of time uncertainty, identified future work would be to develop mechanisms which allows automatic clock skew and clock drift identification and correction. The immediate application of the research presented in this thesis is the framework of an off-line IDS which processes events from heterogeneous sources using abstraction and which can detect multi-step attack scenarios which may involve time uncertainty.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Objectives: The current study was conducted to determine levels of cardiac knowledge and cardiopulmonary resuscitation (CPR) training in older people in Queensland, Australia.---------- Methods: A telephone survey of 4490 Queensland adults examined respondents’ knowledge of coronary heart disease (CHD) risk factors, knowledge of heart attack symptoms, knowledge of the local emergency telephone number, as well as respondents’ rates and recency of training in CPR.---------- Results: Older participants, aged 60 years and over, were approximately one and a half times more likely than the 30–39 year-old reference group to have limited knowledge of heart disease risk factors (OR = 1.53), and low knowledge of heart attack symptoms (OR = 1.60). Knowledge of the local emergency telephone number also decreased with age. Older participants had significantly lower rates of training in CPR, with almost three quarters (71.7%) reporting that they had never been trained. Older people who had completed CPR training were significantly less likely to have done so recently.---------- Conclusions: Cardiac knowledge levels and CPR training rates in older Queensland persons were lower than those found in the younger population.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

When should a person who has a heart attack not be resuscitated? When should a patient no longer be kept alive on a ventilator, or be provided with food and water by a tube? When should a person not be given a blood transfusion they need to stay alive? The answers to these questions depend on a number of factors including the mental or physical condition of the patient and any wishes they have expressed prior to losing the ability to make this decision, as well as the requirements of good medical practice. This video is a record of a public lecture held on 7 July 2004 by the Faculty of Law at the Queensland University of Technology, in association with the Faculty of Health, the Centre for Palliative Care Research and Education, and Palliative Care Queensland.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

This paper provides a fresh analysis of the widely-used Common Scrambling Algorithm Stream Cipher (CSA-SC). Firstly, a new representation of CSA-SC with a state size of only 89 bits is given, a significant reduction from the 103 bit state of a previous CSA-SC representation. Analysis of this 89-bit representation demonstrates that the basis of a previous guess-and-determine attack is flawed. Correcting this flaw increases the complexity of that attack so that it is worse than exhaustive key search. Although that attack is not feasible, the reduced state size of our representation makes it obvious that CSA-SC is vulnerable to several generic attacks, for which feasible parameters are given.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

Process Control Systems (PCSs) or Supervisory Control and Data Acquisition (SCADA) systems have recently been added to the already wide collection of wireless sensor networks applications. The PCS/SCADA environment is somewhat more amenable to the use of heavy cryptographic mechanisms such as public key cryptography than other sensor application environments. The sensor nodes in the environment, however, are still open to devastating attacks such as node capture, which makes designing a secure key management challenging. In this paper, a key management scheme is proposed to defeat node capture attack by offering both forward and backward secrecies. Our scheme overcomes the pitfalls which Nilsson et al.'s scheme suffers from, and is not more expensive than their scheme.

Relevância:

10.00% 10.00%

Publicador:

Resumo:

This paper introduces fast algorithms for performing group operations on twisted Edwards curves, pushing the recent speed limits of Elliptic Curve Cryptography (ECC) forward in a wide range of applications. Notably, the new addition algorithm uses for suitably selected curve constants. In comparison, the fastest point addition algorithms for (twisted) Edwards curves stated in the literature use . It is also shown that the new addition algorithm can be implemented with four processors dropping the effective cost to . This implies an effective speed increase by the full factor of 4 over the sequential case. Our results allow faster implementation of elliptic curve scalar multiplication. In addition, the new point addition algorithm can be used to provide a natural protection from side channel attacks based on simple power analysis (SPA).