810 resultados para malware attacks
Resumo:
Password authentication has been adopted as one of the most commonly used solutions in network environment to protect resources from unauthorized access. Recently, Lee–Kim–Yoo [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Chien et al.'s remote user authentication scheme using smart cards, Computer Standards & Interfaces 27 (2) (2005) 181–183] and Lee-Chiu [N.Y. Lee, Y.C. Chiu, Improved remote authentication scheme with smart card, Computer Standards & Interfaces 27 (2) (2005) 177–180] respectively proposed a smart card based password authentication scheme. We show that these two schemes are both subject to forgery attacks provided that the information stored in the smart card is disclosed by the adversary. We also propose an improved scheme with formal security proof.
Resumo:
传统的恶意代码动态分析每次分析的对象只是恶意代码的某一个执行路径,难以保证分析的全面性.恶意代码多路径分析是解决该问题的思路之一.本文提出一种基于代码覆盖的多路径分析方法,通过标识判断条件节点,减少局部路径被重复遍历的次数,在保证分析效果的同时,提高分析系统的分析效率以及代码覆盖率.通过对大量典型恶意代码的分析验证表明,本方法可明显缩短分析时间,提高分析效率和分析的全面性.
Resumo:
作为加密标准,DES(data encryption standard)算法虽然已被AES(advanced encryption standard)算法所取代,但其仍有着不可忽视的重要作用.在一些领域,尤其是金融领域,DES和Triple DES仍被广泛使用着.而近年来又提出了一些新的密码分析方法,其中,Rectangle攻击和Boomerang攻击已被证明是非常强大而有效的.因此,有必要重新评估DES算法抵抗这些新分析方法的能力.研究了DES算法针对Rectangle攻击和Boomerang攻击的安全性.利用DES各轮最优差分路径及其概率,分别得到了对12轮DES的Rectangle攻击和对11轮DES的Boomerang攻击.攻击结果分别为:利用Rectangle攻击可以攻击到12轮DES,数据复杂度为2~(62)。个选择明文,时间复杂度为2~(42)次12轮加密;利用Boomerang攻击可以攻击到11轮DES,数据复杂度为2~(58)个适应性选择明密文,时间复杂度为2~(38)次11轮加密.由于使用的都是DES各轮的最优差分路径,所以可以相信,该结果是Rectangle攻击和Boomerang攻击对DES所能达到的最好结果.
Resumo:
研究AES-256抵抗相关密钥-不可能差分密码分析的能力.首先给出相关密钥的差分,该差分可以扩展到8轮(甚至更多轮)子密钥差分;然后构造出一个5.5轮的相关密钥不可能差分特征.最后,给出一个对7轮AES-256的攻击和4个对8轮AES-256的攻击.
Resumo:
文中研究由密文的完整性检查而导致的数据保密性问题,提出一个新的安全概念——加密方案在密文验证攻击下的不可区分性(IND-CVA:indistinguishability ofencryption scheme under ciphertext verification attacks)来刻画加密方案在这种情况下的保密安全性。IND-CVA允许敌手访问加密oracle和密文验证oracle。与IND-CPA和IND-CCA相比,IND-CVA比IND-CPA稍微强些,但要比IND-CCA弱得多。IND-CVA能使多数常用的加密方案(如:OTP,CBC,及CTR)得以满足。并且,这个IND-CVA可以恰当地刻画安全信道的保密安全性。将认证方案和加密方案结合起来是保证通信安全的一种常用方法。然而,在IND-CVA模型下,当利用认证方案来加强保密安全性的时候,却有可能反而破坏了原有的保密安全性。IND-CVA揭示了完整性对保密性的影响,准确刻画了安全信道的保密性要求,为协议设计提供了有益的参考。
Resumo:
Compared with other existing methods, the feature point-based image watermarking schemes can resist to global geometric attacks and local geometric attacks, especially cropping and random bending attacks (RBAs), by binding watermark synchronization with salient image characteristics. However, the watermark detection rate remains low in the current feature point-based watermarking schemes. The main reason is that both of feature point extraction and watermark embedding are more or less related to the pixel position, which is seriously distorted by the interpolation error and the shift problem during geometric attacks. In view of these facts, this paper proposes a geometrically robust image watermarking scheme based on local histogram. Our scheme mainly consists of three components: (1) feature points extraction and local circular regions (LCRs) construction are conducted by using Harris-Laplace detector; (2) a mechanism of grapy theoretical clustering-based feature selection is used to choose a set of non-overlapped LCRs, then geometrically invariant LCRs are completely formed through dominant orientation normalization; and (3) the histogram and mean statistically independent of the pixel position are calculated over the selected LCRs and utilized to embed watermarks. Experimental results demonstrate that the proposed scheme can provide sufficient robustness against geometric attacks as well as common image processing operations. (C) 2010 Elsevier B.V. All rights reserved.
Resumo:
Feature-based image watermarking schemes, which aim to survive various geometric distortions, have attracted great attention in recent years. Existing schemes have shown robustness against rotation, scaling, and translation, but few are resistant to cropping, nonisotropic scaling, random bending attacks (RBAs), and affine transformations. Seo and Yoo present a geometrically invariant image watermarking based on affine covariant regions (ACRs) that provide a certain degree of robustness. To further enhance the robustness, we propose a new image watermarking scheme on the basis of Seo's work, which is insensitive to geometric distortions as well as common image processing operations. Our scheme is mainly composed of three components: 1) feature selection procedure based on graph theoretical clustering algorithm is applied to obtain a set of stable and nonoverlapped ACRs; 2) for each chosen ACR, local normalization, and orientation alignment are performed to generate a geometrically invariant region, which can obviously improve the robustness of the proposed watermarking scheme; and 3) in order to prevent the degradation in image quality caused by the normalization and inverse normalization, indirect inverse normalization is adopted to achieve a good compromise between the imperceptibility and robustness. Experiments are carried out on an image set of 100 images collected from Internet, and the preliminary results demonstrate that the developed method improves the performance over some representative image watermarking approaches in terms of robustness.
Resumo:
Hot dip Zn-Al alloy coating performs better than hot dip galvanized coating and 55% Al-Zn-Si coating as well with regard to general seawater corrosion protection. A characterization of the corrosion products on Zn-Al alloy coating immersed in dynamic aerated seawater has been performed mainly based on transmission electron microscopy (TEM) for morphological analysis and X-ray diffraction (XRD) technique for crystalline phase identification. The XRD and TEM analyses showed that the corrosion products mainly were typical nanometer Zn4CO3(OH)(6).H2O, Zn-5(OH)(8)Cl-2 and Zn6Al2CO3(OH)(16). 4H(2)O microcrystals. This probably is connected to the co-precipitation of Zn2+ and Al3+ ions caused by adsorption. Zn-Al alloy coating being suffered seawater attacks, AI(OH)(3) gel was first produced on the coating surface. Zn and Al hydroxides would co-precipitate and form double-hydroxide when the concentration of adsorbed Zn2+ ions by the newly produced gel exceeded the critical degree of supersaturation of the interphase nucleation. However, because the growth of the crystals was too low to keep in step with the nucleation, a layer of nano-crystalline corrosion products were produced on the surface of the coating finally. (C) 2001 Elsevier Science Ltd. All rights reserved.
Resumo:
Expert systems are too slow. This work attacks that problem by speeding up a useful system component that remembers facts and tracks down simple consequences. The redesigned component can assimilate new facts more quickly because it uses a compact, grammar-based internal representation to deal with whole classes of equivalent expressions at once. It can support faster hypothetical reasoning because it remembers the consequences of several assumption sets at once. The new design is targeted for situations in which many of the stored facts are equalities. The deductive machinery considered here supplements stored premises with simple new conclusions. The stored premises include permanently asserted facts and temporarily adopted assumptions. The new conclusions are derived by substituting equals for equals and using the properties of the logical connectives AND, Or, and NOT. The deductive system provides supporting premises for its derived conclusions. Reasoning that involves quantifiers is beyond the scope of its limited and automatic operation. The expert system of which the reasoning system is a component is expected to be responsible for overall control of reasoning.
Resumo:
Web threats are becoming a major issue for both governments and companies. Generally, web threats increased as much as 600% during last year (WebSense, 2013). This appears to be a significant issue, since many major businesses seem to provide these services. Denial of Service (DoS) attacks are one of the most significant web threats and generally their aim is to waste the resources of the target machine (Mirkovic & Reiher, 2004). Dis-tributed Denial of Service (DDoS) attacks are typically executed from many sources and can result in large traf-fic flows. During last year 11% of DDoS attacks were over 60 Gbps (Prolexic, 2013a). The DDoS attacks are usually performed from the large botnets, which are networks of remotely controlled computers. There is an increasing effort by governments and companies to shut down the botnets (Dittrich, 2012), which has lead the attackers to look for alternative DDoS attack methods. One of the techniques to which attackers are returning to is DDoS amplification attacks. Amplification attacks use intermediate devices called amplifiers in order to amplify the attacker's traffic. This work outlines an evaluation tool and evaluates an amplification attack based on the Trivial File Transfer Proto-col (TFTP). This attack could have amplification factor of approximately 60, which rates highly alongside other researched amplification attacks. This could be a substantial issue globally, due to the fact this protocol is used in approximately 599,600 publicly open TFTP servers. Mitigation methods to this threat have also been consid-ered and a variety of countermeasures are proposed. Effects of this attack on both amplifier and target were analysed based on the proposed metrics. While it has been reported that the breaching of TFTP would be possible (Schultz, 2013), this paper provides a complete methodology for the setup of the attack, and its verification.
Resumo:
Gunning, Jeroen. 'Terrorism, Charities and Diasporas: Contrasting the fundraising practices of Hamas and al Qaeda among Muslims in Europe', In: Countering the Financing of Terrorism (New York: Routledge, 2007), pp.93-125 RAE2008
Resumo:
Wheeler, Nicholas, 'Dying for `Enduring Freedom': Accepting Responsibility for Civilian Casualties in the War against Terrorism', International Relations (2002) 16(2) pp.205-225 RAE2008
Resumo:
McInnes, C., 'A different kind of war? 11 September and the United States' Afghan war'. Review of International Studies, 29 (2), 165-184. RAE2008