875 resultados para Internet security applications
Resumo:
High end network security applications demand high speed operation and large rule set support. Packet classification is the core functionality that demands high throughput in such applications. This paper proposes a packet classification architecture to meet such high throughput. We have implemented a Firewall with this architecture in reconflgurable hardware. We propose an extension to Distributed Crossproducting of Field Labels (DCFL) technique to achieve scalable and high performance architecture. The implemented Firewall takes advantage of inherent structure and redundancy of rule set by using our DCFL Extended (DCFLE) algorithm. The use of DCFLE algorithm results in both speed and area improvement when it is implemented in hardware. Although we restrict ourselves to standard 5-tuple matching, the architecture supports additional fields. High throughput classification invariably uses Ternary Content Addressable Memory (TCAM) for prefix matching, though TCAM fares poorly in terms of area and power efficiency. Use of TCAM for port range matching is expensive, as the range to prefix conversion results in large number of prefixes leading to storage inefficiency. Extended TCAM (ETCAM) is fast and the most storage efficient solution for range matching. We present for the first time a reconfigurable hardware implementation of ETCAM. We have implemented our Firewall as an embedded system on Virtex-II Pro FPGA based platform, running Linux with the packet classification in hardware. The Firewall was tested in real time with 1 Gbps Ethernet link and 128 sample rules. The packet classification hardware uses a quarter of logic resources and slightly over one third of memory resources of XC2VP30 FPGA. It achieves a maximum classification throughput of 50 million packet/s corresponding to 16 Gbps link rate for the worst case packet size. The Firewall rule update involves only memory re-initialization in software without any hardware change.
Resumo:
High end network security applications demand high speed operation and large rule set support. Packet classification is the core functionality that demands high throughput in such applications. This paper proposes a packet classification architecture to meet such high throughput. We have Implemented a Firewall with this architecture in reconfigurable hardware. We propose an extension to Distributed Crossproducting of Field Labels (DCFL) technique to achieve scalable and high performance architecture. The implemented Firewall takes advantage of inherent structure and redundancy of rule set by using, our DCFL Extended (DCFLE) algorithm. The use of DCFLE algorithm results In both speed and area Improvement when It is Implemented in hardware. Although we restrict ourselves to standard 5-tuple matching, the architecture supports additional fields.High throughput classification Invariably uses Ternary Content Addressable Memory (TCAM) for prefix matching, though TCAM fares poorly In terms of area and power efficiency. Use of TCAM for port range matching is expensive, as the range to prefix conversion results in large number of prefixes leading to storage inefficiency. Extended TCAM (ETCAM) is fast and the most storage efficient solution for range matching. We present for the first time a reconfigurable hardware Implementation of ETCAM. We have implemented our Firewall as an embedded system on Virtex-II Pro FPGA based platform, running Linux with the packet classification in hardware. The Firewall was tested in real time with 1 Gbps Ethernet link and 128 sample rules. The packet classification hardware uses a quarter of logic resources and slightly over one third of memory resources of XC2VP30 FPGA. It achieves a maximum classification throughput of 50 million packet/s corresponding to 16 Gbps link rate for file worst case packet size. The Firewall rule update Involves only memory re-initialiization in software without any hardware change.
Resumo:
Real time anomaly detection is the need of the hour for any security applications. In this article, we have proposed a real time anomaly detection for H.264 compressed video streams utilizing pre-encoded motion vectors (MVs). The proposed work is principally motivated by the observation that MVs have distinct characteristics during anomaly than usual. Our observation shows that H.264 MV magnitude and orientation contain relevant information which can be used to model the usual behavior (UB) effectively. This is subsequently extended to detect abnormality/anomaly based on the probability of occurrence of a behavior. The performance of the proposed algorithm was evaluated and bench-marked on UMN and Ped anomaly detection video datasets, with a detection rate of 70 frames per sec resulting in 90x and 250x speedup, along with on-par detection accuracy compared to the state-of-the-art algorithms.
Resumo:
High-background applications such as climate monitoring, biology and security applications demand a large dynamic range. Under such conditions ultra-high sensitivity is not required. The resonator bolometer is a novel detector which is well-suited for these conditions. This device takes advantage of the high-density frequency multiplexing capabilities of superconducting microresonators while allowing for the use of high-Tc superconductors in fabrication, which enables a modest (1-4 K) operating temperature and larger dynamic range than is possible with conventional microresonators. The moderate operating temperature and intrinsic multiplexability of this device reduce cost and allow for large pixel counts, making the resonator bolometer especially suitable for the aforementioned applications. A single pixel consists of a superconducting microresonator whose light-absorbing area is placed on a thermally isolated island. Here we present experimental results and theoretical calculations for a prototype resonator bolometer array. Intrinsic device noise and noise equivalent power (NEP) under both dark and illuminated conditions are presented. Under dark conditions the device sensitivity is limited by the thermal noise fluctuations from the bolometer legs. Under the experimental illuminated conditions the device was photon noise limited.
Resumo:
This thesis presents research theorising the use of social network sites (SNS) for the consumption of cultural goods. SNS are Internet-based applications that enable people to connect, interact, discover, and share user-generated content. They have transformed communication practices and are facilitating users to present their identity online through the disclosure of information on a profile. SNS are especially effective for propagating content far and wide within a network of connections. Cultural goods constitute hedonic experiential goods with cultural, artistic, and entertainment value, such as music, books, films, and fashion. Their consumption is culturally dependant and they have unique characteristics that distinguish them from utilitarian products. The way in which users express their identity on SNS is through the sharing of cultural interests and tastes. This makes cultural good consumption vulnerable to the exchange of content and ideas that occurs across an expansive network of connections within these social systems. This study proposes the lens of affordances to theorise the use of social network sites for the consumption of cultural goods. Qualitative case study research using two phases of data collection is proposed in the application of affordances to the research topic. The interaction between task, technology, and user characteristics is investigated by examining each characteristic in detail, before investigating the actual interaction between the user and the artifact for a particular purpose. The study contributes to knowledge by (i) improving our understanding of the affordances of social network sites for the consumption of cultural goods, (ii) demonstrating the role of task, technology and user characteristics in mediating user behaviour for user-artifact interactions, (iii) explaining the technical features and user activities important to the process of consuming cultural goods using social network sites, and (iv) theorising the consumption of cultural goods using SNS by presenting a theoretical research model which identifies empirical indicators of model constructs and maps out affordance dependencies and hierarchies. The study also provides a systematic research process for applying the concept of affordances to the study of system use.
Resumo:
It has been shown that remote monitoring of pulmonary activity can be achieved using ultra-wideband (UWB) systems, which shows promise in home healthcare, rescue, and security applications. In this paper, we first present a multi-ray propagation model for UWB signal, which is traveling through the human thorax and is reflected on the air/dry-skin/fat/muscle interfaces. A geometry-based statistical channel model is then developed for simulating the reception of UWB signals in the indoor propagation environment. This model enables replication of time-varying multipath profiles due to the displacement of a human chest. Subsequently, a UWB distributed cognitive radar system (UWB-DCRS) is developed for the robust detection of chest cavity motion and the accurate estimation of respiration rate. The analytical framework can serve as a basis in the planning and evaluation of future measurement programs. We also provide a case study on how the antenna beamwidth affects the estimation of respiration rate based on the proposed propagation models and system architecture
Resumo:
A new type of advanced encryption standard (AES) implementation using a normal basis is presented. The method is based on a lookup technique that makes use of inversion and shift registers, which leads to a smaller size of lookup for the S-box than its corresponding implementations. The reduction in the lookup size is based on grouping sets of inverses into conjugate sets which in turn leads to a reduction in the number of lookup values. The above technique is implemented in a regular AES architecture using register files, which requires less interconnect and area and is suitable for security applications. The results of the implementation are competitive in throughput and area compared with the corresponding solutions in a polynomial basis.
Resumo:
True random number generation is crucial in hardware security applications. Proposed is a voltage-controlled true random number generator that is inherently field-programmable. This facilitates increased entropy as a randomness source because there is more than one configuration state which lends itself to more compact and low-power architectures. It is evaluated through electrical characterisation and statistically through industry-standard randomness tests. To the best of the author's knowledge, it is one of the most efficient designs to date with respect to hardware design metrics.
Resumo:
Neutrons are unique particles to probe samples in many ?elds of research ranging from biology to material sciences to engineering and security applications. Access to bright, pulsed sources is currently
limited to large accelerator facilities and there has been a growing need for compact sources over the recent years. Short pulse laser driven neutron sources could be a compact and relatively cheap way to
produce neutrons with energies in excess of 10 MeV. For more than a decade experiments have tried to obtain neutron numbers suf?cient for applications. Our recent experiments demonstrated an ion acceleration mechanism based on the concept of relativistic transparency. Using this new mechanism, we produced an intense beam of high energy (up to 170 MeV) deuterons directed into a Be converter to
produce a forward peaked neutron ?ux with a record yield, on the order of 1010 n=sr. We present results comparing the two acceleration mechanisms and the ?rst short pulse laser generated neutron radiograph.
Resumo:
Selective cell recognition and capture has recently attracted significant interest due to its potential importance for clinical, diagnostic, environmental, and security applications. Current methods for cell isolation from complex samples are largely dependent on cell size and density, with limited application scope as many of the target cells do not exhibit appreciable differences in this respect. The most recent and forthcoming developments in the area of selective recognition and capture of whole cells, based on natural receptors, as well as synthetic materials utilising physical and chemical properties of the target cell or microorganism, are highlighted. Particular focus is given to the development of cell complementary surfaces using the cells themselves as templating agents, by means of molecular imprinting, and their combination with sensing platforms for rapid cell detection in complex media. The benefits and challenges of each approach are discussed and a perspective of the future of this research area is given.
Resumo:
Physically Unclonable Functions (PUFs), exploit inherent manufacturing variations and present a promising solution for hardware security. They can be used for key storage, authentication and ID generations. Low power cryptographic design is also very important for security applications. However, research to date on digital PUF designs, such as Arbiter PUFs and RO PUFs, is not very efficient. These PUF designs are difficult to implement on Field Programmable Gate Arrays (FPGAs) or consume many FPGA hardware resources. In previous work, a new and efficient PUF identification generator was presented for FPGA. The PUF identification generator is designed to fit in a single slice per response bit by using a 1-bit PUF identification generator cell formed as a hard-macro. In this work, we propose an ultra-compact PUF identification generator design. It is implemented on ten low-cost Xilinx Spartan-6 FPGA LX9 microboards. The resource utilization is only 2.23%, which, to the best of the authors' knowledge, is the most compact and robust FPGA-based PUF identification generator design reported to date. This PUF identification generator delivers a stable range of uniqueness of around 50% and good reliability between 85% and 100%.
Resumo:
In Mobile Ad hoc NETworks (MANETs), where cooperative behaviour is mandatory, there is a high probability for some nodes to become overloaded with packet forwarding operations in order to support neighbor data exchange. This altruistic behaviour leads to an unbalanced load in the network in terms of traffic and energy consumption. In such scenarios, mobile nodes can benefit from the use of energy efficient and traffic fitting routing protocol that better suits the limited battery capacity and throughput limitation of the network. This PhD work focuses on proposing energy efficient and load balanced routing protocols for ad hoc networks. Where most of the existing routing protocols simply consider the path length metric when choosing the best route between a source and a destination node, in our proposed mechanism, nodes are able to find several routes for each pair of source and destination nodes and select the best route according to energy and traffic parameters, effectively extending the lifespan of the network. Our results show that by applying this novel mechanism, current flat ad hoc routing protocols can achieve higher energy efficiency and load balancing. Also, due to the broadcast nature of the wireless channels in ad hoc networks, other technique such as Network Coding (NC) looks promising for energy efficiency. NC can reduce the number of transmissions, number of re-transmissions, and increase the data transfer rate that directly translates to energy efficiency. However, due to the need to access foreign nodes for coding and forwarding packets, NC needs a mitigation technique against unauthorized accesses and packet corruption. Therefore, we proposed different mechanisms for handling these security attacks by, in particular by serially concatenating codes to support reliability in ad hoc network. As a solution to this problem, we explored a new security framework that proposes an additional degree of protection against eavesdropping attackers based on using concatenated encoding. Therefore, malicious intermediate nodes will find it computationally intractable to decode the transitive packets. We also adopted another code that uses Luby Transform (LT) as a pre-coding code for NC. Primarily being designed for security applications, this code enables the sink nodes to recover corrupted packets even in the presence of byzantine attacks.
Resumo:
De nos jours, la voiture est devenue le mode de transport le plus utilisé, mais malheureusement, il est accompagné d’un certain nombre de problèmes (accidents, pollution, embouteillages, etc.), qui vont aller en s’aggravant avec l’augmentation prévue du nombre de voitures particulières, malgré les efforts très importants mis en œuvre pour tenter de les réduire ; le nombre de morts sur les routes demeure très important. Les réseaux sans fil de véhicules, appelés VANET, qui consistent de plusieurs véhicules mobiles sans infrastructure préexistante pour communiquer, font actuellement l’objet d'une attention accrue de la part des constructeurs et des chercheurs, afin d’améliorer la sécurité sur les routes ou encore les aides proposées aux conducteurs. Par exemple, ils peuvent avertir d’autres automobilistes que les routes sont glissantes ou qu’un accident vient de se produire. Dans VANET, les protocoles de diffusion (broadcast) jouent un rôle très important par rapport aux messages unicast, car ils sont conçus pour transmettre des messages de sécurité importants à tous les nœuds. Ces protocoles de diffusion ne sont pas fiables et ils souffrent de plusieurs problèmes, à savoir : (1) Tempête de diffusion (broadcast storm) ; (2) Nœud caché (hidden node) ; (3) Échec de la transmission. Ces problèmes doivent être résolus afin de fournir une diffusion fiable et rapide. L’objectif de notre recherche est de résoudre certains de ces problèmes, tout en assurant le meilleur compromis entre fiabilité, délai garanti, et débit garanti (Qualité de Service : QdS). Le travail de recherche de ce mémoire a porté sur le développement d’une nouvelle technique qui peut être utilisée pour gérer le droit d’accès aux médias (protocole de gestion des émissions), la gestion de grappe (cluster) et la communication. Ce protocole intègre l'approche de gestion centralisée des grappes stables et la transmission des données. Dans cette technique, le temps est divisé en cycles, chaque cycle est partagé entre les canaux de service et de contrôle, et divisé en deux parties. La première partie s’appuie sur TDMA (Time Division Multiple Access). La deuxième partie s’appuie sur CSMA/CA (Carrier Sense Multiple Access / Collision Avoidance) pour gérer l’accès au medium. En outre, notre protocole ajuste d’une manière adaptative le temps consommé dans la diffusion des messages de sécurité, ce qui permettra une amélioration de la capacité des canaux. Il est implanté dans la couche MAC (Medium Access Control), centralisé dans les têtes de grappes (CH, cluster-head) qui s’adaptent continuellement à la dynamique des véhicules. Ainsi, l’utilisation de ce protocole centralisé nous assure une consommation efficace d’intervalles de temps pour le nombre exact de véhicules actifs, y compris les nœuds/véhicules cachés; notre protocole assure également un délai limité pour les applications de sécurité, afin d’accéder au canal de communication, et il permet aussi de réduire le surplus (overhead) à l’aide d’une propagation dirigée de diffusion.
TactoColor : conception et évaluation d’une interface d’exploration spatiale du web pour malvoyants.
Resumo:
Nous nous intéressons, dans le cadre de cette recherche, à l’accès à l’internet des personnes malvoyantes. Plusieurs types d’outils destinés à ce public sont disponibles sur le marché, comme les lecteurs et les agrandisseurs d’écran, en fonction de l’acuité visuelle de la personne. Bien que ces outils soient utiles et régulièrement utilisés, les malvoyants (ainsi que les aveugles) évoquent souvent leur aspect frustrant. Plusieurs raisons sont citées, comme le manque d’organisation spatiale du contenu lu avec les lecteurs d’écran ou le fait de ne solliciter qu’un seul sens. La présente recherche consiste à adapter pour les malvoyants un système en développement le TactoWeb (Petit, 2013) qui permet une exploration audio-tactile du Web. TactoWeb a été conçu pour les handicapés ayant une cécité complète et n’offre donc aucune propriété visuelle. Nous proposons ici une adaptation du système pour les handicapés n’ayant qu’une déficience visuelle partielle. Nous espérons fournir à cette population des outils performants qui leur permettront de naviguer sur l’internet de façon efficace et agréable. En effet, grâce à une exploration non-linéaire (qui devrait améliorer l’orientation spatiale) et une interface multimodale (qui sollicite la vue, l’ouïe et le toucher), nous pensons réduire fortement le sentiment de frustration qu’évoquent les malvoyants. Nous avons posé l’hypothèse qu’une exploration non-linéaire et trimodale d’un site internet avec TactoColor est plus satisfaisante et efficace qu’une exploration non-linéaire bimodale avec TactoWeb (sans retour visuel). TactoColor a été adapté pour les malvoyants en ajoutant des indices visuels traduisant les composantes de la page (liens, menus, boutons) qui devraient rendre l’exploration plus aisée. Pour vérifier notre hypothèse, les deux versions du logiciel ont été évaluées par des malvoyants. Ainsi, les participants ont commencé soit avec TactoWeb, soit avec TactoColor afin de ne pas favoriser une des versions. La qualité de la navigation, son efficacité et son efficience ont été analysées en se basant sur le temps nécessaire à l’accomplissement d’une tâche, ainsi que la facilité ou la difficulté évoquée par le participant. Aussi, à la fin de chaque session, nous avons demandé leur avis aux participants, grâce à un questionnaire d’évaluation, ce qui nous a permis d’avoir leur retour sur notre logiciel après leur brève expérience. Tous ces relevés nous ont permis de déterminer que l’ajout des couleurs entraine une exploration plus rapide des pages web et une meilleure orientation spatiale. Par contre les performances très différentes des participants ne permettent pas de dire si la présence des couleurs facilite la complétion des tâches.