960 resultados para high security
Resumo:
Wireless Intrusion Detection Systems (WIDS) monitor 802.11 wireless frames (Layer-2) in an attempt to detect misuse. What distinguishes a WIDS from a traditional Network IDS is the ability to utilize the broadcast nature of the medium to reconstruct the physical location of the offending party, as opposed to its possibly spoofed (MAC addresses) identity in cyber space. Traditional Wireless Network Security Systems are still heavily anchored in the digital plane of "cyber space" and hence cannot be used reliably or effectively to derive the physical identity of an intruder in order to prevent further malicious wireless broadcasts, for example by escorting an intruder off the premises based on physical evidence. In this paper, we argue that Embedded Sensor Networks could be used effectively to bridge the gap between digital and physical security planes, and thus could be leveraged to provide reciprocal benefit to surveillance and security tasks on both planes. Toward that end, we present our recent experience integrating wireless networking security services into the SNBENCH (Sensor Network workBench). The SNBENCH provides an extensible framework that enables the rapid development and automated deployment of Sensor Network applications on a shared, embedded sensing and actuation infrastructure. The SNBENCH's extensible architecture allows an engineer to quickly integrate new sensing and response capabilities into the SNBENCH framework, while high-level languages and compilers allow novice SN programmers to compose SN service logic, unaware of the lower-level implementation details of tools on which their services rely. In this paper we convey the simplicity of the service composition through concrete examples that illustrate the power and potential of Wireless Security Services that span both the physical and digital plane.
Resumo:
In this work we introduce a new mathematical tool for optimization of routes, topology design, and energy efficiency in wireless sensor networks. We introduce a vector field formulation that models communication in the network, and routing is performed in the direction of this vector field at every location of the network. The magnitude of the vector field at every location represents the density of amount of data that is being transited through that location. We define the total communication cost in the network as the integral of a quadratic form of the vector field over the network area. With the above formulation, we introduce a mathematical machinery based on partial differential equations very similar to the Maxwell's equations in electrostatic theory. We show that in order to minimize the cost, the routes should be found based on the solution of these partial differential equations. In our formulation, the sensors are sources of information, and they are similar to the positive charges in electrostatics, the destinations are sinks of information and they are similar to negative charges, and the network is similar to a non-homogeneous dielectric media with variable dielectric constant (or permittivity coefficient). In one of the applications of our mathematical model based on the vector fields, we offer a scheme for energy efficient routing. Our routing scheme is based on changing the permittivity coefficient to a higher value in the places of the network where nodes have high residual energy, and setting it to a low value in the places of the network where the nodes do not have much energy left. Our simulations show that our method gives a significant increase in the network life compared to the shortest path and weighted shortest path schemes. Our initial focus is on the case where there is only one destination in the network, and later we extend our approach to the case where there are multiple destinations in the network. In the case of having multiple destinations, we need to partition the network into several areas known as regions of attraction of the destinations. Each destination is responsible for collecting all messages being generated in its region of attraction. The complexity of the optimization problem in this case is how to define regions of attraction for the destinations and how much communication load to assign to each destination to optimize the performance of the network. We use our vector field model to solve the optimization problem for this case. We define a vector field, which is conservative, and hence it can be written as the gradient of a scalar field (also known as a potential field). Then we show that in the optimal assignment of the communication load of the network to the destinations, the value of that potential field should be equal at the locations of all the destinations. Another application of our vector field model is to find the optimal locations of the destinations in the network. We show that the vector field gives the gradient of the cost function with respect to the locations of the destinations. Based on this fact, we suggest an algorithm to be applied during the design phase of a network to relocate the destinations for reducing the communication cost function. The performance of our proposed schemes is confirmed by several examples and simulation experiments. In another part of this work we focus on the notions of responsiveness and conformance of TCP traffic in communication networks. We introduce the notion of responsiveness for TCP aggregates and define it as the degree to which a TCP aggregate reduces its sending rate to the network as a response to packet drops. We define metrics that describe the responsiveness of TCP aggregates, and suggest two methods for determining the values of these quantities. The first method is based on a test in which we drop a few packets from the aggregate intentionally and measure the resulting rate decrease of that aggregate. This kind of test is not robust to multiple simultaneous tests performed at different routers. We make the test robust to multiple simultaneous tests by using ideas from the CDMA approach to multiple access channels in communication theory. Based on this approach, we introduce tests of responsiveness for aggregates, and call it CDMA based Aggregate Perturbation Method (CAPM). We use CAPM to perform congestion control. A distinguishing feature of our congestion control scheme is that it maintains a degree of fairness among different aggregates. In the next step we modify CAPM to offer methods for estimating the proportion of an aggregate of TCP traffic that does not conform to protocol specifications, and hence may belong to a DDoS attack. Our methods work by intentionally perturbing the aggregate by dropping a very small number of packets from it and observing the response of the aggregate. We offer two methods for conformance testing. In the first method, we apply the perturbation tests to SYN packets being sent at the start of the TCP 3-way handshake, and we use the fact that the rate of ACK packets being exchanged in the handshake should follow the rate of perturbations. In the second method, we apply the perturbation tests to the TCP data packets and use the fact that the rate of retransmitted data packets should follow the rate of perturbations. In both methods, we use signature based perturbations, which means packet drops are performed with a rate given by a function of time. We use analogy of our problem with multiple access communication to find signatures. Specifically, we assign orthogonal CDMA based signatures to different routers in a distributed implementation of our methods. As a result of orthogonality, the performance does not degrade because of cross interference made by simultaneously testing routers. We have shown efficacy of our methods through mathematical analysis and extensive simulation experiments.
Resumo:
This paper contests traditional analyses of high policing, suggesting that it needs to be decoupled (in theoretical terms) from its umbilical linkage to public actors and the preservation and augmentation of state authority. Arguing that conventional conceptualizations of high policing fail to acknowledge the role of private actors, we adopt the term `private high policing' to more accurately reflect the complexity of this paradigm. In particular, we note a long legacy of protecting dominant interests within corporate power structures, as well as increased involvement in outsourced security services for Western states. This has reached its zenith in the recent conflict/reconstruction efforts in Iraq. Eschewing conventional notions of the `proxy' debate, we propose a more complex relationship of obfuscation whereby both public and private high policing actors cross-permeate and coalesce in the pursuit of symbiotic state and corporate objectives.
Resumo:
Abstract In theory, improvements in healthy life expectancy should generate increases in the average age of retirement, with little effect on savings rates. In many countries, however, retirement incentives in social security programs prevent retirement ages from keeping pace with changes in life expectancy, leading to an increased need for life-cycle savings. Analyzing a cross-country panel of macroeconomic data, we find that increased longevity raises aggregate savings rates in countries with universal pension coverage and retirement incentives, though the effect disappears in countries with pay-as-you-go systems and high replacement rates.
Resumo:
This paper summarizes numerous research activities in high-performance networks and network security processing, and explores technology related performance constraints such as critical performance limitations of circuit architectures, which are set by the semiconductor technologies.
Resumo:
This paper investigates the application of complex wavelet transforms to the field of digital data hiding. Complex wavelets offer improved directional selectivity and shift invariance over their discretely sampled counterparts allowing for better adaptation of watermark distortions to the host media. Two methods of deriving visual models for the watermarking system are adapted to the complex wavelet transforms and their performances are compared. To produce improved capacity a spread transform embedding algorithm is devised, this combines the robustness of spread spectrum methods with the high capacity of quantization based methods. Using established information theoretic methods, limits of watermark capacity are derived that demonstrate the superiority of complex wavelets over discretely sampled wavelets. Finally results for the algorithm against commonly used attacks demonstrate its robustness and the improved performance offered by complex wavelet transforms.
Resumo:
China is gradually taking its place as a major regulator, exercising concurrent jurisdiction of the national security review along with the US and EU over high-profile cross-border mergers and acquisitions. The National Security Review (NSR) regulatory regime of foreign acquisitions has attracted significant attention recently with the establishment of China's counterpart to the Committee on Foreign Investment in the United States (CFIUS). Due to the intensified activities of sovereign wealth funds (SWFs) that are closely linked with states, CFIUS's broad discretion to deal with China's SWF-based investment may have a far-reaching impact on China's implementation of the newly enacted NSR regime. It is essential to design a mechanism that allows SWFs to maximise their positive attributes while safeguarding the apolitical integrity of the marketplace. Any disproportionate use of the NSR regime would inevitably bring about more unintended consequences, such as tit-for-tat protectionism. This represents an imminent threat to the tenuous recovery from the recent economic crisis, largely because of the increasingly intertwined and interdependent nature of the global financial markets. It is of utmost significance to evaluate the extent to which the updated legislation strikes a reasonable balance between preserving genuine national security interests and maintaining an open environment for investment.
Resumo:
A fully homomorphic encryption (FHE) scheme is envisioned as a key cryptographic tool in building a secure and reliable cloud computing environment, as it allows arbitrary evaluation of a ciphertext without revealing the plaintext. However, existing FHE implementations remain impractical due to very high time and resource costs. To the authors’ knowledge, this paper presents the first hardware implementation of a full encryption primitive for FHE over the integers using FPGA technology. A large-integer multiplier architecture utilising Integer-FFT multiplication is proposed, and a large-integer Barrett modular reduction module is designed incorporating the proposed multiplier. The encryption primitive used in the integer-based FHE scheme is designed employing the proposed multiplier and modular reduction modules. The designs are verified using the Xilinx Virtex-7 FPGA platform. Experimental results show that a speed improvement factor of up to 44 is achievable for the hardware implementation of the FHE encryption scheme when compared to its corresponding software implementation. Moreover, performance analysis shows further speed improvements of the integer-based FHE encryption primitives may still be possible, for example through further optimisations or by targeting an ASIC platform.
Resumo:
Cognitive radio has emerged as an essential recipe for future high-capacity high-coverage multi-tier hierarchical networks. Securing data transmission in these networks is of utmost importance. In this paper, we consider the cognitive wiretap channel and propose multiple antennas to secure the transmission at the physical layer, where the eavesdropper overhears the transmission from the secondary transmitter to the secondary receiver. The secondary receiver and the eavesdropper are equipped with multiple antennas, and passive eavesdropping is considered where the channel state information of the eavesdropper’s channel is not available at the secondary transmitter. We present new closedform expressions for the exact and asymptotic secrecy outage probability. Our results reveal the impact of the primary network on the secondary network in the presence of a multi-antenna wiretap channel.
Resumo:
Gas fired generation currently plays an integral support role ensuring security of supply in power systems with high wind power penetrations due to its technical and economic attributes. However, the increase in variable wind power has affected the gas generation output profile and is pushing the boundaries of the design and operating envelope of gas infrastructure. This paper investigates the mutual dependence and interaction between electricity generation and gas systems through the first comprehensive joined-up, multi-vector energy system analysis for Ireland. Key findings reveal the high vulnerability of the Irish power system to outages on the Irish gas system. It has been shown that the economic operation of the power system can be severely impacted by gas infrastructure outages, resulting in an average system marginal price of up to €167/MWh from €67/MWh in the base case. It has also been shown that gas infrastructure outages pose problems for the location of power system reserve provision, with a 150% increase in provision across a power system transmission bottleneck. Wind forecast error was shown to be a significant cause for concern, resulting in large swings in gas demand requiring key gas infrastructure to operate at close to 100% capacity. These findings are thought to increase in prominence as the installation of wind capacity increases towards 2020, placing further stress on both power and gas systems to maintain security of supply.
Resumo:
Flow processing is a fundamental element of stateful traffic classification and it has been recognized as an essential factor for delivering today’s application-aware network operations and security services. The basic function within a flow processing engine is to search and maintain a flow table, create new flow entries if no entry matches and associate each entry with flow states and actions for future queries. Network state information on a per-flow basis must be managed in an efficient way to enable Ethernet frame transmissions at 40 Gbit/s (Gbps) and 100 Gbps in the near future. This paper presents a hardware solution of flow state management for implementing large-scale flow tables on popular computer memories using DDR3 SDRAMs. Working with a dedicated flow lookup table at over 90 million lookups per second, the proposed system is able to manage 512-bit state information at run time.
Resumo:
With over 50 billion downloads and more than 1.3 million apps in Google’s official market, Android has continued to gain popularity amongst smartphone users worldwide. At the same time there has been a rise in malware targeting the platform, with more recent strains employing highly sophisticated detection avoidance techniques. As traditional signature based methods become less potent in detecting unknown malware, alternatives are needed for timely zero-day discovery. Thus this paper proposes an approach that utilizes ensemble learning for Android malware detection. It combines advantages of static analysis with the efficiency and performance of ensemble machine learning to improve Android malware detection accuracy. The machine learning models are built using a large repository of malware samples and benign apps from a leading antivirus vendor. Experimental results and analysis presented shows that the proposed method which uses a large feature space to leverage the power of ensemble learning is capable of 97.3 % to 99% detection accuracy with very low false positive rates.
Resumo:
Throughout the European Union there is an increasing amount of wind generation being dispatched-down due to the binding of power system operating constraints from high levels of wind generation. This paper examines the impact a system non-synchronous penetration limit has on the dispatch-down of wind and quantifies the significance of interconnector counter-trading to the priority dispatching of wind power. A fully coupled economic dispatch and security constrained unit commitment model of the Single Electricity Market of the Republic of Ireland and Northern Ireland and the British Electricity Trading and Transmission Arrangement was used in this study. The key finding was interconnector counter-trading reduces the impact the system non-synchronous penetration limit has on the dispatch-down of wind. The capability to counter-trade on the interconnectors and an increase in system non-synchronous penetration limit from 50% to 55% reduces the dispatch-down of wind by 311 GW h and decreases total electricity payments to the consumer by €1.72/MW h. In terms of the European Union electricity market integration, the results show the importance of developing individual electricity markets that allow system operators to counter-trade on interconnectors to ensure the priority dispatch of the increasing levels of wind generation.
Resumo:
Even before the Russian air force launched its first strikes over Syria, there was already a Russian presence on the battleground. These were not the spetsnaz, Kremlin’s special forces, but war correspondents from the leading Russian media outlets. This was as clear a sign as any that the Russia’s priority has shifted from Ukraine, where these reporters spent most of the past 18 months, to Syria.
There is, however, no unanimity on Russia’s latest escalation in Syria. As Russian state TV stations report successes of Russia’s high-precision weapons projecting an image of a high-tech Russian military equal to the US, doubts persist about the latest adventure in the Middle East.
Resumo:
A relay network in which a source wishes to convey a confidential message to a legitimate destination with the assistance of trusted relays is considered. In particular, cooperative beamforming and user selection techniques are applied to protect the confidential message. The secrecy rate (SR) and secrecy outage probability (SOP) of the network are investigated first, and a tight upper bound for the SR and an exact formula for the SOP are derived. Next, asymptotic approximations for the SR and SOP in the high signal-to-noise ratio (SNR) regime are derived for two different schemes: i) cooperative beamforming and ii) multiuser selection. Further, a new concept of cooperative diversity gain, namely, adapted cooperative diversity gain (ACDG), which can be used to evaluate security level of a cooperative relaying network, is investigated. It is shown that the ACDG of cooperative beamforming is equal to the conventional cooperative diversity gain of traditional multiple-input single-output networks, while the ACDG of the multiuser scenario is equal to that of traditional single-input multiple-output networks.
