810 resultados para malware attacks
Resumo:
Several papers have studied fault attacks on computing a pairing value e(P, Q), where P is a public point and Q is a secret point. In this paper, we observe that these attacks are in fact effective only on a small number of pairing-based protocols, and that too only when the protocols are implemented with specific symmetric pairings. We demonstrate the effectiveness of the fault attacks on a public-key encryption scheme, an identity-based encryption scheme, and an oblivious transfer protocol when implemented with a symmetric pairing derived from a supersingular elliptic curve with embedding degree 2.
Resumo:
Range and load play key roles in the problem of attacks on links in random scale-free (RSF) networks. In this paper we obtain the approximate relation between range and load in RSF networks by the generating function theory, and then give an estimation about the impact of attacks on the efficiency of the network. The results show that short-range attacks are more destructive for RSF networks, and are confirmed numerically.
Resumo:
In this paper, we studied range-based attacks on links in geographically constrained scale-free networks and found that there is a continuous switching of roles of short-and long-range attacks on links when tuning the geographical constraint strength. Our results demonstrate that the geography has a significant impact on the network efficiency and security; thus one can adjust the geographical structure to optimize the robustness and the efficiency of the networks. We introduce a measurement of the impact of links on the efficiency of the network, and an effective attacking strategy is suggested
Resumo:
In this paper, we expose an unorthodox adversarial attack that exploits the transients of a system's adaptive behavior, as opposed to its limited steady-state capacity. We show that a well orchestrated attack could introduce significant inefficiencies that could potentially deprive a network element from much of its capacity, or significantly reduce its service quality, while evading detection by consuming an unsuspicious, small fraction of that element's hijacked capacity. This type of attack stands in sharp contrast to traditional brute-force, sustained high-rate DoS attacks, as well as recently proposed attacks that exploit specific protocol settings such as TCP timeouts. We exemplify what we term as Reduction of Quality (RoQ) attacks by exposing the vulnerabilities of common adaptation mechanisms. We develop control-theoretic models and associated metrics to quantify these vulnerabilities. We present numerical and simulation results, which we validate with observations from real Internet experiments. Our findings motivate the need for the development of adaptation mechanisms that are resilient to these new forms of attacks.
Resumo:
Recent research have exposed new breeds of attacks that are capable of denying service or inflicting significant damage to TCP flows, without sustaining the attack traffic. Such attacks are often referred to as "low-rate" attacks and they stand in sharp contrast against traditional Denial of Service (DoS) attacks that can completely shut off TCP flows by flooding an Internet link. In this paper, we study the impact of these new breeds of attacks and the extent to which defense mechanisms are capable of mitigating the attack's impact. Through adopting a simple discrete-time model with a single TCP flow and a nonoblivious adversary, we were able to expose new variants of these low-rate attacks that could potentially have high attack potency per attack burst. Our analysis is focused towards worst-case scenarios, thus our results should be regarded as upper bounds on the impact of low-rate attacks rather than a real assessment under a specific attack scenario.
Resumo:
Traditionally, attacks on cryptographic algorithms looked for mathematical weaknesses in the underlying structure of a cipher. Side-channel attacks, however, look to extract secret key information based on the leakage from the device on which the cipher is implemented, be it smart-card, microprocessor, dedicated hardware or personal computer. Attacks based on the power consumption, electromagnetic emanations and execution time have all been practically demonstrated on a range of devices to reveal partial secret-key information from which the full key can be reconstructed. The focus of this thesis is power analysis, more specifically a class of attacks known as profiling attacks. These attacks assume a potential attacker has access to, or can control, an identical device to that which is under attack, which allows him to profile the power consumption of operations or data flow during encryption. This assumes a stronger adversary than traditional non-profiling attacks such as differential or correlation power analysis, however the ability to model a device allows templates to be used post-profiling to extract key information from many different target devices using the power consumption of very few encryptions. This allows an adversary to overcome protocols intended to prevent secret key recovery by restricting the number of available traces. In this thesis a detailed investigation of template attacks is conducted, along with how the selection of various attack parameters practically affect the efficiency of the secret key recovery, as well as examining the underlying assumption of profiling attacks in that the power consumption of one device can be used to extract secret keys from another. Trace only attacks, where the corresponding plaintext or ciphertext data is unavailable, are then investigated against both symmetric and asymmetric algorithms with the goal of key recovery from a single trace. This allows an adversary to bypass many of the currently proposed countermeasures, particularly in the asymmetric domain. An investigation into machine-learning methods for side-channel analysis as an alternative to template or stochastic methods is also conducted, with support vector machines, logistic regression and neural networks investigated from a side-channel viewpoint. Both binary and multi-class classification attack scenarios are examined in order to explore the relative strengths of each algorithm. Finally these machine-learning based alternatives are empirically compared with template attacks, with their respective merits examined with regards to attack efficiency.
Resumo:
The reactions to the 9/11 terror attacks were immense in the western population. In the current review, the impact of terror attacks is presented with surveys, clinical interviews, and scientific polls, which were identified in a comprehensive literature search. Results show that the fear of further terror attacks is comparatively overestimated in the population and is associated with numerous psychological consequences and reactions. The overestimation of the probability of further terror attacks is related among other reasons to its unique features and its strong representation in the media. Several independent studies proved that the number of stress symptoms and psychiatric diagnoses is associated with a high risk perception in relation to terror attacks. This was not only the case for victims of terror attacks, but also for people indirectly exposed to the terror attacks. In addition, there is evidence that the number of the stress symptoms correlate with the duration of TV consumption of new findings about terror attempts. Methodologically, there is a critical lack of more in-depth analyses to explain the development of risk perceptions and its influence on mental and physical health. Because of the international importance and cross-cultural differences, an international standardization of research is desirable. [In German] Die Reaktionen auf die Terrorattentate vom 9. September 2001 in New York waren in der westlichen Bevölkerung immens. In der vorliegenden Übersichtsarbeit werden die Auswirkungen von Terrorattentaten durch Einbeziehung bevölkerungsrepräsentativer Untersuchungen, Surveys, klinischer Interviews und Einstellungsbefragungen dargestellt, die über eine deskriptive Literaturrecherche ermittelt wurden. Als Ergebnis des Reviews zeigt sich, dass die Angst vor weiteren Terrorattentaten in der Bevölkerung vergleichsweise hoch und mit zahlreichen psychologischen Folgen und Reaktionen assoziiert ist. Die Einschätzung der Auftretenswahrscheinlichkeit eines Terrorattentats hängt unter anderem mit den besonderen Charakteristika und der hohen medialen Präsenz des Themas zusammen. Die Anzahl der Stresssymptome bis hin zu psychiatrischen Diagnosen erwies sich in mehreren unabhängigen Untersuchungen mit einer hohen Risikowahrnehmung assoziiert. Dies ließ sich nicht nur bei den Opfern von Terrorattentaten, sondern auch bei indirekt Betroffenen zeigen. Darüber hinaus gibt es mehrfache Belege dafür, dass die Anzahl der Stresssymptome mit der Dauer des TV-Konsums über Neuigkeiten zu Terrorattentaten zusammenhing. Als methodische Kritik ist an den gegenwärtigen Untersuchungsszenarien einzuwenden, dass es derzeit keine tiefer gehenden Analysen zur Entwicklung der Risikowahrnehmung und zu ihrem Einfluss auf die Gesundheit gibt. Aufgrund der internationalen Bedeutung des Themas und der interkulturellen Unterschiede im Umgang mit Krisensituationen ist eine internationale Standardisierung von Untersuchungszugängen wünschenswert.