998 resultados para attack models
Resumo:
Software protection is an essential aspect of information security to withstand malicious activities on software, and preserving software assets. However, software developers still lacks a methodology for the assessment of the deployed protections. To solve these issues, we present a novel attack simulation based software protection assessment method to assess and compare various protection solutions. Our solution relies on Petri Nets to specify and visualize attack models, and we developed a Monte Carlo based approach to simulate attacking processes and to deal with uncertainty. Then, based on this simulation and estimation, a novel protection comparison model is proposed to compare different protection solutions. Lastly, our attack simulation based software protection assessment method is presented. We illustrate our method by means of a software protection assessment process to demonstrate that our approach can provide a suitable software protection assessment for developers and software companies.
Resumo:
In a digital world, users’ Personally Identifiable Information (PII) is normally managed with a system called an Identity Management System (IMS). There are many types of IMSs. There are situations when two or more IMSs need to communicate with each other (such as when a service provider needs to obtain some identity information about a user from a trusted identity provider). There could be interoperability issues when communicating parties use different types of IMS. To facilitate interoperability between different IMSs, an Identity Meta System (IMetS) is normally used. An IMetS can, at least theoretically, join various types of IMSs to make them interoperable and give users the illusion that they are interacting with just one IMS. However, due to the complexity of an IMS, attempting to join various types of IMSs is a technically challenging task, let alone assessing how well an IMetS manages to integrate these IMSs. The first contribution of this thesis is the development of a generic IMS model called the Layered Identity Infrastructure Model (LIIM). Using this model, we develop a set of properties that an ideal IMetS should provide. This idealized form is then used as a benchmark to evaluate existing IMetSs. Different types of IMS provide varying levels of privacy protection support. Unfortunately, as observed by Jøsang et al (2007), there is insufficient privacy protection in many of the existing IMSs. In this thesis, we study and extend a type of privacy enhancing technology known as an Anonymous Credential System (ACS). In particular, we extend the ACS which is built on the cryptographic primitives proposed by Camenisch, Lysyanskaya, and Shoup. We call this system the Camenisch, Lysyanskaya, Shoup - Anonymous Credential System (CLS-ACS). The goal of CLS-ACS is to let users be as anonymous as possible. Unfortunately, CLS-ACS has problems, including (1) the concentration of power to a single entity - known as the Anonymity Revocation Manager (ARM) - who, if malicious, can trivially reveal a user’s PII (resulting in an illegal revocation of the user’s anonymity), and (2) poor performance due to the resource-intensive cryptographic operations required. The second and third contributions of this thesis are the proposal of two protocols that reduce the trust dependencies on the ARM during users’ anonymity revocation. Both protocols distribute trust from the ARM to a set of n referees (n > 1), resulting in a significant reduction of the probability of an anonymity revocation being performed illegally. The first protocol, called the User Centric Anonymity Revocation Protocol (UCARP), allows a user’s anonymity to be revoked in a user-centric manner (that is, the user is aware that his/her anonymity is about to be revoked). The second protocol, called the Anonymity Revocation Protocol with Re-encryption (ARPR), allows a user’s anonymity to be revoked by a service provider in an accountable manner (that is, there is a clear mechanism to determine which entity who can eventually learn - and possibly misuse - the identity of the user). The fourth contribution of this thesis is the proposal of a protocol called the Private Information Escrow bound to Multiple Conditions Protocol (PIEMCP). This protocol is designed to address the performance issue of CLS-ACS by applying the CLS-ACS in a federated single sign-on (FSSO) environment. Our analysis shows that PIEMCP can both reduce the amount of expensive modular exponentiation operations required and lower the risk of illegal revocation of users’ anonymity. Finally, the protocols proposed in this thesis are complex and need to be formally evaluated to ensure that their required security properties are satisfied. In this thesis, we use Coloured Petri nets (CPNs) and its corresponding state space analysis techniques. All of the protocols proposed in this thesis have been formally modeled and verified using these formal techniques. Therefore, the fifth contribution of this thesis is a demonstration of the applicability of CPN and its corresponding analysis techniques in modeling and verifying privacy enhancing protocols. To our knowledge, this is the first time that CPN has been comprehensively applied to model and verify privacy enhancing protocols. From our experience, we also propose several CPN modeling approaches, including complex cryptographic primitives (such as zero-knowledge proof protocol) modeling, attack parameterization, and others. The proposed approaches can be applied to other security protocols, not just privacy enhancing protocols.
Resumo:
In this paper, we present three counterfeiting attacks on the block-wise dependent fragile watermarking schemes. We consider vulnerabilities such as the exploitation of a weak correlation among block-wise dependent watermarks to modify valid watermarked %(medical or other digital) images, where they could still be verified as authentic, though they are actually not. Experimental results successfully demonstrate the practicability and consequences of the proposed attacks for some relevant schemes. The development of the proposed attack models can be used as a means to systematically examine the security levels of similar watermarking schemes.
Resumo:
Dealing with digital medical images is raising many new security problems with legal and ethical complexities for local archiving and distant medical services. These include image retention and fraud, distrust and invasion of privacy. This project was a significant step forward in developing a complete framework for systematically designing, analyzing, and applying digital watermarking, with a particular focus on medical image security. A formal generic watermarking model, three new attack models, and an efficient watermarking technique for medical images were developed. These outcomes contribute to standardizing future research in formal modeling and complete security and computational analysis of watermarking schemes.
Resumo:
In the last decade RFID technology has become a major contender for managing large scale logistics operations and generating and distributing the massive amount of data involved in such operations. One of the main obstacles to the widespread deployment and adoption of RFID systems is the security issues inherent in them. This is compounded by a noticeable lack of literature on how to identify the vulnerabilities of a RFID system and then effectively identify and develop counter measures to combat the threats posed by those vulnerabilities. In this chapter, the authors develop a conceptual framework for analysing the threats, attacks, and security requirements pertaining to networked RFID systems. The vulnerabilities of, and the threats to, the system are identified using the threat model. The security framework itself consists of two main concepts: (1) the attack model, which identifies and classifies the possible attacks, and (2) the system model, which identifies the security requirements. The framework gives readers a method with which to analyse the threats any given system faces. Those threats can then be used to identify the attacks possible on that system and get a better understanding of those attacks. It also allows the reader to easily identify all the security requirements of that system and identify how those requirements can be met.
Resumo:
The premise of automated alert correlation is to accept that false alerts from a low level intrusion detection system are inevitable and use attack models to explain the output in an understandable way. Several algorithms exist for this purpose which use attack graphs to model the ways in which attacks can be combined. These algorithms can be classified in to two broad categories namely scenario-graph approaches, which create an attack model starting from a vulnerability assessment and type-graph approaches which rely on an abstract model of the relations between attack types. Some research in to improving the efficiency of type-graph correlation has been carried out but this research has ignored the hypothesizing of missing alerts. Our work is to present a novel type-graph algorithm which unifies correlation and hypothesizing in to a single operation. Our experimental results indicate that the approach is extremely efficient in the face of intensive alerts and produces compact output graphs comparable to other techniques.
Resumo:
Social networking sites (SNSs), with their large numbers of users and large information base, seem to be perfect breeding grounds for exploiting the vulnerabilities of people, the weakest link in security. Deceiving, persuading, or influencing people to provide information or to perform an action that will benefit the attacker is known as “social engineering.” While technology-based security has been addressed by research and may be well understood, social engineering is more challenging to understand and manage, especially in new environments such as SNSs, owing to some factors of SNSs that reduce the ability of users to detect the attack and increase the ability of attackers to launch it. This work will contribute to the knowledge of social engineering by presenting the first two conceptual models of social engineering attacks in SNSs. Phase-based and source-based models are presented, along with an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.
Resumo:
A predictive model of terrorist activity is developed by examining the daily number of terrorist attacks in Indonesia from 1994 through 2007. The dynamic model employs a shot noise process to explain the self-exciting nature of the terrorist activities. This estimates the probability of future attacks as a function of the times since the past attacks. In addition, the excess of nonattack days coupled with the presence of multiple coordinated attacks on the same day compelled the use of hurdle models to jointly model the probability of an attack day and corresponding number of attacks. A power law distribution with a shot noise driven parameter best modeled the number of attacks on an attack day. Interpretation of the model parameters is discussed and predictive performance of the models is evaluated.
Resumo:
Plaque rupture has been considered to be the result of its structural failure. The aim of this study is to suggest a possible link between higher stresses and rupture sites observed from in vivo magnetic resonance imaging (MRI) of transient ischemic attack (TIA) patients, by using stress analysis methods. Three patients, who had recently suffered a TIA, underwent in vivo multi-spectral MR imaging. Based on plaque geometries reconstructed from the post-rupture status, six pre-rupture plaque models were generated for each patient dataset with different reconstructions of rupture sites to bridge the gap of fibrous cap from original MRI images. Stress analysis by fluid structure interaction simulation was performed on the models, followed by analysis of local stress concentration distribution and plaque rupture sites. Furthermore, the sensitivity of stress analysis to the pre-rupture plaque geometry reconstruction was examined. Local stress concentrations were found to be located at the plaque rupture sites for the three subjects studied. In the total of 18 models created, the locations of the stress concentration regions were similar in 17 models in which rupture sites were always associated with high stresses. The local stress concentration region moved from circumferential center to the shoulder region (slightly away from the rupture site) for a case with a thick fibrous cap. Plaque wall stress level in the rupture locations was found to be much higher than the value in non-rupture locations. The good correlation between local stress concentrations and plaque rupture sites, and generally higher plaque wall stress level in rupture locations in the subjects studied could provide indirect evidence for the extreme stress-induced plaque rupture hypothesis. Local stress concentration in the plaque region could be one of the factors contributing to plaque rupture.
Resumo:
Our research was conducted to improve the timeliness, coordination, and communication during the detection, investigation and decision-making phases of the response to an aerosolized anthrax attack in the metropolitan Washington, DC, area with the goal of reducing casualties. Our research gathered information of the current response protocols through an extensive literature review and interviews with relevant officials and experts in order to identify potential problems that may exist in various steps of the detection, investigation, and response. Interviewing officials from private and government sector agencies allowed the development of a set of models of interactions and a communication network to identify discrepancies and redundancies that would elongate the delay time in initiating a public health response. In addition, we created a computer simulation designed to model an aerosol spread using weather patterns and population density to identify an estimated population of infected individuals within a target region depending on the virulence and dimensions of the weaponized spores. We developed conceptual models in order to design recommendations that would be presented to our collaborating contacts and agencies that would use such policy and analysis interventions to improve upon the overall response to an aerosolized anthrax attack, primarily through changes to emergency protocol functions and suggestions of technological detection and monitoring response to an aerosolized anthrax attack.
Resumo:
This paper describes the use of the Euler equations for the generation and testing of tabular aerodynamic models for flight dynamics analysis. Maneuvers for the AGARD Standard Dynamics Model sharp leading-edge wind-tunnel geometry are considered as a test case. Wind-tunnel data is first used to validate the prediction of static and dynamic coefficients at both low and high angles, featuring complex vortical flow, with good agreement obtained at low to moderate angles of attack. Then the generation of aerodynamic tables is described based on a data fusion approach. Time-optimal maneuvers are generated based on these tables, including level flight trim, pull-ups at constant and varying incidence, and level and 90 degrees turns. The maneuver definition includes the aircraft states and also the control deflections to achieve the motion. The main point of the paper is then to assess the validity of the aerodynamic tables which were used to define the maneuvers. This is done by replaying them, including the control surface motions, through the time accurate computational fluid dynamics code. The resulting forces and moments are compared with the tabular values to assess the presence of inadequately modeled dynamic or unsteady effects. The agreement between the tables and the replay is demonstrated for slow maneuvers. Increasing rate maneuvers show discrepancies which are ascribed to vortical flow hysteresis at the higher rate motions. The framework is suitable for application to more complex viscous flow models, and is powerful for the assessment of the validity of aerodynamics models of the type currently used for studies of flight dynamics.
Resumo:
In the last decade, many side channel attacks have been published in academic literature detailing how to efficiently extract secret keys by mounting various attacks, such as differential or correlation power analysis, on cryptosystems. Among the most efficient and widely utilized leakage models involved in these attacks are the Hamming weight and distance models which give a simple, yet effective, approximation of the power consumption for many real-world systems. These leakage models reflect the number of bits switching, which is assumed proportional to the power consumption. However, the actual power consumption changing in the circuits is unlikely to be directly of that form. We, therefore, propose a non-linear leakage model by mapping the existing leakage model via a transform function, by which the changing power consumption is depicted more precisely, hence the attack efficiency can be improved considerably. This has the advantage of utilising a non-linear power model while retaining the simplicity of the Hamming weight or distance models. A modified attack architecture is then suggested to yield the correct key efficiently in practice. Finally, an empirical comparison of the attack results is presented.
Resumo:
In this paper we identify requirements for choosing a threat modelling formalisation for modelling sophisticated malware such as Duqu 2.0. We discuss the gaps in current formalisations and propose the use of Attack Trees with Sequential Conjunction when it comes to analysing complex attacks. The paper models Duqu 2.0 based on the latest information sourced from formal and informal sources. This paper provides a well structured model which can be used for future analysis of Duqu 2.0 and related attacks.
Resumo:
The salt attack of Fired Clay Bricks (FCBs) causes surface damage that is aesthetically displeasing and eventually leads to structural damage. Methods for determining the resistances of FCBs to salt weathering have mainly tried to simulate the process by using accelerating aging tests. Most research in this area has concentrated on the types of salt that can cause damage and the damage that occurs during accelerated aging tests. This approach has lead to the use of accelerated aging tests as standard methods for determining resistance. Recently, it has been acknowledged that are not the most reliable way to determine salt attack resistance for all FCBs in all environments. Few researchers have examined FCBs with the aim of determining which material and mechanical properties make a FCB resistant to salt attack. The aim of this study was to identify the properties that were significant to the resistance of FCBs to salt attack. In doing so, this study aids in the development of a better test method to assess the resistance of FCBs to salt attack. The current Australian Standard accelerated aging test was used to measure the resistance of eight FCBs to salt attack using sodium sulfate and sodium chloride. The results of these tests were compared to the water absorption properties and the total porosity of FCBs. An empirical relationship was developed between the twenty-four-hour water absorption value and the number of cycles to failure from sodium sulfate tests. The volume of sodium chloride solution was found to be proportional to the total porosity of FCBs in this study. A phenomenological discussion of results led to a new mechanism being presented to explain the derivation of stress during salt crystallisation of anhydrous and hydratable salts. The mechanical properties of FCBs were measured using compression tests. FCBs were analysed as cellular materials to find that the elastic modules of FCBs was equivalent for extruded FCBs that had been fired a similar temperatures and time. Two samples were found to have significantly different elastic moduli of the solid microstructure. One of these samples was a pressed brick that was stiffer due to the extra bond that is obtained during sintering a closely packed structure. The other sample was an extruded brick that had more firing temperature and time compared with the other samples in this study. A non-destructive method was used to measure the indentation hardness and indentation stress-strain properties of FCBs. The indentation hardness of FCBs was found to be proportional to the uniaxial compression strength. In addition, the indentation hardness had a better linear correlation to the total porosity of FCBs except for those samples that had different elastic moduli of the solid microstructure. Fractography of exfoliated particles during salt cycle tests and compression tests showed there was a similar pattern of fracture during each failure. The results indicate there were inherent properties of a FCB that determines the size and shape of fractured particles during salt attack. The microstructural variables that determined the fracture properties of FCBs were shown to be important variables to include in future models that attempt to estimate the resistance of FCBs to salt attack.
Resumo:
In its current form, RFID system are susceptible to a range of malevolent attacks. With the rich business intelligence that RFID infrastructure could possibly carry, security is of paramount importance. In this paper, we formalise various threat models due tag cloning on the RFID system. We also present a simple but efficient and cost effect technique that strengthens the resistance of RFID tags to cloning attacks. Our techniques can even strengthen tags against cloning in environments with untrusted reading devices.
