SECURITY MEASUREMENT FOR LTE/SAE NETWORK DURING SINGLE RADIO VOICE CALL CONTINUITY (SRVCC).

Voice has significant place in mobile communication networks. Though data applications have extensively gained in importance over the years but voice is still a major source of revenue for mobile operators. It is obvious that voice will remain an important application even in the era of Long Term Evolution (LTE). Basically LTE is an all-IP data-only transport technology using packet switching. Therefore, it introduces challenges to satisfy quality of service expectations for circuit-switched mobile telephony and SMS for LTE capable smartphones, while being served on the LTE network. Since 2013, mobile operators have been busy deploying Voice Over LTE (VoLTE). They are relying on a VoLTE technology called Single Radio Voice Call Continuity (SRVCC) for seamless handover between packet-switch domain to circuit-switch domain or vice versa. The aim of thesis is to review and identify the security measurement during SRVCC and verify test data for ciphering and integrity algorithm.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

Adaptive and secured resource management in distributed and Internet systems

The effectiveness of computer system resource management has been always determined by two major factors: (1) workload demands and management objectives, (2) the updates of the computer technology. These two factors are dynamically changing, and resource management systems must be timely adaptive to the changes. This dissertation attempts to address several important and related resource management issues.;We first study memory system utilization in centralized servers by improving memory performance of sorting algorithms, which provides fundamental understanding on memory system organizations and its performance optimizations for data-intensive workloads. to reduce different types of cache misses, we restructure the mergesort and quicksort algorithms by integrating tiling, padding, and buffering techniques and by repartitioning the data set. Our study shows substantial performance improvements from our new methods.;We have further extended the work to improve load sharing for utilizing global memory resources in distributed systems. Aiming at reducing the memory resource contention caused by page faults and I/O activities, we have developed and examined load sharing policies by considering effective usage of global memory in addition to CPU load balancing in both homogeneous and heterogeneous clusters.;Extending our research from clusters to Internet systems, we have further investigated memory and storage utilizations in Web caching systems. We have proposed several novel management schemes to restructure and decentralize the existing caching system by exploiting data locality at different levels of the global memory hierarchy and by effectively sharing data objects among the clients and their proxy caches.;Data integrity and communication anonymity issues are raised from our decentralized Web caching system design, which are also security concerns for general peer-to-peer systems. We propose an integrity protocol to ensure data integrity, and several protocols to achieve mutual communication anonymity between an information requester and a provider.;The potential impact and contributions of this dissertation are briefly stated as follows: (1) two major research topics identified in this dissertation are fundamentally important for the growth and development of information technology, and will continue to be demanding topics for a long term. (2) Our proposed cache-effective sorting methods bridge a serious gap between analytical complexity of algorithms and their execution complexity in practice due to the increasingly deep memory hierarchy in computer systems. This approach can also be used to improve memory performance at different levels of the memory hierarchy, such as I/O and file systems. (3) Our load sharing principle of giving a high priority to the requests of data accesses in memory and I/Os timely adapts the technology changes and effectively responds to the increasing demand of data-intensive applications. (4) Our proposed decentralized Web caching framework and its resource management schemes present a comprehensive case study to examine the P2P model. Our results and experiences can be used for related and further studies in distributed computing. (5) The proposed data integrity and communication anonymity protocols address limits and weaknesses of existing ones, and place a solid foundation for us to continue our work in this important area

SECURITY MEASUREMENT FOR LTE/SAE NETWORK DURING SINGLE RADIO VOICE CALL CONTINUITY (SRVCC).

Voice has significant place in mobile communication networks. Though data applications have extensively gained in importance over the years but voice is still a major source of revenue for mobile operators. It is obvious that voice will remain an important application even in the era of Long Term Evolution (LTE). Basically LTE is an all-IP data-only transport technology using packet switching. Therefore, it introduces challenges to satisfy quality of service expectations for circuit-switched mobile telephony and SMS for LTE capable smartphones, while being served on the LTE network. Since 2013, mobile operators have been busy deploying Voice Over LTE (VoLTE). They are relying on a VoLTE technology called Single Radio Voice Call Continuity (SRVCC) for seamless handover between packet-switch domain to circuit-switch domain or vice versa. The aim of thesis is to review and identify the security measurement during SRVCC and verify test data for ciphering and integrity algorithm.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

Academic Course Management System (ACMS)

This project provides solutions for the Course Management System currently being used by UTP thru its website to handle academic matters involving students, lecturers and academic staffs. The problem is the system is unsecured by without having proper authentication like validation control and login page that enables anybody to hack into the system and manipulate the contents. Next is unreliability of transactions' data processing and information displaying where the result is not displayed instantly to students and sometimes the result is incorrect and contains wrong information. The significances are the student won't be able to see the latest the transactions' result instantly and incorrect information display. Motivations on these problems are derived from the author when experiencing the common problems like other students. Furthermore, these problems occur every semester; creating displeasure feeling and reducethe trust of users towards the system. Main intentions of this project are to improve the performance of data processing speed, reduce system error in data input and output display, and eliminate traditional process of lab registration. It is also for simplifying and reducing the number of process transactions and to enhance usability and navigation structure by users towards web based applications design. The project implements re-engineering concept where the objective is to breakdown the modules, improve and enhance the necessary parts, restructure them back and come out withtotally better system. Visual Studio.NET software is usedto design the webapplication and function while the programming language used is called ASP.NET. The theories gathered from researches conducted are valuable to understood on how to evaluate the potential elements of web usability and to further understand users' requirements. This project covers basic ways of providing security using ASP.NET technology and the elements used to improve the users' pleasure and functionalities expected within education environment at higher education institution. As results, good web based application design are implemented, security method and procedure is developed and provided, data and information is processed faster and displayed accurately, the levels of transaction processes are reduced and also improvements towards system performance and functionalities in navigation and lowering the frequency of problem occurrence. For future work, the integration with mobile devices, SMS or email features in notification and combined together with E-Learning system are strongly recommended for potential improvements and hence more flexibility usage

OS-level Attacks and Defenses: from Software to Hardware-based Exploits

Run-time attacks have plagued computer systems for more than three decades, with control-flow hijacking attacks such as return-oriented programming representing the long-standing state-of-the-art in memory-corruption based exploits. These attacks exploit memory-corruption vulnerabilities in widely deployed software, e.g., through malicious inputs, to gain full control over the platform remotely at run time, and many defenses have been proposed and thoroughly studied in the past. Among those defenses, control-flow integrity emerged as a powerful and effective protection against code-reuse attacks in practice. As a result, we now start to see attackers shifting their focus towards novel techniques through a number of increasingly sophisticated attacks that combine software and hardware vulnerabilities to construct successful exploits. These emerging attacks have a high impact on computer security, since they completely bypass existing defenses that assume either hardware or software adversaries. For instance, they leverage physical effects to provoke hardware faults or force the system into transient micro-architectural states. This enables adversaries to exploit hardware vulnerabilities from software without requiring physical presence or software bugs. In this dissertation, we explore the real-world threat of hardware and software-based run-time attacks against operating systems. While memory-corruption-based exploits have been studied for more than three decades, we show that data-only attacks can completely bypass state-of-the-art defenses such as Control-Flow Integrity which are also deployed in practice. Additionally, hardware vulnerabilities such as Rowhammer, CLKScrew, and Meltdown enable sophisticated adversaries to exploit the system remotely at run time without requiring any memory-corruption vulnerabilities in the system’s software. We develop novel design strategies to defend the OS against hardware-based attacks such as Rowhammer and Meltdown to tackle the limitations of existing defenses. First, we present two novel data-only attacks that completely break current code-reuse defenses deployed in real-world software and propose a randomization-based defense against such data-only attacks in the kernel. Second, we introduce a compiler-based framework to automatically uncover memory-corruption vulnerabilities in real-world kernel code. Third, we demonstrate the threat of Rowhammer-based attacks in security-sensitive applications and how to enable a partitioning policy in the system’s physical memory allocator to effectively and efficiently defend against such attacks. We demonstrate feasibility and real-world performance through our prototype for the popular and widely used Linux kernel. Finally, we develop a side-channel defense to eliminate Meltdown-style cache attacks by strictly isolating the address space of kernel and user memory

Platform Embedded Security Technology Revealed

Computer scienc

The paradigm of partial erasures

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2008.Includes bibliographical references (p. 137-145).This thesis is a study of erasures in cryptographic protocols. Erasing old data and keys is an important capability of honest parties in cryptographic protocols. It is useful in many settings, including proactive security in the presence of a mobile adversary, adaptive security in the presence of an adaptive adversary, forward security, and intrusion resilience. Some of these settings, such as achieving proactive security, is provably impossible without some form of erasures. Other settings, such as designing protocols that are secure against adaptive adversaries, are much simpler to achieve when erasures are allowed. Protocols for all these contexts typically assume the ability to perfectly erase information. Unfortunately, as amply demonstrated in the systems literature, perfect erasures are hard to implement in practice. We propose a model of imperfect or partial erasures where erasure instructions are only partially effective and leave almost all the data intact, thus giving the honest parties only a limited capability to dispose old data. Nonetheless, we show how to design protocols for all of the above settings (including proactive security, adaptive security, forward security, and intrusion resilience) for which this weak form of erasures suffices. We do not have to invent entirely new protocols, but rather show how to automatically modify protocols relying on perfect erasures into ones for which partial erasures suffices. Stated most generally, we provide a compiler that transforms any protocol relying on perfect erasures for security into one with the same functionality that remains secure even if the erasures are only partial. The key idea is a new redundant representation of secret data which can still be computed on, and yet is rendered useless when partially erased. We prove that any such compiler must incur a cost in additional storage, and that our compiler is near optimal in terms of its storage overhead. We also give computationally more efficient compilers for a number of special cases: (1) when all the computations on secrets can be done in constant parallel time (NC⁰); (2) for a class of proactive secret sharing protocols where we leave the protocol intact except for changing the representation of the shares of the secret and the instructions that modify the shares (to correspondingly modify the new representation instead).by Dah-Yoh Lim.Ph.D

System z and z/OS unique Characteristics

Many people still associate mainframes with obsolete technology. Surprisingly, the opposite is true. Mainframes feature many hardware, software, and system integration technologies, that are either not at all, or only in an elementary form, available on other server platforms. On the other hand, we know of no advanced server features which are not available on mainframes. This paper lists some 40 advanced mainframe technologies. There is a short description of each item together with a literature reference for more information

Extensible Performance-Aware Runtime Integrity Measurement

Today\u27s interconnected world consists of a broad set of online activities including banking, shopping, managing health records, and social media while relying heavily on servers to manage extensive sets of data. However, stealthy rootkit attacks on this infrastructure have placed these servers at risk. Security researchers have proposed using an existing x86 CPU mode called System Management Mode (SMM) to search for rootkits from a hardware-protected, isolated, and privileged location. SMM has broad visibility into operating system resources including memory regions and CPU registers. However, the use of SMM for runtime integrity measurement mechanisms (SMM-RIMMs) would significantly expand the amount of CPU time spent away from operating system and hypervisor (host software) control, resulting in potentially serious system impacts. To be a candidate for production use, SMM RIMMs would need to be resilient, performant and extensible. We developed the EPA-RIMM architecture guided by the principles of extensibility, performance awareness, and effectiveness. EPA-RIMM incorporates a security check description mechanism that allows dynamic changes to the set of resources to be monitored. It minimizes system performance impacts by decomposing security checks into shorter tasks that can be independently scheduled over time. We present a performance methodology for SMM to quantify system impacts, as well as a simulator that allows for the evaluation of different methods of scheduling security inspections. Our SMM-based EPA-RIMM prototype leverages insights from the performance methodology to detect host software rootkits at reduced system impacts. EPA-RIMM demonstrates that SMM-based rootkit detection can be made performance-efficient and effective, providing a new tool for defense