GNSS Signal Authentication via Power and Distortion Monitoring

We propose a simple low-cost technique that enables civil Global Positioning System (GPS) receivers and other civil global navigation satellite system (GNSS) receivers to reliably detect carry-off spoofing and jamming. The technique, which we call the Power-Distortion detector, classifies received signals as interference-free, multipath-afflicted, spoofed, or jammed according to observations of received power and correlatio n function distortion. It does not depend on external hardware or a network connection and can be readily implemented on many receivers via a firmware update. Crucially, the detector can with high probability distinguish low-power spoofing from ordinary multipath. In testing against over 25 high-quality empirical data sets yielding over 900,000 separate detection tests, the detector correctly alarms on all malicious spoofing or jamming attack s while maintaining a <0.5% single-channel false alarm rate.Aerospace Engineering and Engineering Mechanic

Deep Learning-based Side Channel Attack on HMAC SM3

SM3 is a Chinese hash standard. HMAC SM3 uses a secret key to encrypt the input text and gives an output as the HMAC of the input text. If the key is recovered, adversaries can easily forge a valid HMAC. We can choose different methods, such as traditional side channel analysis, template attack-based side channel analysis to recover the secret key. Deep Learning has recently been introduced as a new alternative to perform Side-Channel analysis. In this paper, we try to recover the secret key with deep learning-based side channel analysis. We should train the network recursively for different parameters by using the same dataset and attack the target dataset with the trained network to recover different parameters. The experiment results show that the secret key can be recovered with deep learning-based side channel analysis. This work demonstrates the interests of this new method and show that this attack can be performed in practice

Cryptography based on the Hardness of Decoding

This thesis provides progress in the fields of for lattice and coding based cryptography. The first contribution consists of constructions of IND-CCA2 secure public key cryptosystems from both the McEliece and the low noise learning parity with noise assumption. The second contribution is a novel instantiation of the lattice-based learning with errors problem which uses uniform errors

Mecanismos dinâmicos de segurança para redes softwarizadas e virtualizadas

The relationship between attackers and defenders has traditionally been asymmetric, with attackers having time as an upper hand to devise an exploit that compromises the defender. The push towards the Cloudification of the world makes matters more challenging, as it lowers the cost of an attack, with a de facto standardization on a set of protocols. The discovery of a vulnerability now has a broader impact on various verticals (business use cases), while previously, some were in a segregated protocol stack requiring independent vulnerability research. Furthermore, defining a perimeter within a cloudified system is non-trivial, whereas before, the dedicated equipment already created a perimeter. This proposal takes the newer technologies of network softwarization and virtualization, both Cloud-enablers, to create new dynamic security mechanisms that address this asymmetric relationship using novel Moving Target Defense (MTD) approaches. The effective use of the exploration space, combined with the reconfiguration capabilities of frameworks like Network Function Virtualization (NFV) and Management and Orchestration (MANO), should allow for adjusting defense levels dynamically to achieve the required security as defined by the currently acceptable risk. The optimization tasks and integration tasks of this thesis explore these concepts. Furthermore, the proposed novel mechanisms were evaluated in real-world use cases, such as 5G networks or other Network Slicing enabled infrastructures.A relação entre atacantes e defensores tem sido tradicionalmente assimétrica, com os atacantes a terem o tempo como vantagem para conceberem uma exploração que comprometa o defensor. O impulso para a Cloudificação do mundo torna a situação mais desafiante, pois reduz o custo de um ataque, com uma padronização de facto sobre um conjunto de protocolos. A descoberta de uma vulnerabilidade tem agora um impacto mais amplo em várias verticais (casos de uso empresarial), enquanto anteriormente, alguns estavam numa pilha de protocolos segregados que exigiam uma investigação independente das suas vulnerabilidades. Além disso, a definição de um perímetro dentro de um sistema Cloud não é trivial, enquanto antes, o equipamento dedicado já criava um perímetro. Esta proposta toma as mais recentes tecnologias de softwarização e virtualização da rede, ambas facilitadoras da Cloud, para criar novos mecanismos dinâmicos de segurança que incidem sobre esta relação assimétrica utilizando novas abordagens de Moving Target Defense (MTD). A utilização eficaz do espaço de exploração, combinada com as capacidades de reconfiguração de frameworks como Network Function Virtualization (NFV) e Management and Orchestration (MANO), deverá permitir ajustar dinamicamente os níveis de defesa para alcançar a segurança necessária, tal como definida pelo risco actualmente aceitável. As tarefas de optimização e de integração desta tese exploram estes conceitos. Além disso, os novos mecanismos propostos foram avaliados em casos de utilização no mundo real, tais como redes 5G ou outras infraestruturas de Network Slicing.Programa Doutoral em Engenharia Informátic

Cryptanalysis of Symmetric Cryptographic Primitives

Symmetric key cryptographic primitives are the essential building blocks in modern information security systems. The overall security of such systems is crucially dependent on these mathematical functions, which makes the analysis of symmetric key primitives a goal of critical importance. The security argument for the majority of such primitives in use is only a heuristic one and therefore their respective security evaluation continually remains an open question. In this thesis, we provide cryptanalytic results for several relevant cryptographic hash functions and stream ciphers. First, we provide results concerning two hash functions: HAS-160 and SM3. In particular, we develop a new heuristic for finding compatible differential paths and apply it to the the Korean hash function standard HAS-160. Our heuristic leads to a practical second order collision attack over all of the HAS-160 function steps, which is the first practical-complexity distinguisher on this function. An example of a colliding quartet is provided. In case of SM3, which is a design that builds upon the SHA-2 hash and is published by the Chinese Commercial Cryptography Administration Office for the use in the electronic authentication service system, we study second order collision attacks over reduced-round versions and point out a structural slide-rotational property that exists in the function. Next, we examine the security of the following three stream ciphers: Loiss, SNOW 3G and SNOW 2.0. Loiss stream cipher is designed by Dengguo Feng et al. aiming to be implemented in byte-oriented processors. By exploiting some differential properties of a particular component utilized in the cipher, we provide an attack of a practical complexity on Loiss in the related-key model. As confirmed by our experimental results, our attack recovers 92 bits of the 128-bit key in less than one hour on a PC with 3 GHz Intel Pentium 4 processor. SNOW 3G stream cipher is used in 3rd Generation Partnership Project (3GPP) and the SNOW 2.0 cipher is an ISO/IEC standard (IS 18033-4). For both of these two ciphers, we show that the initialization procedure admits a sliding property, resulting in several sets of related-key pairs. In addition to allowing related-key key recovery attacks against SNOW 2.0 with 256-bit keys, the presented properties reveal non-random behavior of the primitives, yield related-key distinguishers for the two ciphers and question the validity of the security proofs of protocols based on the assumption that these ciphers behave like perfect random functions of the key-IV. Finally, we provide differential fault analysis attacks against two stream ciphers, namely, HC-128 and Rabbit. In this type of attacks, the attacker is assumed to have physical influence over the device that performs the encryption and is able to introduce random faults into the computational process. In case of HC-128, the fault model in which we analyze the cipher is the one in which the attacker is able to fault a random word of the inner state of the cipher but cannot control its exact location nor its new faulted value. Our attack requires about 7968 faults and recovers the complete internal state of HC-128 by solving a set of 32 systems of linear equations over Z2 in 1024 variables. In case of Rabbit stream cipher, the fault model in which the cipher is analyzed is the one in which a random bit of the internal state of the cipher is faulted, however, without control over the location of the injected fault. Our attack requires around 128 − 256 faults, precomputed table of size 2^41.6 bytes and recovers the complete internal state of Rabbit in about 2^38 steps

Demystifying Internet of Things Security

Break down the misconceptions of the Internet of Things by examining the different security building blocks available in Intel Architecture (IA) based IoT platforms. This open access book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth. The IoT presents unique challenges in implementing security and Intel has both CPU and Isolated Security Engine capabilities to simplify it. This book explores the challenges to secure these devices to make them immune to different threats originating from within and outside the network. The requirements and robustness rules to protect the assets vary greatly and there is no single blanket solution approach to implement security. Demystifying Internet of Things Security provides clarity to industry professionals and provides and overview of different security solutions What You'll Learn Secure devices, immunizing them against different threats originating from inside and outside the network Gather an overview of the different security building blocks available in Intel Architecture (IA) based IoT platforms Understand the threat pyramid, secure boot, chain of trust, and the software stack leading up to defense-in-depth Who This Book Is For Strategists, developers, architects, and managers in the embedded and Internet of Things (IoT) space trying to understand and implement the security in the IoT devices/platforms

FileDES: A Secure, Scalable and Succinct Decentralized Encrypted Storage Network

Decentralized Storage Network (DSN) is an emerging technology that challenges traditional cloud-based storage systems by consolidating storage capacities from independent providers and coordinating to provide decentralized storage and retrieval services. However, current DSNs face several challenges associated with data privacy and efficiency of the proof systems. To address these issues, we propose FileDES (Decentralized Encrypted Storage), which incorporates three essential elements: privacy preservation, scalable storage proof, and batch verification. FileDES provides encrypted data storage while maintaining data availability, with a scalable Proof of Encrypted Storage (PoES) algorithm that is resilient to Sybil and Generation attacks. Additionally, we introduce a rollup-based batch verification approach to simultaneously verify multiple files using publicly verifiable succinct proofs. We conducted a comparative evaluation on FileDES, Filecoin, Storj and Sia under various conditions, including a WAN composed of up to 120 geographically dispersed nodes. Our protocol outperforms the others in terms of proof generation/verification efficiency, storage costs, and scalability

A FRAMEWORK FOR THE EVALUATION OF CYBERSECURITY EFFECTIVENESS OF ABU DHABI GOVERNMENT ENTITIES

Cyberspace has become one of the new frontiers for countries to demonstrate their power to survive in the digitized world. The UAE has become a major target for cyber conflicts due to the rapid increase in economic activity and technology. Further, the widespread use of the internet in the region to the tune of 88% by the end of 2014 has exposed the critical infrastructure to all forms of cyber threats. In this dissertation, the researcher presents a detailed study of the existing cybersecurity defences globally and an investigation into the factors that influence the effectiveness of cybersecurity defences in Abu Dhabi government entities. Further, the role of cybersecurity education, training, and awareness in enhancing the effectiveness of cybersecurity and the role of senior management in providing strategic direction to government entities on cybersecurity are evaluated in addition to determining the contribution of strategic planning and technology level in ensuring an effective cybersecurity system. The study has evaluated the level of Cybersecurity Effectiveness (CSE) in Abu Dhabi Government Entities and the results show that Science and Technology entity performed better than all other Entities with CSE Mean = 4.37 while Public Order showed the least performance with CSE Mean = 3.83 and the combined model of six factors with R-square value 0.317 after multiple regression implying that 32% change in CSE in the government entities is occurring due to the six (6) independent variables used in the study. Further, results show that management has the responsibility of putting in place strategies, frameworks and policies that respond appropriately to the prevention, detection and mitigation of cyberattacks. Results further indicate that culture-sensitive training and awareness programmes add to the quality and effectiveness of cybersecurity systems in government entities. Further, study findings reveal that qualified and experienced personnel in government entities show a greater understanding of cyber and information security issues. Finally, the researcher proposes a cybersecurity framework and a checklist, with checkpoints, for evaluating the effectiveness of cybersecurity systems within government entities and future research interventions

INForum 2017: Atas do Nono Simpósio de Informática

Este volume contém as atas da 9.a edição do Simpósio em Informática, INForum 2017, a qual decorreu no Pavilhão de Exposições de Aveiro, em Aveiro, conjuntamente com o TechDays 2017, nos dias 12 e 13 de outubro de 2017. (...