The use of BGAN to implement a robust tsunami early warning system

A tsunami is a series of waves created when a body of water, such as an ocean, is rapidly displaced probably by an oceanic earthquake. The effects of a tsunami for the population can be devastating due to the immense volumes of water and energy involved.The EU-funded Distant Early Warning System (DEWS) project is currently implementing a reference model for a national and regional warning dissemination system of possible hazards or disasters, especially in the prevention of tsunamis. In DEWS several universities and companies are participating specially coming from Europe and from the three countries of interest Sri Lanka, Indonesia and Thailand.The Department of Communications and Networking of the Helsinki University of Technology (TKK) is a consortium member of the DEWS project working on the development of the communications architecture between the different Emergency Centres, first responders and general public.In this thesis report we present the implementation of a backup satellite communications system between DEWS centres and governmental authorities in order to enable the warning dissemination in case the terrestrial communication structures are disrupted due to the hazard effects.The backup communications structure would employ the BGAN Inmarsat service for the date transmission. BGAN ensures the coverage in almost global earth area and support mobility on its terminals, offering adequate characteristics for an emergency communications system. To that end, we design and describe this communications architecture and discuss its performance in the possible scenarios based on simulations

Safe Cryptography Algorithms

Práce podává přehled historického i moderního světa kryptografických metod a postupů, zhodnocuje aktuální stav vývoje kryptografie a kryptografických algoritmů, které jsou používány v dnešních aplikacích. Popisuje a vysvětluje aktuálně nejčastěji používané symetrické a asymetrické šifrovací algoritmy, hašovací funkce, funkce pro generování pseudonáhodných čísel, autentizační protokoly a protokoly pro tvorbu VPN. Práce dále popisuje základní úspěšné metody kryptoanalýzy a ukazuje, které algoritmy jsou z hlediska dostupných prostředků zranitelné, a které jsou náchylné k útokům. Dokument dále podává přehled a doporučení k jednotlivým metodám, které doposud útoky vydržely a u kterých se dá i nadále předpokládat bezpečné využití i do budoucna.This thesis brings a reader an overview about historical and modern world of cryptographic methods, as well evaluates actual state of cryptographic algorithm progressions, which are used in applications nowadays. The aim of the work describes common symmetric, asymmetric encryption methods, cryptographic hash functions and as well pseudorandom number generators, authentication protocols and protocols for building VPNs. This document also shows the basics of the successful modern cryptanalysis and reveals algorithms that shouldn't be used and which algorithms are vulnerable. The reader will be also recommended an overview of cryptographic algorithms that are expected to stay safe in the future.

Cyber-Security Solutions for Ensuring Smart Grid Distribution Automation Functions

The future generation of the electrical network is known as the smart grid. The distribution domain of the smart grid intelligently supplies electricity to the end-users with the aid of the decentralized Distribution Automation (DA) in which intelligent control functions are distributed and accomplished via real-time communication between the DA components. Internet-based communication via the open protocols is the latest trend for decentralized DA communication. Internet communication has many benefits, but it exposes the critical infrastructure’s data to cyber-security threats. Security attacks may not only make DA services unreachable but may also result in undesirable physical consequences and serious damage to the distribution network environment. Therefore, it is compulsory to protect DA communication against such attacks. There is no single model for securing DA communication. In fact, the security level depends on several factors such as application requirements, communication media, and, of course, the cost.There are several smart grid security frameworks and standards, which are under development by different organizations. However, smart grid cyber-security field has not yet reached full maturity and, it is still in the early phase of its progress. Security protocols in IT and computer networks can be utilized to secure DA communication because industrial ICT standards have been designed in accordance with Open Systems Interconnection model. Furthermore, state-of-the-art DA concepts such as Active distribution network tend to integrate processing data into IT systems.This dissertation addresses cyber-security issues in the following DA functions: substation automation, feeder automation, Logic Selectivity, customer automation and Smart Metering. Real-time simulation of the distribution network along with actual automation and data networking devices are used to create hardware-in-the-loop simulation, and experiment the mentioned DA functions with the Internet communication. This communication is secured by proposing the following cyber-security solutions.This dissertation proposes security solutions for substation automation by developing IEC61850-TLS proxy and adding OPen Connectivity Unified Architecture (OPC UA) Wrapper to Station Gateway. Secured messages by Transport Layer Security (TLS) and OPC UA security are created for protecting substation local and remote communications. Data availability is main concern that is solved by designing redundant networks.The dissertation also proposes cyber-security solutions for feeder automation and Logic Selectivity. In feeder automation, Centralized Protection System (CPS) is proposed as the place for making Decentralized feeder automation decisions. In addition, applying IP security (IPsec) in Tunnel mode is proposed to establish a secure communication path for feeder automation messages. In Logic Selectivity, Generic Object Oriented Substation Events (GOOSE) are exchanged between the substations. First, Logic Selectivity functional characteristics are analyzed. Then, Layer 2 Tunneling over IPsec in Transport mode is proposed to create a secure communication path for exchanging GOOSE over the Internet. Next, communication impact on Logic Selectivity performance is investigated by measuring the jitter and latency in the GOOSE communication. Lastly, reliability improvement by Logic Selectivity is evaluated by calculating reliability indices.Customer automation is the additional extension to the smart grid DA. This dissertation proposes an integration solution for the heterogeneous communication parties (TCP/IP and Controller Area Network) in Home Area Network. The developed solution applies Secure Socket Layer in order to create secured messages.The dissertation also proposes Secondary Substation Automation Unit (SSAU) for realtime communication of low voltage data to metering database. Point-to-Point Tunneling Protocol is proposed to create a secure communication path for Smart Metering data.The security analysis shows that the proposed security solutions provide the security requirements (Confidentiality, Integrity and Availability) for DA communication. Thus, communication is protected against security attacks and DA functions are ensured. In addition, CPS and SSAU are proposed to distribute intelligence over the substations level

Ανωνυμία στο διαδίκτυο – Οι διάφορες λειτουργίες των μεθόδων/εργαλείων που χρησιμοποιούνται για την επίτευξή της και η δρομολόγηση δεδομένων εντός του Onion δικτύου

Εξέταση διαφόρων πρωτοκόλλων και μεθόδων όπως και εργαλείων που μπορούν να παρέχουν σε έναν χρήστη ανωνυμία στο διαδίκτυο. Επιπλέον γίνεται η μελέτη του Onion δικτύου και της εσωτερικής δομής του, όπως και οι δυνατότητες ανωνυμίας που παρέχει. Ακόμη γίνεται μελέτη του I2P δικτύου για το αν μας παρέχει ανωνυμία, σε τι βαθμό και σε τι διαφέρει από το Onion δίκτυο.Untersuchung der verschiedenen Protokolle und Methoden sowie Tools, die dem Benutzer im Internet Anonymität bieten können. Darüber hinaus wird das Onion-Netzwerk und seine interne Struktur erkundet, sowie die Anonymitäts Fähigkeiten die es bietet. Wir untersuchen auch das I2P-Netzwerk. Ob es uns Anonymität gewährt, in welchem Umfang und was sich vom Onion-Netzwerk unterscheidet

Um modelo para proteção do trafego de serviços baseado em niveis de segurança

Orientador : Paulo Licio de GeusDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: O IPSec foi especificado com a finalidade de prover, através de algoritmos criptográficos, os serviços de autenticação, integridade e confidencialidade ao conteúdo de pacotes IP. O nível de granularidade e os parâmetros de segurança específicos a serem utilizados em cada tipo de tráfego devem ser definidos pelo administrador. Contudo, a miscelânea de opções pode fazer com que a proteção aplicada não contemple os requisitos necessários e o uso deste protocolo fique restritos a ambientes pré-definidos como as redes privadas virtuais. Uma tentativa de driblar tal dificuldade é utilizar políticas de segurança genéricas onde um mesmo conjunto de parâmetros é aplicado a todo o tipo de tráfego. Tal solução não leva em consideração os diferentes graus de proteção entre as diversas aplicações de uma rede de computadores. Por outro lado, a definição e a manutenção de uma política de segurança para o IPSec baseada em cada serviço representa uma tarefa demasiadamente complexa para o administrador de sistemas. Com base neste cenário, o presente trabalho apresenta o SLM (Security Level Model), um modelo que visa racionalizar o uso do IPSec através de níveis de segurança que encapsulam parâmetros com graus de proteção semelhantes e de descrições da política IPSec em uma linguagem de alto-nível, centralizadas em um servidor, permitindo ao administrador de sistemas abster-se dos detalhes de configuração do IPSec e, conseqüentemente, viabilizando seu uso como tecnologia para proteção adequada do tráfego dos serviços utilizados em sua redeAbstract: IPSec has been specified to provide, through the use of cryptographic algorithms, authentication, integrity and confidentiality services for the contents of IP packets. The granularity leveI and specific security parameters to be used for each kind of traffi.c must be defined by the administrator. However, the miscellany of options may result in the protection applied not addressing the necessary requirements and in the use of this protocol being restricted to predefined environments, such as virtual private networks. An attempt to circumvent this obstacle is to use a generic security policy where a single parameter set is applied to every kind of traffic. Such solution does not take into account the different levels of protection required by the diverse applications on a computer network. On the other hand, the definition and maintenance of an IPSec security policy based on each service poses a rather complex task for the administrator. In the light of the above, this work presents the SLM (Security Level Model), a model that aims at rationalizing IPSec's use through security levels that encapsulate sets of parameters with similar protection abilities and through high-Level descriptions centralized on a server. These allow the system administrator to not have to deal with details of IPSec configuration and, consequently, making its use viable as an adequate protection for the traffic of services being used on the networkMestradoMestre em Ciência da Computaçã

Facilitating the modelling and automated analysis of cryptographic protocols

Includes bibliographical references.Multi-dimensional security protocol engineering is effective for creating cryptographic protocols since it encompasses a variety of design, analysis and deployment techniques, thereby providing a higher level of confidence than individual approaches. SPEAR II, the Security Protocol Engineering and Analysis Resource n, is a protocol engineering tool built on the foundation of previous experience garnered during the SPEAR I project in 1997. The goal of the SPEAR II tool is to facilitate cryptographic protocol engineering and aid users in distilling the critical issues during an engineering session by presenting them with an appropriate level of detail and guiding them as much as possible. The SPEAR II tool currently consists of four components that have been created as part of this dissertation and integrated into one consistent and unified graphical interface: a protocol specification environment (GYPSIE), a GNY statement construction interface (Visual GNY), a Prolog-based GNY analysis engine (GYNGER) and a message rounds calculator