International Conference on Computer Science

UBT Annual International Conference is the 11th international interdisciplinary peer reviewed conference which publishes works of the scientists as well as practitioners in the area where UBT is active in Education, Research and Development. The UBT aims to implement an integrated strategy to establish itself as an internationally competitive, research-intensive university, committed to the transfer of knowledge and the provision of a world-class education to the most talented students from all background. The main perspective of the conference is to connect the scientists and practitioners from different disciplines in the same place and make them be aware of the recent advancements in different research fields, and provide them with a unique forum to share their experiences. It is also the place to support the new academic staff for doing research and publish their work in international standard level. This conference consists of sub conferences in different fields like: Art and Digital Media Agriculture, Food Science and Technology Architecture and Spatial Planning Civil Engineering, Infrastructure and Environment Computer Science and Communication Engineering Dental Sciences Education and Development Energy Efficiency Engineering Integrated Design Information Systems and Security Journalism, Media and Communication Law Language and Culture Management, Business and Economics Modern Music, Digital Production and Management Medicine and Nursing Mechatronics, System Engineering and Robotics Pharmaceutical and Natural Sciences Political Science Psychology Sport, Health and Society Security Studies This conference is the major scientific event of the UBT. It is organizing annually and always in cooperation with the partner universities from the region and Europe. We have to thank all Authors, partners, sponsors and also the conference organizing team making this event a real international scientific event. Edmond Hajrizi, President of UBT UBT – Higher Education Institutio

Privacy Preserving of Data Files & Audio / Video Encryption –Decryption Using AES Algorithm

Recently in many areas like facebook , watsapp and many more social networking site many users upload their personal data, video ,voice recording. This paper proposed and idea of encryption – decryption of any file which user s going to upload on site. The specific site which are providing such kind of functionality needs to adopts this method to secure user data for privacy preserving.So that any hackers or indruder can not directly hike your data. If in exceptional cases someone even hacks the data they will not get the actual file they will only get the encrypted file withoud having a decrypt key for the data. So they never see an original file.This will improve the data security over internet uses. The proposed system wiil used a special Advanced Encryption Standard, also known by its original name Rijndael for secure encryption decryption of audio ,video as well as data files

Git as an Encrypted Distributed Version Control System

This thesis develops and presents a secure Git implementation, Git Virtual Vault (GV2), for users of Git to work on sensitive projects with repositories located in unsecure distributed environments, such as in cloud computing. This scenario is common within the Department of Defense, as much work is of a sensitive nature. In order to provide security to Git, additional functionality is added for confidentiality and integrity protection. This thesis examines existing Git encryption implementations and baselines their performance compared to unencrypted Git. Real-world Git repositories are examined to characterize typical Git usage and determine if the existing Git encryption implementations are capable of efficient performance with regards to typical Git usage. This research shows that the existing Git encryption implementations do not provide efficient performance. This research develops an improved secure Git implementation, GV2, with transparent authenticated encryption. The fundamental contribution of this research is developing GV2 to perform Git garbage collection on plaintext data before encrypting the data. The result is a secure Git implementation that is transparent to the user with only a minor performance penalty, compared to unencrypted Git

CacheZoom: How SGX Amplifies The Power of Cache Attacks

In modern computing environments, hardware resources are commonly shared, and parallel computation is widely used. Parallel tasks can cause privacy and security problems if proper isolation is not enforced. Intel proposed SGX to create a trusted execution environment within the processor. SGX relies on the hardware, and claims runtime protection even if the OS and other software components are malicious. However, SGX disregards side-channel attacks. We introduce a powerful cache side-channel attack that provides system adversaries a high resolution channel. Our attack tool named CacheZoom is able to virtually track all memory accesses of SGX enclaves with high spatial and temporal precision. As proof of concept, we demonstrate AES key recovery attacks on commonly used implementations including those that were believed to be resistant in previous scenarios. Our results show that SGX cannot protect critical data sensitive computations, and efficient AES key recovery is possible in a practical environment. In contrast to previous works which require hundreds of measurements, this is the first cache side-channel attack on a real system that can recover AES keys with a minimal number of measurements. We can successfully recover AES keys from T-Table based implementations with as few as ten measurements.Comment: Accepted at Conference on Cryptographic Hardware and Embedded Systems (CHES '17

International Conference on Computer Science and Communication Engineering

UBT Annual International Conference is the 9th international interdisciplinary peer reviewed conference which publishes works of the scientists as well as practitioners in the area where UBT is active in Education, Research and Development. The UBT aims to implement an integrated strategy to establish itself as an internationally competitive, research-intensive university, committed to the transfer of knowledge and the provision of a world-class education to the most talented students from all background. The main perspective of the conference is to connect the scientists and practitioners from different disciplines in the same place and make them be aware of the recent advancements in different research fields, and provide them with a unique forum to share their experiences. It is also the place to support the new academic staff for doing research and publish their work in international standard level. This conference consists of sub conferences in different fields like: Art and Digital Media Agriculture, Food Science and Technology Architecture and Spatial Planning Civil Engineering, Infrastructure and Environment Computer Science and Communication Engineering Dental Sciences Education and Development Energy Efficiency Engineering Integrated Design Information Systems and Security Journalism, Media and Communication Law Language and Culture Management, Business and Economics Modern Music, Digital Production and Management Medicine and Nursing Mechatronics, System Engineering and Robotics Pharmaceutical and Natural Sciences Political Science Psychology Sport, Health and Society Security Studies This conference is the major scientific event of the UBT. It is organizing annually and always in cooperation with the partner universities from the region and Europe. We have to thank all Authors, partners, sponsors and also the conference organizing team making this event a real international scientific event

Chaos-based Cryptography for Cloud Computing

Cloud computing and poor security issues have quadrupled over the last six years and with the alleged presence of backdoors in common encryption ciphers, has created a need for personalising the encryption process by the client. In 2007, two Microsoft employees gave a presentation ``On the Possibility of a backdoor in the NIST SP800-90 Dual Elliptic Curve Pseudo Random Number Generators\u27\u27 and was linked in 2013 by the New York Times with notes leaked by Edward Snowden. This confirmed backdoors were placed, allegedly, in a number of encryption systems by the National Security Agency, which if true creates an urgent need for personalising the encryption process by generating locally unbreakable one-time pad ciphers. Hybrid random binary sequences from chaotic oscillators initialised by natural noise, were exported to an online Javascript application which applies a von Neumann deskewing algorithm to improve the cryptographic strength of the encryptor. The application also provides initial statistical p-test for randomness testing. Encoding the \textit{Lenna} image by XORing it with the new cipher provided another test to observe if patterns could be observed in the encoded image. Finally, the cipher was subjected to the NIST suite of statistical tests. All designs were simulated using Orcad PSpice $^{\copyright}$ V16.

On the Application of PSpice for Localised Cloud Security

The work reported in this thesis commenced with a review of methods for creating random binary sequences for encoding data locally by the client before storing in the Cloud. The first method reviewed investigated evolutionary computing software which generated noise-producing functions from natural noise, a highly-speculative novel idea since noise is stochastic. Nevertheless, a function was created which generated noise to seed chaos oscillators which produced random binary sequences and this research led to a circuit-based one-time pad key chaos encoder for encrypting data. Circuit-based delay chaos oscillators, initialised with sampled electronic noise, were simulated in a linear circuit simulator called PSpice. Many simulation problems were encountered because of the nonlinear nature of chaos but were solved by creating new simulation parts, tools and simulation paradigms. Simulation data from a range of chaos sources was exported and analysed using Lyapunov analysis and identified two sources which produced one-time pad sequences with maximum entropy. This led to an encoding system which generated unlimited, infinitely-long period, unique random one-time pad encryption keys for plaintext data length matching. The keys were studied for maximum entropy and passed a suite of stringent internationally-accepted statistical tests for randomness. A prototype containing two delay chaos sources initialised by electronic noise was produced on a double-sided printed circuit board and produced more than 200 Mbits of OTPs. According to Vladimir Kotelnikov in 1941 and Claude Shannon in 1945, one-time pad sequences are theoretically-perfect and unbreakable, provided specific rules are adhered to. Two other techniques for generating random binary sequences were researched; a new circuit element, memristance was incorporated in a Chua chaos oscillator, and a fractional-order Lorenz chaos system with order less than three. Quantum computing will present many problems to cryptographic system security when existing systems are upgraded in the near future. The only existing encoding system that will resist cryptanalysis by this system is the unconditionally-secure one-time pad encryption

Secrecy and Randomness: Encoding Cloud data Locally using a One-Time Pad

There is no secrecy without randomness, and we address poor cloud security using an analogue chaotic onetime pad encryption system to achieve perfect secrecy. Local encoding returns control to the client and makes stored cloud data unreadable to an adversary. Most cloud service providers encode client data using public encryption algorithms, but ultimately businesses and organisations are responsible for encoding data locally before uploading to the Cloud. As recommended by the Cloud Security Alliance, companies employing authentication and local encryption will reduce or eliminate, EU fines for late data breach discoveries when the EU implements the new general data protection regulations in 2018. Companies failing to detect data breaches within a 72-hour limit will be fined up to four percent of their global annual turnover and estimates of several hundred billion euros could be levied in fines based on the present 146 days average EU breach discovery. The proposed localised encryption system is additional to public encryption, and obeying the rules of one-time pad encryption will mean intercepted encrypted data will be meaningless to an adversary. Furthermore, the encoder has no key distribution problem because applications for it are of “one-to-cloud” type