Enhancing End User Security - Attacks & Solutions

End user computing environments, e.g. web browsers and PC operating systems, are the target of a large number of attacks, both online and offline. The nature of these attacks varies from simple online attacks, such as user tracking using cookies, to more sophisticated attacks on security protocols and cryptographic algorithms. Other methods of attack exist that target end user applications that utilise and interact with cryptographic functions provided by the PC operating system. After providing a general introduction to the security techniques and protocols used in this thesis, a review of possible threats to end user computing environments is given, followed by a discussion of the countermeasures needed to combat these threats. The contributions of this thesis include three new approaches for enhancing the security of end user systems, together with an analysis and a prototype implementation of an end user security enhancement tool. The following paragraphs summarise the three main contributions of this thesis. Digitally signing a digital document is a straightforward procedure; however, when the digital document contains dynamic content, the digital signature may remain valid but the viewed document may not be the same as the document when viewed by the signer. A new solution is proposed to solve the problem; the main idea behind the solution is to make the application aware of the sensitive cryptographic function being requested. In order to verify a digital signature computed on a document or any other object (e.g. an executable), access to the public key corresponding to the private key used to sign the document is required. Normally, the public part of the key is made available in a digital 'certificate', which is made up of the public key of the signer, the name of the signer, and other data, all signed using the private signing key of a trusted third party known as a Certification Authority (CA). To verify such a certificate, and thereby obtain a trusted copy of the document signer's public key, a trusted copy of the CA's public key is required. If a malicious party can insert a fake CA public key into the list of CA public keys stored in a PC, then this party could potentially do considerable harm to that PC, since this malicious party could then forge signatures apparently created by other entities. A method of achieving such an attack without attracting the user's attention is presented in this thesis. Countermeasures that can be deployed to prevent the insertion of a fake root public key are discussed. A suggested solution that can be used to detect and remove such fake keys is presented, and a prototype implementation of this solution is described. SSL/TLS supports mutual authentication, i.e. both server and client authentication, using public key certificates. However, this optional feature of SSL/TLS is not widely used because most end users do not have a certified public key. Certain attacks rely on this fact, such as web spoofing and phishing attacks. A method for supporting client-side SSL authentication using trusted computing platforms is proposed. The proposed approach makes a class of phishing attacks ineffective; moreover, the proposed method can also be used to protect against other online attacks

Reducing the risk of e-mail phishing in the state of Qatar through an effective awareness framework

In recent years, cyber crime has focused intensely on people to bypass existing sophisticated security controls; phishing is one of the most common forms of such attack. This research highlights the problem of e-mail phishing. A lot of previous research demonstrated the danger of phishing and its considerable consequences. Since users behaviour is unpredictable, there is no reliable technological protective solution (e.g. spam filters, anti-viruses) to diminish the risk arising from inappropriate user decisions. Therefore, this research attempts to reduce the risk of e-mail phishing through awareness and education. It underlines the problem of e-mail phishing in the State of Qatar, one of world s fastest developing countries and seeks to provide a solution to enhance people s awareness of e-mail phishing by developing an effective awareness and educational framework. The framework consists of valuable recommendations for the Qatar government, citizens and organisations responsible for ensuring information security along with an educational agenda to train them how to identify and avoid phishing attempts. The educational agenda supports users in making better trust decisions to avoid phishing that could complement any technical solutions. It comprises a collection of training methods: conceptual, embedded, e-learning and learning programmes which include a television show and a learning session with a variety of teaching components such as a game, quizzes, posters, cartoons and a presentation. The components were tested by trial in two Qatari schools and evaluated by experts and a representative sample of Qatari citizens. Furthermore, the research proves the existence and extent of the e-mail phishing problem in Qatar in comparison with the UK where people were found to be less vulnerable and more aware. It was discovered that Qatar is an attractive place for phishers and that a lack of awareness and e-law made Qatar more vulnerable to the phishing. The research identifies the factors which make Qatari citizens susceptible to e-mail phishing attacks such as cultural, country-specific factors, interests and beliefs, religion effect and personal characteristics and this identified the need for enhancing Qatari s level of awareness on phishing threat. Since literature on phishing in Qatar is sparse, empirical and non-empirical studies involved a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government

Serviços pós-4G em redes de satélite LEO com recepção multi-pacote e com handover

Dissertação para obtenção do Grau de Mestre em Engenharia Electrotécnica e de ComputadoresUm pacote com erros, quer seja devido à existência de colisões ou ruído no canal, é normalmente descartado e necessita de ser retransmitido, levando a perdas de desempenho. A junção do protocolo H-ARQ (Hybrid Automatic Retransmission reQuest) com técnicas de recepção multi-pacote e com diversidade temporal como o NDMA (Network Diversity Multiple Access), melhoram o desempenho, visto terem a capacidade de pedir transmissões extra e combinar todos os sinais recebidos no mesmo período. Contudo, o atraso provocado pelo tempo de ida e volta na comunicação com uma rede de satélites, limita o número de retransmissões que possam ser pedidas pelos terminais para garantir qualidade de serviço. Esta tese considera o desenho de um protocolo híbrido que combina H-ARQ com NDMA para redes satélites com tráfego atribuído a pedido. O protocolo S-NDMA (Satellite NDMA) é apresentado, juntamente com modelos analíticos para o seu desempenho. É analisada a sua eficiência energética, tendo em conta requisitos de qualidade de serviço (QoS). O sistema é feito para satélites de órbita baixa (LEO) e com SC-FDE (Single-Carrier with Frequency Domain Equalization). É feita também uma comparação de desempenhos deste esquema com H-NDMA (Hybrid-NDMA), mostrando que é eficiente em termos energéticos e que cumpre requisitos de QoS para serviços exigentes como videochamadas. São necessários vários satélites para cobrir uma vasta área do planeta. Como os satélites estão em constante movimento, a zona de cobertura associada a cada satélite também se desloca. Isto leva a uma necessidade do terminal móvel trocar constantemente de ligação para um novo satélite. Nesta dissertação são propostos dois esquemas para S-NDMA: o tradicional com interrupção temporária de ligação, e um novo com continuidade de ligação baseado em SIMO distribuído. São estudadas a viabilidade e desempenho dos dois esquemas, analisando-se a eficiência energética, o efeito de Doppler, o ponto óptimo de troca e o atraso no tempo na comunicação entre terminais móveis e satélites

Traveling Salesman Problem

The idea behind TSP was conceived by Austrian mathematician Karl Menger in mid 1930s who invited the research community to consider a problem from the everyday life from a mathematical point of view. A traveling salesman has to visit exactly once each one of a list of m cities and then return to the home city. He knows the cost of traveling from any city i to any other city j. Thus, which is the tour of least possible cost the salesman can take? In this book the problem of finding algorithmic technique leading to good/optimal solutions for TSP (or for some other strictly related problems) is considered. TSP is a very attractive problem for the research community because it arises as a natural subproblem in many applications concerning the every day life. Indeed, each application, in which an optimal ordering of a number of items has to be chosen in a way that the total cost of a solution is determined by adding up the costs arising from two successively items, can be modelled as a TSP instance. Thus, studying TSP can never be considered as an abstract research with no real importance

New York Law School Magazine, Vol. 28, No. 2

Features: From the Courtroom to the Classroom: The Racial Justice Project Defends the Right to Education Staying Afloat in a Downward Economy: Lessons From Sonnenschein Nath & Rosenthal LLP New York Law School Achieves Record Bar Pass Ratehttps://digitalcommons.nyls.edu/alum_mag/1010/thumbnail.jp

New York Law School Magazine, Vol. 28, No. 2

Features: From the Courtroom to the Classroom: The Racial Justice Project Defends the Right to Education Staying Afloat in a Downward Economy: Lessons From Sonnenschein Nath & Rosenthal LLP New York Law School Achieves Record Bar Pass Ratehttps://digitalcommons.nyls.edu/alum_mag/1010/thumbnail.jp

Automated self-assembly programming paradigm

Self-assembly is a ubiquitous process in nature in which a disordered set of components autonomously assemble into a complex and more ordered structure. Components interact with each other without the presence of central control or external intervention. Self-assembly is a rapidly growing research topic and has been studied in various domains including nano-science and technology, robotics, micro-electro-mechanical systems, etc. Software self-assembly, on the other hand, has been lacking in research efforts. In this research, I introduced Automated Self-Assembly Programming Paradigm (ASAP²), a software self-assembly system whereby a set of human made components are collected in a software repository and later integrated through self-assembly into a specific software architecture. The goal of this research is to push the understanding of software self-assembly and investigate if it can complement current automatic programming approaches such as Genetic Programming. The research begins by studying the behaviour of unguided software self-assembly, a process loosely inspired by ideal gases. The effect of the externally defined environmental parameters are then examined against the diversity of the assembled programs and the time needed for the system to reach its equilibrium. These analysis on software self-assembly then leads to a further investigation by using a particle swarm optimization based embodiment for ASAP². In addition, a family of network structures is studied to examine how various network properties affect the course and result of software self-assembly. The thesis ends by examining software self-assembly far from equilibrium, embedded in assorted network structures. The main contributions of this thesis are: (1) a literature review on various approaches to the design of self-assembly systems, as well as some popular automatic programming approaches such as Genetic Programming; (2) a software self-assembly model in which software components move and interact with each other and eventually autonomously assemble into programs. This self-assembly process is an entirely new approach to automatic programming; (3) a detailed investigation on how the process and results of software self-assembly can be affected. This is tackled by deploying a variety of embodiments as well as a range of externally defined environmental variables. To the best of my knowledge, this is the first study on software self-assembly