A Survey of Techniques for Improving Security of GPUs

Graphics processing unit (GPU), although a powerful performance-booster, also has many security vulnerabilities. Due to these, the GPU can act as a safe-haven for stealthy malware and the weakest `link' in the security `chain'. In this paper, we present a survey of techniques for analyzing and improving GPU security. We classify the works on key attributes to highlight their similarities and differences. More than informing users and researchers about GPU security techniques, this survey aims to increase their awareness about GPU security vulnerabilities and potential countermeasures

Physical-Layer Security Enhancement in Wireless Communication Systems

Without any doubt, wireless infrastructures and services have fundamental impacts on every aspect of our lives. Despite of their popularities, wireless communications are vulnerable to various attacks due to the open nature of radio propagation. In fact, communication security in wireless networks is becoming more critical than ever. As a solution, conventional cryptographic techniques are deployed on upper layers of network protocols. Along with direct attacks from lower layer, wireless security challenges come with the rapid evolution of sophisticated decipher techniques. Conventional security mechanisms are not necessarily effective against potential attacks from the open wireless environment anymore. As an alternative, physical-layer(PHY) security, utilizing unique features from lower layer, becomes a new research focus for many wireless communication systems. In this thesis, three mechanisms for PHY security enhancement are investigated. Beginning with a discussion on the security vulnerability in highly standardized infrastructures, the thesis proposed a time domain scrambling scheme of orthogonal frequency division multiplexing (OFDM) system to improve the PHY security. The method relies on secretly scrambling each OFDM symbol in time domain, resulting in constellation transformation in frequency domain, to hide transmission features. As a complement to existing secrecy capacity maximization based optimal cooperative jamming systems, a security strategy based on the compromised secrecy region (CSR) minimization in cooperative jamming is then proposed when instantaneous channel state information(CSI) is not available. The optimal parameters of the jammer are derived to minimize the CSR which exhibits high secrecy outage probability. At last, security enhancement of OFDM system in cooperative networks is also investigated. The function selection strategies of cooperative nodes are studied. Our approach is capable of enhancing the security of broadband communications by selecting the proper function of each cooperative node. Numerical results demonstrate the feasibility of three proposed physical layer security mechanisms by examining the communication reliability, achievable CSR and secrecy capacity respectively

Optically Switched Quantum Key Distribution Network

Encrypted data transmission is becoming increasingly more important as information security is vital to modern communication networks. Quantum Key Distribution (QKD) is a promising method based on the quantum properties of light to generate and distribute unconditionally secure keys for use in classical data encryption. Significant progress has been achieved in the performance of QKD point-to-point transmission over a fibre link between two users. The transmission distance has exceeded several hundred kilometres of optical fibre in recent years, and the secure bit rate achievable has reached megabits per second, making QKD applicable for metro networks. To realize quantum encrypted data transmission over metro networks, quantum keys need to be regularly distributed and shared between multiple end users. Optical switching has been shown to be a promising technique for cost-effective QKD networking, enabling the dynamic reconfiguration of transmission paths with low insertion loss. In this thesis, the performance of optically switched multi-user QKD systems are studied using a mathematical model in terms of transmission distance and secure key rates. The crosstalk and loss limitations are first investigated theoretically and then experimentally. The experiment and simulation both show that negligible system penalties are observed with crosstalk of -20 dB or below. A practical quantum-safe metro network solution is then reported, integrating optically-switched QKD systems with high speed reconfigurability to protect classical network traffic. Quantum signals are routed by rapid optical switches between any two endpoints or network nodes via reconfigurable connections. Proof-of-concept experiments with commercial QKD systems are conducted. Secure keys are continuously shared between virtualised Alice-Bob pairs over effective transmission distances of 30 km, 31.7 km, 33.1 km and 44.6 km. The quantum bit error rates (QBER) for the four paths are proportional to the channel losses with values between 2.6% and 4.1%. Optimising the reconciliation and clock distribution architecture is predicted to result in an estimated maximum system reconfiguration time of 20 s, far shorter than previously demonstrated. In addition, Continuous Variable (CV) QKD has attracted much research interest in recent years, due to its compatibility with standard telecommunication techniques and relatively low cost in practical implementation. A wide band balanced homodyne detection system built from modified off-the-shelf components is experimentally demonstrated. Practical limits and benefits for high speed CVQKD key transmission are demonstrated based on an analysis of noise performance. The feasibility of an optically switched CV-QKD is also experimentally demonstrated using two virtualised Alice-Bob pairs for the first time. This work represents significant advances towards the deployment of CVQKD in a practical quantum-safe metro network. A method of using the classical equalization technique for Inter-symbol-interference mitigation in CVQKD detection is also presented and investigated. This will encourage further research to explore the applications of classical communication tools in quantum communications

Advanced optical modulation and fast reconfigurable en/decoding techniques for OCDMA application

With the explosive growth of bandwidth requirement in optical fiber communication networks, optical code division multiple access (OCDMA) has witnessed tremendous achievements as one of the promising technologies for optical access networks over the past decades. In an OCDMA system, optical code processing is one of the key techniques. Rapid optical code reconfiguration can improve flexibility and security of the OCDMA system. This thesis focuses on advanced optical modulations and en/decoding techniques for applications in fast reconfigurable OCDMA systems and secure optical communications. A novel time domain spectral phase encoding (SPE) scheme which can rapidly reconfigure the optical code and is compatible with conventional spectral domain phase en/decoding by using a pair of dispersive devices and a high speed phase modulator is proposed. Based on this scheme, a novel advanced modulation technique that can simultaneously generate both the optical code and the differential-phase-shift-keying (DPSK) data using a single phase modulator is experimentally demonstrated. A symmetric time domain spectral phase encoding and decoding (SPE/SPD) scheme using a similar setup for both the transmitter and receiver is further proposed, based on which a bit-by-bit optical code scrambling and DPSK data modulation technique for secure optical communications has been successfully demonstrated. By combining optical encoding and optical steganography, a novel approach for secure transmission of time domain spectral phase encoded on-off-keying (OOK)/DPSK-OCDMA signal over public wavelength-division multiplexing (WDM) network has also been proposed and demonstrated. To enable high speed operation of the time domain SPE/SPD scheme and enhance the system security, a rapid programmable, code-length variable bit-by-bit optical code shifting technique is proposed. Based on this technique, security improvements for OOK/DPSK OCDMA systems at data rates of 10Gb/s and 40Gb/s using reconfigurable optical codes of up to 1024-chip have been achieved. Finally, a novel tunable two-dimensional coherent optical en/decoder which can simultaneously perform wavelength hopping and spectral phase encoding based on coupled micro-ring resonator is proposed and theoretically investigated. The techniques included in this thesis could be potentially used for future fast reconfigurable and secure optical code based communication systems

Quantum-based security in optical fibre networks

Electronic communication is used everyday for a number of different applications. Some of the information transferred during these communications can be private requiring encryption and authentication protocols to keep this information secure. Although there are protocols today which provide some security, they are not necessarily unconditionally secure. Quantum based protocols on the other hand, can provide unconditionally secure protocols for encryption and authentication. Prior to this Thesis, only one experimental realisation of quantum digital signatures had been demonstrated. This used a lossy photonic device along with a quantum memory allowing two parties to test whether they were sent the same signature by a single sender, and also store the quantum states for measurement later. This restricted the demonstration to distances of only a few metres, and was tested with a primitive approximation of a quantum memory rather than an actual one. This Thesis presents an experimental realisation of a quantum digital signature protocol which removes the reliance on quantum memory at the receivers, making a major step towards practicality. By removing the quantum memory, it was also possible to perform the swap and comparison mechanism in a more efficient manner resulting in an experimental realisation of quantum digital signatures over 2 kilometres of optical fibre. Quantum communication protocols can be unconditionally secure, however the transmission distance is limited by loss in quantum channels. To overcome this loss in conventional channels an optical amplifier is used, however the added noise from these would swamp the quantum signal if directly used in quantum communications. This Thesis looked into probabilistic quantum amplification, with an experimental realisation of the state comparison amplifier, based on linear optical components and single-photon detectors. The state comparison amplifier operated by using the wellestablished techniques of optical coherent state comparison and weak subtraction to post-select the output and provide non-deterministic amplification with increased fidelity at a high repetition rate. The success rates of this amplifier were found to be orders of magnitude greater than other state of the art quantum amplifiers, due to its lack of requirement for complex quantum resources, such as single or entangled photon sources, and photon number resolving detectors

Large-scale Wireless Local-area Network Measurement and Privacy Analysis

The edge of the Internet is increasingly becoming wireless. Understanding the wireless edge is therefore important for understanding the performance and security aspects of the Internet experience. This need is especially necessary for enterprise-wide wireless local-area networks (WLANs) as organizations increasingly depend on WLANs for mission- critical tasks. To study a live production WLAN, especially a large-scale network, is a difficult undertaking. Two fundamental difficulties involved are (1) building a scalable network measurement infrastructure to collect traces from a large-scale production WLAN, and (2) preserving user privacy while sharing these collected traces to the network research community. In this dissertation, we present our experience in designing and implementing one of the largest distributed WLAN measurement systems in the United States, the Dartmouth Internet Security Testbed (DIST), with a particular focus on our solutions to the challenges of efficiency, scalability, and security. We also present an extensive evaluation of the DIST system. To understand the severity of some potential trace-sharing risks for an enterprise-wide large-scale wireless network, we conduct privacy analysis on one kind of wireless network traces, a user-association log, collected from a large-scale WLAN. We introduce a machine-learning based approach that can extract and quantify sensitive information from a user-association log, even though it is sanitized. Finally, we present a case study that evaluates the tradeoff between utility and privacy on WLAN trace sanitization

A Survey on Routing in Anonymous Communication Protocols

The Internet has undergone dramatic changes in the past 15 years, and now forms a global communication platform that billions of users rely on for their daily activities. While this transformation has brought tremendous benefits to society, it has also created new threats to online privacy, ranging from profiling of users for monetizing personal information to nearly omnipotent governmental surveillance. As a result, public interest in systems for anonymous communication has drastically increased. Several such systems have been proposed in the literature, each of which offers anonymity guarantees in different scenarios and under different assumptions, reflecting the plurality of approaches for how messages can be anonymously routed to their destination. Understanding this space of competing approaches with their different guarantees and assumptions is vital for users to understand the consequences of different design options. In this work, we survey previous research on designing, developing, and deploying systems for anonymous communication. To this end, we provide a taxonomy for clustering all prevalently considered approaches (including Mixnets, DC-nets, onion routing, and DHT-based protocols) with respect to their unique routing characteristics, deployability, and performance. This, in particular, encompasses the topological structure of the underlying network; the routing information that has to be made available to the initiator of the conversation; the underlying communication model; and performance-related indicators such as latency and communication layer. Our taxonomy and comparative assessment provide important insights about the differences between the existing classes of anonymous communication protocols, and it also helps to clarify the relationship between the routing characteristics of these protocols, and their performance and scalability