MoPS: A Modular Protection Scheme for Long-Term Storage

Current trends in technology, such as cloud computing, allow outsourcing the storage, backup, and archiving of data. This provides efficiency and flexibility, but also poses new risks for data security. It in particular became crucial to develop protection schemes that ensure security even in the long-term, i.e. beyond the lifetime of keys, certificates, and cryptographic primitives. However, all current solutions fail to provide optimal performance for different application scenarios. Thus, in this work, we present MoPS, a modular protection scheme to ensure authenticity and integrity for data stored over long periods of time. MoPS does not come with any requirements regarding the storage architecture and can therefore be used together with existing archiving or storage systems. It supports a set of techniques which can be plugged together, combined, and migrated in order to create customized solutions that fulfill the requirements of different application scenarios in the best possible way. As a proof of concept we implemented MoPS and provide performance measurements. Furthermore, our implementation provides additional features, such as guidance for non-expert users and export functionalities for external verifiers.Comment: Original Publication (in the same form): ASIACCS 201

Secure Identification in Social Wireless Networks

The applications based on social networking have brought revolution towards social life and are continuously gaining popularity among the Internet users. Due to the advanced computational resources offered by the innovative hardware and nominal subscriber charges of network operators, most of the online social networks are transforming into the mobile domain by offering exciting applications and games exclusively designed for users on the go. Moreover, the mobile devices are considered more personal as compared to their desktop rivals, so there is a tendency among the mobile users to store sensitive data like contacts, passwords, bank account details, updated calendar entries with key dates and personal notes on their devices. The Project Social Wireless Network Secure Identification (SWIN) is carried out at Swedish Institute of Computer Science (SICS) to explore the practicality of providing the secure mobile social networking portal with advanced security features to tackle potential security threats by extending the existing methods with more innovative security technologies. In addition to the extensive background study and the determination of marketable use-cases with their corresponding security requirements, this thesis proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have implemented an initial prototype using PHP Socket and OpenSSL library to simulate the secure identification procedure based on the proposed design. The design is in compliance with 3GPP‟s Generic Authentication Architecture (GAA) and our implementation has demonstrated the flexibility of the solution to be applied independently for the applications requiring secure identification. Finally, the thesis provides strong foundation for the advanced implementation on mobile platform in future

A binary self-organizing map and its FPGA implementation

A binary Self Organizing Map (SOM) has been designed and implemented on a Field Programmable Gate Array (FPGA) chip. A novel learning algorithm which takes binary inputs and maintains tri-state weights is presented. The binary SOM has the capability of recognizing binary input sequences after training. A novel tri-state rule is used in updating the network weights during the training phase. The rule implementation is highly suited to the FPGA architecture, and allows extremely rapid training. This architecture may be used in real-time for fast pattern clustering and classification of the binary features

From FPGA to ASIC: A RISC-V processor experience

This work document a correct design flow using these tools in the Lagarto RISC- V Processor and the RTL design considerations that must be taken into account, to move from a design for FPGA to design for ASIC

Multi-paradigm frameworks for scalable intrusion detection

Research in network security and intrusion detection systems (IDSs) has typically focused on small or artificial data sets. Tools are developed that work well on these data sets but have trouble meeting the demands of real-world, large-scale network environments. In addressing this problem, improvements must be made to the foundations of intrusion detection systems, including data management, IDS accuracy and alert volume;We address data management of network security and intrusion detection information by presenting a database mediator system that provides single query access via a domain specific query language. Results are returned in the form of XML using web services, allowing analysts to access information from remote networks in a uniform manner. The system also provides scalable data capture of log data for multi-terabyte datasets;Next, we address IDS alert accuracy by building an agent-based framework that utilizes web services to make the system easy to deploy and capable of spanning network boundaries. Agents in the framework process IDS alerts managed by a central alert broker. The broker can define processing hierarchies by assigning dependencies on agents to achieve scalability. The framework can also be used for the task of event correlation, or gathering information relevant to an IDS alert;Lastly, we address alert volume by presenting an approach to alert correlation that is IDS independent. Using correlated events gathered in our agent framework, we build a feature vector for each IDS alert representing the network traffic profile of the internal host at the time of the alert. This feature vector is used as a statistical fingerprint in a clustering algorithm that groups related alerts. We analyze our results with a combination of domain expert evaluation and feature selection

A Blockchain Application Prototype for the Internet of Things

The emergence of the Internet of things (IoT), associated with the explosion in the number of connected objects, and the growth in user needs, makes the Internet network very complex. IoT objects are diverse and heterogeneous, which requires establishing interoperability and efficient identity management on the one hand. On the other hand, centralized architectures such as cloud-based ones can have overhead and high latency, with a potential risk of failure. Facing these challenges, Blockchain technology, with its decentralized architecture based on a distributed peer-to-peer network, offers a new infrastructure that allows IoT objects to interact reliably and securely. In this paper, a new approach is proposed with a three-layer architecture: layer of sensing and collection of data made up of the IoT network, layer of processing and saving of data exchanges at the Blockchain level, and access and visualization layer via a web interface. The prototype implemented in this study allows all transactions (data exchanges) generated by IoT devices to be recorded and stored on a dedicated Blockchain, assuring the security of IoT objects\u27 communications. This prototype also enables access to and visualization of all data and information, thus enhancing the IoT network\u27s transparency

Fuzzy Logic Classification of Handwritten Signature Based Computer Access and File Encryption

Often times computer access and file encryption is successful based on how complex a password will be, how often users could change their complex password, the length of the complex password and how creative users are in creating a complex passsword to stand against unauthorized access to computer resources or files. This research proposes a new way of computer access and file encryption based on the fuzzy logic classification of handwritten signatures. Feature extraction of the handwritten signatures, the Fourier transformation algorithm and the k-Nearest Algorithm could be implemented to determine how close the signature is to the signature on file to grant or deny users access to computer resources and encrypted files. lternatively implementing fuzzy logic algorithms and fuzzy k-Nearest Neighbor algorithm to the captured signature could determine how close a signature is to the one on file to grant or deny access to computer resources and files. This research paper accomplishes the feature recognition firstly by extracting the features as users sign their signatures for storage, and secondly by determining the shortest distance between the signatures. On the other hand this research work accomplish the fuzzy logic recognition firstly by classifying the signature into a membership groups based on their degree of membership and secondly by determining what level of closeness the signatures are from each other. The signatures were collected from three selected input devices- the mouse, I-Pen and the IOGear. This research demonstrates which input device users found efficient and flexible to sign their respective names. The research work also demonstrates the security levels of implementing the fuzzy logic, fuzzy k-Nearest Neighbor, Fourier Transform.Master'sCollege of Arts and Sciences: Computer ScienceUniversity of Michiganhttp://deepblue.lib.umich.edu/bitstream/2027.42/117719/1/Kwarteng.pd