Study on the Effects of Characteristic Polynomial in LFSR for Randomness Quality

Randomness quality of keys becomes an essential in secure communications, since the security of modern cryptographic techniques relies on unpredictable and irreproducible digital keys which are generated by random number generator (RNG). This study focuses on the effects of characteristic polynomial in linear feedback shift registers (LFSR) for randomness quality. RNG's output is produced by integrating binary random source based on optic and LFSR. In this observation, randomness of the RNG's output with different characteristic polynomials has been tested using National Institute of Standards & Technology (NIST) test. The result shows that RNG with LFSR which is characterized by a feedback being a primitive polynomial of n-1 passes all the NISTstandard statistical tests

Virtualisation and Thin Client : A Survey of Virtual Desktop environments

This survey examines some of the leading commercial Virtualisation and Thin Client technologies. Reference is made to a number of academic research sources and to prominent industry specialists and commentators. A basic virtualisation Laboratory model is assembled to demonstrate fundamental Thin Client operations and to clarify potential problem areas

Novel Attacks and Defenses in the Userland of Android

In the last decade, mobile devices have spread rapidly, becoming more and more part of our everyday lives; this is due to their feature-richness, mobility, and affordable price. At the time of writing, Android is the leader of the market among operating systems, with a share of 76% and two and a half billion active Android devices around the world. Given that such small devices contain a massive amount of our private and sensitive information, the economic interests in the mobile ecosystem skyrocketed. For this reason, not only legitimate apps running on mobile environments have increased dramatically, but also malicious apps have also been on a steady rise. On the one hand, developers of mobile operating systems learned from security mistakes of the past, and they made significant strides in blocking those threats right from the start. On the other hand, these high-security levels did not deter attackers. In this thesis, I present my research contribution about the most meaningful attack and defense scenarios in the userland of the modern Android operating system. I have emphasized "userland'' because attack and defense solutions presented in this thesis are executing in the userspace of the operating system, due to the fact that Android is slightly different from traditional operating systems. After the necessary technical background, I show my solution, RmPerm, in order to enable Android users to better protect their privacy by selectively removing permissions from any app on any Android version. This operation does not require any modification to the underlying operating system because we repack the original application. Then, using again repackaging, I have developed Obfuscapk; it is a black-box obfuscation tool that can work with every Android app and offers a free solution with advanced state of the art obfuscation techniques -- especially the ones used by malware authors. Subsequently, I present a machine learning-based technique that focuses on the identification of malware in resource-constrained devices such as Android smartphones. This technique has a very low resource footprint and does not rely on resources outside the protected device. Afterward, I show how it is possible to mount a phishing attack -- the historically preferred attack vector -- by exploiting two recent Android features, initially introduced in the name of convenience. Although a technical solution to this problem certainly exists, it is not solvable from a single entity, and there is the need for a push from the entire community. But sometimes, even though there exists a solution to a well-known vulnerability, developers do not take proper precautions. In the end, I discuss the Frame Confusion vulnerability; it is often present in hybrid apps, and it was discovered some years ago, but I show how it is still widespread. I proposed a methodology, implemented in the FCDroid tool, for systematically detecting the Frame Confusion vulnerability in hybrid Android apps. The results of an extensive analysis carried out through FCDroid on a set of the most downloaded apps from the Google Play Store prove that 6.63% (i.e., 1637/24675) of hybrid apps are potentially vulnerable to Frame Confusion. The impact of such results on the Android users' community is estimated in 250.000.000 installations of vulnerable apps

Continuous spatial query processing over clustered data set

There exists an increasing usage rate of location-based information from mobile devices, which requires new query processing strategies. One such strategy is a moving (continuous) region query in which a moving user continuously sends queries to a central server to obtain data or information. In this thesis, we introduce two strategies to process a spatial moving query over clustered data sets. Both strategies utilize a validity region approach on the client in order to minimize the number of queries that are sent to the server. We explore the use of a two-dimensional indexing strategy, as well as the use of Expectation Maximization (EM) and k-means clustering. Our experiments show that both strategies outperform a Baseline strategy where all queries are sent to the server, with respect to data transmission, response time, and workload costs

Hybrid MOS and Single-Electron Transistor Architectures towards Arithmetic Applications

Metal-Oxide-Semiconductor Field-Effect Transistor (MOSFET) and Single-Electron Transistor (SET) hybrid architectures, which combine the merits of both MOSFET and SET, promise to be a practical implementation for nanometer-scale circuit design. In this thesis, we design arithmetic circuits, including adders and multipliers, using SET/MOS hybrid architectures with the goal of reducing circuit area and power dissipation and improving circuit reliability. Thanks to the Coulomb blockade oscillation characteristic of SET, the design of SET/MOS hybrid adders becomes very simple, and requires only a few transistors by using the proposed schemes of multiple-valued logic (MVL), phase modulation, and frequency modulation. The phase and frequency modulation schemes are also utilized for the design of multipliers. Two types of SET/MOS hybrid multipliers are presented in this thesis. One is the binary tree multiplier which adopts conventional tree structures with multi-input counters (or compressors) implemented with the phase modulation scheme. Compared to conventional CMOS tree multipliers, the area and power dissipation of the proposed multiplier are reduced by half. The other is the frequency modulated multiplier following a novel design methodology where the information is processed in the frequency domain. In this context, we explore the implicit frequency properties of SET, including both frequency gain and frequency mixing. The major merits of this type of multiplier include: a) simplicity of circuit structure, and b) high immunity against background charges within SET islands. Background charges are mainly induced by defects or impurities located within the oxide barriers, and cannot be entirely removed by today\u27s technology. Since these random charges deteriorate the circuit reliability, we investigate different circuit solutions, such as feedback structure and frequency modulation, in order to counteract this problem. The feedback represents an error detection and correction mechanism which offsets the background charge effect by applying an appropriate voltage through an additional gate of SET. The frequency modulation, on the other hand, exploits the fact that background charges only shift the phase of Coulomb blockade oscillation without changing its amplitude and periodicity. Therefore, SET/MOS hybrid adders and multipliers using the frequency modulation scheme exhibit the high immunity against these undesired charges

Um modelo para confiança dinâmica em ambientes orientados a serviço

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro de Tecnológico. Programa de Pós-Graduação em Engenharia ElétricaFundamentada sobre padrões abertos, a Internet possibilitou a integração de redes de computadores formadas pelos mais diversos sistemas computacionais. Os Serviços Web representam uma nova geração da computação distribuída e também se valem de padrões simples e poderosos permitindo que aplicações distribuídas interajam de maneira mais eficiente e sem que haja a necessidade de intervenção humana na negociação dos mecanismos subjacentes da comunicação. Várias propostas foram lançadas por órgãos padronizadores com o intuito de prover soluções para os novos desafios de segurança introduzidos pelos Serviços Web, contudo em algumas áreas, como o gerenciamento da confiança, ainda não existem soluções concretas. A integração de aplicações só é possível se credenciais de segurança puderem ser consideradas válidas perante todas entidades do sistema. Isto requer um modelo que permita lidar com diferentes tecnologias de segurança subjacentes além de se preocupar com o estabelecimento da confiança entre as entidades participantes. Esta tese apresenta um modelo de segurança que visa garantir a facilidade da autenticação única (Single Sign-On - SSO) mesmo diante de diferentes tecnologias de segurança. É apresentado ainda um modelo de confiança, aliado a um sistema de reputação, o qual permite o estabelecimento dinâmico da confiança entre as entidades que compõem o sistema distribuído. O uso de um modelo de confiança baseado no conceito das redes de confiança tornam a solução escalável e a proposição de algoritmo para a localização de caminhos de confiança cobre a principal lacuna deixada pelas principais especificações voltadas para as redes de confiança. Nesta tese é apresentada também uma análise sobre os principais algoritmos de busca para redes par a par quando aplicados para a localização de caminhos de confiança. Tal análise serviu de base para a proposição de um algoritmo próprio

Design of a Recommender System for Participatory Media Built on a Tetherless Communication Infrastructure

We address the challenge of providing low-cost, universal access of useful information to people in different parts of the globe. We achieve this by following two strategies. First, we focus on the delivery of information through computerized devices and prototype new methods for making that delivery possible in a secure, low-cost, and universal manner. Second, we focus on the use of participatory media, such as blogs, in the context of news related content, and develop methods to recommend useful information that will be of interest to users. To achieve the first goal, we have designed a low-cost wireless system for Internet access in rural areas, and a smartphone-based system for the opportunistic use of WiFi connectivity to reduce the cost of data transfer on multi-NIC mobile devices. Included is a methodology for secure communication using identity based cryptography. For the second goal of identifying useful information, we make use of sociological theories regarding social networks in mass-media to develop a model of how participatory media can offer users effective news-related information. We then use this model to design a recommender system for participatory media content that pushes useful information to people in a personalized fashion. Our algorithms provide an order of magnitude better performance in terms of recommendation accuracy than other state-of-the-art recommender systems. Our work provides some fundamental insights into the design of low-cost communication systems and the provision of useful messages to users in participatory media through a multi-disciplinary approach. The result is a framework that efficiently and effectively delivers information to people in remote corners of the world