Current Search: Computer security (x)
View All Items
Pages
- Title
- Improving Privacy With Intelligent Cooperative Caching In Vehicular Ad Hoc Networks.
- Creator
- Glass, Stephen C., Mahgoub, Imad, Florida Atlantic University, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
With the issuance of the Notice of Proposed Rule Making (NPRM) for Vehicle to Vehicle (V2V) communications by the United States National Highway Tra c Safety Administration (NHTSA), the goal of the widespread deployment of vehicular networking has taken a signi cant step towards becoming a reality. In order for consumers to accept the technology, it is expected that reasonable mechanisms will be in place to protect their privacy. Cooperative Caching has been proposed as an approach that can...
Show moreWith the issuance of the Notice of Proposed Rule Making (NPRM) for Vehicle to Vehicle (V2V) communications by the United States National Highway Tra c Safety Administration (NHTSA), the goal of the widespread deployment of vehicular networking has taken a signi cant step towards becoming a reality. In order for consumers to accept the technology, it is expected that reasonable mechanisms will be in place to protect their privacy. Cooperative Caching has been proposed as an approach that can be used to improve privacy by distributing data items throughout the mobile network as they are requested. With this approach, vehicles rst attempt to retrieve data items from the mobile network, alleviating the need to send all requests to a centralized location that may be vulnerable to an attack. However, with this approach, a requesting vehicle may expose itself to many unknown vehicles as part of the cache discovery process. In this work we present a Public Key Infrastructure (PKI) based Cooperative Caching system that utilizes a genetic algorithm to selectively choose members of the mobile network to query for data items with a focus on improving overall privacy. The privacy improvement is achieved by avoiding those members that present a greater risk of exposing information related to the request and choosing members that have a greater potential of having the needed data item. An Agent Based Model is utilized to baseline the privacy concerns when using a broadcast based approach to cache discovery. In addition, an epidemiology inspired mathematical model is presented to illustrate the impact of reducing the number of vehicles queried during cache discovery. Periodic reports from neighboring vehicles are used by the genetic algorithm to identify which neighbors should be queried during cache discovery. In order for the system to be realistic, vehicles must trust the information in these reports. A PKI based approach used to evaluate the trustworthiness of each vehicle in the system is also detailed. We have conducted an in-depth performance study of our system that demonstrates a signi cant reduction in the overall risk of exposure when compared to broadcasting the request to all neighbors.
Show less - Date Issued
- 2017
- PURL
- http://purl.flvc.org/fau/fd/FA00004975, http://purl.flvc.org/fau/fd/FA00004965
- Subject Headings
- Dissertations, Academic -- Florida Atlantic University, Public key infrastructure (Computer security), Privacy., Cache memory., Public key infrastructure (Computer security).
- Format
- Document (PDF)
- Title
- MODELING AND SECURITY IN CLOUD AND RELATED ECOSYSTEMS.
- Creator
- Syed, Madiha Haider, Fernandez, Eduardo B., Florida Atlantic University, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Software systems increasingly interact with each other, forming ecosystems. Cloud is one such ecosystem that has evolved and enabled other technologies like IoT and containers. Such systems are very complex and heterogeneous because their components can have diverse origins, functions, security policies, and communication protocols, which makes it difficult to comprehend, utilize and consequently secure them. Abstract architectural models can be used to handle this complexity and...
Show moreSoftware systems increasingly interact with each other, forming ecosystems. Cloud is one such ecosystem that has evolved and enabled other technologies like IoT and containers. Such systems are very complex and heterogeneous because their components can have diverse origins, functions, security policies, and communication protocols, which makes it difficult to comprehend, utilize and consequently secure them. Abstract architectural models can be used to handle this complexity and heterogeneity but there is lack of work on precise, implementation/vendor neutral and holistic models which represent ecosystem components and their mutual interactions. We attempted to find similarities in systems and generalize to create abstract models for adding security. We represented the ecosystem as a Reference architecture (RA) and the ecosystem units as patterns. We started with a pattern diagram which showed all the components involved along with their mutual interactions and dependencies. We added components to the already existent Cloud security RA (SRA). Containers, being relatively new virtualization technology, did not have a precise and holistic reference architecture. We have built a partial RA for containers by identifying and modeling components of the ecosystem. Container security issues were identified from the literature as well as analysis of our patterns. We added corresponding security countermeasures to container RA as security patterns to build a container SRA. Finally, using container SRA as an example, we demonstrated an approach for RA validation. We have also built a composite pattern for fog computing that is an intermediate platform between Cloud and IoT devices. We represented an attack, Distributed Denial of Service (DDoS) using IoT devices, in the form of a misuse pattern which explains it from the attacker’s perspective. We found this modelbased approach useful to build RAs in a flexible and incremental way as components can be identified and added as the ecosystems expand. This provided us better insight to analyze security issues across boundaries of individual ecosystems. A unified, precise and holistic view of the system is not just useful for adding or evaluating security, this approach can also be used to ensure compliance, privacy, safety, reliability and/or governance for cloud and related ecosystems. This is the first work we know of where patterns and RAs are used to represent ecosystems and analyze their security.
Show less - Date Issued
- 2019
- PURL
- http://purl.flvc.org/fau/fd/FA00013345
- Subject Headings
- Software ecosystems, Cloud computing--Security measures, Internet of things, Software architecture--Security measures, Computer modeling
- Format
- Document (PDF)
- Title
- A method for adding multimedia knowledge for improving intrusion detection systems.
- Creator
- Baillargeon, Pierre Elliott., Florida Atlantic University, Marques, Oge
- Abstract/Description
-
Intrusion Detection Systems (IDS) are security tools which monitor systems and networks for malicious activity. In saturated network links the amount of data present for analysis can overwhelm them, resulting in potentially undetected attacks. Many of these network links contain significant amounts of multimedia traffic which may seem to contribute to the problem, however our work suggests otherwise. This thesis proposes a novel method to classify and analyze multimedia traffic in an effort...
Show moreIntrusion Detection Systems (IDS) are security tools which monitor systems and networks for malicious activity. In saturated network links the amount of data present for analysis can overwhelm them, resulting in potentially undetected attacks. Many of these network links contain significant amounts of multimedia traffic which may seem to contribute to the problem, however our work suggests otherwise. This thesis proposes a novel method to classify and analyze multimedia traffic in an effort to maximize the efficiency of IDS. By embedding multimedia-specific knowledge into IDS, trusted multimedia contents can be identified and allowed to bypass the detection engine, thereby allowing IDS to focus its limited resources on other traffic. The proposed framework also enables IDS to detect multimedia-specific exploits which would otherwise pass under the radar. Results of our experiments confirm our claims and show substantial CPU savings in both streaming and non-streaming scenarios.
Show less - Date Issued
- 2005
- PURL
- http://purl.flvc.org/fcla/dt/13242
- Subject Headings
- Computer networks--Security measures, Computers--Access control, Electronic countermeasures, Digital watermarking, Multimedia systems--Security measures
- Format
- Document (PDF)
- Title
- A Study on Partially Homomorphic Encryption Schemes.
- Creator
- Mithila, Shifat P., Karabina, Koray, Florida Atlantic University, Charles E. Schmidt College of Science, Department of Mathematical Sciences
- Abstract/Description
-
High processing time and implementation complexity of the fully homomorphic encryption schemes intrigued cryptographers to extend partially homomorphic encryption schemes to allow homomorphic computation for larger classes of polynomials. In this thesis, we study several public key and partially homomorphic schemes and discuss a recent technique for boosting linearly homomorphic encryption schemes. Further, we implement this boosting technique on CGS linearly homomorphic encryption scheme to...
Show moreHigh processing time and implementation complexity of the fully homomorphic encryption schemes intrigued cryptographers to extend partially homomorphic encryption schemes to allow homomorphic computation for larger classes of polynomials. In this thesis, we study several public key and partially homomorphic schemes and discuss a recent technique for boosting linearly homomorphic encryption schemes. Further, we implement this boosting technique on CGS linearly homomorphic encryption scheme to allow one single multiplication as well as arbitrary number of additions on encrypted plaintexts. We provide MAGMA source codes for the implementation of the CGS scheme along with the boosted CGS scheme.
Show less - Date Issued
- 2017
- PURL
- http://purl.flvc.org/fau/fd/FA00004840, http://purl.flvc.org/fau/fd/FA00004840
- Subject Headings
- Computer networks--Security measures., Computer security., Computers--Access control--Code words., Cyberinfrastructure., Computer network architectures., Cryptography., Number theory--Data processing.
- Format
- Document (PDF)
- Title
- Compliance Issues In Cloud Computing Systems.
- Creator
- Yimam, Dereje, Fernandez, Eduardo B., Florida Atlantic University, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Appealing features of cloud services such as elasticity, scalability, universal access, low entry cost, and flexible billing motivate consumers to migrate their core businesses into the cloud. However, there are challenges about security, privacy, and compliance. Building compliant systems is difficult because of the complex nature of regulations and cloud systems. In addition, the lack of complete, precise, vendor neutral, and platform independent software architectures makes compliance even...
Show moreAppealing features of cloud services such as elasticity, scalability, universal access, low entry cost, and flexible billing motivate consumers to migrate their core businesses into the cloud. However, there are challenges about security, privacy, and compliance. Building compliant systems is difficult because of the complex nature of regulations and cloud systems. In addition, the lack of complete, precise, vendor neutral, and platform independent software architectures makes compliance even harder. We have attempted to make regulations clearer and more precise with patterns and reference architectures (RAs). We have analyzed regulation policies, identified overlaps, and abstracted them as patterns to build compliant RAs. RAs should be complete, precise, abstract, vendor neutral, platform independent, and with no implementation details; however, their levels of detail and abstraction are still debatable and there is no commonly accepted definition about what an RA should contain. Existing approaches to build RAs lack structured templates and systematic procedures. In addition, most approaches do not take full advantage of patterns and best practices that promote architectural quality. We have developed a five-step approach by analyzing features from available approaches but refined and combined them in a new way. We consider an RA as a big compound pattern that can improve the quality of the concrete architectures derived from it and from which we can derive more specialized RAs for cloud systems. We have built an RA for HIPAA, a compliance RA (CRA), and a specialized compliance and security RA (CSRA) for cloud systems. These RAs take advantage of patterns and best practices that promote software quality. We evaluated the architecture by creating profiles. The proposed approach can be used to build RAs from scratch or to build new RAs by abstracting real RAs for a given context. We have also described an RA itself as a compound pattern by using a modified POSA template. Finally, we have built a concrete deployment and availability architecture derived from CSRA that can be used as a foundation to build compliance systems in the cloud.
Show less - Date Issued
- 2015
- PURL
- http://purl.flvc.org/fau/fd/FA00004559, http://purl.flvc.org/fau/fd/FA00004559
- Subject Headings
- Biometric identification, Client/server computing -- Security measures, Cloud computing -- Security measures, Computational intelligence, Computer software -- Quality control, Electronic information resources -- Access control
- Format
- Document (PDF)
- Title
- Web-based wireless sensor network monitoring using smartphones.
- Creator
- Marcus, Anthony M., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
This thesis consists of the development of a web based wireless sensor network (WSN) monitoring system using smartphones. Typical WSNs consist of networks of wireless sensor nodes dispersed over predetermined areas to acquire, process, and transmit data from these locations. Often it is the case that the WSNs are located in areas too hazardous or inaccessible to humans. We focused on the need for access to this sensed data remotely and present our reference architecture to solve this problem....
Show moreThis thesis consists of the development of a web based wireless sensor network (WSN) monitoring system using smartphones. Typical WSNs consist of networks of wireless sensor nodes dispersed over predetermined areas to acquire, process, and transmit data from these locations. Often it is the case that the WSNs are located in areas too hazardous or inaccessible to humans. We focused on the need for access to this sensed data remotely and present our reference architecture to solve this problem. We developed this architecture for web-based wireless sensor network monitoring and have implemented a prototype that uses Crossbow Mica sensors and Android smartphones for bridging the wireless sensor network with the web services for data storage and retrieval. Our application has the ability to retrieve sensed data directly from a wireless senor network composed of Mica sensors and from a smartphones onboard sensors. The data is displayed on the phone's screen, and then, via Internet connection, they are forwarded to a remote database for manipulation and storage. The attributes sensed and stored by our application are temperature, light, acceleration, GPS position, and geographical direction. Authorized personnel are able to retrieve and observe this data both textually and graphically from any browser with Internet connectivity or through a native Android application. Web-based wireless sensor network architectures using smartphones provides a scalable and expandable solution with applicability in many areas, such as healthcare, environmental monitoring, infrastructure health monitoring, border security, and others.
Show less - Date Issued
- 2011
- PURL
- http://purl.flvc.org/FAU/3171682
- Subject Headings
- Smartphones, Wireless communication systems, Security measures, Wireless communication systems, Technological innovations, Computer networks, Security measures, Ad hoc networks (Computer networks), Security measures
- Format
- Document (PDF)
- Title
- Secure routing in wireless sensor networks.
- Creator
- Ibriq, Jamil, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
This research addresses communication security in the highly constrained wireless sensor environment. The goal of the research is twofold: (1) to develop a key management scheme that provides these constrained systems with the basic security requirements and evaluate its effectiveness in terms of scalability, efficiency, resiliency, connectivity, and flexibility, and (2) to implement this scheme on an appropriate routing platform and measure its efficiency., The proposed key management scheme...
Show moreThis research addresses communication security in the highly constrained wireless sensor environment. The goal of the research is twofold: (1) to develop a key management scheme that provides these constrained systems with the basic security requirements and evaluate its effectiveness in terms of scalability, efficiency, resiliency, connectivity, and flexibility, and (2) to implement this scheme on an appropriate routing platform and measure its efficiency., The proposed key management scheme is called Hierarchical Key Establishment Scheme (HIKES). In HIKES, the base station, acting as the central trust authority, empowers randomly selected sensors to act as local trust authorities, authenticating on its behalf the cluster members and issuing to them all secret keys necessary to secure their communications. HIKES uses a novel key escrow scheme that enables any sensor node selected as a cluster head to generate all the cryptographic keys needed to authenticate other sensors within its cluster. This scheme localizes secret key issuance and reduces the communication cost with the base station. The key escrow scheme also provides the HIKES with as large an addressing mechanism as needed. HIKES also provides a one-step broadcast authentication mechanism. HIKES provides entity authentication to every sensor in the network and is robust against most known attacks. We propose a hierarchical routing mechanism called Secure Hierarchical Energy-Efficient Routing protocol (SHEER). SHEER implements HIKES, which provides the communication security from the inception of the network. SHEER uses a probabilistic broadcast mechanism and a three-level hierarchical clustering architecture to improve the network energy performance and increase its lifetime., Simulation results have shown that HIKES provides an energy-efficient and scalable solution to the key management problem. Cost analysis shows that HIKES is computationally efficient and has low storage requirement. Furthermore, high degree of address flexibility can be achieved in HIKES. Therefore, this scheme meets the desired criteria set forth in this work. Simulation studies also show that SHEER is more energy-efficient and has better scalability than the secure version of LEACH using HIKES.
Show less - Date Issued
- 2007
- PURL
- http://purl.flvc.org/FAU/42771
- Subject Headings
- Sensor networks, Security measures, Ad hoc networks (Computer networks), Security measures, Wireless communication systems, Security measures, Wireless communication systems, Technological innovations, Mobile computing
- Format
- Document (PDF)
- Title
- Cryptography in the presence of key-dependent messages.
- Creator
- Gonzalez, Madeline., Charles E. Schmidt College of Science, Department of Mathematical Sciences
- Abstract/Description
-
The aim of this work is to investigate a security model in which we allow an adversary to have access to functions of the secret key. In recent years, significant progress has been made in understanding the security of encryption schemes in the presence of key-dependent plaintexts or messages (known as KDM). Here, we motivate and explore the security of a setting, where an adversary against a message authentication code (MAC) or signature scheme can access signatures on key-dependent messages...
Show moreThe aim of this work is to investigate a security model in which we allow an adversary to have access to functions of the secret key. In recent years, significant progress has been made in understanding the security of encryption schemes in the presence of key-dependent plaintexts or messages (known as KDM). Here, we motivate and explore the security of a setting, where an adversary against a message authentication code (MAC) or signature scheme can access signatures on key-dependent messages. We propose a way to formalize the security of message authentication schemes in the presence of key-dependent MACs (KD-EUF) and of signature schemes in the presence of key-dependent signatures (KDS). An attack on a message recognition protocol involving a MAC is presented. It turns out that the situation is quite different from key-dependent encryption: To achieve KD-EUF-security or KDS-security under non-adaptive chosen message attacks, the use of a stateful signing algorithm is inevitable even in the random oracle model. After discussing the connection between key-dependent signing and forward security, we describe a compiler which lifts any EUF-CMA secure one-time signature scheme to a forward secure signature scheme offering KDS-CMA security. Then, we discuss how aggregate signatures can be used to combine the signatures in the certificate chain used in the compiler. A natural question arises about how to combine the security definitions of KDM and KDS to come up with a signcryption scheme that is secure. We also offer a connection with Leakage-Resilient Signatures, which take into account side-channel attacks. Lastly, we present some open problems for future research.
Show less - Date Issued
- 2009
- PURL
- http://purl.flvc.org/FAU/2182087
- Subject Headings
- Cryptography, Data processing, Digital signatures, Computer security, Data encryption (Computer science), Software protection
- Format
- Document (PDF)
- Title
- An algebraic attack on block ciphers.
- Creator
- Matheis, Kenneth., Charles E. Schmidt College of Science, Department of Mathematical Sciences
- Abstract/Description
-
The aim of this work is to investigate an algebraic attack on block ciphers called Multiple Right Hand Sides (MRHS). MRHS models a block cipher as a system of n matrix equations Si := Aix = [Li], where each Li can be expressed as a set of its columns bi1, . . . , bisi . The set of solutions Ti of Si is dened as the union of the solutions of Aix = bij , and the set of solutions of the system S1, . . . , Sn is dened as the intersection of T1, . . . , Tn. Our main contribution is a hardware...
Show moreThe aim of this work is to investigate an algebraic attack on block ciphers called Multiple Right Hand Sides (MRHS). MRHS models a block cipher as a system of n matrix equations Si := Aix = [Li], where each Li can be expressed as a set of its columns bi1, . . . , bisi . The set of solutions Ti of Si is dened as the union of the solutions of Aix = bij , and the set of solutions of the system S1, . . . , Sn is dened as the intersection of T1, . . . , Tn. Our main contribution is a hardware platform which implements a particular algorithm that solves MRHS systems (and hence block ciphers). The case is made that the platform performs several thousand orders of magnitude faster than software, it costs less than US$1,000,000, and that actual times of block cipher breakage can be calculated once it is known how the corresponding software behaves. Options in MRHS are also explored with a view to increase its efficiency.
Show less - Date Issued
- 2010
- PURL
- http://purl.flvc.org/FAU/2976444
- Subject Headings
- Ciphers, Cryptography, Data encryption (Computer science), Computer security, Coding theory, Integrated circuits, Design and construction
- Format
- Document (PDF)
- Title
- The discrete logarithm problem in non-abelian groups.
- Creator
- Iliâc, Ivana., Charles E. Schmidt College of Science, Department of Mathematical Sciences
- Abstract/Description
-
This dissertation contains results of the candidate's research on the generalized discrete logarithm problem (GDLP) and its applications to cryptology, in non-abelian groups. The projective special linear groups PSL(2; p), where p is a prime, represented by matrices over the eld of order p, are investigated as potential candidates for implementation of the GDLP. Our results show that the GDLP with respect to specic pairs of PSL(2; p) generators is weak. In such cases the groups PSL(2; p) are...
Show moreThis dissertation contains results of the candidate's research on the generalized discrete logarithm problem (GDLP) and its applications to cryptology, in non-abelian groups. The projective special linear groups PSL(2; p), where p is a prime, represented by matrices over the eld of order p, are investigated as potential candidates for implementation of the GDLP. Our results show that the GDLP with respect to specic pairs of PSL(2; p) generators is weak. In such cases the groups PSL(2; p) are not good candidates for cryptographic applications which rely on the hardness of the GDLP. Results are presented on generalizing existing cryptographic primitives and protocols based on the hardness of the GDLP in non-abelian groups. A special instance of a cryptographic primitive dened over the groups SL(2; 2n), the Tillich-Zemor hash function, has been cryptanalyzed. In particular, an algorithm for constructing collisions of short length for any input parameter is presented. A series of mathematical results are developed to support the algorithm and to prove existence of short collisions.
Show less - Date Issued
- 2010
- PURL
- http://purl.flvc.org/FAU/3356783
- Subject Headings
- Data encryption (Computer science), Computer security, Cryptography, Combinatorial group theory, Data processing, Mapping (Mathematics)
- Format
- Document (PDF)
- Title
- Adaptive two-level watermarking for binary document images.
- Creator
- Muharemagic, Edin., Florida Atlantic University, Furht, Borko, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
In our society, large volumes of documents are exchanged on a daily basis. Since documents can easily be scanned, modified and reproduced without any loss in quality, unauthorized use and modification of documents is of major concern. An authentication watermark embedded into a document as an invisible, fragile mark can be used to detect illegal document modification. However, the authentication watermark can only be used to determine whether documents have been tampered with, and additional...
Show moreIn our society, large volumes of documents are exchanged on a daily basis. Since documents can easily be scanned, modified and reproduced without any loss in quality, unauthorized use and modification of documents is of major concern. An authentication watermark embedded into a document as an invisible, fragile mark can be used to detect illegal document modification. However, the authentication watermark can only be used to determine whether documents have been tampered with, and additional protection may be needed to prevent unauthorized use and distribution of those documents. A solution to this problem is a two-level, multipurpose watermark. The first level watermark is an authentication mark used to detect document tampering, while the second level watermark is a robust mark, which identifies the legitimate owner and/or user of specific document. This dissertation introduces a new adaptive two-level multipurpose watermarking scheme suitable for binary document images, such as scanned text, figures, engineering and road maps, architectural drawings, music scores, and handwritten text and sketches. This watermarking scheme uses uniform quantization and overlapped embedding to add two watermarks, one robust and the other fragile, into a binary document image. The two embedded watermarks serve different purposes. The robust watermark carries document owner or document user identification, and the fragile watermark confirms document authenticity and helps detect document tampering. Both watermarks can be extracted without accessing the original document image. The proposed watermarking scheme adaptively selects an image partitioning block size to optimize the embedding capacity, the image permutation key to minimize watermark detection error, and the size of local neighborhood in which modification candidate pixels are scored to minimize visible distortion of watermarked documents. Modification candidate pixels are scored using a novel, objective metric called the Structural Neighborhood Distortion Measure (SNDM). Experimental results confirm that this watermarking scheme, which embeds watermarks by modifying image pixels based on their SNDM scores, creates smaller visible document distortion than watermarking schemes which base watermark embedding on any other published pixel scoring method. Document tampering is detected successfully and the robust watermark can be detected even after document tampering renders the fragile watermark undetectable.
Show less - Date Issued
- 2004
- PURL
- http://purl.flvc.org/fau/fd/FADT12113
- Subject Headings
- Data encryption (Computer science), Computer security, Digital watermarking, Data protection, Image processing--Digital techniques, Watermarks
- Format
- Document (PDF)
- Title
- Secure access of legacy databases from the Web using CORBA.
- Creator
- Xue, Richard Zhihuai., Florida Atlantic University, Fernandez, Eduardo B., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
After comparing general architectures for accessing business databases from the Web, we propose a platform-independent, language-independent, object-oriented, fourtier CORBA-based architecture. The proposed architecture is presented in pattern format. Several security mechanisms are incorporated into the proposed architecture. A Web Reservation System (WRS) was created to test this architecture. Starting from an analysis pattern, a design model for the WRS was developed using the CORBA Object...
Show moreAfter comparing general architectures for accessing business databases from the Web, we propose a platform-independent, language-independent, object-oriented, fourtier CORBA-based architecture. The proposed architecture is presented in pattern format. Several security mechanisms are incorporated into the proposed architecture. A Web Reservation System (WRS) was created to test this architecture. Starting from an analysis pattern, a design model for the WRS was developed using the CORBA Object Request Broker (ORB); this was a Virtual Car Reservation System (VCRS). In the VCRS system, a user can get a reservation number when necessary information is entered from a Web browser. The user can also retrieve the reservation information by using the reservation number. All reservation information is stored in a distributed database system at a remote site. A realistic application of the proposed architecture is also described. We also provide an evaluation and comparison of the proposed architecture with other architectures.
Show less - Date Issued
- 2000
- PURL
- http://purl.flvc.org/fcla/dt/15756
- Subject Headings
- Computer security, CORBA (Computer architecture), World Wide Web, Distributed databases, Internet, Business--Data processing
- Format
- Document (PDF)
- Title
- Message authentication in an identity-based encryption scheme: 1-Key-Encrypt-Then-MAC.
- Creator
- Amento, Brittanney Jaclyn, Charles E. Schmidt College of Science, Department of Mathematical Sciences
- Abstract/Description
-
We present an Identity-Based Encryption scheme, 1-Key-Encrypt-Then-MAC, in which we are able to verify the authenticity of messages using a MAC. We accomplish this authentication by combining an Identity-Based Encryption scheme given by Boneh and Franklin, with an Identity-Based Non-Interactive Key Distribution given by Paterson and Srinivasan, and attaching a MAC. We prove the scheme is chosen plaintext secure and chosen ciphertext secure, and the MAC is existentially unforgeable.
- Date Issued
- 2010
- PURL
- http://purl.flvc.org/FAU/2796050
- Subject Headings
- Data encryption (Computer science), Public key cryptopgraphy, Public key infrastructure (Computer security)
- Format
- Document (PDF)
- Title
- Software decomposition for multicore architectures.
- Creator
- Jain, Ankit., Florida Atlantic University, Shankar, Ravi
- Abstract/Description
-
Current multicore processors attempt to optimize consumer experience via task partitioning and concurrent execution of these (sub)tasks on the cores. Conversion of sequential code to parallel and concurrent code is neither easy, nor feasible with current methodologies. We have developed a mapping process that synergistically uses top-down and bottom-up methodologies. This process is amenable to automation. We use bottom-up analysis to determine decomposability and estimate computation and...
Show moreCurrent multicore processors attempt to optimize consumer experience via task partitioning and concurrent execution of these (sub)tasks on the cores. Conversion of sequential code to parallel and concurrent code is neither easy, nor feasible with current methodologies. We have developed a mapping process that synergistically uses top-down and bottom-up methodologies. This process is amenable to automation. We use bottom-up analysis to determine decomposability and estimate computation and communication metrics. The outcome is a set of proposals for software decomposition. We then build abstract concurrent models that map these decomposed (abstract) software modules onto candidate multicore architectures; this resolves concurrency issues. We then perform a system level simulation to estimate concurrency gain and/or cost, and QOS (Qualify-of-Service) metrics. Different architectural combinations yield different QOS metrics; the requisite system architecture may then be chosen. We applied this 'middle-out' methodology to optimally map a digital camera application onto a processor with four cores.
Show less - Date Issued
- 2006
- PURL
- http://purl.flvc.org/fcla/dt/13349
- Subject Headings
- Optimal designs (Statistics), Software architecture, Software engineering, Computer architecture, System design, Computer networks--Security measures
- Format
- Document (PDF)
- Title
- AN EFFECTIVE ENSEMBLE LEARNING-BASED REAL-TIME INTRUSION DETECTION SCHEME FOR IN-VEHICLE NETWORK.
- Creator
- Alalwany, Easa, Mahgoub, Imadeldin, Florida Atlantic University, Department of Computer and Electrical Engineering and Computer Science, College of Engineering and Computer Science
- Abstract/Description
-
Connectivity and automation have expanded with the development of autonomous vehicle technology. One of several automotive serial protocols that can be used in a wide range of vehicles is the controller area network (CAN). The growing functionality and connectivity of modern vehicles make them more vulnerable to cyberattacks aimed at vehicular networks. The CAN bus protocol is vulnerable to numerous attacks as it lacks security mechanisms by design. It is crucial to design intrusion detection...
Show moreConnectivity and automation have expanded with the development of autonomous vehicle technology. One of several automotive serial protocols that can be used in a wide range of vehicles is the controller area network (CAN). The growing functionality and connectivity of modern vehicles make them more vulnerable to cyberattacks aimed at vehicular networks. The CAN bus protocol is vulnerable to numerous attacks as it lacks security mechanisms by design. It is crucial to design intrusion detection systems (IDS) with high accuracy to detect attacks on the CAN bus. In this dissertation, to address all these concerns, we design an effective machine learning-based IDS scheme for binary classification that utilizes eight supervised ML algorithms, along with ensemble classifiers, to detect normal and abnormal activities in the CAN bus. Moreover, we design an effective ensemble learning-based IDS scheme for detecting and classifying DoS, fuzzing, replay, and spoofing attacks. These are common CAN bus attacks that can threaten the safety of a vehicle’s driver, passengers, and pedestrians. For this purpose, we utilize supervised machine learning in combination with ensemble methods. Ensemble learning aims to achieve better classification results through the use of different classifiers that are combined into a single classifier. Furthermore, in the pursuit of real-time attack detection and classification, we use the Kappa architecture for efficient data processing, enhancing the IDS’s accuracy and effectiveness. We build this system using the most recent CAN intrusion dataset provided by the IEEE DataPort. We carried out the performance evaluation of the proposed system in terms of accuracy, precision, recall, F1-score, and area under curve receiver operator characteristic (ROC-AUC). For the binary classification, the ensemble classifiers outperformed the individual supervised ML classifiers and improved the effectiveness of the classifier. For detecting and classifying CAN bus attacks, the ensemble learning methods resulted in a robust and accurate multiclassification IDS for common CAN bus attacks. The stacking ensemble method outperformed other recently proposed methods, achieving the highest performance. For the real-time attack detection and classification, the ensemble methods significantly enhance the accuracy the real-time CAN bus attack detection and classification. By combining the strengths of multiple models, the stacking ensemble technique outperformed individual supervised models and other ensembles.
Show less - Date Issued
- 2023
- PURL
- http://purl.flvc.org/fau/fd/FA00014298
- Subject Headings
- Automated vehicles, Controller Area Network (Computer network), Intrusion detection systems (Computer security)
- Format
- Document (PDF)
- Title
- An uncertainty-aware reputation system in mobile networks: analysis and applications.
- Creator
- Li, Feng., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Many emerging mobile networks aim to provide wireless network services without relying on any infrastructure. The main challenge in these networks comes from their self-organized and distributed nature. There is an inherent reliance on collaboration among the participants in order to achieve the aimed functionalities. Therefore, establishing and quantifying trust, which is the driving force for collaboration, is important for applications in mobile networks. This dissertation focuses on...
Show moreMany emerging mobile networks aim to provide wireless network services without relying on any infrastructure. The main challenge in these networks comes from their self-organized and distributed nature. There is an inherent reliance on collaboration among the participants in order to achieve the aimed functionalities. Therefore, establishing and quantifying trust, which is the driving force for collaboration, is important for applications in mobile networks. This dissertation focuses on evaluating and quantifying trust to stimulate collaboration in mobile networks, introducing uncertainty concepts and metrics, as well as providing the various analysis and applications of uncertainty-aware reputation systems. Many existing reputation systems sharply divide the trust value into right or wrong, thus ignoring another core dimension of trust: uncertainty. As uncertainty deeply impacts a node's anticipation of others' behavior and decisions during interaction, we include it in the reputation system. Specifically, we use an uncertainty metric to directly reflect a node's confidence in the sufficiency of its past experience, and study how the collection of trust information may affect uncertainty in nodes' opinions. Higher uncertainty leads to higher transaction cost and reduced acceptance of communication. We exploit mobility to efficiently reduce uncertainty and to speed up trust convergence. We also apply the new reputation system to enhance the analysis of the interactions among mobile nodes, and present three sample uncertainty-aware applications. We integrate the uncertainty-aware reputation model with game theory tools, and enhance the analysis on interactions among mobile nodes., Instead of reactively protecting the mobile networks from existing attacks as in the traditional security paradigms, the analysis in this dissertation gives more insights on nodes' rationality in the interaction, which will enable the mechanism design in mobile networks to be security and incentive compatible. Moreover, we present three sample applications, in which we clearly identify the challenges, specifically formalize the problems, and cleverly employ the uncertainty mitigation schemes. These applications show that the uncertainty definition and mitigation schemes can benefit a broad range of applications, including fields such as security, network services, and routing.
Show less - Date Issued
- 2009
- PURL
- http://purl.flvc.org/FAU/210520
- Subject Headings
- Wireless communication systems, Security measures, Wireless communication systems, Technological innovations, Computer network architectures, Mobile computing, Ad hoc networks (Computer networks), Security measures
- Format
- Document (PDF)
- Title
- Elliptic curves: identity-based signing and quantum arithmetic.
- Creator
- Budhathoki, Parshuram, Steinwandt, Rainer, Eisenbarth, Thomas, Florida Atlantic University, Charles E. Schmidt College of Science, Department of Mathematical Sciences
- Abstract/Description
-
Pairing-friendly curves and elliptic curves with a trapdoor for the discrete logarithm problem are versatile tools in the design of cryptographic protocols. We show that curves having both properties enable a deterministic identity-based signing with “short” signatures in the random oracle model. At PKC 2003, Choon and Cheon proposed an identity-based signature scheme along with a provable security reduction. We propose a modification of their scheme with several performance benefits. In...
Show morePairing-friendly curves and elliptic curves with a trapdoor for the discrete logarithm problem are versatile tools in the design of cryptographic protocols. We show that curves having both properties enable a deterministic identity-based signing with “short” signatures in the random oracle model. At PKC 2003, Choon and Cheon proposed an identity-based signature scheme along with a provable security reduction. We propose a modification of their scheme with several performance benefits. In addition to faster signing, for batch signing the signature size can be reduced, and if multiple signatures for the same identity need to be verified, the verification can be accelerated. Neither the signing nor the verification algorithm rely on the availability of a (pseudo)random generator, and we give a provable security reduction in the random oracle model to the (`-)Strong Diffie-Hellman problem. Implementing the group arithmetic is a cost-critical task when designing quantum circuits for Shor’s algorithm to solve the discrete logarithm problem. We introduce a tool for the automatic generation of addition circuits for ordinary binary elliptic curves, a prominent platform group for digital signatures. Our Python software generates circuit descriptions that, without increasing the number of qubits or T-depth, involve less than 39% of the number of T-gates in the best previous construction. The software also optimizes the (CNOT) depth for F2-linear operations by means of suitable graph colorings.
Show less - Date Issued
- 2014
- PURL
- http://purl.flvc.org/fau/fd/FA00004182, http://purl.flvc.org/fau/fd/FA00004182
- Subject Headings
- Coding theory, Computer network protocols, Computer networks -- Security measures, Data encryption (Computer science), Mathematical physics, Number theory -- Data processing
- Format
- Document (PDF)
- Title
- Shamir's secret sharing scheme using floating point arithmetic.
- Creator
- Finamore, Timothy., Charles E. Schmidt College of Science, Department of Mathematical Sciences
- Abstract/Description
-
Implementing Shamir's secret sharing scheme using floating point arithmetic would provide a faster and more efficient secret sharing scheme due to the speed in which GPUs perform floating point arithmetic. However, with the loss of a finite field, properties of a perfect secret sharing scheme are not immediately attainable. The goal is to analyze the plausibility of Shamir's secret sharing scheme using floating point arithmetic achieving the properties of a perfect secret sharing scheme and...
Show moreImplementing Shamir's secret sharing scheme using floating point arithmetic would provide a faster and more efficient secret sharing scheme due to the speed in which GPUs perform floating point arithmetic. However, with the loss of a finite field, properties of a perfect secret sharing scheme are not immediately attainable. The goal is to analyze the plausibility of Shamir's secret sharing scheme using floating point arithmetic achieving the properties of a perfect secret sharing scheme and propose improvements to attain these properties. Experiments indicate that property 2 of a perfect secret sharing scheme, "Any k-1 or fewer participants obtain no information regarding the shared secret", is compromised when Shamir's secret sharing scheme is implemented with floating point arithmetic. These experimental results also provide information regarding possible solutions and adjustments. One of which being, selecting randomly generated points from a smaller interval in one of the proposed schemes of this thesis. Further experimental results indicate improvement using the scheme outlined. Possible attacks are run to test the desirable properties of the different schemes and reinforce the improvements observed in prior experiments.
Show less - Date Issued
- 2012
- PURL
- http://purl.flvc.org/FAU/3342048
- Subject Headings
- Signal processing, Digital techniques, Mathematics, Data encryption (Computer science), Computer file sharing, Security measures, Computer algorithms, Numerical analysis, Data processing
- Format
- Document (PDF)
- Title
- Reputation and trust-based security in wireless sensor networks.
- Creator
- Srinivasan, Avinash., College of Engineering and Computer Science, Florida Atlantic University, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
This dissertation presents the results of research that led to the development of a novel reputation and trust-based monitoring paradigm for secure and reliable computing in Wireless Sensor Networks (WSNs). WSNs have undergone tremendous technological advances over the last few years. They have caused a giant leap toward "proactive computing," a paradigm where computers anticipate human needs and, when necessary, act on their behalf. Therefore, we cannot deploy such a critical technology...
Show moreThis dissertation presents the results of research that led to the development of a novel reputation and trust-based monitoring paradigm for secure and reliable computing in Wireless Sensor Networks (WSNs). WSNs have undergone tremendous technological advances over the last few years. They have caused a giant leap toward "proactive computing," a paradigm where computers anticipate human needs and, when necessary, act on their behalf. Therefore, we cannot deploy such a critical technology without first addressing the security and privacy challenges to ensure that it does not turn against those whom it is meant to benefit. The core application of WSNs is to detect and report events, be it military or civilian applications. The building blocks of a WSN are small, battery-powered, lowcost, self-contained devices called "sensors" that measure factors like light, temperature, pressure, vibration, motion, etc. A WSN usually consists of hundreds of thousands of sensors that operate in unattended, hostile territories to monitor a given geographical area. Once deployed, the wireless sensors self-organize into ad-hoc wireless networks in order to cope with the dynamics of the surveillance field. During the post deployment phase, the wireless sensors aggregate data, then process and generate a report, which is subsequently relayed from one sensor to the next using secure multi-hop routing until the data reaches its desired destination, which is usually the sink. Since sensors operate in unattended and hostile territories, the adversary can capture a sensor node physically and extract all the information stored onboard, including cryptographic keying material. With this unique situation, WSNs are subject to a unique attack referred to as an "Insider Attack," in which the adversary becomes a legitimate member of the network being represented by the captured node., To overcome this unique situation, a distributed Reputation and Trust-based Monitoring System (RTMS) is required. The most critical contribution of this dissertation work has been the proposal and design of a novel, clique-based, distributed group-key establishment protocol with specific application to RTMSs. We have also proposed and evaluated the application of RTMS models for securing beacon-based localization in WSNs addressing information asymmetry attacks, and proposed a novel k-parent tree model for securing broadcast communication in WSNs with an underlying RTMS model. Other issues addressed in this dissertation work include the proposal of a Connected Dominating Set (CDS) based reputation dissemination and bootstrapping model. This model also enables secure, certificateless node mobility and enables the model to be robust to ID Spoofing and node replication attacks.
Show less - Date Issued
- 2008
- PURL
- http://purl.flvc.org/FAU/77652
- Subject Headings
- Sensor networks, Security measures, Wireless communication systems, Security measures, Wireless communication systems, Technological innovations, Ad hoc networks (Computer networks), Security measures
- Format
- Document (PDF)
- Title
- Implementation of the IEEE 1609.2 WAVE Security Services Standard.
- Creator
- Mandy, Chad Christopher Jr., Mahgoub, Imad, Florida Atlantic University, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
This work presents the implementation of the the IEEE 1609.2 WAVE Security Services Standard. This implementation provides the ability to generate a message signature, along with the capability to verify that signature for wave short messages transmitted over an unsecured medium. Only the original sender of the message can sign it, allowing for the authentication of a message to be checked. As hashing is used during the generation and verification of signatures, message integrity can be...
Show moreThis work presents the implementation of the the IEEE 1609.2 WAVE Security Services Standard. This implementation provides the ability to generate a message signature, along with the capability to verify that signature for wave short messages transmitted over an unsecured medium. Only the original sender of the message can sign it, allowing for the authentication of a message to be checked. As hashing is used during the generation and verification of signatures, message integrity can be verified because a failed signature verification is a result of a compromised message. Also provided is the ability to encrypt and decrypt messages using AES-CCM to ensure that sensitive information remains safe and secure from unwanted recipients. Additionally this implementation provides a way for the 1609.2 specific data types to be encoded and decoded for ease of message transmittance. This implementation was built to support the Smart Drive initiative’s VANET testbed, supported by the National Science Foundation and is intended to run on the Vehicular Multi-technology Communication Device (VMCD) that is being developed. The VMCD runs on the embedded Linux operating system and this implementation will reside inside of the Linux kernel.
Show less - Date Issued
- 2016
- PURL
- http://purl.flvc.org/fau/fd/FA00004693, http://purl.flvc.org/fau/fd/FA00004693
- Subject Headings
- Application software -- Security measures, Expert systems (Computer science), Vehicular ad hoc networks (Computer networks), Wireless LANs, Wireless communication systems -- Security measures, Wireless sensor networks
- Format
- Document (PDF)