ALEKSANDER MALLASVIKTitle: Observation resistant multifactor multimodal authentication
Abstract:
The security of todays mobile devices such as telephones and portable bank terminals lies very much in the PIN-code. It requires no more of a thief than to observe the victims PIN-code and steal his bank card in order to steal financial funds. To improve the security of such devices, we can include other features. Since almost all new mobile devices contains accelerometers, this master project aims to investigate whether we can recognize hand gestures and incorporate these in an challenge-response protocol to mitigate the risk of shoulder surfing.
How precisely we can recognize hand gestures from accelerometer data will be investigated along with the possibilities for integrating such modalities into interactive challenge-response authentication mechanisms. A multimodal authentication program for the Iphone will be developed which uses both PIN-code and hand gestures as features. Different challenge response methods will be evaluated in experiments.
Topics covered by the project
Hand gestures can range from a simple tilt to more complex motions like circles, and it is our goal to recognize and measure such motions by usage of accelerometers in mobile devices. Although accelerometers provide us with a limited set of data, we do believe that we can recognize and distinct gestures to a certain degree.
Recognizing hand gestures allows us to, in the simplest case, include gestures as a part of an authenticator (e.g., we can have the user move his device in a predefined way between entering digits of a PIN code), providing additional entropy depending on the sensitivity and resolution of the accelerometers used. Investigating how well we can module gestures by usage of accelerometers will therefore be a vital part of the thesis. This can be achieved by implementing an challenge-response method like a virtual keyboard in combination with prompts for motions.
One of the problems that we will be facing is that, as with all behavioral features, a motion will never be exactly the same, and we need to develop a method which allows us to differentiate one gesture from another. It is therefore expected that we will have to restrict ourselves to a set of predefined hand gestures, at least during the initial experiments.
Adding additional features to protocols where PIN codes and tokens are the only present authentication factors, will allow us to mitigate the risk of observability(shoulder surfing). This will be validated experimentally and suitable experimental protocols will be designed for this purpose.
Problem description
Identity theft and bank accounts being emptied by thieves is an ever increasing problem. The fact is, that the security of an application relies completely on the authentication mechanism used, and it is undesirable that a thief should be able to withdraw money from the victims bank account after simply observing your PIN code and stealing your bank card. This thesis aims to investigate how we can incorporate hand gestures as a part of an multimodal challenge-response authentication process, to thwart the risk of shoulder surfing attacks.
Although this project is not about bank security, but rather the general aspect of including hand gestures as an authentication factor, it is a good example of the problem area. To clarify, it is not this thesis main goal to use hand gestures as biometric features, this will have to come as a byproduct of the conducted investigations.
We are facing numerous research problems, but the foremost important one is to investigate whether we can identify a way to analyze the accelerometer data produced by an Iphone 3Gs/Ipod Touch in such a way that we can recognize a pre-defined hand gesture and use this as an extra parameter in an authentication process(e.g., via an challenge-response protocol). Depending on the outcome of this experiment, we will look at how strict we can be when defining a hand gesture, and also on how easily one can reproduce this.
Justification, motivation and benefits
By including hand gestures in an challenge-response protocol, we can significantly increase the workload for an attacker wanting to gain unauthorized access to a PIN-code protected device. If we can recognize and measure hand gestures precisely enough for authentication usage, we can at the very least implement them as features in a multimodal authentication mechanism, which alone would improve the entropy significantly.
Depending on how much information we can extract from the Iphone, we can also, if time permits, investigate the possibility of differentiating the same hand gesture by two persons. This will however mean moving over to the biometric domain, where completely different rules exist when evaluating a feature. However, since hand gestures have not been precisely modeled by the usage of accelerometers alone before, our aim should be at recognizing hand gestures, not the owner of one. Since we aim to use the already embedded accelerometers, we can drastically improve security without adding extra cost.
Research questions
How much information, in terms of bits, about a hand gesture can be derived from the Iphone? When information content is constrained by time and resolution of devices? How precisely can we recognize and differentiate gestures? How precisely can a person recall a password consisting of different modalities? To what degree does the inclusion of hand gestures in multimodal challenge-response models increase the degree of difficulty for an attacker wanting to perform observation attacks?
Planned contribution
The main contribution of this master thesis is the development of a set of novel authentication mechanisms based on the combination of accelerometer derived gestures with other modalities in direct and challenge-response combinations.
It will be developed software for Iphone which can record hand gestures, and also, more importantly, use hand gestures as a part of a multimodal challenge-response authentication scheme. It will be investigated how reproducible hand gestures is, how accurately we can measure them, and indirectly determine if there could be any possibility of a biometric adaptation. It is our belief that including hand gestures in a multimodal authentication scheme will mitigate the risk of shoulder surfing attacks, and thereby increase the security of the authentication scheme.
Based on the related work study, we will restrict ourselves to a predefined repository of gestures. It is the overall aim to have a working challenge-response scheme for Iphone/Ipod that can utilize a multimodal approach with both PIN code and hand gesture as parameters for authentication. We will design experiments to validate the proposed benefits and to cover the research questions.
Ali BarzinjeTittel: Risikoanalyse ved lovpålagt tilsyn av helseinstitusjoner
Abstract:
Både Statens helsetilsyn og Datatilsynet har et tilsynsansvar i forhold til helseregisterloven. Både helseregisterloven og personopplysningsloven forutsetter at de ansvarlige har bygd sine sikkerhetssystemer på forsvarlige risikoanalyser. Statens helsetilsyn og Datatilsynet ved gjentatte anledninger uttrykt uro for manglende sikring av skjermingsverdige opplysninger it-systemene i helsetjenesten. For Helsetilsynet innebærer tilsyn med helsetjenestens bruk av it-systemer ikke bare juridiske og helsefaglige utfordringer. Dette er tross alt forhold som de fleste av tilsynsførere er vant med å vurdere, både ved planlegging og gjennomføring av tilsyn. Derimot er tilsynsførere i liten grad trent i å vurdere risiko knyttet til selve it-systemene.
Helseforetakene gjør ikke grundige nok risikovurderinger ved innføring av nytt system, eller ved endring i systemene. Denne mangelen gjør at helseforetakene ikke har oversikt over egne systemers sårbarhet, og hvor stor risiko det er for ulike typer svikt. De går derved glipp av muligheten for å iverksette tilstrekkelige og målrettede forebyggende tiltak. Manglende risiko og sårbarhetsvurderinger er en gjenganger innen alle deler av helsetjenesten.
Oppgaven resulterer et opplegg (sjekkliste) eller oversikt over de mest vesentlige og/eller sårbare momenter som tilsynsførere (som ikke er it-eksperter) bør være oppmerksomme på når de stiller spørsmål om hvilken styring ledelsen i kommuner eller helseforetak (sykehus) har med sikkerhet, sårbarhet og risiko i egne systemer.
Dette opplegget skal brukes når Helsetilsynet skulle utvikle tilsynet på dette området.
AMUNDSEN JENS-ARETitle: The use of Groebner bases in cryptanalysis of symmetric ciphers
Abstract
Algebraic attacks on symmetric ciphers often results in large systems of non-linear multivariate polynomial equations. Solving these equations is a complex task. There are many methods for doing this, but the most fundamental is by constructing Groebner bases for the system of polynomials. In an article by Jovan Dj. Golic, "Vectorial Boolean Functions and Induced Algebraic Equations" a general mathematical framework for algebraic cryptanalysis is developed. In short, the article concerns finding algebraic polynomial equations of low algebraic degree induced by vectorial Boolean functions. This thesis will investigate the framework and develop hopefully more efficient algorithms for constructing Groebner bases over Boolean polynomial rings.
Topic covered by the project
There are different ways of attacking, or cryptanalysing, a cipher algorithm. Well known methods are e.g. linear cryptanalysis, differential cryptanalysis or plain brute force. The basis of this work comes from an attack method called Algebraic Attack or Algebraic Cryptanalysis. In short, an algebraic attack on a cipher algorithm is performed by breaking the cipher algorithm down into a system of algebraic equations, with the secret key bits as unknowns, plaintext and ciphertext as knowns, and other cipher dependent variables and constants. One then tries to find a simultaneous solution to the equations. The major problem with this method lies in solving the equations within an acceptable time frame, since the resulting multivariate equations, i.e. equations in several variables, are often highly non-linear and of high degree. But there are techniques for transforming this hard problem into a more feasible one. One technique is transforming the set of polynomial equations into a more suitable set of polynomials called a Groebner base. The notion of Groebner bases allows us to make use of results from abstract algebra, like Ideal theory and the relation to Affine varieties to help solve the equations in a hopefully more efficient way. Practical construction of Groebner bases belongs to the art of computational algebra, and algorithms will be implemented in several programming languages during the different phases of this project.
Keywords
Algebraic attack, cryptanalysis, symmetric cipher, multivariate equations, linearization, Groebner, Buchberger algorithm, vectorial Boolean functions.
Problem description
Groebner bases may seem like a superb tool, but the main problem is the computation time and memory consumption in constructing the Groebner bases. The general problem of constructing Groebner bases has high complexity. Thus, a seemingly benign looking system of polynomials in three or four variables of degree three or four may fail to terminate in a reasonable time. The original algorithm for constructing Groebner bases, namely the Buchberger algorithm can be improved, tweaked and be rendered more suitable to the specific problem at hand. In the case of this work, we will examine the construction of low degree Groebner bases from induced algebraic equations of binary multivariate polynomials and try to implement efficient algorithms for it.
Justification, motivation and benefits
The construction of Groebner bases is the fundamental tool for many complex problems. Finding new- or improving old algorithms for efficiently constructing Groebner bases are of great interest to many scientific disciplines. Regarding the discipline of algebraic cryptanalysis, increased and deeper knowledge in the use and construction of Groebner bases may be highly beneficial. Direct benefits may be the construction of stronger cryptographic algorithms which are more resistant to this type of attack.
Anders FlaglienTitle: Cross-computer malware detection in digital forensics
Abstract:
Malware poses a huge threat against the modern digitalized society. Traces of malicious activities can be identified through modern digital forensics techniques. Currently, most digital forensic processes are performed in a semi-automatic manner, where forensic personnel have to administrate the forensic tools and the process when searching for malware and other digital evidence on suspicious, confiscated enterprise and personal computers. This is especially time consuming when handling multiple computers that requires correlation identification, when investigating organized crime.
In order to meet the problems of forensic personnel's limited time for investigation and the challenges of handling ever increasing data volumes, this Master thesis will propose a correlation system for automatically identifying malware. The solution will be based on existing digital forensics terminology and solutions along with knowledge about recognition of malware patterns, aimed at identifying correlated patterns over a group of digital evidence to improve modern investigation of cyber crime.
ANDERS GRANERUDTitle: Tor Traffic Normalization
This project will look into Tor, which is an open-source anonymizing service used on the Internet. Tor gives the users an anonymous connection to the Internet in real time. The research on Tor over the years have been considerable and it is a mature project. Tor uses a network of onion routers to communicate anonymously. The client software establishes a circuit across the network and makes the final connection from the exit node and relays traffic back to the user. The circuit is build using separate encrypted TLS connections with public key infrastructure. These TLS streams can be identified by an adversary who can then filter the Tor traffic. This could for example lead to traffic analysis attacks and loss of privacy. This project will look into in what ways Tor TLS streams differs or resembles common TLS streams. We want to find out if Tor can be identified in a TLS stream. Implementing changes to Tor will not be covered by this project, but we will propose changes that could make Tor less revealing if we find such.
Problem description
Tor uses TLS, which is an encryption protocol, to make sure the identity of the user is not comprised. All Tor servers and clients must support acknowledged cryptographic schemes with TLS to keep the connections secure. This is called TLS streams and these encrypted streams are the core of Tor’ onion routing. The public key infrastructure, which is an encryption scheme, makes sure that no node within the Tor network can see both ends of a connection and reveal the users identity. The TLS streams from Tor could be identified by an adversary if they differ from other TLS traffic. This is due to the fact that Tor uses TLS in a non-standard way. The adversary could look for volume, number of packets, certain strings, number of connections in a stream to identify Tor usage on a network. This is called traffic analysis. If the TLS streams were identified the adversary could filter out this stream and prevent Tor usage on the network. This would in turn deny anonymity to the user and could possibly cause harm. Or the adversary could apply traffic analysis on the identified streams to violate the privacy of the users for example. This master thesis will investigate in what ways Tor’ TLS traffic differ or resembles TLS traffic created by more common services. These services could be HTTPS, IMAPS or instant messaging for example. Traffic analysis will be applied to the streams to compare them. The thesis will coherently explore the Tor specification to understand how Tor implements TLS and where it resembles or differ from other TLS services. In order to do this the thesis must also define what normal TLS traffic consists of and decide which parameters to analyze in the two streams. The outcome of the traffic analysis of Tor TLS vs. normal TLS will give a answer to how we can change Tor normalize it towards common TLS. We will not implement these changes but rather suggest them.
Tittel: Bruk av loggede aktivitetsdata for økt sikkerhet ved autentisering
Abstrakt:
Dagens autentiseringsløsninger brukt over nett er utsatt for forskjellige angrep i form av Phishing, Man-in-the-middle (MITM) og ondsinnet kode. I tillegg kan en brukers hemmeligheter som passord og kodebrikker tilegnes gjennom tyveri, social engineering eller forledelse av administrativt personell i brukerstøttefunksjon. Det er foretatt store investeringer i autentiseringsløsninger. Tiltak som kan redusere risiko for misbruk og derigjennom forlenge det enkelte systems levetid vil være ettertraktet. For bankene i BankID samarbeidet vil det være av stor betydning at dagens tillitsnivå til sikkerhet ved bruk av BankID og nettbank opprettholdes.
I denne oppgaven vurderes muligheten for å benytte seg av karakteristika knyttet til historisk adferd som et tillegg i en autentiseringsprosess. Slike karakteristika kan være biometrisk orienterte data som hastighet og konsistens i brukeradferd samt kjøremiljøspesifikk informasjon som operativsystem, nettleser, IP adresse med mer. Ved å kontrollere aktuell pålogging mot en profil bygget på tidligere historikk kan en trolig styrke visshet om at korrekt bruker er tilstede.
Denne rapporten beskriver metodikk for og analyse av en større mengde med reelle brukerdata hentet fra en norsk bank, mønstre analyseres og forslag til målbare enheter og metodikk for aktiv bruk diskuteres.
Resultatene viser at foreslåtte metoder kan gi en Equal Error Rate på mellom 10 og 20 % avhengig av hvilke elementer man ønsker skal inngå i profil og verifisering.
DEJAN LJUSICTitle: Case study for information security education
Abstract:
There are so many different approaches to establish security policies, procedures, and to implement those approaches in one corporation like ISO 27002, Standard of good practice, NERC, NIST, RFC etc. Implementation of these standards depends on corporation structure, security culture in the organization, government of origin, law, time, etc. There is so many factors that can explain us why some security approaches are successfully implement in one company but the same approach doesn’t work in other company. These differences we can see on use of BANK ID. IN Scandinavian countries, especially in Norway, we can see that implementing of BANK ID is more successful than in other Europeans countries. To understand these differences it is crucial to exam those factors. We must find out how Norwegian corporation use well known security models.
In project, we will try to collect information about how security models from different corporation (private and public) are implemented in Norway and compare them with security models and standards that are in use all over the world. We will try to compare how well know security standards are implemented in Norway and we will try to define exceptions and modification of those policies that corporation in Norway are done to make more efficient implemented security in organization.
By collecting and catalogues information from several Norwegian corporations we can make document that will describe how to implement security model to other corporations who didn’t make proper security and risk analyzes in the way that most corporations in Norway do. We can show how security policies are implemented in Norway; we can show differences and try to explain why these differences are important to understand. Document can be used in education purpose. We will make case studies that can be helpful to students who want to learn how security policies and models are implemented in Scandinavians countries.
We know that information about security in corporation is very valuable and we are aware that such information is very important, that’s why we will not ask how security model are implemented in those corporations. Instead we will define one virtual company Fisk AS with similar organization structure like ordinary company in Norway and ask what the best way to secure Fisk AS is.
We will establish organization and sub organization, management on all level, network, technical structure etc and we will define now days potentially threats. We will define security models, we will define risk management and make preliminary risk analyzes, and we will ask security expert in real corporation to analyze security methods and help us to make Fisk AS more secure.
We hope NorSiS will help us to find several partners who want to be a part of the project. We need to have at least one corporation with over 300 employees and 5-6 corporation with 5-20 employees which statistically will represents the majority of the Norwegian corporations.
ELHAM RAJABIAN NOGONDAR Title: Use of Authentication Mechanism and Biometrics in Norwegian Industry
Abstract:
With advancement of technology people authenticate themselves by password, PIN-code, smart card, fingerprint, hand geometry, Iris, facial recognition, gait signature and etc. Although biometrics systems do not have long history usage in different areas, there are a lot of attention and effort to use and enhance the potential abilities of biometric systems in recent years. Biometric characteristics are a sort of people assets that always are carried with them and there is no concern for forgetting and losing them.
History of biometric systems for a few human features returns to many years or several centuries ago. The first form of using biometric system was based on bony portions measurements of individuals’ body in the 1800s. These methods was based on individuals’ body motions and specific signs on their body such as scars, tattoos, harms on body and so on. Biometric systems utilize human characteristics which are usually permanent to authenticate a person. Changing and using human characteristics are not easy. Furthermore, individuals cannot pass their biometric features to others as simple as other mechanisms.
Studies show that biometric identification/authentication systems are used in various countries in different fields. A list of applications is provided that clarifies the use of biometrics in variety areas. For instance, public services, law enforcement, financial applications, controlling physical access to areas and controlling access to equipments and resources. The biometric system requirements and the necessary characteristics define how biometric systems are appropriate for a special application and target company. The requirements, security issues, privacy considerations, regulations, operation cost, awareness of the biometric systems are the certain subjects studied in the thesis. The main purpose of the project is investigation the influence of the mentioned factors in use of biometric authentication systems in Norwegian industry. Moreover, the feasible solutions are introduced.
FREDRIK GUNDERSENTitle: Implementing modular arithmetic using OpenCL
Abstract:
Most public key algorithms are based on modular arithmetic, e.g. RSA and Diffie-Hellman. Public key encryption and decryption are computationally heavy because a lot of multiplications with very large numbers are needed to perform these tasks. The security of the RSA crypto system is based on two mathematical problems: the problem of factoring large numbers and the RSA problem. In cryptography, the RSA problem summarizes the task of performing an RSA private-key operation given only the public key. Full decryption of an RSA cipher text is thought to be infeasible on the assumption that both of these problems are hard, i.e., no efficient algorithm exists for solving them1. Providing security against partial decryption may require the addition of a secure padding scheme. Diffie-Hellman key exchange (D-H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. The simplest, and original, implementation of the protocol uses the multiplicative group of integers modulo p, where p is prime and g is primitive root mod p.
The RSA problem is also the main reason public key crypto is much slower than symmetric key algorithms, like DES and AES. Recently the field of using Graphics Processing Units (GPUs) for general purpose computing has become more widespread23. Many computational problems have gained a significant performance increase by using the highly parallel properties of the GPU. OpenCL (Open Computing Language) is a framework for writing programs that execute across heterogeneous platforms consisting of CPUs, GPUs, and other processors. OpenCL was initially developed by Apple Inc., which holds trademark rights, and refined into an initial proposal in collaboration with technical teams at AMD, Intel, and Nvidia. Apple submitted this initial proposal to the Khronos Group4. On June 16, 2008, the Khronos Compute Working Group was formed5 with representatives from CPU, GPU,
embedded-processor, and software companies. This group worked for five months to finish the technical details of the specification for OpenCL 1.0 by November 18, 2008. This technical specification was reviewed by the Khronos members and approved for public release on December 8, 20086. OpenCL 1.0 has been released with Mac OS X v10.6 ("Snow Leopard").
The objective of this project is to make a fast implementation of public key algorithms on a GPU using the OpenCL specification as implemented in OS X 10.6. The operation that needs to be executed in parallel is modular multiplication, as this is the basis of modular exponentiation. Furthermore a performance comparison between the GPU and a normal CPU implementation should be made. Implementing public key algorithms using OpenCL allows the implementation to query the system for OpenCL enabled devices(GPU,CPU and other parallel processors) to select the best device in order to run the encrypting/decrypting of data. The benefits is that the same implementation can be run on a variety of different systems with different GPUs, CPUs as long as at least one device is able to run OpenCL programs/code.
HENRIK DALBAKKTitle: Security implications on existing perimeter security when implementing IPv6
Introduction
The Internet has evolved in a frantic pace the last 15 years, few could anticipate the rapid growth and the enormous impact it has had on global communication. When something is evolving this fast it is bound to get into problems, so has the Internet. The protocol used for communication today, IPv4, is running out of addresses, and it is doing this fast. When this becomes a reality we face the issue of not being able to grant new participants access to the network. Fortunately the replacement for IPv4 has been around for quite some time, namely IPv6. IPv6 do not have the same shortcomings as IPv4 and will allow an almost infinite set of participants.
Existing networks that runs IPv4 today will require an upgrade to be able to talk to everyone on the Internet, both IPv4 users and the new IPv6 users. This means that network administrators will have to open a new road into their network making IPv6 and IPv4 coexist within the same network. This coexistence is made possible by special IPv6 transition mechanisms. To help them do this in a secure manner, this thesis will enumerate the different transition techniques, analyse their strengths and weaknesses, study how the existing security mechanisms are affected and give a set of recommendations for best practise when it comes to doing the implementation.
Topic covered by the project
This project is about the difficulties we face in the near future regarding the shortcomings of the IPv4 protocol. IPv4 has served our need for global intercommunication for a long time and will in the near future need to be replaced with IPv6. This means that a lot of organizations will have to go from the familiar and well known IPv4 protocol, to the newer but unfamiliar IPv6.
This switch is not going to be something that happens overnight and the two protocols will most likely coexist for quite some time. To make this coexistence possible there have been proposed and made many transitional mechanisms. These mechanisms are grouped by the way they operate and can be said to have an overall function in one of the following definitions.
Dual stack:
Allows IPv4 and IPv6 to be used on the same host and in the same network.
Tunneling: Transports IPv6 encapsulated in IPv4 over existing IPv4 infrastructure. Translation: A node that talks IPv6 to IPv6-only nodes and IPv4 to IPv4-only nodes.
We will enumerate the different choices an administrator has got by enumerating and explaining different techniques from each group. The focus will be on understanding and getting a clear view of the pros and cons of each of the techniques. After doing this we should have a good understanding of the techniques and what they can offer, and we will choose a set of techniques that we are using further in this thesis.
With this set of techniques we will analyse their effects on common IPv4 security mechanisms. The chosen mechanisms are routing, firewalls, intrusion detection systems (IDS) and virtual private network (VPN) implementations. All of these mechanisms protect the network and it is crucial that an analysis on how they will be affected are performed before implementing IPv6. This to make sure that enabling the new protocol does not create security loop holes that exposes systems via IPv6 that are properly locked down with IPv4.
Problem description
The predecessors to Internet as we know it today was founded on the idea that we would benefit from a network of interconnected hosts so that information could easily flow to and from every participant. That started the development of the ARPANET, the network that would give every participant the opportunity to contact all other hosts on the network. To achieve this the TCP/IP protocol was developed and the the starting point for what we today know as the Internet was created.
When the Internet Protocol (IP) was invented the address space was considered vast and enough for the foreseeable future. As history has done many times, we were proven wrong. The number of hosts on the Internet exploded and the number of available IPv4 addresses started to shrink. To mitigate this rapidly growing problem, different technologies have been put into use, Network address translation (NAT) and Classless inter domain routing (CIDR) is the ones that has postpones the address exhaustion the most. But this postponement came at a cost, among other things, we lost one of the basic ideas and features of the Internet, namely the possibility for every host to address another arbitrary host directly.
To return to the original ideas of an Internet that enables end-to-end connections many people think that the solution is IPv6, with its the vast address space of $2^{128}$ possible addresses we should be able to retire the techniques that brakes connectivity (NAT). But new technology also brings new problems, how will this affect existing defence mechanisms that are installed in organisation? In this project we will try to take a look at this with a special focus on the existing perimeter, what changes will appear when the mechanisms that enables coexistence between the two protocols are implemented and how should network administrators react to them.
Justification, motivation and benefits
In the international community today people are starting to address a problem they call the ''digital divide'', the gap between the developed and the developing world when it comes to among other things Internet connectivity. While the free addresses available today are being depleted rapidly, and the developing countries are equally rapidly establishing new connections, we will have a big problem a few years ahead of us with the fact that IPv4 will be out of free addresses. When we reach this point, new connections to the Internet are just not possible via IPv4. Many participants on the Internet today see this problem coming and have begun to ready their networks to what they think will be the solution, IPv6.
Although it is likely that IPv4 and IPv6 will live side by side for many years on forward, the planning for implementing IPv6 into our networks should start sooner rather than later. This will ensure that we do not segregate the world into an IPv4 and IPv6 segments but get closer to the original idea that we should be world connectable and do not inhibit new users from connecting. From a security perspective this also means that we have to allow, for probably quite some time, traffic on both protocols simultaneously, and by this effectively doubling the entry points for potential attackers. Before doing this we need to consider the different mechanisms we have and to make this coexistence possible and evaluate how they will affect our existing networks. This to make sure the the extra functionality IPv6 will give us can be delivered in a secure fashion and with minimal extra risk for compromising data.
Enabling IPv6 will make existing IPv4 networks connectable from both worlds, and not missing out of business opportunities from users residing in IPv4 or IPv6 only networks. With staying only in one domain like IPv4, you will most likely get traffic from IPv6 networks but maybe lack features IPv6 host are able to utilise. The IEEE-USA compared the switch between IPv4 and IPv6 to the switch between analogue and digital telephony lines, the analogue users could for along time receive and place calls but would lack the extra functionality added by the new digital lines. This analogy is pretty precise when we think of how new technology always inspires new usage and services, and will most likely also be the case with IPv6 when it is getting widespread.
Research questions
The main question we will try to answer is: How will existing IPv4 perimeter security be affected when implementing IPv6 transitional mechanisms? When trying to give an answer to this we will utilise the following questions:
- Which different transitional techniques exist to enable IPv4 and IPv6 coexistence?
- How does the different techniques affect existing security mechanisms?
- How can we mitigate risks introduced by adding these transitional techniques?
In our search for previous work in the area we have found much information on the process on how to enabling your network with IPv6. These papers and articles have focused mostly on the practical implementation of the protocol, how to avoid implementation errors and the experiences gained in the process. To our knowledge, a closer look at the perimeter security with regard to the transitional mechanisms that has to be in place has not been done.
Planned contributions
By doing this project we aim to gather and analyse information of the different available transitional techniques that can be used when adding support for IPv6 into existing IPv4 networks, analyse these techniques with regards to a set of existing network defence mechanisms and compile a report that will enable network administrators to make well considered decisions when implementing IPv6. This to enable the implementation of IPv6 support to be done without adding security holes in the defence mechanisms.
JON EVERETTTitle: Enforcing memory protection with hypervisors
Abstract:
Hardware-assisted virtualization has recently become available on laptops and desktop computers. This enables a Virtual Machine (VM) to run an unmodified operating system (OS) with a transparent "hardware view". This technology has been found to be promising for enhancing several security mechanisms. One of the new concepts is Virtual Machine Introspection (VMI), where the hypervisor is able to monitor and modify the state of the VM. Implementing mechanisms through the hypervisor, one has the opportunity to enforce security policies in a way the OS kernel itself is not able to.
In commodity OS'es the kernel with loaded device drivers runs on what used to be the highest privilege level, while user processes run in restricted user mode. A consequence of this architecture is that third party hardware vendors have to write their own device drivers to be run in kernel mode. This implies that third party code is given the same privilege level as the OS kernel. The problems revolving around the varying quality and credulous privilege level of third party drivers is one that will remain the way commodity operating systems are designed today. Programming a kernel module or a device driver is possible for anyone who wants. Thus, malicious programmers have the ability to develop code subverting the kernel integrity by altering kernel structures or code. This is the concept behind kernel mode rootkits.
The planned contributions of the master thesis is to provide insight to what degree VMI is a suitable technology for mitigating the threat of kernel level rootkits. A proof of concept will be presented with the aim of protecting critical structures of the kernel.
It is possible that the adaptation of Kernel Patch Protection (KPP) to VMI can provide an upper hand in what has turned out to become a cat and mouse game to protect the kernel integrity.
JØRGEN RINGSTAD OG MORTEN BYETittel: En ny informasjonssikkerhetstrategi – En case study i Forsvaret
Abstract:
Informasjonssikkerhet i dagens teknologiske verden har adoptert en rekke konsepter og metoder fra mer tradisjonelle domener, spesielt fra Safety (HMS) og ulike kvalitetsforbedringsprosesser. Disse konseptene medfører en kontinuerlig forbedring av prosesser, basert på erfaringer og tidligere hendelser. Resultatet av denne overføringen av erfaringsbasert beskyttelse, er at man innen informasjonssikkerhet har metoder som utelukkende er tuftet på prosedyrer for kvalitetssikring av informasjonssystemene. Dette gjennomføres gjennom FW, antivirus, IDS/IPS, hardening, standarder etc. Denne måten å håndtere informasjonssikkerheten på innebærer at når en trussel eller sårbarhet er identifisert i systemet, implementeres mekanismer for å forhindre eller håndtere dem. Mange av truslene som eksisterer i de overnevnte domenene har klare paralleller til informasjonssikkerhet.
Å identifisere sårbarheter og beskytte seg mot disse er en viktig del av informasjonssikkerheten da identifiserte sårbarheter gjerne gjøres kjent for alle, og kjente sårbarheter utgjør en stor del av den samlede trusselen. Imidlertid finnes det egenskaper ved trusselbildet en står ovenfor ved informasjonssikkerhet som kan gjøre denne fremgangsmåten utilstrekkelig. Dagens konsepter for informasjonssikkerhet er basert på erfaring (standarder og lover) og signaturer på kjente trusler som trigger systemene for å hindre disse kjente angrepene. Disse ”listene” over kjente sikkerhetsproblemer er kjent for alle, inkludert fienden.
Dette indikerer at sikkerhetskonseptet er basert på at den parten som er i forsvar alltid ligger ett steg bak og beskytter seg mot en type angrep etter at det er utført. Dagens konsept er derfor basert på disse predefinerte ”listene” over hva som er ansett som et angrep og hvordan det ser ut. Implementerte sikkerhetsmekanismer er tuftet på disse listene. Alle angrep som på forhånd ikke er definert som sikkerhetstruende, vil derfor ikke bli oppdaget. Dagens metoder kan således medføre at en aktør med skumle hensikter stiller med et stort konkurransefortrinn. Fienden kan gjennom analyser av de predefinerte ”listene” identifisere hvilke angrep våre systemer mest sannsynlig er beskyttet mot. Hvilket betyr at fienden kan tilpasse sine angrep, og enklere oppnå vellykkede angrep med bakgrunn i denne informasjonen. Prosjektets påstand er således at den måten kvalitetsforbedringsprosessene er adoptert og implementert innen informasjonssikkerhet, kan være feilslått med tanke på å håndtere en dynamisk og tilpasningsdyktig trussel. Kvalitetsforbedringen synes å være av reaktiv art og kan sies å være fokusert på variabler knyttet til resultatet av problemet og ikke selve problemet.
Masterprosjektets skal derfor studere om man, ved å øke vår kunnskap, motivasjon, våre holdninger og forståelse av fienden (ofte kalt awareness), kan bidra til et mer proaktivt informasjonssikkerhetsarbeid i Forsvarets organisasjon. Det skal undersøkes om dette vil kunne bidra til en effektiv tilpasning av beskyttelsen mot en dynamisk trussel, slik at man også kan oppnå en mer effektiv utnyttelse av tilgjengelige ressurser. Arbeidet ønsker derfor å danne grunnlaget for en endring av informasjonssikkerhetsstrategien fra en reaktiv beskyttelsesstrategi til en proaktiv forsvarsstrategi, der kvalitetsforbedring fokuseres på selvet problemet, den dynamiske fienden, fremfor resultatet av problemet, tetting av sikkerhetshull.
Vi ønsker å se hvordan dette kan påvirke dagens informasjonssikkerhet i Forsvaret, samt vurdere relevansen av arbeidet for en fremtidsbasert konseptuel visjon presentert av problemeier.
KAMIL ISMAILTitle: Security in SignCryprion
Abstract:
SignCryption is a new concept in PKC(Public key cryptology). It does provide a common framework for a number of protocols which are used to supply a confidential and authenticated transmission channel for messages. One of the best properties of signcryption is that it provides both encryption and digital signature at the same time. With other word, by using SignCryption we can acquire confidentiality, authentication, integrity, unforgeability, non-repudiation, public verifiability and forward secrecy of message confidentiality. SignCryption provides not only low computational cost but also reducing communication overhead.
After giving short information about public key encryption, I will investigate security in SignCryption using elliptic curve. The main idea here is to measure the efficiency of such schemes. The main purpose of this thesis is to show how PKE and digital encryption can be used in order to maintain high level of security in transmission of a massage. In order to do that I will use SignCryption introduced by Zheng and will investigate techniques about how to apply SignCryption on elliptic curve. By using elliptic curve and symmetric algorithms, SignCryption is very appropriate to use it in many applications for example, secure and authentic email, M-Commerce and E-Commerce application, etc.
KJELL TORE FOSSBAKKTitle: Worm propagation in NetFlows
Abstract:
Internet have become a core network for commerce, recreation and communication. The need to protect sensitive information has arisen and increased the past decade, and with it the need for intrusion detection. As most Intrusion Detection Systems (IDSs) today capture and store all network traffic we cannot maintain a long detection timewindow and store all information simultaneously. We need to examine alternative ways to perform intrusion detection to capture misuse aimed to elude traditional IDSs. One alternative of full-content packet inspection is NetFlow analysis by only investigating
meta data information about network traffic connections. All the information from all packets between two hosts are stored in a NetFlow record.
Modern computer worms spread quickly, and change/update their behavior almost on a daily basis. We need to detect widespread worm epidemics on the Internet, which is sustainable when malware change. Signature-based detection, human analysis and signature creation is too slow.
In this thesis we will investigate if it is feasible to use NetFlow analysis for worm detection, compared to traditional signature-based detection systems, such as Snort.
MAGNUS FELDETitle: Analyzing security decisions with discrete event simulation
Abstract:
The increasing integration of IT in a business combined with the complexity of a business makes it difficult to foresee the effects that security controls and incidents have on a business process. The problem of not seeing the cause-and-effect can result in implementing security controls that are not as effective as they could be, or that they, in worst case, directly prohibits the business in making money.
To improve the situation, simulation can be applied as it allow us to gain better insight into how different configurations affect the business without disrupting the business processes. We achieve this insight at a relatively low cost and minimal risk for the business.
We will in this project create a model of a business process and perform simulation runs in order to achieve a better understanding of how information security threats and countermeasures influence business performance indicators. The work which is done in this master thesis will also provide answers to whether simulation can be used by information security managers as a tool to support them in their decision making process.
Topic covered by the project
To be successful, information security management must be viewed in a business perspective. Hence, information security management decisions must be based on how various security controls and potential incidents influence management Key Performance Indicators (KPIs). However, because of the complexity in finding the causes and effects of the decisions, a tool or a method is needed to help managers understanding this relationship.
In this project we are going to study how the combined use of KPIs, Business Process Modelling (BPM) and simulation can help us improving the understanding of how security controls and incidents may influence the business.
Keywords
Information security, Security management, Business management, Simulation and modelling, Business process modelling, Key performance indicators
Problem description
The effects that security controls and incidents have on a business processes are difficult to foresee. The reason for this difficulty might be a result of the complexity of the business, and the fact that this complexity is in constant change. Whatever the reasons, the results are the same, namely that the security controls are not as effective as they could be, or that they, in worst case, directly prohibits the business in making money.
It is essential that not only the right processes are protected, but that they are protected in a appropriate way. The real solution therefore lies in understanding how different controls and threats affect the business.
Justification, motivation and benefits
The purpose of information security, and information technology (IT) in general, is supporting the business processes in such a way that the company creates value. The objective of the information security management is hence to provide value to top management and shareholders, and the information security manager therefore needs to understand the goals of the organization and how his information security management decisions may influence these goals.
One cannot achieve the desired level of security if one does not understand the processes that are to be secured. It is therefore also essential that this understanding is achieved, and that we as security professionals learn from other areas such as business and industry, and how the methods used here can be applied in the information security field. The fact is that security controls are implemented for supporting the business process, not the other way around, and understanding the business process hence becomes a necessity.
By understanding how security incidents and the implementation of security controls influence the business, the resources used on information security by the business can achieve an higher return on investment (ROI) in the sense that the business is both better protected and better enabled to make money. However, since acquiring such understanding is difficult, if not impossible, without disrupting the running business processes, simulation is our best approach. With the aid of simulation we get a better insight into how different configurations affect the business without disrupting the business, and we achieve this at a lower cost and with less risk for the business.
The demand for automatic tools, commonly accepted metrics and better understanding of how the business is affected by security problems and controls are not new issues in the field of information security [8][11][27], but these are issues which need to be combined and resolved.
Research questions
1. To what extent is the construction and evaluation of a simulation model a useful tool in improving the understanding of the goals of the organization and how information security management decisions influence these goals? 2. To what extent are KPIs suitable for measuring the affects of security decisions?
Planned contributions
As mentioned earlier, there is a demand for automatic tools, commonly accepted metrics and better understanding of how the business is affected by security problems and controls. Our contribution to these issues are to determining if simulation can become such an automatic tools, whether or not KPIs can become commonly accepted metrics, and if in fact the combination of KPI, BPM and simulation will help the information security manager in understanding the business affect of security issues.
We will achieve this by creating a model of a business process and perform simulation runs in order to achieve a better understanding of how information security threats and countermeasures influence business performance indicators. This will also provide answers to whether simulation is the right tool for the job and hence if information security managers can use this in their job. Hopefully, the result of this work will help increase the security level in a business by improving the understanding of how security controls and incidents affect a business.
PENMETSA MURALI KRISHNATopic: Measuring Information Security Awareness – A Study in India -Norway
Abstract:
Information security has become a major focus area for many Organizations globally. In countries like India and Norway people have different level of awareness. Whereas some people in the organizations know that better security cannot be achieved by just installing technical solutions like IDS and Firewalls. The level of education, attitude and behavior of the people working in organizations is a very important. So in this Master thesis, I am going measure the Information Security awareness in India and Norway following below process,
1. Write about Information Security and awareness, including a categorization of awareness means in terms of various aspects, quality and efficiency.
2. Make a survey to measure Information Security Awareness.
3. Plan and execute an information security awareness campaign for Norway and India in a limited and comparable community.
4. Measure awareness level before and after the campaign. Compare the results of these two countries.
5. Evaluate the results and propose actions for both countries identifying commonalities and differences.
PETTER BJØRKLUNDTitle: Securing the ICT-based examination
Abstract:
The project covers security and privacy aspects related to conducting ICT-based examination of students. We will investigate security requirements, privacy requirements and best practice of conducting examination in a digital environment. Tests will be conducted and we will perform security analysis of existing solutions and there will be developed a framework based on the requirements and the findings in the security analysis. Some proof-of-concept code will also be developed to support the theory behind the proposed framework.
It is crucial to establish some security and privacy measures in order to trust systems that earlier was done with pen and paper. Many solutions does not address these issues adequately and the expenses of commercial proprietary solutions is not always justified by the level of security they yield. For this reason we focus on the use of open-source software and projects for the framework and solutions. The project will hopefully contribute by providing a framework which will help increase the level of security in systems that will be developed for ICT-based exams, and at the same time cut expenses in these implementations by using free and open source software.
Topic covered by the project
As technology evolves it is natural that more and more teaching and learning is performed by digital means. This project will cover an important aspect of this process, namely the digital examination of students. The setting in which this will be investigated is a ''normal'' supervised examination where the users will utilise their own computer to take the exam. In order to obtain trust in systems that takes part in this process, some security and privacy properties must be ensured. The project will identify these properties, as well as investigating what requirements such systems must sustain in teaching institutions in Norway today.
Based on the identified properties further work in the project will include specification of how to secure such systems, how the architecture and design of the system should be. Some analysis of how the risks are mitigated in this system will also be covered.
Keywords
Computer Uses in Education, Security, Privacy, Authentication, Public key cryptosystems, Cryptographic controls, Information flow controls, Verification
Problem description
Norwegian high schools are instructed by the Norwegian Directorate of Education and Training to conduct digital examination of students. Exams should be effectuated as ''normal'' exams, where they are held in a supervised environment (e.g. a classroom). This introduces new security challenges as technology literacy increases among students who may be tempted to find a way to use illegal aids in these exams. Illegal aids may include, but are not limited to: programs, files, chat sites, WiFi hotspots or wireless networks based on infrared or bluetooth technology.
To mitigate these security challenges Norwegian Computing Center has implemented a solution which utilizes booting an exam-prepared operating system from a USB memory stick. The scope of this project will be to improve the security functionality in the memory stick OS needed in an exam setting. The project will establish foundations and protocols that enforce a highly secure and controlled working environment for electronic examination and computer assisted education.
Another aspect of the problem is that students might consider implemented security mechanisms as a form of surveillance of their activities and a breach of their privacy. This thesis will also consider how privacy can be preserved by minimizing the amount of surveillance and focusing on good security measures.
Justification, motivation and benefits
In a society where education is or should be an important aspect, the educational establishment must be trusted. This trust can be reflected trough the correctness of conducting an exam. One can say that the ability to provide security and correctness in the context of exams says something about the quality of the school or university holding it.
Inspection of each and every machine to provide the security required in these kind of settings would be way too cumbersome and expensive. Another way to go would have been to use commercial software and tools, but this might also be very expensive and security in these systems are not always documented.
Research questions
In the process of writing this thesis, some research questions has to be raised. The following questions will be investigated in the master project: -What is the best practice of digital exam security in educational institutions today? -What are the prioritized requirements for conducting digital exams ? -What security measures and protocols need to be implemented to adhere to these requirements? -How can free and open software (FOSS) be utilised as a part of implementing security in ICT-based examinations? -How can privacy be obtained at a satisfying level in a security-oriented system?
Planned contributions
We will in this project provide a security framework which will mitigate threats associated with digital examination. This framework will be based on a collocation of security requirements gathered from educational institutions which conducts digital exams today and from a security analysis of existing solutions. Hopefully, the framework will help increase the level of security in the implementations that will be used in the high schools.
SHI LELAITitle: Cryptanalysis of a cascade of non-uniformly clocked linear feedback shift registers
Abstract:
LFSR is the linear feedback shift register. Our topic is to establish a method to perform cryptanalysis on a cascade of such LFSRs, in which every LFSR, except for the last one, is irregularly clocked by the next LFSR in the cascade.This method may use the calculation of constrained edit distance which is a special kind of distance between discrete sequences.
Title: System for integration of tools for full content verification on multiple sensors
Abstract:
Cyberspace is the newest addition to the domains for warfare. As in the other domains both offensive and defensive operations are relevant. Defensive operations in cyberspace can draw on experience from traditional information security, but might use other procedures and use tools in a different way. This thesis describes use of tools in defensive operations in cyberspace. More to the point the research will describe how to effectively use tools for packet capture in Computer Network Defense. The contributions of the project will include a definition of a scalable effective system for packet capture in CND analysis and a prototype implementation of this definition.
WU HAOTitle: Implementation of public key algorithms in CUDA
Abstract:
Implementing a public key cryptosystem is always a tradeoff between security and efficiency. The problem with the number theoretic cryptosystems (i.e. RSA) is that they require a lot of computational power providing a high level of security and most likely a low level of efficiency. Public key algorithms are known to be slower than symmetric key alternatives because of their basis in modular arithmetic. Therefore, how to make a more efficient and faster implementation of public key algorithms is concerned.
Running the public key algorithms by use of the parallel properties of the GPU (Graphics Processing Unit) in modular multiplication and modular exponentiation may be a solution to this problem. Multiplication of big integers is one of the building blocks in doing modular arithmetic. The field of General-purpose GPU which is about solving problems other than graphics rendering using the GPU was until recently without a good solution. CUDA (Compute Unified Device Architecture) is a framework which makes these kinds of implementations more available to the general public of programmers. Using the unique properties of the GPU through CUDA has greatly increased the efficiency of many computational problems.
The target in this research is to study and analyse the majority of algorithms related to the modular multiplication and modular exponentiation, and then to design and make an implementation of a public key algorithm in CUDA. Finally, this project will compare the performance between the GPU implementation and the CPU implementation in order to look into the possibility of improving the performance of public key algorithm. The research questions are divided into four groups, the first one regarding modular multiplication and modular exponentiation of big integers and their parallelism, the second one about integrating parallel modular multiplication and modular exponentiation into the public key algorithm, the third one concerning optimization of the algorithm, and final one regarding performance comparison of public key algorithm between the GPU implementation and the CPU implementation.
