Information Security Commons^™

Implementing And Testing A Novel Chaotic Cryptosystem, Samuel Jackson, Scott Kerlin, Jeremy Straub

Jeremy Straub

Cryptography in the domain of small satellites is a relatively new area of research. Compared to typical desktop computers, small satellites have limited bandwidth, processing power, and battery power. Many of the current encryption schemes were developed for desktop computers and servers, and as such may be unsuitable for small satellites. In addition, most cryptographic research in the domain of small satellites focuses on hardware solutions, which can be problematic given the limited space requirements of small satellites.

This paper investigates potential software solutions that could be used to encrypt and decrypt data on small satellites and other devices with …

Metalogic Notes, Saverio Perugini

Saverio Perugini

A collection of notes, formulas, theorems, postulates and terminology in symbolic logic, syntactic notions, semantic notions, linkages between syntax and semantics, soundness and completeness, quantified logic, first-order theories, Goedel's First Incompleteness Theorem and more.

Statistics Notes, Saverio Perugini

Saverio Perugini

A collection of terms, definitions, formulas and explanations about statistics.

Exchanging Demands: Weaknesses In Ssl Implemenations For Mobile Platforms, Peter Hannay, Clinton Carpene, Craig Valli, Andrew Woodward, Mike Johnstone

Clinton Carpene

The ActiveSync protocol’s implementation on some embedded devices leaves clients vulnerable to unauthorised remote policy enforcement. This paper discusses a proof of concept attack against the implementation of ActiveSync in common Smart phones including Android devices and iOS devices. A two‐phase approach to exploiting the ActiveSync protocol is introduced. Phase 1 details the usage of a man‐in‐the‐middle attack to gain a vantage point over the client device, whilst Phase 2 involves spoofing the server‐side ActiveSync responses to initiate the unauthorised policy enforcement. These vulnerabilities are demonstrated by experiment, highlighting how the system can be exploited to perform a remote factory …

Modeling Heterogeneous User Churn And Local Resilience Of Unstructured P2p Networks, Zhongmei Yao, Derek Leonard, Dmitri Loguinov, Xiaoming Wang

Zhongmei Yao

Previous analytical results on the resilience of unstructured P2P systems have not explicitly modeled heterogeneity of user churn (i.e., difference in online behavior) or the impact of in-degree on system resilience. To overcome these limitations, we introduce a generic model of heterogeneous user churn, derive the distribution of the various metrics observed in prior experimental studies (e.g., lifetime distribution of joining users, joint distribution of session time of alive peers, and residual lifetime of a randomly selected user), derive several closed-form results on the transient behavior of in-degree, and eventually obtain the joint in/out degree isolation probability as a simple …

Robust Lifetime Measurement In Large-Scale P2p Systems With Non-Stationary Arrivals, Xiaoming Wang, Zhongmei Yao, Yueping Zhang, Dmitri Loguinov

Zhongmei Yao

Characterizing user churn has become an important topic in studying P2P networks, both in theoretical analysis and system design. Recent work has shown that direct sampling of user lifetimes may lead to certain bias (arising from missed peers and round-off inconsistencies) and proposed a technique that estimates lifetimes based on sampled residuals. In this paper, however, we show that under non-stationary arrivals, which are often present in real systems, residual-based sampling does not correctly reconstruct user lifetimes and suffers a varying degree of bias, which in some cases makes estimation completely impossible. We overcome this problem using two contributions: a …

Stochastic Analysis Of Horizontal Ip Scanning, Derek Leonard, Zhongmei Yao, Xiaoming Wang, Dmitri Loguinov

Zhongmei Yao

Intrusion Detection Systems (IDS) have become ubiquitous in the defense against virus outbreaks, malicious exploits of OS vulnerabilities, and botnet proliferation. As attackers frequently rely on host scanning for reconnaissance leading to penetration, IDS is often tasked with detecting scans and preventing them. However, it is currently unknown how likely an IDS is to detect a given Internet-wide scan pattern and whether there exist sufficiently fast scan techniques that can remain virtually undetectable at large-scale. To address these questions, we propose a simple analytical model for the window-expiration rules of popular IDS tools (i.e., Snort and Bro) and utilize a …

Automatically Discovering The Number Of Clusters In Web Page Datasets, Zhongmei Yao

Zhongmei Yao

Clustering is well-suited for Web mining by automatically organizing Web pages into categories, each of which contains Web pages having similar contents. However, one problem in clustering is the lack of general methods to automatically determine the number of categories or clusters. For the Web domain in particular, currently there is no such method suitable for Web page clustering. In an attempt to address this problem, we discover a constant factor that characterizes the Web domain, based on which we propose a new method for automatically determining the number of clusters in Web page data sets. We discover that the …

Legal Issues: Security And Privacy With Mobile Devices, Brian Leonard, Maurice Dawson

Maurice Dawson

Privacy and security are two items being woven into the fabric of American law concerning mobile devices. This chapter will review and analyze the associated laws and policies that are currently in place or have been proposed to ensure proper execution of security measures for mobile and other devices while still protecting individual privacy. This chapter will address the fact that as the American society significantly uses mobile devices, it is imperative to understand the legal actions surrounding these technologies to include their associated uses. This chapter will also address the fact that with 9/11 in the not so distant …