Publications
PDF SNRG Research theses are available
Matching entries: 0
settings...
Author | Title | Year | Journal/Proceedings | Reftype | DOI/URL |
---|---|---|---|---|---|
Frieslaar, I. and Irwin, B. | Investigating the Electromagnetic Leakage from a Raspberry Pi | 2017 | 2017 Information Security for South Africa, pp. 22-31 | inproceedings | |
Abstract: This research investigates the Electromagnetic (EM) side channel leakage of a Raspberry Pi 2 B+. An evaluation is performed on the EM leakage as the device executes the AES-128 cryptographic algorithm contained in the Crypto++ library in a threaded environment. Four multi-threaded implementations are evaluated. These implementations are Portable Operating System Interface Threads, C++11 threads, Threading Building Blocks, and OpenMP threads. It is demonstrated that the various thread techniques have distinct variations in frequency and shape as EM emanations is leaked from the Raspberry Pi. Additionally, noise is introduced while the cryptographic algorithm executes. The results indicates that tt is still possible to visibly see the execution of the cryptographic algorithm. However, out of 50 occasions the cryptographic execution was not detected 32 times. It was further identified when calculating prime numbers, the cryptographic algorithm becomes hidden. Furthermore, the analysis pointed in the direction that when high prime numbers are calculated there is a window where the cryptographic algorithm can not be seen visibly in the EM spectrum. |
|||||
BibTeX:
@inproceedings{Frieslaar2017a, author = {Ibraheem Frieslaar and Barry Irwin}, title = {Investigating the Electromagnetic Leakage from a Raspberry Pi}, booktitle = {2017 Information Security for South Africa}, publisher = {IEEE}, year = {2017}, pages = {22--31}, note = {ISBN 978-1-5386-0544-8} } |
|||||
Mnjama, J., Foster, G. and Irwin, B. | A Privacy and Security Threat Assessment Framework for Consumer Health Wearables | 2017 | 2017 Information Security for South Africa, pp. 66-73 | inproceedings | |
Abstract: Health data is important as it provides an individual with knowledge of the factors needed to be improved for oneself. The development of fitness trackers and their associated software aid consumers to understand the manner in which they may improve their physical wellness. These devices are capable of collecting health data for a consumer such sleeping patterns, heart rate readings or the number of steps taken by an individual. Although, this information is very beneficial to guide a consumer to a better healthier state, it has been identified that they have privacy and security concerns. Privacy and Security are of great concern for fitness trackers and their associated applications as protecting health data is of critical importance. This is so, as health data is one of the highly sort after information by cyber criminals. Fitness trackers and their associated applications have been identified to contain privacy and security concerns that places the health data of consumers at risk to intruders. As the study of Consumer Health continues to grow it is vital to understand the elements that are needed to better protect the health information of a consumer. This research paper therefore provides a conceptual threat assessment framework that can be used to identify the elements needed to better secure Consumer Health Wearables. These elements consist of six core elements from the CIA triad and Microsoft STRIDE framework. Fourteen vulnerabilities were further discovered that were classified within these six core elements. Through this, better guidance can be achieved to improve the privacy and security of Consumer Health Wearables. |
|||||
BibTeX:
@inproceedings{Mnjama2017, author = {Javan Mnjama and Greg Foster and Barry Irwin}, title = {A Privacy and Security Threat Assessment Framework for Consumer Health Wearables}, booktitle = {2017 Information Security for South Africa}, publisher = {IEEE}, year = {2017}, pages = {66--73}, note = {ISBN 978-1-5386-0544-8} } |
|||||
Pennefather, S. and Irwin, B. | Design and Application of Link: A DSL for Frame Manipulation | 2017 | 2017 Information Security for South Africa, pp. 48-55 | inproceedings | |
Abstract: This paper describes the design and application of Link, a Domain Specific Language (DSL) targeting the develop- ment of network applications focused on traffic manipulation at the frame level. The development of Link is described through the identification and evaluation of intended applications and an example translator is implemented to target the FRAME board which was developed in conjunction with this research. Four application examples are then provided to help describe the feasibility of Link when |
|||||
BibTeX:
@inproceedings{Pennefather2017a, author = {Sean Pennefather and Barry Irwin}, title = {Design and Application of Link: A DSL for Frame Manipulation}, booktitle = {2017 Information Security for South Africa}, publisher = {IEEE}, year = {2017}, pages = {48--55}, note = {ISBN 978-1-5386-0544-8} } |
|||||
Frieslaar, I. and Irwin, B. | Investigating the Effects Different C/C++ Compilers Have on the Electromagnetic Signature of a Cryptographic Executable | 2017 | Proceedings of South African Institute of Computer Scientists and Information Technologists (SAICSIT), pp. 135-144 | inproceedings | DOI |
Abstract: This research investigates changes in the electromagnetic (EM) signatures of a cryptographic binary executable based on compiletime parameters to the GNU and clang compilers. The source code was compiled and executed on a Raspberry Pi 2, which utilizes the ARMv7 CPU. Various optimization ags are enabled at compile-time and the output of the binary executable’s EM signatures are captured at run-time. It is demonstrated that GNU and clang compilers produced di!erent EM signature on program execution. The results indicated while utilizing the O3 optimization ag, the EM signature of the program changes. Additionally, the g++ compiler demonstrated fewer instructions were required to run the executable; this related to fewer EM emissions leaked. The EM data from the various compilers under di!erent optimization levels was used as input data for a correlation power analysis attack. The results indicated that partial AES-128 encryption keys was possible. In addition, the fewest subkeys recovered was when the clang compiler was used with level O2 optimization. Finally, the research was able to recover 15 of 16 AES-128 cryptographic algorithm’s subkeys, from the the Pi. |
|||||
BibTeX:
@inproceedings{Frieslaar2017c, author = {Ibraheem Frieslaar and Barry Irwin}, title = {Investigating the Effects Different C/C++ Compilers Have on the Electromagnetic Signature of a Cryptographic Executable}, booktitle = {Proceedings of South African Institute of Computer Scientists and Information Technologists (SAICSIT)}, publisher = {ACM}, year = {2017}, pages = {135-144}, note = {ISBN 978-1-4503-5384-7.}, doi = {http://doi.org/10.1145/3129416.3129436} } |
|||||
Frieslaar, I. and Irwin, B. | Investigating the utilization of the secure hash algorithm to generate electromagnetic noise. | 2017 | Proceedings of the 9th International Conference on Signal Processing Systems | inproceedings | DOI URL |
Abstract: This research introduces an electromagnetic (EM) noise generator known as the FRIES noise generator to mitigate and obfuscate Side Channel Analysis (SCA) attacks against a Raspberry Pi. The FRIES noise generator utilizes the implementation of the Secure Hash Algorithm (SHA) from OpenSSL to generate white noise within the EM spectrum. This research further contributes to the body of knowledge by demonstrating that the SHA implementation of libcrypto++ and OpenSSL had different EM signatures. It was further revealed that as a more secure implementation of the SHA was executed additional data lines were used, resulting in increased EM emissions. It was demonstrated that the OpenSSL implementations of the SHA was more optimized as opposed to the libcrypto++ implementation by utilizing less resources and not leaving the device in a bottleneck. The FRIES daemon added noise to the EM leakage which prevents the visual location of the AES-128 cryptographic implementation. Finally, the cross-correlation test demonstrated that the EM features of the AES-128 algorithm was not detected within the FRIES noise. |
|||||
BibTeX:
@inproceedings{Frieslaar2017d, author = {Ibraheem Frieslaar and Barry Irwin}, title = {Investigating the utilization of the secure hash algorithm to generate electromagnetic noise.}, booktitle = {Proceedings of the 9th International Conference on Signal Processing Systems}, publisher = {ACM}, year = {2017}, note = {ISBN 978-1-4503-5384-7.}, url = {http://doi.acm.org/10.1145/}, doi = {10.1145/} } |
|||||
Frieslaar, I. and Irwin, B. | Recovering AES-128 Encryption Keys from a Raspberry Pi | 2017 | Southern Africa Telecommunication Networks and Applications Conference (SATNAC), pp. 228-233 | inproceedings | |
Abstract: This research is the first of its kind to perform a successful side channel analysis attack on a symmetric en- cryption algorithm executing on a Raspberry Pi. It is demon- strated that the AES-128 encryption algorithm of the Crypto++ library is vulnerable against the Correlation Power Analysis (CPA) attack. Furthermore, digital processing techniques such as dynamic time warping and filtering are used to recovery the full encryption key. In Addition, it is illustrated that the area above and around the CPU of the Raspberry Pi leaks out critical and secret information. |
|||||
BibTeX:
@inproceedings{Frieslaar2017b, author = {Ibraheem Frieslaar and Barry Irwin}, title = {Recovering AES-128 Encryption Keys from a Raspberry Pi}, booktitle = {Southern Africa Telecommunication Networks and Applications Conference (SATNAC)}, year = {2017}, pages = {228--233} } |
|||||
Linklater, G., Smith, C., Connan, J., Herbert, A. and Irwin, B. | JSON Schema for Attribute-based Access Control for Network Resource Security | 2017 | Southern Africa Telecommunication Networks and Applications Conference (SATNAC), pp. 360-365 | inproceedings | |
Abstract: Attribute-based Access Control (ABAC) is an access control model where authorization for an action on a resource is determined by evaluating attributes of the subject, resource (object) and environment. The attributes are evaluated against boolean rules of varying complexity. ABAC rule languages are often based on serializable object modeling and schema languages as in the case of XACML which is based on XML Schema. XACML is a standard by OASIS, and is the current de facto standard for ABAC. While a JSON profile for XACML exists, it is simply a compatibility layer for using JSON in XACML which caters to the XML object model paradigm, as opposed to the JSON object model paradigm. This research proposes JSON Schema as a modeling language that caters to the JSON object model paradigm on which to base an ABAC rule language. It continues to demonstrate its viability for the task by comparison against the features provided to XACML by XML Schema. |
|||||
BibTeX:
@inproceedings{Linklater2017, author = {Gregory Linklater and Christian Smith and James Connan and Alan Herbert and Barry Irwin}, title = {JSON Schema for Attribute-based Access Control for Network Resource Security}, booktitle = {Southern Africa Telecommunication Networks and Applications Conference (SATNAC)}, year = {2017}, pages = {360--365} } |
|||||
Chindipha, S.D. and Irwin, B. | An Analysis on the Re-emergence of SQL Slammer Worm Using Network Telescope Data | 2017 | Southern Africa Telecommunication Networks and Applications Conference (SATNAC), pp. 222-227 | inproceedings | |
Abstract: The SQL Slammer worm is a self propagated computer virus that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic. An observation of network traffic captured in the Rhodes University’s network telescopes shows that traffic observed in it shows an escalation in the number of packets captured by the telescopes between January 2014 and December 2016 when the expected traffic was meant to take a constant decline in UDP packets from port 1434. Using data captured over a period of 84 months, the analysis done in this study identified top ten /24 source IP addresses that Slammer worm repeatedly used for this attack together with their geolocation. It also shows the trend of UDP 1434 packets received by the two network telescopes from January 2009 to December 2015. In line with epidemic model, the paper has shown how this traffic fits in as SQL Slammer worm attack. Consistent number of packets observed in the two telescopes between 2014 and 2016 shows qualities of the Slammer worm attack. Basic time series and decomposition of additive time series graphs have been used to show trend and observed UDP packets over the time frame of study. |
|||||
BibTeX:
@inproceedings{Linklater2017, author = {Stones Dalitso Chindipha and Barry Irwin}, title = {An Analysis on the Re-emergence of SQL Slammer Worm Using Network Telescope Data}, booktitle = {Southern Africa Telecommunication Networks and Applications Conference (SATNAC)}, year = {2017}, pages = {222--227} } |
|||||
Motara, Y.M. and Irwin, B. | SHA-1, SAT-solving, and CNF | 2017 | Southern Africa Telecommunication Networks and Applications Conference (SATNAC), pp. 216-221 | inproceedings | |
Abstract: Finding a preimage for a SHA-1 hash is, at present, a computationally intractable problem. SAT-solvers have been useful tools for handling such problems and can often, through heuristics, generate acceptable solutions. This research examines the intersection between the SHA-1 preimage problem, the encoding of that problem for SAT-solving, and SAT-solving. The results demonstrate that SAT-solving is not yet a viable approach to take to solve the preimage problem, and also indicate that some of the intuitions about “good” problem |
|||||
BibTeX:
@inproceedings{Motara2017, author = {Yusuf Moosa Motara and Barry Irwin}, title = {SHA-1, SAT-solving, and CNF}, booktitle = {Southern Africa Telecommunication Networks and Applications Conference (SATNAC)}, year = {2017}, pages = {216--221} } |
|||||
Pearson, D., Irwin, B. and Herbert, A. | Weems: An Extensible HTTP Honeypot | 2017 | Southern Africa Telecommunication Networks and Applications Conference (SATNAC), pp. 234-239 | inproceedings | |
Abstract: Malicious entities are constantly trying their luck at exploiting known vulnerabilities in web services, in an attempt to gain access to resources unauthorized access to resources. For this reason security specialists deploy various network defenses with the goal preventing these threats; one such tool used are web based honeypots. Historically a honeypot will be deployed facing the Internet to masquerade as a live system with the intention of attracting attackers away from the valuable data. Researchers adapted these honeypots and turned them into a platform to allow for the studying and understanding of web attacks and threats on the Internet. Having the ability to develop a honeypot to replicate a specific service meant researchers can now study the behavior patterns of threats, thus giving a better understanding of how to defend against them. This paper discusses a high-level design and implementation of Weems, a low-interaction web based modular HTTP honeypot system. It also presents results obtained from various deployments over a period of time and what can be interpreted from these results. |
|||||
BibTeX:
@inproceedings{Pearson2017, author = {Deon Pearson and Barry Irwin and Alan Herbert}, title = {Weems: An Extensible HTTP Honeypot}, booktitle = {Southern Africa Telecommunication Networks and Applications Conference (SATNAC)}, year = {2017}, pages = {234--239} } |
|||||
Pennefather, S., Bradshaw, K. and Irwin, B. | Design of a Message Passing Model for Use in a Heterogeneous CPU-NFP Framework for Network Analytics | 2017 | (178-183)Southern Africa Telecommunication Networks and Applications Conference (SATNAC) | inproceedings | |
Abstract: Currently, network analytics requires direct access to network packets, normally through a third-party application, which means that obtaining realtime results is difficult. We propose the NFP-CPU heterogeneous framework to allow parts of applications written in the Go programming language to be executed on a Network Flow Processor (NFP) for enhanced performance. This paper explores the need and feasibility of implementing a message passing model for data transmission between the NFP and CPU, which is the crux of such a heterogeneous framework. Architectural differences between the two domains are highlighted within this context and we present a solution to bridging these differences. |
|||||
BibTeX:
@inproceedings{Pennefather2017b, author = {Sean Pennefather and Karen Bradshaw and Barry Irwin}, title = {Design of a Message Passing Model for Use in a Heterogeneous CPU-NFP Framework for Network Analytics}, booktitle = {Southern Africa Telecommunication Networks and Applications Conference (SATNAC)}, year = {2017}, number = {178-183} } |
|||||
Sweeney, M. and Irwin, B. | NetFlow Scoring Framework for Incident Detection
[BibTeX] |
2017 | Southern Africa Telecommunication Networks and Applications Conference (SATNAC), pp. 310-315 | inproceedings | |
BibTeX:
@inproceedings{Sweeney2017, author = {Michael Sweeney and Barry Irwin}, title = {NetFlow Scoring Framework for Incident Detection}, booktitle = {Southern Africa Telecommunication Networks and Applications Conference (SATNAC)}, year = {2017}, pages = {310--315} } |
Created by JabRef on 20/09/2017.
Last Modified: Thu, 05 Jul 2018 12:57:36 SAST