Browsing by Subject "Computer networks--Security measures."

Filter results by typing the first few letters
Now showing 1 - 5 of 5
  • Thumbnail Image
    ItemOpen Access
    Generalized ID-based elgamal signatures and extensions
    (2008) Kalkan, Said
    ID-based cryptography helps us to simplify key management process in traditional public key infrastructures. Any public information such as the e-mail address, name, etc., can be used as a public key and this solves the problem of obtaining the public key of a party and checking that its certificate is valid. ID-based cryptography has been a very active area of research in cryptography since bilinear pairings were introduced as a cryptographic tool. There have been many proposals for ID-based signatures recently. In this thesis, we introduce the concept of generalized ID-based ElGamal signatures and show that most of the proposed ID-based signature schemes in the literature are special instances of this generalized scheme. We also investigate ID-based signatures providing additional properties. Signature schemes with message recovery provide the feature that the message is recoverable from the signature and hence does not need to be transmitted separately. Blind signatures provide the feature that a user is able to get a signature without giving the actual message to the signer. Finally, signcryption schemes fulfill the job of a digital signature and encryption in a single step with a lower computational cost. We generalize the ID-based signatures providing these properties and obtain numerous new signatures which have not been explored before. The generalized ID-based signatures we described provide a unified framework for ID-based ElGamal signatures and extensions. Additionally, some of our blind signatures turn out to be more efficient than the previously proposed schemes.
  • Thumbnail Image
    ItemOpen Access
    Generating content-based signatures for detecting bot-infected machines
    (2008) Bilge, Leyla
    A botnet is a network of compromised machines that are remotely controlled and commanded by an attacker, who is often called the botmaster. Such botnets are often abused as platforms to launch distributed denial of service attacks, send spam mails or perform identity theft. In recent years, the basic motivations for malicious activity have shifted from script kiddie vandalism in the hacker community, to more organized attacks and intrusions for financial gain. This shift explains the reason for the rise of botnets that have capabilities to perform more sophisticated malicious activities. Recently, researchers have tried to develop botnet detection mechanisms. The botnet detection mechanisms proposed to date have serious limitations, since they either can handle only certain types of botnets or focus on only specific botnet attributes, such as the spreading mechanism, the attack mechanism, etc., in order to constitute their detection models. We present a system that monitors network traffic to identify bot-infected hosts. Our goal is to develop a more general detection model that identifies single infected machines without relying on the bot propagation vector. To this end, we leverage the insight that all of the bots get a command and perform an action as a response, since the command and response behavior is the unique characteristic that distinguishes the bots from other malware. Thus, we examine the network traffic generated by bots to locate command and response behaviors. Afterwards, we generate signatures from the similar commands that are followed by similar bot responses without any explicit knowledge about the command and control protocol. The signatures are deployed to an IDS that monitors the network traffic of a university. Finally, the experiments showed that our system is capable of detecting bot-infected machines with a low false positive rate.
  • Thumbnail Image
    ItemOpen Access
    Immunizing binary executables against return-oriented programming
    (2010) Onarlıoğlu, Kaan
    Despite the numerous prevention and protection mechanisms that have been introduced into modern operating systems, the exploitation of memory corruption vulnerabilities still represents a serious threat to the security of software systems and networks. A recent exploitation technique, called Return-Oriented Programming (ROP), has lately attracted a considerable attention from academia. ROP attacks utilize short code sequences each ending with a free-branch instruction, i.e. an instruction that allows the attacker to control the execution flow. Identifying such sequences, or gadgets, available in binary executables and chaining them together, it is possible to perform arbitrary computations. Past research on the topic has mostly focused on refining the original attack technique, or on proposing partial solutions that target only particular variants of the attack. In this work, we present a compiler-based approach that represents the first practical solution against any possible form of ROP. Our solution is able to protect the aligned free-branch instructions to prevent them from being misused by an attacker, and to eliminate all unaligned free-branch instructions inside a binary executable. We developed a prototype based on our approach for the x86 architecture, and evaluated it by compiling GNU libc and a number of real-world applications. The results of the experiments demonstrate that our solution is able to prevent any form of returnoriented programming attack.
  • Thumbnail Image
    ItemOpen Access
    OpenID with certificate-based user authentication on smartcard
    (2013) Kişin, Bahar Berna
    From the point of its users, federated identity systems provide great convenience to log in to varied web sites without bothering of registration in advance. Looking from a vantage point, federated identity management gives the opportunity to users of one IT system to access data and sources of another IT system seamlessly and securely without handling a complete user administration. Single signon mechanisms manage user authentication process of these systems prompting log in once and assure access control across those multiple independent systems. OpenID is a widely used federated identity/single sign-on scheme generally implemented with username-password authentication. In this work, we augment the user authentication phase of OpenID with certi cate-based authentication using smartcard technology. Our solution provides a secure method to authenticate the user with user's digital certi cate written on the smartcard.
  • Thumbnail Image
    ItemOpen Access
    Stealth sandbox analysis of malware
    (2009) Uğurlu, Ömer Sezgin
    Malware is one of the biggest problems of the world of bits and bytes. Generally malware does activities a user normally does not do, such as becoming part of a virtual army or submitting confidential data of the user to the malware author. There are publicly available analysis services for unknown binaries. Sandbox analysis is performed by execution of an untrusted binary in an isolated environment. It is a very common technique for malware research. Publicly available sandbox analysis platforms help users to see traces of the execution without harming their system. Also it helps owners of the sandbox to collect malware and makes the job of analysts easier. One major problem of the public sandbox testing is that malware authors can also benefit from analysis of sandboxes. If they can identify sandbox systems they can hide malicious behavior. This thesis presents the publicly used Anubis sandbox, detection mechanisms used against Anubis[3], further possible detection mechanisms and our efforts for hiding fingerprint of Anubis from malware and decreasing the resulting false negative rates for the malware detection.