Developing an electromagnetic noise generator to protect a Raspberry Pi from side channel analysis
- Frieslaar, I, Irwin, Barry V W
- Authors: Frieslaar, I , Irwin, Barry V W
- Date: 2018
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429511 , vital:72618 , https://ieeexplore.ieee.org/abstract/document/8531950
- Description: This research investigates the Electromagnetic (EM) side channel leakage of a Raspberry Pi 2 B+. An evaluation is performed on the EM leakage as the device executes the AES-128 cryptographic algorithm contained in the libcrypto++ library in a threaded environment. Four multi-threaded implementations are evaluated. These implementations are Portable Operating System Interface Threads, C++11 threads, Threading Building Blocks, and OpenMP threads. It is demonstrated that the various thread techniques have distinct variations in frequency and shape as EM emanations are leaked from the Raspberry Pi. It is demonstrated that the AES-128 cryptographic implementation within the libcrypto++ library on a Raspberry Pi is vulnerable to Side Channel Analysis (SCA) attacks. The cryptographic process was seen visibly within the EM spectrum and the data for this process was extracted where digital filtering techniques was applied to the signal. The resultant data was utilised in the Differential Electromagnetic Analysis (DEMA) attack and the results revealed 16 sub-keys that are required to recover the full AES-128 secret key. Based on this discovery, this research introduced a multi-threading approach with the utilisation of Secure Hash Algorithm (SHA) to serve as a software based countermeasure to mitigate SCA attacks. The proposed countermeasure known as the FRIES noise generator executed as a Daemon and generated EM noise that was able to hide the cryptographic implementations and prevent the DEMA attack and other statistical analysis.
- Full Text:
- Date Issued: 2018
- Authors: Frieslaar, I , Irwin, Barry V W
- Date: 2018
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429511 , vital:72618 , https://ieeexplore.ieee.org/abstract/document/8531950
- Description: This research investigates the Electromagnetic (EM) side channel leakage of a Raspberry Pi 2 B+. An evaluation is performed on the EM leakage as the device executes the AES-128 cryptographic algorithm contained in the libcrypto++ library in a threaded environment. Four multi-threaded implementations are evaluated. These implementations are Portable Operating System Interface Threads, C++11 threads, Threading Building Blocks, and OpenMP threads. It is demonstrated that the various thread techniques have distinct variations in frequency and shape as EM emanations are leaked from the Raspberry Pi. It is demonstrated that the AES-128 cryptographic implementation within the libcrypto++ library on a Raspberry Pi is vulnerable to Side Channel Analysis (SCA) attacks. The cryptographic process was seen visibly within the EM spectrum and the data for this process was extracted where digital filtering techniques was applied to the signal. The resultant data was utilised in the Differential Electromagnetic Analysis (DEMA) attack and the results revealed 16 sub-keys that are required to recover the full AES-128 secret key. Based on this discovery, this research introduced a multi-threading approach with the utilisation of Secure Hash Algorithm (SHA) to serve as a software based countermeasure to mitigate SCA attacks. The proposed countermeasure known as the FRIES noise generator executed as a Daemon and generated EM noise that was able to hide the cryptographic implementations and prevent the DEMA attack and other statistical analysis.
- Full Text:
- Date Issued: 2018
Effectiveness of Sampling a Small Sized Network Telescope in Internet Background Radiation Data Collection
- Chindipha, Stones D, Irwin, Barry V W, Herbert, Alan
- Authors: Chindipha, Stones D , Irwin, Barry V W , Herbert, Alan
- Date: 2018
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427646 , vital:72453 , https://www.researchgate.net/profile/Barry-Ir-win/publication/327624431_Effectiveness_of_Sampling_a_Small_Sized_Net-work_Telescope_in_Internet_Background_Radiation_Data_Collection/links/5b9a5067299bf14ad4d793a1/Effectiveness-of-Sampling-a-Small-Sized-Network-Telescope-in-Internet-Background-Radiation-Data-Collection.pdf
- Description: What is known today as the modern Internet has long relied on the existence of, and use of, IPv4 addresses. However, due to the rapid growth of the Internet of Things (IoT), and limited address space within IPv4, acquiring large IPv4 subnetworks is becoming increasingly difficult. The exhaustion of the IPv4 address space has made it near impossible for organizations to gain access to large blocks of IP space. This is of great concern particularly in the security space which often relies on acquiring large network blocks for performing a technique called Internet Background Radiation (IBR) monitoring. This technique monitors IPv4 addresses which have no services running on them. In practice, no traffic should ever arrive at such an IPv4 address, and so is marked as an anomaly, and thus recorded and analyzed. This research aims to address the problem brought forth by IPv4 address space exhaustion in relation to IBR monitoring. This study’s intent is to identify the smallest subnet that best represents the attributes found in the/24 IPv4 address. This is done by determining how well a subset of the monitored original subnetwork represents the information gathered by the original subnetwork. Determining the best method of selecting a subset of IPv4 addresses from a subnetwork will enable IBR research to continue in the best way possible in an ever restricting research space.
- Full Text:
- Date Issued: 2018
- Authors: Chindipha, Stones D , Irwin, Barry V W , Herbert, Alan
- Date: 2018
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427646 , vital:72453 , https://www.researchgate.net/profile/Barry-Ir-win/publication/327624431_Effectiveness_of_Sampling_a_Small_Sized_Net-work_Telescope_in_Internet_Background_Radiation_Data_Collection/links/5b9a5067299bf14ad4d793a1/Effectiveness-of-Sampling-a-Small-Sized-Network-Telescope-in-Internet-Background-Radiation-Data-Collection.pdf
- Description: What is known today as the modern Internet has long relied on the existence of, and use of, IPv4 addresses. However, due to the rapid growth of the Internet of Things (IoT), and limited address space within IPv4, acquiring large IPv4 subnetworks is becoming increasingly difficult. The exhaustion of the IPv4 address space has made it near impossible for organizations to gain access to large blocks of IP space. This is of great concern particularly in the security space which often relies on acquiring large network blocks for performing a technique called Internet Background Radiation (IBR) monitoring. This technique monitors IPv4 addresses which have no services running on them. In practice, no traffic should ever arrive at such an IPv4 address, and so is marked as an anomaly, and thus recorded and analyzed. This research aims to address the problem brought forth by IPv4 address space exhaustion in relation to IBR monitoring. This study’s intent is to identify the smallest subnet that best represents the attributes found in the/24 IPv4 address. This is done by determining how well a subset of the monitored original subnetwork represents the information gathered by the original subnetwork. Determining the best method of selecting a subset of IPv4 addresses from a subnetwork will enable IBR research to continue in the best way possible in an ever restricting research space.
- Full Text:
- Date Issued: 2018
Exploration and design of a synchronous message passing framework for a CPU-NPU heterogeneous architecture
- Pennefather, Sean, Bradshaw, Karen L, Irwin, Barry V W
- Authors: Pennefather, Sean , Bradshaw, Karen L , Irwin, Barry V W
- Date: 2018
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429537 , vital:72620 , https://ieeexplore.ieee.org/abstract/document/8425384
- Description: In this paper we present the development of a framework for communication between an NPU (network processing unit) and CPU through synchronous message passing that is compliant with the synchronous communication events of the CSP formalisms. This framework is designed to be used for passing generic information between application components operating on both architectures and is intended to operate in conjunction with existing datapaths present on the NPU which in turn are responsible for network traffic transmission. An investigation of different message passing topologies is covered before the proposed message passing fabric is presented. As a proof of concept, an initial implementation of the fabric is developed and tested to determine its viability and correctness. Through testing it is shown that the implemented framework operates as intended. However, it is noted the throughput of the exploratory implementation is not considered suitable for high-performance applications and further evaluation is required.
- Full Text:
- Date Issued: 2018
- Authors: Pennefather, Sean , Bradshaw, Karen L , Irwin, Barry V W
- Date: 2018
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429537 , vital:72620 , https://ieeexplore.ieee.org/abstract/document/8425384
- Description: In this paper we present the development of a framework for communication between an NPU (network processing unit) and CPU through synchronous message passing that is compliant with the synchronous communication events of the CSP formalisms. This framework is designed to be used for passing generic information between application components operating on both architectures and is intended to operate in conjunction with existing datapaths present on the NPU which in turn are responsible for network traffic transmission. An investigation of different message passing topologies is covered before the proposed message passing fabric is presented. As a proof of concept, an initial implementation of the fabric is developed and tested to determine its viability and correctness. Through testing it is shown that the implemented framework operates as intended. However, it is noted the throughput of the exploratory implementation is not considered suitable for high-performance applications and further evaluation is required.
- Full Text:
- Date Issued: 2018
Extending the NFComms framework for bulk data transfers
- Pennefather, Sean, Bradshaw, Karen L, Irwin, Barry V W
- Authors: Pennefather, Sean , Bradshaw, Karen L , Irwin, Barry V W
- Date: 2018
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430152 , vital:72669 , https://doi.org/10.1145/3278681.3278686
- Description: In this paper we present the design and implementation of an indirect messaging extension for the existing NFComms framework that pro-vides communication between a network flow processor and host CPU. This extension addresses the bulk throughput limitations of the frame-work and is intended to work in conjunction with existing communication mediums. Testing of the framework extensions shows an increase in throughput performance of up to 300× that of the current direct mes-sage passing framework at the cost of increased single message laten-cy of up to 2×. This trade-off is considered acceptable as the proposed extensions are intended for bulk data transfer only while the existing message passing functionality of the framework is preserved and can be used in situations where low latency is required for small messages.
- Full Text:
- Date Issued: 2018
- Authors: Pennefather, Sean , Bradshaw, Karen L , Irwin, Barry V W
- Date: 2018
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430152 , vital:72669 , https://doi.org/10.1145/3278681.3278686
- Description: In this paper we present the design and implementation of an indirect messaging extension for the existing NFComms framework that pro-vides communication between a network flow processor and host CPU. This extension addresses the bulk throughput limitations of the frame-work and is intended to work in conjunction with existing communication mediums. Testing of the framework extensions shows an increase in throughput performance of up to 300× that of the current direct mes-sage passing framework at the cost of increased single message laten-cy of up to 2×. This trade-off is considered acceptable as the proposed extensions are intended for bulk data transfer only while the existing message passing functionality of the framework is preserved and can be used in situations where low latency is required for small messages.
- Full Text:
- Date Issued: 2018
Hybrid Sensor Simulation within an ICS Testbed
- Shaw, Brent, Irwin, Barry V W
- Authors: Shaw, Brent , Irwin, Barry V W
- Date: 2018
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427713 , vital:72457 , https://www.researchgate.net/profile/Barry-Ir-win/publication/327624204_Hybrid_Sensor_Simulation_within_an_ICS_Testbed/links/5b9a50d8299bf14ad4d79587/Hybrid-Sensor-Simulation-within-an-ICS-Testbed.pdf
- Description: Industrial Control Systems (ICS) are responsible for managing factories, power-grids and water treatment facilities, and play a key role in running and controlling national Critical Information Infrastructure (CII). The integrity and availability of these systems are paramount, and the threat of cyberphysical attacks on these systems warrant thorough research into ensuring their security. The increasing interconnectivity seen in both the domestic and industrial sectors exposes numerous devices and systems to the Internet. These devices are exposed to malware and advanced persistent threats, that can affect CII through the attack of ICS. While simulations provide insights into how systems might react to certain changes, they generally lack the ability to be integrated into existing hardware systems. Hybrid testbeds could provide a platform for testing hardware and software components, enabling researchers to examine the interactions between various different networking through exploratory research and investigation in a controlled environment. This work presents an approach to traffic generation for use within ICS/IoT testbeds, through the production of Docker-based simulation nodes that are constructed based on the configuration of the system.
- Full Text:
- Date Issued: 2018
- Authors: Shaw, Brent , Irwin, Barry V W
- Date: 2018
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427713 , vital:72457 , https://www.researchgate.net/profile/Barry-Ir-win/publication/327624204_Hybrid_Sensor_Simulation_within_an_ICS_Testbed/links/5b9a50d8299bf14ad4d79587/Hybrid-Sensor-Simulation-within-an-ICS-Testbed.pdf
- Description: Industrial Control Systems (ICS) are responsible for managing factories, power-grids and water treatment facilities, and play a key role in running and controlling national Critical Information Infrastructure (CII). The integrity and availability of these systems are paramount, and the threat of cyberphysical attacks on these systems warrant thorough research into ensuring their security. The increasing interconnectivity seen in both the domestic and industrial sectors exposes numerous devices and systems to the Internet. These devices are exposed to malware and advanced persistent threats, that can affect CII through the attack of ICS. While simulations provide insights into how systems might react to certain changes, they generally lack the ability to be integrated into existing hardware systems. Hybrid testbeds could provide a platform for testing hardware and software components, enabling researchers to examine the interactions between various different networking through exploratory research and investigation in a controlled environment. This work presents an approach to traffic generation for use within ICS/IoT testbeds, through the production of Docker-based simulation nodes that are constructed based on the configuration of the system.
- Full Text:
- Date Issued: 2018
Offline-First Design for Fault Tolerant Applications.
- Linklater, Gregory, Marais, Craig, Herbert, Alan, Irwin, Barry V W
- Authors: Linklater, Gregory , Marais, Craig , Herbert, Alan , Irwin, Barry V W
- Date: 2018
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427683 , vital:72455 , https://www.researchgate.net/profile/Barry-Irwin/publication/327624337_Offline-First_Design_for_Fault_Tolerant_Applications/links/5b9a50a1458515310584ebbe/Offline-First-Design-for-Fault-Tolerant-Applications.pdf
- Description: Faults are inevitable and frustrating, as we increasingly depend on network access and the chain of services that provides it, we suffer a greater loss in productivity when any of those services fail and service delivery is suspended. This research explores connectivity and infrastructure fault tolerance through offline-first application design using techniques such as CQRS and event sourcing. To apply these techniques, this research details the design, and implementation of LOYALTY TRACKER; an offline-first, PoS system for the Android platform that was built to operate in the context of a small pub where faults are commonplace. The application demonstrates data consistency and integrity and a complete feature set that continues to operate while offline but is limited by scalability. The application successfully achieves it’s goals in the limited capacity for which it was designed.
- Full Text:
- Date Issued: 2018
- Authors: Linklater, Gregory , Marais, Craig , Herbert, Alan , Irwin, Barry V W
- Date: 2018
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427683 , vital:72455 , https://www.researchgate.net/profile/Barry-Irwin/publication/327624337_Offline-First_Design_for_Fault_Tolerant_Applications/links/5b9a50a1458515310584ebbe/Offline-First-Design-for-Fault-Tolerant-Applications.pdf
- Description: Faults are inevitable and frustrating, as we increasingly depend on network access and the chain of services that provides it, we suffer a greater loss in productivity when any of those services fail and service delivery is suspended. This research explores connectivity and infrastructure fault tolerance through offline-first application design using techniques such as CQRS and event sourcing. To apply these techniques, this research details the design, and implementation of LOYALTY TRACKER; an offline-first, PoS system for the Android platform that was built to operate in the context of a small pub where faults are commonplace. The application demonstrates data consistency and integrity and a complete feature set that continues to operate while offline but is limited by scalability. The application successfully achieves it’s goals in the limited capacity for which it was designed.
- Full Text:
- Date Issued: 2018
Real-time geotagging and filtering of network data using a heterogeneous NPU-CPU architecture
- Pennefather, Sean, Bradshaw, Karen L, Irwin, Barry V W
- Authors: Pennefather, Sean , Bradshaw, Karen L , Irwin, Barry V W
- Date: 2018
- Subjects: To be catalogued
- Language: English
- Type: text , book
- Identifier: http://hdl.handle.net/10962/460603 , vital:75968 , ISBN 9780620810227
- Description: In this paper, we present the design and implementation of a NPU-CPU heterogeneous network monitoring application. This application allows for both filtering and monitoring operations to be performed on network traffic based on country of origin or destination of IP traffic in real-time at wire speeds up to 1 Gbit/s. This is achievable by distributing the application components to the relevant candidate architectures, leveraging the strengths of each. Communication between architectures is handled at runtime by a low latency synchronous message passing library. Testing of the implemented application indicates that the system can perform geolocation lookups on network traffic in real-time without impacting network throughput.
- Full Text:
- Date Issued: 2018
- Authors: Pennefather, Sean , Bradshaw, Karen L , Irwin, Barry V W
- Date: 2018
- Subjects: To be catalogued
- Language: English
- Type: text , book
- Identifier: http://hdl.handle.net/10962/460603 , vital:75968 , ISBN 9780620810227
- Description: In this paper, we present the design and implementation of a NPU-CPU heterogeneous network monitoring application. This application allows for both filtering and monitoring operations to be performed on network traffic based on country of origin or destination of IP traffic in real-time at wire speeds up to 1 Gbit/s. This is achievable by distributing the application components to the relevant candidate architectures, leveraging the strengths of each. Communication between architectures is handled at runtime by a low latency synchronous message passing library. Testing of the implemented application indicates that the system can perform geolocation lookups on network traffic in real-time without impacting network throughput.
- Full Text:
- Date Issued: 2018
Toward distributed key management for offline authentication
- Linklater, Gregory, Smith, Christian, Herbert, Alan, Irwin, Barry V W
- Authors: Linklater, Gregory , Smith, Christian , Herbert, Alan , Irwin, Barry V W
- Date: 2018
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430283 , vital:72680 , https://doi.org/10.1145/3278681.3278683
- Description: Self-sovereign identity promises prospective users greater control, security, privacy, portability and overall greater convenience; however the immaturity of current distributed key management solutions results in general disregard of security advisories in favour of convenience and accessibility. This research proposes the use of intermediate certificates as a distributed key management solution. Intermediate certificates will be shown to allow multiple keys to authenticate to a single self-sovereign identity. Keys may be freely added to an identity without requiring a distributed ledger, any other third-party service or sharing private keys between devices. This research will also show that key rotation is a superior alternative to existing key recovery and escrow systems in helping users recover when their keys are lost or compromised. These features will allow remote credentials to be used to issuer, present and appraise remote attestations, without relying on a constant Internet connection.
- Full Text:
- Date Issued: 2018
- Authors: Linklater, Gregory , Smith, Christian , Herbert, Alan , Irwin, Barry V W
- Date: 2018
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430283 , vital:72680 , https://doi.org/10.1145/3278681.3278683
- Description: Self-sovereign identity promises prospective users greater control, security, privacy, portability and overall greater convenience; however the immaturity of current distributed key management solutions results in general disregard of security advisories in favour of convenience and accessibility. This research proposes the use of intermediate certificates as a distributed key management solution. Intermediate certificates will be shown to allow multiple keys to authenticate to a single self-sovereign identity. Keys may be freely added to an identity without requiring a distributed ledger, any other third-party service or sharing private keys between devices. This research will also show that key rotation is a superior alternative to existing key recovery and escrow systems in helping users recover when their keys are lost or compromised. These features will allow remote credentials to be used to issuer, present and appraise remote attestations, without relying on a constant Internet connection.
- Full Text:
- Date Issued: 2018
Towards Enhanced Threat Intelligence Through NetFlow Distillation
- Herbert, Alan, Irwin, Barry V W
- Authors: Herbert, Alan , Irwin, Barry V W
- Date: 2018
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427699 , vital:72456 , https://www.researchgate.net/profile/Barry-Ir-win/publication/327624198_Towards_Enhanced_Threat_Intelligence_Through_NetFlow_Distillation/links/5b9a501fa6fdcc59bf8ee8ea/Towards-Enhanced-Threat-Intelligence-Through-NetFlow-Distillation.pdf
- Description: Bolvedere is a hardware-accelerated NetFlow analysis platform intended to discern and distribute NetFlow records in a requested format by a user. This functionality removes the need for a user to deal with the NetFlow protocol directly, and also reduces the requirement of CPU resources as data would be passed on to a host in the known requested format.
- Full Text:
- Date Issued: 2018
- Authors: Herbert, Alan , Irwin, Barry V W
- Date: 2018
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427699 , vital:72456 , https://www.researchgate.net/profile/Barry-Ir-win/publication/327624198_Towards_Enhanced_Threat_Intelligence_Through_NetFlow_Distillation/links/5b9a501fa6fdcc59bf8ee8ea/Towards-Enhanced-Threat-Intelligence-Through-NetFlow-Distillation.pdf
- Description: Bolvedere is a hardware-accelerated NetFlow analysis platform intended to discern and distribute NetFlow records in a requested format by a user. This functionality removes the need for a user to deal with the NetFlow protocol directly, and also reduces the requirement of CPU resources as data would be passed on to a host in the known requested format.
- Full Text:
- Date Issued: 2018
Violations of good security practices in graphical passwords schemes: Enterprise constraints on scheme-design
- Vorster, Johannes, Irwin, Barry V W, van Heerden, Renier P
- Authors: Vorster, Johannes , Irwin, Barry V W , van Heerden, Renier P
- Date: 2018
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430324 , vital:72683 , https://researchspace.csir.co.za/dspace/bitstream/handle/10204/10919/Vorster_22337_2018.pdf?sequence=1isAllowed=y
- Description: During the past decade, the sophistication and maturity of Enterprise-level Information Security (EIS) Standards and Systems has increased significantly. This maturity, particularly in the handling of enterprise-wide capability models, has led to a set of standards – e.g. ISO/IEC 27001, NIST 800-53, ISO/IEC 27789 and CSA CCM – that propose controls applicable to the implementation of an Information Security Manage-ment System (ISMS). By nature, the academic community is fruitful in its endeavour to propose new password schemes; and Graphical Passwords (GPs) have had many proposals for schemes. In this paper, we explore the impact of good security standards and lessons-learnt over the past decade of EID as a model of constraint on GPs schemes. The paper focuses on a number of GP schemes and points out the var-ious security constraints and limitations, if such schemes are to be im-plemented at the enterprise level.
- Full Text:
- Date Issued: 2018
- Authors: Vorster, Johannes , Irwin, Barry V W , van Heerden, Renier P
- Date: 2018
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430324 , vital:72683 , https://researchspace.csir.co.za/dspace/bitstream/handle/10204/10919/Vorster_22337_2018.pdf?sequence=1isAllowed=y
- Description: During the past decade, the sophistication and maturity of Enterprise-level Information Security (EIS) Standards and Systems has increased significantly. This maturity, particularly in the handling of enterprise-wide capability models, has led to a set of standards – e.g. ISO/IEC 27001, NIST 800-53, ISO/IEC 27789 and CSA CCM – that propose controls applicable to the implementation of an Information Security Manage-ment System (ISMS). By nature, the academic community is fruitful in its endeavour to propose new password schemes; and Graphical Passwords (GPs) have had many proposals for schemes. In this paper, we explore the impact of good security standards and lessons-learnt over the past decade of EID as a model of constraint on GPs schemes. The paper focuses on a number of GP schemes and points out the var-ious security constraints and limitations, if such schemes are to be im-plemented at the enterprise level.
- Full Text:
- Date Issued: 2018
- «
- ‹
- 1
- ›
- »