Rhodes University Logo
Rhodes > Computer Science > Research > Security & Networks > Publications

Publications

PDF SNRG Research theses are available

Matching entries: 0

settings...
AuthorTitleYearJournal/ProceedingsReftypeDOI/URL
Frieslaar, I. and Irwin, B. Investigating the Electromagnetic Leakage from a Raspberry Pi 2017 2017 Information Security for South Africa, pp. 22-31  inproceedings  
Abstract: This research investigates the Electromagnetic (EM)
side channel leakage of a Raspberry Pi 2 B+. An evaluation is
performed on the EM leakage as the device executes the AES-128
cryptographic algorithm contained in the Crypto++ library in a
threaded environment. Four multi-threaded implementations are
evaluated. These implementations are Portable Operating System
Interface Threads, C++11 threads, Threading Building Blocks,
and OpenMP threads. It is demonstrated that the various thread
techniques have distinct variations in frequency and shape as EM
emanations is leaked from the Raspberry Pi. Additionally, noise
is introduced while the cryptographic algorithm executes. The
results indicates that tt is still possible to visibly see the execution
of the cryptographic algorithm. However, out of 50 occasions the
cryptographic execution was not detected 32 times. It was further
identified when calculating prime numbers, the cryptographic
algorithm becomes hidden. Furthermore, the analysis pointed in
the direction that when high prime numbers are calculated there
is a window where the cryptographic algorithm can not be seen
visibly in the EM spectrum.
BibTeX:
@inproceedings{Frieslaar2017a,
  author = {Ibraheem Frieslaar and Barry Irwin},
  title = {Investigating the Electromagnetic Leakage from a Raspberry Pi},
  booktitle = {2017 Information Security for South Africa},
  publisher = {IEEE},
  year = {2017},
  pages = {22--31},
  note = {ISBN 978-1-5386-0544-8}
}
Mnjama, J., Foster, G. and Irwin, B. A Privacy and Security Threat Assessment Framework for Consumer Health Wearables 2017 2017 Information Security for South Africa, pp. 66-73  inproceedings  
Abstract: Health data is important as it provides an individual
with knowledge of the factors needed to be improved for oneself.
The development of fitness trackers and their associated software
aid consumers to understand the manner in which they may
improve their physical wellness. These devices are capable of
collecting health data for a consumer such sleeping patterns,
heart rate readings or the number of steps taken by an
individual. Although, this information is very beneficial to guide
a consumer to a better healthier state, it has been identified that
they have privacy and security concerns.
Privacy and Security are of great concern for fitness trackers and
their associated applications as protecting health data is of
critical importance. This is so, as health data is one of the highly
sort after information by cyber criminals. Fitness trackers and
their associated applications have been identified to contain
privacy and security concerns that places the health data of
consumers at risk to intruders. As the study of Consumer Health
continues to grow it is vital to understand the elements that are
needed to better protect the health information of a consumer.
This research paper therefore provides a conceptual threat
assessment framework that can be used to identify the elements
needed to better secure Consumer Health Wearables. These
elements consist of six core elements from the CIA triad and
Microsoft STRIDE framework. Fourteen vulnerabilities were
further discovered that were classified within these six core
elements. Through this, better guidance can be achieved to
improve the privacy and security of Consumer Health
Wearables.
BibTeX:
@inproceedings{Mnjama2017,
  author = {Javan Mnjama and  Greg Foster and Barry Irwin},
  title = {A Privacy and Security Threat Assessment Framework for Consumer Health Wearables},
  booktitle = {2017 Information Security for South Africa},
  publisher = {IEEE},
  year = {2017},
  pages = {66--73},
  note = {ISBN 978-1-5386-0544-8}
}
Pennefather, S. and Irwin, B. Design and Application of Link: A DSL for Frame Manipulation 2017 2017 Information Security for South Africa, pp. 48-55  inproceedings  
Abstract: This paper describes the design and application of
Link, a Domain Specific Language (DSL) targeting the develop-
ment of network applications focused on traffic manipulation at
the frame level. The development of Link is described through
the identification and evaluation of intended applications and
an example translator is implemented to target the FRAME
board which was developed in conjunction with this research.
Four application examples are then provided to help describe
the feasibility of Link when
BibTeX:
@inproceedings{Pennefather2017a,
  author = {Sean Pennefather and Barry Irwin},
  title = {Design and Application of Link: A DSL for Frame Manipulation},
  booktitle = {2017 Information Security for South Africa},
  publisher = {IEEE},
  year = {2017},
  pages = {48--55},
  note = {ISBN 978-1-5386-0544-8}
}
Frieslaar, I. and Irwin, B. Investigating the Effects Different C/C++ Compilers Have on the Electromagnetic Signature of a Cryptographic Executable 2017 Proceedings of South African Institute of Computer Scientists and Information Technologists (SAICSIT), pp. 135-144  inproceedings DOI  
Abstract: This research investigates changes in the electromagnetic (EM)
signatures of a cryptographic binary executable based on compiletime
parameters to the GNU and clang compilers. The source code
was compiled and executed on a Raspberry Pi 2, which utilizes the
ARMv7 CPU. Various optimization ags are enabled at compile-time
and the output of the binary executable’s EM signatures are captured
at run-time. It is demonstrated that GNU and clang compilers
produced di!erent EM signature on program execution. The results
indicated while utilizing the O3 optimization ag, the EM signature
of the program changes. Additionally, the g++ compiler demonstrated
fewer instructions were required to run the executable; this
related to fewer EM emissions leaked. The EM data from the various
compilers under di!erent optimization levels was used as input
data for a correlation power analysis attack. The results indicated
that partial AES-128 encryption keys was possible. In addition, the
fewest subkeys recovered was when the clang compiler was used
with level O2 optimization. Finally, the research was able to recover
15 of 16 AES-128 cryptographic algorithm’s subkeys, from the the
Pi.
BibTeX:
@inproceedings{Frieslaar2017c,
  author = {Ibraheem Frieslaar and Barry Irwin},
  title = {Investigating the Effects Different C/C++ Compilers Have on the Electromagnetic Signature of a Cryptographic Executable},
  booktitle = {Proceedings of South African Institute of Computer Scientists and Information Technologists (SAICSIT)},
  publisher = {ACM},
  year = {2017},
  pages = {135-144},
  note = {ISBN 978-1-4503-5384-7.},
  doi = {http://doi.org/10.1145/3129416.3129436}
}
Frieslaar, I. and Irwin, B. Investigating the utilization of the secure hash algorithm to generate electromagnetic noise. 2017 Proceedings of the 9th International Conference on Signal Processing Systems  inproceedings DOI URL 
Abstract: This research introduces an electromagnetic (EM) noise generator
known as the FRIES noise generator to mitigate and obfuscate Side
Channel Analysis (SCA) attacks against a Raspberry Pi. The FRIES
noise generator utilizes the implementation of the Secure Hash
Algorithm (SHA) from OpenSSL to generate white noise within
the EM spectrum. This research further contributes to the body
of knowledge by demonstrating that the SHA implementation of
libcrypto++ and OpenSSL had different EM signatures. It was further
revealed that as a more secure implementation of the SHA was
executed additional data lines were used, resulting in increased EM
emissions. It was demonstrated that the OpenSSL implementations
of the SHA was more optimized as opposed to the libcrypto++ implementation
by utilizing less resources and not leaving the device
in a bottleneck. The FRIES daemon added noise to the EM leakage
which prevents the visual location of the AES-128 cryptographic
implementation. Finally, the cross-correlation test demonstrated
that the EM features of the AES-128 algorithm was not detected
within the FRIES noise.
BibTeX:
@inproceedings{Frieslaar2017d,
  author = {Ibraheem Frieslaar and Barry Irwin},
  title = {Investigating the utilization of the secure hash algorithm to generate electromagnetic noise.},
  booktitle = {Proceedings of the 9th International Conference on Signal Processing Systems},
  publisher = {ACM},
  year = {2017},
  note = {ISBN 978-1-4503-5384-7.},
  url = {http://doi.acm.org/10.1145/},
  doi = {10.1145/}
}
Frieslaar, I. and Irwin, B. Recovering AES-128 Encryption Keys from a Raspberry Pi 2017 Southern Africa Telecommunication Networks and Applications Conference (SATNAC), pp. 228-233  inproceedings  
Abstract: This research is the first of its kind to perform
a successful side channel analysis attack on a symmetric en-
cryption algorithm executing on a Raspberry Pi. It is demon-
strated that the AES-128 encryption algorithm of the Crypto++
library is vulnerable against the Correlation Power Analysis
(CPA) attack. Furthermore, digital processing techniques such
as dynamic time warping and filtering are used to recovery the
full encryption key. In Addition, it is illustrated that the area
above and around the CPU of the Raspberry Pi leaks out critical
and secret information.
BibTeX:
@inproceedings{Frieslaar2017b,
  author = {Ibraheem Frieslaar and Barry Irwin},
  title = {Recovering AES-128 Encryption Keys from a Raspberry Pi},
  booktitle = {Southern Africa Telecommunication Networks and Applications Conference (SATNAC)},
  year = {2017},
  pages = {228--233}
}
Linklater, G., Smith, C., Connan, J., Herbert, A. and Irwin, B. JSON Schema for Attribute-based Access Control for Network Resource Security 2017 Southern Africa Telecommunication Networks and Applications Conference (SATNAC), pp. 360-365  inproceedings  
Abstract: Attribute-based Access Control (ABAC) is an access
control model where authorization for an action on a resource
is determined by evaluating attributes of the subject, resource
(object) and environment. The attributes are evaluated against
boolean rules of varying complexity. ABAC rule languages
are often based on serializable object modeling and schema
languages as in the case of XACML which is based on XML
Schema. XACML is a standard by OASIS, and is the current de
facto standard for ABAC. While a JSON profile for XACML
exists, it is simply a compatibility layer for using JSON in
XACML which caters to the XML object model paradigm, as
opposed to the JSON object model paradigm. This research
proposes JSON Schema as a modeling language that caters to
the JSON object model paradigm on which to base an ABAC
rule language. It continues to demonstrate its viability for the
task by comparison against the features provided to XACML by
XML Schema.
BibTeX:
@inproceedings{Linklater2017,
  author = {Gregory Linklater and Christian Smith and James Connan and Alan Herbert and Barry Irwin},
  title = {JSON Schema for Attribute-based Access Control for Network Resource Security},
  booktitle = {Southern Africa Telecommunication Networks and Applications Conference (SATNAC)},
  year = {2017},
  pages = {360--365}
}
Chindipha, S.D. and Irwin, B. An Analysis on the Re-emergence of SQL Slammer Worm Using Network Telescope Data 2017 Southern Africa Telecommunication Networks and Applications Conference (SATNAC), pp. 222-227  inproceedings  
Abstract: The SQL Slammer worm is a self propagated
computer virus that caused a denial of service on some Internet
hosts and dramatically slowed down general Internet traffic.
An observation of network traffic captured in the Rhodes
University’s network telescopes shows that traffic observed in
it shows an escalation in the number of packets captured by the
telescopes between January 2014 and December 2016 when the
expected traffic was meant to take a constant decline in UDP
packets from port 1434. Using data captured over a period of
84 months, the analysis done in this study identified top ten /24
source IP addresses that Slammer worm repeatedly used for this
attack together with their geolocation. It also shows the trend
of UDP 1434 packets received by the two network telescopes
from January 2009 to December 2015. In line with epidemic
model, the paper has shown how this traffic fits in as SQL
Slammer worm attack. Consistent number of packets observed
in the two telescopes between 2014 and 2016 shows qualities of
the Slammer worm attack. Basic time series and decomposition
of additive time series graphs have been used to show trend and
observed UDP packets over the time frame of study.
BibTeX:
@inproceedings{Linklater2017,
  author = {Stones Dalitso Chindipha and Barry Irwin},
  title = {An Analysis on the Re-emergence of SQL Slammer Worm Using Network Telescope Data},
  booktitle = {Southern Africa Telecommunication Networks and Applications Conference (SATNAC)},
  year = {2017},
  pages = {222--227}
}
Motara, Y.M. and Irwin, B. SHA-1, SAT-solving, and CNF 2017 Southern Africa Telecommunication Networks and Applications Conference (SATNAC), pp. 216-221  inproceedings  
Abstract: Finding a preimage for a SHA-1 hash is, at present,
a computationally intractable problem. SAT-solvers have been
useful tools for handling such problems and can often, through
heuristics, generate acceptable solutions. This research examines
the intersection between the SHA-1 preimage problem, the
encoding of that problem for SAT-solving, and SAT-solving. The
results demonstrate that SAT-solving is not yet a viable approach
to take to solve the preimage problem, and also indicate that
some of the intuitions about “good” problem
BibTeX:
@inproceedings{Motara2017,
  author = {Yusuf Moosa Motara and Barry Irwin},
  title = {SHA-1, SAT-solving, and CNF},
  booktitle = {Southern Africa Telecommunication Networks and Applications Conference (SATNAC)},
  year = {2017},
  pages = {216--221}
}
Pearson, D., Irwin, B. and Herbert, A. Weems: An Extensible HTTP Honeypot 2017 Southern Africa Telecommunication Networks and Applications Conference (SATNAC), pp. 234-239  inproceedings  
Abstract: Malicious entities are constantly trying their luck at
exploiting known vulnerabilities in web services, in an attempt
to gain access to resources unauthorized access to resources. For
this reason security specialists deploy various network defenses
with the goal preventing these threats; one such tool used are
web based honeypots. Historically a honeypot will be deployed
facing the Internet to masquerade as a live system with the
intention of attracting attackers away from the valuable data.
Researchers adapted these honeypots and turned them into a
platform to allow for the studying and understanding of web
attacks and threats on the Internet. Having the ability to develop
a honeypot to replicate a specific service meant researchers
can now study the behavior patterns of threats, thus giving a
better understanding of how to defend against them. This paper
discusses a high-level design and implementation of Weems, a
low-interaction web based modular HTTP honeypot system. It
also presents results obtained from various deployments over a
period of time and what can be interpreted from these results.
BibTeX:
@inproceedings{Pearson2017,
  author = {Deon Pearson and Barry Irwin and Alan Herbert},
  title = {Weems: An Extensible HTTP Honeypot},
  booktitle = {Southern Africa Telecommunication Networks and Applications Conference (SATNAC)},
  year = {2017},
  pages = {234--239}
}
Pennefather, S., Bradshaw, K. and Irwin, B. Design of a Message Passing Model for Use in a Heterogeneous CPU-NFP Framework for Network Analytics 2017 (178-183)Southern Africa Telecommunication Networks and Applications Conference (SATNAC)  inproceedings  
Abstract: Currently, network analytics requires direct access
to network packets, normally through a third-party application,
which means that obtaining realtime results is difficult. We
propose the NFP-CPU heterogeneous framework to allow parts
of applications written in the Go programming language to be
executed on a Network Flow Processor (NFP) for enhanced
performance. This paper explores the need and feasibility of
implementing a message passing model for data transmission
between the NFP and CPU, which is the crux of such a
heterogeneous framework. Architectural differences between the
two domains are highlighted within this context and we present
a solution to bridging these differences.
BibTeX:
@inproceedings{Pennefather2017b,
  author = {Sean Pennefather and Karen Bradshaw and Barry Irwin},
  title = {Design of a Message Passing Model for Use in a Heterogeneous CPU-NFP Framework for Network Analytics},
  booktitle = {Southern Africa Telecommunication Networks and Applications Conference (SATNAC)},
  year = {2017},
  number = {178-183}
}
Sweeney, M. and Irwin, B. NetFlow Scoring Framework for Incident Detection 2017 Southern Africa Telecommunication Networks and Applications Conference (SATNAC), pp. 310-315  inproceedings  
BibTeX:
@inproceedings{Sweeney2017,
  author = {Michael Sweeney and Barry Irwin},
  title = {NetFlow Scoring Framework for Incident Detection},
  booktitle = {Southern Africa Telecommunication Networks and Applications Conference (SATNAC)},
  year = {2017},
  pages = {310--315}
}

Created by JabRef on 20/09/2017.

Last Modified: Thu, 05 Jul 2018 12:57:36 SAST