| 1. |
- Afzal, Zeeshan, 1991-
(författare)
-
Towards Secure Multipath TCP Communication
- 2017
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The evolution in networking coupled with an increasing demand to improve user experience has led to different proposals to extend the standard TCP. Multipath TCP (MPTCP) is one such extension that has the potential to overcome few inherent limitations in the standard TCP. While MPTCP's design and deployment progresses, most of the focus has been on its compatibility. The security aspect is confined to making sure that the MPTCP protocol itself offers the same security level as the standard TCP.The topic of this thesis is to investigate the unexpected security implications raised by using MPTCP in the traditional networking environment. The Internet of today has security middle-boxes that perform traffic analysis to detect intrusions and attacks. Such middle-boxes make use of different assumptions about the traffic, e.g., traffic from a single connection always arrives along the same path. This along with many other assumptions may not be true anymore with the advent of MPTCP as traffic can be fragmented and sent over multiple paths simultaneously.We investigate how practical it is to evade a security middle-box by fragmenting and sending traffic across multiple paths using MPTCP. Realistic attack traffic is used to evaluate such attacks against Snort IDS to show that these attacks are feasible. We then go on to propose possible solutions to detect such attacks and implement them in an MPTCP proxy. The proxy aims to extend the MPTCP performance advantages to servers that only support standard TCP, while ensuring that intrusions can be detected as before. Finally, we investigate the potential MPTCP scenario where security middle-boxes only have access to some of the traffic. We propose and implement an algorithm to perform intrusion detection in such situations and achieve a nearly 90% detection accuracy. Another contribution of this work is a tool, that converts IDS rules into equivalent attack traffic to automate the evaluation of a middle-box.
|
|
| 2. |
- Berthold, Stefan
(författare)
-
Inter-temporal Privacy Metrics
- 2014
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Informational privacy of individuals has significantly gained importance after information technology has become widely deployed. Data, once digitalised, can be copied, distributed, and long-term stored at negligible costs. This has dramatic consequences for individuals that leave traces in the form of personal data whenever they interact with information technology, for instance, computers and phones; or even when information technology is recording the personal data of aware or unaware individuals. The right of individuals for informational privacy, in particular to control the flow and use of their personal data, is easily undermined by those controlling the information technology.The objective of this thesis is to study the measurement of informational privacy with a particular focus on scenarios where an individual discloses personal data to a second party which uses this data for re-identifying the individual within a set of other individuals. We contribute with privacy metrics for several instances of this scenario in the publications included in this thesis, most notably one which adds a time dimension to the scenario for modelling the effects of the time passed between data disclosure and usage. The result is a new framework for inter-temporal privacy metrics.
|
|
| 3. |
- Berthold, Stefan, 1982-
(författare)
-
Towards Inter-temporal Privacy Metrics
- 2011
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Informational privacy of individuals has significantly gained importance after information technology has become widely deployed. Data, once digitalised, can be copied and distributed at negligible costs. This has dramatic consequences for individuals that leave traces in form of personal data whenever they interact with information technology. The right of individuals for informational privacy, in particular to control the flow and use of their personal data, is easily undermined by those controlling the information technology. The objective of this thesis is the measurement of informational privacy with a particular focus on scenarios where an individual discloses personal data to a second party, the data controller, which uses this data for re-identifying the individual within a set of others, the population. Several instances of this scenario are discussed in the appended papers, most notably one which adds a time dimension to the scenario for modelling the effects of the time passed between data disclosure and usage. This extended scenario leads to a new framework for inter-temporal privacy metrics. The common dilemma of all privacy metrics is their dependence on the information available to the data controller. The same information may or may not be available to the individual and, as a consequence, the individual may be misguided in his decisions due to his limited access to the data controller’s information when using privacy metrics. The goal of this thesis is thus not only the specification of new privacy metrics, but also the contribution of ideas for mitigating this dilemma. However a solution will rather be a combination of technological, economical and legal means than a purely technical solution.
|
|
| 4. |
- Brunström, Anna, et al.
(författare)
-
NEWCOM DR6.2: First report on frameworks/models matching Department 6 needs
- 2005
-
Rapport (refereegranskat)abstract
- During the first phase of NEWCOM the focus areas of Department 6 were identified and refined. A number of relevant knowledge gaps were identified for the areas transport protocols, architectures and cross-layer aspects, and modelling. In this deliverable we describe a first set of frameworks/models to support research integration within the Department. The integration approach and the defined models/frameworks are described for each one of the selected knowledge gaps. The deliverable also includes a report on tools, software libraries and traces that can be shared between the partners
|
|
| 5. |
- Hasselström, Nicklas, et al.
(författare)
-
The Design, Implementation, and Performance Evaluation of Secure Socket SCTP 2.0
- 2015
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- The Stream Control Transmission Protocol (SCTP) is acomparatively new transport protocol that presents some advanced features compared to other standardized transport protocols. However, there are currently no standardized end-to-end security solutions suited for SCTP. One proposal for end-to-end encryption is the Secure Socket SCTP (S2-SCTP) protocol, developed by researchers at Karlstad University. The security solution for SCTP described in this report uses key agreement for obtaining keys to be able to provide data confidentiality by encryption. The protocol is based on the S2-SCTP protocol, with smaller changes, and an overlaying management protocol has been designed and implemented. The management protocolis used to enable encryption and TLS authentication, to give a secure communication library over existing Berkeley Sockets. The performance evaluation of S2-SCTP compared to the already standardized end-to-endsecurity solutions, i.e., TLS over SCTP and DTLS over SCTP, shows that S2-SCTP achieves a higher throughput while still maintaining most of the advantages of SCTP.
|
|
| 6. |
- Hedbom, Hans, et al.
(författare)
-
A Comparison of the Security of Windows NT and UNIX
- 1998
-
Konferensbidrag (refereegranskat)abstract
- This paper presents a brief comparison of two operating systems, Windows NT and UNIX. The comparison covers two different aspects. First, we compare the main security features of the two operating systems and then we make a comparison of a selection of vulnerabilities most of which we know have been used for making real intrusions. We found that Windows NT has slightly more rigorous security features than standard UNIX but the two systems display similar vulnerabilities. The conclusion is that there are no significant differences in the real level of security between these systems
|
|
| 7. |
- Hedbom, Hans, et al.
(författare)
-
Analysis of the Security of Windows NT
- 1998
-
Rapport (refereegranskat)abstract
- This paper presents an analysis of the security in Windows NT 4.0, working in both stand-alone and networking mode. The objective of the work was to find out how secure this operating system actually is. A technical overview of the system, and in particular its security features is given. The system security was analyzed and practical intrusion attempts were made in order to verify vulnerabilities or to find new ones. All vulnerabilities are described in detail and classified according to a classification scheme. A comparison to commonly known UNIX weaknesses was made. It revealed generic similarities between the two systems to a surprisingly high degree. Finally a number of recommendations are given. The paper concludes that there are ample opportunities to improve the security of Windows NT. We have reason to believe that it is probably not higher than that of UNIX
|
|
| 8. |
- Lindskog, Bengt I., et al.
(författare)
-
Medicinsk terminologi
- 2004
-
Bok (övrigt vetenskapligt/konstnärligt)
|
|
| 9. |
- Adestam, Johan, 1982-
(författare)
-
Den dokumentvillkorade garantin
- 2014
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Den dokumentvillkorade garantin, som i praktiken vanligen betecknas som självständig, känneteck-nas av att villkoren i utfästelsen väsentligen endast innefattar villkor som refererar till att vissa angivna dokument presenteras för garanten. Dokumentvillkorade garantier förekommer vanligtvis i avtalsstrukturer som involverar ett flertal olika avtal och parter. De typer av avtal som omfattas av sådana avtalsstrukturer ger upphov till speciella rättsliga frågor. Avhandlingen belyser ett antal sådana frågor ur ett svenskt perspektiv, genom att beskriva rättsnormers utformning och tillämpning på olika typer av fall. Särskild vikt läggs vid att upprätthålla ett språkbruk som möjliggör att detta sker på ett motsägelsefritt och rättvisande sätt.En fråga av grundläggande betydelse är hur garantier kan klassificeras på ett sätt som bidrar till att besvara nyss nämnda typ av frågor. En sådan klassifikation, baserad på garantiers innehåll, klargör vad som skiljer den dokumentvillkorade garantin från andra typer av garantier. När det gäller den rättsliga relationen mellan parterna till ett avtal i vilket det föreskrivs att den ena parten, gäldenären, ska låta ombesörja att det ställs ut en garanti till motparten, berörs i synnerhet frågan under vilka omständigheter motparten är fri att begära fullgörelse av garantin och frågan under vilka omständigheter det uppkommer en återkravsrätt för gäldenären gentemot motparten (beneficienten). I fråga om den rättsliga relationen mellan garanten och beneficienten behandlas särskilt frågorna hur man genom tolkning avgör om en garanti är dokumentvillkorad eller inte, hur dokumentvillkoren i en dokumentvillkorad garanti ska tolkas och i vilken mån det finns speciella rättsnormer tillämpliga på dokumentvillkorade garantier. Ytterligare en fråga rör tillämpningen av den tvingande regeln om rättsmissbruk, enligt vilken beneficienten saknar rätt till fullgörelse av garanten om det föreligger rättsmissbruk. Såvitt avser den rättsliga relationen mellan uppdragsgivare och uppdragstagare i uppdrag som relaterar till utfärdandet av en dokumentvillkorad garanti berörs i synnerhet frågan under vilka omständigheter en uppdragstagare har regressrätt gentemot sin uppdragsgivare. En fråga av allmän betydelse är vad som i olika avseenden krävs för att intresset av att uppdragstagare till sådana uppdrag inte ska ha incitament att undersöka svårbedömda omständigheter ska tillgodoses.
|
|
| 10. |
- Afzal, Zeeshan, 1991-, et al.
(författare)
-
A Multipath TCP Proxy
- 2015
-
Konferensbidrag (refereegranskat)abstract
- Multipath TCP (MPTCP) is an extension to traditionalTCP that enables a number of performance advantages,which were not offered before. While the protocol specificationis close to being finalized, there still remain some concernsregarding deployability and security. This paper describes theon going work to develop a solution that will facilitate thedeployment of MPTCP. The solution will not only allow non-MPTCP capable end-hosts to benefit from MPTCP performancegains, but also help ease the network security concerns that manymiddleboxes face due to the possibility of data stream beingfragmented across multiple subflows.
|
|
