Sample records for information disclosure attacks

  1. U-093: Mozilla Firefox Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting Attacks

    Broader source: Energy.gov [DOE]

    Mozilla Firefox Multiple Flaws Permit Remote Code Execution, Information Disclosure, and Cross-Site Scripting.

  2. U-200: Red Hat Directory Server Information Disclosure Security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Red Hat Directory Server Information Disclosure Security Issue and Vulnerability U-200: Red Hat Directory Server Information Disclosure Security Issue and Vulnerability June 27,...

  3. School of Computer Science Information Disclosure Form

    E-Print Network [OSTI]

    Kourtzi, Zoe

    School of Computer Science Information Disclosure Form In order to comply with data protection laws, we must have your permission to display information about you on our web site. Please tick the boxes below to indicate which information you wish to be shown on the web site. Job title (senior lecturer etc

  4. Generation Disclosure | Open Energy Information

    Open Energy Info (EERE)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directedAnnualPropertyd8c-a9ae-f8521cbb8489InformationFrenchtown,Jump to: navigation,

  5. The informational feedback effect of stock prices on corporate disclosure

    E-Print Network [OSTI]

    Zuo, Luo, Ph. D. Massachusetts Institute of Technology

    2013-01-01T23:59:59.000Z

    This paper studies whether managers use investor information they learn from the stock market when making forward-looking disclosures. Using annual management earnings forecasts from 1996 to 2010, I find that the association ...

  6. GAINFUL EMPLOYMENT DISCLOSURE SCHOOL OF LIBRARY AND INFORMATION SCIENCE

    E-Print Network [OSTI]

    Cinabro, David

    GAINFUL EMPLOYMENT DISCLOSURE SCHOOL OF LIBRARY AND INFORMATION SCIENCE GRADUATE CERTIFICATE information: http://slis.wayne.edu/certificates/information-management.php Classification of Instructional://nces.ed.gov/ipeds/cipcode/cipdetail.aspx?y=55&cipid=89431 STANDARDIZED OCCUPATIONAL CLASSIFICATION (SOC) CODES · 11-9199.07 Security Managers

  7. GAINFUL EMPLOYMENT DISCLOSURE SCHOOL OF LIBRARY AND INFORMATION SCIENCE

    E-Print Network [OSTI]

    Cinabro, David

    GAINFUL EMPLOYMENT DISCLOSURE SCHOOL OF LIBRARY AND INFORMATION SCIENCE GRADUATE CERTIFICATE. · For additional program information: http://slis.wayne.edu/certificates/archival-administration.php Classification://nces.ed.gov/ipeds/cipcode/cipdetail.aspx?y=55&cipid=89431 STANDARDIZED OCCUPATIONAL CLASSIFICATION (SOC) CODES · 25-4013.00 Museum Technicians

  8. The Impact of Imperfect Information on Network Attack

    E-Print Network [OSTI]

    Melchionna, Andrew; Squires, Shane; Antonsen, Thomas M; Ott, Edward; Girvan, Michelle

    2014-01-01T23:59:59.000Z

    This paper explores the effectiveness of network attack when the attacker has imperfect information about the network. For Erd\\H{o}s-R\\'enyi networks, we observe that dynamical importance and betweenness centrality-based attacks are surprisingly robust to the presence of a moderate amount of imperfect information and are more effective compared with simpler degree-based attacks even at moderate levels of network information error. In contrast, for scale-free networks the effectiveness of attack is much less degraded by a moderate level of information error. Furthermore, in the Erd\\H{o}os-R\\'enyi case the effectiveness of network attack is much more degraded by missing links as compared with the same number of false links.

  9. U-181: IBM WebSphere Application Server Information Disclosure...

    Energy Savers [EERE]

    Console. A remote attacker could exploit this vulnerability using unspecified attack vectors to inject script in a victim's web browser within the security context of the...

  10. Heart Attack Survival Plan Information To Share With

    E-Print Network [OSTI]

    Bandettini, Peter A.

    Heart Attack Survival Plan Information To Share With Emergency Personnel/Hospital Staff Medicines in Time to Heart Attack Signs In partnership with: The National Council on the Aging U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES Public Health Service National Institutes of Health National Heart, Lung

  11. HIPAA: Accounting of Disclosures Guidance Document A disclosure is a release, transfer, access to, or divulging of information outside of OHSU. In general,

    E-Print Network [OSTI]

    Chapman, Michael S.

    /her health information for reasons other than treatment, payment, or health care operations, or disclosures statistics, communicable diseases, cancer/tumor registries), reports about victims of abuse, neglect that are not part of treatment, payment, and/or operations and that are not authorized by the patient must

  12. Anthem Cyber Attack: Information and Call-in Phone Number | Jefferson...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Anthem Cyber Attack: Information and Call-in Phone Number Colleagues, As you may have heard by now, Anthem was the latest victim of a cyber attack. Anthem reports that they were...

  13. PATIENT AUTHORIZATION FOR DISCLOSURE OF PROTECTED HEALTH INFORMATION

    E-Print Network [OSTI]

    Feschotte, Cedric

    abuse treatment program. I understand that if the authorized recipient of this information delay the processing of your request. Approximate Dates of Treatment: Information to be Disclosed I authorize the following health care provider(s) to DISCLOSE my patient information

  14. Selective Disclosure of Public Information: Who Needs to Know?

    E-Print Network [OSTI]

    Lewis, Tracy R.; Chen, Qi; Zhang, Yun

    2010-01-01T23:59:59.000Z

    the impact of their private actions on the welfare of otherand chooses an action to maximize his private surplus. Insuboptimal actions based on incomplete private information.

  15. A 2nd-Preimage Attack on AURORA-512 NTT Information Sharing Platform Laboratories, NTT Corporation

    E-Print Network [OSTI]

    A 2nd-Preimage Attack on AURORA-512 Yu Sasaki NTT Information Sharing Platform Laboratories, NTT. In this note, we present a 2nd-preimage attack on AURORA- 512, which is one of the candidates for SHA-3. Our is approximately 2290 AURORA-512 operations, which is less than the brute force attack on AURORA-512, namely, 2512

  16. Attachment C: Tracking Form for Disclosure of Protected Health Information

    E-Print Network [OSTI]

    was released for continuing care or treatment, payment purposes, or health care operations. See Policy Consultation Entire medical record Emergency record of treatment Itemized bill or billing information Other law required reporting (such as reporting births, deaths, communicable diseases, FDA, suspected abuse

  17. Information Systems 32 (2007) 11661183 Security Attack Testing (SAT)--testing the security of

    E-Print Network [OSTI]

    2007-01-01T23:59:59.000Z

    Information Systems 32 (2007) 1166­1183 Security Attack Testing (SAT)--testing the security have been devoted into integrating security issues into information systems development practices reserved. Keywords: Information systems development methodology; Integrating security and software

  18. 29.01.03.M1.24 Information Resources Notification of Unauthorized Access, Use or Disclosure of Sensitive Personal Information Page 1 of 3

    E-Print Network [OSTI]

    Administrators, information security personnel, Department Heads and Directors. For alternate or additional29.01.03.M1.24 Information Resources ­ Notification of Unauthorized Access, Use or Disclosure of Sensitive Personal Information Page 1 of 3 STANDARD ADMINISTRATIVE PROCEDURE 29.01.03.M1.24 Information

  19. PUBLIC INTEREST DISCLOSURE (PID) POLICY AND PROCEDURES

    E-Print Network [OSTI]

    Greenslade, Diana

    i PUBLIC INTEREST DISCLOSURE (PID) POLICY AND PROCEDURES #12;PUBLIC INTEREST DISCLOSURE POLICY a disclosure under the PID Act 7 5.2. How to make a disclosure under the PID Act 7 6. PROCEDURES FOR AUTHORISED OFFICERS 9 7.1. Authorised Officer must provide information about the PID Act 9 7.2. Receiving

  20. THE ANALYSYS OF INFORMATION IMPACTS IN COORDINATING DEFENCE AGAINST MALICIOUS ATTACKS FOR INTERCONNECTED

    E-Print Network [OSTI]

    Gross, George

    .Napoli@polito.it fei.xue@polito.it Abstract ­ In the analysis of power systems security recently a new concern related a specific model for the analysis of information impacts in handling on-line security after a malicious the impacts of different information scenarios. Keywords: Homeland security, malicious attack, power system

  1. T-668: Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service

    Broader source: Energy.gov [DOE]

    This advisory describes a security issue in the BlackBerry Administration API component. Successful exploitation of the vulnerability could result in information disclosure and partial denial of service (DoS). The BlackBerry Administration API is a BlackBerry Enterprise Server component that is installed on the server that hosts the BlackBerry Administration Service. The BlackBerry Administration API contains multiple web services that receive API requests from client applications. The BlackBerry Administration API then translates requests into a format that the BlackBerry Administration Service can process.

  2. USING SECURITY ATTACK SCENARIOS TO ANALYSE SECURITY DURING INFORMATION SYSTEMS DESIGN

    E-Print Network [OSTI]

    is a development methodology tailored to describe both the organisational environment of a system and the system of a soft goal is "the system should be scalable". A task represents a way of doing something. ThusUSING SECURITY ATTACK SCENARIOS TO ANALYSE SECURITY DURING INFORMATION SYSTEMS DESIGN Haralambos

  3. False Data Injection Attacks with Incomplete Information Against Smart Power Grids

    E-Print Network [OSTI]

    Mohsenian-Rad, Hamed

    that if an adversary has complete knowledge on the power grid topology and transmission-line admittance values, he can Injection Attack, Smart Grid Security, Incomplete Information, Transmission Line Admittance Uncer- tainty- abilities in power infrastructures if they are not accompanied with appropriate security enforcements

  4. Energy Performance Benchmarking and Disclosure Policies for Public...

    Broader source: Energy.gov (indexed) [DOE]

    information on Energy Performance Benchmarking and Disclosure Policies for Public and Commercial Buildings Presentation Transcript More Documents & Publications...

  5. Memorandum for: Subject: Due Diligence Responses for Disclosure of NIST Confidential Information

    E-Print Network [OSTI]

    Magee, Joseph W.

    information to be disclosed is related to a CRADA yes no #12;The proprietary information relates to a NIST

  6. Eavesdropper's Optimal Information in Variations of Bennett-Brassard 1984 Quantum Key Distribution in the Coherent Attacks

    E-Print Network [OSTI]

    W. Y. Hwang; D. Ahn; S. W. Hwang

    2001-02-03T23:59:59.000Z

    We calculate eavesdropper's optimal information on raw bits in Bennett-Brassard 1984 quantum key distribution (BB84 QKD) and six-state scheme in coherent attacks, using a formula by Lo and Chau [Science 283 (1999) 2050] with single photon assumption. We find that eavesdropper's optimal information in QKD without public announcement of bases [Phys. Lett. A 244 (1998) 489] is the same as that of a corresponding QKD WITH it in the coherent attack. We observe a sum-rule concerning each party's information.

  7. PURDUE UNIVERSITY AUTHORIZATION FOR USE, DISCLOSURE OR RELEASE OF PROTECTED HEALTH INFORMATION AND

    E-Print Network [OSTI]

    Ginzel, Matthew

    and alcohol abuse treatment information, if any, as may be contained in said medical record including information pertaining to treatment for alcohol or drug abuse. Unless the "No" box is marked #: _____________________________________________________ Health Care Provider's Name

  8. Voluntary Disclosure and Information Asymmetry: Evidence from the 2005 Securities Offering Reform

    E-Print Network [OSTI]

    SHROFF, NEMIT

    In 2005, the Securities and Exchange Commission enacted the Securities Offering Reform (Reform), which relaxes “gun-jumping” restrictions, thereby allowing firms to more freely disclose information before equity offerings. ...

  9. State and Local Energy Benchmarking and Disclosure Policy | Department...

    Broader source: Energy.gov (indexed) [DOE]

    Benchmarking, Rating, and Disclosure for State Governments: This fact sheet provides information on how access to energy use data can help state governments lead by example by...

  10. RCW - 90.52 - Pollution Disclosure Act of 1971 | Open Energy Information

    Open Energy Info (EERE)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov YouKizildere I GeothermalPotentialBiopowerSolidGenerationMethodInformationeNevada < RAPID‎78.6048 - Water1 Jump

  11. Environmental Information Disclosure

    Broader source: Energy.gov [DOE]

    New Jersey’s 1999 electric utility restructuring law requires electricity suppliers to disclose to customers details regarding the fuel mix and emissions of the supplier’s electric generation....

  12. BAYESIAN INSIGHTS ON DISCLOSURE LIMITATION: MASK OR IMPUTE?

    SciTech Connect (OSTI)

    S. KELLER-MCNULTY; G. DUNCAN

    2000-10-01T23:59:59.000Z

    Statistical agencies seek to disseminate useful data while keeping low the risk of statistical confidentiality disclosure. Recognizing that reidentification of data is generally inadequate to protect its confidentiality against attack by a data snooper, agencies restrict the data they release for general use. Typically, these restricted data procedures have involved transformation or masking of the original, collected data through such devices as adding noise, topcoding, data swapping, and recoding. Recently, proposals have been put forth for the release of synthetic data, simulated from models constructed from the original data. This paper gives a framework for the comparison of masking and synthetic data as two approaches to disclosure limitation. Particular attention is paid to data utility and disclosure risk. Examples of instantiation of masking and of synthetic data construction are provided to illustrate the concepts. Particular attention is paid to data swapping. Insights drawn from the Bayesian paxadigm are provided.

  13. E-IDR (Inventory Disclosure Record) PIA, Idaho National Laboratory...

    Broader source: Energy.gov (indexed) [DOE]

    E-IDR (Inventory Disclosure Record) PIA, Idaho National Laboratory E-IDR (Inventory Disclosure Record) PIA, Idaho National Laboratory E-IDR (Inventory Disclosure Record) PIA, Idaho...

  14. T-723:Adobe Flash Player Multiple Bugs Let Remote Users Obtain Information, Conduct Cross-Site Scripting Attacks, and Execute Arbitrary Code

    Broader source: Energy.gov [DOE]

    An attacker can exploit this issue by enticing an unsuspecting victim into visiting a malicious website.

  15. WILD PIG ATTACKS ON HUMANS

    SciTech Connect (OSTI)

    Mayer, J.

    2013-04-12T23:59:59.000Z

    Attacks on humans by wild pigs (Sus scrofa) have been documented since ancient times. However, studies characterizing these incidents are lacking. In an effort to better understand this phenomenon, information was collected from 412 wild pig attacks on humans. Similar to studies of large predator attacks on humans, data came from a variety of sources. The various attacks compiled occurred in seven zoogeographic realms. Most attacks occurred within the species native range, and specifically in rural areas. The occurrence was highest during the winter months and daylight hours. Most happened under non-hunting circumstances and appeared to be unprovoked. Wounded animals were the chief cause of these attacks in hunting situations. The animals involved were typically solitary, male and large in size. The fate of the wild pigs involved in these attacks varied depending upon the circumstances, however, most escaped uninjured. Most human victims were adult males traveling on foot and alone. The most frequent outcome for these victims was physical contact/mauling. The severity of resulting injuries ranged from minor to fatal. Most of the mauled victims had injuries to only one part of their bodies, with legs/feet being the most frequent body part injured. Injuries were primarily in the form of lacerations and punctures. Fatalities were typically due to blood loss. In some cases, serious infections or toxemia resulted from the injuries. Other species (i.e., pets and livestock) were also accompanying some of the humans during these attacks. The fates of these animals varied from escaping uninjured to being killed. Frequency data on both non-hunting and hunting incidents of wild pig attacks on humans at the Savannah River Site, South Carolina, showed quantitatively that such incidents are rare.

  16. Minimizing Private Data Disclosures in the Smart Grid Weining Yang

    E-Print Network [OSTI]

    McDaniel, Patrick Drew

    Minimizing Private Data Disclosures in the Smart Grid Weining Yang Purdue University yang469@cs@cse.psu.edu Patrick McDaniel Penn State University mcdaniel@cse.psu.edu ABSTRACT Smart electric meters pose monitors, smart meter data can reveal precise home appliance usage information. An emerging solution

  17. Annual Confidential Financial Disclosure Report (OGE 450)

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2000-10-01T23:59:59.000Z

    This Notice addresses Executive Branch confidential financial disclosure requirements. These requirements apply to career GS (GM) employees.

  18. Annual Confidential Financial Disclosure Report (OGE 450)

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1999-10-01T23:59:59.000Z

    This Notice addresses Executive Branch confidential financial disclosure requirements. These requirements apply to career GS (GM) employees.

  19. Annual Confidential Financial Disclosure Report (OGE 450)

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2002-10-01T23:59:59.000Z

    This Notice addresses the Executive Branch confidential disclosure requirements. These requirements apply to career GS (GM) employees.

  20. Smart Grid Data Integrity Attack

    E-Print Network [OSTI]

    Poolla, Kameshwar

    2012-01-01T23:59:59.000Z

    Against Data Injection Attacks on Power Grids”, IEEER. Thomas, and L. Tong, “Malicious Data Attacks on SmartState Estimation: Attack Strategies and Countermeasures,”

  1. Smart Grid Data Integrity Attack

    E-Print Network [OSTI]

    Poolla, Kameshwar

    2012-01-01T23:59:59.000Z

    Data Injection Attacks on Power Grids”, IEEE Transactionson Smart Grid, vol. 2, no. 2, June [21] O. Kosut, L.Data Attacks on Smart Grid State Estimation: Attack

  2. Management of Control System Information SecurityI: Control System Patch Management

    SciTech Connect (OSTI)

    Quanyan Zhu; Miles McQueen; Craig Rieger; Tamer Basar

    2011-09-01T23:59:59.000Z

    The use of information technologies in control systems poses additional potential threats due to the frequent disclosure of software vulnerabilities. The management of information security involves a series of policy-making on the vulnerability discovery, disclosure, patch development and patching. In this paper, we use a system approach to devise a model to understand the interdependencies of these decision processes. In more details, we establish a theoretical framework for making patching decision for control systems, taking into account the requirement of functionability of control systems. We illustrate our results with numerical simulations and show that the optimal operation period of control systems given the currently estimated attack rate is roughly around a half a month.

  3. Attack Graphs for Sensor Placement, Alert Prioritization, and Attack Response

    E-Print Network [OSTI]

    Noel, Steven

    1 Attack Graphs for Sensor Placement, Alert Prioritization, and Attack Response Steven Noel of IDS alarms, using attack graph analysis. Our attack graphs predict the various possible ways and attacker exploits provides an attack graph showing all possible paths to critical assets. We then place IDS

  4. Fuel Mix Disclosure

    Broader source: Energy.gov [DOE]

    In April 1998, the Pennsylvania Public Utility Commission (PUC) adopted rules requiring retail electricity suppliers to "respond to reasonable requests made by consumers for information concerning...

  5. Registered_Lobbyist_Contact_Disclosure_Form.pdf | Department...

    Broader source: Energy.gov (indexed) [DOE]

    egisteredLobbyistContactDisclosureForm.pdf More Documents & Publications Lobbyist Disclosure Form - AltEn Interested Parties - Shipp Interested Parties - Smith Dawson & Andrews...

  6. Carbon Disclosure Project Webinar: Climate Change: A Challenge...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Carbon Disclosure Project Webinar: Climate Change: A Challenge for Bond Analysts Carbon Disclosure Project Webinar: Climate Change: A Challenge for Bond Analysts April 8, 2015...

  7. Annual Confidential Financial Disclosure Report (OGE 450)

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2001-10-01T23:59:59.000Z

    This Notice addresses the Executive Branch confidential financial disclosure requirements. These requirements apply to career GS (GM) employees. (Replaces DOE N 326.7).

  8. Annual Confidential Financial Disclosure Report (SF 450)

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1995-10-13T23:59:59.000Z

    This Notice addresses the Executive Branch confidential financial disclosure requirements. These requirements apply to persons employed at the GS-15 level and below, except for Schedule C appointees.

  9. Disclosure of Permitted Communication Concerning Fossil Fuel...

    Broader source: Energy.gov (indexed) [DOE]

    DOE 433 ex parte memo.pdf More Documents & Publications Disclosure of Permitted Communication Concerning Regional Standards Enforcement Framework Document -- Docket No....

  10. Disclosure of Permitted Communication Concerning Regional Standards...

    Broader source: Energy.gov (indexed) [DOE]

    furnacestdwaiverpolicy.pdf More Documents & Publications Disclosure of Permitted Communication Concerning Fossil Fuel Energy Consumption Reduction for New Construction and Major...

  11. Attack Diagnosis: Throttling Distributed Denial-of-Service Attacks Close to the Attack Sources

    E-Print Network [OSTI]

    Park, Jung-Min

    Attack Diagnosis: Throttling Distributed Denial- of-Service Attacks Close to the Attack Sources Polytechnic Institute and State University Blacksburg, VA 24061 {rlchen, jungmin}@vt.edu Abstract-- Attack mitigation schemes actively throttle attack traffic generated in Distributed Denial-of-Service (DDoS) attacks

  12. active attack tegutsevad: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    traffic. Although it is difficult to detect shrew DDo Chen, Yu 83 Timing analysis in low-latency mix networks: attacks and defenses Computer Technologies and Information Sciences...

  13. attack detection system: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    is presented Autonoma de Madrid, Universidad 51 Stealthy Deception Attacks on Water SCADA Systems Computer Technologies and Information Sciences Websites Summary: (more than...

  14. attack model development: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    than the traditional alert correlations. Wei Yan 89 Stealthy Deception Attacks on Water SCADA Systems Computer Technologies and Information Sciences Websites Summary: (more than...

  15. Are Vulnerability Disclosure Deadlines Justified?

    SciTech Connect (OSTI)

    Miles McQueen; Jason L. Wright; Lawrence Wellman

    2011-09-01T23:59:59.000Z

    Vulnerability research organizations Rapid7, Google Security team, and Zero Day Initiative recently imposed grace periods for public disclosure of vulnerabilities. The grace periods ranged from 45 to 182 days, after which disclosure might occur with or without an effective mitigation from the affected software vendor. At this time there is indirect evidence that the shorter grace periods of 45 and 60 days may not be practical. However, there is strong evidence that the recently announced Zero Day Initiative grace period of 182 days yields benefit in speeding up the patch creation process, and may be practical for many software products. Unfortunately, there is also evidence that the 182 day grace period results in more vulnerability announcements without an available patch.

  16. Fuel Mix Disclosure

    Broader source: Energy.gov [DOE]

    Hawaii requires the state’s retail electric suppliers to disclose details regarding the fuel mix of their electric generation to retail customers. Such information must be provided on customers’...

  17. Fuel Mix Disclosure

    Broader source: Energy.gov [DOE]

    Washington’s retail electric suppliers must disclose details regarding the fuel mix of their electric generation to customers. Electric suppliers must provide such information in a standard format...

  18. Quantum-Space Attacks

    E-Print Network [OSTI]

    Ran Gelles; Tal Mor

    2007-11-25T23:59:59.000Z

    Theoretical quantum key distribution (QKD) protocols commonly rely on the use of qubits (quantum bits). In reality, however, due to practical limitations, the legitimate users are forced to employ a larger quantum (Hilbert) space, say a quhexit (quantum six-dimensional) space, or even a much larger quantum Hilbert space. Various specific attacks exploit of these limitations. Although security can still be proved in some very special cases, a general framework that considers such realistic QKD protocols, as well as} attacks on such protocols, is still missing. We describe a general method of attacking realistic QKD protocols, which we call the `quantum-space attack'. The description is based on assessing the enlarged quantum space actually used by a protocol, the `quantum space of the protocol'. We demonstrate these new methods by classifying various (known) recent attacks against several QKD schemes, and by analyzing a novel attack on interferometry-based QKD.

  19. Building Computer Network Attacks

    E-Print Network [OSTI]

    Futoransky, Ariel; Richarte, Gerardo; Sarraute, Carlos

    2010-01-01T23:59:59.000Z

    In this work we start walking the path to a new perspective for viewing cyberwarfare scenarios, by introducing conceptual tools (a formal model) to evaluate the costs of an attack, to describe the theater of operations, targets, missions, actions, plans and assets involved in cyberwarfare attacks. We also describe two applications of this model: autonomous planning leading to automated penetration tests, and attack simulations, allowing a system administrator to evaluate the vulnerabilities of his network.

  20. Improving Attack Graph Visualization through Data Reduction and Attack Grouping

    E-Print Network [OSTI]

    Ou, Xinming "Simon"

    Improving Attack Graph Visualization through Data Reduction and Attack Grouping John Homer1 Laboratory, USA Abstract. Various tools exist to analyze enterprise network systems and to produce attack graphs detailing how attackers might penetrate into the system. These attack graphs, however, are often

  1. OUTSIDE EMPLOYMENT DISCLOSURE AND ACKNOWLEDGEMENT FORM

    E-Print Network [OSTI]

    Su, Xiao

    OUTSIDE EMPLOYMENT DISCLOSURE AND ACKNOWLEDGEMENT FORM Management Personal Plan (MPP) and Executive and executive employees with employment outside of the California State University are required to provide a written statement of all such employment to the appropriate administrator. Disclosure: Full Name: SJSU ID

  2. Gaussian Process Learning for Cyber-Attack Early Warning Jian Zhang1

    E-Print Network [OSTI]

    Zhang, Jian

    Gaussian Process Learning for Cyber-Attack Early Warning Jian Zhang1 , Phillip Porras1 , Johannes- gressive attack sources, as such information can help to proactively defend their networks. For this pur of attacks observed by others. However, the total number of reported attackers is huge in these systems. Thus

  3. Entropy-based Power Attack Houssem Maghrebi, Sylvain Guilley, Jean-Luc Danger, Florent Flament

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Entropy-based Power Attack Houssem Maghrebi, Sylvain Guilley, Jean-Luc Danger, Florent Flament D to Higher-Order Differential Power Analysis (HO-DPA). For instance, an attack based on a variance anal- ysis to information- theoretic HO attacks, called the Entropy-based Power Analysis (EPA). This new attack gives

  4. Fault and Side-Channel Attacks on Pairing Based Cryptography ?

    E-Print Network [OSTI]

    such devices will be carried into and used in hostile environments and often house sensitive information devices need to be aware of similar problems in their operational environments. We can extend this passive information as passive attacks. Although side-channel attack and defence techniques are becoming increas

  5. Microarchitectural Attacks and Countermeasures

    E-Print Network [OSTI]

    Chapter 18 Microarchitectural Attacks and Countermeasures Onur Aciic¸mez and C¸ etin Kaya Koc¸ 18+Business Media, LLC 2009 475 #12;476 Onur Aciic¸mez and C¸ etin Kaya Koc¸ attention on analysis of computer

  6. Energy Disclosure and Leasing Standards: Best Practices

    Broader source: Energy.gov (indexed) [DOE]

    joining the meeting To limit background noise, please put your phone or audio on mute. Energy Disclosure and Leasing Standards 2 | TAP Webinar eere.energy.gov The Parker Ranch...

  7. Confidential Financial Disclosure Reports (OGE 450)

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2008-12-09T23:59:59.000Z

    The directive establishes requirements and responsibilities for Departmental elements and employees regarding filing Confidential Financial Disclosure Reports (OGE Form 450) in accordance with the Ethics in Government Act of 1978, as amended.

  8. Confidential Financial Disclosure Report (OGE Form 450)

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-09-20T23:59:59.000Z

    This Notice addresses the Executive Branch confidential financial disclosure reporting requirements. These requirements apply to career GS/GM employees as well as employees serving in excepted service positions designated EJ, EK, and EN.

  9. Michigan Technological University Non-Disclosure Agreement

    E-Print Network [OSTI]

    Michigan Technological University Non-Disclosure Agreement PARTIES: Michigan Technological mutually agree as follows: 1. Michigan Technological University shall be: Disclosing Party Receiving Party Both Disclosing Party Receiving Party Both 2. DESIGNATED REPRESENTATIVES: Michigan Technological

  10. Carbon Disclosure Project | Open Energy Information

    Open Energy Info (EERE)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directedAnnualProperty EditCalifornia:Power LPInformation 8thCalwind IICaney

  11. Disclosures due to Health Care Reform Changes Disclosure of Grandfather Status

    E-Print Network [OSTI]

    Gleeson, Joseph G.

    Disclosures due to Health Care Reform Changes Disclosure of Grandfather Status UCSD Medical Center of the Affordable Care Act that apply to other plans. Grandfathered health plans must comply with certain other believes this health plan coverage is a "grandfathered health plan" under the Patient Protection

  12. A Full Key Recovery Attack on HMAC-AURORA-512

    E-Print Network [OSTI]

    A Full Key Recovery Attack on HMAC-AURORA-512 Yu Sasaki NTT Information Sharing Platform.yu@lab.ntt.co.jp Abstract. In this note, we present a full key recovery attack on HMAC- AURORA-512 when 512-bit secret keys is 2259 AURORA-512 operations, which is significantly less than the complexity of the exhaustive search

  13. Cyber Vulnerability Disclosure Policies for the Department of Electrical and

    E-Print Network [OSTI]

    Manimaran, Govindarasu

    Cyber Vulnerability Disclosure Policies for the Smart Grid Adam Hahn Department of Electrical ATTRIBUTES The "Vulnerability Disclosure Framework" developed by the National Infrastructure Advisory Council Department of Electrical and Computer Engineering Iowa State University Ames, IA 50011 Email: gmani

  14. Finite Energy and Bounded Attacks on Control System Sensor Signals

    SciTech Connect (OSTI)

    Djouadi, Seddik M [ORNL; Melin, Alexander M [ORNL; Ferragut, Erik M [ORNL; Laska, Jason A [ORNL

    2014-01-01T23:59:59.000Z

    Control system networks are increasingly being connected to enterprise level networks. These connections leave critical industrial controls systems vulnerable to cyber-attacks. Most of the effort in protecting these cyber-physical systems (CPS) has been in securing the networks using information security techniques and protection and reliability concerns at the control system level against random hardware and software failures. However, besides these failures the inability of information security techniques to protect against all intrusions means that the control system must be resilient to various signal attacks for which new analysis and detection methods need to be developed. In this paper, sensor signal attacks are analyzed for observer-based controlled systems. The threat surface for sensor signal attacks is subdivided into denial of service, finite energy, and bounded attacks. In particular, the error signals between states of attack free systems and systems subject to these attacks are quantified. Optimal sensor and actuator signal attacks for the finite and infinite horizon linear quadratic (LQ) control in terms of maximizing the corresponding cost functions are computed. The closed-loop system under optimal signal attacks are provided. Illustrative numerical examples are provided together with an application to a power network with distributed LQ controllers.

  15. Smart Grid Data Integrity Attack

    E-Print Network [OSTI]

    Poolla, Kameshwar

    2012-01-01T23:59:59.000Z

    IEEE Transactions on Smart Grid, vol. 2, no. 2, June [21] O.Malicious Data Attacks on Smart Grid State Estimation:Attack and Detection in Smart Grid,” to appear in IEEE

  16. Allocating Capacity in Parallel Queues to Improve Their Resilience to Deliberate Attack

    E-Print Network [OSTI]

    Henderson, Shane

    Allocating Capacity in Parallel Queues to Improve Their Resilience to Deliberate Attack W. Matthew will subsequently face disruptions from accidents, acts of nature, or an intentional attack from a well-informed attacker. The systems are modeled as parallel M/M/1 queues, and the key question is how to allocate service

  17. Security of differential phase shift quantum key distribution against individual attacks

    E-Print Network [OSTI]

    Edo Waks; Hiroki Takesue; Yoshihisa Yamamoto

    2005-08-16T23:59:59.000Z

    We derive a proof of security for the Differential Phase Shift Quantum Key Distribution (DPSQKD) protocol under the assumption that Eve is restricted to individual attacks. The security proof is derived by bounding the average collision probability, which leads directly to a bound on Eve's mutual information on the final key. The security proof applies to realistic sources based on pulsed coherent light. We then compare individual attacks to sequential attacks and show that individual attacks are more powerful.

  18. Robustness of two-way quantum communication protocols against Trojan horse attack

    E-Print Network [OSTI]

    Fu-Guo Deng; Ping Zhou; Xi-Han Li; Chun-Yan Li; Hong-Yu Zhou

    2005-08-23T23:59:59.000Z

    We discuss the robustness of two-way quantum communication protocols against Trojan horse attack and introduce a novel attack, delay-photon Trojan horse attack. Moreover, we present a practical way for two-way quantum communication protocols to prevent the eavesdropper from stealing the information transmitted with Trojan horse attacks. It means that two-way quantum communication protocols is also secure in a practical application.

  19. Insects Attacking Vegetable Crops.

    E-Print Network [OSTI]

    Newton, Weldon H.; Deer, James A.; Hamman, Philip J.; Wolfenbarger, Dan A.; Harding, James A.; Schuster, Michael F.

    1964-01-01T23:59:59.000Z

    of economic importance. Worms cause consider- able damage to grain sorghum heads, but they are cannibalistic and usually only one larva reaches full growth in each head as well as in each corn ear. BLACK CUTWORM, Agrotis ipsilon (Hufnagel) Cutworms.... They frequently do considerable damage to corn ears, similar to that caused by corn ear- worms. These worms also feed as "budworms" in grain sorghum and corn whorls. Unfolding leaves from whorls of such attacked crops are per- forated with holes. Like...

  20. Insects Attacking Vegetable Crops. 

    E-Print Network [OSTI]

    Newton, Weldon H.; Deer, James A.; Hamman, Philip J.; Wolfenbarger, Dan A.; Harding, James A.; Schuster, Michael F.

    1964-01-01T23:59:59.000Z

    THAT SUCK THE JUICES FROM FOLIAGE, FRUITS, STEMS AND ROOTS, CAUSING DISCOLORATION, STUNTING AND OTHER DAMAGE APHIDS Aphids are small, sluggish, soft-bodied insects often called plant lice. A number of species attack various crops, sucking plant sap..., peppers or dark brown with black leg joints, eyes and and tomatoes. cornicles. Aphids build up very rapidly and leave copious quantities of honeydew on leaves. Adults POPLAR PETIOLE GALL APHID, Pemphigus and nymphs suck juices from leaves, sapping...

  1. Improving Attack Graph Visualization through Data Reduction and Attack Grouping

    SciTech Connect (OSTI)

    John Homer; Ashok Varikuti; Xinming Ou; Miles A. McQueen

    2008-09-01T23:59:59.000Z

    Various tools exist to analyze enterprise network systems and to produce attack graphs detailing how attackers might penetrate into the system. These attack graphs, however, are often complex and difficult to comprehend fully, and a human user may find it problematic to reach appropriate configuration decisions. This paper presents methodologies that can 1) automatically identify portions of an attack graph that do not help a user to understand the core security problems and so can be trimmed, and 2) automatically group similar attack steps as virtual nodes in a model of the network topology, to immediately increase the understandability of the data. We believe both methods are important steps toward improving visualization of attack graphs to make them more useful in configuration management for large enterprise networks. We implemented our methods using one of the existing attack-graph toolkits. Initial experimentation shows that the proposed approaches can 1) significantly reduce the complexity of attack graphs by trimming a large portion of the graph that is not needed for a user to understand the security problem, and 2) significantly increase the accessibility and understandability of the data presented in the attack graph by clearly showing, within a generated visualization of the network topology, the number and type of potential attacks to which each host is exposed.

  2. Nonresidential Building Energy Use Disclosure Program

    E-Print Network [OSTI]

    ® program online tool for managing building energy use data. (hk) "Prospective buyer" means a person who has)"Data Verification Checklist" means a report generated by Portfolio Manager that summarizes a property's physical· ·/ Nonresidential Building Energy Use Disclosure Program California Code of Regulations Title

  3. Fuel Mix and Emissions Disclosure

    Broader source: Energy.gov [DOE]

    Information must be provided to customers and to the Virginia State Corporation Commission (SCC) at least once annually. If any portion of this information is unavailable, the electricity provide...

  4. Metrics for Assessment of Smart Grid Data Integrity Attacks

    SciTech Connect (OSTI)

    Annarita Giani; Miles McQueen; Russell Bent; Kameshwar Poolla; Mark Hinrichs

    2012-07-01T23:59:59.000Z

    There is an emerging consensus that the nation’s electricity grid is vulnerable to cyber attacks. This vulnerability arises from the increasing reliance on using remote measurements, transmitting them over legacy data networks to system operators who make critical decisions based on available data. Data integrity attacks are a class of cyber attacks that involve a compromise of information that is processed by the grid operator. This information can include meter readings of injected power at remote generators, power flows on transmission lines, and relay states. These data integrity attacks have consequences only when the system operator responds to compromised data by redispatching generation under normal or contingency protocols. These consequences include (a) financial losses from sub-optimal economic dispatch to service loads, (b) robustness/resiliency losses from placing the grid at operating points that are at greater risk from contingencies, and (c) systemic losses resulting from cascading failures induced by poor operational choices. This paper is focused on understanding the connections between grid operational procedures and cyber attacks. We first offer two examples to illustrate how data integrity attacks can cause economic and physical damage by misleading operators into taking inappropriate decisions. We then focus on unobservable data integrity attacks involving power meter data. These are coordinated attacks where the compromised data are consistent with the physics of power flow, and are therefore passed by any bad data detection algorithm. We develop metrics to assess the economic impact of these attacks under re-dispatch decisions using optimal power flow methods. These metrics can be use to prioritize the adoption of appropriate countermeasures including PMU placement, encryption, hardware upgrades, and advance attack detection algorithms.

  5. Fuel Mix and Emissions Disclosure

    Broader source: Energy.gov [DOE]

    Electricity suppliers and electricity companies must also provide a fuel mix report to customers twice annually, within the June and December billing cycles. Emissions information must be disclos...

  6. To: SIMON FRASER UNIVERSITY NON-DISCLOSURE AGREEMENT REQUEST Office of Research Services (Fax: 778-782-3477)

    E-Print Network [OSTI]

    To: SIMON FRASER UNIVERSITY NON-DISCLOSURE AGREEMENT REQUEST Office of Research Services (Fax: 778-782-3477) Party 1 to Agreement: Simon Fraser University funding (including student/post-docs funding sources) used in creating Information? Yes No. If yes

  7. Hazardous and Nonhazardous Solid Waste Applicant Disclosure Regulations (Mississippi)

    Broader source: Energy.gov [DOE]

    The purpose of the Hazardous and Nonhazardous Solid Waste Applicant Disclosure Regulations is to help maintain accountability and track data on the hazardous and nonhazardous waste sites in...

  8. BESC Submits 32 Gene Disclosures for Patents | ORNL

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    invention disclosures for 32 different genes that can help improve the yield of ethanol from cellulosic biomass. These genes or their variants function to overcome...

  9. Sulfate attack expansion mechanisms

    SciTech Connect (OSTI)

    Müllauer, Wolfram, E-mail: wolf_m@gmx.at; Beddoe, Robin E.; Heinz, Detlef

    2013-10-15T23:59:59.000Z

    A specially constructed stress cell was used to measure the stress generated in thin-walled Portland cement mortar cylinders caused by external sulfate attack. The effects of sulfate concentration of the storage solution and C{sub 3}A content of the cement were studied. Changes in mineralogical composition and pore size distribution were investigated by X-ray diffraction and mercury intrusion porosimetry, respectively. Damage is due to the formation of ettringite in small pores (10–50 nm) which generates stresses up to 8 MPa exceeding the tensile strength of the binder matrix. Higher sulfate concentrations and C{sub 3}A contents result in higher stresses. The results can be understood in terms of the effect of crystal surface energy and size on supersaturation and crystal growth pressure.

  10. Fuel Mix and Emissions Disclosure

    Broader source: Energy.gov [DOE]

    Rhode Island requires all entities that sell electricity in the state to disclose details regarding the fuel mix and emissions of their electric generation to end-use customers. This information...

  11. U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users

    Broader source: Energy.gov [DOE]

    A potential security vulnerability has been identified with HP IBRIX X9000 Storage. The vulnerability could be remotely exploited to allow disclosure of information.

  12. Time-shift attack in practical quantum cryptosystems

    E-Print Network [OSTI]

    Bing Qi; Chi-Hang Fred Fung; Hoi-Kwong Lo; Xiongfeng Ma

    2006-05-11T23:59:59.000Z

    Recently, a new type of attack, which exploits the efficiency mismatch of two single photon detectors (SPD) in a quantum key distribution (QKD) system, has been proposed. In this paper, we propose another "time-shift" attack that exploits the same imperfection. In our attack, Eve shifts the arrival time of either the signal pulse or the synchronization pulse or both between Alice and Bob. In particular, in a QKD system where Bob employs time-multiplexing technique to detect both bit "0" and bit "1" with the same SPD, Eve, in principle, could acquire full information on the final key without introducing any error. Finally, we discuss some counter measures against our and earlier attacks.

  13. Modeling modern network attacks and countermeasures using attack graphs

    E-Print Network [OSTI]

    Ingols, Kyle W.

    By accurately measuring risk for enterprise networks, attack graphs allow network defenders to understand the most critical threats and select the most effective countermeasures. This paper describes substantial enhancements ...

  14. Modeling veterans healthcare administration disclosure processes : CY 2012 summary.

    SciTech Connect (OSTI)

    Beyeler, Walter Eugene; DeMenno, Mercy B.; Finley, Patrick D.

    2013-09-01T23:59:59.000Z

    As with other large healthcare organizations, medical adverse events at the Department of Veterans Affairs (VA) facilities can expose patients to unforeseen negative risks. VHA leadership recognizes that properly handled disclosure of adverse events can minimize potential harm to patients and negative consequences for the effective functioning of the organization. The work documented here seeks to help improve the disclosure process by situating it within the broader theoretical framework of issues management, and to identify opportunities for process improvement through modeling disclosure and reactions to disclosure. The computational model will allow a variety of disclosure actions to be tested across a range of incident scenarios. Our conceptual model will be refined in collaboration with domain experts, especially by continuing to draw on insights from VA Study of the Communication of Adverse Large-Scale Events (SCALE) project researchers.

  15. Genetic attack on neural cryptography

    SciTech Connect (OSTI)

    Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido [Institut fuer Theoretische Physik, Universitaet Wuerzburg, Am Hubland, 97074 Wuerzburg (Germany); Minerva Center and Department of Physics, Bar Ilan University, Ramat Gan 52900 (Israel)

    2006-03-15T23:59:59.000Z

    Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size.

  16. Smart Grid Data Integrity Attack

    E-Print Network [OSTI]

    Poolla, Kameshwar

    2012-01-01T23:59:59.000Z

    IEEE Transactions on Smart Grid, vol. 2, no. 2, June [21] O.Malicious Data Attacks on Smart Grid State Estimation:Framework and Roadmap for Smart Grid Interoperability Stan-

  17. Using the Domain Name System to Thwart Automated Client-Based Attacks

    SciTech Connect (OSTI)

    Taylor, Curtis R [ORNL; Shue, Craig A [ORNL

    2011-09-01T23:59:59.000Z

    On the Internet, attackers can compromise systems owned by other people and then use these systems to launch attacks automatically. When attacks such as phishing or SQL injections are successful, they can have negative consequences including server downtime and the loss of sensitive information. Current methods to prevent such attacks are limited in that they are application-specific, or fail to block attackers. Phishing attempts can be stopped with email filters, but if the attacker manages to successfully bypass these filters, then the user must determine if the email is legitimate or not. Unfortunately, they often are unable to do so. Since attackers have a low success rate, they attempt to compensate for it in volume. In order to have this high throughput, attackers take shortcuts and break protocols. We use this knowledge to address these issues by implementing a system that can detect malicious activity and use it to block attacks. If the client fails to follow proper procedure, they can be classified as an attacker. Once an attacker has been discovered, they will be isolated and monitored. This can be accomplished using existing software in Ubuntu Linux applications, along with our custom wrapper application. After running the system and seeing its performance on three popular Web browsers Chromium, Firefox and Internet Explorer as well as two popular email clients, Thunderbird and Evolution, we found that not only is this system conceivable, it is effective and has low overhead.

  18. Another Generalization of Wiener's Attack on RSA

    E-Print Network [OSTI]

    Nitaj, Abderrahmane

    Another Generalization of Wiener's Attack on RSA Abderrahmane NITAJ Universit´e de Caen, France Casablanca, June 12, 2008 Abderrahmane NITAJ Another Generalization of Wiener's Attack on RSA #12;RSA and Wiener The new attack Conclusion RSA setting Wiener's attack Generalizations Colour conventions Red

  19. A fundamental threat to quantum cryptography: gravitational attacks

    E-Print Network [OSTI]

    R. Plaga

    2006-03-26T23:59:59.000Z

    An attack on the ``Bennett-Brassard 84''(BB84) quantum key-exchange protocol in which Eve exploits the action of gravitation to infer information about the quantum-mechanical state of the qubit exchanged between Alice and Bob, is described. It is demonstrated that the known laws of physics do not allow to describe the attack. Without making assumptions that are not based on broad consensus, the laws of quantum gravity, unknown up to now, would be needed even for an approximate treatment. Therefore, it is currently not possible to predict with any confidence if information gained in this attack will allow to break BB84. Contrary to previous belief, a proof of the perfect security of BB84 cannot be based on the assumption that the known laws of physics are strictly correct, yet.

  20. Networked Control Systems under Cyber Attacks with Applications to Power Networks

    E-Print Network [OSTI]

    Johansson, Karl Henrik

    Terms-- Networked Control Systems, Fault Detection, Power Systems I. INTRODUCTION Several infrastructure infrastructure systems are vulnerable to cyber attacks [1], [2], which are performed on the information residingNetworked Control Systems under Cyber Attacks with Applications to Power Networks Andr´e Teixeira

  1. Time Stamp Attack on Wide Area Monitoring System in Smart Grid

    E-Print Network [OSTI]

    Zhang, Zhenghao; Li, Husheng; Pei, Changxing

    2011-01-01T23:59:59.000Z

    Security becomes an extremely important issue in smart grid. To maintain the steady operation for smart power grid, massive measurement devices must be allocated widely among the power grid. Previous studies are focused on false data injection attack to the smart grid system. In practice, false data injection attack is not easy to implement, since it is not easy to hack the power grid data communication system. In this paper, we demonstrate that a novel time stamp attack is a practical and dangerous attack scheme for smart grid. Since most of measurement devices are equipped with global positioning system (GPS) to provide the time information of measurements, it is highly probable to attack the measurement system by spoofing the GPS. By employing the real measurement data in North American Power Grid, simulation results demonstrate the effectiveness of the time stamp attack on smart grid.

  2. Leveraging Portfolio Manager for Disclosure and Green Leasing Practices

    Broader source: Energy.gov [DOE]

    A talk about developing paths and implementing rating and disclosure policies for the commercial building sector, giving a state, local and federal overview of these types of policies and where they’re in play.

  3. A Deception Framework for Survivability Against Next Generation Cyber Attacks

    E-Print Network [OSTI]

    Upadhyaya, Shambhu

    to the electronic business domain. According to the asymmetric warfare theory, attack- ers have the advantage- rity, survivability 1. Introduction This is the era of cyber-warfare and it is no longer limited to military domain. Knapp and Boulton [12] have reviewed information warfare literature from 1990 to mid-2005

  4. HAN Attack Surface and the Open Smart Energy Gateway Project

    E-Print Network [OSTI]

    Searle, Justin

    2014-01-01T23:59:59.000Z

    HAN  Attack  Surface  and  the  Open  Smart   Energy  of  California.   HAN  Attack  Surface  and  the  Open  vulnerable  to  cyber   attacks  (i.e.  “hacking”)  and  

  5. The Attack on Planned Parenthood: A Historical Analysis

    E-Print Network [OSTI]

    Primrose, Sarah

    2012-01-01T23:59:59.000Z

    Party Republicans' Latest Attack on Women's Health and Birthtea-party-republicans-latest-attack-womens-health- birth-ARTICLES THE ATTACK ON PLANNED PARENTHOOD: A HISTORICAL

  6. attack synthetic polymers: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    XiaoFeng Wang to as stealth attacks 11 with a focus on vehicular technologies. Stealth attacks are attacks that can Avenue, Bloomington, IN 47405, USA Stevens Institute...

  7. attacks draft resolution: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    XiaoFeng Wang to as stealth attacks 11 with a focus on vehicular technologies. Stealth attacks are attacks that can Avenue, Bloomington, IN 47405, USA Stevens Institute...

  8. armed attacks draft: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    XiaoFeng Wang to as stealth attacks 11 with a focus on vehicular technologies. Stealth attacks are attacks that can Avenue, Bloomington, IN 47405, USA Stevens Institute...

  9. amyloid oxidative attack: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    XiaoFeng Wang to as stealth attacks 11 with a focus on vehicular technologies. Stealth attacks are attacks that can Avenue, Bloomington, IN 47405, USA Stevens Institute...

  10. A "Poisoning" Attack Against Online Anomaly Detection

    E-Print Network [OSTI]

    Freytag, Johann-Christoph

    A "Poisoning" Attack Against Online Anomaly Detection Marius Kloft Department of Computer Science it is robust against targeted "poisoning" attacks. The latter have been first investigated by Nelson et al. [1 of all data points observed so far. The key idea of a poisoning attack is to insert specially crafted

  11. The Sybil Attack John R. Douceur

    E-Print Network [OSTI]

    Keinan, Alon

    1 The Sybil Attack John R. Douceur Microsoft Research johndo@microsoft.com "One can have, some undermining this redundancy. One approach to preventing these "Sybil attacks" is to have a trusted agency certify identities. This paper shows that, without a logically centralized authority, Sybil attacks

  12. The GHS Attack Revisited Computer Science Department,

    E-Print Network [OSTI]

    Hess, Florian

    The GHS Attack Revisited F. Hess Computer Science Department, Woodland Road, University of Bristol the number of elliptic curves which succumb to the basic GHS attack, thereby weakening curves over F2155 further. We also discuss other possible extensions or variations of the GHS attack and conclude

  13. V-146: HP Service Manager Bugs Permit Cross-Site Scripting and...

    Broader source: Energy.gov (indexed) [DOE]

    Cross-Site Scripting and Information Disclosure Attacks PLATFORM: Service Manager v9.31 Web Tier ABSTRACT: Two vulnerabilities were reported in HP Service Manager REFERENCE LINKS:...

  14. Vulnerability Discovery with Attack IEEE Transactions on Software Engineering (2010)

    E-Print Network [OSTI]

    Bae, Doo-Hwan

    2010-01-01T23:59:59.000Z

    : Monitor target system's state while executing attacks in 3 ways Overview of tool AJECT #12;Attack generate attacks in 4 ways Injection phase: Execute previously generated test cases(attacks) Monitoring

  15. Time Stamp Attack in Smart Grid: Physical Mechanism and Damage Analysis

    E-Print Network [OSTI]

    Gong, Shuping; Li, Husheng; Dimitrovski, Aleksandar D

    2012-01-01T23:59:59.000Z

    Many operations in power grids, such as fault detection and event location estimation, depend on precise timing information. In this paper, a novel time stamp attack (TSA) is proposed to attack the timing information in smart grid. Since many applications in smart grid utilize synchronous measurements and most of the measurement devices are equipped with global positioning system (GPS) for precise timing, it is highly probable to attack the measurement system by spoofing the GPS. The effectiveness of TSA is demonstrated for three applications of phasor measurement unit (PMU) in smart grid, namely transmission line fault detection, voltage stability monitoring and event locationing.

  16. Time Synchronization Attack in Smart Grid-Part I: Impact and Analysis

    E-Print Network [OSTI]

    Zhang, Zhenghao; Dimitrovski, Aleksandar D; Li, Husheng

    2012-01-01T23:59:59.000Z

    Many operations in power grids, such as fault detection and event location estimation, depend on precise timing information. In this paper, a novel Time Synchronization Attack (TSA) is proposed to attack the timing information in smart grid. Since many applications in smart grid utilize synchronous measurements and most of the measurement devices are equipped with global positioning system (GPS) for precise timing, it is highly probable to attack the measurement system by spoofing the GPS. The effectiveness of TSA is demonstrated for three applications of phasor measurement unit (PMU) in smart grid, namely transmission line fault detection, voltage stability monitoring and event locationing. The validity of TSA is demonstrated by numerical simulations.

  17. The Cost of Attack in Competing Networks

    E-Print Network [OSTI]

    Podobnik, B; Lipic, T; Perc, M; Buldu, J M; Stanley, H E

    2015-01-01T23:59:59.000Z

    Real-world attacks can be interpreted as the result of competitive interactions between networks, ranging from predator-prey networks to networks of countries under economic sanctions. Although the purpose of an attack is to damage a target network, it also curtails the ability of the attacker, which must choose the duration and magnitude of an attack to avoid negative impacts on its own functioning. Nevertheless, despite the large number of studies on interconnected networks, the consequences of initiating an attack have never been studied. Here, we address this issue by introducing a model of network competition where a resilient network is willing to partially weaken its own resilience in order to more severely damage a less resilient competitor. The attacking network can take over the competitor nodes after their long inactivity. However, due to a feedback mechanism the takeovers weaken the resilience of the attacking network. We define a conservation law that relates the feedback mechanism to the resilie...

  18. Abstract-A mimicry attack is a type of attack where the basic steps of a minimalist `core' attack are used to design multiple

    E-Print Network [OSTI]

    Zincir-Heywood, Nur

    Abstract-A mimicry attack is a type of attack where the basic steps of a minimalist `core' attack are used to design multiple attacks achieving the same objective from the same application. Research in mimicry attacks is valuable in determining and eliminating weaknesses of detectors. In this work, we

  19. U-006:Cisco Network Admission Control Manager Directory Traversal Flaw Lets Remote Users Obtain Potentially Sensitive Information

    Broader source: Energy.gov [DOE]

    An unauthenticated attacker could exploit this vulnerability to access sensitive information, including password files and system logs, that could be leveraged to launch subsequent attacks.

  20. Disclosing information about the self is intrinsically rewarding

    E-Print Network [OSTI]

    Mitchell, Jason

    experiences. What drives this propensity for disclosure? Here, we test recent theories that individuals place conversation have documented that 30­40% of everyday speech is used to relay information to others about one

  1. Information Disclosure Policies: Evidence from the Electricity Industry

    E-Print Network [OSTI]

    Delmas, Magali A; SHIMSHACK, JAY P; Montes, Maria J.

    2007-01-01T23:59:59.000Z

    CA, NY, ME, and VT, had green energy generation proportionsand exemptions for green energy generation are becoming

  2. Information Disclosure Policies: Evidence from the Electricity Industry

    E-Print Network [OSTI]

    Delmas, Magali A; SHIMSHACK, JAY P; Montes, Maria J.

    2007-01-01T23:59:59.000Z

    relatively complete data in EIA databases. We focus on largeEIA)’s Annual Electric Power Industry Database and theEIA). Although all of the aforementioned data is publicly accessible through government databases,

  3. Information Disclosure Policies: Evidence from the Electricity Industry

    E-Print Network [OSTI]

    Delmas, Magali A; SHIMSHACK, JAY P; Montes, Maria J.

    2007-01-01T23:59:59.000Z

    average proportion of fossil fuels decreases and the averageusage attributable to fossil fuels substantially decreasesresidential customers. Firms’ fossil fuel program responses

  4. Information Disclosure Policies: Evidence from the Electricity Industry

    E-Print Network [OSTI]

    Delmas, Magali A; SHIMSHACK, JAY P; Montes, Maria J.

    2007-01-01T23:59:59.000Z

    of State Incentives for Renewable Energy (DSIRE). AccessibleState Incentives for Renewable Energy. Fuel mix data come

  5. T-578: Vulnerability in MHTML Could Allow Information Disclosure |

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23, 2014,Zaleski -BlueprintThisVulnerabilities | Department ofForgery

  6. U-181: IBM WebSphere Application Server Information Disclosure

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742 33Frequently AskedEnergyIssuesEnergyTransportation WorkDecemberInjury at FY6:

  7. Achieving Differential Privacy of Data Disclosure in the Smart Grid

    E-Print Network [OSTI]

    Wang, Yu

    -grained usage data collection. For example, smart metering data could reveal highly accurate real-time home. Index Terms--Smart Grid, Smart Meter, Privacy, Differential Privacy, Data Disclosure I. INTRODUCTION With the rapid development of the advanced meter infras- tructure (AMI) [1] as part of a move to smart grids

  8. Non-Confidential Disclosure Harvard Medical School Affiliate

    E-Print Network [OSTI]

    Zhang, Yi

    Non-Confidential Disclosure Harvard Medical School Affiliate Office of Technology Development 3 are underway to determine if administration of a blocking antibody or a soluble ligand-Ig chimera can prevent: Exclusive worldwide license Contact: Ryan Dietz Director, Office of Technology Development 617

  9. Before your innovation has patent protection... Avoiding Public Disclosure

    E-Print Network [OSTI]

    Benos, Panayiotis "Takis"

    1 Before your innovation has patent protection... Avoiding Public Disclosure n the publish chances of patenting any innovations that stem from your research. U.S. Patent law makes this point very clear: "A person shall be entitled to a patent unless: 1. the invention was known or used by others

  10. Temporal Language Models for the Disclosure of Historical Text

    E-Print Network [OSTI]

    Hiemstra, Djoerd

    Introduction Historical and heritage collections consist for a considerable part of text and may incorporateTemporal Language Models for the Disclosure of Historical Text Franciska de Jong Henning Rode of the historical distance, access to this content is not straightforward. Historical variants of text are often

  11. Statistical Disclosure Control: Methods and Software Development in

    E-Print Network [OSTI]

    Jureckova, Jana

    language and runs under all platforms. Turn your ideas into software easily. #12;Using R for SDC Some and statistical computing. ­ is a modern object-oriented high-level programming language and runs under allStatistical Disclosure Control: Methods and Software Development in Matthias Templ Vienna

  12. 2013 Annual Security Report Jeanne Clery Disclosure of

    E-Print Network [OSTI]

    Lipson, Michal

    1 2013 Annual Security Report Jeanne Clery Disclosure of Campus Security Policy and Campus Crime, wait for the dial tone, and press 911. There's no need to press 9 first for an outside line party missing property telephone, cable, or power outages or to check on weather, road conditions

  13. Annual Confidential Financial Disclosure Report (OGE Form 450)

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2007-12-20T23:59:59.000Z

    The Notice addresses the Executive Branch confidential financial disclosure reporting requirements. These requirements apply to career GS/GM and prevailing rate system and administratively determined employees as well as employees serving in excepted service positions designated EJ, EK, and EN. Cancels DOE N 326.13.

  14. Dissipation attack on Bennett-Brassard 1984 protocol in practical quantum key distribution system

    E-Print Network [OSTI]

    Li Yang; Bing Zhu

    2013-05-24T23:59:59.000Z

    We propose a new kind of individual attack, based on randomly selected dissipation, on Bennett-Brassard 1984 protocol of practical quantum key distribution (QKD) system with lossy and noisy quantum channel. Since an adversary with super quantum channel can disguise loss and errors induced by his attack as that of the system, he can obtain innegligible amount of information for a practical QKD system, without being detected by legal participants.

  15. The Zombie Attack on the Computational Conception of Mind

    E-Print Network [OSTI]

    Bringsjord, Selmer

    The Zombie Attack on the Computational Conception of Mind Selmer Bringsjord Department defense of the zombie attack against computationalism. Dennett, more than any other thinker, says, rigorous attack on computationalism -- the zombie attack. If this attack is sound, it will follow not only

  16. Stealthy Deception Attacks on Water SCADA Systems

    E-Print Network [OSTI]

    Hu, Fei

    Stealthy Deception Attacks on Water SCADA Systems Saurabh Amin1 Xavier Litrico2 Alexandre M. Bayen1 The Gignac Water SCADA System Modeling of Cascade Canal Pools Attacks on PI Control Limits on Stability and Detectability #12;Recapitulation from last year The Gignac Water SCADA System Modeling of Cascade Canal Pools

  17. V-221: WordPress A Forms Plugin Cross-Site Request Forgery and...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Request Forgery, and Information Disclosure Attacks T-597: WordPress Multiple Security Vulnerabilities V-078: WordPress Bugs Permit Cross-Site Scripting and Port Scanning Attacks...

  18. Secured Information Flow for Asynchronous Sequential Processes

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Secured Information Flow for Asynchronous Sequential Processes Isabelle Attali, Denis Caromel for unauthorized information flows. As a final result, all authorized communication paths are secure: no disclosure a new issue in data confidentiality: authorization of secured information flow transiting (by the mean

  19. Managing Attack Graph Complexity Through Visual Hierarchical Aggregation

    E-Print Network [OSTI]

    Noel, Steven

    Managing Attack Graph Complexity Through Visual Hierarchical Aggregation Steven Noel Center a framework for managing network attack graph complexity through interactive visualization, which includes hierarchical aggregation of graph elements. Aggregation collapses non-overlapping subgraphs of the attack graph

  20. Advanced Vulnerability Analysis and Intrusion Detection Through Predictive Attack Graphs

    E-Print Network [OSTI]

    Noel, Steven

    Advanced Vulnerability Analysis and Intrusion Detection Through Predictive Attack Graphs Steven, without considering how they contribute to overall attack risk. Similarly, intrusion alarms are logged threats, complexity of security data, and network growth. Our approach to network defense applies attack

  1. The GHS Attack in odd Characteristic Claus Diem

    E-Print Network [OSTI]

    Diem, Claus

    The GHS Attack in odd Characteristic Claus Diem March 24, 2003 Abstract The GHS attack is originally an approach to attack the discrete- logarithm problem (DLP) in the group of rational points

  2. GARNET : a Graphical Attack graph and Reachability Network Evaluation Tool

    E-Print Network [OSTI]

    Williams, Leevar (Leevar Christoff)

    2008-01-01T23:59:59.000Z

    Attack graphs are valuable tools in the assessment of network security, revealing potential attack paths an adversary could use to gain control of network assets. Creating an effective visualization for attack graphs is ...

  3. Jaguar Attack on a Child: Case Report and Literature Review

    E-Print Network [OSTI]

    Iserson, Kenneth V.; Francis, Adama M.

    2015-01-01T23:59:59.000Z

    Harlan G. Fatal Big Cat Attacks. Am J Forensic Med Pathol.Iserson et al. Jaguar Attack on a Child 18. Rabinowitz AR,SM, Mills A, Shoff WH. Human attacks by large 25. Bahram R,

  4. Evaluation of Profile Injection Attacks In Collaborative Recommender Systems

    E-Print Network [OSTI]

    Schaefer, Marcus

    Evaluation of Profile Injection Attacks In Collaborative Recommender Systems Chad Williams, Runa recommender systems. The open nature of collaborative filtering allows attackers to inject biased profile data identified attack profiles. Second, we analyze the effectiveness of a supervised classification approach

  5. Modeling Attacks on Physical Unclonable Functions Ulrich Rhrmair

    E-Print Network [OSTI]

    against these problems, but they all rest on the concept of a secret binary key. Classical cryp- tography, semi-invasive, or side-channel attacks, as well as software attacks like API- attacks and viruses, can

  6. On the Capacity Game of Private Fingerprinting Systems under Collusion Attacks

    E-Print Network [OSTI]

    Merhav, Neri

    On the Capacity Game of Private Fingerprinting Systems under Collusion Attacks Anelia Somekh;ngerprints in order not to be detected. Their action is modelled by a multiple access channel (MAC- Capacity, coding with side information, error exponents, information hiding, MMI decoder, private

  7. Detecting Sensitive Data Exfiltration by an Insider Attack Electrical & Computer Engineering

    E-Print Network [OSTI]

    California at Davis, University of

    1 Detecting Sensitive Data Exfiltration by an Insider Attack Yali Liu Electrical & Computer. By successfully implementing tactics to detect this threat, organizations avoid the loss of sensitive information of sensitive information. A key technical challenge is detection despite transformations being applied

  8. Smart Grid Integrity Attacks: Characterizations and Countermeasures

    SciTech Connect (OSTI)

    Annarita Giani; Eilyan Bitar; Miles McQueen; Pramod Khargonekar; Kameshwar Poolla

    2011-10-01T23:59:59.000Z

    Real power injections at loads and generators, and real power flows on selected lines in a transmission network are monitored, transmitted over a SCADA network to the system operator, and used in state estimation algorithms to make dispatch, re-balance and other energy management system [EMS] decisions. Coordinated cyber attacks of power meter readings can be arranged to be undetectable by any bad data detection algorithm. These unobservable attacks present a serious threat to grid operations. Of particular interest are sparse attacks that involve the compromise of a modest number of meter readings. An efficient algorithm to find all unobservable attacks [under standard DC load flow approximations] involving the compromise of exactly two power injection meters and an arbitrary number of power meters on lines is presented. This requires O(n2m) flops for a power system with n buses and m line meters. If all lines are metered, there exist canonical forms that characterize all 3, 4, and 5-sparse unobservable attacks. These can be quickly detected in power systems using standard graph algorithms. Known secure phase measurement units [PMUs] can be used as countermeasures against an arbitrary collection of cyber attacks. Finding the minimum number of necessary PMUs is NP-hard. It is shown that p + 1 PMUs at carefully chosen buses are sufficient to neutralize a collection of p cyber attacks.

  9. A Scalable Framework for Cyber Attack Discovery and Situational...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Scalable Framework for Cyber Attack Discovery and Situational Understanding (SITU) May 15, 2013 Problem Statement: Cyber attacks cost commercial and governmental organizations vast...

  10. An immunity against correlation attack on quantum stream cipher by Yuen 2000 protocol

    E-Print Network [OSTI]

    Osamu Hirota; Kaoru Kurosawa

    2006-04-06T23:59:59.000Z

    This paper presents the security analysis on the quantum stream cipher so called Yuen-2000 protocol (or $\\alpha\\eta$ scheme) against the fast correlation attack, the typical attack on stream ciphers. Although a very simple experimental model of the quantum stream cipher without a random mapper may be decrypted in the information theoretic sense by the fast correlation algorithm, it is not a basic feature of Yuen 2000 protocol. In fact, we clarify that there exists a randomization scheme which attains the perfect correlation immunity against such attacks under an approximation. And in this scheme, the running key correlation from the second randomization that determines the mapping patterns is dismissed also by quantum noise. In such a case, any fast correlation attack does not work on the quantum stream cipher.

  11. Situational correlates of disclosure of child sexual abuse

    E-Print Network [OSTI]

    Wiley, Elizabeth Stirling

    2005-02-17T23:59:59.000Z

    , there is general agreement that parents, usually the mother, are most likely to receive the child?s disclosure (Berliner & Conte, 1995; Fontanella, Harrington, & Zuravin, 2000; Gordon, 1990; Lamb & Edgar-Smith, 1994; Sauzier, 1989; Sinclair & Gold, 1997... experienced more than one assault during childhood. Lamb and Edgar-Smith (1994) found that over half of the women in their study were abused weekly in childhood. However, Gordon (1990) reports that most child victims experience only an isolated incident...

  12. On traffic analysis attacks and countermeasures

    E-Print Network [OSTI]

    Fu, Xinwen

    2007-04-25T23:59:59.000Z

    . This is true even if some commonly used countermeasures (e.g., link padding) have been deployed. We proposed an alternative effective countermeasure to counter this passive traffic analysis attack. Our extensive experimental results indicated...

  13. Cyber Security Audit and Attack Detection Toolkit

    SciTech Connect (OSTI)

    Peterson, Dale

    2012-05-31T23:59:59.000Z

    This goal of this project was to develop cyber security audit and attack detection tools for industrial control systems (ICS). Digital Bond developed and released a tool named Bandolier that audits ICS components commonly used in the energy sector against an optimal security configuration. The Portaledge Project developed a capability for the PI Historian, the most widely used Historian in the energy sector, to aggregate security events and detect cyber attacks.

  14. Practical Electromagnetic Template Attack on Pierre-Alain Fouque1

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Practical Electromagnetic Template Attack on HMAC Pierre-Alain Fouque1 , Gaëtan Leurent1 , Denis efficient side channel attack against HMAC. Our attack assumes the presence of a side channel that reveals and can configure it, the attack recovers the secret key by monitoring a single execution of HMAC- SHA-1

  15. Understanding Complex Network Attack Graphs through Clustered Adjacency Matrices

    E-Print Network [OSTI]

    Noel, Steven

    Understanding Complex Network Attack Graphs through Clustered Adjacency Matrices Steven Noel}@gmu.edu Abstract We apply adjacency matrix clustering to network attack graphs for attack correlation, prediction, and hypothesizing. We self-multiply the clustered adjacency matrices to show attacker reachability across

  16. A Game Theoretic Approach to Cyber Attack Prediction

    SciTech Connect (OSTI)

    Peng Liu

    2005-11-28T23:59:59.000Z

    The area investigated by this project is cyber attack prediction. With a focus on correlation-based prediction, current attack prediction methodologies overlook the strategic nature of cyber attack-defense scenarios. As a result, current cyber attack prediction methodologies are very limited in predicting strategic behaviors of attackers in enforcing nontrivial cyber attacks such as DDoS attacks, and may result in low accuracy in correlation-based predictions. This project develops a game theoretic framework for cyber attack prediction, where an automatic game-theory-based attack prediction method is proposed. Being able to quantitatively predict the likelihood of (sequences of) attack actions, our attack prediction methodology can predict fine-grained strategic behaviors of attackers and may greatly improve the accuracy of correlation-based prediction. To our best knowledge, this project develops the first comprehensive framework for incentive-based modeling and inference of attack intent, objectives, and strategies; and this project develops the first method that can predict fine-grained strategic behaviors of attackers. The significance of this research and the benefit to the public can be demonstrated to certain extent by (a) the severe threat of cyber attacks to the critical infrastructures of the nation, including many infrastructures overseen by the Department of Energy, (b) the importance of cyber security to critical infrastructure protection, and (c) the importance of cyber attack prediction to achieving cyber security.

  17. Towards Attack-Agnostic Defenses David Brumley and Dawn Song

    E-Print Network [OSTI]

    Brumley, David

    Towards Attack-Agnostic Defenses David Brumley and Dawn Song Carnegie Mellon University {dbrumley,dawnsong}@cs.cmu.edu Abstract Internet attackers control hundreds of thousands to per- haps millions of computers, which they can use for a va- riety of different attacks. Common attacks include spam delivery, phishing, and DDo

  18. A Probabilistic Routing Disruption Attack on DSR and Its Analysis

    E-Print Network [OSTI]

    Levi, Albert

    A Probabilistic Routing Disruption Attack on DSR and Its Analysis Ă?zleyi Ocakolu, Burak Bayolu}@sabanciuniv.edu Abstract -- In this paper, we propose an attack model against DSR ad hoc network routing protocol and analyze the effects of this attack model on DSR route discovery mechanism. The analysis of the attack

  19. The GHS Attack in odd Characteristic March 24, 2003

    E-Print Network [OSTI]

    Diem, Claus

    The GHS Attack in odd Characteristic Claus Diem March 24, 2003 Abstract The GHS attack is originally an approach to attack the discrete- logarithm problem (DLP) in the group of rational points. In this article we give a generalization of the attack to degree 0 class groups of (hyper-)elliptic curves over

  20. BAAP: Blackhole Attack Avoidance Protocol for Wireless Network

    E-Print Network [OSTI]

    Dharmaraja, S.

    BAAP: Blackhole Attack Avoidance Protocol for Wireless Network Saurabh Gupta Indian Institute infrastructure in adhoc net- work makes it vulnerable to various attacks. MANET routing disrupts attack is a blackhole attack in which malicious node falsely claiming itself as having the fresh

  1. Attack Containment Framework for Large-Scale Critical Infrastructures

    E-Print Network [OSTI]

    Nahrstedt, Klara

    Attack Containment Framework for Large-Scale Critical Infrastructures Hoang Nguyen Department-- We present an attack containment framework against value-changing attacks in large-scale critical structure, called attack container, which captures the trust behavior of a group of nodes and assists

  2. Towards Full-disclosure: Broadening Access to SCADA Data to Improve Safety, Reliability, and Security

    E-Print Network [OSTI]

    Heidemann, John

    Towards Full-disclosure: Broadening Access to SCADA Data to Improve Safety, Reliability is that openness and support for disclosure of future SCADA data can in improved safety, reliability, and security-network processing are needed to make greater openness and data sharing data viable. Today's SCADA systems are often

  3. Lessons Learned From Previous SSL/TLS Attacks A Brief Chronology Of Attacks And Weaknesses

    E-Print Network [OSTI]

    Lessons Learned From Previous SSL/TLS Attacks A Brief Chronology Of Attacks And Weaknesses in 1994 the Secure Socket Layer (SSL) protocol (later renamed to Transport Layer Security (TLS)) evolved to the de facto standard for securing the transport layer. SSL/TLS can be used for ensuring data

  4. Security classification of information

    SciTech Connect (OSTI)

    Quist, A.S.

    1993-04-01T23:59:59.000Z

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

  5. Disclosures, Disclaimers and Policies | GE Global Research

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOnItem NotEnergy,ARMFormsGasRelease Date: Contact:Disclaimers NOTICE: Information

  6. Disclosure of asset valuations in corporate annual reports

    E-Print Network [OSTI]

    Ponder, Charles Bedford

    1955-01-01T23:59:59.000Z

    Rational Casks Iocal an& regional Ctks Controllers Robert Norris kssociates lxmestnsnt ~, etc, Professors of accounting Others 13. 'pI'I 95 7. 8 10. 9 8. 3 8. '8 ~10? 10? ih?g 10?0 10?7 18. h 6?h 14. 8 lb. 75 10? 9 6. 1 8. 3 5 5 10... are state4 at costs 4eternine4 generally Canam~ Arthur N. "Disclosure of Currvmt Value of Inventories ghou14 be ih4e~ Ang a Nore Revealing Line Dnwn Set@eon Inventories %tish are Current an4 Fixe4 Assets ~" ~ ~c?f Aocoll5ton~ yebruary~ 1950, p. AM. on a...

  7. How to construct multicast cryptosystems provably secure against adaptive chosen ciphertext attack

    E-Print Network [OSTI]

    Duan, Yitao; Canny, J

    2006-01-01T23:59:59.000Z

    adaptive chosen ciphertext attack. In: CRYPTO 1998. Volumeagainst chosen cipher- text attack. J. Cryptology 15 (2002)against chosen- ciphertext attacks. In: ASIACRYPT 2001.

  8. The Procedural Attack on Civil Rights: The Empirical Reality of Buckhannon for the Private Attorney General

    E-Print Network [OSTI]

    Albiston, Catherine R.; Nielsen, Laura Beth

    2006-01-01T23:59:59.000Z

    emphasis added). Procedural Attack on Civil Rights contraryat 1 (1976). Procedural Attack on Civil Rights plaintiffs357, 367 & Procedural Attack on Civil Rights fee recovery

  9. Predicting the effect of climate change on wildfire behavior and initial attack success

    E-Print Network [OSTI]

    Fried, Jeremy S.

    2008-01-01T23:59:59.000Z

    wildfire behavior and initial attack success Van Rheenen, N.2006a. “Analysing initial attack on wildland fires usingwildfire behavior and initial attack success Fried, J.S. ,

  10. Responding to the Risk of White Shark Attack Updated Statistics, Prevention, Control

    E-Print Network [OSTI]

    Klimley, A. Peter

    477 CHAPTER 31 Responding to the Risk of White Shark Attack Updated Statistics, Prevention, Control ................................................................................................................................... 478 White Shark Attack Statistics........................................................................................................ 479 Definition of Shark Attack

  11. Heart Disease and Early Heart Attack Care

    E-Print Network [OSTI]

    Ohta, Shigemi

    Heart Disease and Early Heart Attack Care Pamela Kostic, RN, CCCC, Chest Pain Coordinator, Stony Risk Factors · EHAC & Prevention #12;Heart disease includes a number of problems affecting the heart and the blood vessels in the heart. #12;Types of heart disease include: · Coronary artery disease (CAD) · Angina

  12. Taxonomies of Cyber Adversaries and Attacks: A Survey of Incidents and Approaches

    SciTech Connect (OSTI)

    Meyers, C A; Powers, S S; Faissol, D M

    2009-10-08T23:59:59.000Z

    In this paper we construct taxonomies of cyber adversaries and methods of attack, drawing from a survey of the literature in the area of cyber crime. We begin by addressing the scope of cyber crime, noting its prevalence and effects on the US economy. We then survey the literature on cyber adversaries, presenting a taxonomy of the different types of adversaries and their corresponding methods, motivations, maliciousness, and skill levels. Subsequently we survey the literature on cyber attacks, giving a taxonomy of the different classes of attacks, subtypes, and threat descriptions. The goal of this paper is to inform future studies of cyber security on the shape and characteristics of the risk space and its associated adversaries.

  13. Deterministic quantum-public-key encryption: forward search attack and randomization

    E-Print Network [OSTI]

    Georgios M. Nikolopoulos; Lawrence M. Ioannou

    2009-03-27T23:59:59.000Z

    In the classical setting, public-key encryption requires randomness in order to be secure against a forward search attack, whereby an adversary compares the encryption of a guess of the secret message with that of the actual secret message. We show that this is also true in the information-theoretic setting -- where the public keys are quantum systems -- by defining and giving an example of a forward search attack for any deterministic quantum-public-key bit-encryption scheme. However, unlike in the classical setting, we show that any such deterministic scheme can be used as a black box to build a randomized bit-encryption scheme that is no longer susceptible to this attack.

  14. Photon-Number-Splitting versus Cloning Attacks in Practical Implementations of the Bennett-Brassard 1984 protocol for Quantum Cryptography

    E-Print Network [OSTI]

    Armand Niederberger; Valerio Scarani; Nicolas Gisin

    2005-04-15T23:59:59.000Z

    In practical quantum cryptography, the source sometimes produces multi-photon pulses, thus enabling the eavesdropper Eve to perform the powerful photon-number-splitting (PNS) attack. Recently, it was shown by Curty and Lutkenhaus [Phys. Rev. A 69, 042321 (2004)] that the PNS attack is not always the optimal attack when two photons are present: if errors are present in the correlations Alice-Bob and if Eve cannot modify Bob's detection efficiency, Eve gains a larger amount of information using another attack based on a 2->3 cloning machine. In this work, we extend this analysis to all distances Alice-Bob. We identify a new incoherent 2->3 cloning attack which performs better than those described before. Using it, we confirm that, in the presence of errors, Eve's better strategy uses 2->3 cloning attacks instead of the PNS. However, this improvement is very small for the implementations of the Bennett-Brassard 1984 (BB84) protocol. Thus, the existence of these new attacks is conceptually interesting but basically does not change the value of the security parameters of BB84. The main results are valid both for Poissonian and sub-Poissonian sources.

  15. Cyber Security Audit and Attack Detection Toolkit: National SCADA...

    Energy Savers [EERE]

    Audit and Attack Detection Toolkit: National SCADA Test Bed May 2008 Cyber Security Audit and Attack Detection Toolkit: National SCADA Test Bed May 2008 This project of the cyber...

  16. On attack correlation and the benefits of sharing IDS data

    E-Print Network [OSTI]

    Katti, Sachin (Katti Rajsekhar)

    2005-01-01T23:59:59.000Z

    This thesis presents the first wide-scale study of correlated attacks, i.e., attacks mounted by the same source IP against different networks. Using a large dataset from 1700 intrusion detection systems (IDSs), this thesis ...

  17. Dense-Coding Attack on Three-Party Quantum Key Distribution Protocols

    E-Print Network [OSTI]

    Fei Gao; Su-Juan Qin; Fen-Zhuo Guo; Qiao-Yan Wen

    2011-04-20T23:59:59.000Z

    Cryptanalysis is an important branch in the study of cryptography, including both the classical cryptography and the quantum one. In this paper we analyze the security of two three-party quantum key distribution protocols (QKDPs) proposed recently, and point out that they are susceptible to a simple and effective attack, i.e. the dense-coding attack. It is shown that the eavesdropper Eve can totally obtain the session key by sending entangled qubits as the fake signal to Alice and performing collective measurements after Alice's encoding. The attack process is just like a dense-coding communication between Eve and Alice, where a special measurement basis is employed. Furthermore, this attack does not introduce any errors to the transmitted information and consequently will not be discovered by Alice and Bob. The attack strategy is described in detail and a proof for its correctness is given. At last, the root of this insecurity and a possible way to improve these protocols are discussed.

  18. Optimal IDS Sensor Placement And Alert Prioritization Using Attack Graphs

    E-Print Network [OSTI]

    Noel, Steven

    1 Optimal IDS Sensor Placement And Alert Prioritization Using Attack Graphs Steven Noel and Sushil optimally place intrusion detection system (IDS) sensors and prioritize IDS alerts using attack graph. The set of all such paths through the network constitutes an attack graph, which we aggregate according

  19. A FOUNDATION FOR INITIAL ATTACK SIMULATION: THE FRIED AND FRIED

    E-Print Network [OSTI]

    Fried, Jeremy S.

    A FOUNDATION FOR INITIAL ATTACK SIMULATION: THE FRIED AND FRIED FIRE CONTAINMENT MODEL Jeremy S, contemporary initial attack models, such as the California Fire Economics Simulator (CFES) ver- sion 2 simulation of any mathematically representable fire shape, provides for "head" and "tail" attack tactics

  20. A Cryptanalysis of PRINTcipher: The Invariant Subspace Attack

    E-Print Network [OSTI]

    Zenner, Erik

    A Cryptanalysis of PRINTcipher: The Invariant Subspace Attack Gregor Leander, Mohamed Ahmed PRINTcipher was presented as a light-weight encryption solution for printable circuits [15]. The best attack to date is a differential attack [1] that breaks less than half of the rounds. In this paper, we

  1. WHOP: Wormhole Attack Detection Protocol using Hound Packet

    E-Print Network [OSTI]

    Dharmaraja, S.

    WHOP: Wormhole Attack Detection Protocol using Hound Packet Saurabh Gupta Indian Institute infrastructure in ad hoc network makes it vulnerable to various attacks. MANET routing disrupts if participating node do not perform its intended function and start performing malicious activity. A specific attack

  2. Attack Detection and Identification in Cyber-Physical Systems

    E-Print Network [OSTI]

    Bullo, Francesco

    Attack Detection and Identification in Cyber-Physical Systems Fabio Pasqualetti, Florian D of unforeseen failures and external malicious attacks. In this paper (i) we propose a mathematical framework for cyber- physical systems, attacks, and monitors; (ii) we characterize fundamental monitoring limitations

  3. A Fast Eavesdropping Attack Against Touchscreens Federico Maggi

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    A Fast Eavesdropping Attack Against Touchscreens Federico Maggi Alberto Volpatto Politecnico di, we arise this concern by presenting an automatic attack against mod- ern touchscreen keyboards. We demonstrate the attack against the Apple iPhone--2010's most popular touchscreen device-- although it can

  4. Attack-Resilient Time Synchronization for Wireless Sensor Networks

    E-Print Network [OSTI]

    Yener, Aylin

    Attack-Resilient Time Synchronization for Wireless Sensor Networks Hui Song, Sencun Zhu in sensor networks were not designed with security in mind, thus leaving them vulnerable to security attacks. In this paper, we first identify various attacks that are effective to several representative time

  5. Execution Trace-Driven Automated Attack Signature Generation Susanta Nanda

    E-Print Network [OSTI]

    Chiueh, Tzi-cker

    Execution Trace-Driven Automated Attack Signature Generation Susanta Nanda Symantec Research Labs In its most general form, an attack signature is a program that can correctly determine if an input network packet se- quence can successfully attack a protected network appli- cation. Filter rules used

  6. Architectural Support for Automated Software Attack Detection, Recovery, and Prevention

    E-Print Network [OSTI]

    Zambreno, Joseph A.

    Architectural Support for Automated Software Attack Detection, Recovery, and Prevention Jesse University Ames, IA 50011, USA Email: {jsathre, abaumgar, zambreno}@iastate.edu Abstract--Attacks on software systems architecture aimed at attack detection. Traditional techniques ignore the arguably more important

  7. Efficient DHT attack mitigation through peers' ID distribution

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Efficient DHT attack mitigation through peers' ID distribution Thibault Cholez, Isabelle Chrisment.festor}@loria.fr Abstract--We present a new solution to protect the widely deployed KAD DHT against localized attacks which DHT attacks by comparing real peers' ID distributions to the theoretical one thanks to the Kullback

  8. Extending the GHS Weil Descent Attack No Author Given

    E-Print Network [OSTI]

    Hess, Florian

    Extending the GHS Weil Descent Attack No Author Given No Institute Given Abstract. In this paper we extend the Weil descent attack due to Gaudry, Hess and Smart (GHS) to a much larger class of elliptic curves. This extended attack applies to elds of composite degree over F2 . The principle behind

  9. ICMP: an Attack Vector against IPsec Gateways Ludovic Jacquin

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    ICMP: an Attack Vector against IPsec Gateways Ludovic Jacquin Inria, France ludovic Protocol (ICMP) can be used as an attack vector against IPsec gateways. The main contribution of this work is to demonstrate that an attacker having eavesdropping and traffic injection capabilities in the black untrusted

  10. Attacking and Defending Networked Embedded Devices Kwang-Hyun Baek

    E-Print Network [OSTI]

    Smith, Sean W.

    Attacking and Defending Networked Embedded Devices Kwang-Hyun Baek Dartmouth College Hanover, NH College Hanover, NH 03755 sws@cs.dartmouth.edu ABSTRACT Currently, work on malware attack and defense become the launching point for many attacks on the enterprise network in which the embedded devices

  11. On the Vulnerability of Hardware Hash Tables to Sophisticated Attacks

    E-Print Network [OSTI]

    Bremler-Barr, Anat

    results as well. Keywords: DDoS, Network Hardware, Hash , Peacock, Cuckoo. 1 Introduction Modern high. Such network hardware elements are highly preferable targets for DDoS (Distributed Denial of Service) attacks with knowledge about how the system works, an attacker can perform a low-bandwidth sophisticated DDoS attack

  12. Reserves Overstatements: History, Enforcement, Identification, and Implications of New SEC Disclosure Requirements 

    E-Print Network [OSTI]

    Olsen, Grant

    2010-07-14T23:59:59.000Z

    Despite the need for accurate oil and gas reserves estimates which honor disclosure requirements of the United States Securities and Exchange Commission (SEC), a number of exploration and production companies have allegedly ...

  13. Market Risks and Oilfield Ownership - Refining SEC Oil and Gas Disclosures 

    E-Print Network [OSTI]

    Kretzschmar, Gavin Lee; Hatherly, David; Misund, Bard

    2006-01-01T23:59:59.000Z

    ownership, concession and production sharing contracts (PSCs). SEC present value disclosures for both forms of ownership are shown to be significantly more responsive to oil prices than stock return sensitivities noted by Rajgopal (1999). Importantly, we...

  14. Annual Confidential Financial Disclosure Report (OGE Form 450 or 450-A)

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2003-09-29T23:59:59.000Z

    This Notice address the Executive Branch confidential financial disclosure reporting requirements. These requirements apply to career GS/GM employees as well as employees serving in excepted service positions designate EJ, EK, and EN.

  15. Board Independence, Executive Pay Structures, and Pay Disclosure: Evidence from Europe

    E-Print Network [OSTI]

    Muslu, Volkan

    2004-02-06T23:59:59.000Z

    Using a broad sample of the largest European companies, I examine whether the two governance mechanisms, namely (i) independent monitoring by a board of directors and (ii) grants and disclosures of incentive-based executive ...

  16. START Program for Renewable Energy Project Development Assistance Non-Disclosure Agreement

    Broader source: Energy.gov [DOE]

    Download the Non-Disclosure Agreement to submit along with your application for the DOE Office of Indian Energy Strategic Technical Assistance Response Team (START) Program for Renewable Energy...

  17. Effect of board independence on incentive compensation and compensation disclosure : evidence from Europe

    E-Print Network [OSTI]

    Muslu, Volkan

    2005-01-01T23:59:59.000Z

    My thesis examines how the lack of board-of-director independence affects the structure and disclosure of executive compensation. I find that European companies with more insiders on their boards grant their executives ...

  18. Creativity, expression, and healing: an empirical study using mandalas within the written disclosure paradigm

    E-Print Network [OSTI]

    Henderson, Patti Gail

    2009-05-15T23:59:59.000Z

    CREATIVITY, EXPRESSION, AND HEALING: AN EMPIRICAL STUDY USING MANDALAS WITHIN THE WRITTEN DISCLOSURE PARADIGM A Thesis by PATTI GAIL HENDERSON Submitted to the Office of Graduate Studies of Texas A&M University... DISCLOSURE PARADIGM A Thesis by PATTI GAIL HENDERSON Submitted to the Office of Graduate Studies of Texas A&M University in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE Approved by: Chair...

  19. Mitigation of Malicious Attacks on Networks

    E-Print Network [OSTI]

    Schneider, Christian M; Andrade, Jose S; Havlin, Shlomo; Herrmann, Hans J; 10.1073/pnas.1009440108

    2011-01-01T23:59:59.000Z

    Terrorist attacks on transportation networks have traumatized modern societies. With a single blast, it has become possible to paralyze airline traffic, electric power supply, ground transportation or Internet communication. How and at which cost can one restructure the network such that it will become more robust against a malicious attack? We introduce a unique measure for robustness and use it to devise a method to mitigate economically and efficiently this risk. We demonstrate its efficiency on the European electricity system and on the Internet as well as on complex networks models. We show that with small changes in the network structure (low cost) the robustness of diverse networks can be improved dramatically while their functionality remains unchanged. Our results are useful not only for improving significantly with low cost the robustness of existing infrastructures but also for designing economically robust network systems.

  20. Satellite Threat Warning and Attack Reporting

    SciTech Connect (OSTI)

    Hilland, D. [Kirkland AFB, NM (United States). Air Force Research Lab.; Phipps, G. [Sandia National Labs., Albuquerque, NM (United States). Optics & Technologies Dept.; Jingle, C.; Newton, G. [Schafer Corp., Albuquerque, NM (United States)

    1997-12-31T23:59:59.000Z

    The Air Force Research Laboratory`s Satellite Threat Warning and Attack Reporting (STW/AR) program will provide technologies for advanced threat warning and reporting of radio frequency (RF) and laser threats. The STW/AR program objectives are: (a) develop cost- effective technologies to detect, identify, locate, characterize, and report attacks or interference against U.S. and Allied satellites. (b) demonstrate innovative, light-weight, low-power, laser and RF sensors. The program focuses on the demonstration of RF and laser sensors. The RF sensor effort includes the investigation of interferometric antenna arrays, multi-arm spiral and butler matrix antennas, wideband receivers, adaptive processors, and improved processing algorithms. The laser sensor effort includes the investigation of alternative detectors, broadband grating and optical designs, active pixel sensing, and improved processing algorithms.

  1. Third Party CNOT Attack on MDI QKD

    E-Print Network [OSTI]

    Arpita Maitra

    2012-09-06T23:59:59.000Z

    In this letter, we concentrate on the very recently proposed Measurement Device Independent Quantum Key Distribution (MDI QKD) protocol by Lo, Curty and Qi (PRL, 2012). We study how one can suitably present an eavesdropping strategy on MDI QKD, that is in the direction of the fundamental CNOT attack on BB84 protocol, though our approach is quite different. In this strategy, Eve will be able to know expected half of the secret bits communicated between Alice and Bob with certainty (probability 1) without introducing any error. Further, for the remaining bits, where Eve will only be able to predict the bit values as in random guess (with probability 1/2), she will certainly find out whether her interaction induced an error in the secret bits between the communicating parties. Given the asymmetric nature of the CNOT attack, we also introduce Hadamard gates to present a symmetric version. Though our analysis does not refute the security claims in MDI QKD, adapting the CNOT attack in this scenario requires nontrivial approach using entanglement swapping.

  2. Sequential Defense Against Random and Intentional Attacks in Complex Networks

    E-Print Network [OSTI]

    Chen, Pin-Yu

    2015-01-01T23:59:59.000Z

    Network robustness against attacks is one of the most fundamental researches in network science as it is closely associated with the reliability and functionality of various networking paradigms. However, despite the study on intrinsic topological vulnerabilities to node removals, little is known on the network robustness when network defense mechanisms are implemented, especially for networked engineering systems equipped with detection capabilities. In this paper, a sequential defense mechanism is firstly proposed in complex networks for attack inference and vulnerability assessment, where the data fusion center sequentially infers the presence of an attack based on the binary attack status reported from the nodes in the network. The network robustness is evaluated in terms of the ability to identify the attack prior to network disruption under two major attack schemes, i.e., random and intentional attacks. We provide a parametric plug-in model for performance evaluation on the proposed mechanism and valida...

  3. ICC 2006 SUBMISSION 1 On the Impact of Low-Rate Attacks

    E-Print Network [OSTI]

    Guirguis, Mina S. - Department of Computer Science, Texas State University

    -Rate Attacks; I. INTRODUCTION Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks study the impact of these new breeds of attacks and the extent to which defense mechanisms are capable potentially have high attack potency per attack burst. Our analysis is focused towards worst-case scenarios

  4. Concentration Gradient and Information Energy for Decentralized UAV Control1

    E-Print Network [OSTI]

    Mohseni, Kamran

    spills, industrial release accidents, or chemical/biological/nuclear terrorist attacks. DependingConcentration Gradient and Information Energy for Decentralized UAV Control1 William J. Pisano2

  5. Information flow for secure distributed applications

    E-Print Network [OSTI]

    Cheng, Winnie Wing-Yee

    2009-01-01T23:59:59.000Z

    Private and confidential information is increasingly stored online and increasingly being exposed due to human errors as well as malicious attacks. Information leaks threaten confidentiality, lead to lawsuits, damage ...

  6. Information Flow for Secure Distributed Applications

    E-Print Network [OSTI]

    Cheng, Winnie Wing-Yee

    2009-08-27T23:59:59.000Z

    Private and confidential information is increasingly stored online and increasingly being exposed due to human errors as well as malicious attacks. Information leaks threaten confidentiality, lead to lawsuits, damage ...

  7. Practical security bounds against the Trojan-horse attack in quantum key distribution

    E-Print Network [OSTI]

    Marco Lucamarini; Iris Choi; Martin B. Ward; James F. Dynes; Zhiliang Yuan; Andrew J. Shields

    2015-06-05T23:59:59.000Z

    In the quantum version of a Trojan-horse attack, photons are injected into the optical modules of a quantum key distribution system in an attempt to read information direct from the encoding devices. To stop the Trojan photons, the use of passive optical components has been suggested. However, to date, there is no quantitative bound that specifies such components in relation to the security of the system. Here, we turn the Trojan-horse attack into an information leakage problem. This allows us quantify the system security and relate it to the specification of the optical elements. The analysis is supported by the experimental characterization of reflectivity and transmission of the optical components most relevant to security.

  8. Fake state attack on practically decoy state quantum key distribution

    E-Print Network [OSTI]

    Yong-gang Tan

    2012-02-15T23:59:59.000Z

    In this paper, security of practically decoy state quantum key distribution under fake state attack is considered. If quantum key distribution is insecure under this type of attack, decoy sources can not also provide it with enough security. Strictly analysis shows that Eve should eavesdrop with the aid of photon-number-resolving instruments. In practical implementation of decoy state quantum key distribution where statistical fluctuation is considered, however, Eve can attack it successfully with threshold detectors.

  9. Attack polish for nickel-base alloys and stainless steels

    DOE Patents [OSTI]

    Not Available

    1980-05-28T23:59:59.000Z

    A chemical attack polish and polishing procedure for use on metal surfaces such as nickel base alloys and stainless steels is described. The chemical attack polich comprises FeNO/sub 3/, concentrated CH/sub 3/COOH, concentrated H/sub 2/SO/sub 4/ and H/sub 2/O. The polishing procedure includes saturating a polishing cloth with the chemical attack polish and submicron abrasive particles and buffing the metal surface.

  10. Attack polish for nickel-base alloys and stainless steels

    DOE Patents [OSTI]

    Steeves, Arthur F. (Schenectady, NY); Buono, Donald P. (Schenectady, NY)

    1983-01-01T23:59:59.000Z

    A chemical attack polish and polishing procedure for use on metal surfaces such as nickel base alloys and stainless steels. The chemical attack polish comprises Fe(NO.sub.3).sub.3, concentrated CH.sub.3 COOH, concentrated H.sub.2 SO.sub.4 and H.sub.2 O. The polishing procedure includes saturating a polishing cloth with the chemical attack polish and submicron abrasive particles and buffing the metal surface.

  11. Organizational Conflicts of Interest Disclosure--Advisory and Assistance Services UT-B Contracts Div Page 1 of 1

    E-Print Network [OSTI]

    Pennycook, Steve

    Organizational Conflicts of Interest Disclosure--Advisory and Assistance Services UT-B Contracts Div Jan 2006 Page 1 of 1 org-conflict-int-disclos-ext-jan06.doc ORGANIZATIONAL CONFLICTS OF INTEREST DISCLOSURE ­ ADVISORY AND ASSISTANCE SERVICES (Jan 2006) (a) Organizational conflict of interest means

  12. Disclosure and Management of Financial Conflicts of Interest in PHS Funded Research Policy Statement and Purpose 2

    E-Print Network [OSTI]

    Weston, Ken

    to the application will be biased by any significant financial interest of any Investigator working on the researchDisclosure and Management of Financial Conflicts of Interest in PHS Funded Research Policy Page 1/Subcontractor 5 Disclosure Review Process 5 Management and Reporting of Financial Conflicts of Interest 7 Non

  13. Cyber Security Audit and Attack Detection Toolkit: Bandolier...

    Broader source: Energy.gov (indexed) [DOE]

    This project of the cyber security audit and attack detection toolkit will employ Bandolier Audit Files for optimizing security configurations and the Portaledge event detection...

  14. Bounds on Information and the Security of Quantum Cryptography

    E-Print Network [OSTI]

    E. Biahm; T. Mor

    1997-01-08T23:59:59.000Z

    Strong attacks against quantum key distribution use quantum memories and quantum gates to attack directly the final key. In this paper we extend a novel security result recently obtained, to demonstrate proofs of security against a wide class of such attacks. To reach this goal we calculate information-dependent reduced density matrices, we study the geometry of quantum mixed states, and we find bounds on the information leaked to an eavesdropper. Our result suggests that quantum cryptography is ultimately secure.

  15. IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS -MANUSCRIPT 1 Taxonomy of Attacks for Agent-based Smart

    E-Print Network [OSTI]

    Pota, Himanshu Roy

    of introducing the structure of space-time and information flow direction, security feature, and cyberIEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS - MANUSCRIPT 1 Taxonomy of Attacks for Agent infrastructure in Cyber-Physical Systems (CPSs), a smart grid exhibits the complicated nature of large scale

  16. Too Big or Too Small? The PTB-PTS ICMP-based Attack against IPsec Gateways

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Too Big or Too Small? The PTB-PTS ICMP-based Attack against IPsec Gateways Ludovic Jacquin Inria the "Packet Too Big"-"Packet Too Small" ICMP based attack against IPsec gateways. We explain how an attacker in use, the attack either creates a Denial of Service or major performance penalties. This attack

  17. Defending Systems Against Application-Level Denial of Service Attacks

    E-Print Network [OSTI]

    Keidar, Idit

    Systems Against Application-Level Denial of Service Attacks Research Thesis Submitted in Partial of the Technion -- Israel Institute of Technology HESHVAN 5768 HAIFA NOVEMBER 2007 #12;#12;The Research Thesis with a Single Port . . . . . . . . . . . 66 5.3.1 Blind Attack

  18. Stealthy Poisoning Attacks on PCA-based Anomaly Detectors

    E-Print Network [OSTI]

    Tygar, Doug

    Stealthy Poisoning Attacks on PCA-based Anomaly Detectors Benjamin I. P. Rubinstein1 Blaine Nelson1 detection, we present and evaluate short-term and long-term data poison- ing schemes that trade-off between poisoning duration and the volume of traffic injected for poisoning. Stealthy Boil- ing Frog attacks

  19. Forging Attacks on two Authenticated Encryptions COBRA and POET

    E-Print Network [OSTI]

    Forging Attacks on two Authenticated Encryptions COBRA and POET Mridul Nandi Indian Statistical COBRA [4], based on pseudorandom per- mutation (PRP) blockcipher, and POET [3], based on Almost XOR and a simple vari- ant of the original proposal of POET (due to a forging attack [13] on the original proposal

  20. Avoiding the Detector Blinding Attack on Quantum Cryptography

    E-Print Network [OSTI]

    Z L Yuan; J F Dynes; A J Shields

    2010-09-30T23:59:59.000Z

    We show the detector blinding attack by Lydersen et al [1] will be ineffective on most single photon avalanche photodiodes (APDs) and certainly ineffective on any detectors that are operated correctly. The attack is only successful if a redundant resistor is included in series with the APD, or if the detector discrimination levels are set inappropriately.

  1. Combined Modeling and Side Channel Attacks on Strong PUFs

    E-Print Network [OSTI]

    , unknown to the adversary. This requirement can be difficult to uphold in practice: Physical attacks like- tacks on PUF core properties have been reported. They con- cern their physical and digital unclonability, for example, we report successful attacks for bitlengths of 64, 128 and 256, and for up to nine single Arbiter

  2. Thomas E. Hinds Although many diseases attack aspen, relatively few

    E-Print Network [OSTI]

    DISEASES Thomas E. Hinds Although many diseases attack aspen, relatively few kill or seriously of aspen, whereas there are subtle differ- ences in distribution between the important decay fungi. Foliage Diseases Fungus Diseases Many fungi are capable of attacking aspen leaves, from juvenile growth

  3. Energy Attacks and Defense Techniques for Wireless Systems

    E-Print Network [OSTI]

    Potkonjak, Miodrag

    propose a hardware- based energy attack, namely energy hardware Trojans (HTs), which can be well hidden of these applications, security and integrity of the devices have become a critical concern. Due to the mobile and wire the phone. We target on the energy attacks on wireless systems caused by hardware Trojans (HTs), which

  4. On Detecting Pollution Attacks in Inter-Session Network Coding

    E-Print Network [OSTI]

    Markopoulou, Athina

    On Detecting Pollution Attacks in Inter-Session Network Coding Anh Le, Athina Markopoulou University of California, Irvine {anh.le, athina}@uci.edu Abstract--Dealing with pollution attacks in inter be malicious. In this work, we precisely define corrupted packets in inter-session pollution based

  5. On Detecting Pollution Attacks in Inter-Session Network Coding

    E-Print Network [OSTI]

    Markopoulou, Athina

    On Detecting Pollution Attacks in Inter-Session Network Coding Anh Le, Athina Markopoulou University of California, Irvine {anh.le, athina}@uci.edu Abstract--Dealing with pollution attacks in inter be malicious. In this work, we first define precisely corrupted packets in inter-session pollution based

  6. Energy-Based Attack Detection in Networked Control Emeka Eyisi

    E-Print Network [OSTI]

    Koutsoukos, Xenofon D.

    systems includ- ing medical devices [13] and waste water treatment plants [1]. In securing CPSEnergy-Based Attack Detection in Networked Control Systems Emeka Eyisi United Technologies Research.koutsoukos@vanderbilt.edu ABSTRACT The increased prevalence of attacks on Cyber-Physical Systems (CPS) as well as the safety

  7. Cardiologists from CU testing revolutionary heart-attack treatment

    E-Print Network [OSTI]

    Cerveny, Vlastislav

    Cardiologists from CU testing revolutionary heart-attack treatment Compiled 4.12.2013 23 of the biologically degradable stent in the treatment of myocardial infarctions (heart-attacks). The results with a metal stent in their heart for the rest of their life; instead, the stent does its work then disappears

  8. Network Vulnerability to Single, Multiple, and Probabilistic Physical Attacks

    E-Print Network [OSTI]

    Agarwal, Pankaj K.

    , such as an Electromagnetic Pulse (EMP) attack. Large- scale disasters are likely to destroy network equipment and to severely--Network survivability, geographic networks, network design, Electromagnetic Pulse (EMP), computational geometry. I, such as an Electromagnetic Pulse (EMP) attack, as well as natural disasters, such as earth- quakes, hurricanes or floods [1

  9. Property Rights, Taxpayer Rights, and the Multiscalar Attack on the State: Consequences for Regionalism in the United States

    E-Print Network [OSTI]

    Christopher Niedt; Margaret Weir

    2007-01-01T23:59:59.000Z

    and the Multiscalar Attack on the State: Consequences forand the multiscalar attack on the state: Consequences forand the multiscalar attack on the state: Consequences for

  10. Network attack detection and defense – Manifesto of the Dagstuhl Perspective Workshop, March 2nd–6th, 2008

    E-Print Network [OSTI]

    Carle, Georg; Dressler, Falko; Kemmerer, Richard A.; Koenig, Hartmut; Kruegel, Christopher; Laskov, Pavel

    2009-01-01T23:59:59.000Z

    y REGULÄRE BEITRÄGE Network attack detection and defense –Perspective Workshop Network Attack Detection and Defensefor the detection of network attacks, should more strongly

  11. Minimum State Awareness for Resilient Control Systems Under Cyber-Attack

    SciTech Connect (OSTI)

    Kisner, Roger [ORNL; Fugate, David L [ORNL; McIntyre, Timothy J [ORNL

    2012-01-01T23:59:59.000Z

    State awareness for a control system is the accurate knowledge of the internal states of the system realization. To maintain stable operation, a controller requires a certain degree of state awareness. By definition, a cyber-attacker decreases the state awareness by modifying or removing the information available to the operator and control system. By doing so, the attacker can directly cause damage to the physical system through the control system, or indirectly by causing the operator to react in a damaging manner to the false information. In a number of recent papers, detection and mitigation strategies have been proposed that assume state awareness. The goal of the attacker to reduce or remove state awareness makes this assumption invalid for most situations. One of the central problems of resilient control is developing methods to retain sufficient state awareness to continue operation during a cyberattack. In this paper, we will define state awareness, discuss the consequences of loss of state awareness, and some potential research directions for maintaining state awareness.

  12. Attacking a practical quantum-key-distribution system with wavelength-dependent beam-splitter and multiwavelength sources

    SciTech Connect (OSTI)

    Li, Hong-Wei [Key Laboratory of Quantum Information,University of Science and Technology of China, Hefei, 230026 (China); Zhengzhou Information Science and Technology Institute, Zhengzhou, 450004 (China); Wang, Shuang; Huang, Jing-Zheng; Chen, Wei; Yin, Zhen-Qiang; Li, Fang-Yi; Zhou, Zheng; Liu, Dong; Zhang, Yang; Guo, Guang-Can; Han, Zheng-Fu [Key Laboratory of Quantum Information,University of Science and Technology of China, Hefei, 230026 (China); Bao, Wan-Su [Zhengzhou Information Science and Technology Institute, Zhengzhou, 450004 (China)

    2011-12-15T23:59:59.000Z

    It is well known that the unconditional security of quantum-key distribution (QKD) can be guaranteed by quantum mechanics. However, practical QKD systems have some imperfections, which can be controlled by the eavesdropper to attack the secret key. With current experimental technology, a realistic beam splitter, made by fused biconical technology, has a wavelength-dependent property. Based on this fatal security loophole, we propose a wavelength-dependent attacking protocol, which can be applied to all practical QKD systems with passive state modulation. Moreover, we experimentally attack a practical polarization encoding QKD system to obtain all the secret key information at the cost of only increasing the quantum bit error rate from 1.3 to 1.4%.

  13. An Attack on RSA Using LSBs of Multiples of the Prime Factors

    E-Print Network [OSTI]

    Nitaj, Abderrahmane

    An Attack on RSA Using LSBs of Multiples of the Prime Factors Abderrahmane Nitaj Laboratoire de attack on RSA with d in polynomial time under special conditions. For example, various partial key exposure attacks on RSA and some

  14. Risk-based decision making for staggered bioterrorist attacks : resource allocation and risk reduction in "reload" scenarios.

    SciTech Connect (OSTI)

    Lemaster, Michelle Nicole; Gay, David M. (Sandia National Laboratories, Albuquerque, NM); Ehlen, Mark Andrew (Sandia National Laboratories, Albuquerque, NM); Boggs, Paul T.; Ray, Jaideep

    2009-10-01T23:59:59.000Z

    Staggered bioterrorist attacks with aerosolized pathogens on population centers present a formidable challenge to resource allocation and response planning. The response and planning will commence immediately after the detection of the first attack and with no or little information of the second attack. In this report, we outline a method by which resource allocation may be performed. It involves probabilistic reconstruction of the bioterrorist attack from partial observations of the outbreak, followed by an optimization-under-uncertainty approach to perform resource allocations. We consider both single-site and time-staggered multi-site attacks (i.e., a reload scenario) under conditions when resources (personnel and equipment which are difficult to gather and transport) are insufficient. Both communicable (plague) and non-communicable diseases (anthrax) are addressed, and we also consider cases when the data, the time-series of people reporting with symptoms, are confounded with a reporting delay. We demonstrate how our approach develops allocations profiles that have the potential to reduce the probability of an extremely adverse outcome in exchange for a more certain, but less adverse outcome. We explore the effect of placing limits on daily allocations. Further, since our method is data-driven, the resource allocation progressively improves as more data becomes available.

  15. The Economic Consequences of Sharing Security Information Esther Gal-Or1

    E-Print Network [OSTI]

    Camp, L. Jean

    Information technology (IT) security has emerged as an important issue in the last decade. To promote the disclosure and sharing of cyber-security information amongst firms, the US federal government has encouraged-commerce con- tinues to grow, so does cyber crime. According to Jupiter Media Metrix, cyber-security issues

  16. UNIVERSITY OF CALIFORNIA, IRVINE Jeanne Clery Disclosure of Campus Security Policy and

    E-Print Network [OSTI]

    Stanford, Kyle

    UNIVERSITY OF CALIFORNIA, IRVINE Jeanne Clery Disclosure of Campus Security Policy and Campus Crime.0 INTRODUCTION 2.0 UCI POLICE DEPARTMENT (Law Enforcement Policies) 2.1 Police Authority 2.2 Mission Statement 2 (Crimes and Emergency Policies) 3.1 Emergencies 3.2 Non-Emergencies 3.3 Anonymous and Confidential

  17. Annual Confidential Financial Disclosure Report (OGE Form 450 or 450A)

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2005-09-30T23:59:59.000Z

    This Notice addresses the Executive Branch confidential financial disclosure reporting requirements. These requirements apply to career GS/GM and prevailing rate system and administratively determined employees as well as employees serving in excepted service positions designated EJ, EK, and EN. (Note: It replaces DOE N 326.11, which expired 9-29-05.)

  18. Annual Confidential Financial Disclosure Report (OGE Form 450 or 450A)

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2007-01-03T23:59:59.000Z

    This Notice addresses the Executive Branch confidential financial disclosure reporting requirements. These requirements apply to career GS/GM and prevailing rate system and administratively determined employees as well as employees serving in excepted service positions designated EJ, EK, and EN.

  19. IDF No. (assigned by USC OTC): _________ Disclosure Date (date received by USC OTC): _________

    E-Print Network [OSTI]

    Almor, Amit

    . You must sign the form and obtain a witness signature for SCRF to begin to administer your invention Commercialization of the South Carolina Research Foundation (hereinafter "SCRF"). This disclosure should/foundation/company/etc): Sponsor's Grant/Project Number (or MTA Number): SCRF, SPAR, or SC Foundation Account Number: Principal

  20. 2010 Annual Security Report Jeanne Clery Disclosure of Campus Security Policy

    E-Print Network [OSTI]

    1 2010 Annual Security Report Jeanne Clery Disclosure of Campus Security Policy and Campus Crime, wait for the dial tone, and press 911. There's no need to press 9 first for an outside line party missing property telephone, cable, or power outages or to check on weather, road conditions

  1. 2011 Annual Security Report Jeanne Clery Disclosure of Campus Security Policy

    E-Print Network [OSTI]

    1 2011 Annual Security Report Jeanne Clery Disclosure of Campus Security Policy and Campus Crime, wait for the dial tone, and press 911. There's no need to press 9 first for an outside line party missing property telephone, cable, or power outages or to check on weather, road conditions

  2. A Method for Estimating the Financial Impact of Cyber Information Security Breaches Utilizing the Common Vulnerability Scoring System and Annual Loss Expectancy

    E-Print Network [OSTI]

    Lindsey, Michael B.

    2010-05-14T23:59:59.000Z

    Information security is relatively new field that is experiencing rapid growth in terms of malicious attack frequency and the amount of capital that firms must spend on attack defense. This rise in security expenditures has prompted corporate...

  3. Protecting Intelligent Distributed Power Grids against Cyber Attacks

    SciTech Connect (OSTI)

    Dong Wei; Yan Lu; Mohsen Jafari; Paul Skare; Kenneth Rohde

    2010-12-31T23:59:59.000Z

    Like other industrial sectors, the electrical power industry is facing challenges involved with the increasing demand for interconnected operations and control. The electrical industry has largely been restructured due to deregulation of the electrical market and the trend of the Smart Grid. This moves new automation systems from being proprietary and closed to the current state of Information Technology (IT) being highly interconnected and open. However, while gaining all of the scale and performance benefits of IT, existing IT security challenges are acquired as well. The power grid automation network has inherent security risks due to the fact that the systems and applications for the power grid were not originally designed for the general IT environment. In this paper, we propose a conceptual layered framework for protecting power grid automation systems against cyber attacks. The following factors are taken into account: (1) integration with existing, legacy systems in a non-intrusive fashion; (2) desirable performance in terms of modularity, scalability, extendibility, and manageability; (3) alignment to the 'Roadmap to Secure Control Systems in the Energy Sector' and the future smart grid. The on-site system test of the developed prototype security system is briefly presented as well.

  4. Optimal response to attacks on the open science grids.

    SciTech Connect (OSTI)

    Altunay, M.; Leyffer, S.; Linderoth, J. T.; Xie, Z. (Mathematics and Computer Science); (FNAL); (Univ. of Wisconsin at Madison)

    2011-01-01T23:59:59.000Z

    Cybersecurity is a growing concern, especially in open grids, where attack propagation is easy because of prevalent collaborations among thousands of users and hundreds of institutions. The collaboration rules that typically govern large science experiments as well as social networks of scientists span across the institutional security boundaries. A common concern is that the increased openness may allow malicious attackers to spread more readily around the grid. We consider how to optimally respond to attacks in open grid environments. To show how and why attacks spread more readily around the grid, we first discuss how collaborations manifest themselves in the grids and form the collaboration network graph, and how this collaboration network graph affects the security threat levels of grid participants. We present two mixed-integer program (MIP) models to find the optimal response to attacks in open grid environments, and also calculate the threat level associated with each grid participant. Given an attack scenario, our optimal response model aims to minimize the threat levels at unaffected participants while maximizing the uninterrupted scientific production (continuing collaborations). By adopting some of the collaboration rules (e.g., suspending a collaboration or shutting down a site), the model finds optimal response to subvert an attack scenario.

  5. E-Print Network 3.0 - abdool karim attacking Sample Search Results

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    . We further describe specific attacks on two existing proposals, namely SWATT and ICE-based schemes... , and ar- gue about the difficulty of fixing them. All attacks...

  6. TCPL: A Defense against wormhole attacks in wireless sensor networks

    SciTech Connect (OSTI)

    Kumar, K. E. Naresh [PG Student, Dept of Computer Science and Engineering, KBNCE, Gulbarga, Karnataka (India); Waheed, Mohd. Abdul [Asst. Professor, Dept of Computer Science and Engineering, KBNCE, Gulbarga, Karnataka (India); Basappa, K. Kari [Professor, Dept of E and CE, Dayanand College of Engineering, Banglore, Karnataka (India)

    2010-10-26T23:59:59.000Z

    Do In this paper presents recent advances in technology have made low-cost, low-power wireless sensors with efficient energy consumption. A network of such nodes can coordinate among themselves for distributed sensing and processing of certain data. For which, we propose an architecture to provide a stateless solution in sensor networks for efficient routing in wireless sensor networks. This type of architecture is known as Tree Cast. We propose a unique method of address allocation, building up multiple disjoint trees which are geographically inter-twined and rooted at the data sink. Using these trees, routing messages to and from the sink node without maintaining any routing state in the sensor nodes is possible. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many sensor network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a new, general mechanism, called packet leashes, for detecting and thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes.

  7. Office of the CISO, December 2010 Information Security Risk Advisory

    E-Print Network [OSTI]

    Queitsch, Christine

    Office of the CISO, December 2010 Information Security Risk Advisory Web Browsing Software attacks. The Office of the Chief Information Security Officer (CISO) encourages you to be aware of the following when

  8. Use theT.I.M.E. Method To Help Your Patients Make a Heart Attack Survival Plan

    E-Print Network [OSTI]

    Bandettini, Peter A.

    Use theT.I.M.E. Method To Help Your Patients Make a Heart Attack Survival Plan Act in Time to Heart Attack Signs Why Your Patients Need To Act in Time to Heart Attack Signs Coronary heart disease a heart attack. About 460,000 of those heart attacks are fatal. Disability and death from heart attack can

  9. On the Complexity of Matsui's Attack Pascal Junod

    E-Print Network [OSTI]

    On the Complexity of Matsui's Attack Pascal Junod Security and Cryptography Laboratory Swiss at random and where depends on the key value. Given some plaintext bits Pi1 , . . . , Pir , ciphertext bits

  10. Guessing Attacks and the Computational Soundness of Static Equivalence

    E-Print Network [OSTI]

    Warinschi, Bogdan

    Guessing Attacks and the Computational Soundness of Static Equivalence Martin Abadi1 , Mathieu static equivalence. Static equivalence depends on an underlying equa- tional theory. The choice, fundamental cryp- tographic operations. This equational theory yields a notion of static equivalence

  11. On countermeasures of worm attacks over the Internet 

    E-Print Network [OSTI]

    Yu, Wei

    2009-05-15T23:59:59.000Z

    Worm attacks have always been considered dangerous threats to the Internet since they can infect a large number of computers and consequently cause large-scale service disruptions and damage. Thus, research on modeling ...

  12. Practical Attacks on Digital Signatures Using MD5 Message Digest

    E-Print Network [OSTI]

    schemes based on MD5 message digest on an example using GPG. Keywords: collision, hash function, MD5 1 on digital signatures on an example using GPG (section 5) and finally an exam- ple of real-world attack

  13. After-gate attack on a quantum cryptosystem

    E-Print Network [OSTI]

    Carlos Wiechers; Lars Lydersen; Christoffer Wittmann; Dominique Elser; Johannes Skaar; Christoph Marquardt; Vadim Makarov; Gerd Leuchs

    2010-09-14T23:59:59.000Z

    We present a method to control the detection events in quantum key distribution systems that use gated single-photon detectors. We employ bright pulses as faked states, timed to arrive at the avalanche photodiodes outside the activation time. The attack can remain unnoticed, since the faked states do not increase the error rate per se. This allows for an intercept-resend attack, where an eavesdropper transfers her detection events to the legitimate receiver without causing any errors. As a side effect, afterpulses, originating from accumulated charge carriers in the detectors, increase the error rate. We have experimentally tested detectors of the system id3110 (Clavis2) from ID Quantique. We identify the parameter regime in which the attack is feasible despite the side effect. Furthermore, we outline how simple modifications in the implementation can make the device immune to this attack.

  14. Active Attacks Against Modulation-based Radiometric Identification

    E-Print Network [OSTI]

    Bystroff, Chris

    ) may become compromised via physical attacks. In light of these difficulties, researchers have started Science Technical Report 09-02 Matthew Edman and B¨ulent Yener Rensselaer Polytechnic Institute Department

  15. Network Vulnerability to Single, Multiple, and Probabilistic Physical Attacks

    E-Print Network [OSTI]

    Hay, David

    Network Vulnerability to Single, Multiple, and Probabilistic Physical Attacks Pankaj K. Agarwal, swami}@cs.arizona.edu Electrical Engineering, Columbia University. {hdavid, gil}@ee.columbia.edu Abstract--Telecommunications networks heavily rely on the physical infrastructure and, are therefore

  16. Coordinated Variable Structure Switching Attacks for Smart Grid 

    E-Print Network [OSTI]

    Liu, Shan

    2013-02-11T23:59:59.000Z

    The effective modeling and analysis of large-scale power system disturbances especially those stemming from intentional attack represents an open engineering and research problem. Challenges stem from the need to develop ...

  17. Real-world Polymorphic Attack Detection Michalis Polychronakis,1

    E-Print Network [OSTI]

    Markatos, Evangelos P.

    proposed network-level emulation, a heuristic detection method that scans network traffic to detect, sophisticated obfuscation schemes. Keywords Polymorphism, intrusion detection, code emulation 1. Introduction them under control for as long as possible. As detection mechanisms improve, attackers employ

  18. U-073: Bugzilla Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks

    Broader source: Energy.gov [DOE]

    Several vulnerabilities were reported in Bugzilla. A remote user can conduct cross-site scripting attacks.

  19. Combined Attack on CRT-RSA Why Public Verification Must Not Be Public?

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Combined Attack on CRT-RSA Why Public Verification Must Not Be Public? Guillaume Barbu1 , Alberto introduces a new Combined Attack on a CRT- RSA implementation resistant against Side-Channel Analysis and Fault Injection attacks. Such implementations prevent the attacker from ob- taining the signature when

  20. Evaluation of an Optimal Watermark Tampering Attack Against Dirty Paper Trellis Schemes

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Evaluation of an Optimal Watermark Tampering Attack Against Dirty Paper Trellis Schemes Patrick Bas powerful attacks. This paper further refines an attack on dirty paper watermarking schemes which relies to be able to handle `complex' trellises. Moreover, the ef- ficiency of this attack has been evaluated

  1. New sensitivity analysis attack Maha El Choubassi a and Pierre Moulin b

    E-Print Network [OSTI]

    Moulin, Pierre

    New sensitivity analysis attack Maha El Choubassi a and Pierre Moulin b University of Illinois analysis attacks by Kalker et al. constitute a known family of watermark removal attacks exploiting a vulnerability in some watermarking protocols: the attacker's unlimited access to the watermark detector

  2. Attack Generation for NIDS Testing Using Natural Deduction Shai Rubin, Somesh Jha and Barton P. Miller

    E-Print Network [OSTI]

    Miller, Barton P.

    Attack Generation for NIDS Testing Using Natural Deduction Shai Rubin, Somesh Jha and Barton P. Miller January 23, 2004 Abstract A common way to elude a signature-based NIDS is to transform an attack matching between the attack payload and the NIDS signature, attackers split the payload into several TCP

  3. Applying Time-Memory-Data Trade-Off to Meet-in-the-Middle Attack

    E-Print Network [OSTI]

    Applying Time-Memory-Data Trade-Off to Meet-in-the-Middle Attack Jiali Choy, Khoongming Khoo,kkhoongm,lchuanwe@dso.org.sg Abstract. In this paper, we present several new attacks on multiple encryption block ciphers based on the meet-in-the-middle attack. In the first attack (GDD-MTM), we guess a certain number of secret key bits

  4. High-speed Router Filter for Blocking TCP Flooding under DDoS Attack

    E-Print Network [OSTI]

    Chao, Jonathan

    High-speed Router Filter for Blocking TCP Flooding under DDoS Attack Yoohwan Kim',Ju-Yeon Jo', H during the Distributed Denial-oJService (DDoS) attack. By allocating bandwidths separately for TCP.9% of the attack trafic while legitimate traflc showed nearly identical performance as in the non-attacked

  5. CBF: A Packet Filtering Method for DDoS Attack Defense in Cloud Environment

    E-Print Network [OSTI]

    Eustice, Ryan

    CBF: A Packet Filtering Method for DDoS Attack Defense in Cloud Environment Qi Chen, Wenmin Lin-of-Service attack (DDoS) is a major threat for cloud environment. Traditional defending approaches cannot be easily, in this paper. Concretely speaking, the method is deployed by two periods, i.e., non-attack period and attack

  6. TrueLink: A Practical Countermeasure to the Wormhole Attack in Wireless Networks

    E-Print Network [OSTI]

    Krishnamurthy, Srikanth

    TrueLink: A Practical Countermeasure to the Wormhole Attack in Wireless Networks Jakob Eriksson attack, wireless transmissions are recorded at one location and replayed at another, creating a virtual link under attacker control. Proposed countermeasures to this attack use tight clock synchronization

  7. A New Attack on RSA with Two or Three Decryption Exponents

    E-Print Network [OSTI]

    Nitaj, Abderrahmane

    A New Attack on RSA with Two or Three Decryption Exponents Abderrahmane Nitaj Laboratoire de Math-size. In this paper, we describe an attack on RSA in the presence of two or three exponents ei with the same modulus N. The new attack is an extension of Guo's continued fraction attack as well as the Bl¨omer and May lattice

  8. Robust Codes for Fault Attack Resistant Cryptographic Konrad J. Kulikowski, Mark G. Karpovsky, Alexander Taubin

    E-Print Network [OSTI]

    Karpovsky, Mark

    Robust Codes for Fault Attack Resistant Cryptographic Hardware Konrad J. Kulikowski, Mark G algorithms are vulner- able to fault analysis attacks. To detect these attacks we propose an architec- ture by an attacker. Architectures based on these codes have fewer undetectable er- rors than linear codes

  9. Analyzing the Security in the GSM Radio Network using Attack Jungles

    E-Print Network [OSTI]

    Abdulla, Parosh Aziz

    Analyzing the Security in the GSM Radio Network using Attack Jungles Parosh Aziz Abdulla1 introduce the concept of attack jungles, which is a formalism for systematic representation of the vulnerabilities of systems. An attack jungle is a graph representation of all ways in which an attacker

  10. A Single-Key Attack on 6-Round KASUMI Teruo Saito1

    E-Print Network [OSTI]

    A Single-Key Attack on 6-Round KASUMI Teruo Saito1 NEC Software Hokuriku, Ltd. 1, Anyoji, Hakusan. In 2010, a related-key attack on full KASUMI was reported. The attack was very powerful and worked in practical complexity. However the attack was not a direct threat to full KASUMI because of the impractical

  11. Attack Generation for NIDS Testing Using Natural Deduction Shai Rubin, Somesh Jha and Barton P. Miller

    E-Print Network [OSTI]

    Liblit, Ben

    Attack Generation for NIDS Testing Using Natural Deduction Shai Rubin, Somesh Jha and Barton P. Miller January 23, 2004 Abstract A common way to elude a signature­based NIDS is to transform an attack matching between the attack payload and the NIDS signature, attackers split the payload into several TCP

  12. Successful Attack on an FPGA-based WDDL DES Cryptoprocessor Without Place and Route Constraints.

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Successful Attack on an FPGA-based WDDL DES Cryptoprocessor Without Place and Route Constraints method to improve Side Channel Attacks (SCAs) on Dual-rail with Precharge Logic (DPL) countermeasure to perform advanced attacks. We have experimentally validated the proposed method by attacking a DES

  13. A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes

    E-Print Network [OSTI]

    Odlyzko, Andrew M.

    A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes Y. Desmedt. Odlyzko AT&T Bell Laboratories Murray Hill, NJ 07974, USA ABSTRACT A new attack on the RSA cryptosystem is presented. This attack assumes less than previous chosen ciphertext attacks, since the cryptanalyst has

  14. Entropy-based Power Attack Houssem Maghrebi, Sylvain Guilley, Jean-Luc Danger, Florent Flament

    E-Print Network [OSTI]

    Entropy-based Power Attack Houssem Maghrebi, Sylvain Guilley, Jean-Luc Danger, Florent Flament D-Order Differential Power Analysis (HO-DPA). For instance, an attack based on a variance analysis clearly shows attacks, called the Entropy-based Power Analysis (EPA). This new attack gives a greatest importance

  15. Comparison of Simple Power Analysis Attack Resistant Algorithms for an Elliptic Curve

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Comparison of Simple Power Analysis Attack Resistant Algorithms for an Elliptic Curve Cryptosystem, University College Cork Email: {e.popovici}@ucc.ie Abstract-- Side channel attacks such as Simple Power Analy- sis(SPA) attacks provide a new challenge for securing algorithms from an attacker. Algorithms

  16. From Jammer to Gambler: Modeling and Detection of Jamming Attacks against Time-Critical Traffic

    E-Print Network [OSTI]

    Wang, Wenye

    From Jammer to Gambler: Modeling and Detection of Jamming Attacks against Time-Critical Traffic attacks. However, existing methods to characterize and detect jamming attacks cannot be applied directly. In this paper, we aim at modeling and detecting jamming attacks against time-critical traffic. We introduce

  17. Combined Attacks on the AES Key Schedule Francois Dassance and Alexandre Venelli

    E-Print Network [OSTI]

    of physical attack is the Fault Analysis (FA) that evaluates the faulty behavior of a cryptosystem to learn proposed to thwart physical attacks on di#erent cryptosystems. Recently, the principle of combined attacks#erent fault models. We report countermeasures against these attacks on AES in Section 5. We conclude

  18. EVALUATING THREAT ASSESSMENT FOR MULTI-STAGE CYBER ATTACKS Shanchieh Jay Yang

    E-Print Network [OSTI]

    Jay Yang, Shanchieh

    attacks has become a critical issue, yet different from that of traditional physical attacks. Current behavior, hacking methods, and network vulnerabilities. This is different from traditional physical attacks by traditional physical attacks. The question then is how good a cyber threat assessment algorithm one should

  19. Combined Attacks on the AES Key Schedule Francois Dassance and Alexandre Venelli

    E-Print Network [OSTI]

    of physical attack is the Fault Analysis (FA) that evaluates the faulty behavior of a cryptosystem to learn proposed to thwart physical attacks on different cryptosystems. Recently, the principle of combined attacks different fault models. We report countermeasures against these attacks on AES in Section 5. We conclude

  20. Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks

    E-Print Network [OSTI]

    Stehr, Mark-Oliver

    Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks is forcibly asked by an attacker to reveal the key. These attacks, known as rubber hose cryptanalysis with conference proceedings. So-called rubber hose attacks have long been the bane of security systems

  1. Learn What a Heart Attack Feels Like--It Could Save Your Life.

    E-Print Network [OSTI]

    Bandettini, Peter A.

    Learn What a Heart Attack Feels Like-- It Could Save Your Life. This fact sheet tells you about heart attack signs. It also tells you what to do if you are having any of these signs. Take these steps. They could save your life. 1. Know the signs of a heart attack. 2. Understand that heart attacks are not all

  2. Proof-of-principle experiment of a modified photon-number-splitting attack against quantum key distribution

    SciTech Connect (OSTI)

    Liu Weitao; Sun Shihai; Liang Linmei; Yuan Jianmin [Department of Physics, College of Science, National University of Defense Technology, Changsha, 410073 (China)

    2011-04-15T23:59:59.000Z

    Any imperfections in a practical quantum key distribution (QKD) system may be exploited by an eavesdropper to collect information about the key without being discovered. We propose a modified photon-number-splitting attack scheme against QKD systems based on weak laser pulses taking advantage of possible multiphoton pulses. Proof-of-principle experiments are demonstrated. The results show that the eavesdropper can get information about the key generated between the legitimate parties without being detected. Since the equivalent attenuation introduced by the eavesdropper for pulses of different average photon numbers are different, the decoy-state method is effective in fighting against this kind of attack. This has also been proven in our experiments.

  3. Creativity, expression, and healing: an empirical study using mandalas within the written disclosure paradigm 

    E-Print Network [OSTI]

    Henderson, Patti Gail

    2009-05-15T23:59:59.000Z

    outcomes (Foa & Rothbaum, 1998). Some researchers contend that written disclosure serves as a context in which individuals are repeatedly exposed to traumatic memories (i.e., exposure to aversive stimuli and the negative emotions associated with it.... 9 METHODS Participants Participants were prescreened for both the experience of trauma and trauma symptom severity using the Posttraumatic Stress Disorder Scale (PDS; Foa, 1995). Those who reported experiencing one or more traumatic...

  4. V-146: HP Service Manager Bugs Permit Cross-Site Scripting and Information

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA group current C3EDepartment ofPrivileges |VulnerabilitiesCode |Disclosure Attacks

  5. Annual Confidential Financial Disclosure Report (OGE Form 450)

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2008-02-25T23:59:59.000Z

    This Notice amends DOE N 326.14 to add exemptions for NNSA employees who are now in pay bands. DOE N 326.14 contains information on who must file, when and where to file.

  6. Protection against the man-in-the-middle-attack for the Kirchhoff-loop-Johnson(-like)-noise cipher and expansion by voltage-based security

    E-Print Network [OSTI]

    Laszlo B. Kish

    2006-02-13T23:59:59.000Z

    It is shown that the original Kirchhoff-loop-Johnson(-like)-noise (KLJN) cipher is naturally protected against the man-in-the-middle (MITM) attack, if the eavesdropper is using resistors and noise voltage generators just like the sender and the receiver. The eavesdropper can extract zero bit of information before she is discovered. However, when the eavesdropper is using noise current generators, though the cipher is protected, the eavesdropper may still be able to extract one bit of information while she is discovered. For enhanced security, we expand the KLJN cipher with the comparison of the instantaneous voltages via the public channel. In this way, the sender and receiver has a full control over the security of measurable physical quantities in the Kirchhoff-loop. We show that when the sender and receiver compare not only their instantaneous current data but also their instantaneous voltage data then the zero-bit security holds even for the noise current generator case. We show that the original KLJN scheme is also zero-bit protected against that type of MITM attack when the eavesdropper uses voltage noise generators, only. In conclusion, within the idealized model scheme, the man-in-the-middle-attack does not provide any advantage compared to the regular attack considered earlier. The remaining possibility is the attack by a short, large current pulse, which described in the original paper as the only efficient type of regular attacks, and that yields the one bit security. In conclusion, the KLJN cipher is superior to known quantum communication schemes in every respect, including speed, robustness, maintenance need, price and its natural immunity against the man-in-the-middle attack.

  7. Modeling Human Behavior to Anticipate Insider Attacks

    SciTech Connect (OSTI)

    Greitzer, Frank L.; Hohimer, Ryan E.

    2011-06-09T23:59:59.000Z

    The insider threat ranks among the most pressing cybersecurity challenges that threaten government and industry information infrastructures. To date, no systematic methods have been developed that provide a complete and effective approach to prevent data leakage, espionage and sabotage. Current practice is forensic in nature, relegating to the analyst the bulk of the responsibility to monitor, analyze, and correlate an overwhelming amount of data. We describe a predictive modeling framework that integrates a diverse set of data sources from the cyber domain as well as inferred psychological/motivational factors that may underlie malicious insider exploits. This comprehensive threat assessment approach provides automated support for the detection of high-risk behavioral “triggers” to help focus the analyst’s attention and inform the analysis. Designed to be domain independent, the system may be applied to many different threat and warning analysis/sensemaking problems.

  8. Gray Matter Is Targeted in First-Attack Multiple Sclerosis

    SciTech Connect (OSTI)

    Schutzer, Steven E.; Angel, Thomas E.; Liu, Tao; Schepmoes, Athena A.; Xie, Fang; Bergquist, Jonas P.; Vecsei, Lazlo'; Zadori, Denes; Camp, David G.; Holland, Bart K.; Smith, Richard D.; Coyle, Patricia K.

    2013-09-10T23:59:59.000Z

    The cause of multiple sclerosis (MS), its driving pathogenesis at the earliest stages, and what factors allow the first clinical attack to manifest remain unknown. Some imaging studies suggest gray rather than white matter may be involved early, and some postulate this may be predictive of developing MS. Other imaging studies are in conflict. To determine if there was objective molecular evidence of gray matter involvement in early MS we used high-resolution mass spectrometry to identify proteins in the cerebrospinal fluid (CSF) of first-attack MS patients (two independent groups) compared to established relapsing remitting (RR) MS and controls. We found that the CSF proteins in first-attack patients were differentially enriched for gray matter components (axon, neuron, synapse). Myelin components did not distinguish these groups. The results support that gray matter dysfunction is involved early in MS, and also may be integral for the initial clinical presentation.

  9. Resilience of Social Networks Under Different Attack Strategies

    E-Print Network [OSTI]

    Latif, Mohammad Ayub; Zaidi, Faraz

    2014-01-01T23:59:59.000Z

    Recent years have seen the world become a closely connected society with the emergence of different types of social networks. Online social networks have provided a way to bridge long distances and establish numerous communication channels which were not possible earlier. These networks exhibit interesting behavior under intentional attacks and random failures where different structural properties influence the resilience in different ways. In this paper, we perform two sets of experiments and draw conclusions from the results pertaining to the resilience of social networks. The first experiment performs a comparative analysis of four different classes of networks namely small world networks, scale free networks, small world-scale free networks and random networks with four semantically different social networks under different attack strategies. The second experiment compares the resilience of these semantically different social networks under different attack strategies. Empirical analysis reveals interesti...

  10. U-200: Red Hat Directory Server Information Disclosure Security Issue and

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn April 23,EnergyChicopeeTechnologyfactTuscaroraDepartment of Energy A

  11. Achieving Differential Privacy of Data Disclosure in the Smart Grid

    E-Print Network [OSTI]

    Li, Xiang-Yang

    appliance energy load, which may be used to infer the human activities inside the houses. One effective way to hide actual appliance loads from the outsiders is Battery-based Load Hiding (BLH), in which a battery usage profile) for controlling purposes. On one hand, this fine- grained information enables trending

  12. ATTACK BY COLORIZATION OF A GREY-LEVEL IMAGE HIDING ITS COLOR PALETTE Chaumont M. and Puech W.

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    ATTACK BY COLORIZATION OF A GREY-LEVEL IMAGE HIDING ITS COLOR PALETTE Chaumont M. and Puech W, FRANCE ABSTRACT In this paper, we present a novel attack named colorization attack. This attack of such an attack and thus to take it into account for the future color-hiding watermarking schemes. Index Terms

  13. Certification and Accreditation Process for Information Systems Including National Security Systems

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-19T23:59:59.000Z

    The Notice ensures the effectiveness of security controls on DOE Federal information systems including national security systems. The Notice will also ensure compliance with the requirements of DOE O 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, and protect DOE information and information systems from unauthorized access, use, disclosure, modification, or destruction. No cancellations. DOE N 205.15, dated 3-18-05, extends this directive until 3-18-06.

  14. Predictive analysis of concealed social network activities based on communication technology choices: early-warning detection of attack signals from terrorist organizations

    E-Print Network [OSTI]

    Drozdova, Katya; Samoilov, Michael

    2010-01-01T23:59:59.000Z

    early-warning detection of attack signals from terroristtowards detecting terrorist attack precursors. We ?nd thatof impending terrorist attacks. (Such potential practical

  15. Ethnicity and gender in the face of a terrorist attack: A national longitudinal study of immediate responses and outcomes two years after September 11

    E-Print Network [OSTI]

    Chu, T Q; Seery, M D; Ence, W A; Holman, E A; Silver, Roxane Cohen

    2006-01-01T23:59:59.000Z

    reactions to terrorist attacks: Findings from the national11, 2001, terrorist attacks. New England Journal ofthe 9/11/01 terrorist attacks. Journal of Adolescent Health,

  16. Detection, Correlation, and Visualization of Attacks Against Critical Infrastructure Systems

    E-Print Network [OSTI]

    Briesemeister, Linda

    . Modern control systems are increasingly connected to other control systems as well as to corporate.lastname@sri.com Abstract--Digital control systems are essential to the safe and efficient operation of a variety from conventional enterprise systems. These trends can make control systems vulnerable to cyber attack

  17. Guessing Attacks and the Computational Soundness of Static Equivalence

    E-Print Network [OSTI]

    Abadi, MartĂ­n

    Guessing Attacks and the Computational Soundness of Static Equivalence Mart´in Abadi1 , Mathieu static equivalence. Static equivalence depends on an underlying equa- tional theory. The choice, fundamental cryp- tographic operations. This equational theory yields a notion of static equivalence

  18. Technosocial Modeling of IED Threat Scenarios and Attacks

    SciTech Connect (OSTI)

    Whitney, Paul D.; Brothers, Alan J.; Coles, Garill A.; Young, Jonathan; Wolf, Katherine E.; Thompson, Sandra E.; Niesen, David A.; Madsen, John M.; Henderson, Cynthia L.

    2009-03-23T23:59:59.000Z

    This paper describes an approach for integrating sociological and technical models to develop more complete threat assessment. Current approaches to analyzing and addressing threats tend to focus on the technical factors. This paper addresses development of predictive models that encompass behavioral as well as these technical factors. Using improvised explosive device (IED) attacks as motivation, this model supports identification of intervention activities 'left of boom' as well as prioritizing attack modalities. We show how Bayes nets integrate social factors associated with IED attacks into general threat model containing technical and organizational steps from planning through obtaining the IED to initiation of the attack. The social models are computationally-based representations of relevant social science literature that describes human decision making and physical factors. When combined with technical models, the resulting model provides improved knowledge integration into threat assessment for monitoring. This paper discusses the construction of IED threat scenarios, integration of diverse factors into an analytical framework for threat assessment, indicator identification for future threats, and future research directions.

  19. Defending against Unidentifiable Attacks in Electric Power Grids

    E-Print Network [OSTI]

    Li, Qun

    Defending against Unidentifiable Attacks in Electric Power Grids Zhengrui Qin, Student Member, IEEE THE electric power grid is a distribution network that connects the electric power generators to customers, Qun Li, Senior Member, IEEE, and Mooi-Choo Chuah, Senior Member, IEEE Abstract--The electric power

  20. Energy Attack on Server Systems Zhenyu Wu, Mengjun Xie

    E-Print Network [OSTI]

    Wang, Haining

    Power management is one of the critical issues for server systems nowadays. To date energy cost hasEnergy Attack on Server Systems Zhenyu Wu, Mengjun Xie , and Haining Wang The College of William server power consump- tion and achieve energy proportional computing. How- ever, the security perspective

  1. Dynamic Malware Attack in Energy-Constrained Mobile Wireless Networks

    E-Print Network [OSTI]

    Sarkar, Saswati

    Dynamic Malware Attack in Energy-Constrained Mobile Wireless Networks M.H.R. Khouzani, Saswati Sarkar Abstract Large scale proliferation of wireless technologies are dependent on developing reliable to the spread of self-replicating malicious codes known as malware. The malware can be used to initiate

  2. Risk assessment for physical and cyber attacks on critical infrastructures.

    SciTech Connect (OSTI)

    Smith, Bryan J.; Sholander, Peter E.; Phelan, James M.; Wyss, Gregory Dane; Varnado, G. Bruce; Depoy, Jennifer Mae

    2005-08-01T23:59:59.000Z

    Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies. Existing risk assessment methodologies consider physical security and cyber security separately. As such, they do not accurately model attacks that involve defeating both physical protection and cyber protection elements (e.g., hackers turning off alarm systems prior to forced entry). This paper presents a risk assessment methodology that accounts for both physical and cyber security. It also preserves the traditional security paradigm of detect, delay and respond, while accounting for the possibility that a facility may be able to recover from or mitigate the results of a successful attack before serious consequences occur. The methodology provides a means for ranking those assets most at risk from malevolent attacks. Because the methodology is automated the analyst can also play 'what if with mitigation measures to gain a better understanding of how to best expend resources towards securing the facilities. It is simple enough to be applied to large infrastructure facilities without developing highly complicated models. Finally, it is applicable to facilities with extensive security as well as those that are less well-protected.

  3. Making DTNs Robust Against Spoofing Attacks with Localized Countermeasures

    E-Print Network [OSTI]

    Caesar, Matthew

    range of sparsely located mobile nodes (e.g., disaster-response networks), and limited energy resources, DTNs are used for scientific, military, and industrial applications that place high demands against spoofing attacks in DTNs. To the best of our knowledge, we are the first to propose

  4. Selective Jamming Attacks in Wireless Networks Alejandro Proa~no

    E-Print Network [OSTI]

    Lazos, Loukas

    for preventing real-time packet classification and neutralizing the inside knowledge of the attacker. I emission of high-power interference signals such as continuous wave tones, or FM modulated noise [15-one transformations [13], with physical-layer parameters. We further study the impact of various selective jamming

  5. Stealthy Deception Attacks on Water SCADA Systems Saurabh Amin

    E-Print Network [OSTI]

    day irrigation canal systems. This type of monitoring and control infrastructure is also commonStealthy Deception Attacks on Water SCADA Systems Saurabh Amin Department of CEE UC Berkeley, CA the vulnerabilities of Supervisory Control and Data Acquisition (SCADA) systems which mon- itor and control the modern

  6. Attacking Tor through Unpopular Ports Muhammad Aliyu Sulaiman

    E-Print Network [OSTI]

    Almulhem, Ahmad

    of them as entry (first) and exit (last) relays. With the currently large number of relays, this attack and the destination of the traffic: the first (entry) relay knows the source but not the destination, the last (exit and exit relays. Indeed, if the entry and exit relays traffic is observed, a simple traffic analysis can

  7. Offline Dictionary Attack on Password Authentication Schemes using Smart Cards

    E-Print Network [OSTI]

    decades of intensive research in the security community, and the current crux lies in how to achieve truly scenario and gives rise to the strongest adversary model so far (Note that Wang's PSCAV scheme is secure poorly-chosen passwords from the notorious offline dictionary attacks and thus confirms the feasibility

  8. PUF Modeling Attacks on Simulated and Silicon Data

    E-Print Network [OSTI]

    that rest on the Strong PUF's unpredictability and physical unclonability. Our method is less relevant these problems, but they all rest on the concept of a secret binary key: It is assumed that the Ulrich R API-attacks and viruses, can lead to key exposure and full security breaks. The fact that the devices

  9. De-anonymization attack on geolocated data Sebastien Gambs

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    , inference attack, de- anonymization. I. INTRODUCTION With the recent advent of ubiquitous devices and smart.g., to optimize the placement of cellular towers, to conduct market and sociological studies or to analyze (such as his home and place of work) [5], [6], [7], [8], to predict his past, current and future

  10. MODERN INTRUSION DETECTION, DATA MINING, AND DEGREES OF ATTACK GUILT

    E-Print Network [OSTI]

    Noel, Steven

    MODERN INTRUSION DETECTION, DATA MINING, AND DEGREES OF ATTACK GUILT Steven Noel Center for Secure, with a particular emphasis on the emerging approach of data mining. The discussion parallels two important aspects security, Intrusion detection, data mining 1. Introduction The goal of intrusion detection is to discover

  11. Implementation of Quantum Key Distribution with Composable Security Against Coherent Attacks using Einstein-Podolsky-Rosen Entanglement

    E-Print Network [OSTI]

    Tobias Gehring; Vitus Händchen; Jörg Duhme; Fabian Furrer; Torsten Franz; Christoph Pacher; Reinhard F. Werner; Roman Schnabel

    2015-02-10T23:59:59.000Z

    Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution (QKD) this is achieved without relying on the hardness of mathematical problems which might be compromised by improved algorithms or by future quantum computers. State-of-the-art QKD requires composable security against coherent attacks for a finite number of samples. Here, we present the first implementation of QKD satisfying this requirement and additionally achieving security which is independent of any possible flaws in the implementation of the receiver. By distributing strongly Einstein-Podolsky-Rosen entangled continuous variable (CV) light in a table-top arrangement, we generated secret keys using a highly efficient error reconciliation algorithm. Since CV encoding is compatible with conventional optical communication technology, we consider our work to be a major promotion for commercialized QKD providing composable security against the most general channel attacks.

  12. On the robustness of network infrastructures to disasters and physical attacks

    E-Print Network [OSTI]

    Neumayer, Sebastian James

    2013-01-01T23:59:59.000Z

    Networks are vulnerable to natural disasters, such as earthquakes or floods, as well as to physical attacks, such as an Electromagnetic Pulse (EMP) attack. Such realworld events happen in specific geographical locations ...

  13. T-702: Apache web servers that allows a DOS attack | Department...

    Broader source: Energy.gov (indexed) [DOE]

    2: Apache web servers that allows a DOS attack T-702: Apache web servers that allows a DOS attack August 25, 2011 - 8:00pm Addthis PROBLEM: A denial of service vulnerability has...

  14. T-720: Blue Coat Director HTTP Trace Processing Flaw Permits Cross-Site Scripting Attacks

    Broader source: Energy.gov [DOE]

    A vulnerability was reported in Blue Coat Director. A remote user can conduct cross-site scripting attacks.

  15. Enhanced ARP: Preventing ARP Poisoning-based Man-in-the-Middle Attacks

    E-Print Network [OSTI]

    Nam, Seung Yeob

    1 Enhanced ARP: Preventing ARP Poisoning-based Man-in-the-Middle Attacks Seung Yeob Nam, Member- tion Protocol (ARP) is proposed to prevent ARP poisoning-based Man-in-the-Middle (MITM) attacks deployable. Index Terms--ARP cache poisoning, Man-in-the-Middle attack, ARP poisoning prevention, voting. I

  16. DoX: A Peer-to-Peer Antidote for DNS Cache Poisoning Attacks

    E-Print Network [OSTI]

    California at Davis, University of

    DoX: A Peer-to-Peer Antidote for DNS Cache Poisoning Attacks Lihua Yuan ECE, UC Davis lyuan for more insidious attacks. This paper proposes DoX, a peer-to-peer based scheme, to detect and correct inaccurate DNS records caused by cache poisoning attacks. DoX also helps DNS servers to improve cache

  17. Contactless Electromagnetic Active Attack on Ring Oscillator Based True Random Number

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Contactless Electromagnetic Active Attack on Ring Oscillator Based True Random Number Generator as random masks generators in some side channel attacks countermeasures. As such, they must have good statistical properties, be unpredictable and robust against attacks. This paper presents a contact- less

  18. A Formal Method for Attack Modeling and Seyit Ahmet C amtepe and Bulent Yener

    E-Print Network [OSTI]

    Bystroff, Chris

    1 A Formal Method for Attack Modeling and Detection Seyit Ahmet C¸ amtepe and B¨ulent Yener,yener}@cs.rpi.edu TR-06-01 Abstract This paper presents a formal methodology for attack modeling and detection for networks. Our approach has three phases. First, we extend the basic attack tree approach [1] to capture (i

  19. A Divide-and-Conquer Approach to Distributed Attack Identification Fabio Pasqualettia

    E-Print Network [OSTI]

    Bullo, Francesco

    A Divide-and-Conquer Approach to Distributed Attack Identification Fabio Pasqualettia , Florian D, University of California, Santa Barbara Abstract Identifying attacks is key to ensure security in cyber-physical systems. In this note we remark upon the computational complexity of the attack identification problem

  20. An Attack Surface Metric Pratyusa K. Manadhata and Jeannette M. Wing

    E-Print Network [OSTI]

    Wing, Jeannette M.

    An Attack Surface Metric Pratyusa K. Manadhata and Jeannette M. Wing Carnegie Mellon University's security? We propose to use the measure of a system's attack surface as an indication of the system, prior work has shown that a system's attack surface measurement serves as a reliable proxy for security

  1. What about vulnerability to a fault attack of the Miller algorithm during an

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    What about vulnerability to a fault attack of the Miller algorithm during an Identity Based is to analyse the weakness of the Miller algorithm when it undergoes a fault attack. We prove that the Miller algorithm is vulnerable to a fault attack which is valid in all coordinate systems, through the resolution

  2. An Attack on a Trace-Zero Cryptosystem Claus Diem and Jasper Scholten

    E-Print Network [OSTI]

    Diem, Claus

    An Attack on a Trace-Zero Cryptosystem Claus Diem and Jasper Scholten Institut f¨ur Experimentelle a novel attack on this primitive. We show that the DLP in the trace-zero group can always be transferred methods than by attacking it directly via generic methods. The speed-up one obtains corresponds

  3. Evaluation of Attack Countermeasures to Improve the DoS Robustness of RSerPool Systems

    E-Print Network [OSTI]

    Dreibholz, Thomas

    Evaluation of Attack Countermeasures to Improve the DoS Robustness of RSerPool Systems attacks has not been intensively ad- dressed yet. In particular, there have not been any analyses for real the attack bandwidth which is necessary for a significant impact on RSerPool-based services. This analysis

  4. On the Effectiveness of Low Latency Anonymous Network in the Presence of Timing Attack

    E-Print Network [OSTI]

    On the Effectiveness of Low Latency Anonymous Network in the Presence of Timing Attack Jing Jin.e. anonymity) of all anonymous networks in the presence of timing attack. Our metric is based on a novel conducted real-time timing attacks on various deployed anonymous networks such as Tor, anonymizer

  5. An Attack on a Trace-Zero Cryptosystem Claus Diem and Jasper Scholten

    E-Print Network [OSTI]

    Diem, Claus

    An Attack on a Trace-Zero Cryptosystem Claus Diem and Jasper cryptographic primitive of the DLP in elliptic curves over prime fields. We present a novel attack calculus methods than by attacking it directly via generic methods. The speed-up one obtains

  6. What About Vulnerability to a Fault Attack of the Miller's Algorithm During an

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    What About Vulnerability to a Fault Attack of the Miller's Algorithm During an Identity Based of this article is to analyse the weakness of the Miller's algorithm when it undergoes a fault attack. We prove that the Miller's algorithm is vulnerable to a fault attack which is valid in all coordinate systems, through

  7. Generalising the GHS Attack on the Elliptic Curve Discrete Logarithm Problem

    E-Print Network [OSTI]

    Hess, Florian

    Generalising the GHS Attack on the Elliptic Curve Discrete Logarithm Problem F. Hess Technical succumb to the basic GHS attack, thereby weakening curves over F2155 further. We also discuss other possible extensions or variations of the GHS attack and conclude that they are not likely to yield further

  8. Characteristics of subalpine fir susceptible to attack by western balsam bark beetle (Coleoptera

    E-Print Network [OSTI]

    Lindgren, Staffan

    Characteristics of subalpine fir susceptible to attack by western balsam bark beetle (Coleoptera beetle (Dryocoetes confusus Swaine) predominately attacked trees from the three to four largest diameter classes at each site. However, the mean diameter of attacked trees was significantly different among sites

  9. Length Based Attack and Braid Groups: Cryptanalysis of Anshel-Anshel-Goldfeld Key

    E-Print Network [OSTI]

    Myasnikov, Aleksey

    Length Based Attack and Braid Groups: Cryptanalysis of Anshel-Anshel-Goldfeld Key Exchange Protocol of Technology, Hoboken, New Jersey, USA, 07030 {amyasnik,aushakov}@stevens.edu Abstract. The length based attack and Tannenbaum in [9]. Several attempts have been made to implement the attack [6], but none of them had produced

  10. Extracting Attack Knowledge Using Principal-subordinate Consequence Tagging Case Grammar and Alerts Semantic Networks

    E-Print Network [OSTI]

    Ansari, Nirwan

    Extracting Attack Knowledge Using Principal-subordinate Consequence Tagging Case Grammar and Alerts networks from Distributed Denial of Service (DDoS) attacks has become a critical issue that must be tackled, the overwhelming volume of alerts makes it difficult for security administrators to analyze and extract the attack

  11. Using DISE to Protect Return Addresses from Attack Marc L. Corliss E Christopher Lewis Amir Roth

    E-Print Network [OSTI]

    Plotkin, Joshua B.

    Using DISE to Protect Return Addresses from Attack Marc L. Corliss E Christopher Lewis Amir Roth- jack systems. Exploiting a bounds-unchecked copy into a stack buffer, an attacker can--by supplying of code of her choosing. In this paper, we propose to protect code from this common form of attack using

  12. A Formal Model for A System's Attack Surface Pratyusa K. Manadhata Dilsun K. Kaynar

    E-Print Network [OSTI]

    Wing, Jeannette M.

    A Formal Model for A System's Attack Surface Pratyusa K. Manadhata Dilsun K. Kaynar Jeannette M software [18]. In this paper, we propose to use a software system's attack surface measurement as an indicator of the system's security; the larger the attack surface, the more insecure the system. We

  13. Multiple Coordinated Views for Network Attack Graphs Steven Noel Michael Jacobs Pramod Kalapa Sushil Jajodia

    E-Print Network [OSTI]

    Noel, Steven

    Multiple Coordinated Views for Network Attack Graphs Steven Noel Michael Jacobs Pramod Kalapa graph-based representations have been developed for modeling combinations of low-level network attacks, relatively little attention has been paid to effective techniques for visualizing such attack graphs

  14. On the Completeness of Attack Mutation Algorithms Shai Rubin, Somesh Jha, and Barton P. Miller

    E-Print Network [OSTI]

    Liblit, Ben

    On the Completeness of Attack Mutation Algorithms Shai Rubin, Somesh Jha, and Barton P. Miller University of Wisconsin, Madison Computer Sciences Department {shai,jha,bart}@cs.wisc.edu Abstract An attack mutation algorithm takes a known instance of an attack and transforms it into many distinct instances

  15. Discovering Novel Attack Strategies from INFOSEC Xinzhou Qin and Wenke Lee

    E-Print Network [OSTI]

    Lee, Wenke

    Discovering Novel Attack Strategies from INFOSEC Alerts Xinzhou Qin and Wenke Lee College. Correlating security alerts and discovering attack strategies are impor- tant and challenging tasks for security analysts. Recently, there have been several proposed techniques to analyze attack scenarios from

  16. Attack on Private Signature Keys of the OpenPGP format, PGPTM

    E-Print Network [OSTI]

    - 1 - Attack on Private Signature Keys of the OpenPGP format, PGPTM programs and other applications Prague, t.rosa@decros.cz Abstract. The article describes an attack on OpenPGP format, which leads these applications must undergo the same revision as the actual program PGPTM . The success of the attack

  17. An Attack on a TraceZero Cryptosystem Claus Diem and Jasper Scholten

    E-Print Network [OSTI]

    Diem, Claus

    An Attack on a Trace­Zero Cryptosystem Claus Diem and Jasper Scholten Institut fË?ur Experimentelle a novel attack on this primitive. We show that the DLP in the trace­zero group can always be transferred methods than by attacking it directly via generic methods. The speed­up one obtains corresponds

  18. CAT A Practical SDL Based Attack Attribution Toolkit for 3G Networks

    E-Print Network [OSTI]

    Yener, Aylin

    CAT ­ A Practical SDL Based Attack Attribution Toolkit for 3G Networks Kameswari Kotapati Peng Liu University University Park, PA 16802 Abstract-- This paper presents the Cross Infrastructure Attack telecommunication specifications. CAT analyzes vulnerabilities by generating attack graphs, which show the global

  19. High-Speed Router Filter for Blocking TCP Flooding under DDoS Attack

    E-Print Network [OSTI]

    Merat, Francis L.

    1 High-Speed Router Filter for Blocking TCP Flooding under DDoS Attack Yoohwan Kim1 , Ju-Yeon Jo1 Polytechnic University, Brooklyn, NY 11201 ABSTRACT Protection from Distributed Denial-of-Service attacks has been of a great interest recently and substantial progress has been made for preventing some attack

  20. On Generalized Low-Rate Denial-of-Quality Attack Against Internet Services

    E-Print Network [OSTI]

    Chang, Rocky Kow-Chuen

    On Generalized Low-Rate Denial-of-Quality Attack Against Internet Services Yajuan Tang, Xiapu Luo,csrchang}@comp.polyu.edu.hk, qing.hui@ttu.edu Abstract--Low-rate Denial of Quality (DoQ) attacks, by send- ing intermittent bursts generalize the previous results by considering arbitrary attack intervals. We obtain two sets of new results

  1. Facility Location under Demand Uncertainty: Response to a Large-scale Bioterror Attack

    E-Print Network [OSTI]

    Dessouky, Maged

    Facility Location under Demand Uncertainty: Response to a Large-scale Bioterror Attack Abstract In the event of a catastrophic bio-terror attack, major urban centers need to effi- ciently distribute large of a hypothetical anthrax attack in Los Angeles County. Keywords: Capacitated facility location, distance

  2. A Taxonomy of DDoS Attack and DDoS Defense Mechanisms

    E-Print Network [OSTI]

    Lee, Ruby B.

    A Taxonomy of DDoS Attack and DDoS Defense Mechanisms Jelena Mirkovic 449 Smith Hall Computer the attacks and the defense approaches is overwhelming. This paper presents two taxonomies for classifying attacks and defenses, and thus provides researchers with a better understanding of the problem

  3. Learning Attack Strategies from Intrusion Alerts Peng Ning and Dingbang Xu

    E-Print Network [OSTI]

    Ning, Peng

    Learning Attack Strategies from Intrusion Alerts Peng Ning and Dingbang Xu Cyber Defense Laboratory@csc.ncsu.edu, dxu@unity.ncsu.edu Abstract Understanding the strategies of attacks is crucial for security applications such as computer and network forensics, intrusion response, and prevention of future attacks

  4. Estimating the Prime-Factors of an RSA Modulus and an Extension of the Wiener Attack

    E-Print Network [OSTI]

    Chen, Sheng-Wei

    Estimating the Prime-Factors of an RSA Modulus and an Extension of the Wiener Attack Hung-Min Sun- Factorization is difficult, p and q are simply estimated as N. In the Wiener attack, 2 N is adopted of the Wiener attack can be considered to be brute-guessing for the MSBs of p + q. Comparing with their work

  5. Cross-Layer Attack and Defense in Cognitive Radio Networks Wenkai Wang and Yan (Lindsay) Sun

    E-Print Network [OSTI]

    Sun, Yan Lindsay

    Cross-Layer Attack and Defense in Cognitive Radio Networks Wenkai Wang and Yan (Lindsay) Sun ECE research on security issues in cognitive radio networks mainly focuses on attack and defense in individual network layers. However, the attackers do not necessarily restrict themselves within the boundaries

  6. False Data Injection Attacks against State Estimation in Electric Power Grids

    E-Print Network [OSTI]

    Reiter, Michael

    the measurements of meters at physically protected locations such as substations, such attacks can introduce13 False Data Injection Attacks against State Estimation in Electric Power Grids YAO LIU and PENG also defeat malicious measurements injected by attackers. In this article, we expose an unknown

  7. False Data Injection Attacks against State Estimation in Electric Power Grids

    E-Print Network [OSTI]

    Ning, Peng

    the measurements of meters at physically protected locations such as substations, such attacks can introduceFalse Data Injection Attacks against State Estimation in Electric Power Grids Yao Liu and Peng Ning also defeat malicious measurements injected by attackers. In this paper, we expose an unknown

  8. Distributed Detection of Cyber-Physical Attacks in Power Networks: A Waveform Relaxation Approach

    E-Print Network [OSTI]

    Bullo, Francesco

    Distributed Detection of Cyber-Physical Attacks in Power Networks: A Waveform Relaxation Approach to operate safely and reliably against cyber-physical attacks. The large dimensionality and the difficulty system and cyber- physical attacks as unknown inputs. This modeling framework captures, for instance

  9. Switched System Models for Coordinated Cyber-Physical Attack Construction and Simulation

    E-Print Network [OSTI]

    Kundur, Deepa

    Switched System Models for Coordinated Cyber-Physical Attack Construction and Simulation Shan Liu the need to develop intelligent models of cyber-physical attacks that produce salient disruptions. In this paper, we present a foundation for the development of a class of intelligent cyber-physical attacks

  10. The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses

    E-Print Network [OSTI]

    Saxena, Nitesh

    The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses Prithula Dhungel in the recent years. In this paper, we examine the stream pollution attack, for which the attacker mixes polluted chunks into the P2P distribu- tion, degrading the quality of the rendered media at the receivers

  11. Pollution Attacks and Defenses in Wireless Inter-flow Network Coding Systems

    E-Print Network [OSTI]

    Curtmola, Reza

    1 Pollution Attacks and Defenses in Wireless Inter-flow Network Coding Systems Jing Dong, Reza Abstract--We study data pollution attacks in wireless inter-flow network coding systems. Although several the existing systems, and use it to analyze the impact of pollution attacks. Our analysis shows

  12. Hearing is Believing: Detecting Wireless Microphone Emulation Attack in White Space

    E-Print Network [OSTI]

    California at Davis, University of

    users from transmitting. Such an attack is called primary user emulation (PUE) attack. TV towers and their transmission power is low. These properties introduce great challenges on PUE detection and existing meth- ods]. However, all of them focus on the attackers that emulate stationary primary users (TV towers

  13. A Game-Theoretic Framework for Bandwidth Attacks and Statistical Defenses

    E-Print Network [OSTI]

    Sundaram, Ravi

    , a common form of distributed denial of service (DDoS) attacks. In particular, our traffic injection game statistical methods for creating defense mechanisms that can detect a DDoS attack and that even when--changing the source address of IP packets-- has been used in DDoS attacks on popular websites (Ya- hoo!) and root DNS

  14. Sustaining Availability of Web Services under Distributed Denial of Service Attacks

    E-Print Network [OSTI]

    Vigoda, Eric

    adequate service to a large percentage of clients during DDoS attacks. The worst-case performance adversarial relationship between a DDoS adversary and the proposed system. We also conduct a simulation study (DDoS) attacks against high-pro#12;le web sites demonstrate how devastating DDoS attacks are, and how

  15. Mitigating Distributed Denial of Service Attacks in Multiparty Applications in the Presence of Clock Drifts

    E-Print Network [OSTI]

    Tsigas, Philippas

    S attack themselves. Here we study the case where the communicating parties have clocks with rate drift. The situa- tion is even worse with distributed denial of service(DDoS) attacks, where multiple compromised in order to make the service unavail- able [7]. Common methods to protect systems from DoS and DDoS attacks

  16. On the Effectiveness of DDoS Attacks on Statistical Temasek Laboratories

    E-Print Network [OSTI]

    Chang, Ee-Chien

    by the filter that guards the victim network. We study the effectiveness of DDoS attacks on such statistical first study the effectiveness of DDoS attacks on statistical-based filtering in a general context whereOn the Effectiveness of DDoS Attacks on Statistical Filtering Qiming Li Temasek Laboratories

  17. Non-Control-Data Attacks Are Realistic Threats , Emre C. Sezer

    E-Print Network [OSTI]

    Zhang, Xiangyu

    make systems susceptible to Internet worms and distributed denial of service (DDoS) attacks. Recipe, including FTP, SSH, Telnet, and HTTP servers, are vulnerable to such attacks. In each case, the generated them down, they have incentives to study and employ non-control-data attacks. This paper emphasizes

  18. Double blinding-attack on entanglement-based quantum key distribution protocols

    E-Print Network [OSTI]

    Guillaume Adenier; Irina Basieva; Andrei Yu. Khrennikov; Masanori Ohya; Noboru Watanabe

    2011-06-14T23:59:59.000Z

    We propose a double blinding-attack on entangled-based quantum key distribution protocols. The principle of the attack is the same as in existing blinding attack except that instead of blinding the detectors on one side only, Eve is blinding the detectors of both Alice and Bob. In the BBM92 protocol, the attack allows Eve to get a full knowledge of the key and remain undetected even if Alice and Bob are using 100% efficient detectors. The attack can be easily extended to Ekert protocol, with an efficiency as high as 85.3%.

  19. Measurement of intergranular attack in stainless steel using ultrasonic energy

    DOE Patents [OSTI]

    Mott, Gerry (Pittsburgh, PA); Attaar, Mustan (Monroeville, PA); Rishel, Rick D. (Monroeville, PA)

    1989-08-08T23:59:59.000Z

    Ultrasonic test methods are used to measure the depth of intergranular attack (IGA) in a stainless steel specimen. The ultrasonic test methods include a pitch-catch surface wave technique and a through-wall pulse-echo technique. When used in combination, these techniques can establish the extent of IGA on both the front and back surfaces of a stainless steel specimen from measurements made on only one surface.

  20. Security of the Bennett 1992 quantum-key distribution protocol against individual attack over a realistic channel

    SciTech Connect (OSTI)

    Tamaki, Kiyoshi; Koashi, Masato; Imoto, Nobuyuki [CREST Research Team for Interacting Carrier Electronics, School of Advanced Sciences, Graduate University for Advanced Studies (SOKENDAI), Hayama, Kanagawa 240-0193 (Japan)

    2003-03-01T23:59:59.000Z

    The security of two-state quantum-key distribution against individual attack is estimated when the channel has losses and noises. We assume that Alice and Bob use two nonorthogonal single-photon polarization states. To make our analysis simple, we propose a modified B92 protocol in which Alice and Bob make use of inconclusive results, and Bob performs a kind of symmetrization of received states. Using this protocol, Alice and Bob can estimate Eve's information gain as a function of a few parameters that reflect the imperfections of devices, or Eve's disturbance. In some parameter regions, Eve's maximum information gain shows counterintuitive behavior, namely, it decreases as the amount of disturbances increases. For a small noise rate, Eve can extract perfect information in the case where the angle between Alice's two states is small or large, while she cannot extract perfect information for intermediate angles. We also estimate the secret key gain, which is the net growth of the secret key per pulse. We show the region where the modified B92 protocol over a realistic channel is secure against individual attack.

  1. PATENT/DISCLOSURE LIST (1) A. Bindal, "Sidewall Lithography for Growing Horizontal Carbon Nano Tubes and a

    E-Print Network [OSTI]

    Eirinaki, Magdalini

    Tubes and a Process Flow for Complementary Carbon Nano Tube Field Effect Transistor (CCFET) FabricationPATENT/DISCLOSURE LIST (1) A. Bindal, "Sidewall Lithography for Growing Horizontal Carbon Nano for Manufacturing Nano-Interconnects and Catalyst Islands for Growing Carbon Nano Tubes", provisional patent

  2. LEAD PAINT DISCLOSURE Housing built before 1978 may contain lead-based paint. Lead from paint, paint chips, and dust

    E-Print Network [OSTI]

    Royer, Dana

    LEAD PAINT DISCLOSURE Housing built before 1978 may contain lead-based paint. Lead from paint, paint chips, and dust can pose health hazards if not taken care of properly. Lead exposure is especially the presence of known lead-based paint and lead-based paint hazards in the dwelling. Tenants must also receive

  3. Multi-criteria analysis of the mechanism of degradation of Portland cement based mortars exposed to external sulphate attack

    SciTech Connect (OSTI)

    El-Hachem, R.; Roziere, E.; Grondin, F.; Loukili, A., E-mail: ahmed.loukili@ec-nantes.fr

    2012-10-15T23:59:59.000Z

    This work aims to contribute to the design of durable concrete structures exposed to external sulphate attacks (ESA). Following a preliminary study aimed at designing a representative test, the present paper suggests a study on the effect of the water-to-cement (w/c) ratio and the cement composition in order to understand the degradation mechanisms. Length and mass measurements were registered continuously, leached calcium and hydroxide ions were also quantified. In parallel, scanning electron microscopy observations as well as X-ray microtomography were realised at different times to identify the formed products and the crack morphology. Test results provide information on the basic aspects of the degradation mechanism, such as the main role of leaching and diffusion in the sulphate attack process. The mortar composition with a low w/c ratio leads to a better resistance to sulphate attack because the microstructure is less permeable. Reducing the C{sub 3}A content results in a macro-cracking decrease but it does not prevent expansion, which suggests the contribution of other expansive products, such as gypsum, in damage due to ESA. The observation of the cracks network in the microstructure helps to understand the micro-mechanisms of the degradation process.

  4. Attack Detection and Identification in Cyber-Physical Systems -- Part II: Centralized and Distributed Monitor Design

    E-Print Network [OSTI]

    Pasqualetti, Fabio; Bullo, Francesco

    2012-01-01T23:59:59.000Z

    Cyber-physical systems integrate computation, communication, and physical capabilities to interact with the physical world and humans. Besides failures of components, cyber-physical systems are prone to malicious attacks so that specific analysis tools and monitoring mechanisms need to be developed to enforce system security and reliability. This paper builds upon the results presented in our companion paper [1] and proposes centralized and distributed monitors for attack detection and identification. First, we design optimal centralized attack detection and identification monitors. Optimality refers to the ability of detecting (respectively identifying) every detectable (respectively identifiable) attack. Second, we design an optimal distributed attack detection filter based upon a waveform relaxation technique. Third, we show that the attack identification problem is computationally hard, and we design a sub-optimal distributed attack identification procedure with performance guarantees. Finally, we illustr...

  5. Sequential Attack with Intensity Modulation on the Differential-Phase-Shift Quantum Key Distribution Protocol

    E-Print Network [OSTI]

    Toyohiro Tsurumaru

    2006-12-25T23:59:59.000Z

    In this paper, we discuss the security of the differential-phase-shift quantum key distribution (DPSQKD) protocol by introducing an improved version of the so-called sequential attack, which was originally discussed by Waks et al. Our attack differs from the original form of the sequential attack in that the attacker Eve modulates not only the phases but also the amplitude in the superposition of the single-photon states which she sends to the receiver. Concentrating especially on the "discretized gaussian" intensity modulation, we show that our attack is more effective than the individual attack, which had been the best attack up to present. As a result of this, the recent experiment with communication distance of 100km reported by Diamanti et al. turns out to be insecure. Moreover it can be shown that in a practical experimental setup which is commonly used today, the communication distance achievable by the DPSQKD protocol is less than 95km.

  6. Preventing detector blinding attack and other random number generator attacks on quantum cryptography by use of an explicit random number generator

    E-Print Network [OSTI]

    Mario Stip?evi?

    2014-07-10T23:59:59.000Z

    A particularly successful detector blinding attack has been recently demonstrated on various quantum key distribution (QKD) systems, performing for the first time an undetectable and complete recovery of the key. In this paper two original contributions are given to understanding and prevention of this attack.

  7. This lesson plan is part of the National Heart, Lung, and Blood Institute's (NHLBI) heart attack education campaign, Act in Time to Heart Attack Signs.

    E-Print Network [OSTI]

    Bandettini, Peter A.

    #12;#12;#12;This lesson plan is part of the National Heart, Lung, and Blood Institute's (NHLBI) heart attack education campaign, Act in Time to Heart Attack Signs. It was designed to be the 10th session of an existing 9-session heart health education course for Latinos entitled Your Heart, Your Life

  8. A Taxonomy of Cyber Attacks on 3G Networks Kameswari Kotapati, Peng Liu, Yan Sun, Thomas F. LaPorta

    E-Print Network [OSTI]

    Yener, Aylin

    1 A Taxonomy of Cyber Attacks on 3G Networks Kameswari Kotapati, Peng Liu, Yan Sun, Thomas F. La Infrastructure Cyber Attack. This paper is the first to propose attack taxonomy for 3G networks. The uniqueness of this taxonomy is the inclusion of Cross Infrastructure Cyber Attacks in addition to the standard Single

  9. 546 IEEE COMMUNICATIONS LETTERS, VOL. 13, NO. 7, JULY 2009 Is It Congestion or a DDoS Attack?

    E-Print Network [OSTI]

    Ansari, Nirwan

    546 IEEE COMMUNICATIONS LETTERS, VOL. 13, NO. 7, JULY 2009 Is It Congestion or a DDoS Attack? Amey Shevtekar and Nirwan Ansari, Fellow, IEEE Abstract--We propose a new stealthy DDoS attack model referred to as the "quiet" attack. The attack traffic consists of TCP traffic only. Widely used botnets in today's various

  10. Enhancing Cloud Storage Security against Roll-back Attacks with A New Fair Multi-Party Non-Repudiation Protocol

    E-Print Network [OSTI]

    Chen, Yu

    1 Enhancing Cloud Storage Security against Roll-back Attacks with A New Fair Multi-Party Non security issues in cloud storage: repudiation, fairness, and roll-back attacks. We proposed a novel fair and is capable of preventing roll-back attacks. Keywords: Cloud Storage, Non-repudiation, Roll-back Attack. 1

  11. Change-Point Monitoring for Detection of DoS Attacks Haining Wang Danlu Zhang Kang G. Shin

    E-Print Network [OSTI]

    Wang, Haining

    . The statelessness and low computation overhead of CPM make itself immune to any flooding attacks. As a case study of service (DDoS) attack. Briefly, a DDoS attack works as follows. An attacker sends control packets victim servers or link bandwidth from DoS traffic, and block the prorogation of DDoS traffic at routers

  12. Analyzing Cascading Failures in Smart Grids under Random and Targeted Attacks

    E-Print Network [OSTI]

    Ruj, Sushmita

    2015-01-01T23:59:59.000Z

    We model smart grids as complex interdependent networks, and study targeted attacks on smart grids for the first time. A smart grid consists of two networks: the power network and the communication network, interconnected by edges. Occurrence of failures (attacks) in one network triggers failures in the other network, and propagates in cascades across the networks. Such cascading failures can result in disintegration of either (or both) of the networks. Earlier works considered only random failures. In practical situations, an attacker is more likely to compromise nodes selectively. We study cascading failures in smart grids, where an attacker selectively compromises the nodes with probabilities proportional to their degrees; high degree nodes are compromised with higher probability. We mathematically analyze the sizes of the giant components of the networks under targeted attacks, and compare the results with the corresponding sizes under random attacks. We show that networks disintegrate faster for targeted...

  13. ShadowNet: An Active Defense Infrastructure for Insider Cyber Attack Prevention

    SciTech Connect (OSTI)

    Cui, Xiaohui [ORNL; Beaver, Justin M [ORNL; Treadwell, Jim N [ORNL

    2012-01-01T23:59:59.000Z

    The ShadowNet infrastructure for insider cyber attack prevention is comprised of a tiered server system that is able to dynamically redirect dangerous/suspicious network traffic away from production servers that provide web, ftp, database and other vital services to cloned virtual machines in a quarantined environment. This is done transparently from the point of view of both the attacker and normal users. Existing connections, such as SSH sessions, are not interrupted. Any malicious activity performed by the attacker on a quarantined server is not reflected on the production server. The attacker is provided services from the quarantined server, which creates the impression that the attacks performed are successful. The activities of the attacker on the quarantined system are able to be recorded much like a honeypot system for forensic analysis.

  14. Eavesdropping Attack with Hong-Ou-Mandel Interferometer and Random Basis Shuffling in Quantum Key Distribution

    E-Print Network [OSTI]

    Chil-Min Kim; Yun Jin Choi; Young-Jai Park

    2006-03-02T23:59:59.000Z

    We introduce new sophisticated attacks with a Hong-Ou-Mandel interferometer against quantum key distribution (QKD) and propose a new QKD protocol grafted with random basis shuffling to block up those attacks. When the polarization basis is randomly and independently shuffled by sender and receiver, the new protocol can overcome the attacks even for not-so-weak coherent pulses. We estimate the number of photons to guarantee the security of the protocol.

  15. Eavesdropping on secure deterministic communication with qubits through photon-number-splitting attacks

    SciTech Connect (OSTI)

    Lin Song [State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876 (China); School of Mathematics and Computer Science, Fujian Normal University, Fuzhou 350007 (China); Wen Qiaoyan; Gao Fei [State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876 (China); Zhu Fuchen [National Laboratory for Modern Communications, P.O. Box 810, Chengdu 610041 (China)

    2009-05-15T23:59:59.000Z

    A collective photon-number-splitting attack strategy is proposed, which combines photon-number-splitting attack with an unambiguous set discrimination of quantum state. Verified by this attack strategy, it is shown that a two-way quantum secure direct communication protocol with qubits is insecure in real circumstance. Finally, we present a possible improved version of this kind of quantum secure direct communication protocol.

  16. A new attack on RSA and CRT-RSA Abderrahmane Nitaj

    E-Print Network [OSTI]

    Nitaj, Abderrahmane

    A new attack on RSA and CRT-RSA Abderrahmane Nitaj Laboratoire de Math´ematiques Nicolas Oresme an attack on CRT-RSA when the CRT-exponents dp and dq are both suitably small. In this paper, we show and ex+y 0 (mod N). As an application of our new attack, we present the cryptanalysis of CRT-RSA if one

  17. Highly Efficient Quantum Key Distribution Immune to All Detector Attacks

    E-Print Network [OSTI]

    Wen-Fei Cao; Yi-Zheng Zhen; Yu-Lin Zheng; Zeng-Bing Chen; Nai-Le Liu; Kai Chen; Jian-Wei Pan

    2014-10-10T23:59:59.000Z

    Vulnerabilities and imperfections of single-photon detectors have been shown to compromise security for quantum key distribution (QKD). The measurement-device-independent QKD (MDI-QKD) appears to be the most appealing solution to solve the issues. However, in practice one faces severe obstacles of having significantly lower key generation rate, difficult two photon interferences, and remote synchronization etc. In this letter, we propose a highly efficient and simple quantum key distribution scheme to remove all of these drawbacks. Our proposal can be implemented with only small modifications over the standard decoy BB84 system. Remarkably it enjoys both the advantages of high key generation rate (being almost two orders of magnitude higher than that based on conventional MDI-QKD) comparable to the normal decoy system, and security against any detector side channel attacks. Most favorably one can achieve complete Bell state measurements with resort to single photon interference, which reduces significantly experimental costs. Our approach enables utilization of high speed and efficient secure communication, particularly in real-life scenario of both metropolitan and intercity QKD network, with an attack free fashion from arbitrary detector side channels.

  18. Breaking into a computer : attack techniques and tools used by cyber-criminals

    ScienceCinema (OSTI)

    None

    2011-10-06T23:59:59.000Z

    Oral presentation in English, slides in English. We will show you how and why cyber-criminals attack your computers: their motives, methods and tools.

  19. Practical realisation and elimination of an ECC-related software bug attack

    E-Print Network [OSTI]

    in modern e-business work-flows, are as follows: 1. Nguyen [28] described an attack on GPG version 1

  20. Breaking into a computer : attack techniques and tools used by cyber-criminals

    SciTech Connect (OSTI)

    None

    2010-06-24T23:59:59.000Z

    Oral presentation in English, slides in English. We will show you how and why cyber-criminals attack your computers: their motives, methods and tools.

  1. HIPAA Procedure 5031 Authorization Requirements for Use and Disclosure of Protected

    E-Print Network [OSTI]

    , certification, licensing, or credentialing activities. (2) For the purpose of health care fraud and abuse/AIDS-Related Information or Substance Abuse Treatment Information ...................................................2 information, psychotherapy notes, HIV/AIDS-related information or substance abuse treatment information, refer

  2. T-582: RSA systems has resulted in certain information being extracted from RSA systems that relates to RSA SecurID

    Broader source: Energy.gov [DOE]

    RSA investigation has revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is related to RSA's SecurID two-factor authentication products.

  3. Finite key analysis for symmetric attacks in quantum key distribution

    SciTech Connect (OSTI)

    Meyer, Tim; Kampermann, Hermann; Kleinmann, Matthias; Bruss, Dagmar [Institut fuer Theoretische Physik III, Heinrich-Heine-Universitaet Duesseldorf, D-40225 Duesseldorf (Germany)

    2006-10-15T23:59:59.000Z

    We introduce a constructive method to calculate the achievable secret key rate for a generic class of quantum key distribution protocols, when only a finite number n of signals is given. Our approach is applicable to all scenarios in which the quantum state shared by Alice and Bob is known. In particular, we consider the six state protocol with symmetric eavesdropping attacks, and show that for a small number of signals, i.e., below n{approx}10{sup 4}, the finite key rate differs significantly from the asymptotic value for n{yields}{infinity}. However, for larger n, a good approximation of the asymptotic value is found. We also study secret key rates for protocols using higher-dimensional quantum systems.

  4. Modeling of Damage in Cement-Based Materials Subjected to External Sulfate Attack. I: Formulation

    E-Print Network [OSTI]

    Mobasher, Barzin

    Modeling of Damage in Cement-Based Materials Subjected to External Sulfate Attack. I: Formulation subject headings: Damage; Models; Sulfates; Cements. Introduction A majority of the durability issues. Portland cement-based materials subjected to attack from external sulfates may suffer from two types of dam

  5. Cyber-Physical Security via Geometric Control: Distributed Monitoring and Malicious Attacks

    E-Print Network [OSTI]

    Bullo, Francesco

    Cyber-Physical Security via Geometric Control: Distributed Monitoring and Malicious Attacks Fabio and extends our results on the security of cyber-physical systems based on geometric control theory: (i) we, and by various industrial security incidents [6], cyber-physical systems are prone to failures and attacks

  6. Cyber-Physical Systems under Attack Models, Fundamental limitations, and Monitor Design

    E-Print Network [OSTI]

    Hu, Fei

    , FL, Dec 11, 2011 F. Pasqualetti, F. D¨orfler, F. Bullo Cyber-Physical Systems Under Attack Security are cyber-physical systems: power generation and distribution networks water networks and mass-efficient buildings (heat transfer) F. Pasqualetti, F. D¨orfler, F. Bullo Cyber-Physical Systems Under Attack Security

  7. Survey of Event Correlation Techniques for Attack Detection in Early Warning Systems

    E-Print Network [OSTI]

    Breu, Ruth

    Survey of Event Correlation Techniques for Attack Detection in Early Warning Systems Tobias Limmer of early warning systems for detecting Internet worms and other attacks, event correlation techniques on early warning systems. We summarize and clarify the typical terminology used in this context and present

  8. RISK MANAGEMENT AND RISK ANALYSIS-BASED DECISION TOOLS FOR ATTACKS ON

    E-Print Network [OSTI]

    Wang, Hai

    RISK MANAGEMENT AND RISK ANALYSIS- BASED DECISION TOOLS FOR ATTACKS ON ELECTRIC POWER Simonoff, J.usc.edu/create Report #04-004DRAFT #12;Risk Management and Risk Analysis-Based Decision Tools for Attacks on Electric for Risk and Economic Analysis of Terrorism Events University of Southern California Los Angeles

  9. WADeS: a tool for Distributed Denial of Service Attack detection

    E-Print Network [OSTI]

    Ramanathan, Anu

    2002-01-01T23:59:59.000Z

    's resources and denying service to legitimate users. In our research work, we propose WADeS (Wavelet based Attack Detection Signatures), an approach to detect a Distributed Denial of Service Attack using Wavelet methods. We develop a new framework that uses...

  10. ElectroMagnetic Radiations of FPGAs: High Spatial Resolution Cartography and Attack of a

    E-Print Network [OSTI]

    Boyer, Edmond

    ElectroMagnetic Radiations of FPGAs: High Spatial Resolution Cartography and Attack, a "root of trust" must be defined, insulated and then carefully protected. Until very recently, this role agencies) have tackled the issue of protecting ASICs from side-channel attacks (SCAs). In the meantime

  11. On the Interpolation Attacks on Block Ciphers A.M. Youssef and G. Gong

    E-Print Network [OSTI]

    Youssef, Amr M.

    On the Interpolation Attacks on Block Ciphers A.M. Youssef and G. Gong Center for Applied attack, nite elds, Ga- lois Field Fourier Transform 1 Introduction Gong and Golomb 7 introduced a new the later by decimation d. Gong and Golomb showed that the distance of DES S-boxes approximated

  12. Probabilistic Representation of the Threat and Consequences of Weapon Attacks on Commercial

    E-Print Network [OSTI]

    Wang, Hai

    Probabilistic Representation of the Threat and Consequences of Weapon Attacks on Commercial of the Threat and Consequences of Weapon Attacks on Commercial Aircraft CREATE Report 29 November 2005 John P Security has determined that external weapon threats due to surface-air missiles, as well as some

  13. Phase-remapping attack in practical quantum-key-distribution systems

    SciTech Connect (OSTI)

    Fung, Chi-Hang Fred; Qi, Bing; Lo, Hoi-Kwong [Center for Quantum Information and Quantum Control, Department of Electrical and Computer Engineering and Department of Physics, University of Toronto, Toronto, Ontario (Canada); Tamaki, Kiyoshi [NTT Basic Research Laboratories, NTT Corporation, 3-1, Morinosato Wakamiya Atsugi-Shi, Kanagawa 243-0198, Japan and CREST, JST Agency, 4-1-8 Honcho, Kawaguchi, Saitama 332-0012 (Japan)

    2007-03-15T23:59:59.000Z

    Quantum key distribution (QKD) can be used to generate secret keys between two distant parties. Even though QKD has been proven unconditionally secure against eavesdroppers with unlimited computation power, practical implementations of QKD may contain loopholes that may lead to the generated secret keys being compromised. In this paper, we propose a phase-remapping attack targeting two practical bidirectional QKD systems (the 'plug-and-play' system and the Sagnac system). We showed that if the users of the systems are unaware of our attack, the final key shared between them can be compromised in some situations. Specifically, we showed that, in the case of the Bennett-Brassard 1984 (BB84) protocol with ideal single-photon sources, when the quantum bit error rate (QBER) is between 14.6% and 20%, our attack renders the final key insecure, whereas the same range of QBER values has been proved secure if the two users are unaware of our attack; also, we demonstrated three situations with realistic devices where positive key rates are obtained without the consideration of Trojan horse attacks but in fact no key can be distilled. We remark that our attack is feasible with only current technology. Therefore, it is very important to be aware of our attack in order to ensure absolute security. In finding our attack, we minimize the QBER over individual measurements described by a general POVM, which has some similarity with the standard quantum state discrimination problem.

  14. Source Location Privacy against Laptop-Class Attacks in Sensor Networks

    E-Print Network [OSTI]

    Liu, Donggang

    it is then possible for them to interfere with the phenomena being sensed or even mount physical attacks on the mon- sages sent periodically to hide real event reports. The global and greedy solutions improve the naive towards a base station to report this event. Note that an attacker can easily detect the transmission

  15. A CHALLENGING BUT FEASIBLE BLOCKWISE-ADAPTIVE CHOSEN-PLAINTEXT ATTACK ON SSL

    E-Print Network [OSTI]

    A CHALLENGING BUT FEASIBLE BLOCKWISE-ADAPTIVE CHOSEN-PLAINTEXT ATTACK ON SSL Gregory V. Bard.bard@ieee.org Keywords: Blockwise Adaptive, Chosen Plaintext Attack (CPA), Secure Sockets Layer (SSL), Transport Layer). Abstract: This paper introduces a chosen-plaintext vulnerability in the Secure Sockets Layer (SSL

  16. Attacks on Singelee and Preneel's protocol Jorge Munilla and Alberto Peinado

    E-Print Network [OSTI]

    establishment protocol in wireless personal area networks. Nevertheless, in this paper we show effective relay- tion) systems, most of them are still vulnerable to relay attacks. This attack is conceptually depicted. Then both rogue parties readily forward each other all the messages. The electronic protection is thus

  17. Islamists claim deadly attack on UN building in Nigeria 26 August 2011

    E-Print Network [OSTI]

    in a decade. A radical Muslim sect blamed for a series of attacks in the country claimed responsibility the targeting of the U.N. at an open meeting on U.N. peacekeeping. U.S. President Barack Obama called the attack on which the U.N. was founded _ dignity, freedom, security, and peace," Obama said in a statement. "An

  18. Attacks On An ISO/IEC 11770-2 Key Establishment Protocol Zhaohui Cheng

    E-Print Network [OSTI]

    Attacks On An ISO/IEC 11770-2 Key Establishment Protocol Zhaohui Cheng and Richard Comley September) on a key establishment protocol (mechanism 12) standardised in ISO/IEC 11770-2 are described and two standardised as key establishment mechanism 12 in ISO/IEC 11770-2 [7] is vulnerable to a replay attack and also

  19. Attacks On An ISO/IEC 117702 Key Establishment Protocol Zhaohui Cheng # and Richard Comley

    E-Print Network [OSTI]

    Attacks On An ISO/IEC 11770­2 Key Establishment Protocol Zhaohui Cheng # and Richard Comley) on a key establishment protocol (mechanism 12) standardised in ISO/IEC 11770­2 are described and two standardised as key establishment mechanism 12 in ISO/IEC 11770­2 [7] is vulnerable to a replay attack and also

  20. Brain and Heart 1. Reducing your risk of stroke and heart attack. . . . 3

    E-Print Network [OSTI]

    Jagannatham, Aditya K.

    #12;Contents Brain and Heart 1. Reducing your risk of stroke and heart attack. . . . 3 2. Exercising for a healthy heart . . . . . . . . . . . . . . . . 4 3. Choosing a home blood pressure unit . . . . . . . . . . . . . . . . . 47 #12;BRAIN AND HEART Reducing your risk of stroke and heart attack One of the best ways to protect

  1. Identifying Pollution Attackers in Network-Coding Enabled Wireless Mesh Networks

    E-Print Network [OSTI]

    Lui, John C.S.

    Identifying Pollution Attackers in Network-Coding Enabled Wireless Mesh Networks Yongkun Li: cslui@cse.cuhk.edu.hk Abstract--Pollution attack is a severe security problem in network-coding enabled spreading of polluted packets to deplete network resources. We address this security problem even when

  2. Modeling Complex Control Systems to Identify Remotely Accessible Devices Vulnerable to Cyber Attack1

    E-Print Network [OSTI]

    Krings, Axel W.

    : Security, Vulnerabilities, Cyber Attack, Critical Infrastructure Protection, Electric Power Management present a model developed for Electric Power Management Systems (EPMS) and Supervisory Control and Data vulnerable to cyber attack. We use graph theory to model electric power control and protection devices

  3. Hearing is Believing: Detecting Mobile Primary User Emulation Attack in White Space

    E-Print Network [OSTI]

    California at Davis, University of

    users in white space: TV towers and wireless microphones. Existing work on PUE attack detection focused on the first category. However, for the latter category, primary users are mobile and their transmission power on the attackers that emulate stationary primary users (TV towers). They are based on the fact that the locations

  4. CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot

    E-Print Network [OSTI]

    Bencsáth, Boldizsár

    CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot D´aniel Istv of control system elements, such as PLCs. In this paper, we design and implement the Crysys PLC honeypot (CryPLH) system to detect targeted attacks against industrial control systems. This PLC honeypot can

  5. ON-LINE DETECTION OF DISTRIBUTED ATTACKS FROM SPACE-TIME NETWORK FLOW PATTERNS

    E-Print Network [OSTI]

    Baras, John S.

    ON-LINE DETECTION OF DISTRIBUTED ATTACKS FROM SPACE-TIME NETWORK FLOW PATTERNS J.S. Baras* , A in the network. We are interested in the "quickest detection" problem when the attack is distributed is to detect when a distributed denial of service is taking place in one sub-network of a transit (core

  6. A Generalization of the Rainbow Band Separation Attack and its Applications to

    E-Print Network [OSTI]

    Recovery Attack, Rainbow, Enhanced STS, Enhanced TTS, MFE, Diophantine Equations, MQQ-Enc, MQQ-Sig 1-trivial generaliza- tion of the well known Unbalanced Oil and Vinegar (UOV) signature scheme (Eurocrypt '99) minimizing the length of the signatures. By now the Rainbow Band Separation attack is the best key recovery

  7. Detecting Selective Forwarding Attacks in Wireless Sensor Networks using Support Vector Machines

    E-Print Network [OSTI]

    Shilton, Alistair

    concerning energy . In this article, we propose a centralized intrusion detection scheme based on SupportDetecting Selective Forwarding Attacks in Wireless Sensor Networks using Support Vector Machines Vector Machines (SVMs) and sliding windows. We find that our system can detect black hole attacks

  8. Detecting Distributed Denial of Service (DDoS) Attacks Through Inductive Learning

    E-Print Network [OSTI]

    Noh, Sanguk

    Detecting Distributed Denial of Service (DDoS) Attacks Through Inductive Learning Sanguk Noh1 of Service (DDoS) flooding at- tacks on TCP-based Web servers. There has been a lot of related work which focuses on analyzing the pattern of the DDoS attacks to protect users from them. However, none

  9. On the Impact of LowRate Attacks + MINA GUIRGUIS AZER BESTAVROS IBRAHIM MATTA

    E-Print Network [OSTI]

    of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks present an ongoing threat to almost TCP flows by flooding an Internet link. In this paper, we study the impact of these new breeds burst. Our analysis is focused towards worst­case scenarios, thus our results should be regarded

  10. On the Impact of Low-Rate Attacks MINA GUIRGUIS AZER BESTAVROS IBRAHIM MATTA

    E-Print Network [OSTI]

    Bestavros, Azer

    S) attacks and Distributed Denial of Service (DDoS) attacks present an ongoing threat to almost ev- ery TCP flows by flooding an Internet link. In this paper, we study the impact of these new breeds burst. Our analysis is focused towards worst-case scenarios, thus our results should be regarded

  11. On the Impact of Low-Rate Attacks MINA GUIRGUIS AZER BESTAVROS IBRAHIM MATTA

    E-Print Network [OSTI]

    of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks present an ongoing threat to almost TCP flows by flooding an Internet link. In this paper, we study the impact of these new breeds burst. Our analysis is focused towards worst-case scenarios, thus our results should be regarded

  12. Securing Ad Hoc Wireless Networks Against Data Injection Attacks Using Firewalls

    E-Print Network [OSTI]

    Kasera, Sneha Kumar

    Securing Ad Hoc Wireless Networks Against Data Injection Attacks Using Firewalls Jun Cheol Park-- We propose to secure ad hoc networks against data injection attacks by placing firewall functionality] simulations. Our results show that our algorithm can find near-optimal solutions. Based on a simple analysis

  13. Risk analysis of Trojan-horse attacks on practical quantum key distribution systems

    E-Print Network [OSTI]

    Nitin Jain; Birgit Stiller; Imran Khan; Vadim Makarov; Christoph Marquardt; Gerd Leuchs

    2014-12-19T23:59:59.000Z

    An eavesdropper Eve may probe a quantum key distribution (QKD) system by sending a bright pulse from the quantum channel into the system and analyzing the back-reflected pulses. Such Trojan-horse attacks can breach the security of the QKD system if appropriate safeguards are not installed or if they can be fooled by Eve. We present a risk analysis of such attacks based on extensive spectral measurements, such as transmittance, reflectivity, and detection sensitivity of some critical components used in typical QKD systems. Our results indicate the existence of wavelength regimes where the attacker gains considerable advantage as compared to launching an attack at 1550 nm. We also propose countermeasures to reduce the risk of such attacks.

  14. IEEE TRANSACTIONS ON SMART GRID, VOL. 2, NO. 4, DECEMBER 2011 835 Cyber Attack Exposure Evaluation Framework for

    E-Print Network [OSTI]

    Manimaran, Govindarasu

    . The coupling of the power infrastructure with complex computer networks substantially expand current cyber, that is, threats, vulnerabilities, and attack consequences for current and emerging power grid systems. The substantial attack surface presented by the advanced metering infrastructure (AMI) along

  15. Abstract Bird mortality is heavily affected by birds of prey. Under attack, take-off is crucial for survival and

    E-Print Network [OSTI]

    Abstract Bird mortality is heavily affected by birds of prey. Under attack, take-off is crucial respond differently depending on the character of the predator's attack and these split-second decisions were studied using a model merlin (Falco columbarius) that attacked feeding blue tits (Parus caeruleus

  16. 4698 Biochemistry 1993, 32, 4698-4701 Sequence-Specific Cleavage of DNA via Nucleophilic Attack of Hydrogen

    E-Print Network [OSTI]

    Tullius, Thomas D.

    4698 Biochemistry 1993, 32, 4698-4701 Sequence-Specific Cleavage of DNA via Nucleophilic Attack by oxidative damage of the DNA backbone but instead is the result of nucleophilic attack by peroxide. A singleSaccharomyces cerevisae, whichactivatesthephosphodiester for attack by thediffusible smallnucleophile. While Flp

  17. Gas-Phase Electrophilic Attack of a Double Bond Exhibits Stereoselectivity Philip S. Mayer and Thomas Hellman Morton*

    E-Print Network [OSTI]

    Morton, Thomas Hellman

    Gas-Phase Electrophilic Attack of a Double Bond Exhibits Stereoselectivity Philip S. Mayer alkoxycarbenium ions in solution, which then attack allylsilanes (X ) CH2,Y ) CH3),3 followed by departure ethers via internal attack by oxygen.4 In other instances (cf. the Mukaiyama aldol condensation,5 where X

  18. New side-channel attack against scan chains Jean Da Rolt, Giorgio Di Natale, Marie-Lise Flottes, Bruno Rouzeyre

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    New side-channel attack against scan chains Jean Da Rolt, Giorgio Di Natale, Marie-Lise Flottes jeopardize the overall security. Several scan-based attacks on cryptographic functions have been described and shown the need for secure scan implementations. These attacks assume a single scan chain. However

  19. A Scan-based Attack on Elliptic Curve Cryptosystems in presence of Industrial Design-for-Testability Structures

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    A Scan-based Attack on Elliptic Curve Cryptosystems in presence of Industrial Design-based attack on hardware implementations of Elliptic Curve Cryptosystems (ECC). Several up-to-date Design aspects of the proposed scan-based attack are described, namely timing and leakage analysis that allows

  20. A VLSI Design Flow for Secure Side-Channel Attack Resistant ICs and Ingrid Verbauwhede1,2

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    A VLSI Design Flow for Secure Side-Channel Attack Resistant ICs Kris Tiri1 and Ingrid Verbauwhede1 VLSI design flow to create secure, side-channel attack (SCA) resistant integrated circuits. The design standard cell design flow. We discuss the basis for side-channel attack resistance and adjust the library

  1. Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields of Composite Degree

    E-Print Network [OSTI]

    Teske, Edlyn

    Analysis of the GHS Weil Descent Attack on the ECDLP over Characteristic Two Finite Fields, we analyze the Gaudry-Hess-Smart (GHS) Weil descent attack on the elliptic curve discrete logarithm with these parameters; and (ii) the GHS attack is more eĂ?cient for solving the ECDLP in E(F 2 N ) than for solving

  2. State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures

    E-Print Network [OSTI]

    Schaumont, Patrick

    , USA Abstract--Implementations of cryptographic primitives are vulnerable to physical attacks. While and up-to-date table of physical attacks and countermeasures is of paramount importance to system designers. This paper summarizes known physical attacks and counter- measures on Elliptic Curve

  3. On the Effectiveness of DDoS Attacks on Statistical Qiming Li Ee-Chien Chang Mun Choon Chan

    E-Print Network [OSTI]

    Chan, Mun Choon

    by the fiiter that guards the victim network. We study the effectiveness of DDoS attacks on such statistical study the effectiveness of DDoS attacks on statistical-based filtering in a general context whereOn the Effectiveness of DDoS Attacks on Statistical Filtering Qiming Li Ee-Chien Chang Mun Choon

  4. Sequential attack with intensity modulation on the differential-phase-shift quantum-key-distribution protocol

    SciTech Connect (OSTI)

    Tsurumaru, Toyohiro [Mitsubishi Electric Corporation, Information Technology R and D Center, 5-1-1 Ofuna, Kamakura-shi, Kanagawa, 247-8501 (Japan)

    2007-06-15T23:59:59.000Z

    In this paper, we discuss the security of the differential-phase-shift quantum-key-distribution (DPSQKD) protocol by introducing an improved version of the so-called sequential attack, which was originally discussed by Waks et al. [Phys. Rev. A 73, 012344 (2006)]. Our attack differs from the original form of the sequential attack in that the attacker Eve modulates not only the phases but also the amplitude in the superposition of the single-photon states which she sends to the receiver. Concentrating especially on the 'discretized Gaussian' intensity modulation, we show that our attack is more effective than the individual attack, which had been the best attack up to present. As a result of this, the recent experiment with communication distance of 100 km reported by Diamanti et al. [Opt. Express 14, 13073 (2006)] turns out to be insecure. Moreover, it can be shown that in a practical experimental setup which is commonly used today, the communication distance achievable by the DPSQKD protocol is less than 95 km.

  5. INFORMATION SECURITY ATTACK TREE MODELING An Effective Approach for Enhancing Student Learning

    E-Print Network [OSTI]

    the engineering principle of Failure Mode and Effect Analysis (FMEA). The main goal of this principle, the project plan can be created more realistically. FMEA techniques [1] help to identify failure potential

  6. Attack-Resistant Location Estimation in Sensor (Revised August 2005)

    E-Print Network [OSTI]

    Ning, Peng

    role in many sensor network applications. Not only do applications such as environment monitoring and target tracking require sensors' location information to fulfill their tasks, but several fundamental

  7. attack registry rationale: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    111 A Registry Service as a Foundation for Brokering Mathematical Rebhi Baraka Olga Caprotti Computer Technologies and Information Sciences Websites Summary: service...

  8. Security Requirements for Remote Access to DOE and Applicable Contractor Information Technology Systems

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-19T23:59:59.000Z

    The Notice establishes DOE policy requirements and responsibilities for remote connections to DOE and contractor information technology systems. The Notice will also ensure compliance with the requirements of DOE O 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, to protect DOE information and information technology systems commensurate with the risk and magnitude of harm that could result from their unauthorized access, use, disclosure, modification or destruction. DOE N 205.15, dated 3/18/05, extends this directive until 3/18/06. No cancellations.

  9. Developing health-based pre-planning clearance goals for airport remediation following a chemical terrorist attack: Decision criteria for multipathway exposure routes

    SciTech Connect (OSTI)

    Watson, Annetta Paule [ORNL; Dolislager, Frederick [University of Tennessee, Knoxville (UTK); Hall, Dr. Linda [ENVIRON International Corporation; Hauschild, Veronique [U.S. Army Center for Health Promotion and Preventive Medicine; Raber, Ellen [Lawrence Livermore National Laboratory (LLNL); Love, Dr. Adam [Johnson Wright, Inc.

    2011-01-01T23:59:59.000Z

    In the event of a chemical terrorist attack on a transportation hub, post-event remediation and restoration activities necessary to attain unrestricted facility re-use and re-entry could require hours to multiple days. While timeframes are dependent on numerous variables, a primary controlling factor is the level of pre-planning and decision-making completed prior to chemical release. What follows is the second of a two-part analysis identifying key considerations, critical information and decision criteria to facilitate post-attack and post-decontamination consequence management activities. Decision criteria analysis presented here provides first-time, open-literature documentation of multi-pathway, health-based remediation exposure guidelines for selected toxic industrial compounds, chemical warfare agents, and agent degradation products for pre-planning application in anticipation of a chemical terrorist attack. Guideline values are provided for inhalation and direct ocular vapor exposure routes as well as percutaneous vapor, surface contact, and ingestion. Target populations include various employees as well as transit passengers. This work has been performed as a national case study conducted in partnership with the Los Angeles International Airport and The Bradley International Terminal. All recommended guidelines have been selected for consistency with airport scenario release parameters of a one-time, short-duration, finite airborne release from a single source followed by compound-specific decontamination.

  10. Reduction of Quality (RoQ) Attacks on Dynamic Load Balancers: Vulnerability Assessment and Design Tradeoffs

    E-Print Network [OSTI]

    Matta, Abraham "Ibrahim"

    #0205294, and EIA RI Award #0202067, and by grants from Fortress Technologies. attacks are orchestrated], [12], routing protocols [15], firewalls and traffic shapers [32], [14], HTTP and database server farms

  11. Security of the Quantum Key Distribution with Blind Polarization Bases against Impersonation Attack

    E-Print Network [OSTI]

    Won-Ho Kye; M. S. Kim

    2006-02-24T23:59:59.000Z

    In this paper, we briefly show how the quantum key distribution with blind polarization bases [Kye et al., Phys. Rev. Lett. 95, 040501 (2005)] can be made secure against the impersonation attack.

  12. Security against the Invisible Photon Attack for the Quantum Key Distribution with Blind Polarization Bases

    E-Print Network [OSTI]

    Won-Ho Kye; M. S. Kim

    2005-08-03T23:59:59.000Z

    In this paper, we briefly show how the quantum key distribution with blind polarization bases [Kye et al., Phys. Rev. Lett. 95, 040501 (2005)] can be made secure against the invisible photon attack.

  13. DEFENDING AGAINST PHYSICAL DESTRUCTION ATTACKS ON WIRELESS SENSOR Chi Zhang, Yanchao Zhang, Yuguang Fang

    E-Print Network [OSTI]

    Zhang, Yanchao

    with stealth by moving across the ROI. Physical attacks are inevitable threats in WSNs: they are relatively, and should be an inseparable complementarity of the report about the observed events in the ROI. Secondly

  14. Cyber-Physical Attacks in Power Networks: Models, Fundamental Limitations and Monitor Design

    E-Print Network [OSTI]

    Bullo, Francesco

    the prototypical stealth, (dynamic) false-data injection and replay attacks. We characterize the fundamental]. The development of security This material is based in part upon work supported by NSF grants IIS- 0904501 and CPS

  15. Guilt by Association: United States Ties and Vulnerability to Transnational Terrorist Attacks

    E-Print Network [OSTI]

    Warhol, Matthew Grant

    2011-02-22T23:59:59.000Z

    Do nations' allies and trading partners affect their vulnerability to transnational terrorist attacks? Prior research has focused on how the attributes of individual nations, such as regime type, economic stability, and international power, affect...

  16. Not-a-Bot (NAB): Improving Service Availability in the Face of Botnet Attacks

    E-Print Network [OSTI]

    Gummadi, Ramakrishna

    A large fraction of email spam, distributed denial-of-service (DDoS) attacks, and click-fraud on web advertisements are caused by traffic sent from compromised machines that form botnets. This paper posits that by identifying ...

  17. A spillway infrastructure for defense against Distributed Denial of Service attacks

    E-Print Network [OSTI]

    Barkley, Andrew Holman

    2000-01-01T23:59:59.000Z

    to satisfy a balance of the following uncategorized guidelines: ~ Secure communication: the protocol is dilficult to be tricked by malicious mes- sages, and does not have any known flaws or vulnerabilities useful to a new type of attack. Weaknesses...

  18. Differential-phase-shift quantum key distribution with phase modulation to combat sequential attacks

    SciTech Connect (OSTI)

    Kawahara, Hiroki; Oka, Toru; Inoue, Kyo [Osaka University, Osaka 565-0871 (Japan)

    2011-11-15T23:59:59.000Z

    Phase-modulated differential-phase-shift (DPS) quantum key distribution (QKD) is presented for combating sequential attacks that most severely restrict the DPS-QKD system distance. Slow phase modulation imposed onto the DPS signal obstructs the optimum unambiguous state discrimination measurement conducted in the sequential attack and improves the QKD distance as a result. The condition with which the phase modulation does not degrade the DPS-QKD system performance is also described.

  19. Beamsplitting attack to the revised KKKP protocol and a possible solution

    E-Print Network [OSTI]

    Xiang-Bin Wang; Qiang Zhang; Yu-Ao Chen; Wong-Young Hwang; Myungshik Kim; Jian-Wei Pan

    2006-03-15T23:59:59.000Z

    We show that the revised KKKP protocol proposed by Kye and Kim [Phys. Rev. Lett. 95,040501(2005)] is still insecure with coherent states by a type of beamsplitting attack. We then further revise the KKKP protocol so that it is secure under such type of beamsplitting attack. The revised scheme can be used for not-so-weak coherent state quantum key distribution.

  20. Denial of Service attacks: path reconstruction for IP traceback using Adjusted Probabilistic Packet Marking

    E-Print Network [OSTI]

    Dube, Raghav

    2005-02-17T23:59:59.000Z

    DENIAL OF SERVICE ATTACKS: PATH RECONSTRUCTION FOR IP TRACEBACK USING ADJUSTED PROBABILISTIC PACKET MARKING A Thesis by RAGHAV DUBE Submitted to the Office of Graduate Studies of Texas A&M University in partial fulfillment of the requirements... for the degree of MASTER OF SCIENCE December 2004 Major Subject: Electrical Engineering DENIAL OF SERVICE ATTACKS: PATH RECONSTRUCTION FOR IP TRACEBACK USING ADJUSTED PROBABILISTIC PACKET MARKING A Thesis by RAGHAV DUBE Submitted to Texas A&M University...

  1. Modeling experiments that simulate fragment attacks on cased munitions

    SciTech Connect (OSTI)

    Kerrisk, J.F.

    1996-01-01T23:59:59.000Z

    Roberts and Field (1993) have conducted experiments to observe the behavior of a cased high explosive (HE) charge subject to fragment attack at impact velocities below those needed for shock initiation. Two and three-dimensional hydrodynamic calculations have been done to model these experiments. Questions about the degree of confinement of the HE and about the condition of the HE during the impact were addressed. The calculations indicate that the HE was not strongly confined in this experiment, primarily due to the lateral expansion of polycarbonate blocks on the sides of the target during the impact. HE was not ejected from the hole in the casing made by the projectile up to 30 {micro}s after the impact. There are hints from these calculations of how initiation of a homogeneous sample of HE might occur in the experiment. The first involves the reshock of a small amount of HE at {approximately} 20 {micro}s as a result of the impact of the sabot on the target. The second involves the heating of the HE from plastic work during the impact. The maximum temperature rise of the HE (exclusive of the small region that was reshocked) was {approximately} 80 k. However, this is the average temperature of a region the size of a computational cell, and phenomena such as shear bands or cracks could result in higher temperatures on a smaller scale than the cell size. The third involves heating of the HE from contact with the casing material. The maximum temperature rise of the casing material from plastic work is {approximately} 870 k. This temperature occurs at the edge of a plug of casing material sheared off by the projectile. Other parts of the casing are shock heated to higher energies but may not contact the HE.

  2. China Urban Pollution Information Disclosure Study (CUPIDS) : socioeconomic implications of dirty industry and a guide to national cleandustrialization

    E-Print Network [OSTI]

    Chu, Yang, M.C.P. Massachusetts Institute of Technology

    2013-01-01T23:59:59.000Z

    It is now common knowledge that China's data is bad, and China's environment is polluted. In this paper I develop a simple pollution intensity index to test China's existing national and local environmental data, to answer ...

  3. U-274: HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information

    Broader source: Energy.gov [DOE]

    Vulnerabilities can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

  4. (Patient Identification) CONSENT TO TREATMENT AND THE USE AND DISCLOSURE OF

    E-Print Network [OSTI]

    Oliver, Douglas L.

    INFORMATION CONSENT TO TREATMENT: For purposes of my clinical care I, the undersigned, consent to treatment and/or alcohol abuse information, psychiatric information, and HIV- related information, for treatment or allow electronic access to my PHI for purposes of my treatment and coordination of care to my primary

  5. Efficiency of attack strategies on complex model and real-world networks

    E-Print Network [OSTI]

    Bellingeri, Michele; Vincenzi, Simone

    2013-01-01T23:59:59.000Z

    We investigated the efficiency of attack strategies to network nodes when targeting several complex model and real-world networks. We tested 5 attack strategies, 3 of which were introduced in this work for the first time, to attack 3 model (Erdos and Renyi, Barabasi and Albert preferential attachment network, and scale-free network configuration models) and 3 real networks (Gnutella peer-to-peer network, email network of the University of Rovira i Virgili, and immunoglobulin interaction network). Nodes were removed sequentially according to the importance criterion defined by the attack strategy. We used the size of the largest connected component (LCC) as a measure of network damage. We found that the efficiency of attack strategies (fraction of nodes to be deleted for a given reduction of LCC size) depends on the topology of the network, although attacks based on the number of connections of a node and betweenness centrality were often the most efficient strategies. Sequential deletion of nodes in decreasin...

  6. attack disaster preparedness: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    and other disaster-specific information. The app is free to download 12 Climate change in the Western Cape : a disaster risk assessment of the impact on human health. Open...

  7. Stealthy attacks and defense strategies in competing sensor networks 

    E-Print Network [OSTI]

    Czarlinska, Aleksandra

    2009-05-15T23:59:59.000Z

    The fundamental objective of sensor networks underpinning a variety of applications is the collection of reliable information from the surrounding environment. The correctness of the collected data is especially important in applications involving...

  8. Attack of the killer acronyms: The Future of IT Law 

    E-Print Network [OSTI]

    Guadamuz, Andres

    2004-01-01T23:59:59.000Z

    The paper discusses the reliance of internet technology law on acronyms, and its deeper socio-legal impact. It suggests that this resonantes for the future of research, teaching, and practice within information technology law.

  9. Stealthy attacks and defense strategies in competing sensor networks

    E-Print Network [OSTI]

    Czarlinska, Aleksandra

    2009-05-15T23:59:59.000Z

    The fundamental objective of sensor networks underpinning a variety of applications is the collection of reliable information from the surrounding environment. The correctness of the collected data is especially important in applications involving...

  10. 898 IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS, VOL. 11, NO. 3, MARCH 2012 Most Active Band (MAB) Attack and Countermeasures in a

    E-Print Network [OSTI]

    Yang, Eui-Hyeok

    ) Attack and Countermeasures in a Cognitive Radio Network Nansai Hu, Student Member, IEEE, Yu-Dong Yao, Fellow, IEEE, and Joseph Mitola, Fellow, IEEE Abstract--This paper investigates a type of attacks on a cognitive radio (CR) network, most active band (MAB) attack, where an attacker or a malicious CR node senses

  11. The relative use of form 8-k disclosures: a trading response analysis

    E-Print Network [OSTI]

    McLelland, Andrew John

    2004-09-30T23:59:59.000Z

    Prior research suggests that the use of accounting information differs substantially by investor class. My analysis extends this line of research to the area of SEC Form 8-K filings. Prior research also provides mixed evidence on the informativeness...

  12. 31/08/2010 13:44A misguided attack on kin selection Why Evolution Is True Page 1 of 15http://whyevolutionistrue.wordpress.com/2010/08/30/a-misguided-attack-on-kin-selection/

    E-Print Network [OSTI]

    Gardner, Andy

    31/08/2010 13:44A misguided attack on kin selection « Why Evolution Is True Page 1 of 15http://whyevolutionistrue.wordpress.com/2010/08/30/a-misguided-attack-on-kin-selection/ « I swear I was Egyptian! Relevant readings » A misguided attack on kin selection I don't know what's gotten into E. O. Wilson. He's certainly the world

  13. Attacks Against Process Control Systems: Risk Assessment, Detection, and Response

    E-Print Network [OSTI]

    Hu, Fei

    research problems for securing control systems when compared to securing traditional information technology technology (IT) systems connected to the physical world. Depending on the application, these control systems (DCS) or Cyber-Physical Systems (CPS) (to refer to embedded sensor and actuator networks). Control

  14. Methods, media, and systems for detecting attack on a digital processing device

    DOE Patents [OSTI]

    Stolfo, Salvatore J.; Li, Wei-Jen; Keromylis, Angelos D.; Androulaki, Elli

    2014-07-22T23:59:59.000Z

    Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack. In some embodiments, the methods include: selecting a data segment in at least one portion of an electronic document; determining whether the arbitrarily selected data segment can be altered without causing the electronic document to result in an error when processed by a corresponding program; in response to determining that the arbitrarily selected data segment can be altered, arbitrarily altering the data segment in the at least one portion of the electronic document to produce an altered electronic document; and determining whether the corresponding program produces an error state when the altered electronic document is processed by the corresponding program.

  15. Information Security Analysis Using Game Theory and Simulation

    SciTech Connect (OSTI)

    Schlicher, Bob G [ORNL] [ORNL; Abercrombie, Robert K [ORNL] [ORNL

    2012-01-01T23:59:59.000Z

    Information security analysis can be performed using game theory implemented in dynamic simulations of Agent Based Models (ABMs). Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. Our approach addresses imperfect information and scalability that allows us to also address previous limitations of current stochastic game models. Such models only consider perfect information assuming that the defender is always able to detect attacks; assuming that the state transition probabilities are fixed before the game assuming that the players actions are always synchronous; and that most models are not scalable with the size and complexity of systems under consideration. Our use of ABMs yields results of selected experiments that demonstrate our proposed approach and provides a quantitative measure for realistic information systems and their related security scenarios.

  16. U-217: Red Hat Certificate System Bugs Let Remote Users Conduct Cross-Site Scripting and Denial of Service Attacks

    Broader source: Energy.gov [DOE]

    Two vulnerabilities were reported in Red Hat Certificate System. A remote user can conduct cross-site scripting attacks. A remote authenticated user can revoke the CA certificate.

  17. T-554: Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code

    Broader source: Energy.gov [DOE]

    Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.

  18. Protecting Accelerator Control Systems in the Face of Sophisticated Cyber Attacks

    SciTech Connect (OSTI)

    Hartman, Steven M [ORNL] [ORNL

    2012-01-01T23:59:59.000Z

    Cyber security for industrial control systems has received significant attention in the past two years. The news coverage of the Stuxnet attack, believed to be targeted at the control system for a uranium enrichment plant, brought the issue to the attention of news media and policy makers. This has led to increased scrutiny of control systems for critical infrastructure such as power generation and distribution, and industrial systems such as chemical plants and petroleum refineries. The past two years have also seen targeted network attacks aimed at corporate and government entities including US Department of Energy National Laboratories. Both of these developments have potential repercussions for the control systems of particle accelerators. The need to balance risks from potential attacks with the operational needs of an accelerator present a unique challenge for the system architecture and access model.

  19. Attack of fragmented-core debris on concrete in the presence of water. [PWR; BWR

    SciTech Connect (OSTI)

    Tarbell, W.W.; Bradley, D.R.

    1982-01-01T23:59:59.000Z

    In the unlikely event that core debris escapes the reactor pressure vessel, the interactions of the debris with concrete, structural materials, and coolant become the driving force for severe accident phenomena. The Ex-Vessel Core Debris Interactions Program at Sandia National Laboratories is an experimental research effort to characterize these interactions and the magnitude of safety-related phenomena such as flammable gas generation, aerosol production, fission product release, and concrete attack. Major areas of study within the program include molten core simultants in contact with concrete, high pressure melt streaming into scaled reactor cavities, the addition of coolant to high-temperature melt/concrete interactions, and the attack of hot, solid core debris on concrete. This paper describes results from the last of these efforts, i.e., hot, but not molten debris attacking concrete.

  20. Machine Learning for Power System Disturbance and Cyber-attack Discrimination

    SciTech Connect (OSTI)

    Borges, Raymond Charles [ORNL; Beaver, Justin M [ORNL; Buckner, Mark A [ORNL; Morris, Thomas [Mississippi State University (MSU); Adhikari, Uttam [ORNL; Pan, Shengyi [Mississippi State University (MSU)

    2014-01-01T23:59:59.000Z

    Power system disturbances are inherently complex and can be attributed to a wide range of sources, including both natural and man-made events. Currently, the power system operators are heavily relied on to make decisions regarding the causes of experienced disturbances and the appropriate course of action as a response. In the case of cyber-attacks against a power system, human judgment is less certain since there is an overt attempt to disguise the attack and deceive the operators as to the true state of the system. To enable the human decision maker, we explore the viability of machine learning as a means for discriminating types of power system disturbances, and focus specifically on detecting cyber-attacks where deception is a core tenet of the event. We evaluate various machine learning methods as disturbance discriminators and discuss the practical implications for deploying machine learning systems as an enhancement to existing power system architectures.

  1. Predicting the effect of climate change on wildfire behavior and initial attack success

    SciTech Connect (OSTI)

    Riley, William; Fried, Jeremy S.; Gilless, J. Keith; Riley, William J.; Moody, Tadashi J.; Simon de Blas, Clara; Hayhoe, Katharine; Moritz, Max; Stephens, Scott; Torn, Margaret

    2007-12-01T23:59:59.000Z

    This study focused on how climate change-induced effects on weather will translate into changes in wildland fire severity and outcomes in California, particularly on the effectiveness of initial attack at limiting the number of fires that escape initial attack. The results indicate that subtle shifts in fire behavior of the sort that might be induced by the climate changes anticipated for the next century are of sufficient magnitude to generate an appreciable increase in the number of fires that escape initial attack. Such escapes are of considerable importance in wildland fire protection planning, given the high cost to society of a catastrophic escape like those experienced in recent decades in the Berkeley-Oakland, Santa Barbara, San Diego, or Los Angeles areas. However, at least for the three study areas considered, it would appear that relatively modest augmentations to existing firefighting resources might be sufficient to compensate for change-induced changes in wildland fire outcomes.

  2. V-206: Apache HTTP Server mod_rewrite and "httpOnly" Cookie Disclosure...

    Broader source: Energy.gov (indexed) [DOE]

    Two vulnerabilities have been reported in Apache HTTP Server, which can be exploited by malicious people to disclose potentially sensitive information and compromise a vulnerable...

  3. Toward a generic model of security in organizational context: exploring insider threats to information infrastructure.

    SciTech Connect (OSTI)

    Martinez-Moyano, I. J.; Samsa, M. E.; Burke, J. F.; Akcam, B. K.; Decision and Information Sciences; Rockefeller Coll. at the State Univ. of New York at Albany

    2008-01-01T23:59:59.000Z

    This paper presents a generic model for information security implementation in organizations. The model presented here is part of an ongoing research stream related to critical infrastructure protection and insider threat and attack analysis. This paper discusses the information security implementation case.

  4. Information Information for students

    E-Print Network [OSTI]

    Wright, Francis

    Disability & Dyslexia Information Guidance Support Information for students with disabilities the Disability and Dyslexia Service · Accessing your curriculum · Specialist examination arrangements · Dyslexia and Dyslexia Service for more information. Our contact details can be found on the back page. 03 #12

  5. Abstract--Network security against possible attacks involves making decisions under uncertainty. Not only may one be

    E-Print Network [OSTI]

    ], security in wireless networks [12], [13] and cyber-security [14], [15], [16]. In [17] the readers can find1 Abstract--Network security against possible attacks involves making decisions under uncertainty for a further DDoS (Distributed Denial of Service) botnet attack on servers). Due to limited defense

  6. An Analysis of the Risks of a Terrorist Attack on LNG Receiving Facilities in the United States

    E-Print Network [OSTI]

    Wang, Hai

    An Analysis of the Risks of a Terrorist Attack on LNG Receiving Facilities in the United States #12;An Analysis of the Risks of a Terrorist Attack on LNG Receiving Facilities in the United States 3-D Aerial View from Proposed SES LNG Receiving Facility Site to Downtown Long Beach [White line is 2

  7. Low-Power Side-Channel Attack-Resistant Asynchronous S-Box Design for AES Cryptosystems

    E-Print Network [OSTI]

    Ayers, Joseph

    function with an invertible affine transformation in order to avoid attacks based on mathematics. A block combinational S-Box (substitution box) design for AES (Advanced Encryption Standard) cryptosystems is proposed less in- formation against side-channel attacks such as differential power/noise analysis. Functional

  8. Power Attack Resistant Cryptosystem Design: A Dynamic Voltage and Frequency Switching Approach

    E-Print Network [OSTI]

    Boyer, Edmond

    studied by several groups. Power attacks, which infer program behavior from observing power supply current (DPA), which identifies cryptographic keys by monitoring processor power supply current, is a very real analysis [7], power analysis [1], electromagnetic analysis [8] and fault induction [9]. Here, we are most

  9. Attacks on AURORA-512 and the Double-MIX Merkle-Damgard Transform

    E-Print Network [OSTI]

    Attacks on AURORA-512 and the Double-MIX Merkle-Damg°ard Transform Niels Ferguson1 and Stefan Lucks are able to find 2nd pre-images for AURORA-512 in time 2291 , and collisions in time 2234.4 . A limited-memory variant finds collisions in time 2249 . 1 Introduction and Overview AURORA is a family of cryptographic

  10. Key-Insulated Symmetric Key Cryptography and Mitigating Attacks against Cryptographic Cloud Software

    E-Print Network [OSTI]

    Dodis, Yevgeniy

    Key-Insulated Symmetric Key Cryptography and Mitigating Attacks against Cryptographic Cloud- sociated cryptographic keys in their entirety. In this paper, we investigate key-insulated symmetric key. To illustrate the feasibility of key-insulated symmetric key cryptography, we also report a proof

  11. TESLA-Based Defense Against Pollution Attacks in P2P Systems with Network Coding

    E-Print Network [OSTI]

    Markopoulou, Athina

    TESLA-Based Defense Against Pollution Attacks in P2P Systems with Network Coding Anh Le, Athina and time asymmetry (as in TESLA [1]) to provide source authentication for the detection scheme and non; pollution; detection; identification; TESLA; homomorphic MAC. I. INTRODUCTION Peer-to-peer (P2P) systems

  12. An Abrupt Change Detection Heuristic with Applications to Cyber Data Attacks on Power Systems

    E-Print Network [OSTI]

    Sanandaji, Borhan M.

    hardware and software components such as smart meters, Phasor Measurement Units (PMUs), intelligent Borhan dynamics have been traditionally considered as a result of meter aging and malfunctioning, electrical of a designated cyber data attack to the system. In particular, with the emergence of smart grids and its smart

  13. Evaluating Network-Based DoS Attacks Under the Energy Consumption Perspective

    E-Print Network [OSTI]

    Politčcnica de Catalunya, Universitat

    with great opportunities for raising the target facility energy consumption and consequently its green house green, energy- sustainable computing paradigms has gained a lot of attention in both the researchEvaluating Network-Based DoS Attacks Under the Energy Consumption Perspective New security issues

  14. A Forgery Attack against PANDA-s Yu Sasaki and Lei Wang

    E-Print Network [OSTI]

    A Forgery Attack against PANDA-s Yu Sasaki and Lei Wang NTT Secure Platform Laboratories, Japan claim that PANDA-s, which is one of the designs of the PANDA-family, provides 128-bit security is computed by Ci Pir. Finally, by taking the 7-block state value after the associated data #12

  15. Sensor Wars: Detecting and Defending Against Spam Attacks in Wireless Sensor Networks

    E-Print Network [OSTI]

    Levi, Albert

    network are discussed in [7]. Security, network bandwidth and power consumption in sensor networksSensor Wars: Detecting and Defending Against Spam Attacks in Wireless Sensor Networks Serdar Sancak@sabanciuniv.edu Abstract--Anti-nodes deployed inside a wireless sensor network can frequently generate dummy data packets

  16. Two Bitcoins at the Price of One? Double-Spending Attacks on Fast Payments in Bitcoin

    E-Print Network [OSTI]

    Two Bitcoins at the Price of One? Double-Spending Attacks on Fast Payments in Bitcoin Ghassan O¨urich, Switzerland srdjan.capkun@inf.ethz.ch Abstract Bitcoin is a decentralized payment system that is based on Proof-of-Work. Bitcoin is currently gaining popularity as a digital currency; several businesses

  17. Theoretical Bitcoin Attacks with less than Half of the Computational Power (draft)

    E-Print Network [OSTI]

    Theoretical Bitcoin Attacks with less than Half of the Computational Power (draft) Lear Bahack Abstract A widespread security claim of the Bitcoin system, presented in the original Bitcoin white, as the distributed Bitcoin network is ideally supposed to be. Propagation of the at- tacker's block can

  18. A Denial of Service Attack against Fair Computations using Bitcoin Deposits

    E-Print Network [OSTI]

    A Denial of Service Attack against Fair Computations using Bitcoin Deposits Jethro Beekman July 2014 Abstract Bitcoin supports complex transactions where the recipient of a transaction can") and Bentov and Kumaresan [3] (Protocol "BK") describe multi-party computation schemes in which Bitcoin

  19. Private Key Recovery Combination Attacks: On Extreme Fragility of Popular Bitcoin

    E-Print Network [OSTI]

    Private Key Recovery Combination Attacks: On Extreme Fragility of Popular Bitcoin Key Management and practical operational security in bitcoin digital currency storage systems. We study the security two most used bitcoin HD Wallet key management solutions (e.g. in BIP032 and in earlier systems). These systems

  20. Modeling and Designing Network Defense against Control Channel Jamming Attacks: A

    E-Print Network [OSTI]

    Poovendran, Radha

    . Keywords: Cyber-physical system, Node capture attacks, Security, Control- channel jamming, Passivity 1, University of Washington, Seattle, WA, 98195, USA {leep3, awclark, lb2, rp3}@uw.edu Abstract. Cyber-physical systems rely on distributed embedded wire- less nodes for sensing, computation, and control, often leaving

  1. Minimax Control For Cyber-Physical Systems under Network Packet Scheduling Attacks

    E-Print Network [OSTI]

    Johansson, Karl Henrik

    Minimax Control For Cyber-Physical Systems under Network Packet Scheduling Attacks Yasser Shoukry. Unfortunately, this re- liance on networks also brings new security vulnerabilities for con- trol systems. We and distribute reprints for Governmental purposes notwith- standing any copyright notation thereon. The views

  2. Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks

    E-Print Network [OSTI]

    Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks Keaton Mowery UC to analyze the data. First, we present code recovery re- sults from human review of our test data set lock on an industrial safe, he found that body heat from the user transferred to the individual keys

  3. Resilient Detection in the Presence of Integrity Attacks , Jo~ao Hespanha

    E-Print Network [OSTI]

    Hespanha, Joăo Pedro

    critical plants and processes, including manufacturing, water and gas treatment and This researchReview Only 2 distribution, facility control and power grids. A successful attack to such kind of systems may infrastructures susceptible to cyber security threats. The research community has acknowledged the importance

  4. Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space

    E-Print Network [OSTI]

    Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space Martin this as online slack space. We conclude by discussing security improvements for mod- ern online storage services protocol. With the advent of cloud computing and the shared usage of resources, these centralized storage

  5. Attacks exploiting deviation of mean photon number in quantum key distribution and coin tossing

    E-Print Network [OSTI]

    Shihan Sajeed; Igor Radchenko; Sarah Kaiser; Jean-Philippe Bourgoin; Anna Pappa; Laurent Monat; Matthieu Legre; Vadim Makarov

    2015-03-30T23:59:59.000Z

    The security of quantum communication using a weak coherent source requires an accurate knowledge of the source's mean photon number. Finite calibration precision or an active manipulation by an attacker may cause the actual emitted photon number to deviate from the known value. We model effects of this deviation on the security of three quantum communication protocols: the Bennett-Brassard 1984 (BB84) quantum key distribution (QKD) protocol without decoy states, Scarani-Acin-Ribordy-Gisin 2004 (SARG04) QKD protocol, and a coin-tossing protocol. For QKD, we model both a strong attack using technology possible in principle, and a realistic attack bounded by today's technology. To maintain the mean photon number in two-way systems, such as plug-and-play and relativistic quantum cryptography schemes, bright pulse energy incoming from the communication channel must be monitored. Implementation of a monitoring detector has largely been ignored so far, except for ID Quantique's commercial QKD system Clavis2. We scrutinize this implementation for security problems, and show that designing a hack-proof pulse-energy-measuring detector is far from trivial. Indeed the first implementation has three serious flaws confirmed experimentally, each of which may be exploited in a cleverly constructed Trojan-horse attack. We discuss requirements for a loophole-free implementation of the monitoring detector.

  6. Chemical Combinatorial Attacks on Keyboards Eric Brier David Naccache, Pascal Paillier

    E-Print Network [OSTI]

    they are bombarded by a high-energy electron beam. The molecules fragment and the positive ions produced not implement the chemical part of the attack, a number of mass spectrometry specialists confirmed a mass spectrometer (e.g. [1]). In mass spectrometry, a substance is bombarded with an electron beam hav

  7. Comprehensive Experimental Analyses of Automotive Attack Surfaces Stephen Checkoway, Damon McCoy, Brian Kantor,

    E-Print Network [OSTI]

    Hu, Fei

    -computerized attacks as well (e.g., cutting the brake lines). This situation suggests a significant gap in knowledge distributed com- puter systems comprising millions of lines of code execut- ing on tens of heterogeneous network can circumvent all computer control systems, including safety critical elements such as the brakes

  8. False Data Injection Attacks against State Estimation in Electric Power Grids

    E-Print Network [OSTI]

    Ning, Peng

    False Data Injection Attacks against State Estimation in Electric Power Grids Yao Liu, Peng Ning@cs.unc.edu ABSTRACT A power grid is a complex system connecting electric power generators to consumers through power using IEEE test systems. Our results indicate that security protection of the electric power grid must

  9. Supplementary file for "Defending Against Unidentifiable Attacks in Electric Power Grids"

    E-Print Network [OSTI]

    Li, Qun

    1 Supplementary file for "Defending Against Unidentifiable Attacks in Electric Power Grids transformation of H matrix, they aimed to find a column vector with the greatest number of zero elements. However apply column transformations on the Jacobian matrix to find a column vector with the greatest number

  10. Influence of recycled fine aggregates on the resistance of mortars to magnesium sulfate attack

    SciTech Connect (OSTI)

    Lee, Seung-Tae [Department of Civil Engineering, Kunsan National University, 68 Miryong-dong, Kunsan, Jeonbuk 573-701 (Korea, Republic of)], E-mail: stlee@kunsan.ac.kr

    2009-08-15T23:59:59.000Z

    The influence of recycled fine aggregates, which had been reclaimed from field-demolished concretes, on the resistance of mortar specimens to magnesium sulfate attack was investigated. Mortar specimens were prepared with recycled fine aggregates at different replacement levels (0%, 25%, 50%, 75% and 100% of natural fine aggregate by mass). The mortar specimens were exposed to 4.24% magnesium sulfate solution for about 1 year at ambient temperature, and regularly monitored for visual appearance, compressive strength loss and expansion. Additionally, in order to identify products of magnesium sulfate attack, mortar samples incorporating 0%, 25% and 100% replacement levels of the recycled fine aggregates were examined by X-ray diffraction (XRD) technique. Experimental results confirmed that the use of recycled fine aggregates up to a maximum 50% replacement level is effective under severe magnesium sulfate environment, irrespective of type of recycled fine aggregates. However, the worse performance was observed in mortar specimens incorporating 100% replacement level. It was found that the water absorption of recycled fine aggregates affected deterioration of mortar specimens, especially at a higher replacement level. XRD results indicated that the main cause of deterioration of the mortar specimens was primarily due to the formation of gypsum and thaumasite by magnesium sulfate attack. In addition, it appeared that the conversion of C-S-H into M-S-H by the attack probably influenced mechanical deterioration of mortar specimens with recycled fine aggregates.

  11. Passive faraday mirror attack in practical two-way quantum key distribution system

    E-Print Network [OSTI]

    Shi-Hai Sun; Mu-Sheng Jiang; Lin-Mei Liang

    2012-03-04T23:59:59.000Z

    The faraday mirror (FM) plays a very important role in maintaining the stability of two way plug-and-play quantum key distribution (QKD) system. However, the practical FM is imperfect, which will not only introduce additional quantum bit error rate (QBER) but also leave a loophole for Eve to spy the secret key. In this paper, we propose a passive faraday mirror attack in two way QKD system based on the imperfection of FM. Our analysis shows that, if the FM is imperfect, the dimension of Hilbert space spanned by the four states sent by Alice is three instead of two. Thus Eve can distinguish these states with a set of POVM operators belonging to three dimension space, which will reduce the QBER induced by her attack. Furthermore, a relationship between the degree of the imperfection of FM and the transmittance of the practical QKD system is obtained. The results show that, the probability that Eve loads her attack successfully depends on the degree of the imperfection of FM rapidly, but the QBER induced by Eve's attack changes with the degree of the imperfection of FM slightly.

  12. Wavelength attack on practical continuous-variable quantum-key-distribution system with a heterodyne protocol

    E-Print Network [OSTI]

    Xiang-Chun Ma; Shi-Hai Sun; Mu-Sheng Jiang; Lin-Mei Liang

    2014-03-04T23:59:59.000Z

    We present the wavelength attack on a practical continuous-variable quantum-key-distribution system with a heterodyne protocol, in which the transmittance of beam splitters at Bob's station is wavelength-dependent. Our strategy is proposed independent of but analogous to that of Huang et al. [arXiv: 1206.6550v1 [quant-ph

  13. Passive Faraday-mirror attack in a practical two-way quantum-key-distribution system

    SciTech Connect (OSTI)

    Sun Shihai; Jiang Musheng; Liang Linmei [Department of Physics, National University of Defense Technology, Changsha 410073 (China)

    2011-06-15T23:59:59.000Z

    The Faraday mirror (FM) plays a very important role in maintaining the stability of two-way plug-and-play quantum key distribution (QKD) systems. However, the practical FM is imperfect, which will not only introduce an additional quantum bit error rate (QBER) but also leave a loophole for Eve to spy the secret key. In this paper we propose a passive Faraday mirror attack in two-way QKD system based on the imperfection of FM. Our analysis shows that if the FM is imperfect, the dimension of Hilbert space spanned by the four states sent by Alice is three instead of two. Thus Eve can distinguish these states with a set of Positive Operator Valued Measure (POVM) operators belonging to three-dimension space, which will reduce the QBER induced by her attack. Furthermore, a relationship between the degree of the imperfection of FM and the transmittance of the practical QKD system is obtained. The results show that the probability that Eve loads her attack successfully depends on the degree of the imperfection of FM rapidly, but the QBER induced by Eve's attack changes slightly with the degree of the FM imperfection.

  14. Risky Business? Lethal Attack by a Jaguar Sheds Light on the Costs of Predator Mobbing

    E-Print Network [OSTI]

    Bermingham, Eldredge

    mobbing and the functional significance of this behavior remain poorly understood. Here, we report a fatal as mobbing, consists of several patterns of behavior including approaches, loud vocalizations, and physical attacks. Despite the fact that mobbing is known in numerous species of birds and mammals (Curio

  15. Fish or Fish Oil in the Diet and Heart Attacks MAURICE E. STANSBY

    E-Print Network [OSTI]

    Fish or Fish Oil in the Diet and Heart Attacks MAURICE E. STANSBY Introduction Research has shown- unsaturates but also often equivalent amounts of saturates. Vegetable oils, on the other hand, contain principally polyunsaturates. Nevertheless, fish oils reduce serum cholesterol levels to a greater extent than

  16. ost plants are subject to multiple attackers and employ strategies to

    E-Print Network [OSTI]

    Agrawal, Anurag

    M ost plants are subject to multiple attackers and employ strategies to defend against or to escape her- bivory. Plant defense against herbivory can be loosely categorized into mechanisms that pro- vide and environmentally induced variation in plant resistance to herbi- vores has been extensively studied in a cost

  17. Vulnerability of SSL to Chosen-Plaintext Attack Gregory V. Bard

    E-Print Network [OSTI]

    Vulnerability of SSL to Chosen-Plaintext Attack Gregory V. Bard #3; May 11, 2004 Abstract The Secure Sockets Layer (SSL) protocol is widely used for securing communication over the Internet. When utilizing block ciphers for encryption, the SSL standard mandates the use of the cipher block chaining (CBC

  18. Attacking RSA-based Sessions in SSL/TLS* Vlastimil Klma

    E-Print Network [OSTI]

    Attacking RSA-based Sessions in SSL/TLS* Vlastimil Klíma , Ondej Pokorný1 and Tomás Rosa2, 1 ICZ on RSA-based sessions in SSL/TLS protocols. These protocols incorporate the PKCS#1 (v. 1.5) encoding- secret can decrypt the whole captured SSL/TLS session. We show that incorporating a version number check

  19. Vulnerability of SSL to Chosen-Plaintext Attack Gregory V. Bard

    E-Print Network [OSTI]

    Vulnerability of SSL to Chosen-Plaintext Attack Gregory V. Bard May 11, 2004 Abstract The Secure Sockets Layer (SSL) protocol is widely used for securing communication over the Internet. When utilizing block ciphers for encryption, the SSL standard mandates the use of the cipher block chaining (CBC) mode

  20. Secure Communication and Authentication Against Off-line Dictionary Attacks in Smart Grid Systems

    E-Print Network [OSTI]

    Wang, Yongge

    Secure Communication and Authentication Against Off-line Dictionary Attacks in Smart Grid Systems This paper studies the security requirements for remote authentication and communication in smart grid to smart grid systems. For example, in order to unlock the credentials stored in tamper