Minicursos do XVI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais

Autores

Igor Monteiro Moraes (ed.)
UFF
Antônio Augusto de Aragão Rocha (ed.)
UFF

Sinopse

Este livro apresenta a seleção de Minicursos da 16ª edição do Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg).

Em 2016, 14 propostas de minicursos foram submetidas, um número expressivo que demonstra a importância deste evento no panorama nacional de pesquisa. Destas, 4 foram selecionadas para publicação e apresentação, representando assim uma taxa de aceitação de aproximadamente 29%.

Este livro reúne 4 capítulos produzidos pelos autores das propostas aceitas. O Capítulo 1 faz uma abordagem computacional ao problema de proteção de privacidade, apresentando várias técnicas com suas primitivas criptográficas usadas para este fim. O Capítulo 2 apresenta a área de Computação Forense, com foco na área criminal, englobando alguns dos principais crimes cibernéticos e as técnicas e ferramentas usadas na área. O Capítulo 3 discute ataques e contramedidas em implementações em software de métodos criptográficos simétricos, e assimétricos baseados em curvas elípticas. Finalmente, o Capítulo 4 aborda os principais conceitos relacionados a smart grid, com foco nas vulnerabilidades e ataques que esse tipo de rede pode sofrer.

Capítulos:

1. Introdução à Privacidade: Uma Abordagem Computacional
Fábio Borges
2. Crimes Cibernéticos e Computação Forense
Wilson Leite da Silva Filho
3. Canais laterais em criptografia simétrica e de curvas elípticas: ataques e contramedidas
Lucas Z. Ladeira, Erick N. Nascimento, João Paulo F. Ventura, Ricardo Dahab, Diego F. Aranha, Julio C. López Hernández
4. Desafios de Segurança e Confiabilidade na Comunicação para Smart Grids
Yona Lopes, Tiago Bornia, Vitor Farias, Natalia C. Fernandes, Débora C. Muchaluat-Saade

Downloads

Não há dados estatísticos.

Referências

(2001). FIPS 197 - Advanced Encryption Standard (AES). Technical report, National Institute of Standards and Technology.

(2012). FIPS 180-4 - Secure Hash Standard (SHA). Technical report, National Institute of Standards and Technology.

(1646), I. (2004). Ieee standard communication delivery time performance requirements for electric power substation automation.

Aciiçmez, O., Koç, Ç. K., and Seifert, J.-P. (2007). On the power of simple branch prediction analysis. In ASIACCS ’07: Proceedings of the 2nd ACM symposium on Information, computer and communications security, pages 312-320, New York, NY, USA. ACM.

Agosta, G., Barenghi, A., Maggi, M., and Pelosi, G. (2013). Compiler-based Side Channel Vulnerability Analysis and Optimized Countermeasures Application. In Proceedings of the 50th Annual Design Automation Conference, DAC ’13, pages 81:1-81:6, New York, NY, USA. ACM.

Akishita, T. and Takagi, T. (2003). Zero-Value Point Attacks on Elliptic Curve Cryptosystem. pages 218–233.

Al Ameen, M., Liu, J., and Kwak, K. (2012). Security and privacy issues in wireless sensor networks for healthcare applications. Journal of Medical Systems, 36(1):93–101.

AlFardan, N. J. and Paterson, K. G. (2013). Lucky thirteen: Breaking the TLS and DTLS record protocols. In 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, May 19-22, 2013, pages 526–540. IEEE Computer Society.

Almeida, J. B., Barbosa, M., Barthe, G., Dupressoir, F., and Emmi, M. (2016). Verifying constant-time implementations. In Holz, T. and Savage, S., editors, 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016., pages 53–70. USENIX Association.

Almeida, J. B., Barbosa, M., Pinto, J. S., and Vieira, B. (2013). Formal verification of side-channel countermeasures using self-composition. Sci. Comput. Program., 78(7):796–812.

Alpaydin, E. (2014). Introduction to machine learning. MIT press.

Amoah, R., Camtepe, S., and Foo, E. (2016). Securing dnp3 broadcast communications in scada systems. IEEE Transactions on Industrial Informatics, 12(4):1474–1485.

Aravinthan, V., Namboodiri, V., Sunku, S., and Jewell, W. (2011). Wireless ami application and security for controlled home area networks. In 2011 IEEE Power and Energy Society General Meeting, pages 1–8. IEEE.

Assante, M. (2016). Confirmation of a coordinated attack on the ukrainian power grid. [Online]: https://ics.sans.org/blog/2016/01/09/confirmation-of-acoordinated-attack-on-the-ukrainianpower-grid.

Bartkewitz, T. and Lemke-Rust, K. (2013). Efficient Template Attacks Based on Probabilistic Multi-class Support Vector Machines, pages 263–276. Springer Berlin Heidelberg, Berlin, Heidelberg.

Batina, L., Chmielewski, L., Papachristodoulou, L., Schwabe, P., and Tunstall, M. (2014). Online Template Attacks. In Progress in Cryptology – INDOCRYPT 2014, volume 1977, pages 21–36.

Bauer, A. and Jaulmes, É. (2013). Correlation analysis against protected SFM implementations of RSA. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8250 LNCS:98–115.

Bauer, A., Jaulmes, É., Prouff, E., and Wild, J. (2013). Horizontal and Vertical Side-Channel Attacks against Secure {RSA} Implementations. In CTRSA, pages 1–17.

Bayat, M., Arkian, H. R., and Aref, M. R. (2015). A revocable attribute based data sharing scheme resilient to dos attacks in smart grid. Wireless Networks, 21(3):871–881.

Bayod-Rújula, A. A. (2009). Future development of the electricity systems with distributed generation. Energy, 34(3):377 – 383. {WESC} 2006 6th World Energy System Conference Advances in Energy Studies 5th workshop on Advances, Innovation and Visions in Energy and Energy-related Environmental and Socio-Economic Issues.

Bayrak, A. G., Regazzoni, F., Novo, D., and Ienne, P. (2013). Sleuth: automated verification of software power analysis countermeasures. In Cryptographic Hardware and Embedded Systems-CHES 2013, pages 293–310. Springer.

Bayrak, A., Regazzoni, F., Novo Bruna, D., Brisk, P., Standaert, F., and Ienne, P. (2014). Automatic Application of Power Analysis Countermeasures. Computers, IEEE Transactions on, PP(99):1.

Bellare, M., Boldyreva, A., and O’Neill, A. (2007). Deterministic and Efficiently Searchable Encryption, pages 535–552. Springer Berlin Heidelberg, Berlin, Heidelberg.

Bernstein, D. J. (2004). Cache-timing attacks on AES. URL: http://cr.yp.to/papers.html#cachetiming.

Bernstein, D. J. (2005). Chacha20, a variant of salsa20. https://cr.yp.to/chacha/chacha-20080120.pdf.

Bernstein, D. J., Duif, N., Lange, T., Schwabe, P., and Yang, B.-Y. (2012). High-speed high-security signatures. Journal of Cryptographic Engineering, 2(2):77–89.

Bertoni, G., Daemen, J., Peeters, M., and Assche, G. V. (2008). On the indifferentiability of the sponge construction. In Smart, N. P., editor, Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings, volume 4965 of Lecture Notes in Computer Science, pages 181–197. Springer. http://sponge.noekeon.org/.

Biham, E. (1997). A fast new DES implementation in software. In Biham, E., editor, Fast Software Encryption, 4th International Workshop, FSE ’97, Haifa, Israel, January 20-22, 1997, Proceedings, volume 1267 of Lecture Notes in Computer Science, pages 260–272. Springer.

Bishop, C. (2007). Pattern Recognition and Machine Learning. Springer.

Boneh, D. and Franklin, M. (2001). Efficient generation of shared rsa keys. J. ACM, 48(4):702–722.

Bonneau, J. and Mironov, I. (2006). Cache-Collision Timing Attacks Against AES. In Goubin, L. and Matsui, M., editors, Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings, volume 4249 of Lecture Notes in Computer Science, pages 201–215. Springer.

Borges de Oliveira, F. (2016). On Privacy-Preserving Protocols for Smart Metering Systems: Security and Privacy in Smart Grids. Springer International Publishing.

Borges de Oliveira, F. (2017a). Analytical Comparison, pages 101–110. Springer International Publishing, Cham.

Borges de Oliveira, F. (2017b). Background and Models, pages 13–23. Springer International Publishing, Cham.

Borges de Oliveira, F. (2017c). Concluding Remarks, pages 127–129. Springer International Publishing, Cham.

Borges de Oliveira, F. (2017d). Introduction, pages 3–12. Springer International Publishing, Cham.

Borges de Oliveira, F. (2017e). Quantifying the Aggregation Size, pages 49–60. Springer International Publishing, Cham.

Borges de Oliveira, F. (2017f). Reasons to Measure Frequently and Their Requirements, pages 39–47. Springer International Publishing, Cham.

Borges de Oliveira, F. (2017g). Selected Privacy-Preserving Protocols, pages 61–100. Springer International Publishing, Cham.

Borges de Oliveira, F. (2017h). A Selective Review, pages 25–36. Springer International Publishing, Cham.

Borges de Oliveira, F. (2017i). Simulation and Validation, pages 111–126. Springer International Publishing, Cham.

Borges, F. (2016). Privacy-Preserving Data Aggregation in Smart Metering Systems. Energy Engineering Series. Institution of Engineering & Technology.

Borges, F., Lara, P., and Portugal, R. (2017). Parallel algorithms for modular multi-exponentiation. Applied Mathematics and Computation, 292:406 – 416.

Borges, F., Martucci, L. A., and Mühlhäuser, M. (2012). Analysis of privacy-enhancing protocols based on anonymity networks. In Smart Grid Communications (SmartGridComm), 2012 IEEE Third International Conference on, pages 378–383.

Brooks, Charles L. - CHFI Computer Hacking Forensic Investigator Certification All-in- One Exam Guide; 2014

Brown, M., Hankerson, D., López, J., and Menezes, A. (2001). Software Implementation of the NIST Elliptic Curves Over Prime Fields, pages 250–265. Springer Berlin Heidelberg, Berlin, Heidelberg.

Brumley, D. and Boneh, D. (2003). Remote timing attacks are practical. In SSYM’03: Proceedings of the 12th conference on USENIX Security Symposium, pages 1–1, Berkeley, CA, USA. USENIX Association.

Budka, K. C., Deshpande, J. G., Thottan, M., et al. (2014). Communication networks for smart grids. In Computer Communications and Networks. Springer.

Budka, K., Deshpande, J., Hobby, J., Kim, Y.-J., Kolesnikov, V., Lee, W., Reddington, T., Thottan, M., White, C., Choi, J.-I., Hong, J., Kim, J., Ko,W., Nam, Y.-W., and Sohn, S.-Y. (2010). GERI - Bell Labs smart grid research focus: Economic modeling, networking, and security & privacy. In 2010 First IEEE International Conference on Smart Grid Communications (SmartGridComm), pages 208–213.

Camenisch, J., Lysyanskaya, A., and Meyerovich, M. (2007). Endorsed e-cash. In Security and Privacy, 2007. SP ’07. IEEE Symposium on, pages 101–115.

Carrier, Brian – File System Analysis – USA, 2006

Carvey, Harlan – Windows Forensic Analysis – USA: Syngress, 2009

Chan, H. and Perrig, A. (2003). Security and privacy in sensor networks. Computer, 36(10):103–105.

Chari, S., Rao, J. R., and Rohatgi, P. (2003). Template Attacks. CHES 2002, 2523:13–28.

Chatzikokolakis, K., Chothia, T., and Guha, A. (2010). Statistical Measurement of Information Leakage. In Tools and Algorithms for the Construction and Analysis of Systems, volume 6015 of LNCS, pages 390–404. Springer.

Chaum, D. (1988). The dining cryptographers problem: Unconditional sender and recipient untraceability. J. Cryptol., 1(1):65–75.

Chaum, D. L. (1981). Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24(2):84–90.

Cheung, H., Hamlyn, A., Wang, L., Yang, C., and Cheung, R. (2007). Computer network security strategy for coordinated distribution system operations. In Power Engineering, 2007 Large Engineering Systems Conference on, pages 279–283.

Chim, T., Yiu, S., Hui, L., and Li, V. (2011). PASS: Privacypreserving authentication scheme for smart grid network. In 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm), pages 196 –201.

Chothia, T. and Guha, A. (2011). A statistical test for information leaks using continuous mutual information. Proceedings - IEEE Computer Security Foundations Symposium, pages 177–190.

Ciet, M. and Joye, M. (2003). ({Virtually}) Free Randomization Techniques for Elliptic Curve Cryptography. In Information and Communications Security, pages 348–359.

Clavier, C. and Joye, M. (2001). Universal Exponentiation Algorithm - A First Step towards Provable SPA-Resistance. In Koç, Ç., Naccache, D., and Paar, C., editors, Cryptographic Hardware and Embedded Systems - CHES 2001, volume 2162 of Lecture Notes in Computer Science, pages 300–308. Springer Berlin / Heidelberg.

Clavier, C., Feix, B., Gagnerot, G., Giraud, C., Roussellet, M., and Verneuil, V. (2012). {ROSETTA} for Single Trace Analysis. pages 140–155.

Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., and Verneuil, V. (2010). Horizontal Correlation Analysis on Exponentiation, pages 46–61. Springer Berlin Heidelberg, Berlin, Heidelberg.

Cleveland, F. (2008). Cyber security issues for advanced metering infrasttructure (AMI). In IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century, pages 1 – 5.

Cooper, J., Demulder, E., Goodwill, G., Jaffe, J., and Kenworthy, G. (2013). Test Vector Leakage Assessment (TVLA) methodology in practice (Extended Abstract). Technical report, Cryptography Research Inc.

Coppens, B., Verbauwhede, I., Bosschere, K. D., and Sutter, B. D. (2009). Practical mitigations for timing-based side-channel attacks on modern x86 processors. In 30th IEEE Symposium on Security and Privacy (S&P 2009), 17-20 May 2009, Oakland, California, USA, pages 45–60. IEEE Computer Society.

Coron, J.-S. (1999). Resistance against differential power analysis for elliptic curve cryptosystems. In Cryptographic Hardware and Embedded Systems, pages 292–302. Springer.

Costello, C. and Longa, P. (2015). Fourq: four-dimensional decompositions on a q-curve over the mersenne prime. IACR Cryptology ePrint Archive, 2015:565.

Cramer, R., Damgård, I., and Nielsen, J. B. (2001). Multiparty computation from threshold homomorphic encryption. In Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, EUROCRYPT ’01, pages 280–299, London, UK, UK. Springer-Verlag.

Cramer, R., Gennaro, R., and Schoenmakers, B. (1997). A secure and optimally efficient multi-authority election scheme. In Proceedings of the 16th Annual International Conference on Theory and Application of Cryptographic Techniques, EUROCRYPT’97, pages 103–118, Berlin, Heidelberg. Springer-Verlag.

Criteria, C. (2014). Common Criteria v3.1. Technical report, Common Criteria.

Düll, M., Haase, B., Hinterwälder, G., Hutter, M., Paar, C., Sánchez, A. H., and Schwabe, P. (2015). High-speed curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers. Des. Codes Cryptography, 77(2-3):493–514.

Damgard, I. (1989). A design principle for hash functions. In Brassard, G., editor, Advances in Cryptology - CRYPTO ’89, 9th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20-24, 1989, Proceedings, volume 435 of Lecture Notes in Computer Science, pages 416–427. Springer.

Danger, J.-L., Guilley, S., Hoogvorst, P., Murdica, C., and Naccache, D. (2013). A synthesis of side-channel attacks on elliptic curve cryptography in smart-cards. Journal of Cryptographic Engineering, 3(4):241–265.

De Montjoye, Y.-A., Hidalgo, C. A., Verleysen, M., and Blondel, V. D. (2013). Unique in the crowd: The privacy bounds of human mobility. Scientific reports, 3.

Dempster, A. P., Laird, N. M., and Rubin, D. B. (1977). Maximum likelihood from incomplete data via the em algorithm. Journal of the royal statistical society. Series B (methodological), pages 1–38.

Denis, T. S. (2006). BigNum Math: Implementing Cryptographic Multiple Precision Arithmetic. Syngress Publishing.

Díaz, C., Seys, S., Claessens, J., and Preneel, B. (2003). Towards measuring anonymity. In Proceedings of the 2Nd International Conference on Privacy Enhancing Technologies, PET’02, pages 54–68, Berlin, Heidelberg. Springer-Verlag.

Dinur, I. and Shamir, A. (2012). Applying cube attacks to stream ciphers in realistic scenarios. Cryptography and Communications, 4(3-4):217–232.

DoE (2010). Communication requirements of smart grid. U.S. Department of Energy (DoE).

Doychev, G., Köpf, B., Mauborgne, L., and Reineke, J. (2015). Cacheaudit: A tool for the static analysis of cache side channels. ACM Trans. Inf. Syst. Secur., 18(1):4.

Duda, R. O., Hart, P. E., and Stork, D. G. (2001). Pattern classification. John Wiley & Sons.

Dunn, J. C. (1973). A fuzzy relative of the isodata process and its use in detecting compact well-separated clusters.

Dwork, C. (2008). Differential privacy: A survey of results. In Agrawal, M., Du, D., Duan, Z., and Li, A., editors, Theory and Applications of Models of Computation, volume 4978 of Lecture Notes in Computer Science, pages 1–19. Springer Berlin Heidelberg.

East, S., Butts, J., Papa, M., and Shenoi, S. (2009). A taxonomy of attacks on the dnp3 protocol. In International Conference on Critical Infrastructure Protection, pages 67–81. Springer.

El Gamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. In Proceedings of CRYPTO 84 on Advances in Cryptology, pages 10–18, New York, NY, USA. Springer-Verlag New York, Inc.

Elaabid, M. and Guilley, S. (2012). Portability of templates. Journal of Cryptographic Engineering, pages 63–74.

Eldib, H. and Wang, C. (2014). Synthesis of Masking Countermeasures against Side Channel Attacks. In Biere, A. and Bloem, R., editors, Computer Aided Verification SE - 8, volume 8559 of Lecture Notes in Computer Science, pages 114–130. Springer International Publishing.

Eldib, H., Wang, C., and Schaumont, P. (2014a). SMT-Based Verification of Software Countermeasures against Side-Channel Attacks. In Tools and Algorithms for the Construction and Analysis of Systems, pages 62–77. Springer.

Eldib, H., Wang, C., Taha, M., and Schaumont, P. (2014b). QMS: Evaluating the Side-Channel Resistance of Masked Software from Source Code. In Proceedings of the The 51st Annual Design Automation Conference on Design Automation Conference, pages 1–6. ACM.

Eldib, H., Wang, C., Taha, M., and Schaumont, P. (2014c). SC Sniffer - Side-channel leak sniffer.

Epifani, Mattia; Stirparo, Pasquale - Learning iOS Forensics – Packet Publishing: 2015

EPRI (2009). Report to nist on the smart grid interoperability standards roadmap. Electric Power Research Institute.

Fagundes, Leonardo L.; Neukamp, Paulo A.; da Silva, Pamela C. – Ensino da Forense Digital Baseado em Ferramentas Open Source – ICoFCS, 2011

Falliere, N., Murchu, L. O., and Chien, E. (2011). W32. stuxnet dossier. White paper, Symantec Corp., Security Response, 5:6.

Fangfang, W., Huazhong, W., Dongqing, C., and Yong, P. (2013). Substation communication security research based on hybrid encryption of des and rsa. In Intelligent Information Hiding and Multimedia Signal Processing, 2013 Ninth International Conference on, pages 437–441. IEEE.

Farhi, E., Gosset, D., Hassidim, A., Lutomirski, A., and Shor, P. (2012). Quantum money from knots. In Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, ITCS ’12, pages 276–289, New York, NY, USA. ACM.

Finster, S. and Baumgart, I. (2015). Privacy-aware smart metering: A survey. IEEE Communications Surveys & Tutorials, 17(2):1088–1101.

Forgy, E.W. (1965). Cluster analysis of multivariate data: efficiency versus interpretability of classifications. Biometrics, 21:768–769.

Fouque, P. and Valette, F. (2003). The doubling attack - Why Upwards Is Better than Downwards. In Walter, C. D., Koç, Ç . K., and Paar, C., editors, Cryptographic Hardware and Embedded Systems - CHES 2003, 5th International Workshop, Cologne, Germany, September 8-10, 2003, Proceedings, volume 2779 of Lecture Notes in Computer Science, pages 269–280. Springer.

Giani, A., Bitar, E., Garcia, M., McQueen, M., Khargonekar, P., and Poolla, K. (2011). Smart grid data integrity attacks: Characterizations and countermeasures. Cyber and Physical Security and Privacy, pages 232–237.

Gierlichs, B., Batina, L., Preneel, B., and Verbauwhede, I. (2009). Revisiting higher-order DPA attacks: Multivariate mutual information analysis. IACR Cryptology ePrint Archive, 2009:228.

Gomes, Jeremias Moreira – A forense computacional e os discos de estado sólido – ICoFCS, 2012

Goodwill, G., Jun, B., Jaffe, J., and Rohatgi, P. (2011). A testing methodology for side channel resistance validation. Technical report, CRI.

Gopalakrishnan, K., Thériault, N., and Yao, C. Z. (2007a). Solving Discrete Logarithms from Partial Knowledge of the Key. In INDOCRYPT, pages 224–237.

Gopalakrishnan, K., Thériault, N., and Yao, C. Z. (2007b). Solving discrete logarithms from partial knowledge of the key. In K. Srinathan, C. Pandu Rangan, M. Y., editor, Progress in Cryptology – INDOCRYPT 2007, volume 4859 of LNCS, pages 224–237. Springer.

Goubin, L. (2003). A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems. pages 199–210.

Greveler, U., Glösekötterz, P., Justusy, B., and Loehr, D. (2012). Multimedia content identification through smart meter power usage profiles. In Proceedings of the International Conference on Information and Knowledge Engineering (IKE), page 1. The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp).

Gritzalis, D. A. (2002). Principles and requirements for a secure e-voting system. Computers & Security, 21(6):539-556.

Group, C. S. W. (2010). The smart grid interoperability panel - guidelines for smart grid cyber security. NISTIR 7628, pp. 1-597.

Gungor, V., Sahin, D., Kocak, T., Ergut, S., Buccella, C., Cecati, C., and Hancke, G. (2011). Smart grid technologies: Communication technologies and standards. IEEE Transactions on Industrial Informatics, 7(4):529–539.

Hamburg, M. (2009). Accelerating AES with Vector Permute Instructions. In Clavier, C. and Gaj, K., editors, Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings, volume 5747 of Lecture Notes in Computer Science, pages 18–32. Springer.

Han, J., Pei, J., and Kamber, M. (2011). Data mining: concepts and techniques. Elsevier.

Hankerson, D., Menezes, A. J., and Vanstone, S. (2003). Guide to Elliptic Curve Cryptography. Springer-Verlag New York, Inc., Secaucus, NJ, USA.

Hankerson, D., Vanstone, S., and Menezes, A. J. (2004). Guide to elliptic curve cryptography. Springer.

Hennessy, J. L. and Patterson, D. A. (2002). Computer Architecture: A Quantitative Approach (The Morgan Kaufmann Series in Computer Architecture and Design). Morgan Kaufmann.

Heyszl, J., Ibing, A., Mangard, S., Santis, F., and Sigl, G. (2014). Clustering Algorithms for Non-profiled Single-Execution Attacks on Exponentiations. In Francillon, A. and Rohatgi, P., editors, CARDIS, pages 79–93, Cham. Springer International Publishing.

IEC (1988- 2007). IEC 60870-5: Telecontrol equipment and systems - Part 5: Transmission protocols. Technical report, International Electrotechnical Commission.

IEC (2002- 2013). IEC 61850: Communication networks and systems for power utility automation. Technical Report IEC 61850, International Electrotechnical Commission.

IEC, T. (2009). 57. communication networks and systems in substations–part 7–420: basic communication structure–distributed energy resources logical nodes. Int. Electrotech. Comm.

IEEE (2012). Ieee standard for electric power systems communicationsdistributed network protocol (dnp3). pages 1–821. IEEE Std 1815-2012 (Revision of IEEE Std 1815-2010).

Ishai, Y., Sahai, A., and Wagner, D. (2003). Private circuits: Securing hardware against probing attacks. In Boneh, D., editor, Advances in Cryptology - CRYPTO 2003, 23rd Annual International Cryptology Conference, Santa Barbara, California, USA, August 17-21, 2003, Proceedings, volume 2729 of Lecture Notes in Computer Science, pages 463–481. Springer.

Jean-Pierre, O. A., pierre Seifert, J., and Çetin Kaya Koç (2006). Predicting secret keys via branch prediction. In in Cryptology – CT-RSA 2007, The Cryptographers’ Track at the RSA Conference 2007, pages 225–242. Springer-Verlag.

Jøsang, A., Ismail, R., and Boyd, C. (2007). A survey of trust and reputation systems for online service provision. Decision Support Systems, 43(2):618 – 644. Emerging Issues in Collaborative Commerce.

Jr., M. A. S., Silva, M. V., Alves, R. C., and Shibata, T. K. (2016). Lightweight and escrow-less authenticated key agreement for the internet of things. Computer Communications, pages –.

Käsper, E. and Schwabe, P. (2009). Faster and timing-attack resistant AES-GCM. In Clavier, C. and Gaj, K., editors, Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings, volume 5747 of Lecture Notes in Computer Science, pages 1–17. Springer.

Kazienko, J. F., Moraes, I. M., Albuquerque, C. V., et al. (2015). On the performance of a secure storage mechanism for key distribution architectures in wireless sensor networks. International Journal of Distributed Sensor Networks, 2015:1.

Kerschbaum, F. (2009). A verifiable, centralized, coercion-free reputation system. In Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society, WPES ’09, pages 61–70, New York, NY, USA. ACM.

Khaitan, S. K., McCalley, J. D., and Liu, C. C. (2015). Cyber Physical Systems Approach to Smart Electric Power Grid. Springer.

Koblitz, N. (1987). Elliptic curve cryptosystems. Mathematics of Computation, 48:203–209.

Kocher, P. C. (1996). Timing attacks on implementations of diffiehellman, rsa, dss, and other systems. In Koblitz, N., editor, 16th Annual International Cryptology Conference (CRYPTO 1996), volume 1109 of LNCS, pages 104–113. Springer.

Kocher, P. C., Jaffe, J., and Jun, B. (1999). Differential power analysis. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO ’99, pages 388–397, London, UK, UK. Springer-Verlag.

Köpf, B., Mauborgne, L., and Ochoa, M. (2012). Automatic quantification of cache side-channels. In Madhusudan, P. and Seshia, S. A., editors, Computer Aided Verification - 24th International Conference, CAV 2012, Berkeley, CA, USA, July 7-13, 2012 Proceedings, volume 7358 of Lecture Notes in Computer Science, pages 564–580. Springer.

Kounev, V., Lévesque, M., Tipper, D., and Gomes, T. (2016). Reliable communication networks for smart grid transmission systems. Journal of Network and Systems Management, pages 1–24.

Kush, N., Ahmed, E., Branagan, M., and Foo, E. (2014). Poisoned goose: exploiting the goose protocol. In Proceedings of the Twelfth Australasian Information Security Conference-Volume 149, pages 17–22. Australian Computer Society, Inc.

Lange, T., van Vredendaal, C., and Wakker, M. (2015). Kangaroos in side-channel attacks. In Joye, M. and Moradi, A., editors, Smart Card Research and Advanced Applications, volume 8968 of LNCS, pages 104–121. Springer.

Langley, A. (2012). Ctgrind: Checking that functions are constant time with Valgrind. https://github.com/agl/ctgrind.

Lee, E.-K., Oh, S. Y., and Gerla, M. (2011). Frequency quorum rendezvous for fast and resilient key establishment under jamming attack. ACM SIGMOBILE Mobile Computing and Communications Review, 14(4):1–3.

Lerman, L., Bontempi, G., and Markowitch, O. (2014). Power analysis attack: an approach based on machine learning. International Journal of Applied Cryptography, 3(2):97–115.

Lerman, L., Bontempi, G., Ben Taieb, S., and Markowitch, O. (2013). A Time Series Approach for Profiling Attack, pages 75–94. Springer Berlin Heidelberg, Berlin, Heidelberg.

Li, H. and Han, Z. (2011). Manipulating the electricity power market via jamming the price signaling in smart grid. In 2011 IEEE GLOBECOM Workshops (GC Wkshps), pages 1168–1172. IEEE.

Li, N., Li, T., and Venkatasubramanian, S. (2007). t-closeness: Privacy beyond k-anonymity and l-diversity. In 2007 IEEE 23rd International Conference on Data Engineering, pages 106–115.

Li, Q. and Cao, G. (2013). Efficient privacy-preserving stream aggregation in mobile sensing with low aggregation error. In De Cristofaro, E. and Wright, M., editors, Privacy Enhancing Technologies, volume 7981 of Lecture Notes in Computer Science, pages 60–81. Springer Berlin Heidelberg.

Li, Q., Ross, C., Yang, J., Di, J., Balda, J. C., and Mantooth, H. A. (2015). The effects of flooding attacks on time-critical communications in the smart grid. In Innovative Smart Grid Technologies Conference (ISGT), 2015 IEEE Power & Energy Society, pages 1–5. IEEE.

Lloyd, S. (1982). Least squares quantization in pcm. IEEE transactions on information theory, 28(2):129–137.

Lopes, Y., Fernandes, N. C., and Muchaluat-Saade, D. C. (2015a). Geração Distribuída de Energia: Desafios e Perspectivas em Redes de Comunicação. In Minicursos do XXXIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 55–109. Sociedade Brasileira de Computação (SBC), "Vitória, Espírito Santo, Brasil", 1 edition.

Lopes, Y., Frazão, R. H., Molano, D. A., dos Santos, M. A., Calhau, F. G. a., Bastos, C. A. M., Martins, J. S. B., and Fernandes, N. C. (2012). Smart Grid e IEC 61850: Novos Desafios em Redes e Telecomunicações para o Sistema Elétrico. In Minicursos do XXX Simpósio Brasileiro de Telecomunicações, pages 1–44. 1 edition.

Lopes, Y., Muchaluat-Saade, D. C., Fernandes, N. C., and Fortes, M. Z. (2015b). Geese: A traffic generator for performance and security evaluation of iec 61850 networks. In 2015 IEEE 24th International Symposium on Industrial Electronics (ISIE), pages 687–692. IEEE.

Luby, M. and Rackoff, C. (1988). How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput., 17(2):373–386.

Lüders, S. (2011). Why control system cybersecurity sucks. Gov- CERT.NL Symposium.

Lux, A. and Starostin, A. (2011). A tool for static detection of timing channels in java. J. Cryptographic Engineering, 1(4):303–313.

Machado, Margarida Helena Serejo. A Regulamentação da Cadeia de Custódia na Ação Penal: Uma necessidade Premente. Corpo Delito, n.1, p. 18-23, Brasília, 2009.

MAGGI, M. (2013). Automated side channel vulnerability detection and countermeasure application via compiler based techniques.

Marimoto, Carlos Eduardo - Hardware II – O Guia Definitivo – Sul Editores - Porto Alegre, 2010

Mather, L., Oswald, E., Bandenburg, J., and Wójcik, M. (2013). Does My Device Leak Information? An a priori Statistical Power Analysis of Leakage Detection Tests. In Advances in Cryptology-ASIACRYPT 2013, pages 486–505. Springer.

McDaniel, P. and McLaughlin, S. (2009). Security and privacy challenges in the smart grid. IEEE Security and Privacy, 7(3):75–77.

McEvoy, R. P., Tunstall, M., Murphy, C. C., and Marnane, W. P. (2007). Differential power analysis of HMAC based on sha-2, and countermeasures. In Kim, S., Yung, M., and Lee, H., editors, Information Security Applications, 8th International Workshop, WISA 2007, Jeju Island, Korea, August 27-29, 2007, Revised Selected Papers, volume 4867 of Lecture Notes in Computer Science, pages 317–332. Springer.

McGrew, D. A. and Viega, J. (2004). The security and performance of the galois/counter mode (GCM) of operation. In Canteaut, A. and Viswanathan, K., editors, Progress in Cryptology - INDOCRYPT 2004, 5th International Conference on Cryptology in India, Chennai, India, December 20-22, 2004, Proceedings, volume 3348 of Lecture Notes in Computer Science, pages 343–355. Springer.

Merkle, R. C. (1979). Secrecy, authentication, and public key systems. PhD thesis, Stanford University.

Merola, Antonio - Data Carving Concepts - SANS Institute – November, 2008

Meynard, O., Réal, D., Flament, F., Guilley, S., Homma, N., and Danger, J. L. (2011). Enhancement of simple electro-magnetic attacks by precharacterization in frequency domain and demodulation techniques. In 2011 Design, Automation Test in Europe, pages 1–6.

Miller, V. S. (1986). Use of elliptic curves in cryptography. In Williams, H. C., editor, Proceedings of CRYPTO 85, pages 417–426. Springer. Lecture Notes in Computer Science No. 218.

Mishra, S., Dinh, T. N., Thai, M. T., Seo, J., and Shin, I. (2016). Optimal packet scan against malicious attacks in smart grids. Theoretical Computer Science, 609:606–619.

Molina-Markham, A., Shenoy, P., Fu, K., Cecchet, E., and Irwin, D. (2010). Private memoirs of a smart meter. In Proceedings of the 2nd ACM workshop on embedded sensing systems for energy-efficiency in building, pages 61–66. ACM.

Molnar, D., Piotrowski, M., Schultz, D., and Wagner, D. (2005). The program counter security model: Automatic detection and removal of controlflow side channel attacks. In Won, D. and Kim, S., editors, Information Security and Cryptology - ICISC 2005, 8th International Conference, Seoul, Korea, December 1-2, 2005, Revised Selected Papers, volume 3935 of Lecture Notes in Computer Science, pages 156–168. Springer.

Murdica, C., Guilley, S., Danger, J.-L., Hoogvorst, P., and Naccache, D. (2012). Same Values Power Analysis Using Special Points on Elliptic Curves. In Schindler, W. and Huss, S., editors, Constructive Side-Channel Analysis and Secure Design, volume 7275 of Lecture Notes in Computer Science, pages 183–198. Springer Berlin / Heidelberg.

Naor, M. and Shamir, A. (1995). Visual cryptography, pages 1–12. Springer Berlin Heidelberg, Berlin, Heidelberg.

Nascimento, E. (2016). SAC 2016 - Implementation of algorithm for ECDLP with errors based on a time-memory tradeoff. https://github.com/enascimento/SCA-ECC-keyrecovery.

Nascimento, E., Chmielewski, L., Oswald, D., and Schwabe, P. (2016). Attacking embedded ecc implementations through cmov side channels. In 23rd Conference on Selected Areas in Cryptography (SAC 2016), St John’s, Canada, August 10-12, 2016.

Nascimento, E., López, J., and Dahab, R. (2015). Efficient and secure elliptic curve cryptography for 8-bit avr microcontrollers. In International Conference on Security, Privacy, and Applied Cryptography Engineering, pages 289–309. Springer.

Neuman, C. and Tan, K. (2011). Mediating cyber and physical threat propagation in secure smart grid architectures. In 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm), pages 238–243.

Nicanfar, H., Jokar, P., Beznosov, K., and Leung, V. C. (2014). Efficient authentication and key management mechanisms for smart grid communications. IEEE systems journal, 8(2):629–640.

NIST (2010). Nist 7628 - guidelines for smart grid cyber security vol. 1: smart grid cyber security strategy, architecture, and high-level requirements. National Institute of Standards and Technology.

NIST (2011). Non-Invasive Attack Testing Workshop.

Noce, J., Lopes, Y., Muchaluat-Saade, D. C., Fernandes, N. C., and Albuquerque, C. (2016). Identificando falhas de segurança na rede de comunicação de subestações digitalizadas em redes elétricas inteligentes utilizando GEESE 2.0. In XXI Congresso Brasileiro de Automática (CBA), pages 1–6. SBA.

Okeya, K. (2006). Side channel attacks against hmacs based on blockcipher based hash functions. In Batten, L. M. and Safavi-Naini, R., editors, Information Security and Privacy, 11th Australasian Conference, ACISP 2006, Melbourne, Australia, July 3-5, 2006, Proceedings, volume 4058 of Lecture Notes in Computer Science, pages 432–443. Springer.

Organization, M. (2005). Modbus protocol. https://www.modbus.org/specs.php.

Özgen, E., Papachristodoulou, L., and Batina, L. (2016). Template attacks using classification algorithms. In 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pages 242–247.

Paillier, P. (1999). Public-key cryptosystems based on composite degree residuosity classes. In Advances in Cryptology - EUROCRYPT 1999, volume 1592 of Lecture Notes in Computer Science, pages 223–238. Springer.

Pan, J., JAIN, R., and Paul, S. (2014). A survey of energy efficiency in buildings and microgrids using networking technologies. IEEE Communications Surveys Tutorials, (3):1709–1731.

Patel, A., Aparicio, J., Tas, N., Loiacono, M., and Rosca, J. (2011). Assessing communications technology options for smart grid applications. In IEEE International Conference on Smart Grid Communications (SmartGridComm), pages 126–131.

Pedersen, T. P. (1992). Non-interactive and information-theoretic secure verifiable secret sharing. In Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO ’91, pages 129–140, London, UK, UK. Springer-Verlag.

Percival, C. (2005). Cache missing for fun and profit. In Proceedings of BSDCan 2005.

Perin, G. and Chmielewski, L. (2015). A Semi- Parametric Approach for Side-Channel Attacks on Protected RSA Implementations. In CARDIS.

Perin, G., Imbertl, L., Torres, L., Maurine, P., and Montpellier, R. A. (2014). Attacking Randomized Exponentiations Using Unsupervised Learning. In CARDIS.

Peter, A., Tews, E., and Katzenbeisser, S. (2013). Efficiently outsourcing multiparty computation under multiple keys. IEEE Transactions on Information Forensics and Security, 8(12):2046–2058.

Peter, S., Westhoff, D., and Castelluccia, C. (2010). A survey on the encryption of convergecast traffic with in-network processing. Dependable and Secure Computing, IEEE Transactions on, 7(1):20–34.

Preneel, B., Govaerts, R., and Vandewalle, J. (1993). Hash functions based on block ciphers: A synthetic approach. In Stinson, D. R., editor, Advances in Cryptology - CRYPTO ’93, 13th Annual International Cryptology Conference, Santa Barbara, California, USA, August 22-26, 1993, Proceedings, volume 773 of Lecture Notes in Computer Science, pages 368–378. Springer.

PUB, F. (2006). Minimum security requirements for federal information and information systems.

Rahimi, S., Chan, A. D., and Goubran, R. A. (2011). Usage monitoring of electrical devices in a smart home. In 2011 Annual International Conference of the IEEE Engineering in Medicine and Biology Society, pages 5307–5310. IEEE.

Rahman, M., Bera, P., and Al-Shaer, E. (2012). SmartAnalyzer: A noninvasive security threat analyzer for AMI smart grid. In Proceedings IEEE INFOCOM, pages 2255 – 2263.

Reid, F. and Harrigan, M. (2013). An Analysis of Anonymity in the Bitcoin System, pages 197–223. Springer New York, New York, NY.

Riscure (2016). Riscure B.V. - Inspector SCA. https://www.riscure.com/security-tools/inspector-sca.

Rivain, M. (2011). Fast and regular algorithms for scalar multiplication over elliptic curves. IACR Cryptology ePrint Archive, 2011:338.

Rodofile, N., Radke, K., and Foo, E. (2015). Real-time and interactive attacks on dnp3 critical infrastructure using scapy.

Rodrigues, B., Pereira, F. M. Q., and Aranha, D. F. (2016). Sparse representation of implicit flows with applications to side-channel detection. In Zaks, A. and Hermenegildo, M. V., editors, Proceedings of the 25th International Conference on Compiler Construction, CC 2016, Barcelona, Spain, March 12-18, 2016, pages 110–120. ACM.

Saeedi, E. and Kong, Y. (2014). Fuzzy analysis of side channel information. 2014, 8th International Conference on Signal Processing and Communication Systems, ICSPCS 2014 - Proceedings, pages 1–5.

Santini, S. (2005). We are sorry to inform you ... Computer, 38(12):128–127.

Schneider, T. and Moradi, A. (2016). Leakage assessment methodology - extended version. J. Cryptographic Engineering, 6(2):85–99.

Sedra, A. S. and Smith, K. C. (1997). Microelectronic circuits, chapter 4. Oxford University Press, Inc., 4th edition.

Shannon, C. E. (1949). Communication theory of secrecy systems. Bell Systems Technology Journal, 28:657–715.

Sharma, K. and Saini, L. M. (2015). Performance analysis of smart metering for smart grid: An overview. Renewable and Sustainable Energy Reviews, 49:720–735.

Shor, P. W. (1997). Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput., 26(5):1484–1509.

Siddiqui, F., Zeadally, S., Alcaraz, C., and Galvao, S. (2012). Smart grid privacy: Issues and solutions. In 2012 21st International Conference on Computer Communications and Networks (ICCCN), pages 1–5. IEEE.

Silberschatz, A., Galvin, P. B., and Gagne, G. (2004). Operating System Concepts. Wiley.

Silva, Gilson Marques; Lorens, Evandro Mário – Extração e Análise de Dados em Memória na Perícia Forense Computacional – ICoFCS, 2009

Stallings, Willian – Criptografia e segurança de redes – 4ª Edição – São Paulo, 2008

Sun, C.-C., Liu, C.-C., and Xie, J. (2016). Cyber-physical system security of a power grid: State-of-the-art. Electronics, 5(3):40.

Tamma , Rohit; Tindall, Donnie – Learning Android Forensics – Packet Publishing: 2015

Trichina, E. and Bellezza, A. (2003). Implementation of Elliptic Curve Cryptography with Built-In Counter Measures against Side Channel Attacks, pages 98–113. Springer Berlin Heidelberg, Berlin, Heidelberg.

Tromer, E., Osvik, D. A., and Shamir, A. (2010). Efficient Cache Attacks on AES, and Countermeasures. Journal of Cryptology, 23(1):37–71.

Tunstall, M. and Goodwill, G. (2016). Applying TVLA to Public Key Cryptographic Algorithms. Technical report, Eprint.

Ur-Rehman, O., Zivic, N., and Ruland, C. (2015). Security issues in smart metering systems. In Smart Energy Grid Engineering (SEGE), 2015 IEEE International Conference on, pages 1–7. IEEE.

Vaccaro, J. A., Spring, J., and Chefles, A. (2007). Quantum protocols for anonymous voting and surveying. Phys. Rev. A, 75:012333.

Varodayan, D. and Khisti, A. (2011). Smart meter privacy using a rechargeable battery: Minimizing the rate of information leakage. In 2011 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pages 1932–1935. IEEE.

Vaudenay, S. (2002). Security flaws induced by CBC padding - applications to ssl, ipsec, WTLS ... In Knudsen, L. R., editor, Advances in Cryptology - EUROCRYPT 2002, International Conference on the Theory and Applications of Cryptographic Techniques, Amsterdam, The Netherlands, April 28 - May 2, 2002, Proceedings, volume 2332 of Lecture Notes in Computer Science, pages 534–546. Springer.

Velho, Jesus Antonio; et al – Tratado de Computação Forense – Millenium Editora; São Paulo, 2016

Vredendaal, C. (2014). Implementation of e-enumeration algorithm for DLP-based cryptosystems. http://scarecryptow.org/publications/sckangaroos.html.

Walter, C. D. (2001). Sliding Windows Succumbs to Big Mac Attack. In CHES, pages 286–299.

Wang, J., Yang, X., and Long, K. (2011). Web DDoS detection schemes based on measuring user’s access behavior with large deviation. In IEEE Global Telecommunications Conference (GLOBECOM 2011), pages 1 – 5.

Wang, X. and Yu, H. (2005). How to break md5 and other hash functions. In Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPT’05, pages 19–35, Berlin, Heidelberg. Springer-Verlag.

Wei, M. and Wang, W. (2014). Greenbench: A benchmark for observing power grid vulnerability under data-centric threats. In IEEE INFOCOM 2014 - IEEE Conference on Computer Communications, pages 2625–2633.

Wei, M. and Wang, W. (2016). Data-centric threats and their impacts to real-time communications in smart grid. Computer Networks, 104:174–188.

Wilhoit, K. (2013). The scada that didn’t cry wolf. Trend Micro Inc., White Paper.

Witteman, M. F., van Woudenberg, J. G. J., and Menarini, F. (2011b). Defeating {RSA} Multiply-Always and Message Blinding Countermeasures. pages 77–88.

Witteman, M., Jaffe, J., and Rohatgi, P. (2011a). Efficient side channel testing for public key algorithms: RSA case study. Technical report, CRI.

Witten, I. H. and Frank, E. (2011). Data Mining: Practical machine learning tools and techniques. Morgan Kaufmann.

Woudenberg, J. G. J. V., Witteman, M. F., and Bakker, B. (2011). Improving Differential Power Analysis by Elastic Alignment. In CT-RSA, pages 104–119.

Yan, Y., Qian, Y., and Sharif, H. (2011). A secure and reliable innetwork collaborative communication scheme for advanced metering infrastructure in smart grid. In IEEE Wireless Communications and Networking Conference (WCNC), pages 909–914.

Yarom, Y. and Falkner, K. (2014). FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In Fu, K. and Jung, J., editors, Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., pages 719–732. USENIX Association.

Yiannis, Chrysanthou - Modern Password Cracking: A hands-on approach to creating an optimised and versatile attack. Technical Report RHUL–MA–2013–7; 2013

Yoo, H. and Shon, T. (2015). Novel approach for detecting network anomalies for substation automation based on iec 61850. Multimedia Tools and Applications, 74(1):303–318.

Zheng, P. and Huang, J. (2013). An efficient image homomorphic encryption scheme with small ciphertext expansion. In Proceedings of the 21st ACM International Conference on Multimedia, MM ’13, pages 803–812, New York, NY, USA. ACM.

Zhu, T., Xiao, S., Ping, Y., Towsley, D., and Gong, W. (2011). A secure energy routing mechanism for sharing renewable energy in smart microgrid. In 2011 IEEE International Conference on Smart Grid Communications (IEEE Smart- GridComm), pages 143–148.

Capa para Minicursos do XVI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais
Data de publicação
07/11/2016

Detalhes sobre o formato disponível para publicação: Volume Completo

Volume Completo
ISBN-13 (15)
978-85-7669-350-5