Panorama maps can be defined as aerial-view paintings of geologically complex landscapes that are represented in a convenient manner to non-expert viewers. This thesis focuses on a specific variant of panorama maps known as "ski-panorama maps" or "piste-maps" drawn by the french landscape and panorama artist, Pierre Novat. These maps usually contain a multitude of visual cues that are specifically emphasized upon by the artist in order to improve viewer perception. Among these visual cues, cast-shadows play an important role in recognizing the shape, depth and height of the terrain. Therefore, the main goal of this thesis is to understand the use of shading based on the underlying rule-sets created by the artist, Pierre Novat. Through these rule-sets, we propose two contributions : a brief study of the artistic style of Atelier Novat along with a rendering framework for shadow stylization. This framework is mainly based on image-space filters, that takes a set of DEM (Digital Elevated Model) files as input and produces an image that resembles a ski-panorama map. The pipeline deals with the following components : a novel method for stylized shading - a set of methods for modifying structural properties of cast-shadows (according to artist-driven rulesets) and a hue transfer-function. As a final step, validation of the rendered images is empirically done by cross-referencing it with the specific panorama art-work and by taking feedback from the artist, Arthur Novat.

The usage of Internet of Things (IoT) devices has been exponentially increasing and their security is often overlooked. Hackers exploit the vulnerabilities present to perform large scale attacks as well as to obtain privacy-sensitive information. Resource constraints combined with a lack of incentives for manufacturers makes it harder to implement security solutions part of these devices. This thesis aims at developing a system that monitors the behaviour of these IoT devices. Network traffic is captured and analysed as part of a network middle-box to model the behaviour of an IoT device. This traffic shows the interactions of the IoT device with other devices and hosts. By modelling the normal behaviour of a device, we can detect anomalies exhibited. Denial of Service attack was performed to evaluate the effectiveness of state machines in detecting anomalies. To verify the validity of state machines built based on network traffic in a laboratory setup, a test environment with a different setting was used. Traffic was captured from a smart home setting and used to validate the state machines. We show that state machines can be effectively used to model the behaviour of IoT devices at the packet level and can also be used to uniquely identify commands issued from smartphone to IoT device. They can also effectively distinguish attack traffic from normal traffic.

The counterfeit market is rapidly expanding into the online realm. Large amounts of fraudulent webshops advertise luxury clothing and fashion accessories, but ship counterfeit products to their customers. Apart from customers, brand owners and domain registries experience a negative impact caused by these fake webshops. Current countermeasures are slow and of a reactive nature, leaving a large enough window of opportunity for criminals to make a profit. This thesis introduces a proactive mitigation approach that can be deployed at domain registries. By predicting whether a newly registered domain will be used to sell counterfeit merchandise, preventive countermeasures can often be taken in advance, minimizing the criminals' window of opportunity and profits. These predictions are made by training a detection model using both registrant information and infrastructure measurements of the registered domains. To evaluate the prediction system, new domain registrations are classified for a period of 6 months. Registrations classified as malicious are then monitored for signs of abuse. Overall, the system is able to detect malicious registrations with reasonable precision. Additionally, the body of abusive domain registrations created during this thesis project is analyzed to gain insights into the methods used to host counterfeit webshops, which can be used as a starting point for future research.

The thesis project is aimed at designing an unobtrusive method to find the obstruction location and severity for patients who are not diagnosed with Obstructive sleep apnea, during their non-sedated sleep using simple recording devices within uncontrolled environment. Similar to speech generation, which is enabled by opening and closing of the vocal cords, the sound of snoring consists of a series of impulses caused by the rapid obstruction and reopening of the upper airway. By exploiting this similarity, we try to explain snoring sound production using synthesis techniques that has been applied to speech. A trial has been conducted to gain information on efficacy of different commercially available devices that are used to alleviate snoring problem. Sleeping sounds from this trial has been analyzed to find a method to find the effective device for each participant. Similar to speech analysis, Iterative Adaptive Inverse Filtering(IAIF) method has been used to find excitation flow and airway tract transfer functions of snoring sounds during the inhalation period. A model has been built using the Acoustic Tube Theory with the purpose of reflecting the physical realities of snoring sound production. Resulting transfer function spectra from acoustic tube modeling and IAIF has been compared using a gain-independent Itakura Spectral Distance Measure. It has been found that Linear Prediction is not suitable to directly determine the cross-sectional area of the upper airway from snoring sounds. An alternative method, using transmission line model with acoustic tube modeling has been found to produce transfer functions that are spectrally similar to transfer functions obtained from source filter models.

The number of Internet of Things devices, small low-powered devices with internet connectivity, is undergoing strong growth. As connected devices become the standard, more types of devices are connected to home networks and made accessible from the Internet for convenience. As IoT devices are widely deployed in mass numbers, they can be easily exploited once a vulnerability has been published. Many of these devices will never be updated and remain vulnerable for their entire lifespan. This has lead to the rise of IoT botnets, focusing specifically on low-powered devices connected to the Internet. Well known attacks such as those on Krebs on Security and Dyn show that IoT botnets are a serious threat to be reckoned with.

We introduce Honeytrack, a persistent scalable virtual high-interaction honeypot for the Internet of Things. Honeytrack aims to solve the limitations of the current available honeypots by providing the means to analyse adversaries in large networks. By using isolated containers for the high-interaction module, it allows for saving state for each adversary. In addition to that, the data collected by
Honeytrack allows for an in-depth analysis of every phase of an attack, going beyond the traditional malware-sample based research. By saving machine state, and binding this state to a certain attacker, we can serve attackers their “own” previously attacked honeypot, serving a large number of parallel adversaries at a time and allowing research into follow-up attacks.

Side-Channel Attacks, are a prominent type of attacks, used to break cryptographic implementations on a computing system. They are based on information "leaked" by the hardware of a computing system, rather than the encryption algorithm itself. Recent studies showed that Side-Channel Attacks can be performed using Deep Learning models. In this study, we examine the performance of Convolutional Neural Networks, on four different datasets of side- channel data and we compare our models with conventional Machine Learning algorithms and a CNN model from literature. We found that CNNs have the potential to achieve high accuracy performance (99.8%), although their capacity is heavily influenced by the use case. We also found that certain Machine Learning algorithms can outperform CNNs in certain cases, leaving an open debate on the performance gains of the latter.

In today's world, the Internet is the backbone of our society. The relatively unknown Border Gateway Protocol (BGP), and with its vulnerabilities, gives malicious parties an opportunity for abuse. By improving the currently known AS relation data set and by simulating BGP traffic this abuse is better spotted. Kastelein's topology generating algorithm outperforms the state-of-the-art topology generating algorithms and state-of-the-art AS relation data sets. The proposed BGP simulator misses vital information such as LOCAL_PREFERENCE values to accurately simulate BGP traffic. This lack of information results in longer BGP paths that are not matched with BGP paths from route collectors.

Analyzing large cryptographic protocol implementations can be challenging since their implementations do not perfectly match the standard [6]. The popular, highly configurable remote login method, Secure Shell (SSH) is such an example. In this thesis, we researched the fuzzing methodologies for SSH implementations. Three tools (Backfuzz, Paramiko-sshfuzz and Protocol state fuzzing) were implemented to explore their capabilities and to determine the most effective one. The protocol state fuzzing technique resulted to be the most promising approach since it is well-developed and has recently revealed a few abnormal behaviours of SSH [6], moreover it is also actively used in several cryptographic protocol implementations (i.e. TLS). Consequently, we applied this method on an real SSH implementation, the OpenSSH library (OpenSSH6.7-p1). The results are analyzed against the source code and RFC standards. To solve the readability problem of the results caused by the complex architecture of the SSH protocol, we combined the obtained SSH state machine with D3.js data visualization technique. As a result, we developed a tool for debugging SSH implementations based on the protocol state fuzzing, code review and D3.js. Lastly, the utility tool is evaluated in a survey and future works are presented.

In order to stay undetected and keep their operations alive, cyber criminals are continuously evolving their methods to stay ahead of current best defense practices. Over the past decade, botnets have developed from using statically hardcoded IP addresses and domain names to randomly-generated ones, so-called domain generation algorithms (DGA). Malicious software coordinated via DGAs leaves however a distinctive signature in network traces of high entropy domain names, and a variety of algorithms have been introduced to detect certain aspects about currently used DGAs.
Today's detection mechanisms are evaluated for botnets that make the next obvious evolutionary step, and replace domain names generated from random letters with randomly selected, but actual dictionary words. It can be seen that the performance of state-of-the-art solutions that rely on linguistic feature detection would significantly decline after this transition, and an alternative novel approach to detect DGAs without making any assumptions on the internal structure and generating patterns of these algorithms is proposed.

Packet communication applications cannot guarantee correct delivery of every packet. Congestions and interferences in the network lead to lost packets. However, real-time applications require timely delivery of data or information and always tolerate packet loss to achieve this aim. When some speech packets are lost, packet loss concealment (PLC) is used to replace the missing speech.

In this thesis, after investigating packet loss characteristics in realistic wireless networks and problems in existing PLC algorithms, we propose a new PLC scheme named adaptive PLC, which is composed of three algorithms: odd-even interpolation, waveform similarity matching and silence substitution. Adaptive PLC adjusts the algorithm to use depending on loss situations. Odd-even interpolation recovers the loss by interpolating odd or even samples in a packet. Waveform similarity matching estimates waveform segments from correctly received or already recovered packets. Silence substitution just fills in the missing part by zeros.

The adaptive PLC achieves improvements in speech quality relative to each single PLC algorithm and other existing PLC algorithms.

Dark silicon is pushing processor vendors to add more specialized units such as accelerators to commodity processor chips. Unfortunately this is done without enough care to security. In this paper we look at the security implications of integrated Graphical Processor Units (GPUs) found in almost all mobile processors. We demonstrate that GPUs, already widely employed to accelerate a variety of benign applications such as image rendering, can also be used to “accelerate” microarchitectural attacks (i.e., making them more effective) on commodity platforms. In particular, we show that an attacker can build all the necessary primitives for performing effective GPU-based microarchitectural attacks and that these primitives are all exposed to the web through standardized browser extensions, allowing side-channel and Rowhammer attacks from JavaScript. These attacks bypass state-of-the-art mitigations and advance existing CPU-based attacks: we show the first end-to-end microarchitectural compromise of a browser running on a mobile phone by orchestrating our GPU primitives. While powerful, these GPU primitives are not easy to implement due to undocumented hardware features. We describe novel reverse engineering techniques for peeking into the previously unknown cache architecture and replacement policy of the Adreno 330, an integrated GPU found in many common mobile platforms. This information is necessary when building shader programs implementing our GPU primitives. We conclude by discussing mitigations against GPU-enabled attackers.

Modern Implantable Medical Devices (IMDs) are enabled to communicate with an external device trough wireless channels. The non-invasive method allow health-care practitioners to investigate the effectiveness of a treatment delivered by the IMD and tailor it specifically to the patients' needs. The wireless communication capability however, also facilitates an adversary to gain illegitimate access to the live-saving medical device due to insufficient security measures to establish a secure communication channel. Since there is good reason to safeguard the IMD from prying eyes to avoid access to malicious entities, we present Heartwear, a lightweight security scheme to allow the establishment of a secure wireless communication channel between an IMD and legit external device. Heartwear takes advantage of heartbeat signals in order to provide both key establishment as well as unilateral authentication to protect against attacks of passive and active adversaries.