Showing papers by "National Security Agency published in 2007"

Linux kernel integrity measurement using contextual inspection

Abstract: This paper introduces the Linux Kernel Integrity Monitor (LKIM) as an improvement over conventional methods of software integrity measurement. LKIM employs contextual inspection as a means to more completely characterize the operational integrity of a running kernel. In addition to cryptographically hashing static code and data in the kernel, dynamic data structures are examined to provide improved integrity measurement. The base approach examines structures that control the execution flow of the kernel through the use of function pointers as well as other data that affect the operation of the kernel. Such structures provide an efficient means of extending the kernel operations, but they are also a means of inserting malicious code without modifying the static parts. The LKIM implementation is discussed and initial performance data is presented to show that contextual inspection is practical

Method of protecting a computer stack

Abstract: A method of protecting a return address on a computer stack is disclosed. Two stacks are created, the first a normal stack, and the second, or shadow, having shadow frames containing the return address upon a subroutine call, the address on the first stack where the return address is stored, and a user-definable state variable which is used to identify a shadow frame as a return address. Before returning from a subroutine, the two return addresses are compared, and if they do not match, the second stack is searched down, and then up, for a matching return address. If there is a match, the shadow is re-synchronized with the first stack by comparing the stored values of the first stack pointer with the first stack pointer and adjusting appropriately the shadow stack pointer. The matching shadow frame must also be a return address datatype of return address.

Finding invalid signatures in pairing-based batches

Abstract: This paper describes efficient methods for finding invalid digital signatures after a batch verification has failed. We present an improvement to the basic binary "divide-and-conquer" method, which can identify an invalid signature in half the time. We also present new, efficient methods for finding invalid signatures in some pairing-based batches with low numbers of invalid signatures. We specify these methods for the Cha-Cheon signature scheme of [5]. These new methods offer significant speedups for Cha-Cheon batches as well as other pairing-based signature schemes.

Device for and method of authenticated cryptography

Abstract: A device for and method of authenticated encryption by concatenating a first user-datum with a second datum, concatenating the first datum with a third datum, encrypting the results, concatenating the encrypted results, concatenating the result with a message and a fifth user-definable datum, hashing the result, concatenating the result with the message, dividing the result into blocks, concatenating the first datum with a sixth datum, generating key-stream blocks from the result using a block cipher in counter mode, combining the blocks and key-stream blocks, concatenating the result with the first datum and the fifth datum, and transmitting the result to a recipient. The recipient extracts the hash value from the received ciphertext, generates a hash value from the first through fifth datums and plaintext derived from the ciphertext, and compares the two. If they match then the plaintext and fifth datum are as the sender intended.

Method of sorting text and string searching

Abstract: A method of sorting text for memory efficient searching is disclosed. A FM-index is created on received text, and a number of rows are marked. The locations of the marked rows are stored in data buckets as well as the last column of the FM-index, which is stored as a wavelet tree. Data blocks containing the data buckets are created; containing the number of times each character appears in the data block before each data bucket. A header block is created comprising an array of the number of times each character appears in the last column of the FM-index before each data blocks, the location of the end of the data blocks and the location of the end of the data, and appended to the data block. The header and data blocks are stored. The search process loads data buckets into memory as needed to find the required text.

High-speed detection of unsolicited bulk emails

Abstract: We propose a Progressive Email Classifier (PEC) for high-speed classification of message patterns that are commonly associated with unsolicited bulk email (UNBE). PEC is designed to operate at the network access point, the ingress between the Internet Service Provider (ISP) and the enterprise network; so that a surge of UNBE containing fresh patterns can be detected before they spread into the enterprise network. A real-time scoreboard keeps track of detected feature instances (FI) based on a scoring and aging engine, until they are considered either from valid or UNBE sources. A FI of a valid email is discarded, but an anomalous one is passed to a blacklist to control (e.g., block or defer) subsequent emails containing the FI.The anomaly detector of PEC can be used at different protocol layers. To gain some insights on the performance of PEC, we implemented PEC and integrated it with the sendmail daemon to detect anomalous URL links from email streams. Arbitrarily chosen on-line texts and URL links extracted from a corpus of spamming-phishing emails were used to compose testing emails. Experimental results on a Xeon based server show that PEC can handle 1.2M score/age updates, parse 0.9M URL links (of average size 30 bytes) for hashing and matching, and parsing of 25,000 email bodies of average size 1.5kB per second. The lossy detection system can be easily scaled by progressive selection of detection features and detection thresholds. It can be used alone or as an early screening tool for an existing infrastructure to defeat major UNBE flooding.

Abelian difference sets of order n dividing λ

Abstract: We show that difference sets satisfying the condition n|? have a product property which can be exploited to construct more difference sets. Many of the newly discovered difference sets arise in precisely this way.

A visualization testbed for analyzing the performance of computational linguistics algorithms

Abstract: We have built an AJAX-enabled browser-based testbed for evaluating the performance of computational linguistics algorithms. Our testbed consists of a visualization system and analysis portal. Our focus is on algorithms that classify and cluster documents by assigning weights to words and scoring each document against high-dimensional reference concept vectors. The testbed visualization and algorithm analysis techniques include Confusion Matrices, ROC Curves, Document Visualizations showing word importance, and Interactive Reports. A unique aspect of our testbed is document visualizations built using Scalable Vector Graphics that show why documents are assigned to particular concepts and categories.

Method of estimating digital signal frequency

Abstract: The present invention is a novel method of performing spectral analysis on a digital signal. The received signal is segmented into a number of data blocks, which may be disjoint or overlapping. For each data block, the signal is differentiated, and the Gram-Schmidt process is used to obtain orthogonality between a signal and its derivative. The complex extension leads to computation of phase using either the inverse tangent function or the complex logarithm. Finally, frequency estimation follows through differentiation of the unwrapped phase.

Method of signal processing

Abstract: The present invention is a method of finding propagation time and velocity of a transmitter. Specifically, receiving a signal at two or more receivers and using the scalar time relationship to determine propagation time and velocity of the transmitter for the purpose of location of the transmitter. This method is useful for both narrowband and broadband applications with increased accuracy over previous methods.

Method of encoding signals with binary codes

Abstract: A method of encoding a communication signal by selecting a cyclic code, establishing a generator polynomial, generating a polynomial using the generator polynomial, forming a matrix from the generated polynomial, receiving data to be encoded, appending zeros to the received data, calculating a syndrome of the matrix, calculating check values from the syndrome, appending the check values to the received data, and encoding the received data with appended check values using the generator polynomial.

Method of reliably communicating via computer network

Abstract: A method of reliably communicating via a computer network by identifying hub nodes in the network, identifying leaf nodes in the network, communicating from hub nodes to corresponding leaf nodes, reporting from leaf nodes to corresponding hub nodes, communicating between hub nodes, re-designating a leaf node as a hub node if the leaf node identifies a region of the network not known by a hub node, re-designating a hub node as a leaf node if the hub node becomes redundant, re-designating a leaf node as a hub node if the leaf node loses connectivity to its hub node, and returning to the third step for additional processing.

Method of controlling a transaction

Abstract: A method of securely authenticating a user's response to a challenge request before completing a transaction is disclosed. When a user wishes to complete a transaction, an image is projected onto the user's face. The user reads the image in a mirror and responds accordingly. If the user identifies the correct image, the transaction is allowed to proceed.

Method of converting computer program with loops to one without loops

Abstract: The present invention is a method of eliminating loops from a computer program by receiving the program, graphing its function and control, identifying its entry point, and identifying groups of loops connected to its entry point. Stop if there are no such groups. Otherwise, selecting a group of loops. Then, identifying the selected group's entry point. If the selected group includes no group of loops having a different entry point then replacing it with a recursive or non-recursive function, reconfiguring each connection entering and exiting the selected group to preserve their functionality, and returning to the fifth step. Otherwise, identifying groups of loops in the selected group connected to, but having different entry points and returning to the loop selection step.

Range limited antenna

Abstract: Range limited antenna includes at least two sets of antenna elements and an RF signal processing network connected to each set of antenna elements. The network has a function, F(Ξ,x)=ΦA(x)−ΦB(x)+ΦC(x)−ΦD(x) . . . +ΦN−1(x)−ΦN(x), where x is a signal, ΦA(x) is the phase angle of signal x at the first element set, ΦB(x) is the phase angle of signal x at the second element set, ΦN(x) is the phase angle of signal x at the set N, and Ξ contains all additional parameters which bear on the system. The network is configured to pass a signal for which F(Ξ,x)>e, where e is a threshold amount, such that the antenna has gain to signals within a radius and has attenuation outside the radius.

Chinese Hacking Signals Age of Info Warfare

Abstract: As it prepares to host the 2008 Olympics, China's authoritarian development model, which has sustained high growth for two decades, is entering a fragile new stage. Tainted toys and other products have made the American consumers on whom China relies wary even as the debt-and-deficit ridden American economy relies on China's massive foreign reserves to keep going. In the meantime, China's aggressive search for raw materials in Africa is causing a backlash while its cyberspying probes into Western defense systems are reviving Cold War-like tensions. The US treasury secretary, a top China expert and former intelligence officials offer their views.

Method of signal processing for determining range and velocity of an object

Abstract: The present invention is a method of finding range and velocity of a target in a radar system using a time scale factor. Specifically, sending at least one signal from at least one transmitter to a target. A return signal is then received from the target at each transmitter and the elapsed time is recorded. The range to the target and velocity of the target are calculated based on a time scale factor of the recorded elapsed times. These values are appropriately output to the user.

Method of providing a computer user with high-level privileges

Abstract: A method of giving a user high-level access privileges if a combination of keystrokes is sent to a desktop is disclosed. Each terminal services session is enumerated and sessions identified. Unidentified sessions have a user-definable process associated with the session. Desktops registered in the terminal services session are identified, and if a new desktop is identified, a thread is created to attach to that desktop and hook the desktop's low-level keyboard input. The keyboard input is then monitored for a pre-defined combination of keystrokes, and if found, a command shell starts, giving the user higher-level access privileges.