Bilgisayar Mühendisliği Bölümühttps://hdl.handle.net/11655/752024-03-29T15:02:53Z2024-03-29T15:02:53ZAddressing the Data Diversity Gap With Uniquely Generated Synthetic Vıdeos for Real-World Human Action RecognitionTaşören, Ali Egemenhttps://hdl.handle.net/11655/343672024-01-08T07:25:54Z2023-01-01T00:00:00ZAddressing the Data Diversity Gap With Uniquely Generated Synthetic Vıdeos for Real-World Human Action Recognition
Taşören, Ali Egemen
Recognition of human actions using machine learning requires substantial datasets to develop robust models. However, obtaining such real-world data is challenging because it is a costly and time-consuming process. In addition, existing datasets mostly contain indoor videos due to the issues in capturing pose data outdoors. Synthetic data have been employed to overcome these difficulties, yet the currently available synthetic data lack both photorealism and diversity in their features. In this paper, we present the NOVAction engine for generating photorealistic synthetic human action sequences captured from diverse viewpoints to improve action recognition performance. We use NOVAction to create the NOVAction23 dataset comprising 25,415 human action sequences (available at \url{https://graphics.cs.hacettepe.edu.tr/NOVAction}). In NOVAction23, the performed motions and the viewpoints are varied on the fly through procedural generation, so that, for a given animation class, each generated sequence features a unique motion acted by one of the 1,105 synthetic humans captured from a unique viewpoint. We evaluate NOVAction23 by training three state-of-the-art recognizers on it, in addition to the NTU 120 dataset. Our results are further validated through real-world videos from YouTube. The findings confirm that the NOVAction23 dataset can enhance the performance of state-of-the-art video classification for human action recognition.
2023-01-01T00:00:00ZAn Improved Device Identifier Composition Engine Architecture to Enhance Internet of Things SecurityYamak, Yusufhttps://hdl.handle.net/11655/343452023-12-25T08:29:37Z2023-01-01T00:00:00ZAn Improved Device Identifier Composition Engine Architecture to Enhance Internet of Things Security
Yamak, Yusuf
The number of Internet-of-Things (IoT) devices has been increasing rapidly every year.
Most of these devices have access to important personal data such as health, daily activities,
location, and finance. However, these devices have security problems since they have limited
processing power and memory to implement complex security measures. Therefore, they
possess weak authentication mechanisms and a lack of encryption. Additionally, there
are no widely accepted standards for IoT security. The Device Identifier Composition
Engine (DICE) was proposed as a standard that enables adding a security layer to low-cost
microcontrollers with minimal silicon overhead.
However, DICE-based attestation is vulnerable to some remote attacks such as Time-Of- Check Time-Of-Use (TOCTOU) attacks as shown by previous studies. In this study, we present a novel method to address the security problems of DICE. In order to detect real-time firmware attacks, our design adds
an additional security component to DICE that utilizes a hash engine performing periodic
memory forensics (PMF). We implemented the enhanced DICE architecture using the
open-source RISC-V platform Ibex and the Mbed TLS library for cryptographic operations.
We performed the hash operations required by DICE in a hardware-based manner on a commercial Field Programmable Gate Array (FPGA) platform rather than firmware, which
is more vulnerable to attacks. Our test results demonstrate that with minimal cost using the
proposed method, a standard microcontroller can detect attacks.
This thesis addresses the urgent need for enhanced security in the rapidly proliferating
domain of Internet of Things (IoT) devices, by investigating vulnerabilities associated with
the Device Identifier Composition Engine (DICE) and proposing a novel method to mitigate
these risks. Through the design and implementation of a hardware-based hash engine that
utilizes periodic memory forensics, the thesis offers an innovative solution to the firmware
security flaws in DICE. This novel method significantly contributes to the existing body
of literature by demonstrating a practical, implementable approach to detect and counteract
potential attacks on IoT devices, thereby advancing the understanding of IoT security.
2023-01-01T00:00:00ZExtensive Cryptanalysis of Authenticated Encryption With Associated Data Algorithm ColmUlusoy, Sırrı Erdemhttps://hdl.handle.net/11655/343272023-12-26T11:22:47Z2023-07-04T00:00:00ZExtensive Cryptanalysis of Authenticated Encryption With Associated Data Algorithm Colm
Ulusoy, Sırrı Erdem
The main objective of an Authenticated Encryption with Associated Data (AEAD) algorithm is to keep the encrypted plaintext secret until its tag is validated. There are two main methods related to the cryptanalysis of AEAD algorithms that can render this objective invalid. These methods are plaintext recovery attacks (simulating the decryption oracle) and tag guessing attacks (producing the valid tag of a given ciphertext). There are also various kinds of forgery attacks against AEAD algorithms in which the adversary tries to construct a valid ciphertext. The resistance of COLM against these methods is studied in this thesis. COLM is one of the AEAD algorithms that won the CAESAR Competition in the Defense in Depth use case. The ciphers chosen in the Defense in Depth portfolio are supposed to contain multiple security layers to provide robust security. The main motivation of this thesis is to examine if COLM indeed satisfies defense-in-depth security. In this thesis, we show that COLM is as secure as its secret whitening parameter L. We demonstrate that COLM cannot resist any attacks mounted against AEAD algorithms once L is known. To the best of our knowledge, we give the first example of querying an EME/EMD (Encrypt-linearMix-Encrypt/Decrypt) AEAD scheme in its decryption direction for arbitrary ciphertext, namely, either a forgery or tag guessing attack. Moreover, we construct SEBC/SDBC (Simulation models of Encryption/Decryption oracle of the underlying Block Cipher) of COLM. These models are the first examples of an authenticated EME scheme simultaneously. The combination of SEBC/SDBC is a powerful tool to mount a universal forgery attack, a tag guessing attack, and a plaintext recovery attack. All of these attacks have O(N) time complexities once L is recovered in the offline phase, indicating that the security of COLM against plaintext recovery and tag guessing attacks is limited by the birthday bound. Besides exploiting SEBC/SDBC, we mount a pair of plaintext recovery attacks and another universal forgery attack by taking advantage of weaknesses in the structure of COLM. Finally, we suggest some improvements to prevent our attacks and build stronger EME schemes.
2023-07-04T00:00:00ZIntegration Testing Maturity Assessment for Safety Critical Avionics SoftwareGüngör, Gülsümhttps://hdl.handle.net/11655/343152024-01-08T07:14:43Z2023-01-01T00:00:00ZIntegration Testing Maturity Assessment for Safety Critical Avionics Software
Güngör, Gülsüm
Safety-critical software failures lead to serious results such as loss of live or damage to the environment; therefore, safety-critical software verification requires special attention. Avionics system software is one type of safety-critical software. “DO-178C: Software Considerations in Airborne Systems and Equipment Certification” was released in 2011 by RTCA, Inc., (Radio Technical Commission for Aeronautics) which defines processes for aircraft systems software verification and development. On the other hand, there are well-defined guidelines to improve validation and verification processes of software system development, specifically for software testing. TMMI (Test Maturity Model Integration) was produced by TMMI Foundation as a guide for organizations to improve their test processes and product quality. However, avionics system software has own safety-related software characteristics, and TMMI does not specifically address software testing practices of these characteristics. To fill this gap, in this thesis study, first, avionics software characteristics as the base for software testing are identified. Then, processes and practices in DO-178C and TMMI (Release 1.3) documents are compared with each other bi-directionally. Finally, based on the avionics software characteristics and the results of the comparison, a guidance document approach for integration testing maturity is developed. Considering the critical role of integration testing in preventing safety-critical software defects, it is thought that this approach will be useful for evaluating the integration testing processes of avionics software. A case study was implemented to understand the effectiveness and applicability of this approach. Two groups of test engineers from same team tried to assess test processes applied. The first group applied TMMI model and the second group applied TMMI with guidance approach to assess their processes. At the end, it was observed that the guidance approach provided more improvement actions for avionics integration test processes by referring to domain specific needs of avionics software testing.
2023-01-01T00:00:00Z