To see the other types of publications on this topic, follow the link: Internet – security measures. sears.
Dissertations / Theses on the topic 'Internet – security measures. sears'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Internet – security measures. sears.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
King-Lacroix, Justin. "Securing the 'Internet of Things' : decentralised security for wireless networks of embedded systems." Thesis, University of Oxford, 2016. https://ora.ox.ac.uk/objects/uuid:b41c942f-5389-4a5b-8bb7-d5fb6a18a3db.
Full textAbstract:
The phrase 'Internet of Things' refers to the pervasive instrumentation of physical objects with sensors and actuators, and the connection of those sensors and actuators to the Internet. These sensors and actuators are generally based on similar hardware as, and have similar capabilities to, wireless sensor network nodes. However, they operate in a completely different network environment: wireless sensor network nodes all generally belong to a single entity, whereas Internet of Things endpoints can belong to different, even competing, ones. This difference has profound implications for the design of security mechanisms in these environments. Wireless sensor network security is generally focused on defence against attack by external parties. On the Internet of Things, such an insider/outsider distinction is impossible; every entity is both an endpoint for legitimate communications, and a possible source of attack. We argue that that under such conditions, the centralised models that underpin current networking standards and protocols for embedded systems are simply not appropriate, because they require such an insider/outsider distinction. This thesis serves as an exposition in the design of decentralised security mechanisms, applied both to applications, which must perform access control, and networks, which must guarantee communications security. It contains three main contributions. The first is a threat model for Internet of Things networks. The second is BottleCap, a capability-based access control module, and an exemplar of decentralised security architecture at the application layer. The third is StarfishNet, a network-layer protocol for Internet of Things wireless networks, and a similar exemplar of decentralised security architecture at the network layer. Both are evaluated with microbenchmarks on prototype implementations; StarfishNet's association protocol is additionally validated using formal verification in the protocol verification tool Tamarin.
2
Naude, Kevin Alexander. "Assessing program code through static structural similarity." Thesis, Nelson Mandela Metropolitan University, 2007. http://hdl.handle.net/10948/578.
Full textAbstract:
Learning to write software requires much practice and frequent assessment. Consequently, the use of computers to assist in the assessment of computer programs has been important in supporting large classes at universities. The main approaches to the problem are dynamic analysis (testing student programs for expected output) and static analysis (direct analysis of the program code). The former is very sensitive to all kinds of errors in student programs, while the latter has traditionally only been used to assess quality, and not correctness. This research focusses on the application of static analysis, particularly structural similarity, to marking student programs. Existing traditional measures of similarity are limiting in that they are usually only effective on tree structures. In this regard they do not easily support dependencies in program code. Contemporary measures of structural similarity, such as similarity flooding, usually rely on an internal normalisation of scores. The effect is that the scores only have relative meaning, and cannot be interpreted in isolation, ie. they are not meaningful for assessment. The SimRank measure is shown to have the same problem, but not because of normalisation. The problem with the SimRank measure arises from the fact that its scores depend on all possible mappings between the children of vertices being compared. The main contribution of this research is a novel graph similarity measure, the Weighted Assignment Similarity measure. It is related to SimRank, but derives propagation scores from only the locally optimal mapping between child vertices. The resulting similarity scores may be regarded as the percentage of mutual coverage between graphs. The measure is proven to converge for all directed acyclic graphs, and an efficient implementation is outlined for this case. Attributes on graph vertices and edges are often used to capture domain specific information which is not structural in nature. It has been suggested that these should influence the similarity propagation, but no clear method for doing this has been reported. The second important contribution of this research is a general method for incorporating these local attribute similarities into the larger similarity propagation method. An example of attributes in program graphs are identifier names. The choice of identifiers in programs is arbitrary as they are purely symbolic. A problem facing any comparison between programs is that they are unlikely to use the same set of identifiers. This problem indicates that a mapping between the identifier sets is required. The third contribution of this research is a method for applying the structural similarity measure in a two step process to find an optimal identifier mapping. This approach is both novel and valuable as it cleverly reuses the similarity measure as an existing resource. In general, programming assignments allow a large variety of solutions. Assessing student programs through structural similarity is only feasible if the diversity in the solution space can be addressed. This study narrows program diversity through a set of semantic preserving program transformations that convert programs into a normal form. The application of the Weighted Assignment Similarity measure to marking student programs is investigated, and strong correlations are found with the human marker. It is shown that the most accurate assessment requires that programs not only be compared with a set of good solutions, but rather a mixed set of programs of varying levels of correctness. This research represents the first documented successful application of structural similarity to the marking of student programs.
3
Yu, Kin-ying, and 余見英. "Efficient schemes for anonymous credential with reputation support." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2012. http://hub.hku.hk/bib/B48330012.
Full textAbstract:
Anonymous credential is an important tool to protect the identity of users in the Internet for various reasons (e.g. free open speech) even when a service provider (SP) requires user authentication. Yet, misbehaving users may use anonymity for malicious purposes and SP would have no way to refrain these users from creating further damages.
Revocable anonymous credential allows SP to revoke a particular anonymous user based on the observed behavior of a session the user conducted. However, such kind of all-or-nothing revocation does not work well with the “Web 2.0” applications because it does not give a user a second chance to remedy a misconduct, nor rewards for positive behaviors. Reputation support is vital for these platforms.
In this thesis, we propose two schemes with different strengths that solve this privacy and reputation dilemma. Our first scheme, PE(AR)2, aims to empower anonymous credential based authentication with revocation and rewarding support. The scheme is efficient, outperforms PEREA which was the most efficient solution to this problem, with an authentication time complexity O(1) as compared with other related works that has dependency on either the user side storage or the blacklist size. PEREA has a few drawbacks that make it vulnerable and not practical enough. Our scheme fixes PEREA's vulnerability together with efficiency improvement. Our benchmark on PE(AR)2 shows that an SP can handle over 160 requests/second when the credentials store 1000 single-use tickets, which outperforms PEREA with a 460 fold efficiency improvement.
Our second scheme, SAC, aims to provide a revocation and full reputation support over anonymous credential based authentication system. With a small efficiency trade-o_ as compared with PE(AR)2, the scheme now supports both positive and negative scores. The scoring mechanism is now much more flexible, that SP could modify the rated score of any active sessions, or declare that no more rating should be given to it and mark it as finalized. SAC provides a much more elastic user side credential storage, there is no practical limit on the number of authentication sessions associated with a credential. Unlike other schemes, SAC make use of a combined membership proof instead of multiple non-membership proofs to distinguish if a session is active, finalized, or blacklisted. This special consideration has contributed to the reduction of efficiency-flexibility trade-off from PE(AR)2, making the scheme stay practical in terms of authentication time. Our benchmark on SAC shows that an SP can handle over 2.9 requests/second when the credentials store 10000 active sessions, which outperforms BLACR-Express (a related work based on pairing cryptography with full reputation support) with a 131 fold efficiency improvement.
Then we analyze the potential difficulties for adopting the solutions to any existing web applications. We present a plugin based approach such that our solutions could run on a user web browser directly, and how a service provider could instruct the plugin to communicate using our protocol in HTML context.
We conclude our thesis stating the solutions are practical, efficient and easy to integrate in real world scenario, and discuss potential future works.<br>published_or_final_version<br>Computer Science<br>Doctoral<br>Doctor of Philosophy
4
Sato, Keiko. "Privacy on the internet : Investigation into corporate privacy policy of Australian large private sector organisations on the internet." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2001. https://ro.ecu.edu.au/theses/1032.
Full textAbstract:
The popularity of the Internet has been dramatically increased over recent years. The rapid growth of this technology and its international use has made it almost impossible to regulate the internet. As a result, the Internet has certainly provided freedoms to people and it has led to some abusing systems. Privacy is one of the major issues in the development of Electronic Commerce using the Internet. As an enormous amount of personal information is transmitted to several hosts connecting to the Internet, the information can be accessed by both authorised and unauthorised people. Although it is certain that there are several existing problems of using the Internet for business activities, many organisations have already started using it. It is believed that the Internet provides efficiency and effectiveness for various activities Although much research has been described the business use of the Internet in many countries, these studies have not specifically investigated Australian organisations. Therefore, this research investigates the current use of the Internet by Australian organisations and their associated privacy policies, as a means of seeking their privacy concerns. Using a benchmark provided by Australian privacy commissioners, it evaluates their privacy policies to see how well they are established to protect privacy of users. The study utilises the top 100 Australian large private sector organisations as the sample. The current practice of the sample organisations on the Internet was observed by exploring their Web sites. Privacy policies were also collected from their Web sites. Moreover, a letter requesting corporate privacy policy was sent to each organisation that collects personal information on the Internet. The result showed that the majority of Australian organisations were using the Internet today, but a surprisingly few organisations showed their privacy policy on the Internet. Also, this research showed that many organisations did not actually have a corporate privacy policy. Many organisations are using the Internet without apparent concern for customers' privacy. The organisations proactively involved in the Internet Commerce are more concerned about security side of the Internet. Hence, they appear to believe that the technology itself protects information sent on the Internet. It has become clear that technology by itself does not provide the security needed for users of the Internet as unethical act of authorised parties could harm privacy of individuals. There is an argument that the Internet needs to be regulated. However, the process of international regulation on the Internet has not been started. Thus, it is ideal that organisations proactively protect clients' personal information accessible by the use of the Internet technology. This study looks at the methods of obtaining privacy of individuals and suggests the ideal conduct of organisations.
5
Rutherford, Andrew. "Introducing hippocratic log files for personal privacy control." Thesis, Nelson Mandela Metropolitan University, 2005. http://hdl.handle.net/10948/171.
Full textAbstract:
The rapid growth of the Internet has served to intensify existing privacy concerns of the individual, to the point that privacy is the number one concern amongst Internet users today. Tools exist that can provide users with a choice of anonymity or pseudonymity. However, many Web transactions require the release of personally identifying information, thus rendering such tools infeasible in many instances. Since it is then a given that users are often required to release personal information, which could be recorded, it follows that they require a greater degree of control over the information they release. Hippocratic databases, designed by Agrawal, Kiernan, Srikant, and Xu (2002), aim to give users greater control over information stored in a data- base. Their design was inspired by the medical Hippocratic oath, and makes data privacy protection a fundamental responsibility of the database itself. To achieve the privacy of data, Hippocratic databases are governed by 10 key privacy principles. This dissertation argues, that asides from a few challenges, the 10 prin- ciples of Hippocratic databases can be applied to log ¯les. This argument is supported by presenting a high-level functional view of a Hippocratic log file architecture. This architecture focuses on issues that highlight the con- trol users gain over their personal information that is collected in log files. By presenting a layered view of the aforementioned architecture, it was, fur- thermore, possible to provide greater insight into the major processes that would be at work in a Hippocratic log file implementation. An exploratory prototype served to understand and demonstrate certain of the architectural components of Hippocratic log files. This dissertation, thus, makes a contribution to the ideal of providing users with greater control over their personal information, by proposing the use of Hippocratic logfiles.
6
Marais, Terrence K. "Electronic payment and security on the Internet." Thesis, Stellenbosch : Stellenbosch University, 2002. http://hdl.handle.net/10019.1/52819.
Full textAbstract:
Thesis (MBA)--Stellenbosch University, 2002.<br>ENGLISH ABSTRACT: The greatest potential worry that an on-line shopper has is what happens to his/her credit
card details from the moment "submit" is pressed on the computer. Is it possible for someone
on the Internet to intercept the message and use credit card details maliciously? Also, there is
a lot of talk about personal details being encrypted, but how sure is one that this was indeed
the case once "submit" has been pressed? Is there a way in which one can be sure that a
transaction will occur only once? Many of the security issues are new and many experts are
only learning how to deal with these now. This thesis offers suggestions and strategies a user
can follow to minimize misuse and abuse of payment details.
Electronic payment is the backbone of e-commerce, and the biggest threat towards
widespread acceptance and usage of e-commerce is security. Many innovative solutions
have been developed by vendors to address security issues. For example, the Secure
Electronic Transfer (SET) protocol was developed to ensure that credit card transactions
could be conducted safely and securely on the Internet. Secure Socket Layer (SSL) ensures
that all communications and transactions are conducted in a tightly secure environment. This
is critical for online or mobile banking and other financial activities. Others developments
include payment systems that ensure that credit card details are never exposed to a merchant
(e.g. SET), while some ensure that credit card numbers never enter the Internet.
The five corner stones of security are confidentiality, privacy, authentication, integrity and
non-repudiation. Authentication, non-repudiation and integrity can be resolved with digital
certificates, digital timestamps and digital signatures. Message confidentiality, on the other
hand, is ensured through the use of strong encryption.
Encryption systems mutilate data or a message to such an extent that it is totally useless to
someone who does not have the appropriate algorithm and key to decode it. The most widely
used encryption schemes are the secret key and public key encryption systems. The public
key cryptosystem generates two keys, called a public and private key. The public key can be
made generally known, but the private key must be kept secret. A unique property of the
scheme is that once data is encrypted with one key, only the corresponding other key of the
pair can decrypt it. This makes it possible to address issues of authentication, integrity and
non-repudiation.
Traditional payment instruments such as cash, cheques, debit and credit card transactions
are being replaced by their electronic equivalents. The driving forces behind these are
transactional security, efficiency and speed. Novel payment solutions and strategies have
been devised to meet the challenges of this new economy. For example, smart cards can act
as an electronic purse that can hold electronic money. Other information, such as personal
details, medical records, driver's licence, etc. can also be stored on the card.
Whilst many security experts are in agreement that security is not a barrier anymore for wider
usage of the Internet for financial transactions, many consumers are still apprehensive about
how secure and safe it really is. This work aims to diminish those fears and show that the
Internet is safe for business.<br>AFRIKAANSE OPSOMMING: Een van die grootste bekommernisse wat 'n kliënt met aankope op die Internet kan
ondervind, is die onsekerheid wat presies gebeur nadat betalings aangegaan is en "Submit" is
gedruk. Is dit moontlik dat iemand die boodskap kan onderskep en betaling besonderhede vir
eie gebruik kan herwin? Daar is ook baie publisiteit oor kodifisering, maar hoe kan die klient
verseker wees dat betalings besonderhede wel gekodifiseer is wanneer "Submit" gedruk
was? Is daar 'n manier waarmee 'n mens verseker kan wees dat betaling slegs eenkeer gaan
geskied? Baie van die sekuriteits lokvalle is nuut en sekuritiets kenners is tans besig om te
leer hoe om die probleme te hanteer. Die werkstuk offer wenke en strategieë vir die
verbruiker om die misbruik van betaling besondehede op die Internet te minimiseer.
Elektronies betalings meganisme is die ruggraat van elektroniese besigheid, en die grootste
struikelblok tot die grootskaalse gebruik daarvan is sekuriteit. Daar is baie innoverende
oplossings om die probleme hok te slaan. By voorbeeld, die Secure Electronic Transfer (SET)
protokol was ontwikkel om te verseker dat betalings met kredietkaart met hoë sekuriteit en
veiligheid aangegaan kan word. Secure Socket Layers (SSL), verseker dat alle
kommunikasies en transaksies in 'n sekuur en veilige omgewing plaasvind. Dit is veral krities
wanneer die verbruiker gebruik maak van die Internet of vanaf selfone om transaksies aan te
gaan met 'n bank. Ander ontwikkelinge sluit in betalings metodes wat verseker dat die
handelaar nooit die kredietkaart besonderhede sien nie (bv. SET). Ander verseker weer dat
die betalings besonderhede nooit oor die Internet hoef gestuur te word nie.
Die vyf hoekstene van sekuriteit is konfidensialiteit, privaatheid, outentisiteit, integriteit en
non-repudiasie. Outentisiteit, integriteit en non-repudiasie word opgelos deur die gebruik
maak van digitale sertifikate, digitale tydstempels en digitale handtekeninge. Konfidensialiteit
kan verseker word deur die boodskap te kodifiseer.
Kodifikasie behels die verandering van data of boodskappe op so 'n wyse dat dit van geen
betekenis is vir 'n persoon wat nie die korrekte algoritme en sleutel het om dit te dekodifiseer
nie. Die geheime en publieke kodifiserings stelsels word die meeste gebruik om data te
kodifiseer. Die publieke kodifiserings stelsel genereer twee sleutels, naamlik 'n privaat en
publieke sleutel. Die publieke sleutel kan alom bekend gemaak word, maar die private sleutel
moet slegs bekend wees aan sy gebruiker. 'n Unieke eienskap van die stelsel is dat indien 'n
boodskap gekodifiseer is met een sleutel, slegs die ander sleutel van die paar dit sal kan
dekodifiseer. Dit maak dit moontlik om outentisiteit, integriteit en non-repudiasie toe te pas.
Die tradisionele metodes van betaling soos kontant, tjek en debiet of kredietkaart, gaan
mettertyd vervang word deur hul elektroniese eweknie. Die dryfkrag agter die verskynsel is
die hoë sekuriteit, doeltreffendheid en spoed waarmee transaksies op die manier gehanteer
kan word. Vindingryke betaling metodes is ontdek om die besondere uitdagings van die nuwe
ekonomie aan te speek. Byvoorbeeld, knap kaarte kan gebruik word as 'n elektroniese
beursie wat elektroniese geld bêre. Ander persoonlike inligting, mediese records,
bestuurlisensies, ens. kan ook op die kaart geberg word.
Terwyl baie sekuriteits kenners glo dat sekuriteit nie meer 'n stuikelblok is om die Internet vir
besigheids transaksies te gebruik nie, bly baie van die verbruikers skepties. Die werkstuk se
doel is om daardie onsekerhede uit die weg te ruim, deur te verduidelik hoe sekuriteit toe
gepas word, en om te bewys dat die Internet interdaad veilig is as a medium vir besigheids
transaksies.
7
Nagarle, Shivashankarappa A. "Novel framework to support information security audit in virtual environment." Thesis, Coventry University, 2013. http://curve.coventry.ac.uk/open/items/aa65bb37-9504-46d3-930e-44ec71f745f3/1.
Full textAbstract:
Over the years, the focus of information security has evolved from technical issue to business issue. Heightened competition from globalization compounded by emerging technologies such as cloud computing has given rise to new threats and vulnerabilities which are not only complex but unpredictable. However, there are enormous opportunities which can bring value to business and enhance stakeholders’ wealth. Enterprises in Oman are compelled to embark e-Oman strategy which invariably increases the complexity due to integration of heterogeneous systems and outsourcing with external business partners. This implies that there is a need for a comprehensive model that integrates people, processes and technology and provides enterprise information security focusing on organizational transparency and enhancing business value. It was evident through interviews with security practitioners that existing security models and frameworks are inadequate to meet the dynamic nature of threats and challenges inherent in virtualization technology which is a catalyst to cloud computing. Hence the intent of this research is to evaluate enterprise information security in Oman and explore the potential of building a balanced model that aligns governance, risk management and compliance with emphasis to auditing in virtual environment. An integrated enterprise governance, risk and compliance model was developed where enterprise risk management acts as a platform, both mitigating risk on one hand and as a framework for defining cost controls and quantifying revenue opportunities on the other. Further, security standards and frameworks were evaluated and some limitations were identified. A framework for implementing IT governance focusing on critical success factors was developed after analysing and mapping the four domains of COBIT with various best practices. Server virtualization using bare metal architecture was practically tested which provides fault-tolerance and automated load balancing with enhanced security. Taxonomy of risks inherent in virtual environments was identified and an audit process flow was devised that provides insight to auditors to assess the adequacy of controls in a virtual environment. A novel framework for a successful audit in virtual environment is the contribution of this research that has changed some of the security assumptions and audit controls in virtual environment.
8
De, Villiers R. R. (Raoul Reenen). "The role of risk perception in Internet purchasing behaviour and intention." Thesis, Stellenbosch : Stellenbosch University, 2001. http://hdl.handle.net/10019.1/52570.
Full textAbstract:
Thesis (MComm.)--Stellenbosch University, 2001.<br>ENGLISH ABSTRACT: In recent years the importance and number of users of electronic commerce and its
medium, the Internet, have grown substantially. Despite this, the Business-to-
Consumer sector has shown slow expansion and limited growth, with the majority of
consumers slow to adopt the Internet as a medium for purchase. A probable factor
affecting the purchasing behaviour of individuals is the perception of risk of a breach
in (credit card) security and/or a violation of privacy. The research discussed here
indicates that two closely related constructs, namely perceived privacy risk and
perceived security risk exerts an influence on the Internet purchasing behaviour of
Internet users, and more importantly, the intention to purchase. In addition, the role
of social pressures regarding the provision of personal and credit card information is
indicated to be of considerable importance.<br>AFRIKAANSE OPSOMMING: Die afgelope aantal jare het die belangrikheid en gebruik van eletroniese handel en die
Internet aansienlik toegeneem. Ongeag hierdie groei het die sektor gemoeid met die
handel tussen besighede en verbruikers egter beperkte groei getoon. 'n Waarskynlike
rede vir die tendens in Internet aankoop gedrag is die persepsie dat daar 'n risiko is
van misbruik van 'n krediet kaart sowel as misbruik en skending van privaatheid. Die
studie wat hier bespreek word toon aan dat twee nou verwante kostrukte, naamlik
persepsie van sekuriteits- en persepsie van privaatheidsrisiko 'n rol speel in die
bepaling van Internet aankoop gedrag, sowel as die intensie om te koop. Verder is die
rol van sosiale druk rakende die verskaffing van persoonlike en krediet kaart inligting
uitgelig as 'n faktor van uiterste belang.
9
Dacosta, Italo. "Practical authentication in large-scale internet applications." Diss., Georgia Institute of Technology, 2012. http://hdl.handle.net/1853/44863.
Full textAbstract:
Due to their massive user base and request load, large-scale Internet applications have mainly focused on goals such as performance and scalability. As a result, many of these applications rely on weaker but more efficient and simpler authentication mechanisms. However, as recent incidents have demonstrated, powerful adversaries are exploiting the weaknesses in such mechanisms. While more robust authentication mechanisms exist, most of them fail to address the scale and security needs of these large-scale systems. In this dissertation we demonstrate that by taking into account the specific requirements and threat model of large-scale Internet applications, we can design authentication protocols for such applications that are not only more robust but also have low impact on performance, scalability and existing infrastructure. In particular, we show that there is no inherent conflict between stronger authentication and other system goals. For this purpose, we have designed, implemented and experimentally evaluated three robust authentication protocols: Proxychain, for SIP-based VoIP authentication; One-Time Cookies (OTC), for Web session authentication; and Direct Validation of SSL/TLS Certificates (DVCert), for server-side SSL/TLS authentication. These protocols not only offer better security guarantees, but they also have low performance overheads and do not require additional infrastructure. In so doing, we provide robust and practical authentication mechanisms that can improve the overall security of large-scale VoIP and Web applications.
10
Clayton, Bradley. "Securing media streams in an Asterisk-based environment and evaluating the resulting performance cost." Thesis, Rhodes University, 2007. http://eprints.ru.ac.za/851/.
Full text
11
Kalutarage, H. K. "Effective monitoring of slow suspicious activites on computer networks." Thesis, Coventry University, 2013. http://curve.coventry.ac.uk/open/items/afdbba5c-2c93-41a7-90c3-2f0f3261b794/1.
Full textAbstract:
Slow and suspicious activities on modern computer networks are increasingly hard to detect. An attacker may take days, weeks or months to complete an attack life cycle. A particular challenge is to monitor for stealthy attempts deliberately designed to stay beneath detection thresholds. This doctoral research presents a theoretical framework for effective monitoring of such activities. The main contribution of this work is a scalable monitoring scheme proposed in a Bayesian framework, which allows for detection of multiple attackers by setting a threshold using the Grubbs’ test. Second contribution is a tracing algorithm for such attacks. Network paths from a victim to its immediate visible hops are mapped and profiled in a Bayesian framework and the highest scored path is prioritised for monitoring. Third contribution explores an approach to minimise data collection by employing traffic sampling. The traffic is sampled using the stratification sampling technique with optimum allocation method. Using a 10% sampling rate was sufficient to detect simulated attackers, and some network parameters affected on sampling error. Final contribution is a target-centric monitoring scheme to detect nodes under attack. Target-centric approach is quicker to detect stealthy attacks and has potential to detect collusion as it completely independent from source information. Experiments are carried out in a simulated environment using the network simulator NS3. Anomalous traffic is generated along with normal traffic within and between networks using a Poisson arrival model. Our work addresses a key problem of network security monitoring: a scalable monitoring scheme for slow and suspicious activities. State size, in terms of a node score, is a small number of nodes in the network and hence storage is feasible for very large networks.
12
Janz, Linda, and University of Lethbridge Faculty of Arts and Science. "Privacy and the internet : differences in perspectives." Thesis, Lethbridge, Alta. : University of Lethbridge, Faculty of Arts and Science, 1997, 1997. http://hdl.handle.net/10133/64.
Full textAbstract:
This study examined results of a World Wide Web survey that used the framework of domain theory of moral development to examine attitudes of Internet users assuming perspectives of victims, aggressors and bystanders toward privacy issues. The effect of a monetary incentive was tested on two perspectives; effects of three moderating variables, employment status, newsgroup/mailing list membership and culture, were also tested. In the process of examing interactions, an evaluation determined if changes in attitudes indicated movement along a morality continuum. Results show that victims are more concerned than aggressors, and bystanders take a moralizing stance regardless of domain. Results of the monetary incentive test suggest that privacy is for sale. Employed respondents are more concerned than non-employed respondents; membership has little effect. Effects of culture do not support the hypotheses. Implications are that moral judgements are a function of perspective and domain, allowing flexibility along a morality continuum due to situational deviations.<br>xii, 112 leaves ; 28 cm.
13
Cheung, Lai-sze, and 張麗詩. "Delegation of rights using PKI-based components." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2004. http://hub.hku.hk/bib/B29973053.
Full text
14
Chan, Yik-Kwan Eric, and 陳奕鈞. "Investigation of a router-based approach to defense against Distributed Denial-of-Service (DDoS) attack." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2004. http://hub.hku.hk/bib/B30173309.
Full text
15
Zhang, Junjie. "Effective and scalable botnet detection in network traffic." Diss., Georgia Institute of Technology, 2012. http://hdl.handle.net/1853/44837.
Full textAbstract:
Botnets represent one of the most serious threats against Internet security since they serve as platforms that are responsible for the vast majority of large-scale and coordinated cyber attacks, such as distributed denial of service, spamming, and information stolen. Detecting botnets is therefore of great importance and a number of network-based botnet detection systems have been proposed. However, as botnets perform attacks in an increasingly stealthy way and the volume of network traffic is rapidly growing, existing botnet detection systems are faced with significant challenges in terms of effectiveness and scalability.
The objective of this dissertation is to build novel network-based solutions that can boost both the effectiveness of existing botnet detection systems by detecting botnets whose attacks are very hard to be observed in network traffic, and their scalability by adaptively sampling network packets that are likely to be generated by botnets. To be specific, this dissertation describes three unique contributions.
First, we built a new system to detect drive-by download attacks, which represent one of the most significant and popular methods for botnet infection. The goal of our system is to boost the effectiveness of existing drive-by download detection systems by detecting a large number of drive-by download attacks that are missed by these existing detection efforts.
Second, we built a new system to detect botnets with peer-to-peer (P2P) command&control (C&C) structures (i.e., P2P botnets), where P2P C&Cs represent currently the most robust C&C structures against disruption efforts. Our system aims to boost the effectiveness of existing P2P botnet detection by detecting P2P botnets in two challenging scenarios: i) botnets perform stealthy attacks that are extremely hard to be observed in the network traffic; ii) bot-infected hosts are also running legitimate P2P applications (e.g., Bittorrent and Skype).
Finally, we built a novel traffic analysis framework to boost the scalability of existing botnet detection systems. Our framework can effectively and efficiently identify a small percentage of hosts that are likely to be bots, and then forward network traffic associated with these hosts to existing detection systems for fine-grained analysis, thereby boosting the scalability of existing detection systems. Our traffic analysis framework includes a novel botnet-aware and adaptive packet sampling algorithm, and a scalable flow-correlation technique.
16
Du, Juan. "Constructing the internet panoptic-fortification: a legal study on China's internet regulatory mechanism." HKBU Institutional Repository, 2018. https://repository.hkbu.edu.hk/etd_oa/530.
Full textAbstract:
With the development of the information network technologies and the popularisation of the Internet, Chinese society is experiencing a Triple Revolution. Regulating the Internet has become a priority in China. In this context, this study seeks a comprehensive and in-depth understanding of China's Internet regulatory mechanism. Through the systematical analysis on Internet law in China, supplemented by the case study on how the issue of the Occupy Movement in Hong Kong was regulated, this study argues that China has developed a hybrid Internet regulatory model, which values both external defense and internal control in pursuit of the goal of cybersecurity, and which combines hierarchical regulation with horizontal monitoring to address challenges brought by contemporary network society. The Internet panoptic-fortification model is developed to illuminate China's Internet regulatory mechanism. The Internet panoptic-fortification model is featured by the centralised control from the authorities and ISPs, the establishment of Chinese sovereign cyberspace with jurisdictional and technical supports, the implementation of the network real-name system and the Internet-surfing record backup system to regulate individual Internet users, and the tight ideological control. This conceptual model reflects important aspects of Michel Foucault's account of governmentality, incorporating both centralised power and diffuse micro-power. This study suggests that China's Internet law to some extent has become an instrument for the state to promote the social discipline in the sovereign cyberspace, and the Internet regulatory mechanism serves for the national security and social stability in a broader context.
17
Van, der Schyff Karl Izak. "Cloud information security : a higher education perspective." Thesis, Rhodes University, 2014. http://hdl.handle.net/10962/d1011607.
Full textAbstract:
In recent years higher education institutions have come under increasing financial pressure. This has not only prompted universities to investigate more cost effective means of delivering course content and maintaining research output, but also to investigate the administrative functions that accompany them. As such, many South African universities have either adopted or are in the process of adopting some form of cloud computing given the recent drop in bandwidth costs. However, this adoption process has raised concerns about the security of cloud-based information and this has, in some cases, had a negative impact on the adoption process. In an effort to study these concerns many researchers have employed a positivist approach with little, if any, focus on the operational context of these universities. Moreover, there has been very little research, specifically within the South African context. This study addresses some of these concerns by investigating the threats and security incident response life cycle within a higher education cloud. This was done by initially conducting a small scale survey and a detailed thematic analysis of twelve interviews from three South African universities. The identified themes and their corresponding analyses and interpretation contribute on both a practical and theoretical level with the practical contributions relating to a set of security driven criteria for selecting cloud providers as well as recommendations for universities who have or are in the process of adopting cloud computing. Theoretically several conceptual frameworks are offered allowing the researcher to convey his understanding of how the aforementioned practical concepts relate to each other as well as the concepts that constitute the research questions of this study.
18
Park, Yongro. "A statistical process control approach for network intrusion detection." Diss., Georgia Institute of Technology, 2005. http://hdl.handle.net/1853/6835.
Full textAbstract:
Intrusion detection systems (IDS) have a vital role in protecting computer networks and information systems. In this thesis we applied an SPC monitoring concept to a certain type of traffic data in order to detect a network intrusion.
We developed a general SPC intrusion detection approach and described it and the source and the preparation of data used in this thesis. We extracted sample data sets that represent various situations, calculated event intensities for each situation, and stored these sample data sets in the data repository for use in future research.
A regular batch mean chart was used to remove the sample datas inherent 60-second cycles. However, this proved too slow in detecting a signal because the regular batch mean chart only monitored the statistic at the end of the batch. To gain faster results, a modified batch mean (MBM) chart was developed that met this goal. Subsequently, we developed the Modified Batch Mean Shewhart chart, the Modified Batch Mean Cusum chart, and the Modified Batch Mean EWMA chart and analyzed the performances of each one on simulated data. The simulation studies showed that the MBM charts perform especially well with large signals ?the type of signal typically associated with a DOS intrusion.
The MBM Charts can be applied two ways: by using actual control limits or by using robust control limits. The actual control limits must be determined by simulation, but the robust control limits require nothing more than the use of the recommended limits. The robust MBM Shewhart chart was developed based on choosing appropriate values based on batch size. The robust MBM Cusum chart and robust MBM EWMA chart were developed on choosing appropriate values of charting parameters.
19
Sou, Sok Fong. "An approach to protecting online personal information in Macau government." Thesis, University of Macau, 2018. http://umaclib3.umac.mo/record=b3869194.
Full text
20
Sung, Minho. "Scalable and efficient distributed algorithms for defending against malicious Internet activity." Diss., Available online, Georgia Institute of Technology, 2006, 2006. http://etd.gatech.edu/theses/available/etd-07172006-134741/.
Full textAbstract:
Thesis (Ph. D.)--Computing, Georgia Institute of Technology, 2007.<br>Xu, Jun, Committee Chair ; Ahamad, Mustaque, Committee Member ; Ammar, Mostafa, Committee Member ; Bing, Benny, Committee Member ; Zegura, Ellen, Committee Member.
21
Demir, Irfan. "Changing Privacy Concerns in the Internet Era." Thesis, University of North Texas, 2002. https://digital.library.unt.edu/ark:/67531/metadc3187/.
Full textAbstract:
Privacy has always been a respected value regardless of national borders, cultural differences, and time in every society throughout history. This study focuses on the unprecedented changes in the traditional forms of privacy and consequent concerns with regard to invasion of privacy along with the recent emergence and wide use of the Internet. Government intrusion into private domains through the Internet is examined as a major concern. Privacy invasions by Web marketers, hacker threats against privacy, and employer invasion of employee privacy at the workplace are discussed respectively. Then a set of possible solutions to solve the current problems and alleviate the concerns in this field is offered. Legal remedies that need to be performed by the government are presented as the initial solution. Then encryption is introduced as a strong technical method that may be helpful. Finally, a set of individual measures emphasized as complementary practical necessities. Nevertheless, this study indicates that technology will keep making further changes in the form and concerns of privacy that possibly may outdate these findings in the near future, however, privacy itself will always remain as a cherished social value as it has always been so far.
22
Friedman, Brandon. "A study of South African computer usersʹ password usage habits and attitude towards password security". Thesis, Rhodes University, 2014. http://hdl.handle.net/10962/d1013003.
Full textAbstract:
The challenge of having to create and remember a secure password for each user account has become a problem for many computer users and can lead to bad password management practices. Simpler and less secure passwords are often selected and are regularly reused across multiple user accounts. Computer users within corporations and institutions are subject to password policies, policies which require users to create passwords of a specified length and composition and change passwords regularly. These policies often prevent users from reusing previous selected passwords. Security vendors and professionals have sought to improve or even replace password authentication. Technologies such as multi-factor authentication and single sign-on have been developed to complement or even replace password authentication. The objective of the study was to investigate the password habits of South African computer and internet users. The aim was to assess their attitudes toward password security, to determine whether password policies affect the manner in which they manage their passwords and to investigate their exposure to alternate authentication technologies. The results from the online survey demonstrated that password practices of the participants across their professional and personal contexts were generally insecure. Participants often used shorter, simpler and ultimately less secure passwords. Participants would try to memorise all of their passwords or reuse the same password on most of their accounts. Many participants had not received any security awareness training, and additional security technologies (such as multi-factor authentication or password managers) were seldom used or provided to them. The password policies encountered by the participants in their organisations did little towards encouraging the users to apply more secure password practices. Users lack the knowledge and understanding about password security as they had received little or no training pertaining to it.
23
Leppan, Claudette. "Analysis of a South African cyber-security awareness campaign for schools using interdisciplinary communications frameworks." Thesis, Nelson Mandela Metropolitan University, 2017. http://hdl.handle.net/10948/18167.
Full textAbstract:
To provide structure to cyber awareness and educational initiatives in South Africa, Kortjan and Von Solms (2014) developed a five-layer cyber-security awareness and education framework. The purpose of the dissertation is to determine how the framework layers can be refined through the integration of communication theory, with the intention to contribute towards the practical implications of the framework. The study is approached qualitatively and uses a case study for argumentation to illustrate how the existing framework can be further developed. Drawing on several comprehensive campaign planning models, the dissertation illustrates that not all important campaign planning elements are currently included in the existing framework. Proposed changes in the preparation layer include incorporating a situational and target audience analysis, determining resources allocated for the campaign, and formulating a communication strategy. Proposed changes in the delivery layer of the framework are concerned with the implementation, monitoring and adjustment, as well as reporting of campaign successes and challenges. The dissertation builds on, and adds to, the growing literature on the development of campaigns for cyber-security awareness and education aimed at children.
24
Ndinga, S'busiso Simon. "An investigation into tools and protocols for commercial audio web-site creation." Thesis, Rhodes University, 2000. http://hdl.handle.net/10962/d1006488.
Full textAbstract:
This thesis presents a feasibility study of a Web-based digital music library and purchasing system. It investigates the current status of the enabling technologies for developing such a system. An analysis of various Internet audio codecs, streaming audio protocols, Internet credit card payment security methods, and ways for accessing remote Web databases is presented. The objective of the analysis is to determine the viability and the economic benefits of using these technologies when developing systems that facilitate music distribution over the Internet. A prototype of a distributed digital music library and purchasing system named WAPS (for Web-based Audio Purchasing System) was developed and implemented in the Java programming language. In this thesis both the physical and the logical component elements of WAPS are explored in depth so as to provide an insight into the inherent problems of creating such a system, as well as the overriding benefits derived from the creation of such a system.
25
Kruger, Richard Carl. "Investigating the possible introduction of managed broadband internet security : a pilot study." Thesis, Stellenbosch : Stellenbosch University, 2008. http://hdl.handle.net/10019.1/791.
Full textAbstract:
Thesis (MBA (Business Management))--Stellenbosch University, 2008.<br>ENGLISH ABSTRACT: Soon after the development of the internet as a network structure connecting computers on a global scale, was the introduction of malicious computer code, which was disseminated through this network. Initially this code was the relegation of pranksters, but evolved quickly to be code causing destruction, intrusion and loss of privacy while on the internet. This code became known as the computer virus and was soon used by fraudsters to infiltrate networks to create deception and fraud for financial gain. It has become of paramount importance for users of the internet to protect themselves and their networks from these attacks, through various ingenious mechanisms of protection. The traditional mainstay for computer virus protection has been the software approach using counter code to protect against any malicious computer code. This protection has had limited success as the very nature of malicious code is constantly changing and evolving, making it sometimes an impossible task for internet users to be protected with the latest anti-virus software for protection. The author of this study introduces a managed anti-virus protection alternative which is delivered by a computer hardware device. This is a new technology and a full description is made of the role of this product as a new product development. The empirical research of this paper focuses around the test for a need for the product described to the point, but excluding commercialization.<br>AFRIKAANSE OPSOMMING: Kort na die ontwikkeling van die internet as 'n netwerkstruktuur wat rekenaars op 'n globale skaal verbind, was daar die bekendstelling van kwaadwillige rekenaarkodes wat reg deur die netwerk versprei het. Aanvanklik was die kode gemik op die verdrywing van poetsbakkers, maar het spoedig ontwikkel in kodeverdrywing, inmenging en verlies aan privaatheid op die internet. Hierdie kode het bekend geword as die rekenaarvirus, en is spoedig deur bedrieërs gebruik om netwerke te infiltreer om gebruikers te mislei en te bedrieg vir eie finansiële gewin. Dit het vir gebruikers van die internet van uiterste belang geword om hulle en hulle netwerkte teen hierdie aanvalle te beskerm, en wel deur middel van verskeie meganismes. Die bekendste bekermingsmatreël teen die virus is die aanwending van sagteware as teenkode. Hierdie bekermingsmetode het egter tot dusver beperkte sukses behaal, aangesien die aard van kwaadwilligheid voortdurend verander en ontwikkel, sodat dit soms onmoontlik is dat gebruikers deur die nuutste anti-virussagteware beskerm kan word. Die skrywer van hierdie verhandeling stel 'n werkbare, alternatiewe anti-virusbeskermer bekend wat deur rekenaar-hardewareplan daargestel is. Dit het nuwe tegnologie, en 'n volledige beskrywing word gegee van die rol van hierdie produk as 'n nuwe ontwikkeling. Die empiriese navorsing van die verhandeling fokus op die toets vir die noodsaaklikheid van so 'n produk, met die uisluiting van kommersialisering.
26
Swart, Ignatius Petrus. "Pro-active visualization of cyber security on a National Level : a South African case study." Thesis, Rhodes University, 2015. http://hdl.handle.net/10962/d1017940.
Full textAbstract:
The need for increased national cyber security situational awareness is evident from the growing number of published national cyber security strategies. Governments are progressively seen as responsible for cyber security, but at the same time increasingly constrained by legal, privacy and resource considerations. Infrastructure and services that form part of the national cyber domain are often not under the control of government, necessitating the need for information sharing between governments and commercial partners. While sharing of security information is necessary, it typically requires considerable time to be implemented effectively. In an effort to decrease the time and effort required for cyber security situational awareness, this study considered commercially available data sources relating to a national cyber domain. Open source information is typically used by attackers to gather information with great success. An understanding of the data provided by these sources can also afford decision makers the opportunity to set priorities more effectively. Through the use of an adapted Joint Directors of Laboratories (JDL) fusion model, an experimental system was implemented that visualized the potential that open source intelligence could have on cyber situational awareness. Datasets used in the validation of the model contained information obtained from eight different data sources over a two year period with a focus on the South African .co.za sub domain. Over a million infrastructure devices were examined in this study along with information pertaining to a potential 88 million vulnerabilities on these devices. During the examination of data sources, a severe lack of information regarding the human aspect in cyber security was identified that led to the creation of a novel Personally Identifiable Information detection sensor (PII). The resultant two million records pertaining to PII in the South African domain were incorporated into the data fusion experiment for processing. The results of this processing are discussed in the three case studies. The results offered in this study aim to highlight how data fusion and effective visualization can serve to move national cyber security from a primarily reactive undertaking to a more pro-active model.
27
Judge, Paul Q. "Security and protection architectures for large-scale content distribution." Diss., Georgia Institute of Technology, 2002. http://hdl.handle.net/1853/9217.
Full text
28
Singaravelu, Lenin. "End-to-End Security of Information Flow in Web-based Applications." Diss., Georgia Institute of Technology, 2007. http://hdl.handle.net/1853/16142.
Full textAbstract:
Web-based applications and services are increasingly being used in security-sensitive tasks. Current security protocols rely on two crucial assumptions to protect the confidentiality and integrity of information: First, they assume that end-point software used to handle security-sensitive information is free from vulnerabilities. Secondly, these protocols assume point-to-point communication between a client and a service provider. However, these assumptions do not hold true with large and complex vulnerable end point software such as the Internet browser or web services middleware or in web service compositions where there can be multiple value-adding service providers interposed between a client and the original service provider.
To address the problem of large and complex end-point software, we present the AppCore approach which uses manual analysis of information flow, as opposed to purely automated approaches, to split existing software into two parts: a simplified trusted part that handles security-sensitive information and a legacy, untrusted part that handles non-sensitive information without access to sensitive information. Not only does this approach avoid many common and well-known vulnerabilities in the legacy software that compromised sensitive information, it also greatly reduces the size and complexity of the trusted code, thereby making exhaustive testing or formal analysis more feasible. We demonstrate the feasibility of the AppCore approach by constructing AppCores for two real-world applications: a client-side AppCore for https-based applications and an AppCore for web service platforms. Our evaluation shows that security improvements and complexity reductions (over a factor of five) can be attained with minimal modifications to existing software (a few tens of lines of code, and proxy settings of a browser) and an acceptable performance overhead (a few percent).
To protect the communication of sensitive information between the clients and service providers in web service compositions, we present an end-to-end security framework called WS-FESec that provides end-to-end security properties even in the presence of misbehaving intermediate services. We show that WS-FESec is flexible enough to support the lattice model of secure information flow and it guarantees precise security properties for each component service at a modest cost of a few milliseconds per signature or encrypted field.
29
Hlaing, Nwe Nwe. "Browser security : a requirements-based approach." Thesis, Queensland University of Technology, 2003. https://eprints.qut.edu.au/36887/6/36887_Digitised%20Thesis.pdf.
Full textAbstract:
A browser is a convenient way to access resources located remotely on computer networks. Security in browsers has become a crucial issue for users who use them for sensitive applications without knowledge ofthe hazards. This research utilises a structure approach to analyse and propose enhancements to browser security. Standard evaluation for computer products is important as it helps users to ensure that the product they use is appropriate for their needs. Security in browsers, therefore, has been evaluated using the Common Criteria. The outcome of this was a security requirements profile which attempts to formalise the security needs of browsers. The information collected
during the research was used to produce a prototype model for a secure browser program. Modifications to the Lynx browser were made to demonstrate the proposed
enhancements.
30
Ncubukezi, Tabisa. "Security considerations of e-learning in higher education institutions." Thesis, Cape Peninsula University of Technology, 2012. http://hdl.handle.net/20.500.11838/2301.
Full textAbstract:
Thesis (MTech (Information Technology))--Cape Peninsula University of Technology,2012.<br>Learning management systems (LMSs) have become the central aspects of educational
processes in modern universities. Arguments are that LMSs improve educational efficiencies
including the processes of storage, retrieval and exchange of content without distance, space
and time constraints. A trusted platform without undue intrusions however, determines the
extent to which these benefits can be realized in higher education (HE) spaces. The
underlying assumption in this thesis therefore, is that e-Learning systems would lose its value
and integrity when the security aspects are ignored. Despite this logic, an overwhelming evidence security omissions and disruptions continue to
threaten e-Learning processes at CPUT, with a risk of the actual usage of LMS in the
institution. For this reason, this study sought to investigate the extent as well as causes of
existing security threats, security awareness programmes and the in/effectiveness of security
measures within CPUT. Within the qualitative interpretive research framework, the purposive
sampling method was used to select participants. Semi-structured interviews were then used
to collect primary data from administrators, technicians, academics and students in the IT and
the Public Relations departments at CPUT. The activity theory (AT) was then used as the lens
to understand the security aspect in e-Learning systems in the CPUT. From this theory, an
analytical framework was developed. It presents holistic view of the security environment of e-
Learning as an activity system composed of actors (stakeholders), educational goals, rules (in
the form of policies, guidelines and procedures), activities, mediating factors, transformation,
and outcomes. The tension between these components accounts for failures in e-Learning
security practices, and ultimately in the e-Learning processes. Whilst security measures exist on the e-Learning platform, findings show a combination of the
tools, processes and awareness measures to be inadequate and therefore inhibiting. Poor
adherence to security guidelines in particular, is a major shortfall in this institution. To this end,
a continuous review of network policy, clear and consolidated communication between
stakeholders as well as emphasis on the enforcement of security compliance by users across
all departments is therefore recommended. Frequent security awareness and training
programmes for all LMS users must also be prioritized in this institution.
31
Kaiser, Edward Leo. "Addressing Automated Adversaries of Network Applications." PDXScholar, 2010. https://pdxscholar.library.pdx.edu/open_access_etds/4.
Full textAbstract:
The Internet supports a perpetually evolving patchwork of network services and applications. Popular applications include the World Wide Web, online commerce, online banking, email, instant messaging, multimedia streaming, and online video games. Practically all networked applications have a common objective: to directly or indirectly process requests generated by humans. Some users employ automation to establish an unfair advantage over non-automated users. The perceived and substantive damages that automated, adversarial users inflict on an application degrade its enjoyment and usability by legitimate users, and result in reputation and revenue loss for the application's service provider. This dissertation examines three challenges critical to addressing the undesirable automation of networked applications. The first challenge explores individual methods that detect various automated behaviors. Detection methods range from observing unusual network-level request traffic to sensing anomalous client operation at the application-level. Since many detection methods are not individually conclusive, the second challenge investigates how to combine detection methods to accurately identify automated adversaries. The third challenge considers how to leverage the available knowledge to disincentivize adversary automation by nullifying their advantage over legitimate users. The thesis of this dissertation is that: there exist methods to detect automated behaviors with which an application's service provider can identify and then systematically disincentivize automated adversaries. This dissertation evaluates this thesis using research performed on two network applications that have different access to the client software: Web-based services and multiplayer online games.
32
De, Wit Roland Duyvené. "Provisioning VolP wireless networks with security." Thesis, Bloemfontein : Central University of Technology, Free State, 2008. http://hdl.handle.net/11462/47.
Full text
33
Hannigan, Kerry. "Protection and security in a technologically advanced society : children and young people's perspectives." Thesis, University of Stirling, 2014. http://hdl.handle.net/1893/21562.
Full textAbstract:
The continuous advancement of new technology, specifically in the area of internet technology, has led to an increase in concerns surrounding children and young people’s safety when online. The following thesis describes a study of protection and security on the internet from the perspective of children and young people and contributes and expands on the findings of my Masters Dissertation which examined parents’ perceptions of children at risk on the internet. The research focuses on young people’s perspectives about what risks they face and what would keep them safe and is set within literature on child sex abusers and internet grooming. The thesis is based on an online survey which gathered information about the behaviour and opinions of 859 children and young people living in Scotland. Findings were separated into four main topics: children and young people’s behaviour on the internet, children and young people’s perception of strangers both online and offline, children and young people’s opinion of education on internet safety and children and young people’s opinion of the government’s role in relation to their safety online. Respondents’ stated that they wanted to be protected when on the internet (whilst acknowledging their own responsibility when online), either by the government or through those responsible for the content of the internet. They also provided several suggestions on how schools and the government can do more to listen to their voices and improve internet safety education. There were a number of children and young people who reported that they disclosed personal information over the internet (their own and that of their friends and family) and that they were willing to meet people in the real environment whom they had been communicating with online: many respondents’ viewed internet ‘strangers’ as different from ‘strangers’ in the real environment. Vygotsky’s (1978) theory of the Zone of Proximal Development (ZPD) and Wood et al.’s (1976) development of the concept of scaffolding, which has been developed in an educational rather than criminological context, were identified as offering some promise for explaining the behaviour of both the victims and the offender as other theories of sexual offending (either specific theories or explanations developed from general theories) are incapable of fully providing an explanation that will encompass grooming in general and online grooming in particular. It is argued that if these theories are applied to internet safety education they have the potential to empower children and young people and make grooming tactics and approaches less effective. The findings also indicated that more child and young people-oriented protection measures may be needed. Perceptions of protection and security on the internet were wide ranging but respondents were keen to provide possible solutions and examples of how to improve their safety when online. This would suggest that communicating with children and young people when developing policy, legislation, research and educational materials is the way forward if we wish to improve their safety and eliminate or reduce the dangers they face when using the internet.
34
Egan, Shaun Peter. "A framework for high speed lexical classification of malicious URLs." Thesis, Rhodes University, 2014. http://hdl.handle.net/10962/d1011933.
Full textAbstract:
Phishing attacks employ social engineering to target end-users, with the goal of stealing identifying or sensitive information. This information is used in activities such as identity theft or financial fraud. During a phishing campaign, attackers distribute URLs which; along with false information, point to fraudulent resources in an attempt to deceive users into requesting the resource. These URLs are made obscure through the use of several techniques which make automated detection difficult. Current methods used to detect malicious URLs face multiple problems which attackers use to their advantage. These problems include: the time required to react to new attacks; shifts in trends in URL obfuscation and usability problems caused by the latency incurred by the lookups required by these approaches. A new method of identifying malicious URLs using Artificial Neural Networks (ANNs) has been shown to be effective by several authors. The simple method of classification performed by ANNs result in very high classification speeds with little impact on usability. Samples used for the training, validation and testing of these ANNs are gathered from Phishtank and Open Directory. Words selected from the different sections of the samples are used to create a `Bag-of-Words (BOW)' which is used as a binary input vector indicating the presence of a word for a given sample. Twenty additional features which measure lexical attributes of the sample are used to increase classification accuracy. A framework that is capable of generating these classifiers in an automated fashion is implemented. These classifiers are automatically stored on a remote update distribution service which has been built to supply updates to classifier implementations. An example browser plugin is created and uses ANNs provided by this service. It is both capable of classifying URLs requested by a user in real time and is able to block these requests. The framework is tested in terms of training time and classification accuracy. Classification speed and the effectiveness of compression algorithms on the data required to distribute updates is tested. It is concluded that it is possible to generate these ANNs in a frequent fashion, and in a method that is small enough to distribute easily. It is also shown that classifications are made at high-speed with high-accuracy, resulting in little impact on usability.
35
Mooi, Roderick David. "A model for security incident response in the South African National Research and Education network." Thesis, Nelson Mandela Metropolitan University, 2014. http://hdl.handle.net/10948/d1017598.
Full textAbstract:
This dissertation addresses the problem of a lack of a formal incident response capability in the South African National Research and Education Network (SA NREN). While investigating alternatives it was found that no clear method exists to solve this problem. Therefore, a second problem is identified: the lack of a definitive method for establishing a Computer Security Incident Response Team (CSIRT) or Computer Emergency Response Team (CERT) in general. Solving the second problem is important as we then have a means of knowing how to start when building a CSIRT. This will set the basis for addressing the initial problem, resulting in a prepared, improved and coordinated response to IT security incidents affecting the SANREN. To commence, the requirements for establishing a CSIRT are identified via a comprehensive literature review. These requirements are categorized into five areas, namely, the basic business requirements followed by the four Ps of the IT Infrastructure Library (ITIL). That is, People, Processes, Product and Partners, adapted to suit the CSIRT context. Through the use of argumentation, the relationships between the areas are uncovered and explored. Thereafter, a Design Science Research-based process is utilised to develop a generic model for establishing a CSIRT. The model is based on the interactions uncovered between the business requirements and the adapted four Ps. These are summarised through two views -- strategic and tactical -- together forming an holistic model for establishing a CSIRT. The model highlights the decisions required for the business requirements, services, team model and staff, policies and processes, tools and technologies, and partners of a CSIRT respectively. Finally, to address the primary objective, the generic model is applied to the SANREN environment. Thus, the second artefact is an instantiation, a specific model, which can be implemented to create a CSIRT for the SA NREN. To produce the specific model, insight into the nature of the SANREN environment was required. The status quo was revealed through the use of a survey and argumentative analysis of the results. The specific decisions in each area required to establish an SA NREN CSIRT are explored throughout the development of the model. The result is a comprehensive framework for implementing a CSIRT in the SA NREN, detailing the decisions required in each of the areas. This model additionally acts as a demonstration of the utility of the generic model. The implications of this research are twofold. Firstly, the generic model is useful as a basis for anyone wanting to establish a CSIRT. It helps to ensure that all factors are considered and that no important decisions are neglected, thereby enabling an holistic view. Secondly, the specific model for the SA NREN CSIRT serves as a foundation for implementing the CSIRT going forward. It accelerates the process by addressing the important considerations and highlighting the concerns that must be addressed while establishing the CSIRT.
36
Sanyamahwe, Tendai. "Digital forensic model for computer networks." Thesis, University of Fort Hare, 2011. http://hdl.handle.net/10353/d1000968.
Full textAbstract:
The Internet has become important since information is now stored in digital form and is transported both within and between organisations in large amounts through computer networks. Nevertheless, there are those individuals or groups of people who utilise the Internet to harm other businesses because they can remain relatively anonymous. To prosecute such criminals, forensic practitioners have to follow a well-defined procedure to convict responsible cyber-criminals in a court of law. Log files provide significant digital evidence in computer networks when tracing cyber-criminals. Network log mining is an evolution of typical digital forensics utilising evidence from network devices such as firewalls, switches and routers. Network log mining is a process supported by presiding South African laws such as the Computer Evidence Act, 57 of 1983; the Electronic Communications and Transactions (ECT) Act, 25 of 2002; and the Electronic Communications Act, 36 of 2005. Nevertheless, international laws and regulations supporting network log mining include the Sarbanes-Oxley Act; the Foreign Corrupt Practices Act (FCPA) and the Bribery Act of the USA. A digital forensic model for computer networks focusing on network log mining has been developed based on the literature reviewed and critical thought. The development of the model followed the Design Science methodology. However, this research project argues that there are some important aspects which are not fully addressed by South African presiding legislation supporting digital forensic investigations. With that in mind, this research project proposes some Forensic Investigation Precautions. These precautions were developed as part of the proposed model. The Diffusion of Innovations (DOI) Theory is the framework underpinning the development of the model and how it can be assimilated into the community. The model was sent to IT experts for validation and this provided the qualitative element and the primary data of this research project. From these experts, this study found out that the proposed model is very unique, very comprehensive and has added new knowledge into the field of Information Technology. Also, a paper was written out of this research project.
37
Megaw, Gregory M. "Phishing within e-commerce: reducing the risk, increasing the trust." Thesis, University of Fort Hare, 2010. http://hdl.handle.net/10353/376.
Full textAbstract:
E-Commerce has been plagued with problems since its inception and this study examines one of these problems: The lack of user trust in E-Commerce created by the risk of phishing. Phishing has grown exponentially together with the expansion of the Internet. This growth and the advancement of technology has not only benefited honest Internet users, but has enabled criminals to increase their effectiveness which has caused considerable damage to this budding area of commerce. Moreover, it has negatively impacted both the user and online business in breaking down the trust relationship between them. In an attempt to explore this problem, the following was considered: First, E-Commerce’s vulnerability to phishing attacks. By referring to the Common Criteria Security Model, various critical security areas within E-Commerce are identified, as well as the areas of vulnerability and weakness. Second, the methods and techniques used in phishing, such as phishing e-mails, websites and addresses, distributed attacks and redirected attacks, as well as the data that phishers seek to obtain, are examined. Furthermore, the way to reduce the risk of phishing and in turn increase the trust between users and websites is identified. Here the importance of Trust and the Uncertainty Reduction Theory plus the fine balance between trust and control is explored. Finally, the study presents Critical Success Factors that aid in phishing prevention and control, these being: User Authentication, Website Authentication, E-mail Authentication, Data Cryptography, Communication, and Active Risk Mitigation.
38
Allam, Sean. "A model to measure the maturuty of smartphone security at software consultancies." Thesis, University of Fort Hare, 2009. http://hdl.handle.net/10353/281.
Full textAbstract:
Smartphones are proliferating into the workplace at an ever-increasing rate, similarly the threats that they pose is increasing. In an era of constant connectivity and availability, information is freed up of constraints of time and place. This research project delves into the risks introduced by smartphones, and through multiple cases studies, a maturity measurement model is formulated. The model is based on recommendations from two leading information security frameworks, the COBIT 4.1 framework and ISO27002 code of practice. Ultimately, a combination of smartphone specific risks are integrated with key control recommendations, in providing a set of key measurable security maturity components. The subjective opinions of case study respondents are considered a key component in achieving a solution. The solution addresses the concerns of not only policy makers, but also the employees subjected to the security policies. Nurturing security awareness into organisational culture through reinforcement and employee acceptance is highlighted in this research project. Software consultancies can use this model to mitigate risks, while harnessing the potential strategic advantages of mobile computing through smartphone devices. In addition, this research project identifies the critical components of a smartphone security solution. As a result, a model is provided for software consultancies due to the intense reliance on information within these types of organisations. The model can be effectively applied to any information intensive organisation.
39
Imine, Youcef. "Cloud computing security." Thesis, Compiègne, 2019. http://www.theses.fr/2019COMP2520.
Full textAbstract:
Ces dernières années, nous assistons à une immense révolution numérique de l’internet où de nombreuses applications, innovantes telles que l’internet des objets, les voitures autonomes, etc., ont émergé. Par conséquent, l’adoption des technologies d’externalisations des données, telles que le cloud ou le fog computing, afin de gérer cette expansion technologique semble inévitable. Cependant, l’utilisation du cloud ou du fog computing en tant que plateforme d’externalisation pour le stockage ou le partage des données crée plusieurs défis scientifiques. En effet, externaliser ses données signifie que l’utilisateur perd le contrôle sur ces derniers. D’où la sécurité des données devienne une préoccupation majeure qui doit être proprement traitée. C’est dans ce contexte que s’inscrivent les travaux de cette thèse dans laquelle nous avons déterminé dans un premier temps les principaux problèmes de sécurité liés à l’adoption du cloud et du fog computing. Puis, nous avons adressé trois problématiques de sécurité majeure, qui sont : 1 - Le contrôle d’accès aux données dans une architecture de type Cloud storage, où nous avons proposé une nouvelle solution de contrôle d’accès basée sur le chiffrement à base d’attributs. Notre solution assure un contrôle d’accès souple et à grains fins. De plus, elle permet d’effectuer une révocation immédiate des utilisateurs et des attributs sans aucune mise à jour des clés de chiffrement fournies aux utilisateurs. 2 - Le problème de l’authentification mutuelle entre les utilisateurs et les serveurs Fog dans une architecture Fog computing, où nous avons proposé un nouveau schéma d’authentification efficace, qui assure l’authentification mutuelle et qui est robuste contre les comportements malicieux des serveurs Fog. 3 - Le problème de traçabilité et de la protection de la vie privée dans le cadre des applications de partage d’informations publiques, où nous avons proposé une nouvelle solution pour le partage d’informations publiques assurant le service de traçabilité tout en préservant les informations privées des utilisateurs. Avec notre solution, les serveurs d’externalisations authentifient les utilisateurs sans pouvoir obtenir des informations sur leur vie privée. En cas de comportements malicieux, notre solution permet de tracer les utilisateurs malveillants grâce à une autorité<br>These last years, we are witnessing a real digital revolution of Internet where many innovative applications such as Internet of Things, autonomous cars, etc., have emerged. Consequently, adopting externalization technologies such as cloud and fog computing to handle this technological expansion seems to be an inevitable outcome. However, using the cloud or fog computing as a data repository opens many challenges in prospect. This thesis addresses security issues in cloud and fog computing which is a major challenge that need to be appropriately overcomed. Indeed, adopting these technologies means that the users lose control over their own data, which exposes it to several security threats. Therefore, we first investigated the main security issues facing the adoption of cloud and fog computing technologies. As one of the main challenges pointed in our investigation, access control is indeed a cornerstone of data security. An efficient access control mechanism must provide enforced and flexible access policies that ensure data protection, even from the service provider. Hence, we proposed a novel secure and efficient attribute based access control scheme for cloud data-storage applications. Our solution ensures flexible and fine-grained access control and prevents security degradations. Moreover, it performs immediate users and attributes revocation without any key regeneration. Authentication service in fog computing architecture is another issue that we have addressed in this thesis. Some traditional authentication schemes endure latency issues while others do not satisfy fog computing requirements such as mutual authentication between end-devices and fog servers. Thus, we have proposed a new, secure and efficient authentication scheme that ensures mutual authentication at the edge of the network and remedies to fog servers' misbehaviors.Finally, we tackled accountability and privacy-preserving challenges in information-sharing applications for which several proposals in the literature have treated privacy issues, but few of them have considered accountability service. Therefore, we have proposed a novel accountable privacy preserving solution for public information sharing in data externalization platforms. Externalization servers in our scheme authenticate any user in the system without violating its privacy. In case of misbehavior, our solution allows to trace malicious users thanks to an authority
40
Dyer, Kevin Patrick. "Novel Cryptographic Primitives and Protocols for Censorship Resistance." PDXScholar, 2015. https://pdxscholar.library.pdx.edu/open_access_etds/2489.
Full textAbstract:
Internet users rely on the availability of websites and digital services to engage in political discussions, report on newsworthy events in real-time, watch videos, etc. However, sometimes those who control networks, such as governments, censor certain websites, block specific applications or throttle encrypted traffic. Understandably, when users are faced with egregious censorship, where certain websites or applications are banned, they seek reliable and efficient means to circumvent such blocks. This tension is evident in countries such as a Iran and China, where the Internet censorship infrastructure is pervasive and continues to increase in scope and effectiveness.
An arms race is unfolding with two competing threads of research: (1) network operators' ability to classify traffic and subsequently enforce policies and (2) network users' ability to control how network operators classify their traffic. Our goal is to understand and progress the state-of-the-art for both sides. First, we present novel traffic analysis attacks against encrypted communications. We show that state-of-the-art cryptographic protocols leak private information about users' communications, such as the websites they visit, applications they use, or languages used for communications. Then, we investigate means to mitigate these privacy-compromising attacks. Towards this, we present a toolkit of cryptographic primitives and protocols that simultaneously (1) achieve traditional notions of cryptographic security, and (2) enable users to conceal information about their communications, such as the protocols used or websites visited. We demonstrate the utility of these primitives and protocols in a variety of real-world settings. As a primary use case, we show that these new primitives and protocols protect network communications and bypass policies of state-of-the-art hardware-based and software-based network monitoring devices.
41
Cheung, Yee-him, and 張貽謙. "Secure object spaces for global information retrieval (SOSGIR)." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2000. http://hub.hku.hk/bib/B29869596.
Full text
42
Oliveira, Rogério Leão Santos de [UNESP]. "L3-arpsec - módulo seguro para controle e proteção do protocolo de resolução de endereços em redes definidas por software." Universidade Estadual Paulista (UNESP), 2015. http://hdl.handle.net/11449/128103.
Full textAbstract:
Made available in DSpace on 2015-10-06T13:03:18Z (GMT). No. of bitstreams: 0
Previous issue date: 2015-07-24. Added 1 bitstream(s) on 2015-10-06T13:18:39Z : No. of bitstreams: 1
000849444.pdf: 1836624 bytes, checksum: d3b670920a0ae185565104f5315bef2a (MD5)<br>O protocolo de resolução de endereços (ARP) é usado para mapear endereços IP a endereços MAC em redes locais. Este protocolo possui algumas vulnerabilidades de segurança e uma delas é ataque Man-in-the-Middle (MITM), em que o cache ARP permite a um host interceptar pacotes trocados entre dois outros hosts. O conceito de Redes Definidas por Software (SDNs) representam uma abordagem inovadora na área de redes de computadores, uma vez que propõe um novo modelo para o controle de repasse e roteamento dos pacotes de dados que navegam na Internet. Uma das principais características deste novo paradigma é a capacidade de programar funcionalidades nos controladores de rede para gerenciar o tráfego. Este trabalho apresenta o modulo L3-ARPSec, um conjunto de instruções escritas em linguagem de programação Python que propõe uma maneira de controlar a troca de mensagens ARP e também mitigar o ataque MITM em redes locais. O módulo gerencia as requisições e respostas ARP entre todos dispositivos da rede e não permite o envenenamento do cache ARP. Depois de apresentados alguns conceitos do paradigma SDN, a estrutura do protocolo ARP e como o ataque MITM ocorre, o modulo L3-ARPSec é explicado em detalhes e os resultados de diversos testes executados são mostrados<br>The Address Resolution Protocol (ARP) is used to map IP addresses to MAC addresses in local area networks. This protocol has some security vulnerabilities and one of them is the Man-in-the-Middle (MITM) attack, a way to poisoning the ARP cache that allows a host to intercept packets switched between two other hosts. Software-Defined Networks (SDNs) represent an innovative approach in the area of computer networks, since they propose a new model to control forwarding and routing data packets that navigate the World Wide Web. One of the main features of this new paradigm is the ability to program functionalities in network controllers to manage the traffic. This study presents the module L3-ARPSec, a set of instructions written in the Python programming language that proposes a way to control the switching of ARP messages and also mitigates the MITM attack in local area networks. The module manages the ARP request, reply messages between all network devices and does not permit the ARP cache poisoning. After presenting some concepts of the SDN paradigm, the ARP protocol structure and how MITM attacks occurs, the L3-ARPSec module is explained in detail and the results of several tests performed are displayed
43
Oliveira, Rogério Leão Santos de. "L3-arpsec - módulo seguro para controle e proteção do protocolo de resolução de endereços em redes definidas por software /." Ilha Solteira, 2015. http://hdl.handle.net/11449/128103.
Full textAbstract:
Orientador: Ailton Akira Shinoda<br>Co-orientador: Christiane Marie Schweitzer<br>Banca: Antonio Marco Cossi<br>Banca: Ed'Wilson Tavares Ferreira<br>Resumo: O protocolo de resolução de endereços (ARP) é usado para mapear endereços IP a endereços MAC em redes locais. Este protocolo possui algumas vulnerabilidades de segurança e uma delas é ataque Man-in-the-Middle (MITM), em que o cache ARP permite a um host interceptar pacotes trocados entre dois outros hosts. O conceito de Redes Definidas por Software (SDNs) representam uma abordagem inovadora na área de redes de computadores, uma vez que propõe um novo modelo para o controle de repasse e roteamento dos pacotes de dados que navegam na Internet. Uma das principais características deste novo paradigma é a capacidade de programar funcionalidades nos controladores de rede para gerenciar o tráfego. Este trabalho apresenta o modulo L3-ARPSec, um conjunto de instruções escritas em linguagem de programação Python que propõe uma maneira de controlar a troca de mensagens ARP e também mitigar o ataque MITM em redes locais. O módulo gerencia as requisições e respostas ARP entre todos dispositivos da rede e não permite o envenenamento do cache ARP. Depois de apresentados alguns conceitos do paradigma SDN, a estrutura do protocolo ARP e como o ataque MITM ocorre, o modulo L3-ARPSec é explicado em detalhes e os resultados de diversos testes executados são mostrados<br>Abstract: The Address Resolution Protocol (ARP) is used to map IP addresses to MAC addresses in local area networks. This protocol has some security vulnerabilities and one of them is the Man-in-the-Middle (MITM) attack, a way to poisoning the ARP cache that allows a host to intercept packets switched between two other hosts. Software-Defined Networks (SDNs) represent an innovative approach in the area of computer networks, since they propose a new model to control forwarding and routing data packets that navigate the World Wide Web. One of the main features of this new paradigm is the ability to program functionalities in network controllers to manage the traffic. This study presents the module L3-ARPSec, a set of instructions written in the Python programming language that proposes a way to control the switching of ARP messages and also mitigates the MITM attack in local area networks. The module manages the ARP request, reply messages between all network devices and does not permit the ARP cache poisoning. After presenting some concepts of the SDN paradigm, the ARP protocol structure and how MITM attacks occurs, the L3-ARPSec module is explained in detail and the results of several tests performed are displayed<br>Mestre
44
Gerber, Tian Johannes. "VoIP : a corporate governance approach to avoid the risk of civil liability." Thesis, Nelson Mandela Metropolitan University, 2012. http://hdl.handle.net/10948/d1016272.
Full textAbstract:
Since the deregulation of Voice over Internet Protocol (VoIP) in 2005, many South African organizations are now attempting to leverage its cost saving and competitive values. However, it has been recently cited that VoIP is one of the greatest new risks to organizations and this risk is cited to increase Information Security insurance premiums in the near future. Due to the dynamic nature of the VoIP technology, regulatory and legislative concerns such as lawful interception of communications and privacy may also contribute to business risk. In order to leverage value from the VoIP implementation, an organization should implement the technology with knowledge of the potential risk of civil liability. This is further highlighted by the King III Report which indicates that the Directors of an organization should be ultimately responsible for Corporate Governance and, therefore, IT Governance and Information Security Governance. The report goes further to say that any newly implemented technology, such as VoIP, should comply with all South African legislation and regulations. This responsibility encourages the practice of both due care and due diligence. However, recent trends exercised by Information Security professionals, responsible for drafting Information Security policies and related procedures, often neglect the regulatory requirements and choose to only implement international best practices with no consideration of the risk of civil liability. Although these best practice frameworks may inadvertently comply with existing local legislation, a chance of an oversight is possible. Oversights may not only result in criminal sanctions, but also civil action due to losses or damages suffered. With regard to implementing VoIP, good Corporate Governance could potentially be ensured through the use of both identified regulations and relevant international best practices. This dissertation aims to aid organizations in avoiding or at least mitigating the risk of civil liability to better leverage VoIP’s value, through good Corporate Governance practices. This should aid in the exercise of due care and due diligence when implementing VoIP as a means of conducting business communication.
45
Opie, Jake Weyman. "Securing softswitches from malicious attacks." Thesis, Rhodes University, 2007. http://hdl.handle.net/10962/d1007714.
Full textAbstract:
Traditionally, real-time communication, such as voice calls, has run on separate, closed networks. Of all the limitations that these networks had, the ability of malicious attacks to cripple communication was not a crucial one. This situation has changed radically now that real-time communication and data have merged to share the same network. The objective of this project is to investigate the securing of softswitches with functionality similar to Private Branch Exchanges (PBX) from malicious attacks. The focus of the project will be a practical investigation of how to secure ILANGA, an ASTERISK-based system under development at Rhodes University. The practical investigation that focuses on ILANGA is based on performing six varied experiments on the different components of ILANGA. Before the six experiments are performed, basic preliminary security measures and the restrictions placed on the access to the database are discussed. The outcomes of these experiments are discussed and the precise reasons why these attacks were either successful or unsuccessful are given. Suggestions of a theoretical nature on how to defend against the successful attacks are also presented.
46
Abdelhafez, Mohamed. "Modeling and Simulations of Worms and Mitigation Techniques." Diss., Georgia Institute of Technology, 2007. http://hdl.handle.net/1853/19840.
Full textAbstract:
Internet worm attacks have become increasingly more frequent and have had a major impact on the economy, making the detection and prevention of these attacks a top security concern. Several countermeasures have been proposed and evaluated in recent literature. However, the eect of these proposed defensive mechanisms on legitimate competing traffic has not been analyzed.
The first contribution of this thesis is a comparative analysis of the effectiveness of
several of these proposed mechanisms, including a measure of their effect on normal web browsing activities. In addition, we introduce a new defensive approach that can easily be implemented on existing hosts, and which significantly reduces the rate of spread of worms
using TCP connections to perform the infiltration. Our approach has no measurable effect on legitimate traffic.
The second contribution is presenting a variant of the flash worm that we term Compact Flash or CFlash that is capable of spreading even faster than its predecessor. We perform a comparative study between the flash worm and the CFlash worm using a full-detail packet-level simulator, and the results show the increase in propagation rate of the new worm given the same set of parameters.
The third contribution is the study of the behavior of TCP based worms in MANETs. We develop an analytical model for the worm spread of TCP worms in the MANETs environment that accounts for payloadsize, bandwidthsharing, radio range, nodal density and several other parameters specific for MANET topologies. We also present numerical solutions for the model and verify the results using packetlevel simulations. The results show that the analytical model developed here matches the results of the packetlevel simulation in most cases.
47
Tang, Jin. "Mobile IPv4 Secure Access to Home Networks." Diss., Georgia Institute of Technology, 2006. http://hdl.handle.net/1853/11536.
Full textAbstract:
With the fast development of wireless networks and devices, Mobile
IP is expected to be used widely so that mobile users can access
the Internet anywhere, anytime without interruption. However, some
problems, such as firewall traversal and use of private IP
addresses, restrict use of Mobile IP. The objective of this thesis
is to design original schemes that can enable a mobile node at
abroad to access its home network as well as the Internet securely
and that can help Mobile IP to be used widely and commercially.
Our solutions are secure, efficient, and scalable. They can be
implemented and maintained easily. In this thesis, we mainly
consider Mobile IPv4, instead of Mobile IPv6. Three research
topics are discussed. In each topic, the challenges are
investigated and the new solutions are presented.
The first research topic solves the firewall traversal problems in
Mobile IP. A mobile node cannot access its firewall-protected home
network if it fails the authentication by the firewall. We propose
that an IPsec tunnel be established between the firewall and the
foreign agent for firewall traversal and that an IPsec transport
security association be shared by the mobile node and a
correspondent node for end-to-end security.
The second topic researches further on firewall traversal problems
and investigates the way of establishing security associations
among network entities. A new security model and a new key
distribution method are developed. With the help of the security
model and keys, the firewall and the relevant network entities set
up IPsec security associations to achieve firewall traversal.
A mobile node from a private home network cannot communicate with
other hosts with its private home address when it is visiting a
public foreign network. A novel and useful solution is presented
in the third research topic. We suggest that the mobile node use
its Network Access Identifier (NAI) as its identification and
obtain a public home address from its home agent. In addition, a
new tunnel between the mobile node and its home agent is proposed.
48
"Internet security threats and solutions." Thesis, 2015. http://hdl.handle.net/10210/13974.
Full text
49
"A new approach to dynamic internet risk analysis." Thesis, 2009. http://hdl.handle.net/10210/2959.
Full text
50
"Internet payment system--: mechanism, applications & experimentation." 2000. http://library.cuhk.edu.hk/record=b5890314.
Full textAbstract:
Ka-Lung Chong.<br>Thesis (M.Phil.)--Chinese University of Hong Kong, 2000.<br>Includes bibliographical references (leaves 80-83).<br>Abstracts in English and Chinese.<br>Abstract --- p.i<br>Acknowledgments --- p.iii<br>Chapter 1 --- Introduction & Motivation --- p.1<br>Chapter 1.1 --- Introduction --- p.1<br>Chapter 1.2 --- Internet Commerce --- p.3<br>Chapter 1.3 --- Motivation --- p.6<br>Chapter 1.4 --- Related Work --- p.7<br>Chapter 1.4.1 --- Cryptographic Techniques --- p.7<br>Chapter 1.4.2 --- Internet Payment Systems --- p.9<br>Chapter 1.5 --- Contribution --- p.16<br>Chapter 1.6 --- Outline of the Thesis --- p.17<br>Chapter 2 --- A New Payment Model --- p.19<br>Chapter 2.1 --- Model Description --- p.19<br>Chapter 2.2 --- Characteristics of Our Model --- p.22<br>Chapter 2.3 --- Model Architecture --- p.24<br>Chapter 2.4 --- Comparison --- p.30<br>Chapter 2.5 --- System Implementation --- p.30<br>Chapter 2.5.1 --- Acquirer Interface --- p.31<br>Chapter 2.5.2 --- Issuer Interface --- p.32<br>Chapter 2.5.3 --- Merchant Interface --- p.32<br>Chapter 2.5.4 --- Payment Gateway Interface --- p.33<br>Chapter 2.5.5 --- Payment Cancellation Interface --- p.33<br>Chapter 3 --- A E-Commerce Application - TravelNet --- p.35<br>Chapter 3.1 --- System Architecture --- p.35<br>Chapter 3.2 --- System Features --- p.38<br>Chapter 3.3 --- System Snapshots --- p.39<br>Chapter 4 --- Simulation --- p.44<br>Chapter 4.1 --- Objective --- p.44<br>Chapter 4.2 --- Simulation Flow --- p.45<br>Chapter 4.3 --- Assumptions --- p.49<br>Chapter 4.4 --- Simulation of Payment Systems --- p.50<br>Chapter 5 --- Discussion of Security Concerns --- p.54<br>Chapter 5.1 --- Threats to Internet Payment --- p.54<br>Chapter 5.1.1 --- Eavesdropping --- p.55<br>Chapter 5.1.2 --- Masquerading --- p.55<br>Chapter 5.1.3 --- Message Tampering --- p.56<br>Chapter 5.1.4 --- Replaying --- p.56<br>Chapter 5.2 --- Aspects of A Secure Internet Payment System --- p.57<br>Chapter 5.2.1 --- Authentication --- p.57<br>Chapter 5.2.2 --- Confidentiality --- p.57<br>Chapter 5.2.3 --- Integrity --- p.58<br>Chapter 5.2.4 --- Non-Repudiation --- p.58<br>Chapter 5.3 --- Our System Security --- p.58<br>Chapter 5.4 --- TravelNet Application Security --- p.61<br>Chapter 6 --- Discussion of Performance Evaluation --- p.64<br>Chapter 6.1 --- Performance Concerns --- p.64<br>Chapter 6.2 --- Experiments Conducted --- p.65<br>Chapter 6.2.1 --- Description --- p.65<br>Chapter 6.2.2 --- Analysis on the Results --- p.65<br>Chapter 6.3 --- Simulation Analysis --- p.69<br>Chapter 7 --- Conclusion & Future Work --- p.72<br>Chapter A --- Experiment Specification --- p.74<br>Chapter A.1 --- Configuration --- p.74<br>Chapter A.2 --- Experiment Results --- p.74<br>Chapter B --- Simulation Specification --- p.77<br>Chapter B.1 --- Parameter Listing --- p.77<br>Chapter B.2 --- Simulation Results --- p.77<br>Bibliography --- p.80