To see the other types of publications on this topic, follow the link: Security solutions.
Dissertations / Theses on the topic 'Security solutions'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Security solutions.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Haenel, Arié. "Hybrid security solutions for IoT devices." Electronic Thesis or Diss., Institut polytechnique de Paris, 2024. http://www.theses.fr/2024IPPAS022.
Full textAbstract:
Il y a quelques années, un incident de cybersécurité aurait pu facilement être le scénario d'un film hollywoodien : des attaquants ont exploité un point d'entrée inattendu : un thermomètre intelligent dans l'aquarium du hall d'un casino. Cet objet connecté avait accès au réseau du casino, et les pirates ont réussi à le compromettre. Ils ont ensuite utilisé ce point d'entrée initial pour accéder à d'autres parties du réseau et ont finalement exfiltré 20 Go de données sensibles, y compris des informations sur les clients ”gros joueurs”.Cet exploit audacieux met en évidence la vulnérabilité des appareils de l'Internet des Objets (IoT) et l'importance cruciale de leur sécurisation dans notre monde de plus en plus interconnecté. Dans le domaine en constante expansion de l'IoT, la sécurisation des réseaux de capteurs sans fil (WSN) présente un défi unique. Ces réseaux, composés de nœuds de capteurs à ressources limitées, jouent un rôle vital dans diverses applications, agissant comme des sentinelles de notre environnement physique. Cependant, leur puissance de traitement limitée et leur durée de vie de batterie les rendent vulnérables aux cyberattaques. Garantir l'intégrité et la sécurité des données collectées par les WSN est primordial. Cette thèse aborde ce défi en adoptant une approche à deux volets, traitant de la sécurité à la fois du point de vue du réseau et du développement logiciel.Le premier facette présente un schéma d'authentification léger et novateur, conçu pour répondre aux exigences strictes des RSN contraintes par la puissance. En surmontant la charge computationnelle des techniques cryptographiques traditionnelles, ce protocole innovant assure une communication sécurisée tout en minimisant la consommation de ressources, améliorant ainsi considérablement l'efficacité et la fiabilité des réseaux de capteurs sans fil. Cette contribution est validée par une série de méthodes d'évaluation, notamment la mise en œuvre en temps réel, les tests d'exactitude et les évaluations de l'efficacité énergétique. Ces méthodes démontrent l'efficacité et la practicalité du schéma proposé. La deuxième facette introduit Shmulik, un système basé sur le Deep Learning conçu pour détecter des vulnérabilités logicielles, en particulier pour les systèmes embarqués et à ressources limitées. Les méthodes traditionnelles de fortification de ces systèmes ont souvent un coût, nécessitant une mémoire accrue, une puissance de traitement plus importante ou du matériel dédié, ce qui met encore plus à rude épreuve leurs ressources limitées. Shmulik offre une alternative intéressante. En exploitant l'apprentissage profond, nous visons à développer un système capable d'analyser automatiquement le code et de repérer les faiblesses de sécurité potentielles dès le début du processus de développement. La justification de cette double approche réside dans la recherche d'un cadre de sécurité complet. Un schéma d'authentification robuste sécurise la communication au sein du WSN, tandis que Shmulik protège l'ensemble du firmware des vulnérabilités. Les schémas d'authentification traditionnels seuls pourraient ne pas être suffisants si le logiciel lui-même présente des faiblesses exploitables. À l'inverse, l'efficacité de Shmulik repose sur les canaux de communication sécurisés qu'un schéma d'authentification léger peut fournir. En abordant la sécurité au niveau du réseau et du logiciel, nous visons à créer un système de défense plus résilient. Cette thèse comble le fossé entre les solutions de sécurité légères pour les réseaux à ressources limitées et les techniques d'apprentissage profond de pointe pour l'analyse des vulnérabilités logicielles. En explorant ces deux pistes, nous nous efforçons de contribuer à un avenir plus sûr et plus fiable pour les WSN, améliorant ainsi la fiabilité et l'efficacité de cette technologie en évolution rapide<br>A few years ago, a cybersecurity incident could easily have been the scenario of a Hollywood movie: attackers exploited an unexpected entry point: a smart thermometer in the casino's lobby fish tank. This Internet of Things (IoT) device had access to the casino's network, and the hackers managed to compromise it. They then used this initial foothold to access other parts of the network and ultimately exfiltrated 20GB of sensitive data, including high-roller customer information.This audacious exploit highlights the vulnerability of IoT devices and the critical importance of securing them in our increasingly interconnected world. In the ever-expanding realm of the Internet of Things (IoT), securing Wireless Sensor Networks (WSNs) presents a unique challenge. These networks, composed of resource-constrained sensor nodes, play a vital role in various applications, acting as the sentinels of our physical environment. However, their limited processing power and battery life make them vulnerable to cyberattacks. Ensuring the integrity and security of the data collected by WSNs is paramount.This thesis tackles this challenge with a two-pronged approach, addressing security from both the network and software development perspectives.The first facet explores the development of a lightweight authentication scheme specifically designed for power-constrained WSNs. By overcoming the computational overhead of traditional cryptographic techniques, this innovative protocol ensures secure communication while minimizing resource consumption, thereby significantly enhancing the efficiency and reliability of wireless sensor networks. This contribution is validated through a range of evaluation methods, including real-time implementation, accuracy testing, and energy efficiency assessments. These methods demonstrate the effectiveness and practicality of the proposed scheme.The second facet introduces Shmulik, a deep learning-based system crafted to unearth software vulnerabilities, especially for embedded and resource-constrained devices. Traditional methods of fortifying these systems often come at a cost, requiring increased memory, processing power, or dedicated hardware, further straining their limited resources. Shmulik offers a compelling alternative. By leveraging deep learning, we aim to develop a system that can automatically analyze code and pinpoint potential security weaknesses early in the development process. Shmulik's effectiveness is validated by a comprehensive evaluation, including experimental tests, tool comparisons, a case study, and the detection of zero-day vulnerabilities.The rationale for this dual approach lies in the pursuit of a comprehensive security framework. A robust authentication scheme secures communication within the WSN, while Shmulik safeguards the whole firmware from vulnerabilities. Traditional authentication schemes alone might not be sufficient if the software itself has exploitable weaknesses. Conversely, Shmulik's effectiveness relies on the secure communication channels that a lightweight authentication scheme can provide. By addressing security at both network and software levels, we aim to create a more resilient defense system.This thesis bridges the gap between lightweight security solutions for resource-constrained networks and cutting-edge deep learning techniques for software vulnerability analysis. By exploring both avenues, we strive to contribute to a more secure and reliable future for WSNs, ultimately enhancing the trustworthiness and effectiveness of this rapidly evolving technology
2
Mustafa, Ali, Nasir Siddique, and Mubeen Zubair. "DATA LINK LAYER SECURITY PROBLEMS AND SOLUTIONS." Thesis, Högskolan i Halmstad, Akademin för informationsteknologi, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-27574.
Full textAbstract:
The Open Systems Interconnect Model (OSI) is a conceptual model of networking thatcategorizes network functions into seven layers. It is defined in this model that how layerscommunicate with each other. In this thesis, we address common Layer 2 attacks and theirsolutions. Layer 2 is considered a very weak link in a secure network. If the data is compromisedat Layer 2, it cannot be detected at other layers because each layer works without the knowledgeof other layers. We discuss Layer 2 weakness and vulnerability exploitation tools briefly. It isexplained how an attacker can exploit network by using different attack tools. Our results showthat these attacks are very productive if a network administrator does not implement propersecurity at Layer 2 in the OSI model. We propose solutions to secure Layer 2 devices and thesesolutions are implemented by using attack tools. Security configurations are deployed to combatagainst attacks and protect the integrity, confidentiality, and availability of the network traffic.
3
Alsaid, Adil. "Enhancing end user security : attacks and solutions." Thesis, Royal Holloway, University of London, 2007. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.439012.
Full text
4
Bailey, Carmen F. "Analysis of security solutions in large enterprises." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03Jun%5FBailey.pdf.
Full text
5
Ho, Sze-lok, and 何思樂. "Technical solutions for conducting investigations in digital age." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2012. http://hub.hku.hk/bib/B48521802.
Full textAbstract:
Confidentiality has always been a concern in secret operation. In this thesis, we consider the situation of legitimate data request and transfer between investigator and database owner who provides intelligence, where the identity of the investigation subject and the records in the database are both confidential. Current practice of secret investigation solely relies on the integrity and carefulness of the involved individuals to resist data leakage, but regulations, policy, agreement, such human means cannot give a promising solution, thus a technical means is needed. As appropriate solution for this confidential data request and transfer problem cannot be found from related research, our goal is to offer a means that can help keeping the investigation secret and protecting irrelevant data at the same time.
We present a technical solution for preserving two-way confidentiality between the investigator (legitimate data requester) and the database owner (legitimate data holder), which can accommodate the concerns of both sides during the specific information request and transfer. Two schemes, Sender-Based Scheme and Receiver-Based Scheme, have been proposed to solve the problem under different conditions, and illustration of executing our schemes is given through an example situation “Investigator and Private hospital” which is an ordinary scenario during investigation. Furthermore, a practical cost reduction methodology on the schemes and sensible proposals for extensions are suggested and discussed. The direction of future work is also considered.<br>published_or_final_version<br>Computer Science<br>Master<br>Master of Philosophy
6
Alexander, James. "Promoting security imaginaries : an analysis of the market for everyday security solutions." Thesis, University of Manchester, 2014. https://www.research.manchester.ac.uk/portal/en/theses/promoting-security-imaginaries-an-analysis-of-the-market-for-everyday-security-solutions(1dc57433-40f6-40c1-bd13-56ab2347c35a).html.
Full textAbstract:
This thesis is centred on the question of the effect security technologies, and the imaginaries associated with them, have on the formation of the present security doxa. With a more nuanced understanding of technology as process, and the role of imagination reintroduced into the nexus, this thesis aims to enable an understanding of how technological security solutions are deployed in everyday life and how this contributes to a reformulating of politics in a world gripped by anxiety about an uncertain future. Of primary interest is the way in which seemingly mundane technologies can enter the dominant security narrative and achieve deployment in everyday life, not only as the prime solution to concerns of risk, but as something to actively be desired in themselves. A vital and understudied arena for the dissemination of specific imaginaries of mundane security tools as the ultimate solution to a risky future – as an end in and of themselves – are the spaces of promotion for such technologies. The centrepiece of promotion is found at the trade fairs and exhibitions where one can witness the marketing and sale of the ‘latest and greatest’ tech fixes from an ever increasing range of private sector security entrepreneurs whose living is made from promoting security. By offering both a mapping of the wider expansion and logic of the security fair world, and an ethnographic study of interactions within the exhibition walls of the International Fire and Security Exhibition and Conference (IFSEC) over the course of three years, this thesis makes it possible to develop a better understanding of both the makeup and relations between these elements, and expose these gatherings as more than just sites of commerce and consumption, and much more than simply a metaphor for the wider security world. Instead, they can be thought of as hotspots of intensive exchange of knowledge, new ideas and network building. Thus, this thesis aims to demonstrate how international trade fairs and exhibitions are more than just an ever more important means of distributing security technologies. It is not a question of the relationship between visitors and exhibitors, or the particular effectiveness of marketing strategies deployed by individual firms. It is about the underpinning logic of a particular mind-set regarding what it means to consume security as a commodity, and a specific imagining of a secured future with such solutions as the ultimate end-in-themselves and how these spaces are pivotal in the dissemination, propagation and reformulation of changing attitudes towards security.
7
Skaria, Sherin, and Fazely Hamedani Amir Reza. "Network Security Issues, Tools for Testing Security in Computer Network and Development Solution for Improving Security in Computer Network." Thesis, Halmstad University, Halmstad University, Halmstad University, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-4396.
Full text
8
Raza, Shahid. "Lightweight Security Solutions for the Internet of Things." Doctoral thesis, Mälardalens högskola, Akademin för innovation, design och teknik, 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-18863.
Full textAbstract:
The future Internet will be an IPv6 network interconnecting traditional computers and a large number of smart object or networks such as Wireless Sensor Networks (WSNs). This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operations. Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. The traditional Internet has established and tested ways of securing networks. The IoT is a hybrid network of the Internet and resource-constrained networks, and it is therefore reasonable to explore the options of using security mechanisms standardized for the Internet in the IoT. The IoT requires multi-facet security solutions where the communication is secured with confidentiality, integrity, and authentication services; the network is protected against intrusions and disruptions; and the data inside a sensor node is stored in an encrypted form. Using standardized mechanisms, communication in the IoT can be secured at different layers: at the link layer with IEEE 802.15.4 security, at the network layer with IP security (IPsec), and at the transport layer with Datagram Transport Layer Security (DTLS). Even when the IoT is secured with encryption and authentication, sensor nodes are exposed to wireless attacks both from inside the WSN and from the Internet. Hence an Intrusion Detection System (IDS) and firewalls are needed. Since the nodes inside WSNs can be captured and cloned, protection of stored data is also important. This thesis has three main contributions. (i) It enables secure communication in the IoT using lightweight compressed yet standard compliant IPsec, DTLS, and IEEE 802.15.4 link layer security; and it discusses the pros and cons of each of these solutions. The proposed security solutions are implemented and evaluated in an IoT setup on real hardware. (ii) This thesis also presents the design, implementation, and evaluation of a novel IDS for the IoT. (iii) Last but not least, it also provides mechanisms to protect data inside constrained nodes. The experimental evaluation of the different solutions shows that the resource-constrained devices in the IoT can be secured with IPsec, DTLS, and 802.15.4 security; can be efficiently protected against intrusions; and the proposed combined secure storage and communication mechanisms can significantly reduce the security-related operations and energy consumption.
9
Hussein, Soran. "Lightweight Security Solutions for LTE/LTE-A Networks." Thesis, Paris 11, 2014. http://www.theses.fr/2014PA112366/document.
Full textAbstract:
Récemment, le 3GPP (3rd Generation Partnership Project) a standardisé les systèmes LTE/LTE-A (Long Term Evolution/LTE-Advanced) qui ont été approuvés par l'UIT (Union Internationale des Télécommunications) comme des réseaux de télécommunications mobiles de 4éme génération. La sécurité est l'une des questions essentielles qui doivent être traitées avec soin pour protéger les informations de l'opérateur et des utilisateurs. Aussi, le 3GPP a normalisé plusieurs algorithmes et protocoles afin de sécuriser les communications entre les différentes entités du réseau. Cependant, l'augmentation du niveau de sécurité dans ces systèmes ne devrait pas leur imposer des contraintes lourdes telles qu’une grande complexité de calcul ou encore une forte consommation d'énergie. En effet, l'efficacité énergétique est devenue récemment un besoin critique pour les opérateurs afin de réduire l’empreinte écologique et les coûts opérationnels de ces systèmes. Les services de sécurité dans les réseaux mobiles tels que l'authentification, la confidentialité et l'intégrité des données sont le plus souvent effectués en utilisant des techniques cryptographiques. Toutefois, la plupart des solutions standardisées déjà adoptées par le 3GPP dépendent des algorithmes de chiffrement qui possèdent une grande complexité, induisant une consommation énergétique plus élevée dans les différentes entités communicantes du réseau. La confidentialité des données, qui se réfère principalement au fait de s'assurer que l'information n'est accessible qu'à ceux dont l'accès est autorisé, est réalisée au niveau de la sous-couche PDCP (Packet Data Convergence Protocol) de la pile protocolaire de LTE/LTE-A par l'un des trois algorithmes normalisés (EEA1, EEA2 et EEA3). Or, chacun des trois algorithmes exige une forte complexité de calcul car ils reposent sur la théorie de chiffrement de Shannon qui utilise les fonctions de confusion et de diffusion sur plusieurs itérations. Dans cette thèse, nous proposons un nouvel algorithme de confidentialité en utilisant le concept de substitution et de diffusion dans lequel le niveau de sécurité requis est atteint en un seul tour. Par conséquent, la complexité de calcul est considérablement réduite ce qui entraîne une réduction de la consommation d'énergie par les fonctions de chiffrement et de déchiffrement. De plus, la même approche est utilisée pour réduire la complexité des algorithmes 3GPP d'intégrité des données (EIA1, EIA2 et EIA3) dont le concept de chiffrement repose sur les mêmes fonctions complexes. Enfin, nous étudions dans cette thèse le problème d'authentification dans le contexte du paradigme D2D (Device to Device communications) introduit dans les systèmes 4G. Le concept D2D se réfère à la communication directe entre deux terminaux mobiles sans passer par le cœur du réseau. Il constitue un moyen prometteur pour améliorer les performances et réduire la consommation d'énergie dans les réseaux LTE/LTE-A. Toutefois, l'authentification et la dérivation de clé entre deux terminaux mobiles dans le contexte D2D n’ont pas fait l’objet d’études. Aussi, nous proposons un nouveau protocole léger d’authentification et de dérivation de clé permettant d’authentifier les terminaux D2D et de dériver les clés nécessaires à la fois pour le cryptage et pour la protection de l'intégrité des données<br>Recently, the 3rd Group Project Partnership (3GPP) has developed Long Term Evolution/ Long Term Evolution-Advanced (LTE/LTE-A) systems which have been approved by the International Telecommunication Union (ITU) as 4th Generation (4G) mobile telecommunication networks. Security is one of critical issues which should be handled carefully to protect user's and mobile operator's information. Thus, the 3GPP has standardized algorithms and protocols in order to secure the communications between different entities of the mobile network. However, increasing the security level in such networks should not compel heavy constrains on these networks such as complexity and energy. Indeed, energy efficiency has become recently a critical need for mobile network operators for reduced carbon emissions and operational costs. The security services in mobile networks such as authentication, data confidentiality and data integrity are mostly performed using cryptographic techniques.However, most of the standardized solutions already adopted by the3GPP depend on encryption algorithms which possess high computational complexity which in turn contributes in consuming further energy at the different network communication parties.Data confidentiality which mainly refers to the protection of the user’s information privacy is achieved at the Packet Data Convergence Protocol (PDCP) sub-layer in the LTE/LTE-A protocol stack by one of the three standardized algorithms (EEA1, EEA2 and EEA3). However, each of the three algorithms requires high computational complexity since they rely on Shannon’s theory of encryption algorithms by applying confusion and diffusion for several rounds. In our thesis we propose a novel confidentiality algorithm using the concept of substitution and diffusion in which the required security level is attained in only one round. Consequently the computational complexity is considerably reduced which in return results in reducing the energy consumption during both encryption and decryption procedures. Similarly, the same approach is used to reduce the complexity of 3GPP data integrity algorithms (EIA1, EIA2 and EIA3) which the core cipher rely on the same complex functions. Finally, we investigate in this thesis the authentication issue in Device to Device paradigms proposal in 4G systems. Device to Device communications refer to direct communications between two mobile devices without passing through the core network. They constitute a promising mean to increase the performance and reduce energy consumptions in LTE/LTE-A networks. In such context, the authentication and key derivation between two mobile devices have not been well investigated. Thus, a novel lightweight authentication and key derivation protocol is proposed to authenticate two communicating devices during session establishments as well as deriving necessary keys for both data encryption and integrity protection
10
Lejaha, Retselisitsoe. "SDN based security solutions for multi-tenancy NFV." Master's thesis, University of Cape Town, 2017. http://hdl.handle.net/11427/24474.
Full textAbstract:
The Internet continues to expand drastically as a result of explosion of mobile devices, content, server virtualization, and advancement of cloud services. This increase has significantly changed traffic patterns within the enterprise data centres. Therefore, advanced technologies are needed to improve traditional network deployments to enable them to handle the changing network patterns. Software defined networks (SDN) and network function virtualisation (NFV) are innovative technologies that enable network flexibility, increase network and service agility, and support service-driven virtual networks using concepts of virtualisation and softwarisation. Collaboration of these two concepts enable cloud operator to offer network-as-a-service (NaaS) to multiple tenants in a data-centre deployment. Despite the benefits brought by these technologies, they also bring along security challenges that need to be addressed and managed to ensure successful deployment and encourage faster adoption in industry. This dissertation proposes security solution based on tenant isolation, network access control (NAC) and network reconfiguration that can be implemented in NFV multi-tenant deployment to guarantee privacy and security of tenant functions. The evaluation of the proof-of-concept framework proves that SDN based tenant isolation solution provides a high level of isolation in a multi-tenant NFV cloud. It also shows that the proposed network reconfiguration greatly reduces chances of an attacker correctly identifying location and IP addresses of tenant functions within the cloud environment. Because of resource limitation, the proposed NAC solution was not evaluated. The efficiency of this solution for multitenancy NFV has been added as part of future work.
11
Okwuibe, J. (Jude). "Performance evaluation of HIP-based network security solutions." Master's thesis, University of Oulu, 2015. http://jultika.oulu.fi/Record/nbnfioulu-201510102056.
Full textAbstract:
Abstract. Host Identity Protocol (HIP) is a networking technology that systematically separates the identifier and locator roles of IP addresses and introduces a Host Identity (HI) name space based on a public key security infrastructure. This modification offers a series of benefits such as mobility, multi-homing, end-to-end security, signaling, control/data plane separation, firewall security, e.t.c. Although HIP has not yet been sufficiently applied in mainstream communication networks, industry experts foresee its potential as an integral part of next generation networks.
HIP can be used in various HIP-aware applications as well as in traditional IP-address-based applications and networking technologies, taking middle boxes into account. One of such applications is in Virtual Private LAN Service (VPLS), VPLS is a widely used method of providing Ethernet-based Virtual Private Network that supports the connection of geographically separated sites into a single bridged domain over an IP/MPLS network. The popularity of VPLS among commercial and defense organizations underscores the need for robust security features to protect both data and control information.
After investigating the different approaches to HIP, a real world testbed is implemented. Two experiment scenarios were evaluated, one is performed on two open source Linux-based HIP implementations (HIPL and OpenHIP) and the other on two sets of enterprise equipment from two different companies (Tempered Networks and Byres Security). To account for a heterogeneous mix of network types, the Open source HIP implementations were evaluated on different network environments, namely Local Area Network (LAN), Wireless LAN (WLAN), and Wide Area Network (WAN). Each scenario is tested and evaluated for performance in terms of throughput, latency, and jitter.
The measurement results confirmed the assumption that no single solution is optimal in all considered aspects and scenarios. For instance, in the open source implementations, the performance penalty of security on TCP throughput for WLAN scenario is less in HIPL than in OpenHIP, while for WAN scenario the reverse is the case. A similar outcome is observed for the UDP throughput. However, on latency, HIPL showed lower latency for all three network test scenarios. For the legacy equipment experiment, the penalty of security on TCP throughput is about 19% compared with the non-secure scenario while latency is increased by about 87%. This work therefore provides viable information for researchers and decision makers on the optimal solution to securing their VPNs based on the application scenarios and the potential performance penalties that come with each approach.HIP-pohjaisten tietoliikenneverkkojen turvallisuusratkaisujen suorituskyvyn arviointi. Tiivistelmä. Koneen identiteettiprotokolla (HIP, Host Identity Protocol) on tietoliikenneverkkoteknologia, joka käyttää erillistä kerrosta kuljetusprotokollan ja Internet-protokollan (IP) välissä TCP/IP-protokollapinossa. HIP erottaa systemaattisesti IP-osoitteen verkko- ja laite-osat, sekä käyttää koneen identiteetti (HI) -osaa perustuen julkisen avainnuksen turvallisuusrakenteeseen. Tämän hyötyjä ovat esimerkiksi mobiliteetti, moniliittyminen, päästä päähän (end-to-end) turvallisuus, kontrolli-informaation ja datan erottelu, kohtaaminen, osoitteenmuutos sekä palomuurin turvallisuus. Teollisuudessa HIP-protokolla nähdään osana seuraavan sukupolven tietoliikenneverkkoja, vaikka se ei vielä olekaan yleistynyt laajaan kaupalliseen käyttöön.
HIP–protokollaa voidaan käyttää paitsi erilaisissa HIP-tietoisissa, myös perinteisissä IP-osoitteeseen perustuvissa sovelluksissa ja verkkoteknologioissa. Eräs tällainen sovellus on virtuaalinen LAN-erillisverkko (VPLS), joka on laajasti käytössä oleva menetelmä Ethernet-pohjaisen, erillisten yksikköjen ja yhden sillan välistä yhteyttä tukevan, virtuaalisen erillisverkon luomiseen IP/MPLS-verkon yli. VPLS:n yleisyys sekä kaupallisissa- että puolustusorganisaatioissa korostaa vastustuskykyisten turvallisuusominaisuuksien tarpeellisuutta tiedon ja kontrolliinformaation suojauksessa.
Tässä työssä tutkitaan aluksi HIP-protokollan erilaisia lähestymistapoja. Teoreettisen tarkastelun jälkeen käytännön testejä suoritetaan itse rakennetulla testipenkillä. Tarkasteltavat skenaariot ovat verrata Linux-pohjaisia avoimen lähdekoodin HIP-implementaatioita (HIPL ja OpenHIP) sekä verrata kahden eri valmistajan laitteita (Tempered Networks ja Byres Security). HIP-implementaatiot arvioidaan eri verkkoympäristöissä, jota ovat LAN, WLAN sekä WAN. Kaikki testatut tapaukset arvioidaan tiedonsiirtonopeuden, sen vaihtelun (jitter) sekä latenssin perusteella.
Mittaustulokset osoittavat, että sama ratkaisu ei ole optimaalinen kaikissa tarkastelluissa tapauksissa. Esimerkiksi WLAN-verkkoa käytettäessä turvallisuuden aiheuttama häviö tiedonsiirtonopeudessa on HIPL:n tapauksessa OpenHIP:iä pirnempi, kun taas WAN-verkon tapauksessa tilanne on toisinpäin. Samanlaista käyttäytymistä havaitaan myös UDP-tiedonsiirtonopeudessa. HIPL antaa kuitenkin pienimmän latenssin kaikissa testiskenaarioissa. Eri valmistajien laitteita vertailtaessa huomataan, että TCP-tiedonsiirtonopeus huononee 19 ja latenssi 87 prosenttia verrattuna tapaukseen, jossa turvallisuusratkaisua ei käytetä. Näin ollen tämän työn tuottama tärkeä tieto voi auttaa alan toimijoita optimaalisen verkkoturvallisuusratkaisun löytämisessä VPN-pohjaisiin sovelluksiin.
12
Gaboriau-Couanau, Clément. "Security of Embedded Software : An Analysis of Embedded Software Vulnerabilities and Related Security Solutions." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-215703.
Full textAbstract:
The increased use of computer systems for storing private data or doing critical operations leads to some security issues gathered in the area cybersecurity. This neologism leads people to think about the security of information systems and general-purpose computers. However, with the growth of the Internet of Things, embedded systems are also concerned with these issues. The speed of development of this area often leads to a backwardness in the security features. The thesis investigates the security of embedded systems by focusing on embedded software. After classifying the vulnerabilities which could be encountered in this field, a first part of this work introduces the realisation of a document gathering guidelines related to secure development of embedded software. This realisation is based on an analysis of the literature review, but also on the knowledge of engineers of the company. These guidelines are applied to the project of a client. The result of their application allows us to prove their consistency and to write a set of recommendations to enhance the security of the project. The thesis presents the implementation of some of them. Particularly, it introduces a way to secure an Inter-Process Communication (IPC) mean: D-Bus, through a proof of concept. The result shows that the security policy of D-Bus is efficient against some attacks. Nevertheless, it also points out that some att acks remain feasible. The solution is implemented on an embedded board to analyse the computational overhead related to this embedded aspect. As expected, a more complex and detailed a policy is, the higher the overhead tends to be. Nevertheless, this computational overhead is proportional to the number of rules of the policy.<br>Den ökade användningen av datorsystem för att lagra privata data eller göra kritiska operationer leder till vissa säkerhetsproblem som samlas i området cybersäkerhet. Denna neologism leder människor att tänka på säkerhetssystemen för informationssystem och allmänt tillgängliga datorer. Men med tillväxten av saker i saken är inbyggda system också berörda av dessa frågor. Utvecklingshastigheten för detta område leder ofta till en underutveckling säkerhetsfunktionerna.Avhandlingen undersöker säkerheten för inbyggda system genom att fokusera på inbyggd programvara. Efter att ha klassificerat de sårbarheter som kan uppstå i det här fältet introducerar en första del av det här arbetet realisationen av ett dokument av riktlinjer om säker utveckling av inbyggd programvara. Denna insikt bygger på en analys av litteraturgranskningen, men också på kunskap om ingenjörer i företaget. Dessa riktlinjer tillämpas på en kunds projekt.Resultatet av deras ansökan gör det möjligt för oss att bevisa deras konsistens och att skriva rekommendationer för att förbättra projektets säkerhet. Avhandlingen presenterar genomförandet av några av dem. Ett sätt införs särskilt patt säkra en interprocesskommunikation (IPC) menande: DBus, genom ett konceptbevis. Resultatet visar att D-Busens säkerhetspolitik är effektiv mot vissa attacker. Det påpekar emellertid också att vissa attacker fortfarande är möjliga. Lösningen implementeras på ett inbyggd kort för att analysera beräkningsoverhead som är relaterad till denna inbyggda aspekt. Som förväntat är en mer komplex och detaljerad politik, desto högr e överhuvudtaget tenderar att vara. Ändå är denna beräkningskostnad proportionell mot antalet av regler av säkerhetspolitiken.
13
Bohio, Muhammad Junaid. "Identity-based security solutions for mobile ad hoc networks." Thesis, University of Ottawa (Canada), 2004. http://hdl.handle.net/10393/26586.
Full textAbstract:
In this thesis, we propose security solutions for pairwise and broadcast communication in mobile ad hoc networks. We use identity-based keys that do not require certificates and that simplify key management. We use pairwise symmetric keys that are computed non-interactively by the nodes, which reduces communication overhead. Our pairwise-key management protocol requires a minimum number of keys, O(N), to be generated by the third party as compared to the conventional pairwise schemes with O(N2). We also propose an efficient identity-based signature scheme for an authenticated broadcast protocol, a collision-free method for computing broadcast keys, a key escrow free scheme and a signcryption scheme as an alternative to our signature-encryption algorithm for broadcast protocol. Since in the group key distribution in mobile ad hoc networks there is the possibility of packet loss due to the mobility of users and wireless channels, we also propose self-healing, mutual-healing and some optimization techniques for the recovery of lost session keys.
14
Aslam, Baber. "Networking and security solutions for VANET initial deployment stage." Doctoral diss., University of Central Florida, 2012. http://digital.library.ucf.edu/cdm/ref/collection/ETD/id/5109.
Full textAbstract:
Vehicular ad hoc network (VANET) is a special case of mobile networks, where vehicles equipped with computing/communicating devices (called "smart vehicles") are the mobile wireless nodes. However, the movement pattern of these mobile wireless nodes is no more random, as in case of mobile networks, rather it is restricted to roads and streets. Vehicular networks have hybrid architecture; it is a combination of both infrastructure and infrastructure-less architectures. The direct vehicle to vehicle (V2V) communication is infrastructure-less or ad hoc in nature. Here the vehicles traveling within communication range of each other form an ad hoc network. On the other hand, the vehicle to infrastructure (V2I) communication has infrastructure architecture where vehicles connect to access points deployed along roads. These access points are known as road side units (RSUs) and vehicles communicate with other vehicles/wired nodes through these RSUs. To provide various services to vehicles, RSUs are generally connected to each other and to the Internet. The direct RSU to RSU communication is also referred as I2I communication. The success of VANET depends on the existence of pervasive roadside infrastructure and sufficient number of smart vehicles. Most VANET applications and services are based on either one or both of these requirements. A fully matured VANET will have pervasive roadside network and enough vehicle density to enable VANET applications. However, the initial deployment stage of VANET will be characterized by the lack of pervasive roadside infrastructure and low market penetration of smart vehicles. It will be economically infeasible to initially install a pervasive and fully networked roadside infrastructure, which could result in the failure of applications and services that depend on V2I or I2I communications. Further, low market penetration means there are insufficient number of smart vehicles to enable V2V communication, which could result in failure of services and applications that depend on V2V communications. Non-availability of pervasive connectivity to certification authorities and dynamic locations of each vehicle will make it difficult and expensive to implement security solutions that are based on some central certificate management authority. Non-availability of pervasive connectivity will also affect the backend connectivity of vehicles to the Internet or the rest of the world. Due to economic considerations, the installation of roadside infrastructure will take a long time and will be incremental thus resulting in a heterogeneous infrastructure with non-consistent capabilities. Similarly, smart vehicles will also have varying degree of capabilities. This will result in failure of applications and services that have very strict requirements on V2I or V2V communications. We have proposed several solutions to overcome the challenges described above that will be faced during the initial deployment stage of VANET. Specifically, we have proposed: 1) a VANET architecture that can provide services with limited number of heterogeneous roadside units and smart vehicles with varying capabilities, 2) a backend connectivity solution that provides connectivity between the Internet and smart vehicles without requiring pervasive roadside infrastructure or large number of smart vehicles, 3) a security architecture that does not depend on pervasive roadside infrastructure or a fully connected V2V network and fulfills all the security requirements, and 4) optimization solutions for placement of a limited number of RSUs within a given area to provide best possible service to smart vehicles. The optimal placement solutions cover both urban areas and highways environments.<br>ID: 031001553; System requirements: World Wide Web browser and PDF reader.; Mode of access: World Wide Web.; Adviser: .; Title from PDF title page (viewed August 23, 2013).; Thesis (Ph.D.)--University of Central Florida, 2012.; Includes bibliographical references.<br>Ph.D.<br>Doctorate<br>Computer Science<br>Engineering and Computer Science<br>Computer Science
15
Galiulina, Irina, and Patrik Karlstén. "The suitability of LoRaWAN for battery powered security solutions." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-232130.
Full textAbstract:
Many conventional forms of communication technology, such as Wi-Fi, 3G/4G or cable, require a lot of power. For battery powered devices that need to last a long time on a single charge, one alternative is the low-power, long range technology LoRaWAN. This thesis tries to answer the question how well do the properties of LoRaWAN meet the requirements for a battery powered security solution? Two identical prototype remote motion detectors were implemented for this purpose. The results show that while the prototypes do not meet the requirements for energy efficiency, LoRaWAN as a technology easily does. The results shows that if a solution to the reliability issues can be found, LoRaWAN would be well suited for battery powered security solutions.<br>Många vanliga teknologier som används för kommunikation, så som Wi-Fi, 3G/4G eller fiber, kan vara väldigt strömkrävande. Ett alternativ för batteridrivna enheter som behöver kunna klara sig på en laddning under lång tid, är att använda en lågenergiteknologi med lång räckvidd LoRaWAN. Den här rapporten försöker att besvara frågan om hur väl LoRaWANs egenskaper tillgodoser de krav som ställs på batteridrivna säkerhetslösningar. För detta ändamål utvecklades två identiska prototyper av en batteridriven rörelsesensor. Resultaten visar på att även om prototyperna inte möter energikonsumptionskraven, så gör själva LoRaWAN-tekniken detta. Resultaten visar att om man kan hitta lösningar på problemen med pålitligheten hos LoRaWAN, så kan LoRaWAN mycket väl vara lämpligt för batteridrivna säkerhetslösningar.
16
Olandersson, Sandra, and Jeanette Fredsson. "Threats in Information Security : Beyond technical solutions. - Using Threat Tree Analysis." Thesis, Blekinge Tekniska Högskola, Institutionen för programvaruteknik och datavetenskap, 2001. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3829.
Full textAbstract:
To be able to protect an organisation's resources, it is important to understand what there is to protect and what to protect it from. The first step is to try to analyse the security threats that exist against an organisation's resources to explore the risks. Threats have to be identified, for the organisation to protect its resources and find where the optimal placement against threats is. This thesis analysis whether it is possible to obtain a Threat Tree Analysis that is useful for developing an information security policy for the municipality in Ronneby, using the SS 62 77 99-1 standard. A co-operation between the technical solutions and the administrative security is necessary to achieve information security, together with ordinary common sense. True, each of these can help improve security, but none of them is a complete solution. Security is not a product - it is a process. Threat trees form the basis of understanding that process. In this thesis, we have been using a qualitative method. The analysis method is a case study at the Social Department, at the municipality in Ronneby. Through interviews it has come us to hand, that the organisation has not established an information security policy which should give the code of practice for how the work of information security will pursue within the organisation. The organisation does neither use a model for structuring threats nor a method for collecting threats against information today. Through the structure of possible threats, the personnel generates an understanding of the organisation and takes active part finding adequate threats within the Social Department. As users understand the importance of security, how to use it, and where to report suspected violations, they can do a great deal to reduce the risk to loose information. Important to remember is that the education is an ongoing process, new users need training and trained users need reminding, especially when new technologies or processes are introduced. Thus, Threat Tree Analysis is useful for continuing towards developing an information security policy according to SS 62 77 99-1 standard.<br>För att kunna skydda en organisations resurser är det viktigt att förstå vad organisationen behöver skydda och vad den ska skydda det ifrån. Det första steget är att analysera hot mot organisationens resurser för att uppskatta riskerna. Hot måste identifieras för att organisationen ska kunna skydda sina resurser och hitta den optimala placeringen av åtgärder mot hot. Denna uppsatsen undersöker om det är möjligt att skapa en hotträdsanalys som är användbar för skapandet av en informationssäkerhetspolicy för Ronneby kommun, genom att använda standarden SS 62 77 99-1. Vi betonar i uppsatsen att ett samarbete mellan existerande tekniska lösningar och administrativ säkerhet är nödvändigt för att uppnå informationssäkerhet. Visst kan var och en av dessa hjälpa till att förbättra säkerheten, men ingen av dem är ensam den kompletta lösningen. Säkerhet är inte en produkt - det är en process. Hotträd formar grunden för en förståelse av den processen. I denna uppsats har vi använt en kvalitativ metod. Analysmetoden är en fallstudie på Socialförvaltningen i Ronneby kommun. Genom intervjuer har vi fått fram att organisationen inte har etablerat en informationssäkerhetspolicy, vilken ska ge riktlinjer för hur säkerhetsarbetet ska fullföljas inom organisationen. Organisationen använder varken en modell för att identifiera hot mot information eller en metod för att strukturera hoten. Genom strukturen av möjliga hot, genererar personalen en förståelse för organisationen och tar aktivt del i att identifiera hot mot Socialförvaltningen. Detta medför att alla användare förstår hur viktigt det är med säkerhet, vart de ska rapportera misstänkta händelser och de kan göra mycket för att minska risken att förlora information. Det är viktigt att komma ihåg att utbildning är en pågående process, nya användare behöver utbildning och utbildade användare behöver vidareutbildning, speciellt när nya tekniker eller processer introduceras. Därför är hotträdsanalysen en användbar modell för arbetet mot att skapa en informationssäkerhetspolicy enligt standarden SS 62 77 99-1.<br>Sandra Olandersson Blåbärsvägen 27 372 38 RONNEBY 0457 / 12084 Jeanette Fredsson Villa Viola 372 36 RONNEBY 0457 / 26616
17
Zhang, Yanchao. "Security in heterogeneous wireless ad hoc networks challenges and solutions /." [Gainesville, Fla.] : University of Florida, 2006. http://purl.fcla.edu/fcla/etd/UFE0015609.
Full text
18
Nicanfar, Hasen. "Security and privacy in smart grid context : problems and solutions." Thesis, University of British Columbia, 2015. http://hdl.handle.net/2429/55190.
Full textAbstract:
In order to improve the power grid and provision the Smart Grid concept, one well-defined approach would be to utilize new information and communication technology. Live power consumption data in addition to the time base power consumption rate are essential requirements in this context. These communications are supposed to be bi-directional between consumers, providers and smart grid administrations (market, operators, etc.). However, one of the most essential requirements that should be preserved is to address communication security and privacy. There are many opportunities for adversaries to attack the smart grid system, even remotely anywhere in the world, that could result in costly issues and damages in the system, even jeopardize user privacy. In the first part of this thesis, we concentrate on improving the efficiency of security mechanism and present our tailored authentication and key management mechanisms. We propose two solutions, one for communications between home appliances and a home gateway (smart meter), while the second solution aims at communications between the home smart meter and an appropriate server located in the smart grid utility network.We then propose enhancements on key management by developing two key construction mechanisms based on the Password Authentication Key Exchange (PAKE) protocol. The first is a cluster-based group key mechanism between smart grid entities, e.g. consumers in a neighbourhood area
network. The second enhancement is a multi-layer key mechanism motivated by controlling the home smart appliances using different smart grid controllers located in different layers of the controlling hierarchy network. The second part of the thesis concentrates on Privacy. In this part, we present a privacy mechanism based on enhanced network coding for communications between smart meters and utility servers via a mesh topology. Finally, we propose a privacy-aware security solution for mobile devices. For example, to support electric vehicles in buying and selling the power from and to the grid, or in case of the smart phones in the heterogeneous network (4G and/or 5G), to support handover between the access points.<br>Applied Science, Faculty of<br>Electrical and Computer Engineering, Department of<br>Graduate
19
Ekhator, Stephen. "Evaluating Kismet and NetStumbler as Network Security Tools & Solutions." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5668.
Full textAbstract:
ABSTRACT Despite advancement in computer firewalls and intrusion detection systems, wired and wireless networks are experiencing increasing threat to data theft and violations through personal and corporate computers and networks. The ubiquitous WiFi technology which makes it possible for an intruder to scan for data in the air, the use of crypto-analytic software and brute force application to lay bare encrypted messages has not made computers security and networks security safe more so any much easier for network security administrators to handle. In fact the security problems and solution of information systems are becoming more and more complex and complicated as new exploit security tools like Kismet and Netsh (a NetStumbler alternative) are developed. This thesis work tried to look at the passive detection of wireless network capability of kismet and how it function and comparing it with the default windows network shell ability to also detect networks wirelessly and how vulnerable they make secured and non-secured wireless network. Further analysis where made on captured network source packets using wireshark (a network analyzer). The discovery of MAC addresses, IP address, data frames, SSID’s by kismet and netsh and the further exposure of management traffic with wireshark is a source of concern given that such useful network parameters in the hands of an experienced hacker would be a valuable information that could be used in hacking into any network computer. Introduction to kismet and netstumbler application and their inherent capabilities in network detection is given an in depth look at the beginning of this work. A wide range of definitions and concepts of wireless technology application and uses as it applies to wireless networks, supported devices, security standards and protocols, firewalls and ad-hoc networks, wardriving and its legality, types of authentication, the Linux kernel, special TCP/UDP ports, the drone and third party firmware were all given an in depth look. kismet download and configurations on linux based OS and the netsh utility fucntionalities was explained for the purpose of clarity. Captured management data packets were opened with wireshark and management data frames found within the packets were analysed. Also, a look at the different file types and results of captured management traffic were displayed. Some of the challenges encountered in the course of this work were discoursed in details and comparison between kismet and netsh was done from the perspective of the vulnerability of a network and the poor channel hopping capability of kismet.<br>The thesis is about deploying Kismet application software to capture wireless networks, analysis the capture data packets if there is any vulnerability and then compare the results with NETSH captures . NETSH is a Netstumbler alternative which comes as default in Windows vista.
20
Lensing, Daniel Paul. "Social Security: an evaluation of current problems and proposed solutions." Kansas State University, 2014. http://hdl.handle.net/2097/18219.
Full textAbstract:
Master of Arts<br>Department of Economics<br>William F. Blankenau<br>This paper examines several different issues which could make the various Social Security programs insolvent. I evaluate each cause and how it is related to the problems experienced by each program to determine potential policy changes. I draw the majority of my data and information from peer-reviewed scholarly articles, as well as government agencies such as the Social Security Administration, Bureau of Labor Statistics, and the Congressional Research Service.
Section 1 of the paper explains the history of the Social Security program and the circumstances creating it. Section 2 goes into greater detail explaining different issues which could make the system insolvent. These areas are: earnings inequality, changes in healthcare, increased life expectancy, changes in the dependency ratio, general trust fund issues, disability trust fund issues, political climate, and recessions/reduced earnings. In Section 3, I evaluate two different proposed plans to fix Social Security. The first plan is an academic plan, the Diamond-Orszag Plan; the second is a plan created by a think-tank, The Heritage Plan. Section 4 gives a conclusion of the implications of the paper and explains the benefits and drawbacks of the two evaluated plans.
After evaluating all the problems with Social Security and the two proposed plans, I come to the conclusion that neither plan would be ideal by itself. The Diamond-Orszag Plan is the most politically feasible plan, as it doesn’t change the framework of the current program. A combination of the two plans would be most beneficial, as The Heritage Plan has policy specifically targeting the problems with the Medicare system, where the Diamond-Orszag Plan does not. The three different plans for changing the disability system I evaluate in Section 2.5 are specific, targeted plans and could be a nice addition to a plan such as the Diamond-Orszag Plan. In any case, the sooner politicians finally start taking Social Security’s instability seriously, the better. The longer we wait, the more complex and difficult the problem will become.
21
McGinthy, Jason M. "Solutions for Internet of Things Security Challenges: Trust and Authentication." Diss., Virginia Tech, 2019. http://hdl.handle.net/10919/91443.
Full textAbstract:
The continuing growth of Internet-connected devices presents exciting opportunities for future technology. These Internet of Things (IoT) products are being manufactured and interleaved with many everyday activities, which is creating a larger security concern. Sensors will collect previously unimaginable amounts of private and public data and transmit all of it through an easily observable wireless medium in order for other devices to perform data analytics. As more and more devices are produced, many are lacking a strong security foundation in order to be the "first to market." Moreover, current security techniques are based on protocols that were designed for more-capable devices such as desktop computers and cellular phones that have ample power, computational ability, and memory storage. Due to IoT's technological infancy, there are many security challenges without proper solutions. As IoT continues to grow, special considerations and protections must be in place to properly secure this data and protect the privacy of its users. This dissertation highlights some of the major challenges related to IoT and prioritizes their impacts to help identify where gaps are that must be filled. Focusing on these high priority concerns, solutions are presented that are tailored to IoT's constraints. A security feature-based framework is developed to help characterize classes of devices to help manage the heterogeneous nature of IoT devices and networks. A novel physical device authentication method is presented to show the feasibility in IoT devices and networks. Additional low-power techniques are designed and evaluated to help identify different security features available to IoT devices as presented in the aforementioned framework.<br>Doctor of Philosophy<br>The Internet has been gaining a foothold in our everyday lives. Smart homes, smart cars, and smart cities are becoming less science fiction and more everyday realities. In order to increase the public’s general quality of life, this new Internet of Things (IoT) technological revolution is adding billions of devices around us. These devices aim to collect unforeseen amounts of data to help better understand environments and improve numerous aspects of life. However, IoT technology is still in its infancy, so there are still many challenges still remaining. One major issue in IoT is the questionable security for many devices. Recent cyber attacks have highlighted the shortcomings of many IoT devices. Many of these device manufacturers simply wanted to be the first in a niche market, ignoring the importance of security. Proper security implementation in IoT has only been done by a minority of designers and manufacturers. Therefore, this document proposes a secure design for all IoT devices to be based. Numerous security techniques are presented and shown to properly protect the data that will pass through many of these devices. The overall goal for this proposed work aims to have an overall security solution that overcomes the current shortfalls of IoT devices, lessening the concern for IoT’s future use in our everyday lives.
22
Bragaglia, Elisa. "Analysis and partial solutions of security problems in automotive environments." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2015. http://amslaurea.unibo.it/8696/.
Full textAbstract:
Questo scritto mira a fare una panoramica dei problemi legati alla sicurezza della comunicazione tra componenti interne dei veicoli e delle soluzioni oggigiorno disponibili. Partendo con una descrizione generale del circuito interno dell’auto analizzeremo i suoi punti di accesso e discuteremo i danni prodotti dalla sua manomissione illecita. In seguito vedremo se ´è possibile prevenire tali attacchi dando un’occhiata alle soluzioni disponibili e soffermandoci in particolare sui moduli crittografici e le loro applicazioni. Infine presenteremo l’implementazione pratica di un protocollo di autenticazione tra ECUs e una dimostrazione matematica della sua sicurezza.
23
BOERO, LUCA. "Advanced SDN-Based QoS and Security Solutions for Heterogeneous Networks." Doctoral thesis, Università degli studi di Genova, 2019. http://hdl.handle.net/11567/940881.
Full textAbstract:
This thesis tries to study how SDN can be employed in order to support Quality of Service and how the support of this functionality is fundamental for today networks. Considering, not only the present networks, but also the next generation ones, the importance of the SDN paradigm become manifest as the use of satellite networks, which can be useful considering their broadcasting capabilities. For these reasons, this research focuses its attention on satellite - terrestrial networks and in particular on the use of SDN inside this environment. An important fact to be taken into account is that the growing of the information technologies has pave the way for new possible threats. This research study tries to cover also this problem considering how SDN can be employed for the detection of past and future malware inside networks.
24
Zaiets, Tetiana. "Diebold Nixdorf - global leader in providing innovative self-service technology, security systems and related services." Thesis, Київський національний університет технологій та дизайну, 2017. https://er.knutd.edu.ua/handle/123456789/6690.
Full text
25
Sarwar, Yasir, and Muhammad Arshad Ali. "Security Issues regarding MANET (Mobile Ad Hoc Networks) : Challenges and Solutions." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3150.
Full textAbstract:
Now a day, it is no longer optional to have security solutions even inevitable for every kind of organizations and individuals. There are number of generic tools which are common for organizations as well as for individual users to provide security which includes; Anti-Spam, Anti-Virus etc., and network security have become essential issue in MANET. Security is one of the main issues in the MANET especially with respect to size and complexity of the network. The aim of the thesis is to discuss different aspects of security in MANET (e.g. multi-layer intrusion detection technique in multi hop network of MANET, security problems relates between multihop network and mobile nodes in MANET etc) and also implement some of the solutions (e.g. comparative study of different routing protocol (AODV, DSR and TORA) security threats within MANET network like intruder behavior, tapping and integrity, MANET link layer and network layer operations with respect to information security etc) with respect to MANET network. This report also discusses different number of scenarios of MANET network which we implement in our simulation. In our simulation we use to implement different routing protocols and also did comparative study that which one is better with respect to different aspects. We also use to implements mechanisms of intruder behavior, tapping and integrity, and MANET link layer and network layer operations with respect to information security.
26
Paananen, K. (Kimmo). "Evaluation of privacy, security and quality of Internet-based communication solutions." Master's thesis, University of Oulu, 2016. http://urn.fi/URN:NBN:fi:oulu-201605221866.
Full textAbstract:
The privacy and security of communication in the Internet are gaining increased public interest. Highly popular Voice over Internet Protocol (VoIP) technology allows the use of easy, versatile and low-cost Internet communication solutions. There are, however, privacy and security concerns and threats related to VoIP-based communication, just like with any traffic transmitted over the public Internet. Possibility to integrate a VoIP solution as part of self-made applications is also important for many organizations. The problem is to find a low cost solution which provides possibility for integration, good level of security and privacy, and also acceptable service quality in varying wireless network conditions.
This thesis examined the fundamentals of VoIP technology, reasons and background of security threats, and presented the ways to mitigate the risks. Based on this information, publicly available communication solutions were searched and evaluated using Quality Function Deployment (QFD) derived method. The products were compared from the perspective of privacy and security they provide, taking into account in particular the purchase and operating costs, and connectivity into self-made applications. The best solution from the comparison was also taken to further tests for service availability and video quality Mean Opinion Score (MOS) in the real-world mobile network. The measurements aimed to reveal how the solution performs in different radio network conditions, and what kind of video quality it can offer.
The research results show that there were a few good solutions available based on search criteria. The best solution, Linphone, was taken to the further quality tests in the live 4G Long Term Evolution (LTE) network. Measurements revealed that Linphone can provide satisfactory quality and reliability even on poor network conditions, and also secure the traffic seemingly well. Only some minor problems with video stream starting were found during the tests. For the future work I would suggest more measurements using different wireless network technologies including Wi-Fi. The real protocol level security analysis of Linphone would also reveal if there are any security pitfalls in the current implementation.
27
Bouguetaia, Sabria. "Analysis and Evaluation of EndpointSecurity Solutions." Thesis, Högskolan Dalarna, Datateknik, 2006. http://urn.kb.se/resolve?urn=urn:nbn:se:du-2359.
Full textAbstract:
The main objective for this degree project was to analyze the Endpoint Security Solutions developed by Cisco, Microsoft and a third minor company solution represented by InfoExpress. The different solutions proposed are Cisco Network Admission Control, Microsoft Network Access Protection and InfoExpress CyberGatekeeper. An explanation of each solution functioning is proposed as well as an analysis of the differences between those solutions. This thesis work also proposes a tutorial for the installation of Cisco Network Admission Control for an easier implementation. The research was done by reading articles on the internet and by experimenting the Cisco Network Admission Control solution. My background knowledge about Cisco routing and ACL was also used. Based on the actual analysis done in this thesis, a conclusion was drawn that all existing solutions are not yet ready for large-scale use in corporate networks. Moreover all solutions are proprietary and incompatible. The future possible standard for Endpoint solution might be driven by Cisco and Microsoft and a rude competition begins between those two giants.
28
Rehman, Sheikh Riaz Ur. "Investigation of different VPN Solutions." Thesis, Blekinge Tekniska Högskola, Avdelningen för telekommunikationssystem, 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3364.
Full textAbstract:
Abstract The rapid growth of e-business in past few years has improved companies efficiency and revenue growth. E-business applications such as e-commerce, remote access has enabled companies to manage processes, lower operating costs and increased customer satisfaction. Also the need rises for the scalable networks that accommodate voice, video, and data traffic. With the increased dependability of networks the security issues are raised and networks become more and more vulnerable to different types of security threats. To overcome security issues different security technologies are in action by vendors and technologists. Also for the survival of many businesses to allow open access to network resources, today’s networks are designed with the requirement of availability to the Internet and public networks, therefore, information confidentiality is the major issue in these networks to ensure that the network resources and user data are as secure as possible. With the requirement of network security, concept of Virtual private network was established. A Virtual Private Network (VPN) can be defined as a network in which connectivity between multiple customers’ sites is deployed on a shared network with the same security as a private network. Different VPN technologies and protocols architectures are available in market among are MPLS VPN architecture, IPSec VPN architecture, and SSL VPN architecture. Like With the introduction of Multiprotocol Label Switching (MPLS), which combines the benefits of Layer 2 switching and Layer 3 routing, it became possible to construct a technology that combines the benefits of an overlay VPN with the benefits of peer-to-peer VPN implementation in which routing is simple. MPLS/VPN is a new and simple technology, which provides simpler to routing and also makes number of topologies easy to implement which are otherwise difficult to implement. All architectures have benefits and drawbacks, also each of them can be implemented separately or in combination of other according to customer security requirement and performance of the network.
29
Zhao, Weiliang, University of Western Sydney, of Science Technology and Environment College, and School of Computing and Information Technology. "Security techniques for electronic commerce applications." THESIS_CSTE_CIT_Zhao_W.xml, 2003. http://handle.uws.edu.au:8081/1959.7/127.
Full textAbstract:
Electronic commerce and the internet provide greater opportunities for companies and individual person to be involved in commercial activities; the involved parties may not know or trust each other or may even be mutually suspicious of each other. The issue of fairness becomes more critical and must be well addressed. The aim of this thesis is to investigate security solutions with fairness for on-line transactions. A fair trading protocol with credit payment is proposed. The proof of equivalence of discrete logarithm to discrete loglogarithm is employed as the main tool to construct the protocol. The scheme provides a unique link between payment and gambling outcome so that the winner can be ensured to get the payment. Since an optimal fair exchange method is used in gambling message exchange, the proposed system guarantees that no one can successfully cheat during a gambling process. Our system requires an off-line Trusted Third Party (TTP). If cheating occurs, the TTP can resolve the problem and make the gambling process fair. An efficient and secure poker scheme is proposed. It is based on multiple encryption and decryption of individual cards. The protocol satisfies all major security requirements of a real mental poker. It gets rid of the Card Salesman and guarantees minimal effect due to collusion. The protocol is secure and more efficient compared with other known protocols. The strategies of players can be kept confidential with the introduction of a Dealer. The protocol is suitable to be implemented in an on-line gambling card game. The implementation of the fair on-line gambling protocol has been demonstrated and all utility classes for the implementation have been defined.<br>Master of Science (Hons)
30
Gwozd, Ryszard. "Security of information systems, what technical solutions exist and what is needed." Thesis, National Library of Canada = Bibliothèque nationale du Canada, 2001. http://www.collectionscanada.ca/obj/s4/f2/dsk3/ftp04/MQ59323.pdf.
Full text
31
Bheemanathini, Sai Nikhil. "A Systematic Review of Blockchain Technology: Privacy Concerns, Security Challenges, and Solutions." University of Cincinnati / OhioLINK, 2019. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1563273858006378.
Full text
32
Fedoruk, M. "Energy efficiency in buildings as one of the solutions for achieving energy security." Thesis, Sumy State University, 2014. http://essuir.sumdu.edu.ua/handle/123456789/36062.
Full textAbstract:
Energy is essential for economic development, food production and global security. According to the UN, the world will need at least 45% more energy by 2030.
It is well known that resources we are using today for the energy production have very negative impact on the planet, especially for the climate change. Alternative resources that are renewable and don't have CO2 emission also have own disadvantages. For example, solar panels are quite expensive, depend on climate, need a lot of place and also there is a big issue with utilization of panels in the end of their life cycle. Wind farmas and hydroelectric power stations are located to far from consumers and transmission looses are very high in these cases. Indeed, in future scientists will solve these problems, but so far we have to deal with them. It means that the best solution would be to combine alternative energy resources and energy saving.
When you are citing the document, use the following link http://essuir.sumdu.edu.ua/handle/123456789/36062
33
Edman, Johan, and Wilhelm Ågren. "Legal and Security Issues of Data Processing when Implementing IoT Solutions in Apartments." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-277917.
Full textAbstract:
The concept of the Internet of Things (IoT) and connected devices is a growing trend. New ways to integrate them with Smart Home Technology emerge each day. The use of sensors in IoT solutions enables large scale data collection that can be used in various ways. The European Union recently enforced a General Data Protection Regulation (GDPR) that sets guidelines for the collection and processing of personal information. The communication protocol M-Bus is a European standard (EN 13757-x) mainly used for remote reading of electrical, gas and water meters. M-Bus is being integrated with sensors because the protocol offers long battery times. There are however some known flaws with the protocol that might make it unsuitable for a large scale data collection system. A conceptualized data collection scenario with a system utilizing M- Bus is presented. The authors aim to investigate some of the security flaws with the M-Bus protocol, while also investigating the GDPR demands of the system. The thesis supplements a System Requirement Specification (SyRS) which can be used as a template for organizations implementing a similar system. An analysis of the system based on the SyRS is conducted to identify any shortcomings. Modifications to the system are proposed in order to comply with the defined SyRS. The authors concluded that M-Bus is a sufficiently reliable protocol to be used in the system, and has no inherent conflicts with GDPR. The system has a few flaws in terms of GDPR compliance, which require both administrative and technical work to comply with. The suggested modifications of the system are mainly focused on how the data is stored in various parts of it.<br>Konceptet med Internet of Things (IoT) och uppkopplade enheter är en väx- ande trend, och nya sätt att integrera dem med det smarta hemmet framträder varje dag. Den Europeiska Unionen har nyligen verkställt en ny dataskydds- förordning, General Data Protection Regulation (GDPR), som sätter krav på insamling och behandling av personlig data. Användandet av IoT lösningar skapar möjligheten för storskalig datainsamling som kan användas på flera sätt. Kommunikationsprotokollet M-Bus är en europeisk standard (EN 13757-x) som huvudsakligen är framtagen för att avlägset läsa av el-, gas- och vattenmätare. På grund av ett litet avtryck och enkel implementation av sitt protokoll så är M-bus ofta ett val till uppkoplade sensorer för att möjliggöra lång drifttid. Det finns däremot ett antal säkerhetsbrister med protokollet som kan göra det olämpligt för ett datainsamlingssystem. Ett konceptualiserat datainsamlingscenario med ett system som utnyttjar M-Bus presenteras. Författarnas mål är att undersöka några av säkerhetsbristerna med M-Bus protokollet, samtidigt som det undersöker vilka krav GDPR ställer på ett sådant system. Uppsatsen sammanställer en kravspecifikation som kan användas som grund och riktlinje för organisationer som ska implementera liknande system. En analys av det konceptualiserade systemet baserat på kravspecifikationen genomförs för att identifiera potentiella brister. Modifikationer till system föreslås för att uppnå kraven definierade i kravspecifikationen. Författarna drog slutsatsen att M-Bus är ett tillräckligt tillförlitligt protokoll som kan användas för system likt detta. Det analyserade systemet har några brister gällande GDPR, som kräver både tekniska och administrativa åtgärder. De föreslagna modifikationerna av systemet är fokuserade primärt på hur den personliga informationen lagras i de olika delarna av systemet.
34
Ali, Ayaz. "Analysis of key security and privacy concerns and viable solutions in Cloud computing." Thesis, Linnéuniversitetet, Institutionen för datavetenskap och medieteknik (DM), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-90806.
Full textAbstract:
Cloud Security and Privacy is the most concerned area in the development of newly advance technological domains like cloud computing, the cloud of things, the Internet of Things. However, with the growing popularity and diverse nature of these technologies, security and privacy are becoming intricate matters and affect the adoption of cloud computing. Many small and large enterprises are in conflict while migrating towards cloud technology and this is because of no proper cloud adoption policy guideline, generic solutions for system migration issues, systematic models to analyze security and privacy performance provided by different cloud models. Our proposed literature review focuses on the problems and identifies solutions in the category of security and privacy. A comprehensive analysis of various identified techniques published during 2010 – 2018 has been presented. We have reviewed 51 studies including research papers and systematic literature reviews on the factors of security and privacy. After analyzing, the papers have been classified into 5 major categories to get an appropriate solution for our required objectives of this study. This work will facilitate the researchers and as well the companies to select appropriate guideline while adopting cloud services.
35
Collins, Zachary. "Hardware Trojans in FPGA Device IP: Solutions Through Evolutionary Computation." University of Cincinnati / OhioLINK, 2019. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1554217182155068.
Full text
36
Bulusu, Santosh, and Kalyan Sudia. "A Study on Cloud Computing Security Challenges." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-2820.
Full textAbstract:
Context: Scientific computing in the 21st century has evolved from fixed to distributed work environment. The current trend of Cloud Computing (CC) allows accessing business applications from anywhere just by connecting to the Internet. Evidence shows that, switching to CC organizations' annual expenditure and maintenance are being reduced to a greater extent. However, there are several challenges that come along with various benefits of CC. Among these include security aspects. Objectives: This thesis aims to identify security challenges for adapting cloud computing and their solutions from real world for the challenge that do not have any proper mitigation strategies identified through literature review. For this the objective is to identify existing cloud computing security challenges and their solutions. Identify the challenges that have no mitigation strategies and gather solutions/guidelines/practices from practitioners, for a challenge with more references but no mitigation strategies identified (in literature). Methods: This study presents a literature review and a snowball sampling to identify CC security challenges and their solutions/mitigation strategies. The literature review is based on search in electronic databases and snowball sample is based on the primary studies searched and selected from electronic databases. Using the challenges and their solutions identified form literature review, challenges with no mitigation strategies are identified. From these identified challenges with no mitigation strategies, a challenge with more references is identified. The surveys are employed in the later stages to identify the mitigation strategies for this challenge. Finally the results from the survey are discussed in a narrative fashion. Results: 43 challenges and 89 solutions are identified from literature review using snowball sampling. In addition to these mitigation strategies few guidelines are also identified. The challenge with more (i.e., more articles mentioning the challenge) and no mitigation identified is incompatibility. The responses identified for the three insecure areas of incompatibility (i.e., interoperability, migration and IDM integration with CC) in cloud computing security are mostly guidelines/practices opined by experienced practitioners. Conclusions: This study identifies cloud computing security challenges and their solutions. Where these (challenges and solutions) are common to cloud computing applications and cannot be generalized to either service or deployment models (viz. SaaS, PaaS, IaaS, etc.). The study also identifies that there are methods guidelines/practices identified from practitioners) to provide secure interoperability, migration and integration of on-premise authentication systems with cloud applications, but these methods are developed by individuals (practitioners/organization) specific to their context. The study also identifies the non-existence of global standards for any of these operations (providing interoperability/migration/IDM integration with cloud). This identified non-existence of global standards and guidelines could be help academics to know the state of practice and formulate better methods/standards to provide secure interoperability. The identified cloud computing security challenges (43) and solutions (89), can be referred by practitioners to understand which areas of security need to be concentrated while adapting/migrating to a cloud computing environment.
37
Fioraldi, Andrea. "Fuzzing in the 2020s : novel approaches and solutions." Electronic Thesis or Diss., Sorbonne université, 2023. http://www.theses.fr/2023SORUS546.
Full textAbstract:
Malgré les efforts considérables mis en œuvres en matière de fuzzing, la sécurité des logiciels informatiques reste menacée par des vulnérabilités insaisissables. Les coverage-guided fuzzers, qui se concentrent uniquement sur la couverture de code, ne parviennent généralement pas à découvrir des vulnérabilités spécifiques. La multiplication de divers outils de fuzzing a grandement divisé la communauté et a rendu difficile la combinaison de différentes techniques de fuzzing, l'évaluation précise des contributions et la comparaison efficace des différents outils. Pour remédier à cette situation, il est nécessaire de disposer d'un socle commun afin de garantir des évaluations précises et équitables. AFL, en raison de sa popularité, est souvent utilisé comme base lors de la création de nouveaux prototypes malgré le fait qu'il ne s'agisse pas d'une référence naïve et sa conception monolithique. D'autre part, les fuzzers personnalisés réécrits à partir de zéro ont tendance à réinventer la roue et utilisent souvent inneficacement la puissance des les systèmes multicœurs. Cette thèse relève ces défis en apportant plusieurs contributions: Un nouveau mécanisme de feedback appelé InvsCov est introduit, qui prend en compte les relations entre les variables du programme et la couverture du code. Il affine l'approximation de l'état du programme pour optimiser la détection de divers bugs. Une autre approche que nous introduisons explore les graphes de dépendance des données pour améliorer le fuzzing en récompensant la traversée de nouvelles arêtes du graphe de flux de données, ce qui a permis la découverte de nouvelles vulnérabilités manquées par la couverture standard efficacement. Nous présentons également une analyse approfondie des mécanismes internes d'AFL afin de mettre en lumière ses choix de conception et leur impact sur les performances du fuzzing. Enfin, pour remédier au problème de fragmentation cité précédemment, nous proposons un outil dédié au fuzzing modulaire et réutilisable: LibAFL. Les chercheurs peuvent étendre la pipeline de base du fuzzer, l'évaluation de nouvelles techniques techniques et la combinaison d'approches orthogonales. Une tentative de réécriture de AFLpp comme frontend de LibAFL a remporté le concours de fuzzing SBFT'23 dans le domaine de la recherche de bugs. Ces contributions font progresser le domaine du fuzzing, en abordant les défis de la sensibilité des mécanismes de feedback, de la diversité des bugs découverts, de la fragmentation des outils et de l'évaluation des fuzzers. Elles fournissent une base solide pour l'amélioration des techniques de fuzzing, permettant la détection d'une plus large gamme de bugs, et favorisant la collaboration et la standardisation au sein de la communauté<br>Security remains at risk due to elusive software vulnerabilities, even with extensive fuzzing efforts. Coverage-guided fuzzers, focusing solely on code coverage, often fall short in discovering specific vulnerabilities. The proliferation of diverse fuzzing tools has fragmented the field, making it challenging to combine different fuzzing techniques, assess contributions accurately, and compare tools effectively. To address this, standardized baselines are needed to ensure equitable evaluations. AFL, due to its popularity, is often extended to implement new prototypes despite not being a naive baseline and its monolithic design. On the other hand, custom fuzzers written from scratch tend to reinvent solutions and often lack scalability on multicore systems. This thesis addresses these challenges with several contributions: A new feedback mechanism called InvsCov is introduced, which considers program variable relationships and code coverage. It refines program state approximation for diverse bug detection. Another additional feedback we introduce explores data dependency graphs to enhance fuzzing by rewarding new dataflow edge traversal, effectively finding vulnerabilities missed by standard coverage. We also present a thorough analysis of AFL's internal mechanisms to shed light on its design choices and their impact on fuzzing performance. Finally, to address fragmentation, LibAFL is introduced as a modular and reusable fuzzing framework. Researchers can extend the core fuzzer pipeline, evaluation of compelling techniques, and combination of orthogonal approaches. An attempt to rewrite AFL++ as a frontend to LibAFL won the SBFT'23 fuzzing competition in the bug-finding track. These contributions advance the field of fuzz testing, addressing the challenges of sensitivity in feedback mechanisms, bug diversity, tool fragmentation, and fuzzers evaluation. They provide a foundation for improving fuzzing techniques, enabling the detection of a broader range of bugs, and fostering collaboration and standardization within the community
38
Råman, Jari. "Regulating secure software development : analysing the potential regulatory solutions for the lack of security in software /." Rovaniemi : University of Lapland, 2006. http://www.loc.gov/catdir/toc/fy0803/2006499062.html.
Full text
39
Evans, Gary John. "Identifying security problems and devising control solutions in a local area network a case study approach /." Thesis, Monterey, California : Naval Postgraduate School, 1990. http://handle.dtic.mil/100.2/ADA239431.
Full textAbstract:
Thesis (M.S. in Information Systems)--Naval Postgraduate School, September 1990.<br>Thesis Advisor(s): Tung Xuan Bui. Second Reader: Smith, Henry H. "September 1990." Description based on title screen as viewed on December 16, 2009. DTIC Identifier(s): Local area networks, security, control systems, thesis. Author(s) subject terms: Computer security, local area network (LAN), security and control. Includes bibliographical references (p. 87-90). Also available in print.
40
Zhao, Weiliang. "Security techniques for electronic commerce applications." Thesis, View thesis View thesis, 2003. http://handle.uws.edu.au:8081/1959.7/127.
Full textAbstract:
Electronic commerce and the internet provide greater opportunities for companies and individual person to be involved in commercial activities; the involved parties may not know or trust each other or may even be mutually suspicious of each other. The issue of fairness becomes more critical and must be well addressed. The aim of this thesis is to investigate security solutions with fairness for on-line transactions. A fair trading protocol with credit payment is proposed. The proof of equivalence of discrete logarithm to discrete loglogarithm is employed as the main tool to construct the protocol. The scheme provides a unique link between payment and gambling outcome so that the winner can be ensured to get the payment. Since an optimal fair exchange method is used in gambling message exchange, the proposed system guarantees that no one can successfully cheat during a gambling process. Our system requires an off-line Trusted Third Party (TTP). If cheating occurs, the TTP can resolve the problem and make the gambling process fair. An efficient and secure poker scheme is proposed. It is based on multiple encryption and decryption of individual cards. The protocol satisfies all major security requirements of a real mental poker. It gets rid of the Card Salesman and guarantees minimal effect due to collusion. The protocol is secure and more efficient compared with other known protocols. The strategies of players can be kept confidential with the introduction of a Dealer. The protocol is suitable to be implemented in an on-line gambling card game. The implementation of the fair on-line gambling protocol has been demonstrated and all utility classes for the implementation have been defined.
41
Sahd, Lize-Marie. "A structured approach to the identification of the significant risks related to enterprise mobile solutions at a mobile technology component level." Thesis, Stellenbosch : Stellenbosch University, 2015. http://hdl.handle.net/10019.1/96674.
Full textAbstract:
Thesis (MComm)--Stellenbosch University, 2015.<br>ENGLISH ABSTRACT: The consumerisation of mobile technology is driving the mobile revolution and
enterprises are forced to incorporate mobile solutions into their business processes
in order to remain competitive. While there are many benefits relating to the
investment in and use of mobile technology, significant risks are also being
introduced into the business. The fast pace of technological innovation and the rate
of adoption of mobile technology by employees has, however, created an
environment where enterprises are deploying mobile solutions on an ad hoc basis.
Enterprises are only addressing the risks as they are occurring and resulting in
losses. The key contributing factor to this lack of governance and management is the
fact that those charged with governance do not understand the underlying mobile
technology components.
The purpose of this research is to improve the understanding of the underlying
components of mobile technology. The research further proposes to use this
understanding to identify the significant risks related to mobile technology and to
formulate appropriate internal controls to address these risks. The findings of the
research identified the following underlying components of mobile technology: mobile
devices; mobile infrastructure, data delivery mechanisms and enabling technologies;
and mobile applications. Based on an understanding of the components and
subcategories of mobile technology, a control framework was used to identify the
significant risks related to each component and subcategory. The significant risks
identified included both risks to the users (including interoperability, user experience,
connectivity and IT support) as well as risks to the enterprise’s strategies (including
continuity, security, cost and data ownership). The research concludes by
formulating internal controls that the enterprise can implement to mitigate the
significant risks. This resulted in two matrixes that serve as quick-reference guides to
enterprises in the identification of significant risks at an enterprise specific mobile
technology component level, as well as the relevant internal controls to consider.
The matrixes also assist enterprises in determining the best mobile solutions to
deploy in their business, given their strategies, risk evaluation and control
environment.<br>AFRIKAANSE OPSOMMING: Die mobiele revolusie word deur die verbruiker van mobiele tegnologie aangedryf en,
ten einde kompeterend te bly, word ondernemings gedwing om mobiele tegnologie
in hul besigheidsprosesse te implementeer. Terwyl daar baie voordele verbonde is
aan die investering in en gebruik van mobiele tegnologie, word die besigheid egter
ook blootgestel aan wesenlike risiko’s. Die vinnige tempo waarteen mobiele
tegnologie ontwikkel en deur werknemers aangeneem word, het egter ʼn omgewing
geskep waarin ondernemings mobiele tegnologie op ʼn ad hoc basis ontplooi.
Besighede spreek eers die risiko’s aan nadat dit reeds voorgekom het en verliese as
gevolg gehad het. Die hoof bydraende faktor tot die tekort aan beheer en bestuur
van mobiele tegnologie is die feit dat diegene verantwoordelik vir beheer, nie
onderliggend mobiele tegnologie komponente verstaan nie.
Die doel van hierdie navorsing is om die begrip van die onderliggende komponente
van mobiele tegnologie te verbeter. Die navorsing poog verder om die wesenlike
risiko’s verbonde aan mobiele tegnologie te identifiseer en om toepaslike interne
beheermaatreëls te formuleer wat die risiko’s sal aanspreek. Die bevindinge van die
navorsing het die volgende onderliggende komponente van mobiele tegnologie
geïdentifiseer: mobiele toestelle; mobiele infrastruktuur, data afleweringsmeganismes,
en bemagtigende tegnologieë; en mobiele toepassings. Gebaseer op
ʼn begrip van die komponente en subkategorieë van mobiele tegnologie, is ʼn kontrole
raamwerk gebruik om die wesenlike risiko’s verbonde aan elke komponent en
subkategorie van die tegnologie, te identifiseer. Die wesenlike risiko’s sluit beide
risiko’s vir die gebruiker (insluitend kontinuïteit, gebruikerservaring, konnektiwiteit en
IT ondersteuning) sowel as risiko’s vir die onderneming se strategieë (insluitend
kontinuïteit, sekuriteit, koste en data eienaarskap) in. Die navorsing sluit af met die
formulering van die beheermaatreëls wat geïmplementeer kan word om die
wesenlike risiko’s aan te spreek. Dit het gelei tot twee tabelle wat as vinnige
verwysingsraamwerke deur ondernemings gebruik kan word in die identifisering van
wesenlike risiko’s op ʼn onderneming-spesifieke tegnologie komponentvlak asook die
oorweging van relevante interne beheermaatreëls. Die tabelle help ondernemings
ook om die beste mobiele tegnologie vir hul besigheid te implementeer, gebaseer op
hul strategie, risiko evaluering en beheeromgewing.
42
MOKALLED, HASSAN. "The importance to manage data protection in the right way: Problems and solutions." Doctoral thesis, Università degli studi di Genova, 2020. http://hdl.handle.net/11567/997252.
Full textAbstract:
Information and communication technology (ICT) has made remarkable impact on the society, especially on companies and organizations. The use of computers, databases, servers, and other technologies has made an evolution on the way of storing, processing, and transferring data. However, companies access and share their data on internet or intranet, thus there is a critical need to protect this data from destructive forces and from the unwanted actions of unauthorized users. This thesis groups a set of solutions proposed, from a company point of view, to reach the goal of “Managing data protection”. The work presented in this thesis represents a set of security solutions, which focuses on the management of data protection taking into account both the organizational and technological side. The work achieved can be divided into set of goals that are obtained particularly from the needs of the research community. This thesis handles the issue of managing data protection in a systematic way, through proposing a Data protection management approach, aiming to protect the data from both the organizational and the technological side, which was inspired by the ISO 27001 requirements. An Information Security Management System (ISMS) is then presented implementing this approach, an ISMS consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization’s information security to achieve business objectives, The goal of ISMS is to minimize risk and ensure continuity by pro-actively limiting the impact of a security breach. To be well-prepared to the potential threats that could occur to an organization, it is important to adopt an ISMS that helps in managing the data protection process, and in saving time and effort, minimizes cost of any loss. After that, a comprehensive framework is designed for the security risk management of Cyber Physical Systems (CPSs), this framework represents the strategy used to manage the security risk management, and it falls inside the ISMS as a security strategy. Traditional IT risk assessment methods can do the job (security risk management for a CPS); however, and because of the characteristics of a CPS, it is more efficient to adopt a solution that is wider than a method that addresses the type, functionalities and complexity of a CPS. Therefore, there is a critical need to follow a solution that breaks the restriction to a traditional risk assessment method, and so a high-level framework is proposed, it encompasses wider set of procedures and gives a great attention to the cybersecurity of these systems, which consequently leads to the safety of the physical world. In addition, inside the ISMS, another part of the work takes place, suggesting the guidelines to select an applicable Security Incident and Event Management (SIEM) solution. It also proposes an approach that aims to support companies seeking to adopt SIEM systems into their environments, suggesting suitable answers to preferred requirements that are believed to be valuable prerequisites a SIEM system should have; and to suggest criteria to judge SIEM systems using an evaluation process composed of quantitative and qualitative methods. This approach, unlike others, is customer driven which means that customer needs are taken into account when following the whole approach, specifically when defining the requirements and then evaluating the suppliers’ solutions. At the end, a research activity was carried out aiming classify web attacks on the network level, since any information about the attackers might be helpful and worth a lot to the cyber security analysts. And so, using network statistical fingerprints and machine learning techniques, a two-layers classification system is designed to detect the type of the web attack and the type of software used by the attackers.
43
Chapman, Erin Elizabeth. "A Survey and Analysis of Solutions to the Oblivious Memory Access Problem." PDXScholar, 2012. https://pdxscholar.library.pdx.edu/open_access_etds/891.
Full textAbstract:
Despite the use of strong encryption schemes, one can still learn information about encrypted data using side channel attacks [2]. Watching what physical memory is being accessed can be such a side channel. One can hide this information by using oblivious simulation - hiding the true access pattern of a program. In this paper we will review the model behind oblivious simulation, attempt to formalize the problem and define a security game. We will review the major solutions pro- posed so far, the square root and hierarchical solutions, as well as propose a new variation on the square root solution. Additionally, we will show a new formalization for providing software protection by using an encryption scheme and oblivious simulation.
44
Noura, Mohamad. "Solutions cryptographiques efficaces et sécurisées pour les données médicales." Thesis, Bourgogne Franche-Comté, 2019. http://www.theses.fr/2019UBFCD037.
Full textAbstract:
Dans cette thèse, des schémas cryptographiques efficaces et robustes ont été proposés pour surmonter les problèmes actuels de sécurité et de confidentialité des systèmes et applications médicaux récents. La principale contribution de cette thèse est d'atteindre un haut niveau de sécurité avec un minimum de surcoût de calcul contrairement à de nombreuses autres solutions existantes. Par conséquent, deux schémas de chiffrement et une approche de disponibilité des données ont été proposés pour les données médicales afin de garantir les services de sécurité suivants : confidentialité, intégrité et disponibilité des données ainsi que l'authentification de la source. Les solutions cryptographiques proposées sont basées sur les structures de chiffrement cryptographiques dynamiques pour assurer une meilleure résistance aux attaques existantes et modernes. De plus, ces solutions ont été conçues pour être légères et ne nécessitent qu'un petit nombre d'itérations. La fonction de chiffrement proposée n'est répétée qu'une seule fois et utilise une permutation de bloc dépendante de la clé.Elle satisfait également les propriétés de confusion et de diffusion requises, assurant ainsi les propriétés cryptographiques souhaitables. Les résultats de simulation et d'expérimentation ont démontré l'efficacité et la robustesse des solutions cryptographiques proposées. De plus, l'utilisation des schémas cryptographiques proposés ouvre la porte à des algorithmes cryptographiques dynamiques qui peuvent conduire à un gain de performance et de sécurité significatif par rapport à l'état de l'art<br>In this thesis, effective and robust cryptographic schemes were proposed to overcome the current security and privacy issues of recent medical systems and applications. The main contribution of this thesis is to reach a high level of security with minimum possible overhead contrary to many other existing solutions. Therefore, two cipher schemes and a data availability approach were proposed for medical data to ensure the following security services: data confidentiality, integrity and availability as well as source authentication. The proposed cryptographic solutions are based on the dynamic cryptographic cipher structures to ensure a better resistance against existing and modern attacks. Moreover, these solutions were designed to be lightweight and they require a small number of iterations. The proposed ciphers round function is iterated only once and uses a key dependent block permutation. It also satisfies the required confusion and diffusion properties, consequently ensuring the desirable cryptographic properties. Simulation and experimental results demonstrated the efficiency and the robustness of the proposed cryptographic solutions. Furthermore, employing the proposed cryptographic schemes open the door to a dynamic cryptographic algorithms that can lead to a significant performance and security gain compared with other recent related state-of-art
45
Westling, Sebastian, and Marcus Eliasson. "E-handel : En studie kring betallösningar, säkerhetslösningar och certifieringar för små e-handelsföretag." Thesis, Mittuniversitetet, Institutionen för informationsteknologi och medier, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-16767.
Full textAbstract:
Syftet har varit att på uppdrag av Periallo identifiera vad kunder tycker är viktigast ur ett säkerhetsperspektiv. Detta har skett genom att besvara frågorna vad som är viktigt för konsumenterna ur ett säkerhetsperspek-tiv när de handlar av små e-handelsföretag och vilka säkerhetslösningar samt betallösningar som är relevanta för små e-handelsföretag. Vi har även undersökt om det är värt för ett litet e-handelsföretag att investera i en certifiering. Arbetet har kartlagt betallösningar, säkerhetslösningar och certifieringar med hjälp av en kritisk litteraturstudie och med en enkät, det vill säga en kvantitativ metod. Resultatet av undersökningen har visat att de flesta kunderna känner sig trygga när de handlar på Internet. Den säkraste betallösningen anses vara faktura, medan de populäraste betalsätten är konto/kreditkort och direktbetalning. Utöver det har undersökningen också visat att det är viktigare för mindre och okända e-handelsföretag att tydligt visa vilka säkerhetslösningar de använder sig av gentemot de stora och kända företagen trots att de flesta av deltagarna inte var medvetna om vilka säkerhetslösningar som finns för att skydda företag och konsument.<br>The purpose of this study is, on behalf of Periallo, to identify what it is that customers consider to be of greatest importance from a security perspective. This has been conducted from the answers given by consumers when asked a question concerning what they deem to be important from a security perspective when they shop from small e-commerce companies. In addition, a consideration has also been given to the security and payment solutions that are relevant to small e-commerce companies. An examination has also been conducted as to whether it is worth a small e-commerce company investing in a certification. In this work, payment solutions, security solutions and certifications have been identified by means of a critical literature review and a questionnaire, which is a quantitative method. The results of the study have shown that the majority of customers feel that it is safe to shop online. The most secure payment solution is considered to be an invoice, while the most popular payment methods are debit/credit cards and direct payment. In addition, the study has also shown that it is more important for a small and unknown e-commerce company to properly reflect upon the security solutions that they use against the large and well-known companies, even though, the majority of the participants in this study, were not aware of the security solutions available to protect companies and consumers.
46
Lukacs, Andrea. "Investigation of IoT camera solutions in Smart Cities from a Technology, Information Security and Trust point of view." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-79300.
Full textAbstract:
Smart cities utilize IoT cameras in a rushing pace. However, these high technological connected devices are back doors to safe systems. Implementation of high technological solutions without concerning other important aspects as information security and the factor of trust violates not only the quality aspect of the solutions, but also breaches the privacy of individuals. Secure solutions that reserve the trust of individuals with the help of high technological solutions is therefore significant. This study is aimed to investigate and find answer to how IoT camera solutions for smart cities can include all three of the important factors, which contributes for a deeper understanding of the whole product development process` possible improvements. Through a qualitative approach the research questions are investigated which resulted in a contribution that support the academic world of information security in presenting the importance of correct communication, collaboration and the including of the three factors during the development process of IoT camera solutions for smart cities. The results are open for further investigation as observed during research, but also key findings and recommendations are offered to the stakeholders of the IoT camera solution development industry.
47
Kardokas, Gintaras. "Bevielio tinklo diegimo įmonėje metodika." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2008. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2008~D_20080612_151339-53813.
Full textAbstract:
Pagrindiniu įmonės tikslu laikomas įmonės vertės didinimas gali būti realizuojamas plečiant rinkos dalį, didinat parduodamų prekių ar paslaugų kiekį, taip pat didinant darbo organizavimo efektyvumą įmonėje. Vienas iš efektyvumo didinimo įmonėje sprendimų yra bevielio kompiuterių tinklo įmonėje diegimas. Naudojant bevielį kompiuterių tinklą pasiekiamas didesnis personalo mobilumas ir darbo efektyvumas, kai reikiamą informaciją darbuotojas gali gauti būdamas bet kurioje įmonės vietoje. Darbe atlikta bevielio tinklo diegimo metodų teorinė analizė, pasiūloma bevielio tinklo diegimo vertinimo metodika ir atliekamas metodikos taikymo tyrimas.Darbe pateikiama bevielio tinklo diegimo įmonėje metodika leidžia apskaičiuoti mobilumo naudą įmonei per papildomos vert���s sukūrimą ir kaštų sumažinimą, bei parinkti tinkamą bevielio tinklo architektūros ir saugumo sprendimus, atsižvelgiant į įmonės poreikius. Pristatomas modelis, leidžiantis įvertinti bevielio tinklo teikiamą naudą įmonėje. Bevielio kompiuterių tinklo architektūrinių sprendimų pritaikymo įmonei metodika formuluojama, remiantis atliktų eksperimentinių tyrimų rezultatais.<br>The main goal for a company is to increase its value which can be achieved by expanding the market share, increasing sales volume of its goods and services, improving labour productivity. One of the improvements aiming at achieving labour productivity is the implementation of wireless computer network. The use of wireless computer network gives a higher degree of mobility and efficiency for staff within the company, in particular when employee needs to access the information from any place in the territory of a company. This work contains from performed theoretic analysis of implementation methods of wireless network, the suggested methodology of Wireless Network evaluation and performed investigation of realised methodology of Wireless Network implementation in the company. The paper presents the methodology of wireless networks implementation in a company, evaluates the efficiency of wireless networks and suggests the possible architectural and security solutions for wireless networks implementation. Further more, the presented methodology enables to evaluate the benefits of mobility, in particular for added value creation and costs reduction, and allows choosing the appropriate architectural and security solutions of wireless computer network. The presented methodology is based on the results of experimental research.
48
Kandi, Mohamed Ali. "Lightweight key management solutions for heterogeneous IoT." Thesis, Compiègne, 2020. http://www.theses.fr/2020COMP2575.
Full textAbstract:
L'Internet des objets (IdO) est une technologie émergente ayant le potentiel d'améliorer notre quotidien de différentes façons. Elle consiste à étendre la connectivité au-delà des appareils standards (tels que les ordinateurs, les tablettes et les smartphones) à tous les objets du quotidien. Ces appareils, également appelés objets intelligents, peuvent alors collecter des données de leur entourage, collaborer pour les traiter puis agir sur leur environnement. Cela augmente leurs fonctionnalités et leur permet d'offrir divers services au profit de la société. Cela dit, de nombreux défis ralentissent le développement de l'IdO. La sécurisation des communications entre ces appareils est l'un des problèmes les plus difficiles qui empêche cette technologie de révéler tout son potentiel. La cryptographie fournit un ensemble de mécanismes permettant de sécuriser les données. Pour leur bon fonctionnement, ces derniers ont besoin de paramètres secrets appelés clés. La gestion des clés est une branche de la cryptographie qui englobe toutes les opérations impliquant la manipulation de ces clés : génération, stockage, distribution et remplacement. Par ailleurs, la cryptographie légère consiste à étendre les mécanismes conventionnels (la gestion des clés comprise) aux appareils à ressources limitées. Afin d'être efficaces dans l'IdO, les nouveaux mécanismes doivent offrir un bon compromis entre sécurité, performance et consommation de ressources. La gestion légère des clés est donc l'essence de la communication sécurisée dans l'IdO et le cœur de notre travail. Dans cette thèse, nous proposons un nouveau protocole léger de gestion des clés pour sécuriser la communication entre les appareils hétérogènes et dynamiques de l'IdO. Pour concevoir notre solution, nous considérons trois modes de communication : d'appareil à appareil, de groupe et de multi-groupes. Alors que la plupart des travaux connexes se concentrent uniquement sur l'un de ces modes de communication, notre solution sécurise efficacement les trois. Aussi, elle équilibre automatiquement les charges entre les appareils hétérogènes en fonction de leurs capacités. Nous prouvons alors que cela rend notre protocole plus adapté à l'IdO étant donné qu'il est efficace et hautement évolutif. De plus, nous proposons une décentralisation de notre protocole basée sur la technologie blockchain et les contrats intelligents. Ainsi, nous montrons qu'en permettant à plusieurs participants de gérer les clés cryptographiques, la décentralisation résout les problèmes de confiance, réduit le risque de défaillance du système et améliorer la sécurité. Nous implémentons enfin notre solution sur des plateformes IoT à ressources limitées qui sont basées sur le système d'exploitation Contiki. L'objectif est d'évaluer expérimentalement les performances de notre solution et de compléter nos analyses théoriques<br>The Internet of Things (IoT) is an emerging technology that has the potential to improveour daily lives in a number of ways. It consists of extending connectivity beyond standard devices (such as computers, tablets and smartphones) to all everyday objects. The IoT devices, also called smart objects, can collect data from their surroundings, collaborate to process them and then act on their environment. This increases their functionalities and allow them to offer various services for the benefit of society. However, many challenges are slowing down the development of the IoT. Securing communication between its devices is one of the hardest issue that prevents this technology from revealing its full potential. Cryptography provides a set of mechanisms to secure data. For their proper functioning, these mechanisms require secret parameters called keys. The Key Management is a branch of cryptography that encompasses all operations involving the handling of these of extending the conventional mechanisms (including the Key Management) to the resource-limited devices. To be efficient in the IoT, the new mechanisms must offer a good compromise between security, performance and resource requirements. Lightweight Key Management is the essence of secure communication in the IoT and the core of our work. In this thesis, we propose a novel lightweight Key Management protocol to secure communication between the heterogeneous and dynamic IoT devices. To design our solution, we consider three modes of communication: device-to-device, group and multi-group communication. While most of the related works focus only on one of these modes of communication, our solution efficiently secures all three of them. It also automatically balances the loads between the heterogeneous devices according to their capabilities. We then prove that this makes our protocol more suitable for the IoT as it is e_cient and highly scalable. Furthermore, we propose a decentralization of our protocol based on the blockchain technology and smart contracts. We show that, by empowering multiple participants to manage the cryptographic keys, decentralization solves trust issues, lowers risk of system failure and improves security. We finally implement our solution on resource-constrained IoT motes that are based on the Contiki operating system. The objective is to experimentally evaluate the performance of our solution and to complete our theoretical analyses
49
Kaced, Ahmed Réda. "Problèmes de sécurité posés par les proxies d'adaptation multimédia : proposition de solutions pour une sécurisation de bout-en-bout." Phd thesis, Télécom ParisTech, 2009. http://pastel.archives-ouvertes.fr/pastel-00005883.
Full textAbstract:
L'évolution des techniques d'adaptation et des contenus multimédias adaptables a montré la nécessité de définir des techniques et des pratiques concernant la sécurité des échanges sur les réseaux. Dans la mesure où l'adaptation des documents multimédia nécessite d'autoriser la modification de ces documents entre le serveur et le client, il est important d'étudier les conditions nécessaires pour assurer ces modifications de façon sécurisée. Nous avons donc, dans ce cadre, à présenter un système de communication multimédia qui préserve l'authenticité et l'intégrité des contenus originaux de bout en bout tout en permettant l'adaptation de ces contenus par des intermédiaires. C'est l'objectif général de cette thèse. Dans ce mémoire, nous présentons SEMAFOR, une plate-forme de communication multimédia offrant aux utilisateurs la possibilité d'adapter leur contenus (selon les besoins) par des n\oe uds intermédiaires. La particularité de cette plate-forme est sa capacité de sécuriser le contenu émis de bout-en-bout, cette sécurisation repose sur deux mécanismes proposés et décrits dans cette thèse : AMCA pour l'authentification des contenu et XSST pour le chiffrement et rechiffrement intermédiaire. Les tests et les mesures de performances présentés à la fin de ce mémoire démontrent la validité des propositions décrites dans cette thèse et valident la pertinence des résultats obtenus.
50
Plateaux, Aude. "Solutions opérationnelles d'une transaction électronique sécurisée et respectueuse de la vie privée." Phd thesis, Université de Caen, 2013. http://tel.archives-ouvertes.fr/tel-01009349.
Full textAbstract:
Avec l'utilisation de notre carte bancaire pour payer un achat sur Internet ou de notre téléphone portable pour nous connecter aux réseaux sociaux, les transactions électroniques font partie de notre quotidien et sont désormais incontournables. Malheureusement, lors de tels échanges, un grand nombre de données personnelles sont transférées et une telle informatisation n'est pas sans conséquence. Les problèmes de sécurisation et de protection de ces données sont bien présents. Dans cette thèse, nous nous concentrons sur la problématique de la protection de la vie privée des utilisateurs dans des systèmes informatiques. Pour cela, nous nous intéressons à trois domaines d'actualité. Dans un premier temps, nous proposons un système de gestion des données centré sur l'utilisateur. Ainsi, lors de sa navigation sur Internet, l'internaute sera guidé et aura la possibilité de faire appel aux huit fonctionnalités offertes par l'application. Un second problème, sur lequel nous avons travaillé, est le cas des dossiers médicaux des patients et de l'accès à ces documents confidentiels. Nous proposons une architecture de e-santé permettant la protection des informations personnelles des patients au sein d'un établissement de santé et entre plusieurs établissements. Pour finir, nous avons travaillé dans le domaine de la monétique et plus précisément sur le paiement en ligne. Nous exposons ainsi trois nouveaux protocoles respectant davantage les données personnelles des internautes. Deux d'entre eux sont une amélioration de protocoles existants : 3D-Secure et le protocole d'Ashrafi et Ng. La dernière architecture, totalement nouvelle, permet de procéder à un paiement sur Internet sans fournir aucune information bancaire du client. Pour chacune de ces infrastructures, des exigences de sécurité et de protection de la vie privée sont décrites. Les solutions existantes, ainsi que celles proposées, sont détaillées et analysées en fonction de ces exigences. Les propositions d'architectures respectueuses de la vie privée ont toutes fait l'objet d'une preuve de concept avec une implémentation logicielle.