RISKS AND CONSEQUENCES OF CYBER- ATTACKS AFFECTING DSO'S AND ELECTRICAL SUPPLIER’S BUSINESS PROCESSES IN THE SUPPLIER CENTRIC MODEL

Gonzalez Hernandez, Rodrigo

January 2016

There has been a motivated desire from different power system operators to have more systems embedded in computing and networking due to the great advantages of adding new capabilities that wasn't before possible. These advantages increased the power system’s up-time, performance and reduced its maintenance but opened a world of possible cyber-attacks. In January 2016, the Ukrainian electricity infrastructure suffered the first power outage caused by destructive malware that left hundreds and thousands of end-users without electricity during the Christmas holidays. Malicious malware are starting to cover cyber-physical systems that connect the physical technical equipment with the networked computational resources. One of these resources, which are currently being further developed, involves futuristic procedures for the electrical billing process. This means that data corruption could lead to both economical and physical consequences, leading to a decrease of the public's trust on metering equipments, the overall smart grid concept and the electricity market actors. The Nordic and Swedish electricity market is under transition to the Supplier Centric Model (SCM), a new market model, which facilitates the billing and payment towards the end-users and the interactions between electrical suppliers and Distribution System Operators (DSO). This model uses a centralized data service hub for information exchange that is owned and operated by the Swedish Transmission System Operator (TSO). Vattenfall IT has thus jointly with the department of Electric Power and Energy systems (EPE) at KTH launched this master thesis that focuses on the risks and consequences caused by cyber-attacks in the SCM. An adversary may cause unwanted actions by business process hacking or knowledge-based hacking by analyzing the business processes maps within the SCM One of the aims of the thesis was to identify the business process vulnerabilities and events of the DSO's and supplier’s business processes in the SCM if the system was under attack and when the power system operator was unaware that the presented data was corrupted. The outcome of the thesis will help improve the business process resilience against cyber-attacks thus leading to an increased trust in the SCM from the general public. Different related attack-scenarios (AS) were investigated to provide a generic solution for improvements to all relevant business service actors. The risks and consequences were found, analyzed and used for developing suggestive improvements for the Billing Business Process (BBP). / Det har funnits ett motiverat önskemål från olika elkraftsoperatörer att flera system inbäddas i datoranvändningen och nätverken på grund av de många fördelar och nya förmågor som inte var möjliga förut. Dessa förmågor ökade elkraftsystemens tillgänglighet, prestanda och minskade dess underhåll men öppnade en värld av möjliga cyber-attacker. Den Ukrainska elektriska infrastrukturen upplevde det första strömavbrottet orsakad av destruktiva skadeprogram som lämnade tusentals användare strömlösa under julen 2015. Skadeprogrammen har börjat täcka cyber-fysiska system som kopplar det fysiska tekniska utrustningen med de nätverskopplade beräkningsresurserna. En av dessa resurser, som för närvarande är under utveckling, involverar framtida procedurer åt faktureringsprocessen för elektricitet. Detta betyder att data korruption kan leda till både ekonomiska och fysiska konsekvenser vilket leder till en förminskning av det allmänna förtroendet på mätningsutrustningen, det generella smarta elnätskonceptet och på elmarknadsaktörerna. Den nordiska och svenska elmarknaden är under övergång till Elleverantörs Centriska Modellen (SCM), en ny marknadsmodell som underlättar fakturering och betalningen gentemot användarna och växelverkan mellan elleverantörerna och elnätsföretagen (DSO). Denna modell använder en centraliserad tjänstehubb för informationsutbytet som ägs och drivs av den svenska systemansvariga myndigheten (TSO). Vattenfall IT har således tillsammans med avdelningen Energi och Elkraft (EPE) på KTH lanserat detta examensarbete som fokuserar på riskerna och konsekvenserna orsakade av cyber-attacker i SCM. Motståndaren kan orsaka oönskade handlingar via hackning av affärsprocesserna eller kunskapsbaserat hackning genom att analysera affärsprocesskartorna inom SCM. Ett mål av examensarbetet var att identifiera affärsprocessernas sårbarheter och händelser av en DSO och elleverantörs affärsprocesser i SCM om systemen var under anfall och elkraftsoperatören är ovetande att det presenterade data är korrumperat. Examensarbetets resultat kommer hjälpa att förbättra affärsprocessernas spänstighet mot cyber-attacker vilket kommer leda till ett ökat förtroende på SCM från allmänheten. Olika relaterade cyber-attack scenarion undersöktes för att förse en generisk lösning för förbättringar åt alla relevanta verksamhetsaktörer. Riskerna och konsekvenserna var funna, analyserade och användes för att utveckla förbättringsförslagen åt faktureringsprocessen (BBP).

Data service hub

Process resilience

Supplier Centric Model

Business Process hacking

Tjänstehubb

Process spänstighet

Elleverantörs Centriska Modellen

Process hackning

Cyber-Säkerhet och Nordiska elmarknaden

Elektroteknik och elektronik

Factors Influencing the Implementation of Information Security Risk Management : A case study of Nigerian Commercial Banks

Aghaunor, Gabriel, Okojie, Bukky E

January 2022

The banking industry is one of the critical infrastructures in any economy. The services rendered by banks are systematically based on innovation, products, and technology to leverage their services. Several associated risks come along with the rendering of these banking services. The protection of critical information assets of any banking organization should be a top priority of the management. They must ensure that adequate provision is made to develop a strong strategy to control, reduce, and mitigate tasks, such as fraud, cyber-attacks, and other forms of cybersecurity exploitations.  Risk management is a series of actions to identify, assess and control threats and vulnerabilities in an organization's capital investment and revenue. These potential risks arise from diverse sources like credit risk, liquidity risk, financial uncertainties, legal actions, technology failures, business strategic management errors, accidental occurrences, and natural disasters.  This research study aimed to investigate the factors influencing the implementation of information security risk management in Nigerian Commercial Banks, using a social-technical system framework to address a fundamental human risk factor, which contributes predominately to the failure in information security risk management. These research was motivated by the fact that Nigerian banking sector is facing serious threats' threat emanate from cyber-attacks. Evidenced by the ever-increasing cyber-attacks, as demonstrated by a total of 1,612 complaints from consumers of financial services over banking fraud and aggressive charges received between July and December 2018 of which 99.38% of these incidences were against the commercial banks. The banks are faced with a lot of vulnerabilities and cybersecurity threats, and most of the attacks that happened within the banking sector are focused on the customers, and employees through phishing and social engineering. These showed weaknesses in information security management within the Nigerian banking industry.  However, the study was guided by the social-technical theory that advocates for overall training to the stakeholders that helps in changing their beliefs and norms about organization of IS security. In order to find out the factors influencing the implementation of information security risks management in respect of Nigerian Commercial Banks, this study evaluated the influence of management support, technical experts support, funding and users’ security awareness to curb the cyber-attacks in Nigerian financial sector. The contribution of this research is expected to lead to the improvement in the financial system, and organizations, where cybersecurity and information security risk management processes are taken seriously, to reduce the high level of information security risk, threats, and vulnerabilities. Nigeria is a developing country, and at the same time fighting to develop a more conducive business investment environment to attract both national and international investors.  A mixed approach research (qualitative and quantitative) method was used to validate this research study. Data collection tools used included interviews and questionnaires. Data analysis was done using the SPSS and logistic regression model.

Information Security Risk Assessment

Qualitative

Quantitative

Management Support

Funding

Technical Experts’ Support

Cyber Security

Banking

ATM

Information Systems

Lingvistisk knäckning av lösenordsfraser / Linguistical passphrase cracking

Sparell, Peder

January 2015

För att minnas långa lösenord är det inte ovanligt att användare rekommenderas att skapa en mening som sedan sätts ihop till ett långt lösenord, en lösenordsfras. Informationsteoretiskt sett är dock ett språk väldigt begränsat och förutsägbart, varför enligt Shannons definition av informationsteori en språkriktig lösenordsfras bör vara relativt lätt att knäcka. Detta arbete riktar in sig på knäckning av språkriktiga lösenordsfraser, dels i syfte att avgöra i vilken grad det är tillrådligt att basera en lösenordspolicy på lösenordsfraser för skydd av data, dels för att allmänt tillgängliga effektiva metoder idag saknas för att knäcka så långa lösenord. Inom arbetet genererades fraser för vidare användning av tillgängliga knäckningsprogram, och språket i fraserna modelleras med hjälp av en Markov-process. I denna process byggs fraserna upp genom att det används antal observerade förekomster av följder av bokstäver eller ord i en källtext, så kallade n-gram, för att avgöra möjliga/troliga nästkommande bokstav/ord i fraserna. Arbetet visar att genom att skapa modeller över språket kan språkriktiga lösenordsfraser knäckas på ett praktiskt användbart sätt jämfört med uttömmande sökning. / In order to remember long passwords, it is not uncommon users are recommended to create a sentence which then is assembled to form a long password, a passphrase. However, theoretically a language is very limited and predictable, why a linguistically correct passphrase according to Shannon's definition of information theory should be relatively easy to crack. This work focuses on cracking linguistically correct passphrases, partly to determine to what extent it is advisable to base a password policy on such phrases for protection of data, and partly because today, widely available effective methods to crack these long passwords are missing.  Within the work of this thesis, phrases were generated for further processing by available cracking applications, and the language of the phrases were modeled using a Markov process. In this process, phrases were built up by using the number of observed instances of subsequent characters or words in a source text, known as n-grams, to determine the possible/probable next character/word in the phrases. The work shows that by creating models of language, linguistically correct passphrases can be broken in a practical way compared to an exhaustive search.

passwords

information security

cyber security

IT forensics

passphrases

markov chains

n-gram

entropy

cracking

lösenord

informationssäkerhet

it-säkerhet

it-forensik

lösenordsfraser

markovkedjor

n-gram

entropi

knäckning

Computer Sciences

Datavetenskap (datalogi)

Development of an Instrument to Measure the Level of Acceptability and Tolerability of Cyber Aggression: Mixed-Methods Research on Saudi Arabian Social Media Users

Albar, Ali Aldroos

05 1900

Cyber aggression came about as a result of advances in information communication technology and the aggressive usage of the technology in real life. Cyber aggression can take on many forms and facets. However, the main focus of this study is cyberbullying and cyberstalking through information sharing practices that might constitute digital aggressive acts. Human aggression has been extensively investigated. Studies focusing on understanding the causes and effects that can lead to physical and digital aggression have shown the prevalence of cyber aggression in different settings. Moreover, these studies have shown strong relationship between cyber aggression and the physiological and physical trauma on both perpetrators and their victims. Nevertheless, the literature shows a lack of studies that could measure the level of acceptance and tolerance of these dangerous digital acts. This study is divided into two main stages; Stage one is a qualitative pilot study carried out to explore the concept of cyber aggression and its existence in Saudi Arabia. In-depth interviews were conducted with 14 Saudi social media users to collect understanding and meanings of cyber aggression. The researcher followed the Colaizzi’s methods to analyze the descriptive data. A proposed model was generated to describe cyber aggression in social media applications. The results showed that there is a level of acceptance to some cyber aggression acts due to a number of factors. The second stage of the study is focused on developing scales with reliable items that could determine acceptability and tolerability of cyber aggression. In this second stage, the researcher used the factors discovered during the first stage as source to create the scales’ items. The proposed methods and scales were analyzed and tested to increase reliability as indicated by the Cronbach’s Alpha value. The scales were designed to measure how acceptable and tolerable is cyber-bullying, cyber-stalking in Saudi Arabia and the sharing of some information in social media applications. The results show a strong tolerance level of those activities. This study is a valuable resource for advanced-level students, educators, and researchers who focus on cyber security, cyber psychology, and cyber aggression in social network sites.

cyber aggression

cyber bullying

cyber stalking

online harassment

cyber security

social networking sites

social media sites

human-computer interaction

information behavior

Cyberbullying -- Saudi Arabia.

Toleration -- Saudi Arabia.

Online social networks -- Saudi Arabia.

Social media -- Saudi Arabia.

Cyberstalking -- Saudi Arabia.

Vliv kybernetického terorismu na americkou bezpečnostní politiku / The Influence of Cyber Terrorism Threat on the American Security Policy

Rezek, Tomáš

January 2015

(English) The aim of this dissertation is to answer the question of whether the U.S. security policy is influenced by the threat of cyber terrorism. The dissertation is divided into chapters that can be regarded as steps in a logical reasoning process. In the first chapter, cyber space is introduced and described to illustrate its importance and complexity. The next chapter analytically compares various definitions of terrorism, and partially rejects the initial hypothesis that cyber terrorism is not included in the general definition of terrorism. The following chapter statistically analyzes the available data on terrorist groups and terrorist attacks to empirically confirm the hypothesis that terrorism is still a real threat to American security. The analysis actually proves that the threat of terrorism has not decreased in relation to the number of terrorist groups. It also shows that the number of terrorist attacks against the U.S. targets has significantly decreased in the United States, while terrorist actions have been increasing constantly on a global level. The analysis shows that the success rate of terrorists attacks does not form a time series, and therefore each terrorist attack has to be examined individually to assess its success probability. The following analysis reviews the...

MPLS-based mitigation technique to handle cyber attacks / Technique de mitigation des cyber-attaques basée sur MPLS

Hachem, Nabil

04 July 2014

Les cyber-attaques pourraient engendrer des pertes qui sont de plus en plus importantes pour les utilisateurs finaux et les fournisseurs de service. Ces attaques sont, en outre, élevées par une myriade des ressources infectées et comptent surtout sur les réseaux pour être contrôlées, se propager ou endommager. Face à ces risques, il y a un besoin essentiel qui se manifeste dans la réponse à ces nombreuses attaques par des stratégies de défense efficaces. Malgré les multitudes efforts dévouées pour mettre en œuvre des techniques de défense complètes afin de se protéger contre les attaques réseaux; les approches proposées n’ont pas parvenus à satisfaire toutes les exigences. Les stratégies de défense impliquent un processus de détection complété par des actions de mitigation. Parallèlement à l’importance accordée à la conception des stratégies de détection, il est essentiel de fermer la boucle de sécurité avec des techniques efficaces permettant d’atténuer les impacts des différentes attaques. Dans cette thèse, nous proposons une technique pour réagir aux attaques qui abusent les ressources du réseau, par exemple, DDoS, botnet, distribution des vers, etc. La technique proposée s’appuie sur des approches de gestion du trafic et utilise le standard Multiprotocol Label Switching (MPLS) pour gérer le trafic diagnostiqué comme abusant du réseau, tout en invoquant les processus de détection. Les objectifs de notre technique peuvent être résumés comme suit: d’une part, fournir les moyens — par la qualité de service et schémas de routage — à séparer les flux suspects des légitimes, et d’autre part de prendre le contrôle des flux suspects. Nous bénéficions de l’extension du MPLS au niveau d’inter-domaine pour permettre une coopération entre les fournisseurs, permettant par suite la construction d’un mécanisme de défense à grande échelle. Nous développons un système afin de compléter les aspects de gestion de la technique proposée. Ce système effectue plusieurs tâches telles que l’extraction de données d’alerte, l’adaptation de la stratégie et la configuration des équipements. Nous modélisons le système en utilisant une approche de regroupement et un langage de politiques de sécurité afin de gérer de manière cohérente et automatique le contexte et l’environnement dans lequel la technique de mitigation est exécutée. Enfin, nous montrons l’applicabilité de la technique et du système à travers des différentes simulations tout en évaluant la qualité de service dans des réseaux MPLS. L’application de la technique a démontré son efficacité dans non seulement la mitigation des impacts des attaques mais aussi dans l’offre des avantages financiers aux acteurs de la chaîne de sécurité, à savoir les fournisseurs de service / Cyber attacks cause considerable losses not only for end-users but also service providers. They are fostered by myriad of infected resources and mostly rely on network resources for whether propagating, controlling or damaging. There is an essential need to address these numerous attacks by efficient defence strategies. Researchers have dedicated large resources without reaching a comprehensive method to protect from network attacks. Defence strategies involve first a detection process, completed by mitigation actions. Research on detection is more active than on mitigation. Yet, it is crucial to close the security loop with efficient technique to mitigate counter attacks and their effects. In this thesis, we propose a novel technique to react to attacks that misuse network resources, e.g., DDoS, Botnet, worm spreading, etc. Our technique is built upon network traffic management techniques. We use the Multiprotocol Label Switching (MPLS) technology to manage the traffic diagnosed to be part of a network misuse by detection processes. The goals of our technique can be summarized as follows: first to provide the means — via QoS and routing schemes — to segregate the suspicious flows from the legitimate traffic; and second, to take control over suspicious flows. We profit from the enhancement on the inter-domain MPLS to permit a cooperation among providers building a large-scale defence mechanism. We develop a system to complete the management aspects of the proposed technique. This system performs tasks such as alert data extraction, strategy adaptation and equipments configurations. We model the system using a clustering method and a policy language in order to consistently and automatically manage the mitigation context and environment in which the proposed technique is running. Finally, we show the applicability of the technique and the system through simulation. We evaluate and analyse the QoS and financial impacts inside MPLS networks. The application of the technique demonstrates its effectiveness and reliability in not only alleviating attacks but also providing financial benefits for the different players in the mitigation chain, i.e., service providers

Sécurité des réseaux

Cybersécurité

Cyberdéfense

MPLS

Qualité de service (QoS)

Réponses aux attaques

Gestion du trafic réseau

Gestion des politiques de sécurité

Network security

Cyber security

Cyber defence

MPLS

QoS (Quality of Service)

Attacks responses

Network traffic management

Policy-based management

Ransomware-attacker : En kvalitativ studie kring informationssäkerhetsarbetet inom mindre svenska kommuner

Järgenstedt, Tindra, Kvernplassen, Nelly

January 2023

Ransomware-attacker har blivit ett allt större hot i och med samhällets ständigt pågående digitalisering. Denna studie undersöker vilka faktorer som är viktiga för att förhindra ransomware-attacker mot mindre svenska kommuner. För att åstadkomma detta genomfördes semistrukturerade intervjuer med sex olika respondenter. De som intervjuades arbetade alla i mindre svenska kommuner och hade god insyn och kunskap kring kommunens IT- och informationssäkerhetsarbete. Materialet analyserades sedan utifrån Protection Motivation Theory (PMT). Studien diskuterar både kommunernas attityd till informationssäkerhet samt konstaterar vilka säkerhetsåtgärder som utmärker sig som viktigast. Dessa var skyddade säkerhetskopior, utbildning samt kontinuitetsplaner kopplade till just IT-attacker. / Ransomware attacks have become an increasing threat with the ongoing digitalization of society. This study investigates what factors are important to prevent ransomware attacks against smaller Swedish municipalities. To accomplish this, semi-structured interviews were conducted with six different respondents. The interviewees all worked in smaller Swedish municipalities and had good insight and knowledge of the municipality's IT and information security work. The material was then analyzed using Protection Motivation Theory (PMT). The study discusses both the municipalities' attitude to information security and notes which security measures stand out as most important. These were protected backups, education and continuity plans linked to IT attacks. The paper then concludes with suggestions for further research.

Information Security

Cyber security

Ransomware attack

Qualitative research

Swedish municipalities

Protection Motivation Theory

Kill-chain

Informationssäkerhet

Cybersäkerhet

Ransomware-attack

Kvalitativ studie

Svenska kommuner

Protection Motivation Theory

Kill Chain

Information Systems, Social aspects

Analyzing Radial Basis Function Neural Networks for predicting anomalies in Intrusion Detection Systems / Utvärdera prestanda av radiella basfunktionsnätverk för intrångsdetekteringssystem

Kamat, Sai Shyamsunder

January 2019

In the 21st century, information is the new currency. With the omnipresence of devices connected to the internet, humanity can instantly avail any information. However, there are certain are cybercrime groups which steal the information. An Intrusion Detection System (IDS) monitors a network for suspicious activities and alerts its owner about an undesired intrusion. These commercial IDS’es react after detecting intrusion attempts. With the cyber attacks becoming increasingly complex, it is expensive to wait for the attacks to happen and respond later. It is crucial for network owners to employ IDS’es that preemptively differentiate a harmless data request from a malicious one. Machine Learning (ML) can solve this problem by recognizing patterns in internet traffic to predict the behaviour of network users. This project studies how effectively Radial Basis Function Neural Network (RBFN) with Deep Learning Architecture can impact intrusion detection. On the basis of the existing framework, it asks how well can an RBFN predict malicious intrusive attempts, especially when compared to contemporary detection practices.Here, an RBFN is a multi-layered neural network model that uses a radial basis function to transform input traffic data. Once transformed, it is possible to separate the various traffic data points using a single straight line in extradimensional space. The outcome of the project indicates that the proposed method is severely affected by limitations. E.g. the model needs to be fine tuned over several trials to achieve a desired accuracy. The results of the implementation show that RBFN is accurate at predicting various cyber attacks such as web attacks, infiltrations, brute force, SSH etc, and normal internet behaviour on an average 80% of the time. Other algorithms in identical testbed are more than 90% accurate. Despite the lower accuracy, RBFN model is more than 94% accurate at recording specific kinds of attacks such as Port Scans and BotNet malware. One possible solution is to restrict this model to predict only malware attacks and use different machine learning algorithm for other attacks. / I det 21: a århundradet är information den nya valutan. Med allnärvaro av enheter anslutna till internet har mänskligheten tillgång till information inom ett ögonblick. Det finns dock vissa grupper som använder metoder för att stjäla information för personlig vinst via internet. Ett intrångsdetekteringssystem (IDS) övervakar ett nätverk för misstänkta aktiviteter och varnar dess ägare om ett oönskat intrång skett. Kommersiella IDS reagerar efter detekteringen av ett intrångsförsök. Angreppen blir alltmer komplexa och det kan vara dyrt att vänta på att attackerna ska ske för att reagera senare. Det är avgörande för nätverksägare att använda IDS:er som på ett förebyggande sätt kan skilja på oskadlig dataanvändning från skadlig. Maskininlärning kan lösa detta problem. Den kan analysera all befintliga data om internettrafik, känna igen mönster och förutse användarnas beteende. Detta projekt syftar till att studera hur effektivt Radial Basis Function Neural Networks (RBFN) med Djupinlärnings arkitektur kan påverka intrångsdetektering. Från detta perspektiv ställs frågan hur väl en RBFN kan förutsäga skadliga intrångsförsök, särskilt i jämförelse med befintliga detektionsmetoder.Här är RBFN definierad som en flera-lagers neuralt nätverksmodell som använder en radiell grundfunktion för att omvandla data till linjärt separerbar. Efter en undersökning av modern litteratur och lokalisering av ett namngivet dataset användes kvantitativ forskningsmetodik med prestanda indikatorer för att utvärdera RBFN: s prestanda. En Random Forest Classifier algorithm användes också för jämförelse. Resultaten erhölls efter en serie finjusteringar av parametrar på modellerna. Resultaten visar att RBFN är korrekt när den förutsäger avvikande internetbeteende i genomsnitt 80% av tiden. Andra algoritmer i litteraturen beskrivs som mer än 90% korrekta. Den föreslagna RBFN-modellen är emellertid mycket exakt när man registrerar specifika typer av attacker som Port Scans och BotNet malware. Resultatet av projektet visar att den föreslagna metoden är allvarligt påverkad av begränsningar. T.ex. så behöver modellen finjusteras över flera försök för att uppnå önskad noggrannhet. En möjlig lösning är att begränsa denna modell till att endast förutsäga malware-attacker och använda andra maskininlärnings-algoritmer för andra attacker.

anomaly

cyber security

evaluation

machine learning

radial basis function

random forest classifier

supervised learning

anomali

cybersäkerhet

utvärdering

maskininlärning

radialbaserad funktion

slumpmässig skogsklassificering

övervakad inlärning

Computer and Information Sciences

Data- och informationsvetenskap

What are Users Willing to Comply With to Avoid Phishing? : An Interview-based Case Study

Bårman, Jennifer

January 2023

Phishing (nätfiske) fortsätter att vara ett av de vanligaste hoten för användare på Internet. På grund av detta så har mycket forskning gjorts på säkerhetsåtgärder för att identifiera och stoppa nätfiske. Mycket av detta arbete går till maskininlärning, medans ett välkänt behov av utbildning av användarsäkerhet på Internet finns. Användare är den största sårbarheten inom IT, och de borde därför bli utbildade och uppmuntrade att agera säkert på Internet. Denna studie fokuserade på ett mellanstort företag som jobbar med IT i Sverige, på dess användares förmåga och vilja att hantera sin epost säkert för att undvika att gå på nätfiske. Detta har studerats genom intervjuer med anställda på företaget. För möjlighet för transparens och replikering av studiens resultat så startades intervjuerna med att etablera respondenternas bakgrund och erfarenhet med nätfiske. Detta följdes av en demonstration av de vanligaste tecknen på nätfiske som hölls för varje intervjuade individ, för att försäkra att de hade kunskap om dem. Demonstrationen följdes sedan av ytterligare frågor som uppmuntrade deltagarna att först reflektera på ämnet, och sedan möjligheter för dem att utöka sin kunskap.Det som kom fram under intervjuerna var att användarna på företaget alla hade erfarenhet av nätfiske och visste i teorin hur man identifierar nätfiske. Detta trots att majoriteten av medverkande inte hade någon officiell utbildning inom ämnet. Alla användare som medverkade var villiga att göra det som förväntas av dem ifrån företaget. Alla respondenter i denna studie var villiga att göra det de kan för att undvika nätfiske, och några var villiga att gå längre än så på deras arbetsplats genom att utöka deras kompetens. Ingen medverkande i studien uttryckte ovilja att utbilda sig själv ytterligare i ämnet. Två av de åtta respondenterna tog emellertid upp ett starkt argument, att tiden för kontrollen av eposten inte borde överskrida användbarheten av processen. Sammanfattningsvis så har vissa användare behov av incentiv för att förbättra sin säkerhet, någon form av förklaring för varför vissa åtgärder behövs. Om sådant rättfärdigande kunde göras så fanns inga klagomål eller motvilja till att agera mer säkert. / Phishing continues to be one of the most common threats for users of the Internet. As such, a lot of research is made into security measures to identify and stop phishing. A lot of this work goes into machine learning, while it is known that user education on Internet security is needed. Users are the biggest vulnerability within IT, and should therefore be educated and encouraged to act securely on the Internet. This study's focus is on a medium-sized company working with IT in Sweden, on their users’ ability and willingness to handle their emails securely to avoid falling for phishing scams.This was studied through interviews with employees of the company. For the sake of transparency and replication, the interviews were started by establishing the respondents’ background and experiences with phishing. Following this a demonstration of some of the most common tells of phishing was held for each interviewee, to ensure that they know about them. The demonstration was then followed by further questions encouraging the interviewees to reflect upon first the subject, then possible opportunities for them to further their knowledge.What was found is that the users of the company all had experience with phishing and were knowledgeable in theory about how to identify phishing. This is despite the majority of the participants having no official education on the subject. It was found that all users who participated were willing to do what they are expected to do from the company. All respondents in this study were willing to do what they could to avoid phishing, and some were willing to go beyond that at their workplace by expanding their skills. No participant in the study expressed unwillingness to educate themselves further on the subject. However, an important opinion raised by two of the eight respondents was the aspect of time consumed to control all emails should not overshadow the usefulness of the practice. It was concluded that some users needed incentives to improve their security, justifications of why certain measures were needed. If such justifications could be made, there were no complaints or reluctance to act more securely.

User perspective

Phishing

Spear-phishing

Security

Cyber-security

Information security

Learning

Education

Usable security

User awareness

Användarperspektiv

Nätfiske

Riktat nätfiske

Säkerhet

Cybersäkerhet

Informationssäkerhet

Lärande

Utbildning

Användarsäkerhet

Användarmedvetenhet

Information Systems

System Design for Import and Export of Classified Information Over Less Secure Systems

Eneroth, Daniel, Åberg Lindell, Pontus

January 2023

This thesis aims to define a secure system design for reducing the security classification of a document. A reduced security classification makes it possible for the document to traverse an intermediate system with lower security measures before reaching a system with sufficient security measures to manage the original document. A pressing requirement for companies and governments to secure their digital assets arises with the digitization of societal functions and the continuously escalating tensions in world politics. Digital security as a software implementation is no longer sufficient due to the ongoing race between digital offense and defense. It has become imperative for security to be an integral consideration at every stage of system design, such that it is implemented in a manner that prevents software from being transformed into a liability. In Sweden, actors in both the private and public sectors that are deemed of national importance are required to comply with several laws and regulations if they possess an IT system. A key principle in most of these regulations is the requirement for military-approved signal protection if an actor intends to transmit classified information through an intermediary system that does not conform with the system´s implemented security measures. Our design proposes using an information manager and a secret sharing scheme, the contents of the original document are encrypted in such a way that no decryption key is required while still achieving information-theoretic security. We can ensure integrity and confidentiality by using a dual-diode configuration for import- and export systems. This implies that as long as an antagonist does not have the resources to eavesdrop on all communication, the integrity and confidentiality of the sending and the receiving systems, as well as the transported document, can be ensured.

Computer science

computer communication

information security

cyber security

system design

Datavetenskap

datakommunikation

informationssäkerhet

cybersäkerhet

systemdesign

Natural Sciences

Naturvetenskap

Computer Engineering

Datorteknik

Computer Sciences

Datavetenskap (datalogi)

Information Systems