Global ETD Search

71	Towards authentication via selected extraction from electronic personal history Nosseir, Ann January 2007 (has links) Confidential electronic services such as chat, e-commerce and banking services should be accessible by their clients at any time and from anywhere. This sets new requirements for a cheap, usable, and safe authentication mechanism. Knowledge-based authentication, such as the use of passwords, is relatively convenient, easy and cheap to implement. However, it suffers from memorability problems that lead to insecure behaviour such as users writing down passwords, or choosing guessable passwords. The best techniques that build on the how the human memory operates use personal information and images. However, these techniques are also more vulnerable to guessability (De-Angeli et al. 2005)attacks especially by friends and family. 005.8
72	High performance platform independent content analysis for network processing Munoz, Antonio January 2013 (has links) The Internet is the global infrastructure for communication, education, entertainment and commerce. As network systems increase in connection speeds and data volume, high performance network intrusion detection and prevention systems must evolve to protect users and businesses from organized and opportunistic crimes motivated by financial and political interests. A detailed study of several well-known network intrusion detection and prevention systems (e.g. Snort) revealed the platform dependency of security rules notation. This thesis describes the design and implementation of Snort2regex, an efficient and accurate tool for compiling Snort rules into regular expression syntax. The regular expression syntax provides a platform independent notation that ensures high levels of security in multiple environments. Several alternative parallel architectures are introduced to attempt to improve the performance of network intrusion detection and prevention systems. I~ order to show the benefits of the Snort2regex compiler, this work also presents SnortEX, a novel software based network intrusion detection and prevention system that benefits from the scalability of the parallel architectures previously introduced. The proposed architecture of SnortEX was evaluated. and several methods of optimization are studied [0 improve the performance and integration between the Snort2regex compiled rule set and SnortEX. Finally, the system is benchmarked and shows a 3 to 17x improvement in performance against a standard Snort implementation. 005.8
73	Intrusion detection for communication network security in power systems Yang, Yi January 2013 (has links) In response to the emergence of cybersecurity issues in smarter grids, a number of IT security approaches have been presented. However, in practice, power networks with legacy systems are more difficult to update, patch and protect using conventional IT security techniques. This research presents a contribution to cybersecurity using Intrusion Detection Systems (IDS) in power systems. An intrusion detection methodology provides an approach to identify evidence of abnormal communication behaviours in a passive mode that does not impact normal operation of power systems but provides pre-emptive knowledge of potential threats and incidents. This thesis proposes and develops new intrusion detection approaches for Smart Grid cybersecurity that are applied in Supervisory Control and Data Acquisition (SCADA) and synchrophasor systems in order to monitor the operation of such systems and detect cyber threats against these systems resulting from malicious attacks or misuse by legitimate users. One of the proposed intrusion detection approaches combines whitelist categorisation with behaviour-based detection methods to identify known and unknown attacks by considering the operational features and the communication • protocols of SCADA and synchrophasor systems. Furthermore, SCADA-specific and synchrophasor-specific cybersecurity solutions are presented using test-beds to investigate, simulate and exemplify the impacts of cyber attacks on SCADA and synchrophasor systems. The proposed SCADA-specific IDS (SCADA-IDS) and Synchrophasor-Specific IDS (SSIDS) are implemented and verified using two lest-beds. In addition, a hybrid IDS is proposed for SCADA networks using the IEC 60870-5- 104 protocol, which contains signature-based, model-based and stateful detection methods. The proposed hybrid IDS is implemented and validated using the Internet Traffic and Content Analysis (ITACA) platform and the open source Snort tool. These new detection tools proposed in this thesis allow the cybersecurity of significant power systems communications networks to be improved, thus contribution 10 the security and reliability of the Smart Grid as a whole. 005.8
74	The robustness of text CAPTCHAs Salah El Ahmad, Ahmad January 2012 (has links) CAPTCHA is a standard security technology that relies on open AI problems to tell computers and humans apart. The most widely deployed CAPTCHAs are text-based schemes. Robustness and usability are two fundamental requirements of CAPTCHA design, as in many other security systems they often interconnect and challenge each other. The state-of-the-art of CAPTCHA design suggests that text CAPTCHAs should rely on the segmentation resistance principle to provide robustness assurance; as individual character recognition is a solved problem. This principle has gained wide popularity and is currently adopted by many CAPTCHA schemes, including those used by Microsoft, Yahoo, and Google. This thesis first answers: Are CAPTCHAs that adopt the segmentation resistance principle vulnerable to novel segmentation attacks? Our examination of various well known segmentation resistant CAPTCHA schemes suggests that simple but novel low-cost attacks can break them with a high success rate. The second question this thesis attempts to answer is: How can we systematically examine CAPTCHA robustness? Traditional approaches for examining CAPTCHA robustness rely on techniques adopted by computer vision, document understanding, and machine-learning communities. It is assumed that a CAPTCHA AI challenge remains an open problem until further progress has been made in these communities; that is how lazy cryptographers do AI. However, seldom have such examinations of CAPTCHA design focused on CAPTCHAs as a security mechanism, rather the main goal is advancing such fields. In this thesis we promote a different, much simpler, methodology for examining CAPTCHA robustness as a security mechanism. In essence, our methodology applies adversarial thinking skills by searching for exploitable invariants found in the design of CAPTCHA. In particular, we demonstrate our methodology on various CAPTCHA schemes; some are representative of major segmentation resistance mechanisms, while others rely on the use of colour or OCR techniques as a defence against attacks. With each examination we learn lessons on how to design better CAPTCHA schemes and lessons on the trade-offs between CAPTCHA robustness and usability. The main novel contributions of this thesis are: A systematic framework that classifies common exploitable invariants for attacking text CAPTCHAs and for aiding the design of next generation CAPTCHAs; extensive case studies highlighting the implications of the use of colour in CAPTCHA design; the identification of usability issues associated with commonly used defence mechanisms in CAPTCHA design, and finally we conclude with general design principles on mainstream segmentation resistance mechanisms. In general, this thesis contributes to a better understanding of how to design robust and usable text CAPTCHA schemes. 005.8
75	Reasoning about secrecy in the rank function framework Delicata, Roberto January 2006 (has links) No description available. 005.8
76	Software-implemented attack tolerance for critical information retrieval Yang, Yunwen January 2004 (has links) The fast-growing reliance of our daily life upon online information services often demands an appropriate level of privacy protection as well as highly available service provision. However, most existing solutions have attempted to address these problems separately. This thesis investigates and presents a solution that provides both privacy protection and fault tolerance for online information retrieval. A new approach to Attack-Tolerant Information Retrieval (ATIR) is developed based on an extension of existing theoretical results for Private Information Retrieval (PIR). ATIR uses replicated services to protect a user's privacy and to ensure service availability. In particular, ATIR can tolerate any collusion of up to t servers for privacy violation and up to ƒ faulty (either crashed or malicious) servers in a system with k replicated servers, provided that k ≥ t + ƒ + 1 where t ≥ 1 and ƒ ≤ t. In contrast to other related approaches, ATIR relies on neither enforced trust assumptions, such as the use of tanker-resistant hardware and trusted third parties, nor an increased number of replicated servers. While the best solution known so far requires k (≥ 3t + 1) replicated servers to cope with t malicious servers and any collusion of up to t servers with an O(n^*^) communication complexity, ATIR uses fewer servers with a much improved communication cost, O(n1/2)(where n is the size of a database managed by a server).The majority of current PIR research resides on a theoretical level. This thesis provides both theoretical schemes and their practical implementations with good performance results. In a LAN environment, it takes well under half a second to use an ATIR service for calculations over data sets with a size of up to 1MB. The performance of the ATIR systems remains at the same level even in the presence of server crashes and malicious attacks. Both analytical results and experimental evaluation show that ATIR offers an attractive and practical solution for ever-increasing online information applications. 005.8
77	Intelligent agents-based networks security Abouzakhar, Nasser Salem January 2005 (has links) The growing dependence of modem society on telecommunication and information networks has become inevitable. The increase in the number of networks interconnected over the Internet has led to an increase in security threats. The existing mobile and fixed network systems and telecommunication protocols are not appropriately designed to deal with current developed distributed attacks. I started my research work by exploring the deployment of intelligent Agents that could detect network anomalies and issue automated response actions. An Intelligent Agent (IA) [Knapik et at, 1998] is an entity that carries out some set of operations on behalf of a user or other software with some degree of independence or autonomy. The investigation of the Agents paradigm led to a deep understanding of the underlying problem; therefore, machine learning has turned my attention to Bayesian learning and Fuzzy logic approaches. A modelled network intrusion detector has been proposed. This model sets Agents with learning capabilities for detecting current as well as similar future distributed network attacks. In order to detect those anomalies as early as possible, the Bayesian network approach has been proposed. This approach is considered to be a promising method in determining suspicious network anomaly events that consequently relates them to subsequent dependent illegitimate activities. This research suggests innovative ways to develop Intelligent Agents that incorporate Bayesian learning to address network security risks associated with the current Networks Intrusion Detection Systems (NIDSs) designs and implementations. Because NIDSs have traditionally focused on detecting attacks, and while detection serves a vital purpose, it does not provide the ultimate solution. As aresult, an effective response mechanism to those detected attacks is required to minimise their effect and hence enhance NIDSs capabilities. Therefore, other Agents with Fuzzy intelligence capabilities have been proposed to initiate successful automated response actions. Fuzzy Agents have been proposed to handle this task with the ability to respond quickly and dynamically control the availability of allocated network resources. The evaluation methodology used to assess the performance of the developed models has been concentrated on detecting as well as predicting unauthorised activities in networks. By means of evaluation and validation, as well as empirical evidence, we are able to determine the effectiveness of the developed models and assumptions. The performance of developed detection model algorithms for unsupervised learning tasks has been evaluated using well known standard methods such as Confusion matrix. The achieved results indicate that the developed model led to a substantial reduction of the false alarms, with significant increase in the detection rates. This research work is operating within the context of two domains the first drawn from the network security community and the other from the machine learning community. It investigates the deployment of both Bayesian Learning as a probabilistic approach and Fuzzy Intelligence as a possibilistic approach to networks security. This is to detect as well as predict future evolving network anomalies, and to effectively respond to those developed attacks and minimise their effects. Consequently, it may provide innovative solutions that can be implemented in a cost-effective manner. 005.8
78	Risk reduction through technological control of personal information Atkinson, Shirley January 2007 (has links) Abuse and harm to individuals, through harassment and bullying, coexist with Identity Theft as criminal behaviours supported by the ready availability of personal information. Incorporating privacy protection measures into software design requires a thorough understanding about how an individual's privacy is affected by Internet technologies. This research set out to incorporate such an understanding by examining privacy risks for two groups of individuals, for whom privacy was an important issue, domestic abuse survivors and teenagers. The purpose was to examine the reality of the privacy risks for these two groups. This research combined a number of approaches underpinned by a selection of foundation theories from four separate domains: software engineering; information systems; social science; and criminal behaviour. Semi-structured interviews, focus groups, workshops and questionnaires gathered information from managers of refuges and outreach workers from Women's Aid; representatives from probation and police domestic violence units; and teenagers. The findings from these first interactions provided specific examples of risks posed to the two groups. These findings demonstrated that there was a need for a selection of protection mechanisms that promoted awareness of the potential risk among vulnerable individuals. Emerging from these findings were a set of concepts that formed the basis of a novel taxonomy of threat framework designed to assist in risk assessment. To demonstrate the crossover between understanding the social environment and the use of technology, the taxonomy of threat was incorporated into a novel Vulnerability Assessment Framework, which in turn provided a basis for an extension to standard browser technology. A proof-of-concept prototype was implemented by creating an Internet Explorer 7.0 browser helper object. The prototype also made use of the Semantic Web protocols of Resource Description Framework and the Web Ontology Language for simple data storage and reasoning. The purpose of this combination was to demonstrate how the environment in which the individual primarily interacted with the Internet could be adapted to provide awareness of the potential risk, and to enable the individual to take steps to reduce that risk. Representatives of the user-groups were consulted for evaluation of the acceptability of the prototype approach. The favourable ratings given by the respondents demonstrated the acceptability of such an approach to monitoring personal information, with the provision that control remained with the individual. The evaluation exercise also demonstrated how the prototype would serve as a useful tool to make individuals aware of the dangers. The novel contribution of this research contains four facets: it advances understanding of privacy protection for the individual; illustrates an effective combination of methodology frameworks to address the complex issue of privacy; provides a framework for risk assessment through the taxonomy of threat; and demonstrates the novel vulnerability assessment framework through a proof-of-concept prototype. 005.8
79	User authentication and supervision in networked systems Dowland, Paul Steven January 2004 (has links) This thesis considers the problem of user authentication and supervision in networked systems. The issue of user authentication is one of on-going concern in modem IT systems with the increased use of computer systems to store and provide access to sensitive information resources. While the traditional username/password login combination can be used to protect access to resources (when used appropriately), users often compromise the security that these methods can provide. While alternative (and often more secure) systems are available, these alternatives usually require expensive hardware to be purchased and integrated into IT systems. Even if alternatives are available (and financially viable), they frequently require users to authenticate in an intrusive manner (e.g. forcing a user to use a biometric technique relying on fingerprint recognition). Assuming an acceptable form of authentication is available, this still does not address the problem of on-going confidence in the users’ identity - i.e. once the user has logged in at the beginning of a session, there is usually no further confirmation of the users' identity until they logout or lock the session in which they are operating. Hence there is a significant requirement to not only improve login authentication but to also introduce the concept of continuous user supervision. Before attempting to implement a solution to the problems outlined above, a range of currently available user authentication methods are identified and evaluated. This is followed by a survey conducted to evaluate user attitudes and opinions relating to login and continuous authentication. The results reinforce perceptions regarding the weaknesses of the traditional username/password combination, and suggest that alternative techniques can be acceptable. This provides justification for the work described in the latter part o f the thesis. A number of small-scale trials are conducted to investigate alternative authentication techniques, using ImagePIN's and associative/cognitive questions. While these techniques are of an intrusive nature, they offer potential improvements as either initial login authentication methods or, as a challenge during a session to confirm the identity of the logged-in user. A potential solution to the problem of continuous user authentication is presented through the design and implementation o f a system to monitor user activity throughout a logged-in session. The effectiveness of this system is evaluated through a series of trials investigating the use of keystroke analysis using digraph, trigraph and keyword-based metrics (with the latter two methods representing novel approaches to the analysis of keystroke data). The initial trials demonstrate the viability of these techniques, whereas later trials are used to demonstrate the potential for a composite approach. The final trial described in this thesis was conducted over a three-month period with 35 trial participants and resulted in over five million samples. Due to the scope, duration, and the volume of data collected, this trial provides a significant contribution to the domain, with the use of a composite analysis method representing entirely new work. The results of these trials show that the technique of keystroke analysis is one that can be effective for the majority of users. Finally, a prototype composite authentication and response system is presented, which demonstrates how transparent, non-intrusive, continuous user authentication can be achieved. 005.8
80	A generic architecture for insider misuse monitoring in IT systems Phyo, Aung Htike January 2007 (has links) Intrusion Detection Systems (IDS) have been widely deployed within many organisations' IT nenvorks to delect network penetration attacks by outsiders and privilege escalation attacks by insiders. However, traditional IDS are ineffective for detecting o f abuse o f legitimate privileges by authorised users within the organisation i.e. the detection of misfeasance. In essence insider IT abuse does not violate system level controls, yet violates acceptable usage policy, business controls, or code of conduct defined by the organisation. However, the acceptable usage policy can vary from one organisation to another, and the acceptability o f user activities can also change depending upon the user(s), application, machine, data, and other contextual conditions associated with the entities involved. The fact that the perpetrators are authorised users and that the insider misuse activities do not violate system level controls makes detection of insider abuse more complicated than detection o f attacks by outsiders. The overall aim o f the research is to determine novel methods by which monitoring and detection may be improved to enable successful detection of insider IT abuse. The discussion begins with a comprehensive investigation o f insider IT misuse, encompassing the breadth and scale of the problem. Consideration is then given to the sufficiency of existing safeguards, with the conclusion that they provide an inadequate basis for detecting many o f the problems. This finding is used as the justification for considering research into alternative approaches. The realisation of the research objective includes the development of a taxonomy for identification o f various levels within the system from which the relevant data associated with each type of misuse can be collected, and formulation of a checklist for identification of applications that requires misfeasor monitoring. Based upon this foundation a novel architecture for monitoring o f insider IT misuse, has been designed. The design offers new analysis procedures to be added, while providing methods to include relevant contextual parameters from dispersed systems for analysis and reference. The proposed system differs from existing IDS in the way that it focuses on detecting contextual misuse of authorised privileges and legitimate operations, rather than detecting exploitation o f network protocols and system level \ailnerabilities. The main concepts of the new architecture were validated through a proof-of-concept prototype system. A number o f case scenarios were used to demonstrate the validity of analysis procedures developed and how the contextual data from dispersed databases can be used for analysis of various types of insider activities. This helped prove that the existing detection technologies can be adopted for detection o f insider IT misuse, and that the research has thus provided valuable contribution to the domain. 005.8

Search results