Vodoznačení statických obrazů / Watermarking of static images

Bambuch, Petr

January 2008

The thesis deals with the security of static images. The main aim is to embed the watermark into the original data so effectively, to avoid removal of the watermark with the use of simple and fast attacks methods. With developing of the watermarking techniques the technique of attacks are improved and developed also. The main aim of the attacks is to remove and devalue the hidden watermark in the image. The goal of the thesis is to check current techniques of static image watermarking and implement two methods of watermarking, which are to be tested for robustness against attacks.

Perspektivy zabezpečení bezdrátových komunikačních sítí / Security prospects of wireless communication networks

Hráček, Jiří

January 2008

This master thesis deals with all types of wireless networks security – in personal, local, metropolitan and also mobile networks. This work is mostly focused on wireless local area networks (WLANs), which are the most widespread at nowadays. This work describes attacks to the wireless local area network, attackers steps and possible protection against it. Some of these attacks are tested in practical part of this work. In this master thesis there were also designed and created two laboratory exercises. One of them is a simulation in the wireless network using Opnet Modeler application. The other exercise is strictly practical type.

Možnosti narušení bezpečnosti bezdrátové přístupové sítě / Security risks of wireless access networks

Špidla, Milan

January 2009

Master´s thesis „Security risks of wireless access networks“ deals with wireless access networks, which are the most widespread in this time. The main target is realization of attacks wireless access networks protected by various using methods. This thesis shows main securities gaps, which originate from project this networks. These securities gaps are used for realization attacts in practical part. In the next part I took attention of network´s monitoring possibilities.

Zabezpečení standardu 802.11 a jeho možnosti / 802.11 standard security techniques and their features

Endrle, Pavel

January 2009

This master´s thesis is about 802.11 standard security techniques and their features. Particular types of this standard and its features are shown in the introduction. Wireless network security cypher alghoritm types, their features, weaknesses and principles of functions are closely described in next few chapters. Realized attacks on these security alghoritms with their principles are described and shown in the practical part of thesis. One chapter is about effectivity, accessibility and practicability valorization of these attacks in practice.

Detekce pomalých síťových útoků / Detection of Slow Network Attacks

Pacholík, Václav

January 2014

This master's thesis is aimed how can be network traffic monitored using IP flows. The description of NEMEA framework that can be used to build complex intrusion detection system. Following chapters describes port scanning methods and SSH protocol which can be used for remote login to the system, which can be exploited by an attacker. These two areas are intended to be detected in a slow attack manner, when attacker using low attack speed, which he can evade multiple detection methods. Proposed method for detection such attacks is using information from the last few connections. Finally, proposed detection method results are further described.

Systém pro analýzu dat z infikovaných počítačů / System for Analysis of Data From Infected Computers

Pečeňa, Jan

January 2011

Presented thesis aims to develop web-based application for AVG Technologies. The application is supposed to bring in every suspicious information from a file, which has been gained from customer's registers, and make customer support more effective and efficient. Designing the application was tightly binded with obtaining an overview of computer threats and attacks. The thesis describes and explains malware and its basic types such as virus, worm, trojan horse, etc. History and features of ASP.NET, PHP, Virus Total web service and Internet Information Service are described as well. The result of the thesis, the application itself, is deployed in real enviroment and ready to be updated with new information sources.

Resource Clogging Attacks in Mobile Crowd-Sensing: AI-based Modeling, Detection and Mitigation

Zhang, Yueqian

17 January 2020

Mobile Crowdsensing (MCS) has emerged as a ubiquitous solution for data collection from embedded sensors of the smart devices to improve the sensing capacity and reduce the sensing costs in large regions. Due to the ubiquitous nature of MCS, smart devices require cyber protection against adversaries that are becoming smarter with the objective of clogging the resources and spreading misinformation in such a non-dedicated sensing environment. In an MCS setting, one of the various adversary types has the primary goal of keeping participant devices occupied by submitting fake/illegitimate sensing tasks so as to clog the participant resources such as the battery, sensing, storage, and computing. With this in mind, this thesis proposes a systematical study of fake task injection in MCS, including modeling, detection, and mitigation of such resource clogging attacks. We introduce modeling of fake task attacks in MCS intending to clog the server and drain battery energy from mobile devices. We creatively grant mobility to the tasks for more extensive coverage of potential participants and propose two take movement patterns, namely Zone-free Movement (ZFM) model and Zone-limited Movement (ZLM) model. Based on the attack model and task movement patterns, we design task features and create structured simulation settings that can be modified to adapt different research scenarios and research purposes. Since the development of a secure sensing campaign highly depends on the existence of a realistic adversarial model. With this in mind, we apply the self-organizing feature map (SOFM) to maximize the number of impacted participants and recruits according to the user movement pattern of these cities. Our simulation results verify the magnified effect of SOFM-based fake task injection comparing with randomly selected attack regions in terms of more affected recruits and participants, and increased energy consumption in the recruited devices due to the illegitimate task submission. For the sake of a secure MCS platform, we introduce Machine Learning (ML) methods into the MCS server to detect and eliminate the fake tasks, making sure the tasks arrived at the user side are legitimate tasks. In our work, two machine learning algorithms, Random Forest and Gradient Boosting are adopted to train the system to predict the legitimacy of a task, and Gradient Boosting is proven to be a more promising algorithm. We have validated the feasibility of ML in differentiating the legitimacy of tasks in terms of precision, recall, and F1 score. By comparing the energy-consuming, effected recruits, and impacted candidates with and without ML, we convince the efficiency of applying ML to mitigate the effect of fake task injection.

Mobile crowdsensing

Machine learning

Security

Self organizing feature map

Clogging attacks

Attack models

Artificial neural networks

Impact of terrorism and counter-terrorism on the right to education

Kihara, Evonne W.

10 October 1900

After the 9/11 terrorist attacks in the United States of America, there has been a shift in the policies of many countries to combat terrorism. Terrorism has had a devastating effect on many. These include „the enjoyment of the right to life, liberty and physical integrity of victims. In addition to these individual costs, terrorism can destabilise Governments, undermine civil society, jeopardise peace and security, and threaten social and economic development.‟ All of these also had a real impact on the enjoyment of human rights. Therefore the fight to curb further terrorist attacks is paramount. States are charged with the responsibility of curbing terrorism by their citizens. But with responsibility comes obligations to the citizenry. States should therefore not engage in policies or actions that further deprive others of their enjoyment of human rights. This is well put by Hoffman when he says „history shows that when societies trade human rights for security, most often they get neither.‟ / Thesis (LLM (Human Rights and Democratisation in Africa)) -- University of Pretoria, 2010. / A dissertation submitted to the Faculty of Law University of Pretoria, in partial fulfilment of the requirements for the degree Masters of Law (LLM in Human Rights and Democratisation in Africa). Prepared under the supervision of Mr. Lukas Muntingh at the Community Law Centre, University of the Western Cape, Cape Town, South Africa. 2010. / http://www.chr.up.ac.za/ / Centre for Human Rights / LLM

UCTD

9/11 terrorist attacks

United States of America

Terrorism

Right to life

Human rights

Caring for traumatized families of 'crucified' clergy : a challenge to pastorial care

Peega, Kgakalane Andries

26 August 2010

The research deals with trauma and violence as these affect women and children in the parsonage household when the clergy experience brutal attacks by parishioners. It focuses on the clergy households of the Methodist Church of Southern Africa especially within the black congregations. So, the hypothesis to this research is that the clergy, within the Methodist Church Of Southern Africa, are ‘crucified’, but no one cares for their families during these ‘crucifixions’- their well- being, feelings, anxiety and safety and security. No one listens to their stories. No one journeys with them. The only thing the church does, is to transfer the affected minister to another circuit wounded and unhealed. The question dealt with in this research is, where do the clergy go when they go through crisis situations? Do they really need pastoral care? Who cares for their families when they the clergy are the direct victims of violence or emotional attacks? Where do they find healing and counseling? For, it is the children and spouse of the clergy that are adversely affected when the clergy go through crisis, because, when one member of the family suffers, the whole body is affected. The research therefore investigates how the church, especially the MCSA has pastorally responded to the impact these ‘crucifixions’ have had on the emotions of the family members of the clergy; the extent and nature of the traumatic experiences of ministers’ families; the difficulties and problems faced by the church to address these problems and finally, make some personal recommendations to the church to effectively deal with these problems. The research concludes by suggesting a model of pastoral care that will help the church to deal with traumatic experiences of its clergy, for the obligation of the church to concern itself with suffering stems from the Bible where prophets and Jesus teach about love. This therefore, is a demonstration that it is imperative for the church to involve itself through pastoral guidance in dealing with such conflicts and its effects in the lives of ministers’ families. Copyright / Dissertation (MA(Theol))--University of Pretoria, 2010. / Practical Theology / Unrestricted

Violence

Children

Women

Clergy

Methodist church of southern africa

Experienced brutal attacks

UCTD

Authentication and SQL-Injection Prevention Techniques in Web Applications

Cetin, Cagri

17 June 2019

This dissertation addresses the top two “most critical web-application security risks” by combining two high-level contributions. The first high-level contribution introduces and evaluates collaborative authentication, or coauthentication, a single-factor technique in which multiple registered devices work together to authenticate a user. Coauthentication provides security benefits similar to those of multi-factor techniques, such as mitigating theft of any one authentication secret, without some of the inconveniences of multi-factor techniques, such as having to enter passwords or biometrics. Coauthentication provides additional security benefits, including: preventing phishing, replay, and man-in-the-middle attacks; basing authentications on high-entropy secrets that can be generated and updated automatically; and availability protections against, for example, device misplacement and denial-of-service attacks. Coauthentication is amenable to many applications, including m-out-of-n, continuous, group, shared-device, and anonymous authentications. The principal security properties of coauthentication have been formally verified in ProVerif, and implementations have performed efficiently compared to password-based authentication. The second high-level contribution defines a class of SQL-injection attacks that are based on injecting identifiers, such as table and column names, into SQL statements. An automated analysis of GitHub shows that 15.7% of 120,412 posted Java source files contain code vulnerable to SQL-Identifier Injection Attacks (SQL-IDIAs). We have manually verified that some of the 18,939 Java files identified during the automated analysis are indeed vulnerable to SQL-IDIAs, including deployed Electronic Medical Record software for which SQL-IDIAs enable discovery of confidential patient information. Although prepared statements are the standard defense against SQL injection attacks, existing prepared-statement APIs do not protect against SQL-IDIAs. This dissertation therefore proposes and evaluates an extended prepared-statement API to protect against SQL-IDIAs.

Authentication methods

Formal verification

GitHub analysis

Prepared statements

SQL-Injection attacks

Computer Engineering

Computer Sciences