Global ETD Search

501	Investigating Security Issues in Industrial IoT: A Systematic Literature Review Milinic, Vasilije January 2021 (has links) The use of Internet-of-Things (IoT) makes it possible to inter-connect Information Technology (IT) and Operational Technology (OT) into a completely new system. This convergence is often known as Industrial IoT (IIoT). IIoT brings a lot of benefits to industrial assets, such as improved efficiency and productivity, reduced cost, and depletion of human error. However, the high inter-connectivity opens new possibilities for cyber incidents. These incidents can cause major damage like halting of production on the manufacturing line, or catastrophic havoc to companies, communities, and countries causing power outages, floods, and fuel shortages. Such incidents are important to be predicted, stopped, or alleviated at no cost. Moreover, these incidents are a great motive for researchers and practitioners to investigate known security problems and find potential moderation strategies. In this thesis work, we try to identify what types of IIoT systems have been investigated in the literature. We seek out to find if software-related issues can yield security problems. Also, we make an effort to perceive what are the proposed methods to mitigate the security threats.We employ the systematic literature review (SLR) methodology to collect this information. The results are gathered from papers published in the last five years and they show an increased interest in research in this domain. We find out software vulnerabilities are a concern for IIoT systems, mainly firmware vulnerabilities and buffer overflows, and there are a lot of likely attacks that can cause damage, mostly injection and DDoS attacks. There are a lot of different solutions which offer the possibility to stop the identified problems and we summarize them. Furthermore, the research gap considering the update process in these systems and devices, as well as a problem with the unsupervised software supply chain is identified. Internet-of-Things (IoT) Industrial Internet of Things (IIoT) Systematic Literature Review (SLR) security vulnerabilities attacks mitigation Computer Sciences Datavetenskap (datalogi)
502	Politics and ‘Playing Rude’ : A Comparative Analysis of Impoliteness in American Presidential Debates 2000-2020 Pandov, Kristian January 2021 (has links) The present study investigates the use of impoliteness in American presidential debates, analyzing whether the use of impoliteness strategies has increased, whether this varies depending on the candidate’s status as an incumbent or a challenger and if Donald Trump is an outlier when compared to his peers. To conduct this study, a total of 12 debates from the last 6 elections (2000-2020) were analyzed. The analysis used Culpeper’s (1996) framework as its base, specifically looking at the frequency and variability in the usage of face-attacks along with a set of output/micro-strategies from Garcia-Pastor (2008) typically used in the primary presidential debates as well as instances of overlaps and interruptions. The results showed, based on nearly all of the measured variables, that there was a significant increase in the 2016 and the subsequent 2020 debates when compared to the preceding ones. Furthermore, there were clear differences found in the incumbent presidents’ strategy choice and frequency when compared to their opponents as the former would typically be more defensive, using less impoliteness. Trump strayed from this established pattern by being vastly more aggressive than his incumbent predecessors. He additionally scored the highest in nearly all of the measured variables, this, in conjunction with the noticeable difference in his use of overlapping speech, as well as direct face-attacks, leads to the conclusion that he is an outlier in his use of impoliteness and a likely catalyst for the increase seen in the 2016-2020 debates. Impoliteness face-attacks impoliteness micro-strategies American presidential debates negativity cycles overlap. Specific Languages Studier av enskilda språk
503	The design and the implementation of the byzantine attack mitigation scheme in cognitive radio ad hoc networks Mapunya, Sekgoari Semaka January 2019 (has links) Thesis ( M.Sc. (Computer Science)) -- University of Limpopo, 2019 / Cognitive radio network, which enables dynamic spectrum access, addresses the shortage of radio spectrum caused by ever-increasing wireless technology. This allows efficient utilisation of underutilised licenced spectrum by allowing cognitive radios to opportunistically make use of available licenced spectrum. Cognitive radios (CR), also known as secondary users, must constantly sense the spectrum band to avoid interfering with the transmission of the licenced users, known as primary users. Cognitive radios must cooperate in sensing the spectrum environment to avoid environmental issues that can affect the spectrum sensing. However, cooperative spectrum sensing is vulnerable to Byzantine attacks where selfish CR falsify the spectrum reports. Hence, there is a need to design and implement a defence mechanism that will thwart the Byzantine attacks and guarantee correct available spectrum access decisions. The use of extreme studentized deviate (ESD) test together with consensus algorithms are proposed in this study to combat the results of the availability of Byzantine attack in a cognitive radio network. The ESD test was used to detect and isolate falsified reports from selfish cognitive radios during the information sharing phase. The consensus algorithm was used to combine sensing reports at each time k to arrive at a consensus value which will be used to decide the spectrum availability. The proposed scheme, known extreme studentized cooperative consensus spectrum sensing (ESCCSS), was implemented in an ad hoc cognitive radio networks environment where the use of a data fusion centre (DFC) is not required. Cognitive radios make their own data fusion and make the final decision about the availability of the spectrum on their sensed reports and reports from their neighbouring nodes without any assistance from the fusion centre. MATLAB was used to implement and simulate the proposed scheme. We compared our scheme with Attack-Proof Cooperative Spectrum Sensing to check its effectiveness in combating the effect of byzantine attack. Cognitive radio network Byzantine attacks Wireless communications Cognitive radio networks Radio -- Packet transmission
504	Protecting Web Applications from SQL Injection Attacks- Guidelines for Programmers Master Thesis Gopali, Gopali January 2018 (has links) Injektionsattack är den mest kritiska säkerhetsapplikationen för webbapplikationer, och SQL-injektion (SQLi) -attack är den mest rapporterade injektionsattacken på webbapplikationer. I denna avhandling har vi identifierat angreppsteknikerna som används av angripare och vi ger också riktlinjer så att programmerarna kan skriva webbapplikationskoder på ett säkert sätt för att förhindra SQLi-attackerna.Metoden som tillämpas för forskningen är litteraturstudie och vi använde vägen bevis genom demonstration för att få den tydliga bilden. Det första steget var att ta reda på kodningsfelen, då utformade vi riktlinjer som kan hjälpa till att skydda webbapplikationer från SQLi-attacker. Denna avhandling kommer att hjälpa programmerarna att förstå de olika kodningsbristerna och hur dessa kodningsfel kan förhindras och för detta har vi använt bevis genom demonstration. Denna avhandling kommer också att bidra till den allmänna medvetenheten om SQLi-attacker, attacker och riktlinjer för programmerare som designar, utvecklar och testar webbapplikationer. / Injection attack is the most critical web application security risk, and SQL-injection (SQLi) attack is the most reported injection attack on web applications. In this thesis, we have identified the attacking techniques used by attackers and we are also providing guidelines so that the programmers can write web application code in a secure way, to prevent the SQLi attacks.The methodology applied for the research is literature study and we used the way proof by demonstration to get the clear picture. The first step was to find out the coding flaws, then we designed guidelines that can help to protect web applications from SQLi attacks. This thesis will help the programmers to understand the various coding flaws and how those coding flaws can be prevented and for this, we have used proof by demonstration. This thesis will also contribute to the general awareness of SQLi attacks, attack types and guidelines for the programmers who are designing, developing and testing web applications. Web application attacks SQLi coding flaws SQLi attack SQL-Injection Top vulnerabilities Cyber Security Engineering and Technology Teknik och teknologier
505	Sécurisation de programmes assembleur face aux attaques visant les processeurs embarqués / Security of assembly programs against fault attacks on embedded processors Moro, Nicolas 13 November 2014 (has links) Cette thèse s'intéresse à la sécurité des programmes embarqués face aux attaques par injection de fautes. La prolifération des composants embarqués et la simplicité de mise en œuvre des attaques rendent impérieuse l'élaboration de contre-mesures.Un modèle de fautes par l'expérimentation basé sur des attaques par impulsion électromagnétique a été élaboré. Les résultats expérimentaux ont montré que les fautes réalisées étaient dues à la corruption des transferts sur les bus entre la mémoire Flash et le pipeline du processeur. Ces fautes permettent de réaliser des remplacements ou des saut d'instructions ainsi que des modifications de données chargées depuis la mémoire Flash. Le remplacement d'une instruction par une autre bien spécifique est très difficile à contrôler ; par contre, le saut d'une instruction ciblée a été observé fréquemment, est plus facilement réalisable, et permet de nombreuses attaques simples. Une contre-mesure empêchant ces attaques par saut d'instruction, en remplaçant chaque instruction par une séquence d'instructions, a été construite et vérifiée formellement à l'aide d'outils de model-checking. Cette contre-mesure ne protège cependant pas les chargements de données depuis la mémoire Flash. Elle peut néanmoins être combinée avec une autre contre-mesure au niveau assembleur qui réalise une détection de fautes. Plusieurs expérimentations de ces contre-mesures ont été réalisées, sur des instructions isolées et sur des codes complexes issus d'une implémentation de FreeRTOS. La contre-mesure proposée se révèle être un très bon complément pour cette contre-mesure de détection et permet d'en corriger certains défauts. / This thesis focuses on the security of embedded programs against fault injection attacks. Due to the spreadings of embedded systems in our common life, development of countermeasures is important.First, a fault model based on practical experiments with a pulsed electromagnetic fault injection technique has been built. The experimental results show that the injected faults were due to the corruption of the bus transfers between the Flash memory and the processor’s pipeline. Such faults enable to perform instruction replacements, instruction skips or to corrupt some data transfers from the Flash memory.Although replacing an instruction with another very specific one is very difficult to control, skipping an instruction seems much easier to perform in practice and has been observed very frequently. Furthermore many simple attacks can carried out with an instruction skip. A countermeasure that prevents such instruction skip attacks has been designed and formally verified with model-checking tool. The countermeasure replaces each instruction by a sequence of instructions. However, this countermeasure does not protect the data loads from the Flash memory. To do this, it can be combined with another assembly-level countermeasure that performs a fault detection. A first experimental test of these two countermeasures has been achieved, both on isolated instructions and complex codes from a FreeRTOS implementation. The proposed countermeasure appears to be a good complement for this detection countermeasure and allows to correct some of its flaws. Attaques par injection de fautes Injection électromagnétique Modèle de fautes Contre-Mesures vérifiées Assembleur Saut d'instruction Fault injection attacks Countermeasures 005.8
506	Security Strategies for Hosting Sensitive Information in the Commercial Cloud Forde, Edward Steven 01 January 2017 (has links) IT experts often struggle to find strategies to secure data on the cloud. Although current security standards might provide cloud compliance, they fail to offer guarantees of security assurance. The purpose of this qualitative case study was to explore the strategies used by IT security managers to host sensitive information in the commercial cloud. The study's population consisted of information security managers from a government agency in the eastern region of the United States. The routine active theory, developed by Cohen and Felson, was used as the conceptual framework for the study. The data collection process included IT security manager interviews (n = 7), organizational documents and procedures (n = 14), and direct observation of a training meeting (n = 35). Data collection from organizational data and observational data were summarized. Coding from the interviews and member checking were triangulated with organizational documents and observational data/field notes to produce major and minor themes. Through methodological triangulation, 5 major themes emerged from the data analysis: avoiding social engineering vulnerabilities, avoiding weak encryption, maintaining customer trust, training to create a cloud security culture, and developing sufficient policies. The findings of this study may benefit information security managers by enhancing their information security practices to better protect their organization's information that is stored in the commercial cloud. Improved information security practices may contribute to social change by providing by proving customers a lesser amount of risk of having their identity or data stolen from internal and external thieves cloud cloud attacks security strategy Social Engineering stolen data Weak Encryption Computer Sciences Criminology Criminology and Criminal Justice Databases and Information Systems
507	Security related self-protected networks: autonomous threat detection and response (ATDR) Havenga, Wessel Johannes Jacobus January 2021 (has links) Doctor Educationis / Cybersecurity defense tools, techniques and methodologies are constantly faced with increasing challenges including the evolution of highly intelligent and powerful new generation threats. The main challenges posed by these modern digital multi-vector attacks is their ability to adapt with machine learning. Research shows that many existing defense systems fail to provide adequate protection against these latest threats. Hence, there is an ever-growing need for self-learning technologies that can autonomously adjust according to the behaviour and patterns of the offensive actors and systems. The accuracy and effectiveness of existing methods are dependent on decision making and manual input by human expert. This dependence causes 1) administration overhead, 2) variable and potentially limited accuracy and 3) delayed response time. In this thesis, Autonomous Threat Detection and Response (ATDR) is a proposed general method aimed at contributing toward security related self-protected networks. Through a combination of unsupervised machine learning and Deep learning, ATDR is designed as an intelligent and autonomous decision-making system that uses big data processing requirements and data frame pattern identification layers to learn sequences of patterns and derive real-time data formations. This system enhances threat detection and response capabilities, accuracy and speed. Research provided a solid foundation for the proposed method around the scope of existing methods and the unanimous problem statements and findings by other authors. (Distributed) denial of service attacks Traffic capture and packet analysis Queueing theory Machine learning Neural networking Multi-vector attack detection
508	The pit, the field and the edifice : a rhetorical analysis of the commemorative 9/11 Ceremonies of September 11, 2002 Hogan, Kevin 01 January 2006 (has links) This thesis analyzes the eulogistic and ideological rhetoric generated by the commemoration ceremonies recognizing the first anniversary of the events of September 11, 2001. By evaluating these ceremonies generically through a set of established epideictic criteria, a comparison and contrast of form and style in relation to their varying situations and rhetorical constraints was achieved. The intentional introduction of deliberative aspects to epideictic rhetoric was also a focus of this study in an attempt to discern the ideological frameworks employed by the various rhetors responsible for the content of the day's events. By analyzing the tokens and ideographs embedded in the rhetoric of the commemorative speakers, the ideological purposes of the planners and rhetors of the ceremonies were revealed. As a nationally televised, ceremonial event, the 9/11 commemoration failed. The mixed messages contained in the eulogies and the lack of a planned rhetorical strategy resulted in an emotionally engaging but fragmented exercise in public discourse. September 11 Terrorist Attacks 2001 Memorial rites and ceremonies Rhetoric Political aspects United States Communication Social and Behavioral Sciences
509	Honeypot study of threats targeting critical infrastructure / Honeypot studie av cyberhot riktade mot kritisk infrastruktur Alberto Scola, Carlo January 2023 (has links) Honeypots are systems with the intent of gathering information about potential threats and, at the same time, shifting part of the attention away from the real targets. In industrial control system environments, honeypots play a significant role and can lead to further threat study while distracting potential attackers away from critical physical systems. Low-interaction honeypots are emulated systems that try to recreate a real environment by simulating applications and protocols. These types of honeypots still need improvements to be efficient, and during this thesis work the focus has been on the Conpot open-source ICS honeypot. Due to their nature, low-interaction honeypots are less appealing to potential attackers than high-interaction honeypots since they do not provide the same level of realism and can be easier discovered. Earlier works showed ways to increase the ability to attract more visitors and an improved setup of Conpot has been evaluated. Its results have been analyzed and compared with the default installation. Several advancements have been implemented as well as custom features and working functionalities, such as a customized industrial system design, improved logging, and a web API proxy. The goal of this work is to answer the investigated hypothesis which consists in finding out if an improved version of the low-interaction honeypot can yield more significant results. By evaluating the network traffic received, the outcome has been insightful and showcased a distinguished improvement over the original version of the honeypot. The ICS protocols displayed a more considerable number of interactions along with an increased amount of attacks. In conclusion, further development for the Conpot honeypot is desirable which would largely improve its performance and practicality in real-world deployments. / Honeypots är ett system med avsikten att samla information om potentiella hot och samtidigt avleda uppmärksamheten från de verkliga målen. I industriella kontrollsystemsmiljöer spelar honungskrukor en viktig roll och kan leda till ytterligare hotstudier samtidigt som potentiella angripare distraheras från viktiga fysiska system. Honeypots med låg interaktion är emulerade system som försöker återskapa verkliga miljöer genom att simulera applikationer och protokoll. Dessa typer av honeypots behöver fortfarande förbättringar för att vara effektiva, och under detta examensarbete har fokus legat på Conpot open source ICS honeypots. På grund av designbegränsningar är honeypots med låg interaktion mindre tilltalande för potentiella angripare än honeypots med hög interaktion. Tidigare arbeten har visat sätt att öka möjligheten att locka fler besökare och en förbättrad installation av Conpot har utvärderats och dess resultat har analyserats och jämförts med standardinstallationen. Flera framsteg har implementerats samt anpassade funktioner och fungerande funktioner, såsom en anpassad industriell systemdesign, förbättrad loggning och en webb-API-proxy. Målet med detta arbete är att svara på den undersökta hypotesen som går ut på att ta reda på om en förbättrad version av honungskrukan med låg interaktion kan ge mer signifikanta resultat. Genom att utvärdera den mottagna nätverkstrafiken har resultatet varit insiktsfullt och visat upp en stor förbättring jämfört med den ursprungliga versionen av honeypot. ICS-protokollen visade ett större antal interaktioner tillsammans med en ökad mängd attacker. Sammanfattningsvis är det önskvärt med en vidareutveckling av Conpot honeypot som avsevärt skulle förbättra dess prestanda och praktiska användning i den verkliga världen. ICS Honeypots Modbus SCADA Enip Conpot Bacnet FTP IPMI Network security Cyber attacks Computer and Information Sciences Data- och informationsvetenskap
510	Eavesdropping Attacks on Modern-Day Connected Vehicles and Their Ramifications / Avlyssningsattacker på moderna uppkopplade bilar och deras följder Bakhshiyeva, Afruz, Berefelt, Gabriel January 2022 (has links) Vehicles today are becoming increasingly more connected. Most cars are equipped with Bluetooth, Wi-Fi and Wi-Fi hotspot capabilities and the ability to connect to the internet via a cellular modem. This increase in connectivity opens up new attack surfaces for hackers to exploit. This paper aims to study the security of three different cars, a Tesla Model 3 (2020), an MG Marvel R (2021) and a Volvo V90 (2017), in regards to three different eavesdropping attacks. The performed attacks were a port scan of the vehicles, a relay attack of the key fobs and a MITM attack. The study discovered some security risks and discrepancies between the vehicles, especially regarding the open ports and the relay attack. This hopefully promotes further discussion on the importance of cybersecurity in connected vehicles. / Bilar idag har blivit alltmer uppkopplade. Idag har de inte bara bluetooth och Wi-Fi funktionalitet utan vissa bilar har förmågan att kopplas till internet via ett mobilt bredband. Denna trend har visats ge bilar nya attackytor som hackare kan utnyttja. Målet med denna studie är att testa säkerheten hos tre olika bilar, Tesla Model 3 (2020), MG Marvel R (2021) och Volvo V90 (2017) med åtanke på tre olika avlyssningsattacker. De attackerna som studien valde var port-skanning på bilen, relä-attack på bilnycklarna och mannen-i-mitten attack. Studien hittar vissa säkerhetsrisker och skillnader mellan de olika bilarna särskilt vid reläattacken och port-skanningen som förhoppningsvis främjar en fortsatt diskussion om cybersäkerhetens vikt för säkrare uppkopplade bilar. Connected vehicle hacking pentest eavesdropping security Tesla Model 3 Volvo XC40 MG Marvel R automotive cybersecurity interception attacks passive attacks wireless attacks Wi-Fi attacks attack surface relay attack port scan man-in-the-middle attack Uppkopplade fordon hacking avlyssning säkerhet Tesla Model 3 Volvo XC40 MG Marvel R fordonscybersäkerhet avlyssningsattacker passiva attacker trådlösa attacker Wi-Fi-attacker attackyta relä-attack port-skanning mannen-i-mitten attack Computer Sciences Datavetenskap (datalogi)

Search results