Global ETD Search

1	Inloggning : Lösenordskryptering och Brute force attack Strandberg, Emil January 2015 (has links) This report is the result of a sub-project of a larger project to create a platform formathematical education. The sub-project focuses on authentication with associ-ated security, where security is emphasized. The project environment is Java EE 6where GlassFish 4.0 acts as the server. The project has been divided into threeparts; password encryption, Java EE authentication and brute force attack. Thepassword encryption part focuses on examining different hash functions executionspeed, the result shows that none of the examined hash algorithms is suitable fordirect use. Instead its recommended to use PBKDF2 with salt to encrypt pass-words. The Java EE section constructs a working application where users can reg-ister and login etc. This is performed as a study of the security tools available inJava EE. The result meets the requirement specification and a section on Java EEsecurity tools is presented. The brute force attack section is a theoretical study ofwhat can be done to protect against a brute force attack. The result shows thatCAPTCHAs is not recommended by OWASP and a system using cookies and aform of userblocking is purposed. The various parts are separated as far as possi-ble through the report with the exception that the result of the password encryp-tion section is applied in the Java EE application. / Denna rapport är resultatet av en deluppgift i ett större projekt att skapa en platt-form för undervisning av matematik. Uppgiften fokuserar på inloggning med till-hörande säkerhet. Projektets miljö är Java EE 6 med Glassfish 4.0 som server.Projektet har delats upp i tre underkategorier; Lösenordskryptering, Java EE in-loggning och Brute force attacks. Lösenordskrypterings delen fokuserar på att un-dersöka olika hashfunktioners exekveringshastighet, resultatet visar att ingen avde algoritmer som undersöks lämpar sig att användas direkt. Istället rekommende-ras system som PBKDF2 med SALT för att kryptera lösenord. Java EE avsnittetkonstruerar en fungerande applikation där användare kan registrera sig och loggain med mera. Arbetet utförs som en studie av vilka säkerhetsverktyg som finnstillgängliga i Java EE. Resultatet uppfyller kravspecifikationen och ett avsnitt omJava EEs verktyg presenteras. Brute force attack-avsnittet är en teoretisk studieav vad som kan göras för att skydda sig mot Brute force attacker. Resultatet visaratt robotfilter inte är rekommenderat av OWASP och ett förslag på ett system somanvänder kakor och en form av användarblockering presenteras. De olika delarnaär separerade så långt som möjligt genom rapporten med undantaget att resultatetav lösenordskrypterings avsnittet tillämpas i Java EE applikationen. Säkerhet i Java EE Auktorisering Autentisering Lösenordskrypte- ring -hashning Brute force attack Computer Sciences Datavetenskap (datalogi)
2	Útok hrubou silou na přístupový systém s pomocí syntetických otisků prstů / Brute Force Attack on Access System Using Synthetic Fingerprints Polehňa, Dominik January 2020 (has links) The work deals with the resistance of the VeriFinger comparison algorithm to synthetic fingerprints. The basics of fingerprints, comparison algorithms and synthetic fingerprint generators are gradually analyzed. In total, three experiments were designed to test the resistance of the algorithm using synthetic fingerprints. An application using the VeriFinger algorithm was implemented to evaluate individual experiments. A total of 2 800 000 synthetic fingerprints were generated across all experiments. The first experiment showed that random fingerprint generation was not effective for real fingerprints, but was somewhat sufficient for synthetic fingerprints. The second experiment proved that comparison and the comparison score could be used to estimate the class of the identified fingerprint, and in the third experiment, by narrowing the generation to one class, it raised the total number of matched fingerprints. The results of individual experiments were written and their possible extension was suggested.
3	Metody ukládání uživatelských hesel v operačních systémech / Password deposition techniques in operating systems Pavlík, Martin January 2009 (has links) This master thesis deals with ways to store passwords in current operating systems. Specifically, this work focuses on Windows, Linux, BSD and OS X. These systems are examined for ways of hashing passwords and on resistance of resulting hashes against various attacks. First (theoretical) section describes the procedures and algorithms that are needed for user authentication. This part also describes methods of hash storing. At the end of the theoretical part are generally described some possible attacks against hash functions. In second (practical) part is described and tested tools for obtaining hashes of the investigated operating systems. Subsequently practical attacks were conducted against obtained hashes by using appropriate tools. Furthermore there are presented results of the attacks. In the conclusion of the work there is a comparison of tools and methods which were used to obtain plaintext passwords from operating systems.
4	A shoulder-surfing resistant graphical password system Alesand, Elias, Sterneling, Hanna January 2017 (has links) The focus of this report is to discuss graphical password systems and how they can contribute to handle security problems that threaten authentication processes. One such threat is shoulder-surfing attacks, which are also reviewed in this report. Three already existing systems that are claimed to be shoulder-surfing resilient are described and a new proposed system is presented and evaluated through a user study. Moreover, the system is compared to the mentioned existing systems to further evaluate the usability, memorability and the time it takes to authenticate. The user study shows that test subjects are able to remember their chosen password one week after having registered and signed in once. It is also shown that the average time to sign in to the system after five minutes of practice is within a range of 3.30 to 5.70 seconds. The participants in the experiments gave the system an average score above 68 on the System Usability Scale, which is the score of an average system. shoulder-surfing resistant graphical password system guessing attacks graphical passwords recognition-based recall-based pure recall-based password security password space pictorial superiority effect brute-force attack dictionary attack hot-spots memorability graphical components authentication Computer Sciences Datavetenskap (datalogi)
5	Utvärdering av nätverkssäkerheten på J Bil AB / Evaluation of the network security at J Bil AB Ahmed, Olfet, Saman, Nawar January 2013 (has links) Detta examensarbete är en utvärdering av nätverkssäkerheten hos J BiL AB, både på social och teknisk nivå. Företaget är beroende av säkra Internet-anslutningar för att nå externa tjänster och interna servrar lokaliserade på olika geografiska platser. Företaget har ingen IT-ansvarig som aktivt underhåller och övervakar nätverket, utan konsulterar ett externt dataföretag. Syftet med examensarbetet är att utvärdera säkerheten, upptäcka brister, ge förbättringsförslag och till viss del implementera lösningar. För att undersöka säkerheten har observationer och intervjuer med personalen gjorts och ett flertal attacker mot nätverket har utförts. Utifrån den data som samlats in kunde slutsatsen dras att företaget har brister vad gäller IT-säkerheten. Framförallt den sociala säkerheten visade sig ha stora luckor vilket till stor del beror på att de anställda varken har blivit utbildade eller fått någon information om hur de ska hantera lösenord, datorer och IT-frågor i allmänt. Förbättringsförslag har getts och viss implementation har genomförts för att eliminera bristerna. De anställda har även med hjälp av en IT-policy och föreläsning blivit utbildade i hur de ska agera och tänka kring IT-relaterade säkerhetsfrågor. / The aim of this project is to evaluate the network security at J Bil AB. The focus will be on both social and technical issues. For the employees to be able to con-nect to remote servers and external services and perform their daily work tasks, secure connections is needed. J Bil Ab has no IT manager who actively maintains and monitors the network; rather they consult a computer company when changes and implementations are required. The projects’ goal is to identify gaps, come up with suggestions for improvement and to some extent implement so-lutions. To do this, an observation of the employees hav been made, an inter-view have been held, and several attacks on the network have been performed. Based on the data collected, it was concluded that the company has shortcom-ings in IT security. Above all, the social security appeared to have major gaps in it and that is mainly because the lack of knowledge among the employees and they have never been informed of how to manage their passwords, computers and IT issues in general. Suggestions for improvement have been given and some implementations have been performed to eliminate the deficiencies. Network security brute-force attack dictionary attack encryption VPN wirelsess networks servers phishing IT Policies Säkerhet social säkerhet brute force ordboksattack kryptering trådlösa nätverk servrar VPN IT-policy phishing Computer Engineering Datorteknik
6	Kryptoanalýza symetrických šifrovacích algoritmů s využitím symbolické regrese a genetického programování / Cryptanalysis of Symmetric Encryption Algorithms Using Genetic Programming Smetka, Tomáš January 2015 (has links) This diploma thesis deals with the cryptanalysis of symmetric encryption algorithms. The aim of this thesis is to show different point of view on this issues. The dissimilar way, compared to the recent methods, lies in the use of the power of evolutionary principles which are in the cryptanalytic system applied with help of genetic programming. In the theoretical part the cryptography, cryptanalysis of symmetric encryption algorithms and genetic programming are described. On the ground of the obtained information a project of cryptanalytic system which uses evolutionary principles is represented. Practical part deals with implementation of symmetric encrypting algorithm, linear cryptanalysis and simulation instrument of genetic programming. The end of the thesis represents experiments together with projected cryptanalytic system which uses genetic programming and evaluates reached results.

1

Page generated in 0.0681 seconds