Global ETD Search

351	What are the motivations and barriers for incorporating multi-factor authentication among IT students? Henriksson, Adam January 2022 (has links) The need for greater account security has grown as the globe has become more digitally connected. One of the solutions available today is multi-factor authentication, which enables users to add additional authentication factors to secure their accounts. However, multi-factor authentication has not become widespread in organisations due to a lack of user accessibility and knowledge of the subject's importance. This study aimed to identify possible motivations and barriers to adopting multi-factor authentication from students at the University of Skövde to motivate possible improvements in the education and tools of multi-factor authentication. Ten students from the Network and system administration program at the University of Skövde were interviewed in the spring of 2022. The answers received were analysed qualitatively with thematic analysis. The results from the analysed answers formed a theme named ‘NSA students consider themselves secure’ derived from the three categories found during the coding. All students were familiar with multi-factor authentication and its importance for account security. Despite this, not all the students used it for their private accounts, stating that they considered it inconvenient and not required. The students who used multi-factor authentication did not use it for every account they owned, instead opting to secure important services like email, social media and crypto-wallets. Based on the results, improvements regarding usability in authenticator applications and teaching users about the cybersecurity risks and advantages of utilising MFA may increase its adoption rate. / <p>Adam Lasu Henriksson</p> IT Cybersecurity Information security MFA 2FA Information Systems Learning Lärande Information Systems, Social aspects
352	Security of Embedded Software : An Analysis of Embedded Software Vulnerabilities and Related Security Solutions Gaboriau-Couanau, Clément January 2017 (has links) The increased use of computer systems for storing private data or doing critical operations leads to some security issues gathered in the area cybersecurity. This neologism leads people to think about the security of information systems and general-purpose computers. However, with the growth of the Internet of Things, embedded systems are also concerned with these issues. The speed of development of this area often leads to a backwardness in the security features. The thesis investigates the security of embedded systems by focusing on embedded software. After classifying the vulnerabilities which could be encountered in this field, a first part of this work introduces the realisation of a document gathering guidelines related to secure development of embedded software. This realisation is based on an analysis of the literature review, but also on the knowledge of engineers of the company. These guidelines are applied to the project of a client. The result of their application allows us to prove their consistency and to write a set of recommendations to enhance the security of the project. The thesis presents the implementation of some of them. Particularly, it introduces a way to secure an Inter-Process Communication (IPC) mean: D-Bus, through a proof of concept. The result shows that the security policy of D-Bus is efficient against some attacks. Nevertheless, it also points out that some att acks remain feasible. The solution is implemented on an embedded board to analyse the computational overhead related to this embedded aspect. As expected, a more complex and detailed a policy is, the higher the overhead tends to be. Nevertheless, this computational overhead is proportional to the number of rules of the policy. / Den ökade användningen av datorsystem för att lagra privata data eller göra kritiska operationer leder till vissa säkerhetsproblem som samlas i området cybersäkerhet. Denna neologism leder människor att tänka på säkerhetssystemen för informationssystem och allmänt tillgängliga datorer. Men med tillväxten av saker i saken är inbyggda system också berörda av dessa frågor. Utvecklingshastigheten för detta område leder ofta till en underutveckling säkerhetsfunktionerna.Avhandlingen undersöker säkerheten för inbyggda system genom att fokusera på inbyggd programvara. Efter att ha klassificerat de sårbarheter som kan uppstå i det här fältet introducerar en första del av det här arbetet realisationen av ett dokument av riktlinjer om säker utveckling av inbyggd programvara. Denna insikt bygger på en analys av litteraturgranskningen, men också på kunskap om ingenjörer i företaget. Dessa riktlinjer tillämpas på en kunds projekt.Resultatet av deras ansökan gör det möjligt för oss att bevisa deras konsistens och att skriva rekommendationer för att förbättra projektets säkerhet. Avhandlingen presenterar genomförandet av några av dem. Ett sätt införs särskilt patt säkra en interprocesskommunikation (IPC) menande: DBus, genom ett konceptbevis. Resultatet visar att D-Busens säkerhetspolitik är effektiv mot vissa attacker. Det påpekar emellertid också att vissa attacker fortfarande är möjliga. Lösningen implementeras på ett inbyggd kort för att analysera beräkningsoverhead som är relaterad till denna inbyggda aspekt. Som förväntat är en mer komplex och detaljerad politik, desto högr e överhuvudtaget tenderar att vara. Ändå är denna beräkningskostnad proportionell mot antalet av regler av säkerhetspolitiken. Embedded Software Cybersecurity Guideline Inter-Process Communication (IPC) D-Bus Monitoring Inbyggd Programvara Cybersäkerhet Riktlinje Interprocesskommunikation (IPC) D-Bus Övervakning Computer Sciences Datavetenskap (datalogi)
353	Penetration testing of a smart speaker / Penetrationstestning av en smart högtalare Nouiser, Amin January 2023 (has links) Smart speakers are becoming increasingly ubiquitous. Previous research has studied the security of these devices; however, only some studies have employed a penetration testing methodology. Moreover, most studies have only investigated models by well-known brands such as the Amazon or Google. Therefore, there is a research gap of penetration tests on less popular smart speaker models. This study aims to address this gap by conducting a penetration test on the less popular JBL Link Music with firmware version 23063250. The results show that the speaker is subject to several security threats and is vulnerable to some attacks. The Bluetooth Low Energy implementation is vulnerable to passive eavesdropping. Additionally, the speaker is vulnerable to an 802.11 denial of service attack, and a boot log containing sensitive information can be accessed through a serial communication interface. It is concluded that the speaker is, in some aspects, insecure. / Smarta högtalare blir alltmer närvarande. Tidigare forskning har undersökt säkerheten kring dessa, dock har endast några använt en penetrerings testnings metolologi. Därutover har de flesta studier endast studerat modeller av välkända varumärken som Google eller Amazon. Därmed finns en vetenskaplig kunskapslucka kring penetrationstester av mindre populära modeller. Denna studie syftar till att bemöta denna lucka genom att utföra ett penetrationstest av den mindre populära JBL Link Music med mjukvaruversion 23063250. Resultaten visar att högtalaren är utsatt för flera säkerhetshot och är sårbar för några attacket. Bluetooth Low Energy implementationen är sårbar för passiv avlyssning. Därutöver är högtalaren sårbar för en 802.11 denial of service attack och en boot logg innehållande känslig information kan nås genom ett seriellt kommunikations gränssnitt. Slutsatsen dras att högtalaren, i vissa aspekter, är osäker. Penetration testing Ethical hacking Smart speaker Cybersecurity Internet of Things Penetrationstestning Etisk hackning Smart högtalare Cybersäkerhet Sakernas Internet Computer and Information Sciences Data- och informationsvetenskap
354	Penetration Testing of an In-Vehicle Infotainment System / Penetrationstestning av ett Infotainmentsystem i Fordon Andersson, Philip January 2022 (has links) With the growing demand for smart and luxurious vehicles, the automotive industry has moved toward developing technologies to enhance the in-vehicle user experience. As a result, most vehicles today have a so-called In-Vehicle Infotainment (IVI) system, or simply an infotainment system, which provides a combination of information and entertainment in one system. IVI systems are used to control, for instance, the audio, navigation, and air conditioning in vehicles. Increasingly more IVI systems are also connected to the internet which has enabled features such as web browsers and third-party apps on them. This raises questions concerning the cybersecurity of IVI systems. As more vehicles are connected to the internet, it increases the risk of vehicles getting hacked. Previous research has shown that it is possible to take control of an entire vehicle by hacking the IVI system. In this thesis, penetration testing was conducted on an IVI system included on a rig from Volvo Cars to find potential vulnerabilities in the system. To the best of the author’s knowledge, this is the first paper describing penetration tests performed on a greater attack surface of the Android Automotive operating system used by the IVI system than previous research which only focused on the attack surface of third-party apps. Moreover, threat modeling was performed by employing the threat analysis and risk assessment part of the ISO/SAE 21434: Road vehicles — Cybersecurity engineering. This has not yet been done in the research area of security of IVI systems as far as the author knows. The results from the various penetration tests show that no major vulnerabilities were discovered in the IVI system. However, several findings were made in the thesis where the main one was that multiple content providers, managing access to storage (e.g., relational databases) in Android, were found to be exported by Android apps on the IVI system, and that some of these were vulnerable to SQL injection. This vulnerability of some of the content providers was exploited but did not lead to any collection of private information. For future work, penetration testing of the cellular interface of the IVI system is suggested. / Med en ökad efterfrågan för smarta och lyxiga fordon så har fordonsindustrin behövt utveckla teknologier som förbättrar användarupplevelsen i fordon. Ett resultat av detta är att de flesta fordon idag har ett så kallat infotainmentsystem vilket kombinerar information och underhållning i ett system. Infotainmentsystem används till exempel för att styra ljudet, navigationen och luftkonditioneringen i fordon. Fler infotainmentsystem börjar också bli uppkopplade mot internet som möjliggör för användare att surfa på internet och ladda ner tredjepartsappar. Detta väcker frågor beträffande cybersäkerheten hos dessa. I takt med att fler fordon blir uppkopplade mot internet så ökar det risken för att fordon blir hackade. Tidigare forskning har visat att det är möjligt att ta kontroll över ett helt fordon genom att hacka infotainmentsystemet. I detta examensarbete har penetrationstestning utförts på ett infotainmentsystem som var inkluderad på en rigg från Volvo Personvagnar för att hitta potentiella säkerhetsbrister i infotainmentsystemet. Till författarens bästa vetskap är denna rapport den första som beskriver om penetrationstester utförda på en större attackyta av operativsystemet Android Automotive som används av infotainmentsystemet än tidigare forskning som bara har fokuserat på tredjepartsappar som attackyta. Hotmodellering har också utförts i examensarbetet enligt ett avsnitt kallad hotanalys och riskbedömning i ISO/SAE 21434: Vägfordon — Process och metod för cybersäkerhet. Detta har ännu inte gjorts inom forskningsområdet säkerhet för infotainmentsystem så vitt författaren känner till. Resultaten från de olika penetrationstesterna visar att inga allvarliga säkerhetsbrister hittades i infotainmentsystemet. Dock gjordes flera upptäckter under examensarbetet där den mest väsentliga var att ett flertal innehållsleverantörer, som hanterar åtkomst till lagring (t.ex. relationsdatabaser) i Android, var exporterade från Android appar på infotainmentsystemet, och att några av dem var sårbara till SQL-injektioner. Denna sårbarhet hos vissa innehållsleverantörer utnyttjades men ledde inte till någon insamling av privat information. Ett förslag för framtida arbeten är att utföra penetrationstestning på det mobila gränssnittet hos infotainmentsystemet. Cybersecurity Penetration testing In-Vehicle Infotainment system Android Automotive ISO/SAE 21434 Cybersäkerhet Penetrationstestning Infotainmentsystem i fordon Android Automotive ISO/SAE 21434 Computer Sciences Datavetenskap (datalogi)
355	Working from Home : The New Norm in a Post-COVID-19 World : Information and Cyber Security in the Digital Work from Home Environment Ringström, Sebastian January 2023 (has links) Work from Home (WFH) gained momentum as a result of the pandemic. When large portions of the world were under government mandated lockdowns, and forced to institute WFH, companies began to slowly realize that the WFH model come with significant benefits such as the possibility to reduce office space or obtaining access to talent globally. Employees too are incentivized to WFH as it allows them more freedom in where to live, reduce commuting costs, and allow employees to space out work during the day and better manage energy levels. The thesis investigated cybersecurity and information security risks connected to the WFH model through collecting qualitative data by conducting a systematic literature review to gain background knowledge on the topic which was then used to create the interview guide that was used to carry out semi-structured interviews with four heterogeneous Swedish companies of various sizes, working in different fields. The SLR identified social engineering attacks in general, and phishing attacks in particular, to be the greatest threat to employees working in a WFH model suggesting employee security awareness training to be the key security measure in protecting the WFH model. The semi-structured interviews revealed that companies working in a WFH model have also drawn the same conclusion and have made significant efforts to raise security awareness through employee training programs. Telework Work from Home WFH Remote Work Cybersecurity Information Security Incentives Cyberattacks Security Awareness Security Culture Information Systems
356	DIGITAL LITERACY AND THE PERCEPTIONS OF ONLINE GROOMING Motunrola Mutiat Afolabi (17199070) 18 October 2023 (has links) <p dir="ltr">Recent developments in computer technology have increased the number of internet stalkers, child pornographers, traffickers and sexual predators. In a world where digital literacy is on the rise and people strive to keep up with the latest technology, this paper explores the relationship between digital literacy and online grooming(computer-mediated sexual grooming) and offline grooming (localized sexual grooming) and the effect of age, gender, marital status and parental status on the way individuals perceive grooming. This data was collected via a survey from 256 respondents who are 18 years and above and classified as parents within the United States. Several analyses such as correlations, Mann-Whitney U test and Kruskal Wallis H test were conducted, and our results suggest that there is a relationship between digital literacy and the perceptions of grooming, which may have implications on cybersecurity awareness training. The results highlight the importance of digital literacy in the perception of computer-mediated sexual grooming and familial sexual grooming, with enough evidence to support its essential role in people’s sense of safety. In conclusion, this study emphasized the need for targeted programs and campaigns to create education and awareness with the aim of improving parental digital literacy skills, understanding of grooming risks, and responsible Internet use education across society.</p> digital literacy minors computer-mediated sexual grooming familial sexual grooming localized sexual grooming online grooming offline grooming perception prevalence
357	Penetration testing of current smart thermostats : Threat modeling and security evaluation of Shelly TRV and Meross Smart Thermostat / Penetrationstestning av aktuella smarta termostater : Hotmodellering och säkerhetbedömning av Shelly TRV och Meross Smart Termostat Lindberg, Adam January 2023 (has links) As smart homes become increasingly common and concerns over Internet of Things (IoT) security grow, this study delves into the vulnerabilities of smart thermostats. These devices offer convenience but also comes with increased risk of cyber attacks. This study evaluates the susceptibility of the Shelly Thermostatic Radiator Valve (TRV) and the Meross Smart Thermostat to potential threats across various attack vectors – encompassing firmware, network, radio, and cloud – through penetration testing guided by the PatrIoT methodology. Findings reveal four unknown vulnerabilities in the Meross Smart Thermostat and two in the Shelly TRV. These vulnerabilities consist of insecure firmware updates, lack of network encryption, exploitable radio communication, and cloud-related gaps. Recommendations aiming at mitigating the found vulnerabilities include implementing secure Wi-Fi access points for both models during setup, and ensuring strong encryption for the Meross Smart Thermostat’s radio communication. The study contributes to an increased awareness of potential security risks associated with these devices, though the extent of vulnerabilities across all smart thermostat models cannot be definitively concluded. / I takt med att smarta hem blir allt vanligare och med växande medvetenhet om säkerhet för Internet of Things (IoT), undersöker denna studie potentiella sårbarheter hos smarta termostater. Dessa enheter förenklar användares vardag, men ger också upphov till nya cyberhot. Denna studie granskar Shelly TRV och Meross Smart Thermostat för potentiella hot inom attackvektorerna firmware, nätverk, radio och moln, genom penetreringstestning som vägleds av PatrIoT-metodiken. Resultatet är fyra upptäckta sårbarheter i Meross-modellen och två i Shelly Thermostatic Radiator Valve (TRV) inklusive osäkra firmware-uppdateringar, brist på nätverkskryptering, utnyttjbar radiokommunikation och molnrelaterade problem. Rekommendationer med syfte att mitigera de upptäckta sårbarheterna inkluderar att implementera säkra Wi-Fi-åtkomstpunkter för båda modellerna under installationen och att säkerställa stark kryptering för Meross Smart Thermostat:s radiokommunikationen. Studien bidrar till en ökad medvetenhet om potentiella säkerhetsrisker som är förknippade med dessa enheter, även om det inte kan fastställas hur vanligt det är med sårbarheter i smarta termostater IoT penetration testing Smart thermostat Ethical hacking PatrIoT Cybersecurity IoT penetrationstestning Smart termostat Etisk hackning PatrIoT Cybersäkerhet Computer and Information Sciences Data- och informationsvetenskap
358	Demonstration of Digital Selective Call spoofing / Förfalskning av Digitala Selektivanrop Lindbäck, Axel, Javid, Yamha January 2023 (has links) Digital Selective Calling (DSC) is a vital maritime communications and safety system, enabling ships in distress to alert nearby vessels and coast guard stations of their emergency. While DSC is suitable for calling, its technical format is substandard from a cybersecurity perspective. Specifically, this work aims to demonstrate that Very High Frequency (VHF) DSC distress calls can be spoofed using Software Defined Radio (SDR). A VHF DSC distress call encoder and VHF DSC SDR signal constructor were developed. The forged distress call was transmitted using various techniques to two different DSC decoder programs, as well as to the maritime VHF transceiver ICOM IC-M510. It was shown that all of the targeted DSC decoders were susceptible to spoofing. This thesis concludes that VHF DSC distress calls can be spoofed using SDR, and infers that the DSC system as a whole has inherent security vulnerabilities that need to be addressed to assure the safety of future seafaring. Digital Selective Calling Software Defined Radio Spoofing Cybersecurity Maritime Communication Systems Communication Systems Kommunikationssystem Signal Processing Signalbehandling Computer Systems Datorsystem Telecommunications Telekommunikation
359	Nulägesanalys om gymnasieelevers kunskap och förhållningssätt kring IT-säkerhet och hur lärare undervisar inom ämnet / Analysis of the current situation regarding high school students' knowledge and attitudes towards IT security, as well as how teachers are teaching the subject Karlsson, Andreas, Brifelt, Linus January 2023 (has links) Ungdomar börjar använda internet vid allt yngre åldrar: 99 % av ungdomar i åldersspannet 8 till 19 år använder internet på en daglig basis. Samtidigt som informationsflödet ökar så medför detta även bieffekter där ungdomar numera i allt större utsträckning sparar och laddar upp information om sig själva mer frekvent på internet. Samtidigt som användandet ökat privat har även många skolor i Sverige valt att nästan helt övergå från penna och papper till en mer digitaliserad utbildningsmetod. Detta har dock fört med sig vissa risker när det kommer till IT-säkerhet. Exempel på sådana risker kan vara obehörig åtkomst till data, dataintrång eller förlust av information på grund av tekniska fel eller bristfälliga säkerhetsåtgärder. Detta blev extra tydligt under covid-19-pandemin då utbildning övergick till distansundervisning samtidigt som cyberbrotten ökade i allmänhet, och mot utbildningssektorn i synnerhet. Denna studie har till syfte att undersöka kunskapsnivån och förhållningssätt hos tredjeårselever på gymnasieskolor runt om i Skaraborg inom området IT-säkerhet och samtidigt kartlägga behovet och intresset för utbildning inom ämnet. Studien har med hjälp av enkätundersökningar mot elever och semistrukturerade intervjuer med lärare kommit fram till att det finns ett tydligt behov av utbildning inom IT-säkerhet bland ungdomar på gymnasieskolorna i Skaraborg, samtidigt som lärarna menar på att ämnet ofta faller undan i klassrummet. Resultatet visar att både elever och lärare ser positivt på att inkludera ämnet i ordinarie gymnasieutbildning för att stärka kunskaper och medvetenhet om IT-säkerhetens betydelse. / Young people are starting to use the internet at increasingly younger ages, with 99 % of individuals aged 8 to 19 using the internet on a daily basis. As the flow of information increases, this also brings about side effects where young people are now more frequently saving and uploading personal information about themselves on the internet. Moreover, as schools in Sweden have chosen to almost completely transition from pen and paper to a more digitized form of education, the need for IT security skills among young people has become increasingly important. This became particularly evident during the covid-19 pandemic when education shifted to remote learning and cybercrimes saw a general increase, particularly attacks against the education sector. The purpose of this study was to examine the level of knowledge and attitudes among third[1]year students in high schools across Skaraborg regarding IT security and simultaneously assess the need and interest for education around this subject. Through surveys conducted among students and semi-structured interviews with teachers, the study concludes that there is a clear need for education in IT security among young people in high schools in Skaraborg, while teachers argue that the subject often takes a back seat in the classroom. The results show that both students and teachers view the inclusion of this subject in regular high school education positively to strengthen knowledge and awareness of the importance of IT security. IT security cybersecurity school students teachers education IT-säkerhet cybersäkerhet skola elever lärare utbildning Information Systems, Social aspects
360	Authentication challenges for people with neurodevelopmental disorders Chrzan, Patryk January 2023 (has links) We live in a world where we increasingly depend on information technology, as much of our work and education occurs online, often from home. An average user has an increasing amount of accounts for all kinds of online services, making authentication more and more important. As people authenticate several times a day, it is important that everyone is able to use online services and authenticate themselves, including minorities such as individuals with neurodevelopmental disorders. This thesis explores the challenges people with neurodevelopmental disorders have with authentication as well as authentication methods that can help them. This was achieved by doing a systematic literature review on collected bibliography with the help of thematic analysis. 18 studies were analyzed and helped us answer the research questions and give us an overview of the research field. The analysis showed that text-based authentication was a big issue for individuals with neurodevelopmental disorders, where passwords were often highlighted as the culprit. Alternative authentication methods were identified but showed us that there was no easy fix to the issue at hand, and that more had to be done to make authentication more accessible. / Vi lever i en värld där vi är alltmer beroende av informationsteknologi, eftersom mycket av vårt arbete och utbildning nu istället sker online, ofta även hemifrån. En genomsnittlig användare har ett ökande antal konton för alla sorters onlinetjänster, vilket gör autentisering allt viktigare. Då människor autentiserar flera gånger om dagen är det viktigt att alla kan använda onlinetjänster och auntentisera sig, inklusive minoriteter som individer med neuropsykiatriska funktionsnedsättningar. Detta examensarbete utforskar de utmaningar som personer medneuropsykiatriska funktionsnedsättningar har med autentisering samt autentiseringsmetoder som kan hjälpa dem. Detta uppnåddes genom att göra en systematisk litteraturöversikt med insamlad bibliografi med hjälp av tematisk analys. 18 studier analyserades och hjälpte oss att svara på forskningsfrågorna samt ge oss en överblick över forskningsfältet. Analysen visade att textbaserad autentisering var ett stort problem för individer med neuropsykiatriska funktionsnedsättningar, där lösenord ofta lyfts fram som boven. Alternativa autentiseringsmetoder som identifierades visade oss att det inte fanns någon enkel lösning på problemet och att mer behöver göras för att göra autentisering tillgänglig för alla. Authentication passwords neurodevelopmental disorders cybersecurity disabilities Autentisering lösenord datasäkerhet funktionshinder Information Systems, Social aspects

Search results