Global ETD Search

361	Authentication challenges for people with neurodevelopmental disorders Chrzan, Patryk January 2023 (has links) We live in a world where we increasingly depend on information technology, as much of our work and education occurs online, often from home. An average user has an increasing amount of accounts for all kinds of online services, making authentication more and more important. As people authenticate several times a day, it is important that everyone is able to use online services and authenticate themselves, including minorities such as individuals with neurodevelopmental disorders. This thesis explores the challenges people with neurodevelopmental disorders have with authentication as well as authentication methods that can help them. This was achieved by doing a systematic literature review on collected bibliography with the help of thematic analysis. 18 studies were analyzed and helped us answer the research questions and give us an overview of the research field. The analysis showed that text-based authentication was a big issue for individuals with neurodevelopmental disorders, where passwords were often highlighted as the culprit. Alternative authentication methods were identified but showed us that there was no easy fix to the issue at hand, and that more had to be done to make authentication more accessible. / Vi lever i en värld där vi är alltmer beroende av informationsteknologi, eftersom mycket av vårt arbete och utbildning nu istället sker online, ofta även hemifrån. En genomsnittlig användare har ett ökande antal konton för alla sorters onlinetjänster, vilket gör autentisering allt viktigare. Då människor autentiserar flera gånger om dagen är det viktigt att alla kan använda onlinetjänster och auntentisera sig, inklusive minoriteter som individer med neuropsykiatriska funktionsnedsättningar. Detta examensarbete utforskar de utmaningar som personer medneuropsykiatriska funktionsnedsättningar har med autentisering samt autentiseringsmetoder som kan hjälpa dem. Detta uppnåddes genom att göra en systematisk litteraturöversikt med insamlad bibliografi med hjälp av tematisk analys. 18 studier analyserades och hjälpte oss att svara på forskningsfrågorna samt ge oss en överblick över forskningsfältet. Analysen visade att textbaserad autentisering var ett stort problem för individer med neuropsykiatriska funktionsnedsättningar, där lösenord ofta lyfts fram som boven. Alternativa autentiseringsmetoder som identifierades visade oss att det inte fanns någon enkel lösning på problemet och att mer behöver göras för att göra autentisering tillgänglig för alla. Authentication passwords neurodevelopmental disorders cybersecurity disabilities Autentisering lösenord datasäkerhet funktionshinder Information Systems, Social aspects
362	Leveraging Personal Internet-of-Things Technology To Facilitate User Identification in Digital Forensics Investigations Shinelle Hutchinson (16642559) 07 August 2023 (has links) <p>Despite the many security and privacy concerns associated with Internet-of-Things (IoT) devices, we continue to be barraged by new IoT devices every day. These devices have infiltrated almost every aspect of our lives, from government and corporations to our homes, and now, on and within our person, in the form of smartphones and wearables. These personal IoT devices can collect some of the most intimate pieces of data about their user. For instance, a smartwatch can record its wearer's heart rate, skin temperature, physical activity, and even GPS location data. At the same time, a smartphone has access to almost every piece of information related to its user, including text messages, social media activity, web browser history, and application-specific data. Due to the quantity and quality of data these personal IoT devices record, these devices have become critical sources of evidence during forensic investigations. However, there are instances in which digital forensic investigators need to make doubly sure that the data obtained from these smart devices, in fact, belong to the alleged owner of the smart device and not someone else. To that end, this dissertation provides the first look at using personal IoT device handling as a user identification technique with machine learning models to aid forensic investigations. The results indicated that this technique is capable of significantly differentiating device owners with performance metrics of .9621, .9618, and .9753, for accuracy, F1, and AUC, respectively, when using a smartwatch with statistical time-domain features. When considering the smartphone performance, the performance was only marginally acceptable with accuracy, F1, and AUC values of .8577, .8560, and .8891, respectively. The results also indicate that female users handled their devices notably differently from male users. This study thus lays the foundation for performing user identification during a forensic investigation to determine whether the smart device owner did, in fact, use the device at the time of the incident.</p> Digital forensics Digital Forensics User Identification Machine learning Android Attribution Internet-of-Things (IoT) Wearables Smartphone
363	Cybersecurity Evaluation of an IP Camera Stroeven, Tova, Söderman, Felix January 2022 (has links) The prevalence of affordable internet-connected cameras has provided many with new possibilities, including keeping a watchful eye on property and family members from afar. In order to avoid serious breaches of privacy, it is necessary to consider whether these devices are secure. This project aims to evaluate the cybersecurity of one such device, an IP camera from Biltema. This was done by performing an extensive analysis of the camera, determining possible vulnerabilities, and performing penetration tests based on identified vulnerabilities. The tests included capturing and analyzing network traffic, attempting to crack the camera credentials, and attempting to disable the camera completely. The conclusions were that the camera should not be used for any security applications and is unsuitable to use in situations where one's privacy is important. / Det breda utbudet av prisvärda och kameror med internet uppkopling har medfört helt nya möjligheter. Idag är det till exempel möjligt att hålla koll på sina barn utan att vara i rummet, eller hålla ett öga på hemmet via mobilen. Det är dock nödvändigt att reflektera över om dessa enheter är säkra, för att undvika allvarliga integritetsintrång. Projekets syfte är att utvärdera cybersäkerheten hos en sådan enhet, en IP-kamera från Biltema. Utvärderingen bestod av en omfattande analys av kameran, identifikation av möjliga sårbarheter och utförande av ett antal penetrationstester baserat på de upptäckta sårbarheterna. Testerna omfattade en analys av nätverkstrafik, att försöka knäcka kamerans inloggningssuppgifter samt att försöka inaktivera kameran. Slutsatsen var att kameran inte bör användas inom säkerhetstillämpningar och att den är olämplig i situationer där integritet är viktigt. / Kandidatexjobb i elektroteknik 2022, KTH, Stockholm cybersecurity IP camera baby camera security camera penetration testing IoT Biltema privacy ethical hacking Elektroteknik och elektronik
364	Enhancing Cybersecurity of Unmanned Aircraft Systems in Urban Environments Kartik Anand Pant (16547862) 17 July 2023 (has links) <p>The use of lower airspace for air taxi and cargo applications opens up exciting prospects for futuristic Unmanned Aircraft Systems (UAS). However, ensuring the safety and security of these UAS within densely populated urban areas presents significant challenges. Most modern aircraft systems, whether unmanned or otherwise, rely on the Global Navigation Satellite System (GNSS) as a primary sensor for navigation. From satellite navigations point of view, the dense urban environment compromises positioning accuracy due to signal interference, multipath effects, etc. Furthermore, civilian GNSS receivers are susceptible to spoofing attacks since they lack encryption capabilities. Therefore, in this thesis, we focus on examining the safety and cybersecurity assurance of UAS in dense urban environments, from both theoretical and experimental perspectives. </p> <p>To facilitate the verification and validation of the UAS, the first part of the thesis focuses on the development of a realistic GNSS sensor emulation using a Gazebo plugin. This plugin is designed to replicate the complex behavior of the GNSS sensor in urban settings, such as multipath reflections, signal blockages, etc. By leveraging the 3D models of the urban environments and the ray-tracing algorithm, the plugin predicts the spatial and temporal patterns of GNSS signals in densely populated urban environments. The efficacy of the plugin is demonstrated for various scenarios including routing, path planning, and UAS cybersecurity. </p> <p>Subsequently, a robust state estimation algorithm for dynamical systems whose states can be represented by Lie Groups (e.g., rigid body motion) is presented. Lie groups provide powerful tools to analyze the complex behavior of non-linear dynamical systems by leveraging their geometrical properties. The algorithm is designed for time-varying uncertainties in both the state dynamics and the measurements using the log-linear property of the Lie groups. When unknown disturbances are present (such as GNSS spoofing, and multipath effects), the log-linearization of the non-linear estimation error dynamics results in a non-linear evolution of the linear error dynamics. The sufficient conditions under which this non-linear evolution of estimation error is bounded are derived, and Lyapunov stability theory is employed to design a robust filter in the presence of an unknown-but-bounded disturbance. </p> Avionics Flight dynamics Cybersecurity Mixed-reality. Lie Groups Robust State Estimation GNSS modeling Virtual Sensor Emulation 3D Modeling
365	IT security expert’s perceptions of cybersecurity when working remotely compared to working in the office : A quality study on Swedish insurance companies / IT-säkerhetsexperters uppfattningar om cybersäkerhet vid distansarbete jämfört med arbete på kontoret : En kvalitativ studie på svenska försäkringsbolag Kullander, Kristoffer, Cselenyi, Mathilda January 2024 (has links) Teleworking has become a significant aspect of working life, especially after the outbreak of the COVID-19 pandemic, which accelerated the trend of teleworking. However, this shift has increased the risk of cyber threats and security risks. Despite organizations' efforts to strengthen cybersecurity, a significant risk remains, with employees posing one of the main security risks in the form of human error and mistakes. Previous research highlights that employees tend to exhibit lower levels of cybersecurity awareness and are more likely to perform riskful actions when working remotely compared to working in the office. However, recent research has shown the opposite, where employees are more conscious of cybersecurity awareness and more likely to apply security-based precaution measures during remote work compared to office work. In light of these research findings, this study focuses on examining how IT-security experts perceive cybersecurity when working remotely compared to working in the office. To explore this, the study has, through qualitative mapping, conducted semi-structured interviews with a theoretical basis in Protection Motivation Theory (PMT). Overall, the study showed that IT- security experts perceive cybersecurity as more manageable when working in the office compared to remote work, with an increased awareness of the importance of the human factor. / Distansarbete har blivit en betydande aspekt av arbetslivet, särskilt efter utbrottet av Covid-19- pandemin, vilket accelererade trenden med distansarbete. Denna omställning har emellertid ökat risken för cyberhot och säkerhetsrisker. Trots organisationers insatser för att stärka cybersäkerheten kvarstår en betydande risk, då anställda utgör en av de främsta säkerhetsriskerna i form av mänskliga fel och misstag. Tidigare forskning framhäver att anställda ofta är mindre säkerhetsmedvetna och mer benägna att utföra riskfyllda handlingar när de arbetar på distans jämfört med arbete på kontoret. Däremot har senare forskning visat motsatsen, där anställda är mer säkerhetsmedvetna och mer benägna att vidta säkerhetsåtgärder under distansarbete jämfört med arbete på kontoret. Mot bakgrund till dessa forskningsresultat, fokuserar denna studie på att undersöka hur IT-säkerhetsexperter uppfattar cybersäkerhet vid distansarbete jämfört med arbete på kontoret. För att utforska detta har studien, genom kvalitativ kartläggning, genomfört semistrukturerade intervjuer med teoretisk grund i Protection Motivation Theory (PMT). Sammantaget visade studien på att IT-säkerhetsexperter uppfattar cybersäkerhet som mer hanterbar vid arbete på kontoret jämfört med distansarbete, med en ökad medvetenhet om den mänskliga faktorns betydelse. Cyber security cyber threats cybersecurity awareness remote work Protection Motivation Theory Cybersäkerhet cyberhot säkerhetsmedvetenhet distansarbete Protection Motivation Theory Information Systems
366	The Impact of AI on Banks' Risk Management Approach : A qualitative study on the effects of AI in the banking sector from a holistic perspective / Effekten av AI på Bankers Riskhantering : En kvalitativ studie om inverkan av AI på banksektorn från ett helhetsperspektiv Khailtash, Dariush, Lindqvist, Pontus January 2022 (has links) The banking sector is experiencing the rise of several new types of innovations and trends. For instance, increased use of Artificial Intelligence (AI) to streamline day-to-day activities. These trends are, e.g., influenced by an increased frequency of cyber attacks, the emergence of newly proposed regulations such as DORA and the AI Act, and the improving computational capabilities of AI-driven systems. The full impact these trends will have on the sector is yet to be realized. The sector is diverse and deeply integrated within society, meaning that it is critical to understand how actors mitigate the risks associated with the implementation of AI. This study analyzes how organizations can mitigate the risks involved with this implementation and how it affects the risk management process. To examine the implementation of AI in the banking sector, the study conducted semi-structured interviews with twelve respondents with expertise in AI, security, or the banking sector. The study used two theoretical frameworks to analyze the data. The first framework, the Dynamic Risk Management Framework, was used to analyze changes in the risk management process based on its unique position within society. The second framework, the Multi-Level Perspective, gave the study a holistic understanding of the impact of AI as a driver of a socio-technical shift. The results show that the implementation of AI leads to a set of new risks. These risks are primarily organizational and regulatory and will lead to a revision in how actors classify risks. The constant evolution of AI also means that products must be reviewed periodically, changing how actors view the risk management process. Additionally, the results identify a lack of knowledge regarding both AI and security within the sector. Consequently, the organization will have to change its structure to accommodate interactions between different competencies. To succeed in implementing AI, meet the regulatory demands and mitigate unintended bias when developing AI, the study concludes that these competencies must create a shared terminology to communicate efficiently. In conclusion, the study contributes to a growing field regarding business applications of AI by creating a holistic understanding of aspects impacting the risk management process in banking. The findings result in a series of recommended actions for organizations that aim to implement AI in their businesses. Further research is recommended to understand the long-term effects of these actions. Future in depth analyses could validate the results of this study and further investigate the development of AI as a business tool. / Banksektorn upplever en uppåtgående trend när det kommer till användandet av innovation. Ett exempel på detta är användningen av artificiell intelligens (AI) för att effektivisera bankens dagliga aktiviteter. Denna trend beror på flertalet olika faktorer, bland annat den ökade frekvensen av cyberattacker mot bankaktörer, de nya föreslagna förordningarna DORA och AI Act, och att AI-drivna systems kapacitet förbättras. Däremot har inte effekten av AI på sektorn ännu realiserats till fullo. Banksektorn har en unik position i samhället och dess aktörer har många olika utmaningar, vilket innebär att det är avgörande att förstå hur aktörerna hanterar de risker som uppstår i samband med implementeringen av AI. Denna studie analyserar hur organisationer kan minska riskerna med denna implementering och hur AI påverkar riskhanteringsprocessen. För att undersöka implementeringen har studien genomfört semistrukturerade intervjuer med tolv intervjuobjekt med expertis inom AI, säkerhet eller banksektorn. För att analysera den framtagna datan har studien använt två teoretiska ramverk. Det första ramverket, som kallas Dynamic Risk Management Framework, användes för att analysera förändringar i riskhanteringsprocessen med tanke på banksektorns unika position i samhället. Det andra ramverket, som kallas Multi-Level Perspective, undersökte AI som en drivkraft mot ett sociotekniskt skifte och gav därmed studien en helhetsbildav effekten av AI. Resultaten visar att implementeringen av AI leder till en rad nya risker. Dessa risker är i första hand organisatoriska och regulatoriska. Då dessa är relativt nya, måste organisationer se över hur de klassificerar risker. AI utvecklas kontinuerligt, vilket innebär att produkterna och deras effekt måste ses över regelbundet. Dessutom identifierar resultaten en brist på kunskap om både AI och säkerhet inom banksektorn. För att tillgodose nya kompetenser och underlätta interaktionerna mot existerande kompetenser kommer organisationer behöva struktureras om. Studien drar slutsatsen att en lyckad AI implementering, där de regulatoriska kraven möts och utveckling av AI är fri från oavsiktliga fördomar och diskriminering, kräver en rad förändringar. Organisationen måste kunna kommunicera effektivt, vilket kräver att alla pratar samma språk och använder samma terminologi. Sammanfattningsvis bidrar studien till ett växande akademiskt område gällande affärstillämpningar av AI genom att skapa en helhetsbild över vilka aspekter som påverkar riskhanteringsprocessen inom bankverksamhet. Denna summering har resulterat i en rad åtgärder verksamheter som strävar efter att implementera AI rekommenderas att ta. Framtida studier rekommenderas däremot att undersöka de långsiktiga effekterna av dessa åtgärder. Genom att utföra djupgående analyser kanframtida studier inte bara validera denna studies resultat, de kan också förbättra förståelsen för hur AI som ett affärsverktyg kan komma att utvecklas. AI The Bank Sector Multi-Level Perspective Risk Management Cybersecurity AI Banksektorn Multi-Level Perspective Riskhantering Cybersäkerhet Other Engineering and Technologies Annan teknik Economics and Business Ekonomi och näringsliv
367	HOW HACKERS THINK: A MIXED METHOD STUDY OF MENTAL MODELSAND COGNITIVE PATTERNS OF HIGH-TECH WIZARDS Summers, Timothy Corneal 03 June 2015 (has links) No description available. Cognitive Psychology Information Systems Organization Theory Organizational Behavior Sociology hackers cybersecurity expertise mental models cognitive framework cognition psychology sociology problem solving decision making patterning learning forward thinking
368	How Information and Communication Security Technologies Affect State Power Campbell, Joshua Michael 12 May 2016 (has links) No description available. Computer Science Information Technology Information Systems International Relations Political Science Cybersecurity ICT State Power Computer Security Computers and Politics
369	Navigating the Risks of Dark Data : An Investigation into Personal Safety Gautam, Anshu January 2023 (has links) With the exponential proliferation of data, there has been a surge in data generation fromdiverse sources, including social media platforms, websites, mobile devices, and sensors.However, not all data is readily visible or accessible to the public, leading to the emergence ofthe concept known as "dark data." This type of data can exist in structured or unstructuredformats and can be stored in various repositories, such as databases, log files, and backups.The reasons behind data being classified as "dark" can vary, encompassing factors such as limited awareness, insufficient resources or tools for data analysis, or a perception ofirrelevance to current business operations. This research employs a qualitative research methodology incorporating audio/videorecordings and personal interviews to gather data, aiming to gain insights into individuals'understanding of the risks associated with dark data and their behaviors concerning thesharing of personal information online. Through the thematic analysis of the collected data,patterns and trends in individuals' risk perceptions regarding dark data become evident. The findings of this study illuminate the multiple dimensions of individuals' risk perceptions andt heir influence on attitudes towards sharing personal information in online contexts. Theseinsights provide valuable understanding of the factors that shape individuals' decisionsconcerning data privacy and security in the digital era. By contributing to the existing body ofknowledge, this research offers a deeper comprehension of the interplay between dark datarisks, individuals' perceptions, and their behaviors pertaining to online information sharing.The implications of this study can inform the development of strategies and interventionsaimed at fostering informed decision-making and ensuring personal safety in an increasinglydata-centric world Dark data Hidden data Big data Unstructured data Missing data Privacy Cybersecurity Personal data Data storage Consumer protection Information Systems, Social aspects
370	Covert Cognizance: Embedded Intelligence for Industrial Systems Arvind Sundaram (13883201) 07 October 2022 (has links) <p>Can a critical industrial system, such as a nuclear reactor, be made self-aware and cognizant of its operational history? Can it alert authorities covertly to malicious intrusion without exposing its defense mechanisms? What if the intruders are highly knowledgeable adversaries, or even insiders that may have designed the system? This thesis addresses these research questions through a novel physical process defense called Covert Cognizance (C2). </p> <p>C2 serves as a last line of defense to industrial systems when existing information and operational technology defenses have been breached by advanced persistent threat (APT) actors or insiders. It is an active form of defense that may be embedded in an existing system to induce intelligence, i.e., self-awareness, and make various subsystems aware of each other. It interacts with the system at the process level and provides an additional layer of security to the process data therein without the need of a human in the loop. </p> <p>The C2 paradigm is founded on two core requirements – zero-impact and zero-observability. Departing from contemporary active defenses, zero-impact requires a successful implementationto leave no footprint on the system ensuring identical operation while zero-observability requires that the embedding is immune to pattern-discovery algorithms. In other words, a third-party such as a malicious intruder must be unable to detect the presence of the C2 defense based on observation of the process data, even when augmented by machine learning tools that are adept at pattern discovery. </p> <p>In the present work, nuclear reactor simulations are embedded with the C2 defense to induce awareness across subsystems and defend them against highly knowledgeable adversaries that have bypassed existing safeguards such as model-based defenses. Specifically, the subsystems are made aware of each other by embedding critical information from the process variables of one sub-module along the noise of the process variables of another, thus rendering the implementation covert and immune to pattern discovery. The implementation is validated using generative adversarial nets, representing a state-of-the-art machine learning tool, and statistical analysis of the reactor states, control inputs, outputs etc. The work is also extended to data masking applications via the deceptive infusion of data (DIOD) paradigm. Future work focuses on the development of automated C2 modules for “plug ‘n’ play” deployment onto critical infrastructure and/or their digital twins.</p> Covert Cognizance Operational Technology Cyber-physical Systems Cybersecurity Artificial Intelligence Embedded Systems

Search results