Spelling suggestions: "subject:"computer networks -- access control"" "subject:"computer networks -- cccess control""
11 |
MiniCA: A web-based certificate authorityMacdonell, James Patrick 01 January 2007 (has links)
The MiniCA project is proposed and developed to address growing demand for inexpensive access to security features such as privacy, strong authentication, and digital signatures. These features are integral to public-key encryption technologies. The audience for whom the software project is intended includes, technical staff requiring certificates for use in SSL applications (i.e. a secure web-site) at California State University, San Bernardino.
|
12 |
Web services cryptographic patternsUnknown Date (has links)
Data security has been identified as one of the most important concerns where sensitive messages are exchanged over the network. In web service architecture, multiple distributed applications communicate with each other over the network by sending XML messages. How can we protect these sensitive messages? Some web services standards have emerged to tackle this problem. The XML Encryption standard defines the process of encrypting and decrypting all of an XML message, part of an XML message, or even an external resource. Like XML Encryption, the XML Signature standard specifies how to digitally sign an entire XML message, part of an XML message, or an external object. WS-Security defines how to embed security tokens, XML encryption, and XML signature into XML documents. It does not define new security mechanisms, but leverages existing security technologies such as encryption and digital signature. / by Keiko Hashizume. / Thesis (M.S.)--Florida Atlantic University, 2009. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2009. Mode of access: World Wide Web.
|
13 |
Network-layer reservation TDM for ad-hoc 802.11 networksDuff, Kevin Craig January 2008 (has links)
Ad-Hoc mesh networks offer great promise. Low-cost ad-hoc mesh networks can be built using popular IEEE 802.11 equipment, but such networks are unable to guarantee each node a fair share of bandwidth. Furthermore, hidden node problems cause collisions which can cripple the throughput of a network. This research proposes a novel mechanism which is able to overcome hidden node problems and provide fair bandwidth sharing among nodes on ad-hoc 802.11 networks, and can be implemented on existing network devices. The scheme uses TDM (time division multiplexing) with slot reservation. A distributed beacon packet latency measurement mechanism is used to achieve node synchronisation. The distributed nature of the mechanism makes it applicable to ad-hoc 802.11 networks, which can either grow or fragment dynamically.
|
14 |
The effect of awareness at the medium access control layer of vehicular ad-hoc networksBooysen, Marthinus J. 12 1900 (has links)
Thesis (PhD)-- Stellenbosch University, 2013. / ENGLISH ABSTRACT: The hidden terminal problem, coupled with high node mobility apparent in vehicular
networks, present challenges to e cient communication between vehicles at the Medium
Access Control (MAC) layer. Both of these challenges are fundamentally problems of lack
of awareness, and manifest most prominently in the broadcasting of safety messages in
infrastructure-free vehicle-to-vehicle communications.
The design of existing contention-free and contention-based MAC approaches generally
assumes that nodes that are in range of one another can take steps to coordinate
communications at the MAC layer to overcome the hidden terminal problem and node
mobility. Unicasting with the existing MAC standard, IEEE 802.11p, implicitly assumes
an awareness range of twice the transmission range (a 1-hop awareness range) at most,
since handshaking is used. For broadcasting, the assumption implies an awareness range
that is at most equal to the transmission range, since only carrier sensing is used. Existing
alternative contention-free approaches make the same assumption, with some protocols
explicitly using a 1-hop awareness range to avoid packet collisions. This dissertation challenges
the convention of assuming that a 1-hop awareness range is su cient for networks
with high mobility, such as VANETs.
In this dissertation, the impact of awareness range and management of the awareness
information on MAC performance is researched. The impact of the number of slots that
is required to support the awareness range is also evaluated.
Three contention-free MAC protocols are introduced to support the research. The
rst is an improved version of an existing MAC method, which is used to demonstrate the
e ects on performance of changes to awareness management. The second MAC uses three
competing processes to manage awareness information. The second MAC is designed for
a con gurable awareness range and con gurable number of slots, and is used to evaluate
the e ects of awareness range and number of slots on MAC performance. The third MAC
is random access based and is used to evaluate the impact on performance of removing
awareness completely. An analytical model is developed to support the simulated results.
The simulation results demonstrate that awareness range, awareness information management,
and number of slots used are key design parameters that signi cantly impact
on MAC performance. The results further show that optimal awareness-related design
parameters exist for given scenarios.
Finally, the proposed contention-free and random access MAC methods are simulated
and performance compared with IEEE 802.11p. All three outperform the contentionbased
standard IEEE 802.11p. / AFRIKAANSE OPSOMMING: Die versteekte-nodus-probleem, gekoppel met die hoë vlakke van nodusbeweging teenwoordig
in voertuignetwerke, bied uitdagings vir doeltre ende kommunikasie tussen voertuie
in die medium-toegangbeheer- (MAC) vlak. Beide van hierdie probleme spruit uit
beperkte bewustheid, en manifesteer veral in die uitsaai van veiligheidsboodskappe in
infrastruktuurvrye voertuig-na-voertuig-kommunikasie.
Die ontwerp van bestaande wedywerende en nie-wedywerende MAC benaderings neem
aan dat nodusse wat binne bereik van mekaar is, stappe kan neem om kommunikasie op
die MAC-vlak te koördineer, ten einde probleme met versteekte nodusse en mobiliteit te
oorkom. Vir punt-tot-puntkommunikasie met IEEE 802.11p, impliseer dié aanname 'n bewustheidstrekking
van hoogstens twee keer die radiobereik (1-hop bewustheidstrekking),
aangesien bladskud gebruik word. In die geval van uitsaai, impliseer die aanname 'n bewustheidstrekking
hoogstens gelyk is aan die radiobereik, aangesien slegs draeropsporing
gebruik word. Nie-wedywerende metodes maak dieselfde aanname, met sommiges wat
eksplisiet 1-hop-bewustheidstrekking gebruik om pakkieverliese te voorkom. Hierdie verhandeling
wys dat hierdie aanname nie geld vir netwerke met hoë mobiliteit nie, soos wat
die geval is vir VANET.
In hierdie verhandeling word die impak van bewustheidstrekking en bestuur van die
bewustheidsinligting in die MAC-vlak ondersoek. Die impak van die aantal tydgleuwe
wat nodig is om die bewustheidstrekking te ondersteun word ook ondersoek.
Drie nie-wedywerende metodes word bekendgestel om die navorsing te ondersteun.
Die eerste is 'n verbeterde weergawe van 'n bestaande MAC, wat gebruik word om die
e ekte van bewustheidsbestuur op MAC-werkverrigting te beoordeel. Die tweede MAC is
ontwerp om veranderbare bewustheidstrekking en hoeveelheid tydgleuwe te ondersteun,
en word gebruik om die e ekte van bewustheidstrekking en hoeveelheid tydgleuwe op
MAC werkverrigting aan te beoordeel. Die derde MAC is ewetoeganklik (onbewus van
omliggende nodusse) en word gebruik om die impak van die verwydering van bewustheid
op werkverrigting te ondersoek. 'n Analitiese model is ontwikkel om die simulasieresultate
te ondersteun.
Die simulasieresultate dui aan dat bewustheidstrekking, bestuur van bewustheidsinligting,
en hoeveelheid tydsgleuwe sleutel-ontwerpsveranderlikes is wat 'n beduidende impak
het op MAC werkverrigting. Die resultate wys verder dat optimale ontwerpsveranderlikes,
in terme van bewustheid, bestaan vir gegewe scenario's.
Laastens, word die nie-wedywerende en ewetoeganklike MAC-metodes wat gesimuleer
word se werkverrigting vergelyk met IEEE 802.11p. Al drie MAC metodes vaar beter as
die wedywerende standaard, IEEE 802.11p.
|
15 |
A performance comparison of mobile ad-hoc networks reactive routing protocols under black-hole attackMejaele, Lineo Florina 12 1900 (has links)
Mobile Ad-hoc Network (MANET) is a group of mobile devices that can form a network, interconnect and share resources without the use of any fixed network infrastructure or centralised management. MANET is exposed to security attacks because of its fundamental characteristics such as open medium, dynamic topology and lack of central monitoring. The black hole attack is one example of the attacks
MANET is exposed to. In black hole attack, a malicious node misleadingly claims to have an updated route to the destination node, absorbs and drops the packets that are supposed to be forwarded to the destination node. The common MANET reactive routing protocols are Ad-hoc on-demand Distance Vector (AODV) and Dynamic Source Routing (DSR). These protocols are easily attacked by the black hole during the route discovery process. This research therefore studies black hole attack in detail and assesses the performance of AODV
and DSR under black hole attack. The work is achieved by simulating the two protocols under regular operation and under black hole attack using Network Simulator 2 (NS-2). The protocols are analysed using packet delivery ratio, throughput and end-to-end delay as performance metrics. The research further compares the black hole attack solutions that have been previously proposed and determines the solution that performs better than others. The simulation results show that MANET under normal operating environment out performs MANET attacked by black hole, and that AODV is more vulnerable to black hole attack than DSR. The comparison study of the existing black hole attack solutions show that SAODV is the best effective black hole attack removal technique. But when considering the solution that brings no negative impact to the normal operation of the network, IDSAODV is the best solution. / Computing / M. Sc. (Computer Science)
|
16 |
Direct Online/Offline Digital Signature Schemes.Yu, Ping 12 1900 (has links)
Online/offline signature schemes are useful in many situations, and two such scenarios are considered in this dissertation: bursty server authentication and embedded device authentication. In this dissertation, new techniques for online/offline signing are introduced, those are applied in a variety of ways for creating online/offline signature schemes, and five different online/offline signature schemes that are proved secure under a variety of models and assumptions are proposed. Two of the proposed five schemes have the best offline or best online performance of any currently known technique, and are particularly well-suited for the scenarios that are considered in this dissertation. To determine if the proposed schemes provide the expected practical improvements, a series of experiments were conducted comparing the proposed schemes with each other and with other state-of-the-art schemes in this area, both on a desktop class computer, and under AVR Studio, a simulation platform for an 8-bit processor that is popular for embedded systems. Under AVR Studio, the proposed SGE scheme using a typical key size for the embedded device authentication scenario, can complete the offline phase in about 24 seconds and then produce a signature (the online phase) in 15 milliseconds, which is the best offline performance of any known signature scheme that has been proven secure in the standard model. In the tests on a desktop class computer, the proposed SGS scheme, which has the best online performance and is designed for the bursty server authentication scenario, generated 469,109 signatures per second, and the Schnorr scheme (the next best scheme in terms of online performance) generated only 223,548 signatures. The experimental results demonstrate that the SGE and SGS schemes are the most efficient techniques for embedded device authentication and bursty server authentication, respectively.
|
17 |
A Privacy-Preserving, Context-Aware, Insider Threat prevention and prediction model (PPCAITPP)Tekle, Solomon Mekonnen 07 1900 (has links)
The insider threat problem is extremely challenging to address, as it is committed by insiders who are
trusted and authorized to access the information resources of the organization. The problem is further
complicated by the multifaceted nature of insiders, as human beings have various motivations and
fluctuating behaviours. Additionally, typical monitoring systems may violate the privacy of insiders.
Consequently, there is a need to consider a comprehensive approach to mitigate insider threats. This
research presents a novel insider threat prevention and prediction model, combining several approaches,
techniques and tools from the fields of computer science and criminology. The model is a Privacy-
Preserving, Context-Aware, Insider Threat Prevention and Prediction model (PPCAITPP). The model is
predicated on the Fraud Diamond (a theory from Criminology) which assumes there must be four elements
present in order for a criminal to commit maleficence. The basic elements are pressure (i.e. motive),
opportunity, ability (i.e. capability) and rationalization. According to the Fraud Diamond, malicious
employees need to have a motive, opportunity and the capability to commit fraud. Additionally, criminals
tend to rationalize their malicious actions in order for them to ease their cognitive dissonance towards
maleficence. In order to mitigate the insider threat comprehensively, there is a need to consider all the
elements of the Fraud Diamond because insider threat crime is also related to elements of the Fraud
Diamond similar to crimes committed within the physical landscape.
The model intends to act within context, which implies that when the model offers predictions about threats,
it also reacts to prevent the threat from becoming a future threat instantaneously. To collect information
about insiders for the purposes of prediction, there is a need to collect current information, as the motives
and behaviours of humans are transient. Context-aware systems are used in the model to collect current
information about insiders related to motive and ability as well as to determine whether insiders exploit any
opportunity to commit a crime (i.e. entrapment). Furthermore, they are used to neutralize any
rationalizations the insider may have via neutralization mitigation, thus preventing the insider from
committing a future crime. However, the model collects private information and involves entrapment that
will be deemed unethical. A model that does not preserve the privacy of insiders may cause them to feel
they are not trusted, which in turn may affect their productivity in the workplace negatively. Hence, this
thesis argues that an insider prediction model must be privacy-preserving in order to prevent further
cybercrime. The model is not intended to be punitive but rather a strategy to prevent current insiders from
being tempted to commit a crime in future.
The model involves four major components: context awareness, opportunity facilitation, neutralization
mitigation and privacy preservation. The model implements a context analyser to collect information related
to an insider who may be motivated to commit a crime and his or her ability to implement an attack plan.
The context analyser only collects meta-data such as search behaviour, file access, logins, use of keystrokes
and linguistic features, excluding the content to preserve the privacy of insiders. The model also employs
keystroke and linguistic features based on typing patterns to collect information about any change in an
insider’s emotional and stress levels. This is indirectly related to the motivation to commit a cybercrime.
Research demonstrates that most of the insiders who have committed a crime have experienced a negative
emotion/pressure resulting from dissatisfaction with employment measures such as terminations, transfers
without their consent or denial of a wage increase. However, there may also be personal problems such as a
divorce. The typing pattern analyser and other resource usage behaviours aid in identifying an insider who
may be motivated to commit a cybercrime based on his or her stress levels and emotions as well as the
change in resource usage behaviour. The model does not identify the motive itself, but rather identifies those
individuals who may be motivated to commit a crime by reviewing their computer-based actions. The model
also assesses the capability of insiders to commit a planned attack based on their usage of computer
applications and measuring their sophistication in terms of the range of knowledge, depth of knowledge and
skill as well as assessing the number of systems errors and warnings generated while using the applications.
The model will facilitate an opportunity to commit a crime by using honeypots to determine whether a
motivated and capable insider will exploit any opportunity in the organization involving a criminal act.
Based on the insider’s reaction to the opportunity presented via a honeypot, the model will deploy an
implementation strategy based on neutralization mitigation. Neutralization mitigation is the process of
nullifying the rationalizations that the insider may have had for committing the crime. All information about
insiders will be anonymized to remove any identifiers for the purpose of preserving the privacy of insiders.
The model also intends to identify any new behaviour that may result during the course of implementation.
This research contributes to existing scientific knowledge in the insider threat domain and can be used as a
point of departure for future researchers in the area. Organizations could use the model as a framework to
design and develop a comprehensive security solution for insider threat problems. The model concept can
also be integrated into existing information security systems that address the insider threat problem / Information Science / D. Phil. (Information Systems)
|
Page generated in 0.084 seconds