Global ETD Search

261	Performance Analysis of Security Protocols Donta, Praveen Kumar 01 January 2007 (has links) Security is critical to a wide range of applications and services. Numerous security mechanisms and protocols have been developed and are widely used with today’s Internet. These protocols, which provide secrecy, authentication, and integrity control, are essential to protecting electronic information. There are many types of security protocols and mechanisms, such as symmetric key algorithms, asymmetric key algorithms, message digests, digital certificates, and secure socket layer (SSL) communication. Symmetric and asymmetric key algorithms provide secrecy. Message digests are used for authentication. SSL communication provides a secure connection between two sockets. The purpose of this graduate project was to do performance analysis on various security protocols. These are performance comparisons of symmetric key algorithms DES (Data Encryption Standard), 3DES (Triple DES), AES (Advanced Encryption Standard), and RC4; of public-private key algorithms RSA and ElGamal; of digital certificates using message digests SHA1 (Secure Hash Algorithm) and MD5; and of SSL (Secure Sockets Layer) communication using security algorithms 3DES with SHA1 and RC4 with MD5. UNF University of North Florida School of Computing Computer security -- Evaluation Computer network protocols -- Evaluation Computer Sciences
262	Misbehaviors detection schemes in mobile ad hoc networks / Une approche décentralisée pour la détection de comportements malveillants dans les réseaux MANETs Rmayti, Mohammad 30 September 2016 (has links) Avec l’évolution des besoins d’utilisateurs, plusieurs technologies de réseaux sans fil ont été développées. Parmi ces technologies, nous trouvons les réseaux mobiles ad hoc (MANETs) qui ont été conçus pour assurer la communication dans le cas où le déploiement d’une infrastructure réseaux est coûteux ou inapproprié. Dans ces réseaux, le routage est une fonction primordiale où chaque entité mobile joue le rôle d’un routeur et participe activement dans le routage. Cependant, les protocoles de routage ad hoc tel qu’ils sont conçus manquent de contrôle de sécurité. Sur un chemin emprunté, un nœud malveillant peut violemment perturber le routage en bloquant le trafic. Dans cette thèse, nous proposons une solution de détection des nœuds malveillants dans un réseau MANET basée sur l’analyse comportementale à travers les filtres bayésiens et les chaînes de Markov. L’idée de notre solution est d’évaluer le comportement d’un nœud en fonction de ses échanges avec ses voisins d’une manière complètement décentralisée. Par ailleurs, un modèle stochastique est utilisé afin de prédire la nature de comportement d’un nœud et vérifier sa fiabilité avant d’emprunter un chemin. Notre solution a été validée via de nombreuses simulations sur le simulateur NS-2. Les résultats montrent que la solution proposée permet de détecter avec précision les nœuds malveillants et d’améliorer la qualité de services de réseaux MANETs / With the evolution of user requirements, many network technologies have been developed. Among these technologies, we find mobile ad hoc networks (MANETs) that were designed to ensure communication in situations where the deployment of a network infrastructure is expensive or inappropriate. In this type of networks, routing is an important function where each mobile entity acts as a router and actively participates in routing services. However, routing protocols are not designed with security in mind and often are very vulnerable to node misbehavior. A malicious node included in a route between communicating nodes may severely disrupt the routing services and block the network traffic. In this thesis, we propose a solution for detecting malicious nodes in MANETs through a behavior-based analysis and using Bayesian filters and Markov chains. The core idea of our solution is to evaluate the behavior of a node based on its interaction with its neighbors using a completely decentralized scheme. Moreover, a stochastic model is used to predict the nature of behavior of a node and verify its reliability prior to selecting a path. Our solution has been validated through extensive simulations using the NS-2 simulator. The results show that the proposed solution ensures an accurate detection of malicious nodes and improve the quality of routing services in MANETs Réseaux ad hoc (informatique) Attaques par déni de service Statistique bayésienne Processus stochastiques Ad hoc networks (computer networks) Denial of service attacks Computer networks -- Security measures Bayesian statistical decision theory Stochastic processes 005.8
263	Towards an information security awareness process for engineering SMEs in emerging economies Gundu, Tapiwa January 2013 (has links) With most employees in Engineering Small and Medium Enterprises (SME) now having access to their own personal workstations, the need for information security management to safeguard against loss/alteration or theft of the firms’ important information has increased. These Engineering SMEs tend to be more concerned with vulnerabilities from external threats, although industry research suggests that a substantial proportion of security incidents originate from insiders within the firm. Hence, technical preventative measures such as antivirus software and firewalls are proving to solve only part of the problem as the employees controlling them lack adequate information security knowledge. This tends to expose a firm to risk and costly mistakes made by naïve/uninformed employees. This dissertation presents an information security awareness process that seeks to cultivate positive security behaviours using a behavioural intention model based on the Theory of Reasoned Action, Protection Motivation Theory and the Behaviourism Theory. The process and model have been refined and verified using expert review and tested through action research at an Engineering SME in South Africa. The main finding was information security levels of employees within the firm were low, but the proposed information security awareness process increased their knowledge thereby positively altering their behaviour. Computer security -- South Africa Information technology -- South Africa Small business -- South Africa Engineering firms -- South Africa Information Security Awareness Information Security Behaviour Information Security Training
264	A study and implementation of an electronic commerce website using active server pages Boutkhil, Soumaya 01 January 2001 (has links) The purpose of this project is to design an electronic commerce site for MarocMart company. MarocMart.com is an one-stop shopping company for a number of high quality products: carpets, jewelry, pottery, wood, leather, metals, and fashion items, etc... Each article is unique, hand-made by Moroccan craftsmen. Web site development Client/server computing World Wide Web -- Economic aspects Distributors (Commerce) Handicraft -- Morocco -- Marketing Digital Communications and Networking Marketing
265	A secure lightweight currency service provider Hsiao, Chih-Wen, Turner, David, Ross, Keith 01 January 2004 (has links) The main purpose of this project is to build a bank system that offers a friendly and simple interface to let users easily manage their lightweight currencies. The Lightweight Currency Protocol (LCP) was originally proposed to solve the problem of fairness in resource cooperatives. However, there are other possible applications of the protocol, including the control of spam and as a general purpose medium of exchange for low value transactions. This project investigates the implementation issues of the LCP, and also investigates LCP bank services to provide human interface to currency operations. Peer-to-peer architecture Computer networks -- Security measures Application software -- Development Confidential communications -- Banking Internet banking Struts framework Java (Computer program language) SQL (Computer program language) Information Security
266	Three Essays on Information Security Risk Management Ogbanufe, Obiageli 05 1900 (has links) Today's environment is filled with the proliferation of cyber-attacks that result in losses for organizations and individuals. Hackers often use compromised websites to distribute malware, making it difficult for individuals to detect. The impact of clicking through a link on the Internet that is malware infected can result in consequences such as private information theft and identity theft. Hackers are also known to perpetrate cyber-attacks that result in organizational security breaches that adversely affect organizations' finances, reputation, and market value. Risk management approaches for minimizing and recovering from cyber-attack losses and preventing further cyber-attacks are gaining more importance. Many studies exist that have increased our understanding of how individuals and organizations are motivated to reduce or avoid the risks of security breaches and cyber-attacks using safeguard mechanisms. The safeguards are sometimes technical in nature, such as intrusion detection software and anti-virus software. Other times, the safeguards are procedural in nature such as security policy adherence and security awareness and training. Many of these safeguards fall under the risk mitigation and risk avoidance aspects of risk management, and do not address other aspects of risk management, such as risk transfer. Researchers have argued that technological approaches to security risks are rarely sufficient for providing an overall protection of information system assets. Moreover, others argue that an overall protection must include a risk transfer strategy. Hence, there is a need to understand the risk transfer approach for managing information security risks. Further, in order to effectively address the information security puzzle, there also needs to be an understanding of the nature of the perpetrators of the problem – the hackers. Though hacker incidents proliferate the news, there are few theory based hacker studies. Even though the very nature of their actions presents a difficulty in their accessibility to research, a glimpse of how hackers perpetrate attacks can be obtained through the examination of their knowledge sharing behavior. Gaining some understanding about hackers through their knowledge sharing behavior may help researchers fine-tune future information security research. The insights could also help practitioners design more effective defensive security strategies and risk management efforts aimed at protecting information systems. Hence, this dissertation is interested in understanding the hackers that perpetrate cyber-attacks on individuals and organizations through their knowledge sharing behavior. Then, of interest also is how individuals form their URL click-through intention in the face of proliferated cyber risks. Finally, we explore how and why organizations that are faced with the risk of security breaches, commit to cyberinsurance as a risk management strategy. Thus, the fundamental research question of this dissertation is: how do individuals and organizations manage information security risks? hackers security risk management malware cyberinsurance risk transfer knowledge sharing social network analysis Computer security -- Management. Data protection. Hackers.
267	Cybersecurity framework for cloud computing adoption in rural based tertiary institutions Patala, Najiyabanu Noormohmed 18 May 2019 (has links) MCom (Business Information Systems) / Department of Business Information Systems / Although technology is being progressively used in supporting student learning and enhancing business processes within tertiary institutions, certain aspects are hindering the decisions of cloud usage. Among many challenges of utilizing cloud computing, cybersecurity has become a primary concern for the adoption. The main aim of the study was to investigate the effect of cloud cyber-security usage at rural based tertiary institutions in order to compare the usage with an urban-based institution and propose a cybersecurity framework for adoption of cloud computing cybersecurity. The research questions focused on determining the drivers for cloud cybersecurity usage; the current adoption issues; how cybersecurity challenges, benefits, and quality affects cloud usage; the adoption perceptions and awareness of key stakeholders and identifying a cloud cybersecurity adoption framework. A quantitative approach was applied with data collected from a simple random sample of students, lecturers, admin and IT staff within the tertiary institutions through structured questionnaires. The results suggested compliance with legal law as a critical driver for cloud cybersecurity adoption. The study also found a lack of physical control of data and harmful activities executed on the internet as challenges hampering the adoption. Prevention of identity fraud and cheaper security costs were identified as benefits of adoption. Respondents found cloud cybersecurity to be accurate and effective, although most of the students and employees have not used it. However, respondents were aware of the value of cybersecurity adoption and perceive for it to be useful and convenient, hence have shown the intention of adopting it. There were no significant elements identified to differentiate the perceptions of usage at rural and urban-based tertiary institutions. The results of the study are to be used for clarifying the cybersecurity aspects of cloud computing and forecasting the suitability cloud cybersecurity within the tertiary institutions. Recommendations were made on how tertiary institutions and management can promote cloud cybersecurity adoption and how students, lecturers, and staff can effectively use cloud cybersecurity. / NRF Cloud computing adoption Cloud computing security Cloud cyber-security framework 005.57071168257 Computer networks -- Security measures. Security system
268	A framework for higher academic institutions in the republic of South Africa to mitigate network security threats and attacks. Mohapi, Matrinta Josephine 06 1900 (has links) M. Tech. (Department of Information and Communication Technology, Faculty of Applied and Computer Sciences), Vaal University of Technology. / The computer networks of higher academic institutions play a significant role in the academic lives of students and staff in terms of offering them an environment for teaching and learning. These institutions have introduced several educational benefits such as the use of digital libraries, cluster computing, and support for distance learning. As a result, the use of networking technologies has improved the ability of students to acquire knowledge, thereby providing a supportive environment for teaching and learning. However, academic networks are constantly being attacked by viruses, worms, and the intent of malicious users to compromise perceived secured systems. Network security threats and cyber-attacks are significant challenges faced by higher academic institutions that may cause a negative impact on systems and Information and Communications Technology (ICT) resources. For example, the infiltration of viruses and worms into academic networks can destroy or corrupt data and by causing excessive network traffic, massive delays may be experienced. This weakens the ability of the institution to function properly, and results in prolonged downtime and the unavailability of Information Technology (IT) services. This research determines challenges faced by higher academic institutions, identifies the type of security measures used at higher academic institutions, and how network security could be addressed and improved to protect against network security threats and attacks. Two research approaches were adopted, namely a survey and an experiment. Survey questionnaires were distributed to IT technical staff at higher academic institutions in Gauteng province to determine the challenges they face in terms of securing their networks. It is crucial that network security takes on a prominent role when managing higher academic institutions‘ networks. The results of the study reveal several challenges such as budget constraints, inadequate security measures, lack of enforcing network security policies, and lack of penetration testing on systems and the network. The results also reveal that the implementation of security measures can and does address network security threats and attacks. It is therefore extremely important for higher academic institutions to implement proper security measures to help mitigate network security threats and attacks. The framework proposed is based on the results from the research study to help mitigate network security threats and attacks at higher academic institutions. Academic networks Cyber-attacks Higher academic institutions Network Network security attacks Network security threats Vulnerabilities Dissertations, Academic -- South Africa Computer networks -- Security measures Computer security Cyberspace -- Security measures Computer crimes -- Prevention
269	A validated information privacy governance questionnaire to measure the perception of how effective privacy is governed in a financial institution in the South African context Swartz, Paulus 04 1900 (has links) The general aim of this research is to develop a conceptual privacy governance framework (CPGF) that can be used to develop a valid and reliable information privacy governance questionnaire (IPGQ) to assess the perception of employees of how effective the organisation governs privacy. The CPGF was developed to incorporate a comprehensive set of privacy components that could assist management in governing privacy across an organisation. IPGQ statements were derived from the theory of the sub-components of CPGF, evaluated by an expert panel and pre-tested by a pilot group. A quantitative mono method research was followed using a survey questionnaire to collect data in a financial institution in South Africa. Exploratory Factor Analysis (EFA) was used to determine the underlying factorial structure and the Cronbach Alpha was used to establish the internal reliability of the factors. From the initial item reduction of the constructs, four factors were derived to test the privacy perception of employees. The IPGQ consisted of 49 valid and reliable questions. One-way Analysis of Variance (ANOVA) was used, and three significant differences were discovered among the demographical groups for the age groups and two for the employment status groups (organisational commitment and privacy controls). The CPGF and IPGQ can aid organisations to determine if organisations are effectively governing the privacy in the organisations in order to assist them in meeting the accountability condition of the Protection of Personal Information Act (POPIA). / Computing / M. Sc. (Information Systems) 005.8 Computer networks -- Security measures Privacy, Right of -- South Africa Data protection -- South Africa
270	Design and evaluation of a secure, privacy-preserving and cancelable biometric authentication : Bio-Capsule Sui, Yan 04 September 2014 (has links) Indiana University-Purdue University Indianapolis (IUPUI) / A large portion of system breaches are caused by authentication failure either during the system login process or even in the post-authentication session, which is further related to the limitations associated with existing authentication approaches. Current authentication methods, whether proxy based or biometrics based, are hardly user-centric; and they either put burdens on users or endanger users' (biometric) security and privacy. In this research, we propose a biometrics based user-centric authentication approach. The main idea is to introduce a reference subject (RS) (for each system), securely fuse the user's biometrics with the RS, generate a BioCapsule (BC) (from the fused biometrics), and employ BCs for authentication. Such an approach is user-friendly, identity-bearing yet privacy-preserving, resilient, and revocable once a BC is compromised. It also supports "one-click sign on" across multiple systems by fusing the user's biometrics with a distinct RS on each system. Moreover, active and non-intrusive authentication can be automatically performed during the user's post-authentication on-line session. In this research, we also formally prove that the proposed secure fusion based BC approach is secure against various attacks and compare the new approach with existing biometrics based approaches. Extensive experiments show that the performance (i.e., authentication accuracy) of the new BC approach is comparable to existing typical biometric authentication approaches, and the new BC approach also possesses other desirable features such as diversity and revocability. Authentication Biometric security Authentication -- Research -- Analysis Computer networks -- Security measures Computer security -- Management Data protection Biometric identification -- Research Security systems Computers -- Access control Pattern recognition systems Operating systems (Computers)

Search results