Global ETD Search

211	Beatrix: a model for multi-modal and fine-grained authentication for online banking Blauw, Frans Frederik 26 June 2015 (has links) M.Sc. (Information Technology) / Please refer to full text to view abstract Internet banking - Security measures Banks and banking - Security measures Biometric identification Multiagent systems Data encryption (Computer Science)
212	Mutual authentication in electronic commerce transactions. Kisimov, Martin Valentinov 02 June 2008 (has links) Electronic commerce is a large and ever growing industry. Online transactions are returning ever-growing revenues to electronic merchants. The e-commerce industry is still facing a range of problems concerning the process of completion of online transactions. Such problems are connected to consumer fears dealing with the identity of online merchants, their security pre- cautions and methods for accepting online payments. This thesis develops and presents a Mutual Authentication Model (MAM), which addresses the problem of mutual authentication between online shoppers and merchants. The model combines existing technologies in the eld of cryp- tography, as well as the use of digital signatures and certi cates. This is done in a speci c manner as for the model to achieve mutual authentication between communicating parties, in an online transactions. The Mutual Authentication Model provides a process through which an online shopper can be quickly and transparently equipped with a digital identi cation, in the form of a digital certi cate of high trust, in order for this shopper to participate in an authen- ticated transaction within the MAM. A few of the advantages of the developed model include the prospect of decreased online credit fraud, as well as an increased rate of completed online transactions. / Prof. S.H. von Solms Data Encryption (computer science) computer network security computer access control electronic commerce security
213	Internet of things security : towards a robust interaction of systems of systems / Sécurité d’internet des objets : vers une interaction robuste des systèmes de systèmes Touati, Lyes 21 November 2016 (has links) Cette thèse traite des problèmes et des défis de sécurité dans l’Internet des Objets (IdO). L’évolution de l’Internet classique vers l’Internet des Objets crée de nombreux challenges dans la manière de sécuriser les communications et soulève des problèmes liés au contraintes de l’internet des objets à savoir : objets à faibles ressources d’énergie et de calculs, hétérogénéité nuisant à l’interopérabilité des objets, taille du réseau de plus en plus grande, ... etc. En effet, Internet s’est développé d’un réseau d’ordinateurs personnels et de serveurs vers un immense réseau connectant des milliards d’objets intelligents communicants. Ces objets seront intégrés dans des systèmes complexes et utiliseront des capteurs et actionneurs pour observer et interagir avec leur environnement physique. Les exigences des interactions entre objets communicants en termes de sécurité dépendent du contexte qui évolue dans l’espace et le temps. Par conséquent, la définition de la politique de sécurité doit être adaptative et sensible au contexte. Un des problèmes auxquels nous nous sommes intéressés est le contrôle d’accès efficace à base de cryptographie d’attributs : « Attributes Based Encryption (ABE) ». Les schémas ABE (CP-ABE et KP-ABE) présentent plusieurs atouts pour l’implémentation d’un contrôle d’accès cryptographique. Par contre, ces schémas posent des défis opérationnels à cause de leurs complexités et leur surcoût élevé en termes de temps d’exécution et consommation énergétique. Pour pallier cet inconvénient, nous avons exploité l’hétérogénéité d’environnement Internet des Objets pour proposer des versions collaboratives et distribuées de ces schémas de contrôle d’accès cryptographique. Nos solutions réduisent considérablement le coût en termes d’énergie nécessaire à l’exécution. Le deuxième inconvénient des schémas ABE est l’inexistence de mécanismes efficaces de gestion de clés. Nous avons proposé des solutions pour le problème de révocation d’attributs dans le schéma CP-ABE, Ces solutions, en plus de leur efficacité, répondent à des exigences de sécurité différentes selon le cas d’applications. Nous avons proposé également, une solution à base de CP-ABE pour le problème du « grouping proof ». Le « grouping proof » consiste à fournir une preuve sur la coexistence, dans le temps et l’espace, d’un ensemble d’objets. Parmi les applications de notre solution, on peut citer le payement NFC et la sécurisation de l’accès aux locaux sensibles. / In this thesis, we deal with security challenges in the Internet of Things. The evolution of the Internet toward an Internet of Things created new challenges relating to the way to secure communications given the new constraints of IoT, namely: resource constrained objects, heterogeneity of network components, the huge size of the network, etc. Indeed, the Internet evolved from a network of computers and servers toward a huge network connecting billions of smart communicating objects. These objects will be integrated into complex systems and use sensors and actuators to observe and interact with their physical environment. The security requirements of the interactions between smart objects depend on the context which evolves in time and space. Consequently, the definition of the security policies should be adaptive and context-aware. In this thesis, we were interested in the problem of access control in IoT relying on Attribute based Encryption (ABE). Indeed, ABE schemes present many advantages in implementing a cryptographic fine-grained access control. However, these schemes raise many implementation challenges because of their complexity and high computation and energy overheads. To overcome this challenge, we leveraged the heterogeneity of IoT to develop collaborative and distributed versions of ABE schemes. Our solutions reduce remarkably the overhead in terms of energy consumption and computation. The second limitation of ABE schemes is the absence of efficient attribute/key revocation techniques. We have proposed batch based mechanisms for attribute/key revocation in CP-ABE. We demonstrated the efficiency of the proposed solutions through simulations. Finally, we have proposed a CP-ABE based solution for the problem of grouping proof. This problem consists of providing the proof that a set of objects are present simultaneously (same time and same location). The propose solution has many applications such as enforcing the security of NFC based payments and the access to sensitive locations. Gestion de clés Contrôle d'accès cryptographique Internet of things Cryptography Data protection Data encryption
214	Securing host and application information in the TCP/IP protocol suite Boshoff, Paul Marthinus 14 August 2012 (has links) M.Sc. / Using the Internet for communication purposes constitutes a high risk, considering the security of such information. The protocol suite used on the Internet is the TCP/IP protocol suite, which consists of the Transmission Control Protocol (TCP) and the Internet Protocol (IP). In a bid to create a basis to support the newly conceptualised ideas, various areas of networking are briefly discussed in this dissertation. The first in this series of areas is that of the OSI layers. This model forms the basis of all networking concepts. The model describes seven layers, of which each performs a certain networking function. The TCP/IP protocol suite fits into this model. Network security and encryption methods are applied and followed to secure information on the Internet. These methods have been used over a long period of time and will also be used to support the newly conceptualised ideas. The main focus of this dissertation falls on the securing of certain parts of the information contained in the headers of both the Transmission Control Protocol (TCP) and the Internet Protocol (IP) in a bid to minimise the amount of data that may be inferred about the communicating parties from these headers. In addition, where multiple routes exist between hosts, the possibility of the deliberate distribution of a single message across these routes is examined. Such distribution will further complicate the task of a hacker attempting to gather information from TCP and IP headers. In addition, such distribution will minimise the possibility that a hacker may assemble a complete message from its constituent parts and that he/she may infer information about the message that cannot be inferred from the isolated parts. The length of a message sent between hosts is one simple example of such information. TCP/IP (Computer network protocol) Computer networks Computer networks -- Security measures Data encryption (Computer science)
215	A control framework for the assessment of information security culture Okere, Irene Onyekachi January 2013 (has links) The modern organisation relies heavily on information to function effectively. With such reliance on information, it is vital that information be protected from both internal (employees) and external threats. The protection of information or information security to a large extent depends on the behaviour of humans (employees) in the organisation. The behaviour of employees is one of the top information security issues facing organisations as the human factor is regarded as the weakest link in the security chain. To address this human factor many researchers have suggested the fostering of a culture of information security so that information security becomes second nature to employees. Information security culture as defined for this research study exists in four levels namely artefacts, espoused values, shared tacit assumptions and information security knowledge. An important step in the fostering of an information security culture is the assessment of the current state of such a culture. Gaps in current approaches for assessing information security culture were identified and this research study proposes the use of a control framework to address the identified gaps. This research study focuses on the assessment of information security culture and addresses 5 research objectives namely 1) to describe information security culture in the field of information security, 2) to determine ways to foster information security culture in an organisation, 3) to demonstrate the gap in current approaches used to assess information security culture, 4) to determine the components that could be used for the assessment of information security culture for each of the culture’s underlying levels and 5) to describe a process for the assessment of information security culture for all four levels. This research study follows a qualitative approach utilising a design science strategy and multi-method qualitative data collection techniques including literature review, qualitative content analysis, argumentation, and modelling techniques. The research methods provide a means for the interpretation of the data and the development of the proposed control framework. Data encryption (Computer science) Computer security
216	E-handelsplattform med efterlevnad av GDPR som utgångspunkt : Utveckling av en labbportal med pseudonymisering och kryptering-tillämpningar Tran, Kenny January 2022 (has links) Företaget Provsvaret vill utveckla en labbportal avsedd för företagskunder. Företaget kommer att arbeta med ett externt labb för att starta självtest som en tjänst. Detta innebär att regler och begränsningar måste beaktas vid behandling av personuppgifter. Under 2018 trädde GDPR i kraft för att stärka skyddet kring datasekretess. Detta skapade ytterligare arbete för e-handelsplattformar som behöver vidta tekniska säkerhetsåtgärder. GDPR har även definierat nya rättigheter för användarna såsom rätt till information, rätt till tillgång och rätt till radering. Denna studie riktar sig mot att undersöka de rättigheter och säkerhetsåtgärder som har angetts av GDPR. Målet kommer vara att konstruera en e-handelsplattform med efterlevnad av GDPR som utgångspunkt. Under projektets gång så har man utfört en analys där man har jämfört olika psuedonymiseringsarkitekturer och har baserat på den analysen kunnat tillämpa pseudonymisering inom labbportalen. Under implementerprocessen var det nödvändigt att ta användning av en molnleverantör för att tillhandahålla krypteringsnycklar. Efter en noggrann jämförelse har man valt att gå vidare med Google Cloud Platform (GCP) pågrund av att GCP var kost effektivt och var mer användarvänlig mot småföretag som Provsvaret. Användbarhetstesteterna har även utförts i syfte av att undersöka i vilken mån av efterlevnad som plattformen hade i förhållande till GDPR rättigheter. Som slutsats så kan man konstatera att labbportalen hade en bra efterlevnad av GDPR däremot så fanns det vissa aspekter som behövde förbättras. Information och villkoren på plattformen kan visas på ett tydligare sätt samt så kan man även förbättra på hur man hantera invändningar och radering av konto. Implementeringen av BankID har genomgått väl och i slutendan så har labbportalen de funktionalitet som eftersöktes. / The company Provsvaret is looking to develop a lab portal intended for corporate customers. The company will be working with an external lab to bootstrap self-test as a service. This entails that regulations and restrictions must be taken into account when processing personal data. In 2018, the GDPR came into force to strengthen the protection of data privacy. This created additional work for e-commerce platforms that need to implement technical security measures. GDPR has also defined new rights for users such as the right to information, the right to access and the right to erasure. This study aims to examine the rights and security measures designated by the GDPR. The goal will be to construct an e-commerce platform based on compliance with the GDPR. During the project, an analysis has been performed where different pseudonymisation architectures have been compared and based on that analysis, been able to apply pseudonymisation within the lab portal. During the implementation process, it was necessary to use a cloud provider to provide encryption keys. After a careful comparison, Cloud Platform (GCP) has been chosen as the selected cloud provider due to the fact that GCP was cost effective and was more user-friendly towards small companies such as Provsvaret. The usability tests have also been performed for the purpose of examining the degree of compliance that the platform had in relation to GDPR rights. In conclusion, it can be stated that the lab portal has good compliance with GDPR, however, there are certain aspects that need to be improved. Information and conditions on the platform can be displayed in a clearer way and the lab portal can also improve on how it handles objections and deletion of accounts. The implementation of BankID has been successful and in the end the lab portal has the functionality that was sought after. Data encryption Pseudonymity E-commerce GDPR Datakryptering Pseudonymitet E-handel GDPR Software Engineering Programvaruteknik
217	Easy Encryption for Email, Photo, and Other Cloud Services Koh, John Seunghyun January 2021 (has links) Modern users carry mobile devices with them at nearly all times, and this likely has contributed to the rapid growth of private user data—such as emails, photos, and more—stored online in the cloud. Unfortunately, the security of many cloud services for user data is lacking, and the vast amount of user data stored in the cloud is an attractive target for adversaries. Even a single compromise of a user’s account yields all its data to attackers. A breach of an unencrypted email account gives the attacker full access to years, even decades, of emails. Ideally, users would encrypt their data to prevent this. However, encrypting data at rest has long been considered too difficult for users, even technical ones, mainly due to the confusing nature of managing cryptographic keys. My thesis is that strong security can be made easy to use through client-side encryption using self-generated per-device cryptographic keys, such that user data in cloud services is well protected, encryption is transparent and largely unnoticeable to users even on multiple devices, and encryption can be used with existing services without any server-side modifications. This dissertation introduces a new paradigm for usable cryptographic key management, Per-Device Keys (PDK), and explores how self-generated keys unique to every device can enable new client-side encryption schemes that are compatible with existing online services yet are transparent to users. PDK’s design based on self-generated keys allows them to stay on each device and never leave them. Management of these self-generated keys can be shown to users as a device management abstraction which looks like pairing devices with each other, and not any form of cryptographic key management. I design, implement, and evaluate three client-side encryption schemes supported by PDK, with a focus on designing around usability to bring transparent encryption to users. First, I introduce Easy Email Encryption (E3), a secure email solution that is easy to use. Usersstruggle with using end-to-end encrypted email, such as PGP and S/MIME, because it requires users to understand cryptographic key exchanges to send encrypted emails. E3 eliminates this key exchange by focusing on storing encrypting emails instead of sending them. E3 transparently encrypts emails on receipt, ensuring that all emails received before a compromise are protected from attack, and relies on widely-used TLS connections to protect in-flight emails. Emails are encrypted using self-generated keys, which are completely hidden from the user and do not need to be exchanged with other users, alleviating the burden of users having to know how to use and manage them. E3 encrypts on the client, making it easy to deploy because it requires no server or protocol changes and is compatible with any existing email service. Experimental results show that E3 is compatible with existing IMAP email services, including Gmail and Yahoo!, and has good performance for common email operations. Results of a user study show that E3 provides much stronger security guarantees than current practice yet is much easier to use than end-to-end encrypted email such as PGP. Second, I introduce Easy Secure Photos (ESP), an easy-to-use system that enables photos tobe encrypted and stored using existing cloud photo services. Users cannot store encrypted photos in services like Google Photos because these services only allow users to upload valid images such as JPEG images, but typical encryption methods do not retain image file formats for the encrypted versions and are not compatible with image processing such as image compression. ESP introduces a new image encryption technique that outputs valid encrypted JPEG files which are accepted by cloud photo services, and are robust against compression. The photos are encrypted using self-generated keys before being uploaded to cloud photo services, and are decrypted when downloaded to users’ devices. Similar to E3, ESP hides all the details of encryption/decryption and key management from the user. Since all crypto operations happen in the user’s photo app, ESP requires no changes to existing cloud photo services, making it easy to deploy. Experimental results and user studies show that ESP encryption is robust against attack techniques, exhibits acceptable performance overheads, and is simple for users to set up and use. Third, I introduce Easy Device-based Passwords (EDP), a password manager with improvedsecurity guarantees over existing ones while maintaining their familiar usage models. To encrypt and decrypt user passwords, existing password managers rely on weak, human-generated master passwords which are easy to use but easily broken. EDP introduces a new approach using self-generated keys to encrypt passwords, and an easy-to-use pairing mechanism to allow users to access passwords across multiple devices. Keys are not exposed to users and users do not need to know anything about key management. EDP is the first password manager that secures passwords even with untrusted servers, protecting against server break-ins and password database leaks. Experimental results and a user study show that EDP ensures password security with untrusted servers and infrastructure, has comparable performance to existing password managers, and is considered usable by users. Cloud computing Data encryption (Computer science) Computer security--Computer programs Yahoo! Inc. Gmail (Electronic resource)
218	A Survey and Analysis of Solutions to the Oblivious Memory Access Problem Chapman, Erin Elizabeth 01 January 2012 (has links) Despite the use of strong encryption schemes, one can still learn information about encrypted data using side channel attacks [2]. Watching what physical memory is being accessed can be such a side channel. One can hide this information by using oblivious simulation - hiding the true access pattern of a program. In this paper we will review the model behind oblivious simulation, attempt to formalize the problem and define a security game. We will review the major solutions pro- posed so far, the square root and hierarchical solutions, as well as propose a new variation on the square root solution. Additionally, we will show a new formalization for providing software protection by using an encryption scheme and oblivious simulation. Data encryption (Computer science) Software protection Random access memory Computer Sciences Information Security
219	Tweakable Ciphers: Constructions and Applications Terashima, Robert Seth 07 August 2015 (has links) Tweakable ciphers are a building block used to construct a variety of cryptographic algorithms. Typically, one proves (via a reduction) that a tweakable-cipher-based algorithm is about as secure as the underlying tweakable cipher. Hence improving the security or performance of tweakable ciphers immediately provides corresponding benefits to the wide array of cryptographic algorithms that employ them. We introduce new tweakable ciphers, some of which have better security and others of which have better performance than previous designs. Moreover, we demonstrate that tweakable ciphers can be used directly (as opposed to as a building block) to provide authenticated encryption with associated data in a way that (1) is robust against common misuses and (2) can, in some cases, result in significantly shorter ciphertexts than other approaches. Cryptography -- Mathematics Computer security Computer systems -- Access control Data encryption (Computer science) Computer Sciences Theory and Algorithms
220	The OECD cryptography policy guidelines and their implementation / Jeppson, Jonas. January 2000 (has links) No description available. Cryptography -- OECD countries. Privacy, Right of -- OECD countries.

Search results