e-αξιολόγηση : εφαρμογές της κρυπτογραφίας στην αξιολόγηση μέσω τεχνολογιών πληροφορικής και επικοινωνιών

Γαλάνης, Βασίλειος

19 April 2010

Η εργασία αυτή έχει σα σκοπό τη διερεύνηση των εφαρμογών της κρυπτογραφίας στην ασφάλεια της διαδικασίας της αξιολόγησης σε περιβάλλοντα όπου γίνεται χρήση τεχνολογιών επικοινωνίας και πληροφορικής, κατασκευάζοντας μια κατηγορία πρωτοκόλλων που καλείται e-αξιολόγηση. Πιό συγκεκριμένα, ξεκινώντας από την όσο το δυνατόν πλήρη περιγραφή ενός συστήματος e-αξιολόγησης τόσο σε επίπεδο hardware όσο και σε επίπεδο software, σκοπός μας είναι να εισάγουμε κατάλληλες κρυπτογραφικές τεχνικές έτσι ώστε να καλύπτουμε τις απαιτήσεις ασφαλείας της διαδικασίας της e-αξιολόγησης και να δώσουμε παραδείγματα αντίστοιχων εφαρμογών όπου είναι γίνεται χρήση της ηλεκτρονικής αξιολόγησης. Στο πρώτο μέρος της εργασίας διερευνούμε τον τρόπο με τον οποίο ενσωματώνεται η έννοια της ασφάλειας στη διαδικασία της αξιολόγησης, τους λόγους για τους οποίους υπάρχει ανάγκη για ενσωμάτωση τεχνικών ασφαλείας στην αξιολόγηση και τα οφέλη που αποκομίζουμε από αυτές καθώς και μία γρήγορη παρουσίαση του συνόλου των τεχνικών που χρησιμοποιούνται. Στη συνέχεια του κεφαλαίου αυτού, παρουσιάζουμε που και πως ενσωματώνονται εφαρμογές κρυπτογραφίας στο σύνολο των τεχνικών ασφαλείας που χρησιμοποιούνται στη διαδικασία αξιολόγησης. Στο δεύτερο μέρος κάνουμε μια παρουσίαση των κρυπτογραφικών πρωτοκόλλων και τεχνικών που έχουν εφαρμογή στην e-αξιολόγηση, καθώς και μια παρουσίαση του μαθηματικού τους υπόβαθρου. Στο τρίτο μέρος κάνουμε μια παρουσίαση των εφαρμογών της ηλεκτρονικής αξιολόγησης στην εκπαίδευση. / The goal of this work is to research the application of cryptography in the security of the process of evaluation in on-line environments, creating a framework of protocols which is collectively called e-evaluation. More specifically, we begin by providing a description of an e-evaluation system in both the hardware and the software level and introducing suitable cryptographic techniques so as to satisfy the security requirements of the e-evaluation process, giving examples of applications where there is use of electronic evaluation procedures. In the first part of this work we research the way the concept of security is integrated within the process of evaluation, the reasons for which there is need for integrating security techniques in that process and the benefits we gain by them. Then we provide a short description of techniques being use in the electronic evaluation process as well as where and how cryptography is applied in them. In the second part, we provide a description of the cryptographic techniques and protocols that have applications in the e-evaluation framework and their mathematical background. In the third and final part, we make a presentation of the applications of e-evaluation in education.

e-αξιολόγηση

Κρυπτογραφία

Ασφάλεια δεδομένων

005.82

e-evaluation

Cryptography

Data security

Cryptographic protocols

e-voting

Security of Big Data: Focus on Data Leakage Prevention (DLP)

Nyarko, Richard

January 2018

Data has become an indispensable part of our daily lives in this era of information age. The amount of data which is generated is growing exponentially due to technological advances. This voluminous of data which is generated daily has brought about new term which is referred to as big data. Therefore, security is of great concern when it comes to securing big data processes. The survival of many organizations depends on the preventing of these data from falling into wrong hands. Because if these sensitive data fall into wrong hands it could cause serious consequences. For instance, the credibility of several businesses or organizations will be compromised when sensitive data such as trade secrets, project documents, and customer profiles are leaked to their competitors (Alneyadi et al, 2016).  In addition, the traditional security mechanisms such as firewalls, virtual private networks (VPNs), and intrusion detection systems/intrusion prevention systems (IDSs/IPSs) are not enough to prevent against the leakage of such sensitive data. Therefore, to overcome this deficiency in protecting sensitive data, a new paradigm shift called data leakage prevention systems (DLPSs) have been introduced. Over the past years, many research contributions have been made to address data leakage. However, most of the past research focused on data leakage detection instead of preventing against the leakage. This thesis contributes to research by using the preventive approach of DLPS to propose hybrid symmetric-asymmetric encryption to prevent against data leakage.  Also, this thesis followed the Design Science Research Methodology (DSRM) with CRISP-DM (CRoss Industry Standard Process for Data Mining) as the kernel theory or framework for the designing of the IT artifact (method). The proposed encryption method ensures that all confidential or sensitive documents of an organization are encrypted so that only users with access to the decrypting keys can have access. This is achieved after the documents have been classified into confidential and non-confidential ones with Naïve Bayes Classifier (NBC).  Therefore, any organizations that need to prevent against data leakage before the leakage occurs can make use of this proposed hybrid encryption method.

Big data

big data security

data leakage prevention

data leakage prevention system

Computer Sciences

Datavetenskap (datalogi)

Privacy-Preserving Mobile Crowd Sensing

January 2016

abstract: The presence of a rich set of embedded sensors on mobile devices has been fuelling various sensing applications regarding the activities of individuals and their surrounding environment, and these ubiquitous sensing-capable mobile devices are pushing the new paradigm of Mobile Crowd Sensing (MCS) from concept to reality. MCS aims to outsource sensing data collection to mobile users and it could revolutionize the traditional ways of sensing data collection and processing. In the meantime, cloud computing provides cloud-backed infrastructures for mobile devices to provision their capabilities with network access. With enormous computational and storage resources along with sufficient bandwidth, it functions as the hub to handle the sensing service requests from sensing service consumers and coordinate sensing task assignment among eligible mobile users to reach a desired quality of sensing service. This paper studies the problem of sensing task assignment to mobile device owners with specific spatio-temporal traits to minimize the cost and maximize the utility in MCS while adhering to QoS constraints. Greedy approaches and hybrid solutions combined with bee algorithms are explored to address the problem. Moreover, the privacy concerns arise with the widespread deployment of MCS from both the data contributors and the sensing service consumers. The uploaded sensing data, especially those tagged with spatio-temporal information, will disclose the personal information of the data contributors. In addition, the sensing service requests can reveal the personal interests of service consumers. To address the privacy issues, this paper constructs a new framework named Privacy-Preserving Mobile Crowd Sensing (PP-MCS) to leverage the sensing capabilities of ubiquitous mobile devices and cloud infrastructures. PP-MCS has a distributed architecture without relying on trusted third parties for privacy-preservation. In PP-MCS, the sensing service consumers can retrieve data without revealing the real data contributors. Besides, the individual sensing records can be compared against the aggregation result while keeping the values of sensing records unknown, and the k-nearest neighbors could be approximately identified without privacy leaks. As such, the privacy of the data contributors and the sensing service consumers can be protected to the greatest extent possible. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2016

Computer science

access control

data security

mobile crowd sensing

privacy preservation

Sensitive Data Migration to the Cloud

Ema, Ismat

January 2017

No description available.

Cloud computing

sensitive data

data security

successful cloud deployment.

Information Systems

A non-visible user input-based CAPTCHA / En icke-synlig CAPTCHA grundad på användarinput

Sisk, Jakob

January 2017

During the last decade, there has been an increase in the number of automated programs (bots) that perform tasks such as harvesting information or making posts on social media. CAPTCHA was developed as a defense against bots, but several common CAPTCHAs have usability issues and are difficult for users to solve. This project aims to determine if a non-visible user input-based CAPTCHA can help solve this problem. The CAPTCHA looks for patterns in the user input, that is, signs that the input is controlled by scripted logic. The CAPTCHA is evaluated by looking at how capable it is at identifying patterns, human mouse movements and bot-controlled mouse movements. Additionally, it is investigated if there exists a data sequence size at which the pattern recognition algorithm can most successfully detect patterns and avoid false negatives. The results showed that interval sizes 40-50 provide the best results. Using these sizes, the pattern recognition algorithm was able to fulfill the commonly accepted rates of at least a 99 % success rate and at most a 10 % false negative rate. This shows that the CAPTCHA is robust under the circumstances investigated.

CAPTCHA

Bot

Robustness

Data security

Behavioral analysis

Pattern recognition

Computer and Information Sciences

Data- och informationsvetenskap

Exploring Data Security Management Strategies for Preventing Data Breaches

Ofori-Duodu, Michael Samuel

01 January 2019

Insider threat continues to pose a risk to organizations, and in some cases, the country at large. Data breach events continue to show the insider threat risk has not subsided. This qualitative case study sought to explore the data security management strategies used by database and system administrators to prevent data breaches by malicious insiders. The study population consisted of database administrators and system administrators from a government contracting agency in the northeastern region of the United States. The general systems theory, developed by Von Bertalanffy, was used as the conceptual framework for the research study. The data collection process involved interviewing database and system administrators (n = 8), organizational documents and processes (n = 6), and direct observation of a training meeting (n = 3). By using methodological triangulation and by member checking with interviews and direct observation, efforts were taken to enhance the validity of the findings of this study. Through thematic analysis, 4 major themes emerged from the study: enforcement of organizational security policy through training, use of multifaceted identity and access management techniques, use of security frameworks, and use of strong technical control operations mechanisms. The findings of this study may benefit database and system administrators by enhancing their data security management strategies to prevent data breaches by malicious insiders. Enhanced data security management strategies may contribute to social change by protecting organizational and customer data from malicious insiders that could potentially lead to espionage, identity theft, trade secrets exposure, and cyber extortion.

database administrator

Data breach

data security management

insider threat

malicious insider

system administrator

Databases and Information Systems

Attribute-Based Encryption for Fine-Grained Access Control over Sensitive Data

January 2020

abstract: The traditional access control system suffers from the problem of separation of data ownership and management. It poses data security issues in application scenarios such as cloud computing and blockchain where the data owners either do not trust the data storage provider or even do not know who would have access to their data once they are appended to the chain. In these scenarios, the data owner actually loses control of the data once they are uploaded to the outside storage. Encryption-before-uploading is the way to solve this issue, however traditional encryption schemes such as AES, RSA, ECC, bring about great overheads in key management on the data owner end and could not provide fine-grained access control as well. Attribute-Based Encryption (ABE) is a cryptographic way to implement attribute-based access control, which is a fine-grained access control model, thus solving all aforementioned issues. With ABE, the data owner would encrypt the data by a self-defined access control policy before uploading the data. The access control policy is an AND-OR boolean formula over attributes. Only users with attributes that satisfy the access control policy could decrypt the ciphertext. However the existing ABE schemes do not provide some important features in practical applications, e.g., user revocation and attribute expiration. Furthermore, most existing work focus on how to use ABE to protect cloud stored data, while not the blockchain applications. The main objective of this thesis is to provide solutions to add two important features of the ABE schemes, i.e., user revocation and attribute expiration, and also provide a practical trust framework for using ABE to protect blockchain data. To add the feature of user revocation, I propose to add user's hierarchical identity into the private attribute key. In this way, only users whose identity is not revoked and attributes satisfy the access control policy could decrypt the ciphertext. To add the feature of attribute expiration, I propose to add the attribute valid time period into the private attribute key. The data would be encrypted by access control policy where all attributes have a temporal value. In this way, only users whose attributes both satisfy the access policy and at the same time these attributes do not expire, are allowed to decrypt the ciphertext. To use ABE in the blockchain applications, I propose an ABE-enabled trust framework in a very popular blockchain platform, Hyperledger Fabric. Based on the design, I implement a light-weight attribute certificate authority for attribute distribution and validation; I implement the proposed ABE schemes and provide a toolkit which supports system setup, key generation, data encryption and data decryption. All these modules were integrated into a demo system for protecting sensitive les in a blockchain application. / Dissertation/Thesis / Masters Thesis Computer Science 2020

Engineering

Computer science

Attribute-Based Access Control

Blockchain

Data Security

Encryption

Towards a framework for the implementation of a secure quantum teleportation infrastructure in South Africa

Ngobeni, Themba James

January 2019

Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2019 / The availability of high-speed/high-volume Data Link Layer (Layer 2) transmission networks fuelled by the implementation of mission critical and performance-intensive technologies, such as Cloud and Data Centre services transmitting sensitive data over the wide area network (WAN) has shifted the attention of hackers, eavesdroppers, cyber-criminals and other malicious attackers to the exploitation of these data transmission technologies. It is argued that security on the current classical technologies that store, transmit and manipulate information on the OSI Layer 2 have historically not been adequately addressed when it comes to secure communication and exchange of information. Quantum teleportation (QT) stemming from quantum communication a branch of quantum information science (QIS) has emerged as a technology that promise unconditional security and providing new ways to design and develop frameworks that operate based on the laws of quantum physics. It is argued that it has a potential to address the data transmission security GAP for OSI layer 2 technologies. This research study aims to propose a framework for the implementation of secure quantum teleportation infrastructures in South Africa. There is currently a lack of generic models and methods to guide the implementation of QT infrastructures that will enable secure transmission of information. A design science research (DSR) was undertaken in order to develop a secure quantum teleportation artefact called (SecureQT-Framework). SecureQT-Framework is a generic model and method that guides the selection and implementation of QT infrastructures motivated by multi-disciplinary domains such as QIS, Quantum Physics, Computer Science as well as information and communication technology (ICT). The DSR process employed a primary DSR cycle with four DSR sub-cycles which involved the awareness and suggestion phase guided by a systematic literature review (SLR), development and evaluation phase guided by Software Defined Network’s OpenFlow, Mininet, Mininet-Wifi and computer simulations for QT using SQUANCH framework. We investigated, examined and collected credible QT techniques and its variant protocols to develop and simulate secure transmission of information over the WAN, We studied their features and challenges. We concluded the study by describing the QT techniques, protocols and implementations that has potential to bridge the security GAP for OSI Layer 2 technologies over the WAN. The results gained were used in the construction of a framework for the implementation of a secure quantum teleportation infrastructure in South Africa. The framework describes the main factors that need to be taken into consideration when implementing quantum teleportation infrastructures.

Quantum Teleportation

Layer 2 Data Transmission

Data Security

Quantum Communication

Design Science Research

Kategorisera föreställningar om digitala hot / Categorize conceptions about digital threats

Pettersson, Fredrik

January 2022

Användandet av internet ökar ständigt och allt fler företag digitaliserar sin verksamhet. Dock har detta lett till att kriminaliteten ökar på de digitala plattformarna. Detta sätter hög press på företag att satsa på sin datasäkerhet för att hänga med i utvecklingen. Målsättningen med denna rapport är att kategorisera allmänhetens uppfattning om digitala hot och ställa dessa i jämförelse med den forskning som finns. Detta för att se vilka hot som allmänheten behöver eller inte behöver oroa sig för. Rapporten lägger även ett stort fokus på de ekonomiska konsekvenser som cyberattackerna har på samhället. Resultatet visar att allmänheten rent generellt har dålig uppfattning om de digitala hoten även fast de överlag uppskattar hoten som allvarliga. Detta visar på en kunskapslucka hos befolkningen vilket kan vara naturlig då utvecklingen har gått mycket fort inom området.   De hot som denna rapport lyfter upp är några av de mest relevanta digitala hot som finns på marknaden idag. Detta kompletteras med en genomgång av de ekonomiska konsekvenser och prognoser för framtida konsekvenser av cyberattacker. / The use of the internet is constantly increasing and more and more companies are digitizing their work. However, this has led to an increase in crime on the digital platforms. This puts a lot of pressure on companies to invest in their data security to keep up with the progress of cyber crime. The aim of this report is to categorize the public's perception of digital threats and compare them with existing research. This is to see what threats the public needs or does not need to worry about. The report also places great emphasis on the economic consequences that cyber attacks have on society. The result shows that the general public has a poor perception of the digital threats, even though they generally regard the threats as serious. This shows a knowledge gap among the population, which may be natural as the development has been very fast in the scientific area. The threats that this report highlights are some of the most relevant digital threats on the market today. This is supplemented by a review of the economic consequences and forecasts for future consequences of cyber attacks.

security

data security

cyber security

public opinion

säkerhet

datasäkerhet

cybersäkerhet

allmänhetens uppfattning

Computer Sciences

Datavetenskap (datalogi)

Implementing and Investigating Partial Consent for Privacy Management of Android

Nallamilli, Mohan Krishna Reddy, Jagatha, Satya Venkat Naidu

January 2022

Background: Data privacy and security has been a big concern in recent years. Data privacy is a concern for everybody who owns a smartphone or accesses a website. This is due to the applications that have been installed on the device or the cookies that have been acquired via websites in the form of advertising cookies. Advertising cookies within programs or sites that track user content provide access to all of the user’s personal sensitive data. The viability of applying conditional consent to boost consumers’ trust in sharing their data is examined in this study. We assess the societal and technological implications of conditional consent implementation. This is accomplished by integrating a third option – maybe – into the access control mechanism.  Research Idea: After reviewing all of the issues concerning user privacy breaches in android applications, we came up with the idea of implementing a Maybe option in which the user can grant access to the permissions for a specified period of time and then automatically disable those permissions at the end of that period. Objectives and Research Methods: The primary goal of our work is to determine the feasibility of implementing partial consent on Android applications, as well as how users understand and are willing to use this suggested option. We chose Experiment, Systematic mapping study, and survey as our study methods. Results: We built a permissions application prototype and provided an option maybe where the user may grant rights for a certain period of time and then automatically deactivate the permissions. Using a poll, many people chose the offered choice and fully comprehended the Maybe option. Conclusions: We understood the usability aspect of the proposed option. The respondents accepted the proposed option and felt the desire for the proposed option. This can cause a change in the security aspects of providing data to the third party applications. Keywords: Partial consent, Access control, Data Privacy, Data Security, Usability Aspect.

Partial consent

Access control

Data Privacy

Data Security

Usability Aspect

Computer Sciences

Datavetenskap (datalogi)