Global ETD Search

61	Bezpečnost IT v biomedicíně. / IT Security in Biomedicine. Schlenker, Anna January 2019 (has links) Title: IT Security in Biomedicine Author: Ing. Anna Schlenker Supervisor: Ing. Milan Šárek, CSc. Abstract: The aim of this work is to propose a solution to the biomedical data security strategy. The work provides an overview of the most commonly used biometric methods designed to identify or authenticate users. From these methods, the keystroke dynamics was chosen and used in the application solution. The reliability of this method has been tested by classical and modern classification methods. The greatest benefit of the work is the use of the created application in combination with the measurement using integrated electromyography to objectify the evaluation of the work related to keyboard typing in terms of local muscle load. Keywords: Biometrics, Data Security, Keystroke Dynamics, Local Muscle Load
62	Securing Data in a Cloud Environment: Access Control, Encryption, and Immutability / Säkerhetshantering av data som överförs genom molnbaserade tjänster: åtkomstkontroll, kryptering och omutlighet Al Khateeb, Ahmad, Summaq, Abdulrazzaq January 2023 (has links) The amount of data and the development of new technologies used by all society-critical organizations are increasing dramatically. In parallel, data breaches, cyber-attacks, and their devastating consequences are also on the rise, as well as the number of individuals and organizations that are potential targets for such attacks. This places higher demands on security in terms of protecting data against cyber-attacks and controlling access to data that authenticated users want to access. The paper focuses on studying concepts of secure data practices in a GitLab-based cloud environment. The objective is to give answers to questions such as how to ensure the guarantee of secure data and protect it from unauthorized access and changes. The work behind this thesis includes exploring techniques for access control, data encryption, and data immutability. The study is followed by an implementation project that includes fetching code from GitLab verifying user identity and access control, managing data access, and displaying the results. The results of the thesis demonstrate the effectiveness of the implemented security measures in protecting data and controlling access. / Mängden av data och utvecklingen av banbrytande teknologier som idag används av alla samhällsbärande organisationer ökar drastiskt. I samma takt ökar dataintrång, cyberattacker och dess förödande konsekvenser samt antalet personer och organisationer som utgör potentiella offer för sådana typer av attacker. Detta ställer högre krav på säkerheten när det gäller att skydda data mot cyberattacker, men även att kontrollera åtkomsten till data som autentiserade användare vill komma åt. Rapporten fokuserar på att studera hur data säkras i GitLab-baserade molnsystem. Syftet med detta arbete är att ge svar på frågeställningar som till exempel att lova säker åtkomst och skydd för data från obehörig åtkomst och ändringar. Arbetet bakom detta projekt inkluderade undersökning av tekniker som används inom accesskontroll, datakryptering och data-omutlighet. Studien resulterade i en implementation som möjliggör att hämta signerade ändringar (Commits) från GitLab, verifiera användaridentiteten och åtkomstbehörighet, hantera dataåtkomst samt presentera resultaten. Resultaten av detta examensarbete demonstrerar effektiviteten av den implementerade säkerhetsteknikerna i att skydda data och kontrollera access. Access Control Authorization Keycloak GPG Keys Encryption GitLab Version Control Neo4j Data Security Computer Sciences Datavetenskap (datalogi)
63	Mechanism Design in Defense against Offline Password Attacks Wenjie Bai (16051163) 15 June 2023 (has links) <p>The prevalence of offline password attacks, resulting from attackers breaching authentication servers and stealing cryptographic password hashes, poses a significant threat. Users' tendency to select weak passwords and reuse passwords across multiple accounts, coupled with computation advancement, further exacerbate the danger.</p> <p><br></p> <p>This dissertation addresses this issue by proposing password authentication mechanisms that aim to minimize the number of compromised passwords in the event of offline attacks, while ensuring that the server's workload remains manageable. Specifically, we present three mechanisms: (1) DAHash: This mechanism adjusts password hashing costs based on the strength of the underlying password. Through appropriate tuning of hashing cost parameters, the DAHash mechanism effectively reduces the fraction of passwords that can be cracked by an offline password cracker. (2) Password Strength Signaling: We explore the application of Bayesian Persuasion to password authentication. The key idea is to have the authentication server store a noisy signal about the strength of each user password for an offline attacker to find. We demonstrate that by appropriately tuning the noise distribution for the signal, a rational attacker will crack fewer passwords. (3) Cost-Asymmetric Memory Hard Password Hashing: We extend the concept of password peppering to modern Memory Hard password hashing algorithms. We identify limitations in naive extensions and introduce the concept of cost-even breakpoints as a solution. This approach allows us to overcome these limitations and achieve cost-asymmetry, wherein the expected cost of validating a correct password is significantly smaller than the cost of rejecting an incorrect password.</p> <p><br></p> <p>When analyzing the behavior of a rational attacker it is important to understand the attacker’s guessing curve i.e., the percentage of passwords that the attacker could crack within a guessing budget B. Dell’Amico and Filippone introduced a Monte Carlo algorithm to estimate the guessing number of a password as well as an estimate for the guessing curve. While the estimated guessing number is accurate in expectation the variance can be large and the method does not guarantee that the estimates are accurate with high probability. Thus, we introduce Confident Monte Carlo as a tool to provide confidence intervals for guessing number estimates and upper/lower bound the attacker’s guessing curves.</p> <p><br></p> <p>Moreover, we extend our focus beyond classical attackers to include quantum attackers. We present a decision-theoretic framework that models the rational behavior of attackers equipped with quantum computers. The objective is to quantify the capabilities of a rational quantum attacker and the potential damage they could inflict, assuming optimal decision-making. Our framework can potentially contribute to the development of effective countermeasures against a wide range of quantum pre-image attacks in the future.</p> Data security and protection Password Authentication Mechanism Stackelberg Game Password Strength Estimation Offline Password Attacks Quantum Pre-image Attacks
64	Evaluating the Ownership of Personal data in the Cloud by Optimizing the IT Architecture : Applying a reference architecture to make the ownership of personal data more clear within an organization Myrsell, Tilda, Hulteberg, Sofie January 2023 (has links) Cloud computing is an area that many companies use in order to stay in line with technological development. To keep these systems productive and easily managed, a reference architecture can be used as a framework and also as a manual on how to structure an organization to suit its specific needs and goals. The reference architecture can make it easier to divide responsibility as well as working tasks within an organization. One company facing the challenges that comes with cloud based systems is Vattenfall, one of the biggest energy companies in Europe. An organization like Vattenfall handles a great load of customer data which is to be controlled and protected in every way. In order to keep on making sure that these systems are efficient and secure, a reference architecture could be a helpful tool. With the purpose of investigating how a section within Vattenfall’s IT department can use a reference architecture to determine the ownership of customers’ personal data more easily, an interview study was conducted. The interviews focused on evaluation of how employees’ reason when handling customers’ personal data within cloud environments. The reference architecture found most suitable for handling personal data was the international standard ISO/IEC 17789. It describes multiple work roles within cloud computing which can make the process of handling sensitive information clearer and easier. The data collected from the interviews was later applied to this reference architecture in order to see how it can be used in order to more easily divide responsibility. The study could in the end present several recommendations as to how the department should divide responsibilities and raise awareness regarding the topic amongst employees in order to increase data security. Finally, the expected value created from implementing these recommendations and applying the reference architecture to the organization is expected to be high. The thesis concluded that the chosen reference architecture can be applied to the Vattenfall organization. With a few organizational changes, the responsibility regarding customers’ personal data can be divided more easily amongst the employees and the security can be improved. The recommendations presented could benefit the organization and raise awareness of the topic amongst employees. Cloud computing reference architecture personal data international standard ISO/IEC 17789 data security data ownership Computer and Information Sciences Data- och informationsvetenskap
65	<b>SECURE AUTHENTICATION AND PRIVACY-PRESERVING TECHNIQUES IN VEHICULAR AD-HOC NETWORKS</b> Aala Oqab Alsalem (17075812) 28 April 2024 (has links) <p dir="ltr">VANET is formed by vehicles, road units, infrastructure components, and various con- nected objects.It aims mainly to ensure public safety and traffic control. New emerging applications include value-added and user-oriented services. While this technological ad- vancement promises ubiquitous deployment of the VANET, security and privacy challenges must be addressed. Thence, vehicle authentication is a vital process to detect malicious users and prevent them from harming legitimate communications. Hover, the authentication pro- cess uses sensitive information to check the vehicle’s identity. Sharing this information will harm vehicle privacy. In this thesis, we aim to deal with this issues:</p><ul><li>How can we ensure vehicle authentication and avoid sensitive and identity information leaks simultaneously?</li><li>When nodes are asked to provide identity proof, how can we ensure that the shared information is only used by an authorized entity?</li><li>Can we define an effective scheme to distinguish between legitimate and malicious network nodes?This dissertation aims to address the preservation of vehicle private information used within the authentication mechanism in VANET communications.The VANET characteristics are thoroughly presented and analyzed. Security require- ments and challenges are identified. Additionally, we review the proposed authentication techniques and the most well-known security attacks while focusing on the privacy preser- vation need and its challenges.To fulfill, the privacy preservation requirements, we proposed a new solution called Active Bundle AUthentication Solution based on SDN for Vehicular Networks (ABAUS). We intro- duce the Software Defined Networks (SDN) as an authentication infrastructure to guarantee the authenticity of each participant. Furthermore, we enhance the preservation of sensitive data by the use of an active data Bundle (ADB) as a self-protecting security mechanism. It ensures data protection throughout the whole data life cycle. ABAUS defines a dedicated registration protocol to verify and validate the different members of the network.</li></ul><p dir="ltr">first solution focused on legitimate vehicle identification and sensitive data pro- tection. A second scheme is designed to recognize and eliminate malicious users called BEhaviour-based REPutation scheme for privacy preservation in VANET using blockchain technology (BEREP). Dedicated public blockchains are used by a central trust authority to register vehicles and store their behavior evaluation and a trust scoring system allows nodes to evaluate the behavior of their communicators and detect malicious infiltrated users.</p><p dir="ltr">By enhancing sensitive data preservation during the authentication process and detect- ing malicious attempts, our proposed work helps to tackle serious challenges in VANET communications.</p> Data security and protection System and network security Vehicular Ad hoc Networks Software Defined Networks Privacy Preservation Network Security Authentication
66	<b>Analyzing the Nexus between Cyberaggression and Cybersecurity Insider Threat Dynamics</b> Anirudh Vempati (16897563) 27 April 2024 (has links) <p dir="ltr">In the modern, internet-connected world, online actions have a big impact. Organizational information system security is a complex issue, with both external attacks and internal vulnerabilities posing serious risks. Although there is ample evidence linking job discontent and stress in the context of insider threat prediction, the stress caused by a perceived lack of social support is mostly unstudied. This research seeks to address this gap by assessing how aggressive behaviors outside the workplace and the absence of offline social support can predict insider threat behaviors within organizations. Given the prevalence of insider threats, a comprehensive investigation into their motivations and actions is imperative. Understanding these dynamics can provide organizations with crucial insights to effectively manage this persistent risk. The widespread nature of insider threats calls for a thorough study into their roots, motives, and behaviors. By comprehensively analyzing these factors, companies can gain valuable insights into insider threats' dynamics and develop effective risk management strategies.</p><p dir="ltr">The study conducted a survey with 206 participants recruited through Amazon Mechanical Turk (MTurk), analyzing data using SPSS. The survey consisted of several questionnaires, including demographic information, insider threat traits, cyberaggressive behaviors, online and offline social support. The correlational analysis revealed significant variables related to insider threat characteristics. The results of the study suggested that Cyberbullying and Deception were significant predictors of Hacking and Identity Theft. Additionally, individuals displaying traits of Unwanted Contact and Online Harassment outside the workplace were more likely to exhibit insider threat behaviors within an organization. Notably, the lack of online social support was not found to be indicative of insider threats. However, the absence of offline social support was associated with an increased probability of individuals engaging in cybercrimes within organizational settings.</p><p dir="ltr">The findings suggest that organizations and information security policymakers should implement strategies to mitigate insider threats effectively. To manage insider threats, organizations should focus on behavioral cues, implement positive interventions and utilize technical monitoring to track online actions of insiders. Understanding the psychological, behavioral, and technical aspects of insider threats is crucial for early detection and prevention. Policymakers at companies should not only focus on traditional background checks related to criminal history but also consider psychological and behavioral factors to prevent insider threats effectively. By integrating these insights into policies and practices, companies can enhance their ability to mitigate potential insider threats effectively.</p><p dir="ltr">The present study augments the existing literature on insider threats and cyber aggression by examining the influence of stressors on employee behavior. Building upon prior research, this investigation delves into the nuanced impact of both offline and online social support systems on stress levels experienced by employees. It explores how the absence of adequate offline and online social support can exacerbate stress levels, consequently increasing the likelihood of insider threats and cyber aggression. In conclusion, the findings of this research contribute significantly to our understanding of the pivotal role of offline social support in mitigating workplace stress. Moreover, it underscores the importance of understanding individual online presence and background verification processes in evaluating potential risks within the workplace.</p> Cybercrime Data security and protection Information security management Insider Threat cyberaggression cyberbullying Insider threat prediction stress social support
67	MODELING RISK IN THE FRONT-END OF THE OSS DEBIAN SUPPLY-CHAIN USING MODELS OF NETWORK PROPAGATION Sahithi Kasim (18859078) 24 June 2024 (has links) <p dir="ltr">Our research revolves around the evolving landscape of Open-Source Software (OSS) supply chains, emphasizing their critical role in contemporary software development while investigating the escalating security concerns associated with their integration. As OSS continues to shape the software ecosystem, our research acknowledges the paradigm shift in the software supply chain, highlighting its complexity and the associated security challenges. Focusing on Debian packages, we employ advanced network science methods to comprehensively assess the structural dynamics and vulnerabilities within the OSS supply chain. The study is motivated by the imperative to understand, model, and mitigate security risks from interconnected software components.</p><p dir="ltr">Our research questions delve into 1) identifying high-risk packages 2) comparing risk profiles between source and build stages and 3) predicting future vulnerabilities. Data collection involves collecting source code repositories, build-info information, and vulnerability data of Debian packages. Leveraging a multifaceted methodology, we perform the following things: graph construction, subsampling, metrics creation, explorative data analysis, and statistical investigations on the Debian package network. This statistical approach integrates the Wilcoxon test, Chi-Square test, and advanced network dynamics modeling with machine learning, to explore evolving trends and correlations between different stages of the OSS supply chain.</p><p dir="ltr">Our goals include providing actionable insights for industry practitioners, policymakers, and developers to enhance risk management in the OSS supply chain. The expected outcomes encompass an enriched understanding of vulnerability propagation, the identification of high-risk packages, and the comparison of network-based risk metrics against traditional software engineering measures. Ultimately, our research contributes to the ongoing discourse on securing open-source ecosystems, offering practical strategies for risk mitigation and fostering a safer and more resilient OSS supply chain.</p> Data security and protection Open Source Software OSS Debian Network Science Security Risk
68	Telemetry Post-Processing in the Clouds: A Data Security Challenge Kalibjian, J. R. 10 1900 (has links) ITC/USA 2011 Conference Proceedings / The Forty-Seventh Annual International Telemetering Conference and Technical Exhibition / October 24-27, 2011 / Bally's Las Vegas, Las Vegas, Nevada / As organizations move toward cloud [1] computing environments, data security challenges will begin to take precedence over network security issues. This will potentially impact telemetry post processing in a myriad of ways. After reviewing how data security tools like Enterprise Rights Management (ERM), Enterprise Key Management (EKM), Data Loss Prevention (DLP), Database Activity Monitoring (DAM), and tokenization are impacting cloud security, their effect on telemetry post-processing will also be examined. An architecture will be described detailing how these data security tools can be utilized to make telemetry post-processing environments in the cloud more robust. Data security network security cloud computing Enterprise Rights Management (ERM) Enterprise Key Management (EKM) Data Loss Prevention (DLP) Database Activity Monitoring (DAM) tokenization
69	Nová média shromažďující informace o svém publiku a vztah uživatelů k bezpečnosti dat: kvalitativní studie / New media gathering users data and the attitude of users towards internet security: qualitative study Laube, David January 2015 (has links) The theoretical part of the thesis analyzes the topic of new media and how it works with the privacy of its users. On the examples of applications such as Facebook, or Google services, I refer to the intensive and extensive kind of private information, that are stored on the provider's servers. All these data are not just gathered, but also analyzed and evaluated. Private companies use data of its users in such extension like never before. New media and their activities raises new questions about possible misuse of such data. In this thesis I mention a few examples that are somehow related to the topic of privacy and personal data protection. In the practical part I use the tools of qualitative research to explore how the issue of online privacy and data security is perceived by different user groups and how they explain their behavior. I examined whether the privacy issue is an important one and if their online activity in this context is somehow particularly regulated or restricted. For research I chose two groups of respondents - younger users up to 37 years of age and older aged 55 +. I get information from the respondents in the form of semi-structured interview. These were analyzed and I created new conclusions from it.
70	Access control and inference problem in data integration systems / Problème d'inférence et contrôle d'accès dans les systèmes d'intégration de données Haddad, Mehdi 01 December 2014 (has links) Dans cette thèse nous nous intéressons au contrôle d’accès dans un système issu d’une intégration de données. Dans un système d’intégration de données un médiateur est défini. Ce médiateur a pour objectif d’offrir un point d’entrée unique à un ensemble de sources hétérogènes. Dans ce type d’architecture, l’aspect sécurité, et en particulier le contrôle d’accès, pose un défi majeur. En effet, chaque source, ayant été construite indépendamment, définit sa propre politique de contrôle d’accès. Le problème qui émerge de ce contexte est alors le suivant : "Comment définir une politique représentative au niveau du médiateur et qui permet de préserver les politiques des sources de données impliquées dans la construction du médiateur?" Préserver les politiques des sources de données signifie qu’un accès interdit au niveau d’une source doit également l’être au niveau du médiateur. Aussi, la politique du médiateur doit préserver les données des accès indirects. Un accès indirect consiste à synthétiser une information sensible en combinant des informations non sensibles et les liens sémantiques entre ces informations. Détecter tous les accès indirects dans un système est appelé problème d’inférence. Dans ce manuscrit, nous proposons une méthodologie incrémentale qui permet d’aborder le problème d’inférence dans un contexte d’intégration de données. Cette méthodologie est composée de trois phases. La première, phase de propagation, permet de combiner les politiques sources et ainsi générer une politique préliminaire au niveau médiateur. La deuxième phase, phase de détection, caractérise le rôle que peuvent jouer les relations sémantiques entre données afin d’inférer une information confidentielle. Par la suite, nous introduisant, au sein de cette phase, une approche basée sur les graphes afin d’énumérer tous les accès indirects qui peuvent induire l’accès à une information sensible. Afin de remédier aux accès indirects détectés nous introduisons la phase de reconfiguration qui propose deux solutions. La première solution est mise en œuvre au niveau conceptuel. La seconde solution est mise en œuvre lors de l’exécution. / In this thesis we are interested in controlling the access to a data integration system. In a data integration system, a mediator is defined. This mediator aims at providing a unique entry point to several heterogeneous sources. In this kind of architecture security aspects and access control in particular represent a major challenge. Indeed, every source, designed independently of the others, defines its own access control policy. The problem is then: "How to define a representative policy at the mediator level that preserves sources’ policies?" Preserving the sources’ policies means that a prohibited access at the source level should also be prohibited at the mediator level. Also, the policy of the mediator needs to protect data against indirect accesses. An indirect access occurs when one could synthesize sensitive information from the combination of non sensitive information and semantic constraints. Detecting all indirect accesses in a given system is referred to as the inference problem. In this manuscript, we propose an incremental methodology able to tackle the inference problem in a data integration context. This methodology has three phases. The first phase, the propagation phase, allows combining source policies and therefore generating a preliminary policy at the mediator level. The second phase, the detection phase, characterizes the role of semantic constraints in inducing inference about sensitive information. We also introduce in this phase a graph-based approach able to enumerate all indirect access that could induce accessing sensitive information. In order to deal with previously detected indirect access, we introduce the reconfiguration phase which provides two solutions. The first solution could be implemented at design time. The second solution could be implemented at runtime. Informatique Sécurité informatique Controle d'accès Intégration de données Problème dinférence Intégration de politique d'autorisation Information Technology Data security Access control Data integration Inference problem Authorization policy integration 005.807 2

Search results