Global ETD Search

1	Classification of and resilience to cyber-attacks on cyber-physical systems Lyn, Kevin G. 21 September 2015 (has links) The growing connectivity of cyber-physical systems (CPSes) has led to an increased concern over the ability of cyber-attacks to inflict physical damage. Current cybersecurity measures focus on preventing attacks from penetrating control supervisory networks. These reactive techniques, however, are often plagued with vulnerabilities and zero-day exploits. Embedded processors in CPS field devices often possess little security of their own, and are easily exploited once the network is penetrated. In response, researchers at Georgia Tech and Virginia Tech have proposed a Trustworthy Autonomic Interface Guardian Architecture (TAIGA), which monitors communication between the embedded controller and physical process. This autonomic architecture provides the physical process with a last line of defense against cyber-attacks by switching process control to a trusted backup controller if an attack causes a system specification violation. This thesis focuses on classifying the effects of cyberattacks on embedded controllers, evaluating TAIGA’s resilience against these attacks, and determining the applicability of TAIGA to other CPSes. This thesis identifies four possible outcomes of a cyber-attack on a CPS embedded processor. We then evaluate TAIGA’s mechanisms to defend against those attack outcomes, and verify TAIGA satisfies the listed trust requirements. Next, we discuss an implementation and the experimental results of TAIGA on a hazardous cargo transportation robot. Then, by making various modifications to the setup configuration, we are able to explore TAIGA’s ability to provide security and process protection to other CPSes with varying levels of autonomy or distributed components. Cyber-physical systems Autonomic control Embedded device security Trust Resilience
2	Authentication aura : a cooperative and distributed approach to user authentication on mobile devices Hocking, Christopher George January 2015 (has links) As information technology pervades our lives we have increasingly come to rely on these evermore sophisticated and ubiquitous items of equipment. Portability and the desire to be connected around the clock has driven the rapid growth in adoption of mobile devices that enable us to talk, message, tweet and inform at will, whilst providing a means to shop and administer bank accounts. These high value, high risk, desirable devices are increasingly the target of theft and improvement in their protection is actively sought by Governments and security agencies. Although forms of security are in place they are compromised by human reluctance and inability to administer them effectively. With typical users operating across multiple devices, including traditional desktop PCs, laptops, tablets and smartphones, they can regularly find themselves having a variety of devices open concurrently. Even if the most basic security is in place, there is a resultant need to repeatedly authenticate, representing a potential source of hindrance and frustration. This thesis explores the need for a novel approach to user authentication, which will reduce the authentication burden whilst providing a secure yet adaptive security mechanism; a so called Authentication Aura. It proposes that the latent security potential contained in surrounding devices and possessions in everyday life can be leveraged to augment security, and provides a framework for a distributed and cooperative approach. An experiment was performed to ascertain the technological infrastructure, devices and inert objects that surround individuals throughout the day. Using twenty volunteers, over a fourteen-day period a dataset of 1.57 million recorded observations was gathered, which confirmed that between 6am and 12pm a significant device or possession is in near proximity 97.84% of the time. Using the data provided by the experiment as the basis for a simulation of the framework, it suggests a reduction of up to 80.36% in the daily number of required authentications for a user operating a device once every 30 minutes, with a 10 minute screen lock in place. Examining the influence of location alone indicated a reduction of 50.74% in user interventions lowering the average from 32 to 15.76, the addition of the surroundings reducing this further to 13.00. The analysis also investigated how a user’s own authentication status could be used to negate the need to repeatedly manually authenticate and it was found that it delayed the process for up to 90 minutes for an individual user. Ultimately, it confirms that during device activation it is possible to remove the need to authenticate with the Authentication Aura providing sufficient assurance. 005.25
3	Multi-Vector Portable Intrusion Detection System Moyers, Benjamin 18 August 2009 (has links) This research describes an intrusion detection system designed to fulfill the need for increased mobile device security. The Battery-Sensing Intrusion Protection System (B-SIPS) [1] initially took a non-conventional approach to intrusion detection by recognizing attacks based on anomalous Instantaneous Current (IC) drainage. An extension of B-SIPS, the Multi-Vector Portable Intrusion Detection System (MVP-IDS) validates the idea of recognizing attacks based on anomalous IC drain by correlating the detected anomalies with wireless attack traffic from both the Wi-Fi and Bluetooth mediums. To effectively monitor the Wi-Fi and Bluetooth mediums for malicious packet streams, the Snort-Based Wi-Fi and Bluetooth Attack Detection and Signature System (BADSS) modules were introduced. MVP-IDS illustrates that IC anomalies, representing attacks, can be correlated with wireless attack traffic through a collaborative and multi-module approach. Furthermore, MVP-IDS not only correlates wireless attacks, but mitigates them and defends its clients using an administrative response mechanism. This research also provides insight into the ramifications of battery exhaustion Denial of Service (DoS) attacks on battery-powered mobile devices. Several IEEE 802.11 Wi-Fi, IEEE 802.15.1 Bluetooth, and blended attacks are studied to understand their effects on device battery lifetimes. In the worst case, DoS attacks against mobile devices were found to accelerate battery depletion as much as 18.5%. However, if the MVP-IDS version of the B-SIPS client was allowed to run in the background during a BlueSYN flood attack, it could mitigate the attack and preserve as much as 16% of a mobile device's battery lifetime as compared with an unprotected device. / Master of Science Intrusion Detection Bluetooth Security Wireless Security Mobile Device Security
4	Experimental Analysis on the Feasibility of Voice Based Symmetric Key Generation for Embedded Devices Kamineni, Surya Bharat 05 June 2017 (has links) In this thesis, we present results of an experimental study in order to generate a secure cryptographic key from the user’s voice which is to be shared between two mobile devices. We identified two security threats related to this problem, discussed the challenges to design the key generation/sharing mechanism, and proposed a new protocol based on bloom filters that overcomes the two main attacks by the intruder. One is when the attacker places its device in the close vicinity of the location where the user attempts to generate/share the key in order to derive the key from eavesdropping on communication messages. The second is when the attacker visually observes the experiment being performed and it tries to replicate the same experiment to reproduce the key. We present several results that demonstrate the practicality of our proposed technique in the context of communications between smart-phone Key generation from voice Mobile device security Key sharing Computer Sciences
5	Towards Seamless and Secure Mobile Authentication January 2014 (has links) abstract: With the rise of mobile technology, the personal lives and sensitive information of everyday citizens are carried about without a thought to the risks involved. Despite this high possibility of harm, many fail to use simple security to protect themselves because they feel the benefits of securing their devices do not outweigh the cost to usability. The main issue is that beyond initial authentication, sessions are maintained using optional timeout mechanisms where a session will end if a user is inactive for a period of time. This interruption-based form of continuous authentication requires constant user intervention leading to frustration, which discourages its use. No solution currently exists that provides an implementation beyond the insecure and low usability of simple timeout and re-authentication. This work identifies the flaws of current mobile authentication techniques and provides a new solution that is not limiting to the user, has a system for secure, active continuous authentication, and increases the usability and security over current methods. / Dissertation/Thesis / Masters Thesis Computer Science 2014 Computer science continuous mobile authentication evaluation framework mobile computing mobile device security physical smart key usable security
6	Empirical Assessment of Mobile Device Users’ Information Security Behavior towards Data Breach: Leveraging Protection Motivation Theory Giwah, Anthony Duke 01 January 2019 (has links) User information security behavior has been an area of growing demand in information systems (IS) research. Unfortunately, most of the previous research done in user information security behavior have been in broad contexts, therefore creating a gap in the literature of similar research that focuses on specific emerging technologies and trends. With the growing reliance on mobile devices to increase the flexibility, speed and efficiency in how we work, communicate, shop, seek information and entertain ourselves, it is obvious that these devices have become data warehouses and platform for data in transit. This study was an empirical and quantitative study that gathered data leveraging a web-survey. Prior to conducting the survey for the main data collection, a Delphi study and pilot study were conducted. Convenience sampling was the category of nonprobability sampling design used to gather data. The 7-Point Likert Scale was used on all survey items. Pre-analysis data screening was conducted prior to data analysis. The Partial Least Square Structural Equation Modeling (PLS-SEM) was used to analyze the data gathered from a total of 390 responses received. The results of this study showed that perceived threat severity has a negative effect on protection motivation, while perceived threat susceptibility has a positive effect on protection motivation. Contrarily, the results from this study did not show that perceived response cost influences protection motivation. Response efficacy and mobile self-efficacy had a significant positive influence on protection motivation. Mobile device security usage showed to be significantly influenced positively by protection motivation. This study brings additional insight and theoretical implications to the existing literature. The findings reveal the PMT’s capacity to predict user behavior based on threat and coping appraisals within the context of mobile device security usage. Additionally, the extension of the PMT for the research model of this study implies that mobile devices users also can take recommended responses to protect their devices from security threats. data breach mobile device security mobile device user protection motivation theory user information security behavior Computer Sciences
7	Detecting Unauthorized Activity in Lightweight IoT Devices January 2020 (has links) abstract: The manufacturing process for electronic systems involves many players, from chip/board design and fabrication to firmware design and installation. In today's global supply chain, any of these steps are prone to interference from rogue players, creating a security risk. Manufactured devices need to be verified to perform only their intended operations since it is not economically feasible to control the supply chain and use only trusted facilities. It is becoming increasingly necessary to trust but verify the received devices both at production and in the field. Unauthorized hardware or firmware modifications, known as Trojans, can steal information, drain the battery, or damage battery-driven embedded systems and lightweight Internet of Things (IoT) devices. Since Trojans may be triggered in the field at an unknown instance, it is essential to detect their presence at run-time. However, it isn't easy to run sophisticated detection algorithms on these devices due to limited computational power and energy, and in some cases, lack of accessibility. Since finding a trusted sample is infeasible in general, the proposed technique is based on self-referencing to remove any effect of environmental or device-to-device variations in the frequency domain. In particular, the self-referencing is achieved by exploiting the band-limited nature of Trojan activity using signal detection theory. When the device enters the test mode, a predefined test application is run on the device repetitively for a known period. The periodicity ensures that the spectral electromagnetic power of the test application concentrates at known frequencies, leaving the remaining frequencies within the operating bandwidth at the noise level. Any deviations from the noise level for these unoccupied frequency locations indicate the presence of unknown (unauthorized) activity. Hence, the malicious activity can differentiate without using a golden reference or any knowledge of the Trojan activity attributes. The proposed technique's effectiveness is demonstrated through experiments with collecting and processing side-channel signals, such as involuntarily electromagnetic emissions and power consumption, of a wearable electronics prototype and commercial system-on-chip under a variety of practical scenarios. / Dissertation/Thesis / Doctoral Dissertation Electrical Engineering 2020 Electrical engineering Computer engineering Engineering Flexible Electronic Security Hardware/Firmware Trojan Detection IoT Security Malicious Activity Detection Side-Channel Analysis Wearable Electronic Device Security
8	Assessment of injection device security for therapeutic services at health care facilities in the Mpigi district of Uganda Balyejjusa, Samuel 30 November 2007 (has links) Unsafe and unnecessary injections are administered in many developing and transitional countries. Injection device security is recommended in order to improve injection safety. Injection device stock depletions have been reported to contribute to unsafe injection practices. Poor distribution of health products has been reported in many parts of Uganda including Mpigi district. As a way of improving injection safety, this study explored the challenges encountered in maintaining an effective distribution system. A Cross-sectional, descriptive study of public and private-not-for-profit health care units in Mpigi district was conducted. 38 health care facilities were selected by stratified disproportionate sampling. Data on device security, the use of equipment and the distribution system were collected and analysed using descriptive statistics. / Health Studies / M.A. (Public Health) Health care facility Distribution system Stock depletion Injection device security therapeutic services Injection safety 615.58096761
9	Assessment of injection device security for therapeutic services at health care facilities in the Mpigi district of Uganda Balyejjusa, Samuel 30 November 2007 (has links) Unsafe and unnecessary injections are administered in many developing and transitional countries. Injection device security is recommended in order to improve injection safety. Injection device stock depletions have been reported to contribute to unsafe injection practices. Poor distribution of health products has been reported in many parts of Uganda including Mpigi district. As a way of improving injection safety, this study explored the challenges encountered in maintaining an effective distribution system. A Cross-sectional, descriptive study of public and private-not-for-profit health care units in Mpigi district was conducted. 38 health care facilities were selected by stratified disproportionate sampling. Data on device security, the use of equipment and the distribution system were collected and analysed using descriptive statistics. / Health Studies / M.A. (Public Health) Health care facility Distribution system Stock depletion Injection device security therapeutic services Injection safety 615.58096761
10	Password Security Assessment of IoT-Devices Seyum Wolde, Mehir, Hussain, Adeel January 2022 (has links) With the rapid development of the IoT (Internet of Things) and the integration of connected devices into our households, IoT security is becoming more important. This technology allows the user to accomplish tasks and store information in a more effective way. Due to this large development, various solutions are being established to make sure that only an authorised user gains access to these functions. Among these solutions, passwords have become the most prominent one today. Since passwords allow a user to protect sensitive data and authorise access to their devices, they have become the target of various cyberattacks. Different password policies have therefore been established to strengthen passwords and prevent unauthorised access. In response to this emerging problem, the study conducted in this report has evaluated authentication systems in four categories of smart home devices to assess if they meet security regulations according to best practices. A compilation of the password requirements in these devices has been made and they have been categorized in terms of password security from very weak to very strong. Multiple instances of weak policies were discovered in all of the examined categories and important password features are missing in a majority of them. / Med den hastiga utvecklingen av sakernas internet (IoT) och integrationen av anslutna enheter till hushållet blir IoT säkerhet alltmer viktigt. Denna teknologi tillåter användare att åstadkomma uppgifter och lagra information på ett mer effektivt sätt. På grund av denna stora utveckling har många lösningar skapats för att säkerställa att endast en auktoriserad användare erhålls tillgång. Bland dessa lösningar är lösenord den mest förekommande idag. Eftersom att lösenord tillåter användaren att skydda känslig information och auktorisera tillgång till deras enheter har dem blivit en lockande måltavla för diverse cyberattacker. Ett flertal lösenordspolicys har därför etablerats för att förstärka lösenord och förhindra obehörig tillgång. Som svar på detta framväxande problem, har undersökningen som utförts i denna rapport utvärderat autentiseringssystem i fyra kategorier av smarta hem enheter med mål att bedöma ifall de uppfyller säkerhetsföreskrifter i enighet med bästa praxis. En lista med lösenordskrav i enheterna har skapats och dessa enheter har blivit kategoriserade enligt lösenordssäkerhet från väldigt svag till väldigt stark. Flera olika instanser av svaga policys har upptäckts i alla undersökta kategorier och viktiga lösenordsfunktioner saknas i en majoritet av grupperna. Passwords Password Policy Information Security Authentication Smart Home Application Security IoT Device Device Security Lösenord Lösenordspolicy Informationssäkerhet Autentisering Smarta Hem Applikationssäkerhet IoT-Enhet Enhetssäkerhet Computer and Information Sciences Data- och informationsvetenskap

Search results