Auditing the Human Factor as a Part of Setting up an Information Security Management System

Svensson, Gustav

January 2013

The human factor is the weakest link in all information systems regarding security but the users are not aware of the risks and the importance of following policies and routines to prevent a security breach. The most common attack vector starts by exploiting the human weakness and plant malware inside the organization. There is a need to nd a good way to audit the human factor to address this issue. Dierent penetration tests will be evaluated in this study; two phishing attacks and one in the form of a survey under a false pretext. The respondents are tricked into thinking that they are answering questions about customer service eciency while they are actually about information security and social engineering. This thesis argues that it is very complicated to measure people's predisposition to fall for social engineering but the survey under a false pretext is an interesting method to use when auditing how vulnerable an organization is to social engineering. It is also good at increasing the security awareness and to be used as a soft-start for the information security management process. The author also argues that all humans can be deceived and trust is something that is crucial for the society to work. It is therefore perhaps more meaningful to audit the users compliance with security policies and not the human behavior.

Elektroteknik och elektronik

Impact of remote controlled switches on distribution grid recovering processeas

Wagner, Thibaut

January 2010

Remote controlled switches (RCS) are used to enhance the recovering process of distribution grids. Commonly installed on MV-lines to sectionize feeders, they are a cheap and efficient way to improve the B criterion as well as the incident localisation speed. This document explains and models the impact of Remote controlled equipment on B criterion and reactivity depending on grid structure and organisation (II and III). This model is then used to define an optimal remote controlled switcher number per feeder on each specific area (V). It leads to two main results: French territory is not homogeneously equipped and a lot of areas need a strong RCS policy. RCS efficiency on distributor performance is also proved to be high even for well-equipped areas.

Elektroteknik och elektronik

Modal Analysis of Power Systems with Doubly Fed Induction Generators

Li, Jialin

January 2010

To ensure the reliable operation of the power system, stability analysis considering the interaction between wind power and power system must be understood. In this thesis, the impact of wind power on the stability of Nordic32A power system is of interest. Many wind farms nowadays employ doubly fed induction generator (DFIG) variable speed wind turbines. In this thesis, a third order DFIG model and its control circuits are employed. The particle swarm optimization algorithm is developed to tune the power system stabilizer, which can greatly increase the computational efficiency and improve the damping of the power system. Modal analysis is conducted to investigate the behavior of a wind power plant in a conventional power system. The interaction between generators is investigated when we add wind power plants in different locations. In some cases, some unstable oscillation modes may be observed due to the inter-area and local oscillations among different synchronous generator groups in the system.

Elektroteknik och elektronik

Certificate Revocation List Distribution in Vehicular Communication Systems

Amoozadeh, Mani

January 2012

Message exchange in VANETs should be secured. Researchers have designed many methods to meet this goal. One of the ways agreed upon by most researchers, is through the use of a public-key infrastructure (PKI). An important part of any PKI system is certificate revocation. The revocation is usually done by periodically issuing a Certificate Revocation List (CRL) by the Certification Authority (CA). After the creation of a CRL by CA, the CRL should be distributed in the VC system. The important question is how we can distribute the CRL efficiently and in a timely manner throughout the system in a way that all vehicles receive a genuine copy of it. A couple of researches considered CRL distribution in the past and proposed different methods like RSU-only [1], C2C Epidemic [2], and Most Pieces Broadcast (MPB) [3]. We implement the aforementioned CRL distribution methods and evaluate them using a common framework. With this approach, we can compare these methods accurately and point out the limitations of each. Due to the fact that C2C Epidemic did not provide any packet-level implementation, we propose an implementation for it. We also propose a new method for CRL distribution called ICE (Intelligent CRL Exchange). This method uses V2V and I2V communication to distribute the CRL pieces to vehicles. ICE is an enhanced version of the MPB method and it uses semi-incremental CRL exchange. With this approach, the number of duplicate received pieces decreases in comparison to the MPB method. Moreover, ICE uses a simple approach to decrease the number of unnecessary broadcasts by RSUs. The evaluation is done through simulations. OMNET++ [4] and the MiXiM framework are used for detailed packet-level simulation. The simulation is done for both small and large scale scenarios. For the large scale simulation, we use SUMO [5] to generate mobility traces of vehicle nodes. Different criteria are defined so that we can compare CRL distribution methods. According to the simulation results, vehicles in C2C Epidemic, MPB and ICE receive all the required CRL pieces in less time in comparison to RSU-only, because vehicles use both I2V and V2V communications. MPB shows a better performance than C2C Epidemic, but the number of duplicate received pieces increases substantially. ICE tries to alleviate this by incorporating semi-incremental CRL exchange. Furthermore, the number of broadcasts by RSUs in the ICE method shows reduction.

Elektroteknik och elektronik

Risk and Vulnerability Analysis in MSB Organization with RAKEL as Focus

Tachtsioglou, Dimitrios

January 2012

Myndigheten för samhällsskydd och beredskap (MSB) is a Swedish organization for civil contingencies and has developed the Radiokommunikation för Effektiv Ledning (RAKEL) for the synchronization and cooperation between authorities like police, fire department, SOS alarm, etc. This Thesis is dealing with a risk analysis having in concern both organization’s structure as well the infrastructure that RAKEL is based on. For that purpose a qualitative method is used which compares procedures and methods used with the most updated ones. Model for risk analysis that is used best is OCTAVE-S. Five critical assets (system documentation, TETRA Dispatching Work Station (DWS), Network Management Center (NMC), switching sites and 2nd line support) are identified from the infrastructure and during the research some more appeared on the surface (like jamming, IT-architecture, etc.). Protection and mitigation plans that are introduced is a mixture of technical solutions (like anti-jamming solutions, protocol for secured communication, etc.) and organizational improvements.

Elektroteknik och elektronik

Improve Fault Handling in Radio Base Stations by applying Self-test and Visualization

Goudarzi, Atiyeh

January 2013

Trouble Reports (TRs) encompass the details of a fault-ended test scenario during Radio Base Stations (RBS) verification phase. TR handling is a daily routine for designers in Ericsson Radio Software Department which has been reversed into a bottleneck. TR handling is a log-centric procedure and getting right information from log files is not easily applicable due to various reasons. In this research, we went first to pinpoint those barriers which put difficulty in TR handling procedure. This phase accomplished with comments from TR handlers combined with standard principles for fault handling. A list of hindrances is recognized by the end of this part of project which introduced the main area we should work for performing improvements in TR handling. In second phase of project, we concentrated on cryptic data as a major barrier in log analysis and consequently in TR handling. Cryptic data refers to hardware state during various intervals which pass useful information about hardware in different settings. Troubleshooters can not easily receive the message from this kind of data due to its low level essence. A solution is proposed to handle this difficulty by helping users with the final message which is passed through cryptic data. We get test settings from log file and try to make an expectation on hardware state during test routine, then we make a comparison between what is expected and what is observed in log file. Any inconvenience between observed value and expected one might indicate a deficiency in relevant blocks. Finding out the expected value in each step is done through two different solutions. At first solution, we dig into calculation details in each block and try to perform all steps in parallel with application but in a safe-mode to make sure that nothing might affect the results. For second solution, we do not engage with calculation complexity. Some test cases are designed to target selected blocks in application and watch out the behavior in any possible configuration. We have a database from all possible states which have impact on a block’s result based on that block’s characteristics. Functional test is run on each Radio separately and presented information in a TR should be compared with recorded data for that specific Radio. These solutions are implemented as a web application which receives Trace and Error log as the source for catching test settings. Then correctness of presented data might be confirmed by recalculation or reading from results of functional test.

Elektroteknik och elektronik

Implementation and Evaluation of Datagram Transport Layer Security (DTLS) for the Android Operating System

Trabalza, Daniele

January 2013

Smartphones are nowadays a tool that everyone posses. With the replacement of the IPv4 with the IPv6 it is possible to connect to the Internet an extremely large number of electronic devices. Those two factors are the premises to use smartphones to access those devices over a hybrid network, composed of Wireless Sensor Networks, IPv6-based Internet of Things, constrained networks and the conventional Internet. Some of these networks are very lossy and use the UDP protocol, hence the most suitable protocol to access resources is CoAP, a connection-less variant of the HTTP protocol, standardized as web protocol for the Internet of Things. The sensitivity of information and the Machine-to-Machine interaction as well as the presence of humans make the End-to-End security one of the requirements of the IPv6 Internet of Things. Secure CoAP (CoAPS) provide security for the CoAP protocol in this context. In this thesis secure CoAP for Android smartphones is designed implemented and evaluated, which is at the moment the rst work that enables CoAPS for smartphones. All the cryptographic cipher suites proposed in the CoAP protocol, among which the pre-shared key and certicate-based authentications are implemented, using the Elliptic Curve Cryptography and the AES algorithm in the CCM mode. The feasibility of this implementation is evaluated on a Nexus phone, which takes the handshake time in order to exchange parameters to secure the connection to about ve seconds, and an increase from one to three seconds of the DTLS retransmission timer. A part for this initial delays the performances us-ing secure CoAP are comparable to the performances obtained using the same protocol without security. The implementation allows also to secure the UDP transport thanks to the DTLS implementation, allowing any potential application to exchange secure data and have mutual authentication.

Elektroteknik och elektronik

Analysis of the Romanian Electricity Market

Salazar Galvez, Mario

January 2005

As being applying to become a member of the European Union, Romania must, among many other things, accept the EU Electricity Directive from 1999 that stipulates how the energy shall be treated within the Union. In this Directive, it is clearly stated that all the countries within the European Union have to have a deregulated electricity market. The main objective of deregulating the wholesale electricity market around the world is to improve the efficiency of the electric power industry by encouraging competition. Or as it is written in the Directive; �To ensure the free movement of electricity while improving the security of supply and the competitiveness of the European economy. � [4] To be able to fulfil this mandatory task, the Romanian Market Operator OPCOM, has today contracted the French company AREVA T&D, who is in charge of the implementation of a new deregulated electricity market, with its main function being the Day-Ahead Market infrastructure (web-based bidding interface with market participants, matching process and settlement).This market is supposed to be taking into action during the summer of 2005. The scope of this training can be summarized in the following points, � Analyse the proposed national market rules of Romania. These rules integrate a Day- Ahead Market, a Balancing Market and Imbalance Calculation. � Analyze the formulation of the Settlement of these markets. The Settlement has the object to determine the payments for transactions made under the different markets by the market actors. � Develop a prototype / simulator of these Settlement rules that will allow verifying their consistence and that will be used in testing and demonstration environment. It is important to mention that the analyses above will be a theoretical analysis on the rules since the project is still in a developing phase and has not been tested in a real environment. The prototype / simulator will be implemented using AIMMS mathematical modelling language, where all settlement rules have to be implemented. The idea of the prototype is to simulate how the rules will behave and if the results are credible. To verify that the rules have been implemented in the right manners, the results given by AIMMS will then be compared with the results from the AREVAS�s e-terra settlement products, which is the simulator that is going to be used in the future market. Except for the settlement rules, the developed prototype will also include the matching process with its offer-acceptance algorithm to determine the cleared energy and price for each trading interval, and will serve to give feedback to the future matching process. It aims also to validate the results provided by the delivered algorithm. To be able to get a full vision, and as well to understand their implementation, the three different notions, Day-Ahead Market, Balancing Market and Imbalance Calculations studied under this project will be explained in detail, the role they play and why they are needed in a deregulated environment. Summarizing, this report will treat the following markets and areas; � Day-Ahead Market � Balancing Market � Imbalance Calculation � Settlement of these three processes Finally, some screenshot will be shown to visualise the prototype and how the results are presented to the customer together with some conclusions and the future work that can be done.

Elektroteknik och elektronik

Economic Comparison of HVAC and HVDCSolutions for Large Offshore Wind Farms underSpecial Consideration of Reliability

Lazaridis, Lazaros

January 2005

An economic comparison of several HVAC-HVDC transmission systems from large offshore windfarms is presented. The power output from the offshore windfarm is modeled by an aggregated power curve. The transmission cost for several transmission systems is calculated for a wide range of windfarm�s rated powers, transmission distances and average wind speeds. Energy losses, energy availability and investment costs constitute the input parameters to the study. For the calculation of the energy availability an algorithm that takes in account the aggregated model of the windfarm and the probability distribution of the wind speed is introduced. The availability study is based on statistical data concerning the reliability of the components of HVAC-HVDC transmission systems.

Elektroteknik och elektronik

Modeller för studier av ursprungsmärkt el

Mossberg, Mats

January 2006

The EU has decided that it should be possible for consumers to get information about the origin of the electricity they buy. Therefore, there is a need to examine different systems for electricity disclosure. In this thesis two ways of disclosure have been studied: � Certificate system. A certificate system involves two parallel markets, one for trading electrical energy and one for trading certificates of origin. � Separated Markets. In this system there are different electricity commodities where each electricity commodity is equivalent to a mix of different power sources. Examples of these commodities are pure bio electricity, pure hydro electricity, pure wind electricity and gray electricity. Gray electricity is an unspecified mix of different power sources where origin does not matter. The aim of this thesis was to create models which can be used to study the consequences of implementing the above described disclosure systems. Two test systems were constructed in order to develop suitable models; a single- and a multiarea model. The focus of the single-area model simulations was how to model consumers willingness to pay for electricity of a certain origin as well as the pricing. In the multi-area model impacts of transmission were included. The constructed multi-area model was a simplified model of the Nordic power market, with possibility to randomize demand and supply. Simulations showed that the social surplus increase after introducing systems for electricity disclosure. The choice of disclosure system is dependent on market characteristics. Nondispatchable power plants (for example wind power) are most favored by certificate systems.

Elektroteknik och elektronik