1 |
Security integration in IP video surveillance systemsParatsikidou, Natalia January 2014 (has links)
Video surveillance systems are a rapidly growing industry. As with most systems, this technology presents both opportunities and threats. The wide adoption of video surveillance systems by various businesses and individuals has raised some vital security issues. Appropriately addressing these security issues is of great importance for video surveillance systems, as these systems may capture sensitive personal data and may attract numerous attacks. As of today nearly all devices have become networked (or are on their way to being connected to networks), hence eavesdropping is a common attack which can exploit a breach of a system’s security and result in data disclosure to unauthorised parties, video stream alterations, interference, and reduction of a system’s performance. Moreover, it is important that video surveillance systems are standardized by appropriate standardization organizations in order to assure high quality of the security services that utilize these systems and to facilitate interoperability. In this master thesis project rules and regulations concerning personal data protection were studied in order to define the requirements of the proposed robust and high quality security scheme that is to be integrated into video surveillance systems. This security scheme provides United States Federal Information (FIPS)* compliant security services by securing the communication channel between the system’s devices. The authentication of the system’s devices is established by using certificates and key exchanges. The proposed security scheme has been scrutinized in order to analyze its performance (and efficiency) in terms of overhead, increased jitter, and one-way delay variations.<p> Our implementation of the proposed security scheme utilized OpenVPN to provide privacy, integrity and authentication to the video streaming captured by Veracity’s clients and stored in Veracity’s proprietary NAS device (COLDSTORE). Utilization of OpenSSL FIPS Object module develops our security scheme in a FIPS compliant solution. For testing purposes, we created different test scenarios and collected data about the total delivery time of a video file, delivered from the IPCamera/NVR/DVR devices to the COLDSTORE device, the network overhead and lastly the one-way delay between the two endpoints. Another area of interest that we focus on is how to deploy certificates to new, existing, and replacement devices; and how this deployment may affect the system’s security design. In addition, we investigate the problems arising when a secured video stream needs to be played back via another device outside of our system’s network.The results of the thesis will be used as an input for product development activities by the company that hosted this thesis project. / Videoövervakningssystem är en växande industri. Precis som med de flesta systemen, har denna teknologi både möjligheter och risker. Den stora utspridningen av videoövervarkningssystemen har lett till essentiella säkerhetsrisker. Det ligger en stor vikt i att hantera säkerhetsrisker för videoövervakningssystem i och med att dessa system kan eventuellt fånga upp personlig data och därav attrahera attacker. Idag har nästan alla enheter blivit nätverksanslutna (eller är påväg att bli), vilket har lett till att avlyssning har blivit en vanlig attack. En avlyssnare kan exploatera en säkerhetsrisk och resultera i informationsläckor till obehöriga, videomanipulering, störningar, och reducerad prestanda i systemet. Det viktigt att videoövervakningssystem är standardiserade av lämpliga standardiseringsorganisationer för att säkra en hög kvalité i säkerhetstjänsterna som använder sig av dessa system och för att försäkra sig om kompatibilitet.<p> I den här examensarbetet studerade man regler och förordningar som har att göra med säkrandet av personlig data, för att kunna definiera kraven för det föreslagna robusta och högkvalitativa säkerhetsarkitekturen som skall integreras med videoövervakningssystemen. Säkerhetsarkitekturen erbjuder United States Federal Information (FIPS)* kompatibla säkerhetstjänster genom att säkra kommunikationskanalen mellan systemets enheter. Autentiseringen av systemets enheter sker genom att använda certifikat och nyckelutbyten. Det föreslagna säkerhetsarkitekturen har granskats för att analysera dess prestanda vad gäller ineffektiviteter, ökade störningar och fördröjningar i envägs variationer. Vår genomförandet av den föreslagna systemet utnyttjas OpenVPN att tillhandahålla sekretess, integritet och autentisering till strömmande video fångades av Veracity kunder och lagras i Veracity egenutvecklade NAS-enhet (COLDSTORE). Utnyttjande av OpenSSL FIPS Objekt modulen utvecklar vår trygghet i ett FIPS-kompatibel lösning. För teständamål, skapade vi olika testscenarier och insamlade data om den totala leveranstiden för en videofil, som levereras från IPCamera / NVR / DVR-enheter till fryshus enhet, nätverket overhead och slutligen den enkelriktad fördröjning mellan de två ändpunkterna. Ett annat område av intresse som vi fokuserar på är certifikat för nya, existerande och ersättningsenheter; och hur det kan påverka systemets säkerhetsarkitektur. Utöver detta undersöker vi problemen som uppstår när en säkrad videoström behöver spelas upp i en enhet utanför systemets nätverk. Insatsen gjord i det här examensarbetet kommer användas som grund för produktutvecklingen av företaget där examensarbetet gjordes.
|
2 |
Virtualization Security Issues in Telemetry Post-Processing EnvironmentsKalibjian, Jeff 10 1900 (has links)
ITC/USA 2009 Conference Proceedings / The Forty-Fifth Annual International Telemetering Conference and Technical Exhibition / October 26-29, 2009 / Riviera Hotel & Convention Center, Las Vegas, Nevada / Virtualization technologies have the potential to transform the telemetry post-processing environment. Significant efficiencies can be gained by migrating telemetry post processing activities to virtual computing platforms. However, while facilitating better server utilization, virtualization also presents several challenges; one of the most difficult of those challenges being security. In virtualization, server environments are replicated in software; unfortunately, the security individual servers provide is not replicated in a software stack implementation of a server environment. After reviewing virtualization fundamentals, security issues and their impact on telemetry post processing will be discussed.
|
3 |
A Framework for the Performance Analysis and Tuning of Virtual Private NetworksPerez, Fridrich Shane 01 June 2018 (has links)
With the rising trend of personal devices like laptops and smartphones being used in businesses and significant enterprises, the concern for preserving security arises. In addition to preserving security measures in outside devices, the network speed and performance capable by these devices need to be balanced with the security aspect to avoid slowing down virtual private network (VPN) activity. Performance tests have been done in the past to evaluate available software, hardware, and network security protocol options that will best benefit an entity according to its specific needs. With a variety of comparable frameworks available currently, it is a matter of pick and choose. This study is dedicated to developing a unique process-testing framework for personal devices by comparing the default security encryptions of different VPN architectures to the Federal Information Processing Standards (FIPS) set of complying encryptions. VPN architectures include a vendor-supplied VPN, Palo Alto Networks, open-sourced OpenVPN application, and a Windows PPTP server to test security protocols and measure network speed through different operating platforms. The results achieved in this research reveal the differences between the default security configurations and the encryption settings enforced by FIPS, shown through the collected averaged bandwidth between multiple network tests under those settings. The results have been given additional analysis and confidence through t-tests and standard deviation. The configurations, including difficulty in establishing, between different VPNs also contribute to discovering OpenVPN under FIPS settings to be favorable over a Palo Alto firewall using FIPS-CC mode due to higher bandwidth rate despite following the same encryption standards.
|
4 |
Slumptalsgeneratorer för Säkerhetssystem / Random Number Generators for Security SystemsNijm, Toni January 2002 (has links)
<p>Slumptalsgeneratorer är bland de viktigaste byggblocken inom dagens säkerhetssystem och infrastruktur. Det finns dock en uppsjö av varierande implementeringsmodeller i såväl mjukvara som hårdvara. Att konstruera en slumptalsgenerator som har tillträckligt bra egenskaper för att användas i säkerhetssystem är inte någon trivial uppgift. </p><p>I denna rapport diskuteras de två huvud metoderna att generera slumptal, dels i mjukvara (PRNG), dels i hårdvara (TRNG). Olika synvinklar och angreppssätt att generera och testa slumptal diskuteras och utvärderas. Dessutom diskuteras för- och nackdelarna med de olika generatorerna och hur dessa kan vara sårbara om inte försiktighetsåtgärder vidtas. </p><p>Resultatet antyder på att valet av en slumptalsgenerator är högst beroende på den applikation dessa slumptal ska användas i. Det rekommenderas dock att man använder en TRNG (hårdvaru-generatorer) för att seeda en PRNG (Pseudo-Random Number Generator) eller att använda sig av en TRNG och då kompensera för den skeva sannolikhetsfördelningen som uppstår.</p>
|
5 |
Slumptalsgeneratorer för Säkerhetssystem / Random Number Generators for Security SystemsNijm, Toni January 2002 (has links)
Slumptalsgeneratorer är bland de viktigaste byggblocken inom dagens säkerhetssystem och infrastruktur. Det finns dock en uppsjö av varierande implementeringsmodeller i såväl mjukvara som hårdvara. Att konstruera en slumptalsgenerator som har tillträckligt bra egenskaper för att användas i säkerhetssystem är inte någon trivial uppgift. I denna rapport diskuteras de två huvud metoderna att generera slumptal, dels i mjukvara (PRNG), dels i hårdvara (TRNG). Olika synvinklar och angreppssätt att generera och testa slumptal diskuteras och utvärderas. Dessutom diskuteras för- och nackdelarna med de olika generatorerna och hur dessa kan vara sårbara om inte försiktighetsåtgärder vidtas. Resultatet antyder på att valet av en slumptalsgenerator är högst beroende på den applikation dessa slumptal ska användas i. Det rekommenderas dock att man använder en TRNG (hårdvaru-generatorer) för att seeda en PRNG (Pseudo-Random Number Generator) eller att använda sig av en TRNG och då kompensera för den skeva sannolikhetsfördelningen som uppstår.
|
6 |
Assuring Post Processed Telemetry Data Integrity With a Secure Data Auditing ApplianceKalibjian, Jeff, Wierenga, Steven 10 1900 (has links)
ITC/USA 2005 Conference Proceedings / The Forty-First Annual International Telemetering Conference and Technical Exhibition / October 24-27, 2005 / Riviera Hotel & Convention Center, Las Vegas, Nevada / Recent federal legislation (e.g. Sarbanes Oxley, Graham Leach Bliley) has introduced
requirements for compliance including records retention and records integrity. Many industry
sectors (e.g. Energy, under the North American Energy Reliability Council) are also introducing
their own voluntary compliance mandates to avert possible additional federal regulation. A
trusted computer appliance device dedicated to data auditing may soon be required in all
corporate IT infrastructures to accommodate various compliance directives. Such an auditing
device also may have application in telemetry post processing environments, as it maybe used to
guarantee the integrity of post-processed telemetry data.
|
7 |
Securing Telemetry Post Processing Applications with Hardware Based SecurityKalibjian, Jeff 10 1900 (has links)
International Telemetering Conference Proceedings / October 18-21, 2004 / Town & Country Resort, San Diego, California / The use of hardware security for telemetry in satellites utilized for intelligence and defense applications is well known. Less common is the use of hardware security in ground-based computers hosting applications that post process telemetry data. Analysis reveals vulnerabilities in software only security solutions that can result in the compromise of telemetry data housed on ground-based computer systems. Such systems maybe made less susceptible to compromise with the use of hardware based security.
|
8 |
Oferta de fundos de investimento em participaçõesSantos, Daniel Pettine Gomes dos 12 April 2010 (has links)
Submitted by Cristiane Shirayama (cristiane.shirayama@fgv.br) on 2011-06-02T12:47:02Z
No. of bitstreams: 1
66070100193.pdf: 756926 bytes, checksum: cfbd0a87b1cf9e00f37eff836d7c6ecd (MD5) / Approved for entry into archive by Suzinei Teles Garcia Garcia(suzinei.garcia@fgv.br) on 2011-06-02T13:28:03Z (GMT) No. of bitstreams: 1
66070100193.pdf: 756926 bytes, checksum: cfbd0a87b1cf9e00f37eff836d7c6ecd (MD5) / Approved for entry into archive by Suzinei Teles Garcia Garcia(suzinei.garcia@fgv.br) on 2011-06-02T13:29:08Z (GMT) No. of bitstreams: 1
66070100193.pdf: 756926 bytes, checksum: cfbd0a87b1cf9e00f37eff836d7c6ecd (MD5) / Made available in DSpace on 2011-06-02T13:31:18Z (GMT). No. of bitstreams: 1
66070100193.pdf: 756926 bytes, checksum: cfbd0a87b1cf9e00f37eff836d7c6ecd (MD5)
Previous issue date: 2010-04-12 / This study aimed to verify whether it is possible to estimate an econometric model to predict the behavior of issuers of new shares of Fundos de Investimentos em Participações (FIPs) based on some explanatory variables for the most part, based on macroeconomic variables in the model estimated in the study of Iaquipaza (2005). We analyzed a series of 75 observations, on the number of FIPs’ offers made each month, from October 2003 to December 2009. To analyze the time series of FIPs’ offers, was used a model of Poisson regression, to work with the count data that made up the dependent variable sample. The results showed the influence of some variables listed in study Iaquipaza (2005) and others that were included in the model due to the specific type of asset analyzed. However, the study is limited by the fact that it was studied an industry still in its beginning, which culminated in the estimation of a model with few observations. / Este trabalho objetivou verificar se é possível estimar um modelo econométrico para prever o comportamento dos emissores de novas cotas de Fundos de Investimentos em Participações (FIPs) com base em algumas variáveis explicativas, em sua grande maioria, variáveis macroeconômicas baseadas no modelo estimado no trabalho de Iaquipaza (2005). Foi analisada uma série histórica de 75 observações, referentes ao número de ofertas públicas de FIPs realizadas em cada mês, no período de outubro de 2003 a dezembro de 2009. Para analisar a série histórica de ofertas públicas de FIPs utilizou-se um modelo de regressão de Poisson, para trabalhar com os dados 'contáveis' que compunham a amostra da variável dependente. Os resultados indicaram a influência de algumas variáveis indicadas no trabalho de Iaquipaza (2005) e de outras que foram incluídas no modelo em virtude da especificidade do tipo de ativo analisado. Contudo, o trabalho tem como limitação o fato de ter sido estudada uma indústria ainda incipiente, o que culminou na estimação de um modelo com a utilização de poucas observações.
|
9 |
Data Security Architecture Considerations for Telemetry Post Processing EnvironmentsKalibjian, Jeff 10 1900 (has links)
Telemetry data has great value, as setting up a framework to collect and gather it involve significant costs. Further, the data itself has product diagnostic significance and may also have strategic national security importance if the product is defense or intelligence related. This potentially makes telemetry data a target for acquisition by hostile third parties. To mitigate this threat, data security principles should be employed by the organization to protect telemetry data. Data security is in an important element of a layered security strategy for the enterprise. The value proposition centers on the argument that if organization perimeter/internal defenses (e.g. firewall, IDS, etc.) fail enabling hostile entities to be able to access data found on internal company networks; they will be unable to read the data because it will be encrypted.
After reviewing important encryption background including accepted practices, standards, and architectural considerations regarding disk, file, database and application data protection encryption strategies; specific data security options applicable to telemetry post processing environments will be discussed providing tangible approaches to better protect organization telemetry data.
|
Page generated in 0.0407 seconds