A Proposed Taxonomy of Software Weapons / Ett förslag på taxonomi för programvaruvapen

Karresand, Martin

January 2002

The terms and classification schemes used in the computer security field today are not standardised. Thus the field is hard to take in, there is a risk of misunderstandings, and there is a risk that the scientific work is being hampered. Therefore this report presents a proposal for a taxonomy of software based IT weapons. After an account of the theories governing the formation of a taxonomy, and a presentation of the requisites, seven taxonomies from different parts of the computer security field are evaluated. Then the proposed new taxonomy is introduced and the inclusion of each of the 15 categories is motivated and discussed in separate sections. Each section also contains a part briefly outlining the possible countermeasures to be used against weapons with that specific characteristic. The final part of the report contains a discussion of the general defences against software weapons, together with a presentation of some open issues regarding the taxonomy. There is also a part discussing possible uses for the taxonomy. Finally the report is summarised.

Informationsteknik

computer security

malware

software weapon

taxonomy

trojan

virus

worm

Informationsteknik

Computer and Information Sciences

Data- och informationsvetenskap

Intrusion Detection Systems : Technologies, Weaknesses and Trends / Intrångsdetekteringssystem : Teknologier, Svagheter och Trender

Arvidson, Martin, Carlbark, Markus

January 2003

Traditionally, firewalls and access control have been the most important components used in order to secure servers, hosts and computer networks. Today, intrusion detection systems (IDSs) are gaining attention and the usage of these systems is increasing. This thesis covers commercial IDSs and the future direction of these systems. A model and taxonomy for IDSs and the technologies behind intrusion detection is presented. Today, many problems exist that cripple the usage of intrusion detection systems. The decreasing confidence in the alerts generated by IDSs is directly related to serious problems like false positives. By studying IDS technologies and analyzing interviews conducted with security departments at Swedish banks, this thesis identifies the major problems within IDSs today. The identified problems, together with recent IDS research reports published at the RAID 2002 symposium, are used to recommend the future direction of commercial intrusion detection systems.

Informationsteknik

computer security

IDS

intrusion detection

taxonomy

weaknesses

Informationsteknik

Computer and Information Sciences

Data- och informationsvetenskap

Restinformation i elektroniska textdokument / Surplus information in electronic text documents

Hagel, Maria

January 2005

Some word processing programs save information that not all users of the program are aware of. This information consists of a number of things. Example of that is who the writer of the document is, the time it took to write it and where on the computer the document is saved. Text that has been changed or removedcan also be saved. This information is not shown in the program and the user will therefore not be aware of its existence. If the document is opened in a text editor that only reads plain ASCII text, this information will be visible. If this information is confidential and also available to people it could become a security risk. In this thesis I will sort out what kind of information this is and in what way it could be a security risk. I will also discuss what measures that can be taken to minimize the risk. This is done partly by studying literature combined with some smaller test that I have performed.

Informationsteknik

datasäkerhet

ordbehandlingsprogram

metadata

restinformation

Informationsteknik

Computer and Information Sciences

Data- och informationsvetenskap

"Halfpipe Active Channel"- developing a secure communications protocol / "Halfpipe Active Channel"- utveckling av ett säkert kommunikationsprotokoll

Larsson, Fredrik

January 2005

With the advent of powerful multimedia capable mobile phones, the market for mobile services is flourishing. Zenterio AB's Halfpipe Active Desktop is a complete distributed mobile service platform a with a powerful server and platform-independent client. The communication between the client and server takes place over a GPRS-capable mobile network. The purpose of this thesis is to develop a secure communications protocol for use between the Halfpipe Active Desktop client and server. This is done by determining requirements, analyzing candidate protocols and then by designing the final protocol. The result, the Halfpipe Active Channel protocol, is an authorized, encrypted, session oriented, message based and light weight protocol designed to minimize computational as well as network overhead. This master's thesis project was defined by and performed at Zenterio AB during the second half of 2004.

Informationsteknik

mobile services

secure communications

GPRS

protocol design

Informationsteknik

Computer and Information Sciences

Data- och informationsvetenskap

Förenklad textinmatning på mobila enheter med hjälp av kontextbaserad språktolkning / Simplified text input for mobile devices using context based language interpretation

Jensen, Anders

January 2005

The number of text messages sent from mobile phones, has increased dramatically over the last few years. Along with that, we are witnessing a lot of new mobile portal services currently being developed. Many of these services rely on an ability to input text efficiently. The traditional phone keypad is ambiguous because each key encodes more than one letter. At present, the most common way to deal with this problem is using a stored dictionary to guess the intended input. This thesis presents a new text entry strategy called Qtap. Instead of using a stored dictionary to guess the intended word, this method uses probabilities of letter sequences. New features that come with Qtap are the usage of the viterbi algorithm to decode input sequences and a non-alphabetic keypad. How the strategy and the keypad used by Qtap were developed, is described throughout the thesis. Qtap is also compared to a dictionary-based method, t9, on a non-user level. The results show Qtap is performing well in many senses. The conclusion from this is that a further development of Qtap is motivated. A discussion of various modifications and additions to the design, that may yield a performance improvement, is also included.

Informationsteknik

textinmatning

sms

mobiltelefon

kontextmodellering

textmeddelande

begränsad knappsats

språkmodellering

viterbiavkodning

Informationsteknik

Computer and Information Sciences

Data- och informationsvetenskap

Säkerhetsutvärdering certifikatserver i stället för aktiva kort / Security evaluation certificate server instead of smartcard

Jensen, Jonas

January 2005

Business and organizations use computer network in a greater extension than ever before, especially for business-critical use. That increase the demand of security for all systems, both against internal and external threats. The demand on the authentication method used today increases. Today they normally uses password or some kind of smart card. I will performa literature study that will investigate the possibility to increase the security in authentication of users without the use of extra hardware. The method uses a server that stores all cryptographic keys for the user centrally to achieve stronger security. This report is based on a previous report which tested to implement this solution, in this report I will question the security of this system. I will then give an architecture proposal where this method is used to authenticate and allow cryptographic recourses for the user. The conclusions you can get from this report is that the possibilities with comparable ease increase the security without investing in new hardware. But the solution will not be comparable by a ``smart card solution''in security levels. That means that the method described in this thesis is suitable for organizations that either do not need that strong security as smart card give or want a good solution without being forced to use some external hardware.

Informationsteknik

Authentication

securityserver

certificate server

reverse turing test

cryptographic

smartcard

Informationsteknik

Computer and Information Sciences

Data- och informationsvetenskap

Hardware mechanisms and their implementations for secure embedded systems

Qin, Jian

January 2005

Security issues appearing in one or another form become a requirement for an increasing number of embedded systems. Those systems, which will be used to capture, store, manipulate, and access data with a sensitive nature, have posed several unique and urgent challenges. The challenges to those embedded system require new approaches to security covering all aspects of embedded system design from architecture, implementation to the methodology. However, security is always treated by embedded system designer as the addition of features, such as specific cryptographic algorithm or other security protocol. This paper is intended to draw both the SW and HW designer attention to treat the security issues as a new mainstream during the design of embedded system. We intend to show why hardware option issues have been taken into consideration and how those hardware mechanisms and key features of processor architecture could be implemented in the hardware level (through modification of processor architecture, for example) to deal with various potential attacks unique to embedded systems.

Informationsteknik

Security

Hardware machanism

Instruction set

Embedded system

Informationsteknik

Computer and Information Sciences

Data- och informationsvetenskap

Organisationers kunskapsverksamheter : en kritisk studie av “knowledge management”

Braf, Ewa

January 2000

Att utveckla, tillvarata och återanvända kunskap är centrala företeelser för organisationers framåtskridande och utveckling. Härmed har kunskapsmanagement (KM) en viktig roll för och i organisationer. Med KM eftersträvas bl a att medvetandegöra medarbetarnas kunskaper i syfte att hantera, utveckla och sprida dem på ett för organisationen fruktbart sätt. Genom en framgångsrik KM finns potential att öka organisationers handlingsförmåga, följaktligen även verksamheters värdeskapande och konkurrenskraft. Icke desto mindre är kunskap en abstrakt och svårhanterlig organisatorisk tillgång. Därtill, trots att det finns en hel del skrivet kring KM, kan det vara svårt för organisationer att förstå hur de praktiskt ska arbeta med detta verksamhetsområde, samt vad det innebär. I syfte att öka förståelsen för KM har jag studerat och kritiskt analyserat en del existerande litteratur kring området. Med analysen som utgångspunkt har ett antal forskningsfrågor preciserats. För att överbrygga en del av de oklarheter som identifierats i samband med litteraturgenomgången, samt för att svara på avhandlingens forskningsfrågor, har stöd sökts i andra teorier, bl a kunskapsteori och teori om hur vi kan se på verksamheter. Därtill har hanteringen av och synen på kunskap studerats genom en fallstudie genomförd på ett konsultbolag inom IT-branschen. Utifrån litteraturanalysen, grundning i annan teori, samt avhandlingens empiriska data har jag presenterat min syn på organisationers kunskapsverksamheter (min benämning på kunskapsmanagement). Resultatet av avhandlingsarbetet är bl a en utvecklad och preciserad begreppsapparat för organisatorisk kunskapsverksamhet (KM). Detta innefattar bl a en klassificering av begreppet organisatorisk kunskap och dess relation till organisatorisk handling. I avhandlingen klassificeras även ett antal vanliga situationer för kunskapande (lärande), vilka i sin tur relateras till organisationers kärnverksamhet respektive kunskapsverksamhet. Ett av huvudbidragen är en modell över organisatoriskt kunskapsverksamhet. Modellen inkluderar kunskapsverksamhetens centrala förutsättningar, handlingar, resultat, samt dess relation till kärnverksamheten. Genom denna avhandling vill jag bidra med en ökad förståelse för vad kunskapsverksamheter handlar om och vad som behöver beaktas för att utveckla en framgångsrik kunskapsverksamhet.

Informationsteknik

Informationsteknik

kunskapsmanagement

KM

organisationers kunskapsverksamheter

Computer and Information Sciences

Data- och informationsvetenskap

Security Architecture and Technologies for the Electronic Document Exchange with SOAP as Communication Protocol / Säkerhetsarkitektur och -tekniker för utbyte av elektroniska dokument med SOAP som kommunikationsprotokoll

Dahlén, Marcus

January 2005

<p>In many industries the tracking and tracing of products within the supply chain is required by law. Companies in the metal working industry exchange so-called material test reports, which specify the product’s properties, the customer’s requirements, and serve as an assurance between the supplier and the customer. Internet technologies have changed the way companies exchange information and conduct business. In the metal working industry companies can implement an intermediary platform and make the exchange of material test reports more efficient. Furthermore, a client application that allows the company to export test reports from their information system directly to the intermediary can significantly decrease the processing costs. This inter-organizational collaboration can render an increase in productivity for customers and suppliers. </p><p>The main goal of the thesis is to analyze how companies in a supply chain can exchange documents with an intermediary over the protocol SOAP as well as support companies by showing a structured procedure for how to achieve security in a system using SOAP. SOAP is a platform independent XML-based communication protocol. The Extensible Markup Language (XML) is of major importance in e-business applications, because of its platform, language, and vendor independent way of describing data. As a universal data format, it enables the seamless connection of business systems. </p><p>SOAP does not provide any security and is usually implemented over HTTP, which allows it to pass through firewalls. Companies are only prepared to join an inter-organizational collaboration if IT-security is guaranteed. In the exchange of material test reports, security has two objectives. The first is to replace the handwritten signature in the paper-based document exchange. The second is to guarantee security for the material test reports as well as for the information intermediary. </p><p>SOAP’s extensibility model allows organizations to develop new extensions, which build upon the protocol and provide functions which aren’t specified. Specifications for attachments as well as for security should be implemented in the electronic document exchange. To design a secure system, each security concept, such as confidentiality, authentication and integrity, can be analyzed in its context and the appropriate standard can thereafter be implemented.</p>

Informationsteknik

SOAP

XML

Web Service

J2EE

security

SSL

MTOM

Risk Assessment

XML Digital Signature

XML Encryption

XKMS

Informationsteknik

Information technology

Informationsteknik

Evaluation of biometric security systems against artificial fingers

Blommé, Johan

January 2003

<p>Verification of users’ identities are normally carried out via PIN-codes or ID- cards. Biometric identification, identification of unique body features, offers an alternative solution to these methods. </p><p>Fingerprint scanning is the most common biometric identification method used today. It uses a simple and quick method of identification and has therefore been favored instead of other biometric identification methods such as retina scan or signature verification. </p><p>In this report biometric security systems have been evaluated based on fingerprint scanners. The evaluation method focuses on copies of real fingers, artificial fingers, as intrusion method but it also mentions currently used algorithms for identification and strengths and weaknesses in hardware solutions used. </p><p>The artificial fingers used in the evaluation were made of gelatin, as it resembles the surface of human skin in ways of moisture, electric resistance and texture. Artificial fingers were based on ten subjects whose real fingers and artificial counterpart were tested on three different fingerprint scanners. All scanners tested accepted artificial fingers as substitutes for real fingers. Results varied between users and scanners but the artificial fingers were accepted between about one forth and half of the times. </p><p>Techniques used in image enhancement, minutiae analysis and pattern matching are analyzed. Normalization, binarization, quality markup and low pass filtering are described within image enhancement. In minutiae analysis connectivity numbers, point identification and skeletonization (thinning algorithms) are analyzed. Within pattern matching, direction field analysis and principal component analysis are described. Finally combinations of both minutiae analysis and pattern matching, hybrid models, are mentioned. </p><p>Based on experiments made and analysis of used techniques a recommendation for future use and development of fingerprint scanners is made.</p>

Informationsteknik

biometric

artificial fingers

fingerprint scanners

minutiae

pattern matching

intrusion methods

normalization

binarization

direction field analysis

thinning algorithms

Informationsteknik

Information technology

Informationsteknik