Spelling suggestions: "subject:"internetsecurity measures"" "subject:"concerningsecurity measures""
1 |
Internet security threats and solutions14 July 2015 (has links)
M.Com. (Computer Auditing) / Please refer to full text to view abstract
|
2 |
Efficient schemes for anonymous credential with reputation supportYu, Kin-ying., 余見英. January 2012 (has links)
Anonymous credential is an important tool to protect the identity of users in the Internet for various reasons (e.g. free open speech) even when a service provider (SP) requires user authentication. Yet, misbehaving users may use anonymity for malicious purposes and SP would have no way to refrain these users from creating further damages.
Revocable anonymous credential allows SP to revoke a particular anonymous user based on the observed behavior of a session the user conducted. However, such kind of all-or-nothing revocation does not work well with the “Web 2.0” applications because it does not give a user a second chance to remedy a misconduct, nor rewards for positive behaviors. Reputation support is vital for these platforms.
In this thesis, we propose two schemes with different strengths that solve this privacy and reputation dilemma. Our first scheme, PE(AR)2, aims to empower anonymous credential based authentication with revocation and rewarding support. The scheme is efficient, outperforms PEREA which was the most efficient solution to this problem, with an authentication time complexity O(1) as compared with other related works that has dependency on either the user side storage or the blacklist size. PEREA has a few drawbacks that make it vulnerable and not practical enough. Our scheme fixes PEREA's vulnerability together with efficiency improvement. Our benchmark on PE(AR)2 shows that an SP can handle over 160 requests/second when the credentials store 1000 single-use tickets, which outperforms PEREA with a 460 fold efficiency improvement.
Our second scheme, SAC, aims to provide a revocation and full reputation support over anonymous credential based authentication system. With a small efficiency trade-o_ as compared with PE(AR)2, the scheme now supports both positive and negative scores. The scoring mechanism is now much more flexible, that SP could modify the rated score of any active sessions, or declare that no more rating should be given to it and mark it as finalized. SAC provides a much more elastic user side credential storage, there is no practical limit on the number of authentication sessions associated with a credential. Unlike other schemes, SAC make use of a combined membership proof instead of multiple non-membership proofs to distinguish if a session is active, finalized, or blacklisted. This special consideration has contributed to the reduction of efficiency-flexibility trade-off from PE(AR)2, making the scheme stay practical in terms of authentication time. Our benchmark on SAC shows that an SP can handle over 2.9 requests/second when the credentials store 10000 active sessions, which outperforms BLACR-Express (a related work based on pairing cryptography with full reputation support) with a 131 fold efficiency improvement.
Then we analyze the potential difficulties for adopting the solutions to any existing web applications. We present a plugin based approach such that our solutions could run on a user web browser directly, and how a service provider could instruct the plugin to communicate using our protocol in HTML context.
We conclude our thesis stating the solutions are practical, efficient and easy to integrate in real world scenario, and discuss potential future works. / published_or_final_version / Computer Science / Doctoral / Doctor of Philosophy
|
3 |
Dispersability and vulnerability analysis certificate systemsJung, Eunjin 28 August 2008 (has links)
Not available / text
|
4 |
ISAP - an information security awareness portalTolnai, Annette 27 May 2010 (has links)
M.Sc. / The exponential growth of the Internet contributes to risks and threats which materialize without our knowledge. The more computer and Internet use becomes a part of our daily lives, the more we expose ourselves and our personal information on the World Wide Web and hence, the more opportunities arise for fraudsters to get hold of this information. Internet use can be associated with Internet banking, online shopping, online transactions, Internet Relay Chat, newsgroups, search engines, online blogs and e-mail. The source behind online activities carried on over the Internet may be different from what we are led to believe. Communication lines may be intercepted, compromising sensitive information of the user. It is a risk to make digital payments and reveal sensitive information about ourselves to an unknown source. If the risk materializes, it may result in undesired circumstances. Using the Internet securely should be a prerequisite to every user before conducting online transactions and activities over the World Wide Web. Owing to the versatility and ease of the electronic medium, electronic databases and vast amounts of sensitive information are readily accumulated. This is cause for concern regarding the main issues, namely privacy, identity theft and monetary fraud. Major countermeasures to mitigate the main forms of security and Internet-related issues are awareness of these risks and how they may materialize as well as relevant protection mechanisms. A discussion about why the Internet is a popular medium for criminal behaviour, what risks are involved, what can be done about them and some technical as well as non-technical preventative measures are covered in this dissertation. The purpose of this dissertation is to create an overall awareness of Internet banking and the process of Internet transactions. The end result is the development of an information security awareness portal (ISAP) aimed at the general public and potential Internet users who may be subject to identity and credit fraud. The aim of the ISAP is to sensitize users and minimize the growing numbers of individuals who are victimized through online crimes. Individuals using the Internet need to be aware of privacy concerns governing the Internet and how searchers are able to find out almost anything about them. The false sense of security and anonymity we as users think we have when innocently connecting to the World Wide Web outlines threats lurking in the background where we would never imagine. By the time you are finished reading this dissertation, it may put you off transacting and revealing sensitive information about yourself online ever again.
|
5 |
Introducing hippocratic log files for personal privacy controlRutherford, Andrew January 2005 (has links)
The rapid growth of the Internet has served to intensify existing privacy concerns of the individual, to the point that privacy is the number one concern amongst Internet users today. Tools exist that can provide users with a choice of anonymity or pseudonymity. However, many Web transactions require the release of personally identifying information, thus rendering such tools infeasible in many instances. Since it is then a given that users are often required to release personal information, which could be recorded, it follows that they require a greater degree of control over the information they release. Hippocratic databases, designed by Agrawal, Kiernan, Srikant, and Xu (2002), aim to give users greater control over information stored in a data- base. Their design was inspired by the medical Hippocratic oath, and makes data privacy protection a fundamental responsibility of the database itself. To achieve the privacy of data, Hippocratic databases are governed by 10 key privacy principles. This dissertation argues, that asides from a few challenges, the 10 prin- ciples of Hippocratic databases can be applied to log ¯les. This argument is supported by presenting a high-level functional view of a Hippocratic log file architecture. This architecture focuses on issues that highlight the con- trol users gain over their personal information that is collected in log files. By presenting a layered view of the aforementioned architecture, it was, fur- thermore, possible to provide greater insight into the major processes that would be at work in a Hippocratic log file implementation. An exploratory prototype served to understand and demonstrate certain of the architectural components of Hippocratic log files. This dissertation, thus, makes a contribution to the ideal of providing users with greater control over their personal information, by proposing the use of Hippocratic logfiles.
|
6 |
A generalized trust model using network reliabilityMahoney, Glenn R. 10 April 2008 (has links)
Economic and social activity is increasingly reflected in operations on digital objects and network-mediated interactions between digital entities. Trust is a prerequisite for many of these interactions, particularly if items of value are to be exchanged. The problem is that automated handling of trust-related concerns between distributed entities is a relatively new concept and many existing capabilities are limited or application-specific, particularly in the context of informal or ad-hoc relationships. This thesis contributes a new family of probabilistic trust metrics based on Network Reliability called the Generic Reliability Trust Model (GRTM). This approach to trust modelling is demonstrated with a new, flexible trust metric called Hop-count Limited Transitive Trust (HLTT), and is also applied to an implementation of the existing Maurer Confidence Valuation (MCV) trust metric. All metrics in the GRTM framework utilize a common probabilistic trust model which is the solution of a general reliability problem. Two generalized algorithms are presented for computing GRTM based on inclusion-exclusion and factoring. A conservative approximation heuristic is defined which leads to more practical algorithm performance. A JAVA-based implementation of these algorithms for HLTT and MCV trust metrics is used to demonstrate the impact of the approximation. An XML-based trust-graph representation and a random power-law trust graph generator is used to simulate large informal trust networks.
|
7 |
A new approach to dynamic internet risk analysis18 August 2009 (has links)
D.Econ.
|
8 |
DeRef: a privacy-preserving defense mechanism against request forgery attacks.January 2011 (has links)
Fung, Siu Yuen. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2011. / Includes bibliographical references (p. 58-63). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Background and Related Work --- p.7 / Chapter 2.1 --- Request Forgery Attacks --- p.7 / Chapter 2.2 --- Current Defense Approaches --- p.10 / Chapter 2.3 --- Lessons Learned --- p.13 / Chapter 3 --- Design of DeRef --- p.15 / Chapter 3.1 --- Threat Model --- p.16 / Chapter 3.2 --- Fine-Grained Access Control --- p.18 / Chapter 3.3 --- Two-Phase Privacy-Preserving Checking --- p.24 / Chapter 3.4 --- Putting It All Together --- p.29 / Chapter 3.5 --- Implementation --- p.33 / Chapter 4 --- Deployment Case Studies --- p.36 / Chapter 4.1 --- WordPress --- p.37 / Chapter 4.2 --- Joomla! and Drupal --- p.42 / Chapter 5 --- Evaluation --- p.44 / Chapter 5.1 --- Performance Overhead of DeRef in Real Deployment --- p.45 / Chapter 5.2 --- Performance Overhead of DeRef with Various Configurations --- p.50 / Chapter 6 --- Conclusions --- p.56 / Bibliography --- p.58
|
9 |
Information security with specific reference to browser technologyPrinsloo, Jacobus Johannes 28 August 2012 (has links)
M.Comm. / The present study was undertaken in the realm of the Internet working environment, with its focus on measures by which to secure executable code in the Web-browsing environment. The principal aim of this study was to highlight the potential security risks that could be incurred while a user is browsing the World Wide Web. As a secondary objective, the researcher hoped, by means of a prototype and the process of real-time risk analyses, to alert the general Internet user population to these risks. The main objective of the prototype was to provide a framework within which users could be warned of potentially dangerous actions effected by executing code in their browsing environments in real time. Following, an overview of the research methodology employed to realise the objectives of this study. The study commenced with an introduction to the Internet and, along with that, to the World Wide Web. In the course of the introduction, the researcher took a closer look at a number of risks associated with this environment. In sketching the Internet environment and its associated risks, the researcher also provided ample motivation for the study. After having established the clamant need to secure the Web-browsing environment, a conceptual model was expounded. This model would later form the basis for the Real-time Risk Analyser prototype to be presented. In order, however, to justify further research into and development of the said RtRA prototype, it was necessary first to evaluate existing browsing technologies. A formal approach was followed to draw a comparison between the existing browsers. The said comparison also served to uncover some of the shortcomings of these browsers in terms of the security features they support. Since the focal point of this study was to be the various ways in which to secure executable code on the Internet, it was decided to launch an investigation into Java, as it probably is the most familiar executable code used in the Web browsing environment. The Java Security Model was, therefore, thoroughly researched in a bid to determine possible ways in which to monitor executable Java code. After having investigated the browsing environment and after having determined possible ways of performing real-time risk analyses, a prototype was developed that could monitor executable Java code in a browsing environment. Following, the prototype was put through its paces in a hypothetical scenario. The study culminated in a summary of the results of and the conclusions about the research study. Further problem areas that could become the focal points of future research projects were also touched upon.
|
10 |
A dynamic distributed trust model to control access to resources over the InternetLei, Hui. 10 April 2008 (has links)
The access control mechanisms used in traditional security infrastructures, such as ACL and password applications, have been proven inadequate, inflexible, and difficult to apply in the Internet due to the incredible magnitude of today's Internet. Recently, research for expressing trust information in the digital world has been explored to be complementary to security mechanisms. This thesis deals with the access control for the resources provided over the Internet. On line digital content service is exemplary of such an application. In this work, we have concentrated on the idea of a trust management system, which was first proposed by Blaze et a1 in 1996, and we have proposed a general-purpose, application-independent Dynamic Distributed Trust Model (DDTM). In our DDTM, access rights are directly associated with a trust value. The trust values in this thesis are further classified into direct trust values, indirect trust values and trust authorization levels. We have calculated and expressed each type of the trust values as explicit numerical values. The core of this model is the recommendation-based trust model, organized as a Trust Delegation Tree (TDT), and the authorization delegation realized by delegation certificate chains. Moreover, the DDTM provides a distributed key-oriented certificate-issuing mechanism with no centralized global authority. A Dynamic Distributed Trust Protocol (DDTP) was developed as a general protocol for establishing and managing the trust relationship in a TDT structure. The protocol was verified by means of the verification tool, SPIN, and was prototyped to simulate communication and behaviors among the certificate issuer nodes on a TDT.
|
Page generated in 0.0889 seconds