Global ETD Search

201	Practical authentication in large-scale internet applications Dacosta, Italo 03 July 2012 (has links) Due to their massive user base and request load, large-scale Internet applications have mainly focused on goals such as performance and scalability. As a result, many of these applications rely on weaker but more efficient and simpler authentication mechanisms. However, as recent incidents have demonstrated, powerful adversaries are exploiting the weaknesses in such mechanisms. While more robust authentication mechanisms exist, most of them fail to address the scale and security needs of these large-scale systems. In this dissertation we demonstrate that by taking into account the specific requirements and threat model of large-scale Internet applications, we can design authentication protocols for such applications that are not only more robust but also have low impact on performance, scalability and existing infrastructure. In particular, we show that there is no inherent conflict between stronger authentication and other system goals. For this purpose, we have designed, implemented and experimentally evaluated three robust authentication protocols: Proxychain, for SIP-based VoIP authentication; One-Time Cookies (OTC), for Web session authentication; and Direct Validation of SSL/TLS Certificates (DVCert), for server-side SSL/TLS authentication. These protocols not only offer better security guarantees, but they also have low performance overheads and do not require additional infrastructure. In so doing, we provide robust and practical authentication mechanisms that can improve the overall security of large-scale VoIP and Web applications. Network security Web security VoIP security Session hijacking Man-in-the-middle attacks Computer networks Security measures Computer architecture
202	Monitoring and analysis system for performance troubleshooting in data centers Wang, Chengwei 13 January 2014 (has links) It was not long ago. On Christmas Eve 2012, a war of troubleshooting began in Amazon data centers. It started at 12:24 PM, with an mistaken deletion of the state data of Amazon Elastic Load Balancing Service (ELB for short), which was not realized at that time. The mistake first led to a local issue that a small number of ELB service APIs were affected. In about six minutes, it evolved into a critical one that EC2 customers were significantly affected. One example was that Netflix, which was using hundreds of Amazon ELB services, was experiencing an extensive streaming service outage when many customers could not watch TV shows or movies on Christmas Eve. It took Amazon engineers 5 hours 42 minutes to find the root cause, the mistaken deletion, and another 15 hours and 32 minutes to fully recover the ELB service. The war ended at 8:15 AM the next day and brought the performance troubleshooting in data centers to world’s attention. As shown in this Amazon ELB case.Troubleshooting runtime performance issues is crucial in time-sensitive multi-tier cloud services because of their stringent end-to-end timing requirements, but it is also notoriously difficult and time consuming. To address the troubleshooting challenge, this dissertation proposes VScope, a flexible monitoring and analysis system for online troubleshooting in data centers. VScope provides primitive operations which data center operators can use to troubleshoot various performance issues. Each operation is essentially a series of monitoring and analysis functions executed on an overlay network. We design a novel software architecture for VScope so that the overlay networks can be generated, executed and terminated automatically, on-demand. From the troubleshooting side, we design novel anomaly detection algorithms and implement them in VScope. By running anomaly detection algorithms in VScope, data center operators are notified when performance anomalies happen. We also design a graph-based guidance approach, called VFocus, which tracks the interactions among hardware and software components in data centers. VFocus provides primitive operations by which operators can analyze the interactions to find out which components are relevant to the performance issue. VScope’s capabilities and performance are evaluated on a testbed with over 1000 virtual machines (VMs). Experimental results show that the VScope runtime negligibly perturbs system and application performance, and requires mere seconds to deploy monitoring and analytics functions on over 1000 nodes. This demonstrates VScope’s ability to support fast operation and online queries against a comprehensive set of application to system/platform level metrics, and a variety of representative analytics functions. When supporting algorithms with high computation complexity, VScope serves as a ‘thin layer’ that occupies no more than 5% of their total latency. Further, by using VFocus, VScope can locate problematic VMs that cannot be found via solely application-level monitoring, and in one of the use cases explored in the dissertation, it operates with levels of perturbation of over 400% less than what is seen for brute-force and most sampling-based approaches. We also validate VFocus with real-world data center traces. The experimental results show that VFocus has troubleshooting accuracy of 83% on average. Monitoring Analysis Performance Troubleshooting Data center Debugging in computer science Computer networks Security measures. Cloud computing Reliability (Engineering) Systems availability
203	Physical-layer security Bloch, Matthieu 05 May 2008 (has links) As wireless networks continue to flourish worldwide and play an increasingly prominent role, it has become crucial to provide effective solutions to the inherent security issues associated with a wireless transmission medium. Unlike traditional solutions, which usually handle security at the application layer, the primary concern of this thesis is to analyze and develop solutions based on coding techniques at the physical layer. First, an information-theoretically secure communication protocol for quasi-static fading channels was developed and its performance with respect to theoretical limits was analyzed. A key element of the protocol is a reconciliation scheme for secret-key agreement based on low-density parity-check codes, which is specifically designed to operate on non-binary random variables and offers high reconciliation efficiency. Second, the fundamental trade-offs between cooperation and security were analyzed by investigating the transmission of confidential messages to cooperative relays. This information-theoretic study highlighted the importance of jamming as a means to increase secrecy and confirmed the importance of carefully chosen relaying strategies. Third, other applications of physical-layer security were investigated. Specifically, the use of secret-key agreement techniques for alternative cryptographic purposes was analyzed, and a framework for the design of practical information-theoretic commitment protocols over noisy channels was proposed. Finally, the benefit of using physical-layer coding techniques beyond the physical layer was illustrated by studying security issues in client-server networks. A coding scheme exploiting packet losses at the network layer was proposed to ensure reliable communication between clients and servers and security against colluding attackers. Wiretap channel Information-theoretic security Physical-layer security Secret-key agreement LDPC codes Wireless communication systems Computer networks Security measures
204	Source authentication in group communication Al-Ibrahim, Mohamed Hussain January 2005 (has links) Title from screen page; viewed 10 Oct 2005. / Thesis (PhD)--Macquarie University, Division of Information and Communication Sciences, Dept. of Computing, 2004. / Bibliography: leaves 163-175. / Introduction -- Cryptographic essentials -- Multicast: structure and security -- Authentication of multicast streams -- Authentication of concast communication -- Authentication of transit flows -- One-time signatures for authenticating group communication -- Authentication of anycast communication -- Authentication of joining operation - Conclusion and future directions. / Electronic publication; full text available in PDF format. / Multicast is a relatively new and emerging communication mode in which a sender sends a message to a group of recipients in just one connection establishment... reducing broadband overhead and increasing resource utilization in the already congested and contented network... The focus of the research in this area has been in two directions: first, building an efficient routing infrastructure, and secondly, building a sophisticated security infrastructure. The focus of this work is on the second issue. / An ideal authenticated multicast environment ... provides authenticity for all the communication operations in the system... We ... propose a comprehensive solution to the problem ... for all its possible operations... 1. one-to-one (or joining mode) 2. one-to-many (or broadcast mode) 3. many-to-one (or concast mode) 4. intermediate (or transit mode) ... We study the ... mode known as anycast, in which a server is selected from a group of servers. Further we develop ... schemes for group-based communication exploiting the distinct features of one-time signatures... cover situations when a threshold number of participants are involved and ... where a proxy signer is required. / Electronic reproduction. / Mode of access: World Wide Web. / Also available in a print form Authentication Digital signatures Computer networks -- Security measures Data encryption (Computer science) Computers -- Access control Cryptography Computer security Computer network protocols
205	Social media risks in large and medium enterprises in the Cape Metropole : the role of internal auditors Gwaka, Leon Tinashe January 2015 (has links) Thesis (MTech (Internal Auditing))--Cape Peninsula University of Technology, 2015. / Social media has undoubtedly emerged as one of the greatest developments in this technology driven generation. Despite its existence from years back, social media popularity has recently surged drastically, with billions of users worldwide reported to be on at least one social media platform. This increase in users of social media has further been necessitated by governmental and private-sector initiatives to boost Internet connectivity to bridge the digital divide globally. Mobile Internet access has also fuelled the use of social media as it allows easy and economical connectivity anytime, anywhere. The availability of hundreds of social media platforms has presented businesses with several opportunities to conduct business activities using social media. The use of social media has been reported to avail businesses with plenty of benefits when this use is strategically aligned to business objectives. On the flipside of the coin, these social media platforms have also emerged as new hunting grounds for fraudsters and other information-technology related criminals. As with any invention, engaging social media for business has its own inherent risks; this further complicates existing information-technology risks and also presents businesses with new risks. Despite blossoming into a global phenomenon, social media has no universally accepted frameworks or approaches (thus no safeguards) when engaging with it, resulting in almost unlimited risk exposures. The uncertainly, i.e. risks surrounding social media platforms, proves problematic in determining the optimum social media platform to use in business. Furthermore, organisations are facing challenges in deciding whether to formally adopt it or totally ignore it, with the latter emerging not to be a viable option. The complex nature of social media has made it difficult for enterprises to place a monetary value and determine a return on investment on these platforms. From a governance perspective, it remains a challenge for most enterprises to identify and appoint individuals responsible for social media management within businesses, although recently social media strategist positions have been surfacing. Due to their nature, the social media trigger matters relating to governance, risk and compliance, which imply that internal auditors therefore are expected to champion the adoption of social media in enterprises. As a relatively new concept, the role that internal auditors should play towards social media appears not to be well defined. Through examination of existing guidelines, an attempt is made to define the role of internal auditors towards social media. Online social networks -- Risk factors Social media -- Risk factors Computer security
206	Acesso seguro a redes moveis IP / Secure access to mobile IP networks Barboza, Daniel Henrique 07 July 2008 (has links) Orientador: Eleri Cardozo / Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Eletrica e de Computação / Made available in DSpace on 2018-08-11T19:00:21Z (GMT). No. of bitstreams: 1 Barboza_DanielHenrique_M.pdf: 1643461 bytes, checksum: 54208ec1e9074c404ed862b0134b81b0 (MD5) Previous issue date: 2008 / Resumo: Os dispositivos de rede sem fio estão cada vez mais populares. Quase todos os dispositivos portáteis atuais possuem uma interface de rede sem fio e pontos de acesso estão acessíveis a baixo custo para uso corporativo e doméstico. No entanto, este aumento no uso de redes sem fio gera novos desafios. O mais crítico deles é com relação à segurança no acesso à rede sem fio. A natureza da comunicação sem fio dificulta a confidencialidade da informação que viaja livremente em forma de ondas eletromagnéticas. Deste modo, as redes sem fio apresentam novas brechas de segurança que não existem em redes cabeadas. Outro desafio em redes sem fio é preservar as conexões da rede de transporte durante o handover. Handover é o processo pelo qual um dispositivo móvel substitui seu ponto de acesso atual por um outro que possui melhor relação sinal-ruído. Durante o handover, as conexões da rede de transporte mantidas pelo dispositivo móvel são comprometidas. Isto ocorre devido aos procedimentos de desassociação e re-associação entre os pontos de acesso e a atualização dos parâmetros de camada três do nó móvel para sua nova localização. Este trabalho tem como objetivo avaliar o impacto da segurança no overhead de handover e propor mecanismos pelos quais as camadas superiores sejam notificadas quando um handover ocorrer. / Abstract: Wireless devices are becoming more popular. Almost any portable device nowadays has a wireless network interface and wireless access points are available at low cost for commercial or domestic use. However, the widespread of wireless networks is creating new challenges. The most critical challenge is related to the security in the access of wireless networks. The nature of wireless communications makes harder to guarantee privacy as data travels freely in electromagnetic waves. As such, wireless networks present many security breaches not found in cabled networks. Another challenge in wireless networks is to preserve the transport connections during handover. Handover is the process by which a mobile device replaces its current access point by a new one that presents a better signal to noise ratio. During handover the transport connections kept by the mobile device are compromised due to the procedures of disassociation and re-association among the access points and the updating of the mobile node's layer three parameters for its new location. This work has the objective of evaluating the impact of security in the handover overheads and to propose mechanisms by which the upper layers are notified when a handover occurs. / Mestrado / Engenharia de Computação / Mestre em Engenharia Elétrica Sistemas de comunicação sem fio Internet Redes de computadores Wi-fi networks access Networks security Handover
207	An exploratory study of techniques in passive network telescope data analysis Cowie, Bradley January 2013 (has links) Careful examination of the composition and concentration of malicious traffic in transit on the channels of the Internet provides network administrators with a means of understanding and predicting damaging attacks directed towards their networks. This allows for action to be taken to mitigate the effect that these attacks have on the performance of their networks and the Internet as a whole by readying network defences and providing early warning to Internet users. One approach to malicious traffic monitoring that has garnered some success in recent times, as exhibited by the study of fast spreading Internet worms, involves analysing data obtained from network telescopes. While some research has considered using measures derived from network telescope datasets to study large scale network incidents such as Code-Red, SQLSlammer and Conficker, there is very little documented discussion on the merits and weaknesses of approaches to analyzing network telescope data. This thesis is an introductory study in network telescope analysis and aims to consider the variables associated with the data received by network telescopes and how these variables may be analysed. The core research of this thesis considers both novel and previously explored analysis techniques from the fields of security metrics, baseline analysis, statistical analysis and technical analysis as applied to analysing network telescope datasets. These techniques were evaluated as approaches to recognize unusual behaviour by observing the ability of these techniques to identify notable incidents in network telescope datasets Web search engines Internet searching World Wide Web Malware (Computer software) Computer viruses Computer networks -- Monitoring Computer networks -- Security measures
208	Towards an evaluation and protection strategy for critical infrastructure Gottschalk, Jason Howard January 2015 (has links) Critical Infrastructure is often overlooked from an Information Security perspective as being of high importance to protect which may result in Critical Infrastructure being at risk to Cyber related attacks with potential dire consequences. Furthermore, what is considered Critical Infrastructure is often a complex discussion, with varying opinions across audiences. Traditional Critical Infrastructure included power stations, water, sewage pump stations, gas pipe lines, power grids and a new entrant, the “internet of things”. This list is not complete and a constant challenge exists in identifying Critical Infrastructure and its interdependencies. The purpose of this research is to highlight the importance of protecting Critical Infrastructure as well as proposing a high level framework aiding in the identification and securing of Critical Infrastructure. To achieve this, key case studies involving Cyber crime and Cyber warfare, as well as the identification of attack vectors and impact on against Critical Infrastructure (as applicable to Critical Infrastructure where possible), were identified and discussed. Furthermore industry related material was researched as to identify key controls that would aid in protecting Critical Infrastructure. The identification of initiatives that countries were pursuing, that would aid in the protection of Critical Infrastructure, were identified and discussed. Research was conducted into the various standards, frameworks and methodologies available to aid in the identification, remediation and ultimately the protection of Critical Infrastructure. A key output of the research was the development of a hybrid approach to identifying Critical Infrastructure, associated vulnerabilities and an approach for remediation with specific metrics (based on the research performed). The conclusion based on the research is that there is often a need and a requirement to identify and protect Critical Infrastructure however this is usually initiated or driven by non-owners of Critical Infrastructure (Governments, governing bodies, standards bodies and security consultants). Furthermore where there are active initiative by owners very often the suggested approaches are very high level in nature with little direct guidance available for very immature environments. Computer crimes -- Prevention Computer networks -- Security measures Public works -- Security measures
209	A model for security incident response in the South African National Research and Education network Mooi, Roderick David January 2014 (has links) This dissertation addresses the problem of a lack of a formal incident response capability in the South African National Research and Education Network (SA NREN). While investigating alternatives it was found that no clear method exists to solve this problem. Therefore, a second problem is identified: the lack of a definitive method for establishing a Computer Security Incident Response Team (CSIRT) or Computer Emergency Response Team (CERT) in general. Solving the second problem is important as we then have a means of knowing how to start when building a CSIRT. This will set the basis for addressing the initial problem, resulting in a prepared, improved and coordinated response to IT security incidents affecting the SANREN. To commence, the requirements for establishing a CSIRT are identified via a comprehensive literature review. These requirements are categorized into five areas, namely, the basic business requirements followed by the four Ps of the IT Infrastructure Library (ITIL). That is, People, Processes, Product and Partners, adapted to suit the CSIRT context. Through the use of argumentation, the relationships between the areas are uncovered and explored. Thereafter, a Design Science Research-based process is utilised to develop a generic model for establishing a CSIRT. The model is based on the interactions uncovered between the business requirements and the adapted four Ps. These are summarised through two views -- strategic and tactical -- together forming an holistic model for establishing a CSIRT. The model highlights the decisions required for the business requirements, services, team model and staff, policies and processes, tools and technologies, and partners of a CSIRT respectively. Finally, to address the primary objective, the generic model is applied to the SANREN environment. Thus, the second artefact is an instantiation, a specific model, which can be implemented to create a CSIRT for the SA NREN. To produce the specific model, insight into the nature of the SANREN environment was required. The status quo was revealed through the use of a survey and argumentative analysis of the results. The specific decisions in each area required to establish an SA NREN CSIRT are explored throughout the development of the model. The result is a comprehensive framework for implementing a CSIRT in the SA NREN, detailing the decisions required in each of the areas. This model additionally acts as a demonstration of the utility of the generic model. The implications of this research are twofold. Firstly, the generic model is useful as a basis for anyone wanting to establish a CSIRT. It helps to ensure that all factors are considered and that no important decisions are neglected, thereby enabling an holistic view. Secondly, the specific model for the SA NREN CSIRT serves as a foundation for implementing the CSIRT going forward. It accelerates the process by addressing the important considerations and highlighting the concerns that must be addressed while establishing the CSIRT. Information networks -- South Africa Internet -- Security measures
210	Digital forensic model for computer networks Sanyamahwe, Tendai January 2011 (has links) The Internet has become important since information is now stored in digital form and is transported both within and between organisations in large amounts through computer networks. Nevertheless, there are those individuals or groups of people who utilise the Internet to harm other businesses because they can remain relatively anonymous. To prosecute such criminals, forensic practitioners have to follow a well-defined procedure to convict responsible cyber-criminals in a court of law. Log files provide significant digital evidence in computer networks when tracing cyber-criminals. Network log mining is an evolution of typical digital forensics utilising evidence from network devices such as firewalls, switches and routers. Network log mining is a process supported by presiding South African laws such as the Computer Evidence Act, 57 of 1983; the Electronic Communications and Transactions (ECT) Act, 25 of 2002; and the Electronic Communications Act, 36 of 2005. Nevertheless, international laws and regulations supporting network log mining include the Sarbanes-Oxley Act; the Foreign Corrupt Practices Act (FCPA) and the Bribery Act of the USA. A digital forensic model for computer networks focusing on network log mining has been developed based on the literature reviewed and critical thought. The development of the model followed the Design Science methodology. However, this research project argues that there are some important aspects which are not fully addressed by South African presiding legislation supporting digital forensic investigations. With that in mind, this research project proposes some Forensic Investigation Precautions. These precautions were developed as part of the proposed model. The Diffusion of Innovations (DOI) Theory is the framework underpinning the development of the model and how it can be assimilated into the community. The model was sent to IT experts for validation and this provided the qualitative element and the primary data of this research project. From these experts, this study found out that the proposed model is very unique, very comprehensive and has added new knowledge into the field of Information Technology. Also, a paper was written out of this research project. Computer crimes -- Investigation Computer crimes -- Investigation Evidence, Criminal Computer networks -- Security measures Electronic evidence Forensic sciences Internet -- Security measures

Search results