Global ETD Search

61	Refined Access Control in a Distributed Environment / Finkornig åtkomstkontroll i en distribuerad miljö Boström, Erik January 2002 (has links) <p>In the area of computer network security, standardization work has been conducted for several years. However, the sub area of access control and authorization has so far been left out of major standardizing. </p><p>This thesis explores the ongoing standardization for access control and authorization. In addition, areas and techniques supporting access control are investigated. Access control in its basic forms is described to point out the building blocks that always have to be considered when an access policy is formulated. For readers previously unfamiliar with network security a number of basic concepts are presented. An overview of access control in public networks introduces new conditions and points out standards related to access control. None of the found standards fulfills all of our requirements at current date. The overview includes a comparison between competing products, which meet most of the stated conditions. </p><p>In parallel with this report a prototype was developed. The purpose of the prototype was to depict how access control could be administered and to show the critical steps in formulating an access policy.</p> Informationsteknik access control PKI VPN X.509 RBAC role-based access control computer security cryptography Informationsteknik Information technology Informationsteknik
62	Rekommendationer för införande av public key infrastructure / Recommendations for implementing Public Key Infrastructure Andersson, Johan January 2002 (has links) <p>The use of insecure networks -such as the Internet- to send and receive information has made the need for preventing unauthorised people reading it yet more important. One of the easiest way to do this is through public key cryptography. However, the problem with this solution is how to tie a specific public key to a certain subject. This is solved by letting a trusted third party issue a certificate that holds, as a minimum, the name of the subject and the subject's public key along with the issuer's digital signature on the information. The rules we make for issuing, revoking and verifying of certificates and the entities that are being used to do so are called PKI - Public Key Infrastructure. In this thesis we shall se what PKI really is in a more detailed way and which entities it constitutes of. We will also investigate some of the areas in which we could make use of it, for instance secure e-mail and virtual private networks. Next, we will look into some of the drawbacks with PKI and what you should think of in order to aviod these. Finally, we'll give recommendations for the implementation itself. As for the theory of cryptography, the basics is presented to the interested reader in a separate appendix.</p> Informationsteknik PKI datasäkerhet certifikat CA RA CP CPS kryptering SSO VPN S/MIME Informationsteknik Information technology Informationsteknik
63	Use Of Pki For Process Authorization Taskazan, Feyza 01 January 2004 (has links) (PDF) Enterprises require an information security solution that provides privacy, integrity, authentication and access controls for processes. License management systems are developed to be a solution for process authorization in different platforms. However, security threats on processes cannot be controlled with existing license management mechanisms. The need is a complete system that is independent from implementation, platform, and application. In this thesis, we design a complete system for process authorization based on Public Key Infrastructure (PKI) technology. QA Computer Software 76.75-76.765
64	Rekommendationer för införande av public key infrastructure / Recommendations for implementing Public Key Infrastructure Andersson, Johan January 2002 (has links) The use of insecure networks -such as the Internet- to send and receive information has made the need for preventing unauthorised people reading it yet more important. One of the easiest way to do this is through public key cryptography. However, the problem with this solution is how to tie a specific public key to a certain subject. This is solved by letting a trusted third party issue a certificate that holds, as a minimum, the name of the subject and the subject's public key along with the issuer's digital signature on the information. The rules we make for issuing, revoking and verifying of certificates and the entities that are being used to do so are called PKI - Public Key Infrastructure. In this thesis we shall se what PKI really is in a more detailed way and which entities it constitutes of. We will also investigate some of the areas in which we could make use of it, for instance secure e-mail and virtual private networks. Next, we will look into some of the drawbacks with PKI and what you should think of in order to aviod these. Finally, we'll give recommendations for the implementation itself. As for the theory of cryptography, the basics is presented to the interested reader in a separate appendix. Informationsteknik PKI datasäkerhet certifikat CA RA CP CPS kryptering SSO VPN S/MIME Informationsteknik Computer and Information Sciences Data- och informationsvetenskap
65	Analysis of Methods for Chained Connections with Mutual Authentication Using TLS / Analys av metoder för kedjade anslutningar med ömsesidig autentisering användandes TLS Petersson, Jakob January 2015 (has links) TLS is a vital protocol used to secure communication over networks and it provides an end- to-end encrypted channel between two directly communicating parties. In certain situations it is not possible, or desirable, to establish direct connections from a client to a server, as for example when connecting to a server located on a secure network behind a gateway. In these cases chained connections are required. Mutual authentication and end-to-end encryption are important capabilities in a high assur- ance environment. These are provided by TLS, but there are no known solutions for chained connections. This thesis explores multiple methods that provides the functionality for chained connec- tions using TLS in a high assurance environment with trusted servers and a public key in- frastructure. A number of methods are formally described and analysed according to multi- ple criteria reflecting both functionality and security requirements. Furthermore, the most promising method is implemented and tested in order to verify that the method is viable in a real-life environment. The proposed solution modifies the TLS protocol through the use of an extension which allows for the distinction between direct and chained connections. The extension which also allows for specifying the structure of chained connections is used in the implementation of a method that creates chained connections by layering TLS connections inside each other. Testing demonstrates that the overhead of the method is negligible and that the method is a viable solution for creating chained connections with mutual authentication using TLS. TLS SSL mutual authentication chained connection chain proxy chain TLS extension extension certificates PKI Computer Engineering Datorteknik
66	Realizace certifikační autority a digitálního podpisu / Implementation of certification authority and digital signature Troják, Martin January 2008 (has links) This master´s thesis deals with problems of certification authorities and digital signature. There are analyzed principles of digital certificates and certification authorities. It describes the the most widely used cryptosystems and hash functions, which are used in communications with certificates and digital signature. Analysis is focused on Public key infrastructure standard, which describes rules of creating of certification authority and digital signature. There is also described detailed principle of digital signature. Next chapters deals with studying of protocol SSL, principles of functions and usage of SSL. Practical part of this thesis realizes certification authority and information system. There is shown used software and configuration of it. Last part describes procedures during using aplication and her realization.
67	Secure Vehicular Communication Systems: Design and Implementation of a Vehicular PKI (VPKI) Khodaei, Mohammad January 2012 (has links) The idea of vehicular communication systems could bring more safety, immunity and assurance in driving while it poses a variety of applications in traffic efficiency, driver assistance, environmental hazards, road conditions and infotainment. The aim is to make driving safer and to facilitate driving to the full extent, even on dangerous roads. However, having effective and robust operations within the VC system needs an infrastructure to handle threats, faults, illegitimate activities and unexpected incidents. Message authentication, integrity, non-repudiation and privacy within such a system are considered as the most controversial issues from security perspective. The idea is to protect privacy not only from legal point of view, but also from technical perspective in terms of using privacy enhancing technologies. To provide security within such a system, the idea of Public Key Infrastructure is considered as a promising solution. Using long-term certificates does reveal the real identity of the owner. Since users’ privacy is considered as the main security requirement in the VC system, standard certificates (X.509) and normal PKI cannot be used within a VC network. There are some functionalities and features for vehicular communication systems that do not exist in standard PKI. As a result, using pseudonym certificates to perform transactions within the VC system is a solution. In this report, a vehicular public key infrastructure, called VPKI, is proposed. OpenCA is used as the PKI, equipped with Pseudonym Certificate Authority (PCA), Long-Term Certificate Authority (LTCA) and Pseudonym Resolution Authority (PRA). These authorities are certified by the RCA and they have privileges to perform their tasks. LTCA is responsible for issuing long-term certificates while PCA is responsible for issuing pseudonym certificates. PRA is the authority to perform pseudonym resolution to identify the real identity of a pseudonym certificate. When it comes to CRL, PCA is the responsible authority to determine revoked pseudonym certificates in order to keep the system secure. Three protocols are then proposed to obtain pseudonym certificates, latest version of pseudonym CRL as well as performing pseudonym resolution. Obtaining pseudonym certificates is done in two phases. Firstly, each vehicle sends a request to LTCA to get a valid token. In the second step, the token is used by PCA to issue pseudonym certificates. Vehicular PKI Pseudonym CA (PCA) Long-Term CA (LTCA) Pseudonym Resolution Elektroteknik och elektronik
68	Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management Infrastructure Khodaei, Mohammad January 2016 (has links) Vehicular Communication (VC) systems can greatly enhance road safety and transportation efficiency. Vehicles are equipped with sensors to sense their surroundings and the internal Controller Area Network (CAN) bus. Hence, vehicles are becoming part of a large-scale network, the so-called Internet of Vehicles (IoV). Deploying such a large-scale VC system cannot materialize unless the VC systems are secure and do not expose their users’ privacy. Vehicles could be compromised or their sensors become faulty, thus disseminating erroneous information across the network. Therefore, participating vehicles should be accountable for their actions. Moreover, user privacy is at stake: vehicles should disseminate spatio-temporal information frequently. Due to openness of the wireless communication, an observer can eavesdrop the communication to infer users’ sensitive information, thus profiling users. The objective is to secure the communication, i.e., prevent malicious or compromised entities from affecting the system operation, and ensure user privacy, i.e., keep users anonymous to any external observer but also for security infrastructure entities and service providers.In this thesis, we focus on the identity and credential management infrastructure for VC systems, taking security, privacy, and efficiency into account. We begin with a detailed investigation and critical survey of the standardization and harmonization efforts. We point out the remaining challenges to be addressed in order to build a Vehicular Public-Key Infrastructure (VPKI). We provide a VPKI design that improves upon existing proposals in terms of security and privacy protection and efficiency. More precisely, our scheme facilitates multi-domain operations in VC systems and enhances user privacy, notably preventing linking of pseudonyms based on timing information and offering increased protection in the presence of honest-but-curious VPKI entities. We further extensively evaluate the performance of the full-blown implementation of our VPKI for a large-scale VC deployment. Our results confirm the efficiency, scalability and robustness of our VPKI. / <p>QC 20160927</p> Vehicular Communications Security Privacy Access Control Identity and Credential Management Vehicular PKI Elektroteknik och elektronik
69	Framework to Secure Cloud-based Medical Image Storage and Management System Communications Rostrom, Timothy James 12 December 2011 (has links) (PDF) Picture Archiving and Communication Systems (PACS) have been traditionally constrained to the premises of the healthcare provider. This has limited the availability of these systems in many parts of the world and mandated major costs in infrastructure for those who employ them. Public cloud services could be a solution that eases the cost of ownership and provides greater flexibility for PACS implementations. This could make it possible to bring medical imaging services to places where it was previously unavailable and reduce the costs associated with these services for those who utilize them. Moving these systems to public cloud infrastructure requires that an authentication and encryption policy for communications is established within the PACS environment to mitigate the risks incurred by using the Internet for the communication of medical data. This thesis proposes a framework which can be used to create an authenticated and encrypted channel to secure the communications with a cloud-based PACS. This framework uses the Transport Layer Security (TLS) protocol and X.509 certificates to create a secured channel. An enterprise style PKI is used to provide a trust model to authorize endpoints to access the system. The validity of this framework was tested by creating a prototype cloud-based PACS with secured communications. Using this framework will provide a system based on trusted industry standards which will protect the confidentiality and integrity of medical data in transit when using a cloud-based PACS service. PACS DICOM TLS PKI medical imaging cloud computing secure communications mutual authentication Computer Sciences Health Information Technology
70	Från bläck till klick – en modernisering av ärvdabalkens formkrav? : Särskilt om elektronisk underskrift kan förstärka skyddet av testators vilja / A modernized Inheritance Code with electronic signatures? Le, Lilian January 2024 (has links) This master thesis examines the interpretation of formal requirements when establishing a will according to the Inheritance Code. Chapter 10, paragraph 1 contains the main formal requirements for an ordinary will. The formal requirements are based on principles to preserve the testator’s intent. According to the legislator, the testator’s intent should be considered and preserved to the greatest extent possible, if the testator has established a valid will before deceasing. To gain validity, the will must contain a declaration and the testator’s signature in writing. The signature must also be signed or declared in front of two witnesses. However, the law does not specify any requirements of personal signatures, or if the signature needs to be written by a pen. This opens for a discussion if wills can be signed with electronic signatures. Additionally, the law does not protect a valid will from disappearing since the formal requirements do not require any formal registration that a will exist. Hence, there is a lack of regulation and interoperation of the formal requirements. The purpose of this thesis is to examine if the formal requirements fulfill their essential purposes of the protection of a testator’s intent and if the protection can be enhanced with electronic signatures. The results of the research are as follows: Chapter 10, paragraph 1 does not explicitly prohibit electronic signature, although a personal signature is customary. Advanced electronic signatures, based on EU regulations and the interpretation of Swedish legislation and case law, should not be denied legal effect unless there is a specific national law that requires a personal signature. Although there is no explicit law that prohibits an electronic signature on ordinary wills, the legislator has not commented on this. There is a substantial need for guidance by the legislator on this issue, and guidance whether a copy of a will is equally valid as the original document. In conclusion, the Inheritance Code does not require a personal signature for a valid ordinary will. Protection of the testator’s intent can be enhanced with an electronic registration of the will; however, this requires that the will can be established in an electronic way. Hence, the signature must be an electronic signature. The formal requirements should not extend to a mandatory registration of the will, but the registration should be voluntary. Elektronisk underskrift Familjerätt Ärvdabalken Tech IT-rätt eIDAS PKI Symmetrisk kryptering Asymmetrisk kryptering Kvalificerad elektronisk underskrift Law and Society Juridik och samhälle

Search results