Global ETD Search

71	Corporate Network : Security Aspects Nikolov, Nikolay January 2010 (has links) Every corporation using IT technologies needs a good and carefully secured network design. The IT security is a key factor of a normal functional of the whole corporation and all its sections. There different methods and concepts for providing different level of IT security. Some of them are very important and should be implemented in every corporate network. There are a lot of services providing inside and outside the corporation network. Increasing the number of services like web services, mail services, file services and other, the number of eventual security issues is rising. The security methods of each of provided services are different and it is required a professional with deep knowledge about this service functionality if it is needed to be good applied. Operation system and application hardering are methods which are not so hard for applying, like configuring proxy server or firewalls, but they could increase the security drastic. In a combination with simple configured security devices, the results could be very impressive. Choosing the right methodology and framework of designing a secured network is important part of entire process. With the right methodology designing could be easier and more effective. design examples e-mail services web services dns services dhcp services ldap services routers firewalls hardering security technologies RADIUS OTP PKI IDS ACLs cryptography
72	Nástroj pro ověřování elektronických podpisů na PDF dokumentech / A tool for validating electronic signatures on PDF documents Selement, Pavel January 2013 (has links) The subject of this graduation thesis is to study internal electronic signatures in PDF documents. The thesis introduces general principles of electronic signatures, deals with the internal structure of PDF documents including the connection of electronic signatures and describes the process of verifying an electronic signature. An integral part of this thesis is an implementation of an application, which performs verification of electronic signatures in a PDF document. The aim of this application is to verify the digital signature embedded in a PDF document according to the current legislation of the Czech Republic, while allowing users to change extensively the rules for evaluating the validity of the signature. Powered by TCPDF (www.tcpdf.org)
73	Secure Management System for UPnP Digital Home Network Lu, Yu-Chun 16 August 2010 (has links) The rapid development in wireless network technology, together with the extensive progress in the digital home hardware and software, have allowed every family to enjoy the conveniences of these new technologies. In particular, the UPnP network technologies link various digital home devices together, coming alone with seamless connection and configuration-less environment. These benefits make it very easy for users to enjoy their digital home devices. However, related security issues have begun to surface one after another. Under a UPnP network environment, users¡¦ identity are not distinguished and therefore, they can not authorize the usage of those devices, services and content. Devices with similar types of service and content lack of integration, it is inconvenient when users need to search or access. In addition, there seems to be a lack of proper handling mechanisms when these devices, services, and content encounter anomaly problems and errors. Lastly, family users will also inevitably have connection requirements between homes but unfortunately, the current UPnP network environment is unable to provide convenient and secured home-to-home content exchange mechanisms. To address the issues mentioned above, this study surveyed the UPnP network environment from a fresh perspective. And through virtual resources, central control network framework and fault tolerance design, it further provides abilities to do related resource authentication, authorization, auditing, and fault handling. It also uses PKI framework to provide the authentication and secure connection between homes. Lastly, we designed and implemented a secure Management System for a UPnP digital home network. It provides secure and convenient home network environment that is compatible with UPnP/UPnP AV standards. On the user¡¦s control aspect, we provided user authentication, authorization, and auditing functionalities. On the home resource management aspect, we provided networks, devices, services, and content which can be controlled and managed. And we also provide integrated and customized entries for service and content. We have a management system with smart and user friendly features. On the anomaly management aspect, we provide fault detection, handling, and basic fault tolerance mechanism. Lastly, we provide trusted homes mechanism, supporting secure user roaming outside their homes, allowing content sharing between trusted homes, and ensuring that users roaming in other locations may still access specific content in their homes. UPnP UPnP AV customized service fault-tolerant trusted homes integrated service PKI roaming remote access authentication resource virtualization authorization audit anomaly management
74	Visually sealed and digitally signed electronic documents: Building on Asian tradition. Liu, Yin - Miao January 2004 (has links) E-commerce has developed through the use of digital signatures, employing various forms of Public Key Infrastructure (PKI) to ensure the secure usage of digital signatures. Digital signatures are designed to facilitate the functions of traditional seals and handwritten signatures for the purposes of authentication, data integrity, and non-repudiation within the e-commerce environment. Historically, the authenticity of documentation has always been verified by the application of a recognisable visual stimulus to the document; however, the current digital signature regime overlooks the importance of this analogous sense of visualisation. One of the primary problems with existing digital signatures is that a digital signature does not "feel" like, or resemble, a traditional seal to the human observer, as it does not have a personal, recognisable, or aesthetic sense of visualisation. Currently, digital signatures, such as the OpenPGP (Pretty Good Privacy) digital signature, are attached to the end of an electronic document as a stream of printable ASCII characters. (RFC2440) This appears to the average user as a long, incomprehensible string of random characters offering no sense of identity or ownership by simple visual inspection. Additionally, digital signatures change each time they are applied, in contrast to traditional seals that remain consistent personal identifiers associated with individual signatories. The goal of this research is to promote enhancements to existing digital signature schemes in order to bridge the cultural gap between traditional seals and digital signatures. Culturally friendly features integrated into the digital signature have the potential to increase user acceptability of global e-commerce. This research investigates traditional seal cultures within the context of modern digital signatures, identifying the need to develop a new, culturally friendly, visualised digital signature scheme. The principles behind digital signatures are reviewed and the essential roles and responsibilities of a PKI are addressed. A practical analysis of PKI implementation is also essential. Taiwan is selected as the focus of this research since its heritage is deeply rooted in, and strongly adheres to the Chinese seal culture. The Taiwanese government is in the process of adapting the traditional seal certificate system to the electronic digital signature system. Therefore it is pertinent to review the PKI implementation and digital signatures applications in Taiwan in this study. The purpose of this research is to make the intangible digital signature virtually tangible; i.e., to incorporate visualisation into the current digital signature practice. This research defines new private extensions to the X.509 v3 certificate, recommending that conforming visualised digital signature applications should then be developed to generate and/or recognise visual digital certificates in support of the proposed visualised digital signature scheme. The processes of visualised digital signature creation and of verification through the application of the visualised digital certificate are then explained. This is accompanied by a model of system analysis for developers of conforming implementations of this specification. This allows developers the freedom to select appropriate developing tools. An analysis of this research evaluates the quality of integrity, security, interoperability, performance, and flexibility offered by this proposal.Future directions for furthering research development conclude this dissertation. seals signatures signets biblical seals Western seals Chinese seals Japanese seals Digital signatures visualised signing and verification visualised digital signatures visualised digital certificates PKI
75	Evaluation de la confiance dans les architectures de sécurité / Trust evaluation in security architectures Orfila, Jean-Baptiste 03 July 2018 (has links) Dans un monde de plus en plus connecté, la question de la confiance dans les sys-tèmes d’information qui nous entourent devient primordiale, et amène naturellement à des interrogations quant à leur sécurité. Les enjeux de cette dernière concernent autant la confidentialité des données individuelles que la protection des architectures critiques, notamment déployées dans le domaine de l’énergie et du transport. Dans cette thèse, nous abordons trois problématiques liées aux architectures de sécurité des systèmes d’information. Tout d’abord, nous proposons une architecture pour un module de rupture protocolaire, fournissant une protection face aux attaques utilisant le réseau comme vecteur. Grâce à l’isolation et le filtrage des échanges qu’il réalise, nous montrons que ce nouvel équipement est particulièrement adapté à la sécurisation des systèmes de contrôle-commandes. Nous abordons ensuite le thème de la sécurité des utilisateurs finaux ou objets connectés, par la définition d’une Infrastructure de Gestion de Clefs (IGC) centrée sur ces derniers, dénommée LocalPKI. Elle repose sur l’utilisation de certificats auto-signés, et son objectif est d’allier la simplicité des IGC pair-à-pair avec la sécurité des IGC hiérarchiques.Enfin, nous nous intéressons à l’amélioration du mécanisme des ancres de confiance pour les autorités de certification, utilisé par exemple dans PKIX et LocalPKI. A cet égard, nous commençons par définir des protocoles multi-parties permettant de calculer des produits scalaires et matriciels, préservant la confidentialité des données. Nous montrons finalement comment les appliquer dans le cadre de l’agrégation de confiance, et par conséquent à la réputation des autorités de certification / In a increasingly connected world, trust in information systems is essential. Thus, many questions about their security arise. Topics of these questions include individual data confidentiality as well as protection of Industrial Critical Systems(ICS). For instance, ICS are deployed in sectors including energy or transportation where security is of high importance. In this thesis, we address three problems related to the security architecture of information systems. We first propose an architecture for a protocol splitting device. This provides protection against networkattacks by isolating and filtering data exchanges. We show that this new security equipment is well suited for ICS. Then, we focus on end-user security. We define a user-centric Public Key Infrastructure (PKI) called LocalPKI. By using self-signed certificates, this infrastructure combines the user-friendliness of PGP-based PKI and the security of hierarchical PKI. Finally, we improve the trust anchormechanism. It is employed by Certification Authorities (CA) and especially used in PKIX or LocalPKI. In that respect, we first define multi-party protocols to securely compute dot and matrix products. Then, we explain how to apply them on trust aggregations and thus on the reputation of certification authorities. Architectures de sécurité Igc Confiance Scada Calcul Multi Parties Sécurisé Certificats Security Architecture Pki Trust Scada Secure Multi Party Computation Certificates 510 004
76	Uma arquitetura para autenticação de dispositivos móveis através de uma infra-estrutura de chave pública. / An architecture for authentication of mobile devices through a public key infrastructure. CAMINHA, Jean. 20 August 2018 (has links) Submitted by Johnny Rodrigues (johnnyrodrigues@ufcg.edu.br) on 2018-08-20T20:19:30Z No. of bitstreams: 1 JEAN CAMINHA - DISSERTAÇÃO PPGEE 2006..pdf: 1518338 bytes, checksum: e7ba2faff350c19009f55c5eec73fc4a (MD5) / Made available in DSpace on 2018-08-20T20:19:30Z (GMT). No. of bitstreams: 1 JEAN CAMINHA - DISSERTAÇÃO PPGEE 2006..pdf: 1518338 bytes, checksum: e7ba2faff350c19009f55c5eec73fc4a (MD5) Previous issue date: 2006-12-22 / A identificação de objetos que participam de uma arquitetura de processamento de dados é uma preocupação relevante para a segurança das informações e fator decisivo para a utilização de serviços que utilizam dados sensíveis. Este trabalho propõe uma arquitetura para a autenticação de dispositivos móveis utilizando a Infra-estrutura de Chave Pública (PKI) e o Protocolo de Iniciação de Sessões (SIP) de modo a minimizar as limitações de armazenamento e processamento destes aparelhos. / The identification of objects that participates of architecture of data processing is a concern for information security and decisive factor for services that need manipulate sensible data. This work considers architecture for mobile devices authentication through in a Public Key Infrastructure and the Session Initiation Protocol (SIP) as a way to minimize storage and processing limitations of those devices. Ciência da Computação. Autenticação de dispositivos móveis Chave pública Segurança da informação Infra-estrutura de chave pública Information security Public key infrastructure - PKI Authentication
77	Superando os riscos da seguran?a baseada em per?metro - Uma abordagem com identifica??o federada atrav?s de certificados digitais A3/ICP-Brasil e SAML Souza, Wellington Silva de 18 February 2013 (has links) Made available in DSpace on 2014-12-17T14:56:15Z (GMT). No. of bitstreams: 1 WellingtonSS_DISSERT.pdf: 5097418 bytes, checksum: 0861f0beded3a7d7e387f3b5d7f448ed (MD5) Previous issue date: 2013-02-18 / The traditional perimeter-based approach for computer network security (the castle and the moat model) hinders the progress of enterprise systems and promotes, both in administrators and users, the delusion that systems are protected. To deal with the new range of threats, a new data-safety oriented paradigm, called de-perimeterisation , began to be studied in the last decade. One of the requirements for the implementation of the de-perimeterised model of security is the definition of a safe and effective mechanism for federated identity. This work seeks to fill this gap by presenting the specification, modelling and implementation of a mechanism for federated identity, based on the combination of SAML and X.509 digital certificates stored in smart-cards, following the A3 standard of ICP-Brasil (Brazilian official certificate authority and PKI) / A vis?o tradicional de seguran?a em redes de computadores, baseada em per?metro (modelo do castelo e fosso ), al?m de entravar a evolu??o dos sistemas corporativos, cria, tanto em administradores quanto usu?rios, a falsa ilus?o de prote??o. Para lidar com a nova gama de amea?as, um novo paradigma orientado ? seguran?a intr?nseca dos dados, chamado deperimetriza??o , come?ou a ser estudado na ?ltima d?cada. Um dos requisitos para a implanta??o do modelo deperimetrizado de seguran?a ? a defini??o de um mecanismo seguro e eficaz de identifica??o federada. Este trabalho busca preencher essa lacuna, apresentando a especifica??o, modelagem e implementa??o de um mecanismo de identifica??o federada, baseado na conjun??o do protocolo SAML e certificados digitais X.509 armazenados em cart?es-inteligentes, padr?o A3/ICP-Brasil CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA
78	Refined Access Control in a Distributed Environment / Finkornig åtkomstkontroll i en distribuerad miljö Boström, Erik January 2002 (has links) In the area of computer network security, standardization work has been conducted for several years. However, the sub area of access control and authorization has so far been left out of major standardizing. This thesis explores the ongoing standardization for access control and authorization. In addition, areas and techniques supporting access control are investigated. Access control in its basic forms is described to point out the building blocks that always have to be considered when an access policy is formulated. For readers previously unfamiliar with network security a number of basic concepts are presented. An overview of access control in public networks introduces new conditions and points out standards related to access control. None of the found standards fulfills all of our requirements at current date. The overview includes a comparison between competing products, which meet most of the stated conditions. In parallel with this report a prototype was developed. The purpose of the prototype was to depict how access control could be administered and to show the critical steps in formulating an access policy. Informationsteknik access control PKI VPN X.509 RBAC role-based access control computer security cryptography Informationsteknik Computer and Information Sciences Data- och informationsvetenskap
79	En säkerhetsgranskning av Secure Application Framework Norling, Sebastian January 2013 (has links) Företaget Wireless Independent Provider (WIP) har tagit fram ett säkerhetsramverk vid namn Secure Application Framework (SAF) som är ett väldokumenterat ramverk för att skapa säkra interna företagsappar. Syftet med detta ramverk är att lösa problematiken kring Bring Your Own Device (BYOD) – hur man ska skilja på privat data och företagets data i enheten. Med ett sådant system så finns det mycket att tänka på rörande säkerheten. Genom att identifiera ett antal olika hot och genomföra en riskanalys på dessa kommer man fram till att systemet är skyddat mot majoriteten av hoten, det finns dock förslag till förbättringar på enstaka delar av systemet. Det genomförs även prestandatester och undersökning av lavineffekten för ett antal olika symmetriska krypteringsalgoritmer i syfte att fastslå om den använda algoritmen i systemet har fördelar jämfört med andra moderna krypteringsalgoritmer. Utifrån resultaten som tagits fram i detta arbete så konstateras det att skyddet mot de identifierade hoten är mycket bra samt att det inte finns någonting som skulle motivera ett byte av den symmetriska krypteringsalgoritmen. secure application framework wip kryptering public key infrastructure pki riskanalys lavineffekt prestanda byod Information Systems Computer Sciences Datavetenskap (datalogi) Software Engineering Programvaruteknik
80	Certifikační autorita / Certification authority Herinek, Denis January 2018 (has links) There is a lot of available services on the internet those need to be more secured and trusted. Public key infrastructure is used in sectors where are higher expectations in case of authentication, integrity and confidentality. It is almost impossible to imagine how internet banking or electronic signatures of important documents would work without PKI. There is a lot of open-source realisations of PKI created by users. Digital certificates as a part of PKI are issued by certificate authorities. This diploma thesis consists of open- source realisation of certificate authority and timestamping authority to demonstrate services which they provide.

Search results