Global ETD Search

101	Autentisering och Riskmedvetande : En studie om Lösenordshantering och Risktagande / Authentication and Risk Consciousness : A study on password management and risk taking Håkansson, Daniel Clarke, Lundström, Markus January 2018 (has links) Efter regelbundna diskussioner om huruvida autentisering med statiska lösenord är ett bra tillvägagångssätt växte en idé fram om att undersöka hur människor hanterar sina autentiseringsuppgifter. Detta arbete tar sig an uppgiften att kartlägga svagheter i samband med autentisering vad gäller metoden, samt människors säkerhetsmedvetande och risktagande. Under studien genomfördes en enkätundersökning där 100 personer med varierande ålder och sysselsättning svarade fullständigt. Vi frågade hur de värderar, skapar och hanterar lösenord. De svarande fick även ta ställning till ett antal påståenden, vad gäller deras säkerhetsmedvetande och risktagande i samband med autentisering.Resultatet från studien visar att en majoritet återanvänder lösenord i mycket hög grad. Det framkommer också att en övervägande majoritet använder sig av memorering som huvudsaklig teknik för hantering av lösenord. Resultatet visar även att de svarande i hög utsträckning tycker lösenordets komplexitet är viktigare än dess längd. Dessutom kände sig endast 22% av de svarande ej trygga med ett lösenord som är 8 tecken långt, vilket är en låg procentandel eftersom 8 tecken är för svagt idag. Ämnet är dock komplext, en kombination av längd och komplexitet är önskvärt för att skapa ett starkt lösenord, samtidigt som lösenorden skall vara unika för varje enskild tjänst. Att använda memorering som sin huvudsakliga metod är dessvärre i dessa fall ej applicerbart. En bättre strategi är att använda sig av exempelvis en lösenordshanterare eller att memorera en ramsa. Exempelvis ta förstabokstaven från varje ord i en mening, Min katt heter Glenn han har 3 ben Vit nos & Rött koppel vilket kan resultera i MkhGhh3bVn&Rk. En bra början för att förbättra sin lösenordshantering är att först och främst värdera sina autentiseringsuppgifter som värdefulla, läsa på om ämnet, samt därefter ta fram en egen strategi som är lämplig. / After regular discussions about whether authentication with static passwords is a good approach, an idea emerged to investigate how people handle their authentication credentials. This report tackles the task of mapping weaknesses associated with authentication regarding the method, as well as human security awareness and risk taking. During the study, a survey was conducted in which 100 people completely responded, all with varying age and employment. We asked how they value, create, and manage their passwords. The respondents were also tasked to take a position on a number of allegations, regarding their security awareness and risk-taking in connection with authentication.The result of the study shows that the majority reuse passwords to a very high extent. It also appears that a large majority uses memorization as the maintechnique for password management. The result also shows that respondents to a great extent think the complexity of the password is more important than its length. In addition, only 22% of respondents felt unsafe with a password that is 8 characters long, which is a low percentage since 8 characters are too weak today.Though the subject is complex, a combination of length and complexity is desirable to create a strong password. In addition to that the passwords must be unique to each service. Using memorization as its main method is unfortunately not applicable in these cases. A better strategy is to use, for example, a password manager or to generate a memorandum chant. For example, take the first letter of each word in one sentence, My cat is called Glenn he has 3 legs White nose & Redlink which can result in McicGhh3lWn&Rl. A good start to improve one’s password management is to firstly evaluate authentication credentials as valuable, read upon the subject, and then develop a strategy that is appropriate to one’s needs. Authentication Authorization Security Consciousness Password Risk Detection Identity Identification Compromise Study Survey Autentisering Auktorisering Säkerhetsmedvetande Lösenord Risktagande Identitet Identifiering Kompromettering Studie Enkät Information Systems
102	Genus och säkerhetsbeteende : En litteraturstudie om kön och säkerhetsbeteende / Gender and security behavior : A literature study on gender and safety behavior Hadjimuradov, Abdulla January 2021 (has links) Vi lever i en tid där informationstekniken tar större och större plats i vardagen för varje år, både på jobbet och på fritiden. Det är en spännande tid där många delar av det vardagliga livet övergått till att bli mer digitalt. Samtidigt ställer denna digitalisering i allt högre utsträckning krav på användaren när det kommer till säkerheten för den personliga integriteten online. Med tanke på den exponentiella utveckling av digitaliseringen och informationsteknologin det senaste decenniet, är det intressant att söka utröna huruvida säkerhetsbeteendet bland användare har ökat i samma takt eller om säkerhetsbeteendet har halkat efter. Den genomförda litteraturstudien hade som mål att undersöka vilka skillnader relaterat till kön som identifierats inom tidigare informationssäkerhetsforskning. Olika kombinationer av sökbegrepp användes för att söka igenom fem databaser med hjälp av urvalskriterier för att hitta relevanta artiklar. Detta resulterade i 30 accepterade artiklar som genomgick en kvalitativ dataanalys med hjälp av tematisk analys. Undersökningen visade på att tidigare forskning hade identifierat vissa skillnader som relaterade till kön, men också att fler studier gällande könsskillnader inom informationssäkerhet behövs för att kunna förstå sig på mänskliga fel och för att kunna hitta åtgärder som förbättrar säkerhetsbeteendet och säkerhetsmedvetenheten bland människor. / We live in a time where information technology is taking up more and more space in everyday life for each year, both at work and in our free time. This is an exciting time where everything is becoming more digital, at the same time as everything is becoming more digital, demands are also being raised on all users. Given the drastic development of digitalization and information technology in the last decade, it is interesting to identify whether security behavior among users has increased at the same rate or whether security behavior has lagged behind. The aim of the completed literature study was to investigate the differences related to gender that had been identified in previous information security research. Different combinations of search terms are used to search through five databases using selection criteria to find relevant articles. Resulted in 30 accepted articles that underwent a qualitative data analysis using thematic analysis. The study showed that previous research identified certain differences related to gender, but also that more studies regarding gender differences in information security are needed to be able to understand human errors and to be able to find measures that improves security behavior and security awareness among people. Gender gender differences password phishing cybersecurity Kön könsskillnader lösenord phishing cybersäkerhet Information Systems, Social aspects
103	Testování zranitelností v průmyslových sítích / Vulnerabilities assessment for industrial protocols Zahradník, Jiří January 2020 (has links) Thesis deals with testing of selected vulnerabilities from the IEC 61850 standard and following design of mitigation measures for selected vulnerabilities. Author simulated vulnerabilities of the GOOSE protocol, NTP attack and attack ona MMS client. Those attacks were GOOSE stNum, GOOSE semantic, GOOSE test bit,GOOSE replay, GOOSE flood, NTP spoofing and MMS password capture. Attacks on protocols GOOSE and MMS were successful, attack on NTP was only partially successful since the device confirmed receiving spoofed time, however it did not change it’s inner clock. Author then designed possible mitigation measures. Tool for automatic testing of selected vulnerabilities, parser for the GOOSE protocol and lightweight multiplatform parser for configuration files were created as well.The outcome of this thesis allows the implementation of lager scale tool for penetration testing of industrial networks as well as it allows implementation of discussed mitigation measures.
104	Marketingový výzkum pro produkt Sticky Password / Marketing Research for the Sticky Password Product Nárožná, Gabriela January 2011 (has links) This diploma thesis deals with marketing research for Lamantine software, a.s. software company. This company operates in the area of software development. Specifically this thesis aims on marketing research for the Sticky Password product, password manager and form filler. The stress is put on identification of competitive products, target groups and segments, their needs and expectations. With the help of marketing tools and web analytic tools the marketing environment analysis and survey are accomplished.
105	Ochrana proti distribuovaným útokům hrubou silou / Distributed Brute Force Attacks Protection Richter, Jan January 2010 (has links) This project deals with analysis of brute force attacks focused on breaking authentication of common services (especially ssh) of Linux and xBSD operating systems. It also examines real attacks, actual tools and ways of detection of theese attacks. Finaly there are designed new mechanisms of coordination and evaluation of distributed brute force attacks in distributed environment. These mechanisms are then implemented in distributed system called DBFAP.
106	En modell för utformandet av biografiska ordböcker / A model for the design of biographical dictionaries Ginman, Johan January 2021 (has links) Every website, computer and IT system have users who need to verify their identity throughauthentication. The most common form of authentication today is to apply an alphanumericpassword. Passwords are often based on biographical information that can be derived from the userhimself and common elements that are usually utilized while creating passwords are names, petnames, family related, and date of birth. While passwords today are often based on the individual'sbiographical elements, the police have problems cracking encrypted devices because it takes a longtime and is complex to identify the correct password among all possible combinations. This problemis the basis for the work and is the reason why this model for how biographical dictionaries should bestructured and contain is created. To design the model, a literature review has been carried outwhere elements have been defined and a structure formed. Interviews with IT forensics from thepolice and NFC were then held to refine the different elements and structure of the initial model andto create a reality anchor. The result of this work is a product in the form of a model that can be usedto create biographical dictionaries based on target people. The model demonstrates whichbiographical elements are relevant for finding potential passwords. The conclusion drawn is that themodel can facilitate the work of the police and IT forensics when it comes to cracking people'sbiographical passwords. By using a dictionary that is built with the model, time-consuming attackssuch as brute-force attacks or more general dictionary attacks do not need to be applied. / Till varje hemsida, dator och IT-system finns användare som behöver verifiera sin identitet genomautentisering. Den vanligaste formen av autentisering är idag att applicera ett alfanumerisktlösenord. Lösenord bygger ofta på biografiska uppgifter som kan härledas från användaren själv ochvanliga element som brukar användas vid lösenordsgenerering är: namn, husdjursnamn, familj ochfödelsedatum. Samtidigt som lösenord idag ofta bygger på individens biografiska element har polisenproblem att knäcka krypterade enheter på grund av att det tar lång tid och är väldigt komplext attidentifiera rätt lösenord bland alla möjliga kombinationer. Detta problem ligger till grund för arbetetsamt är orsaken till varför denna modell för hur biografiska ordböcker ska vara strukturerade ochinnehålla skapas. För att utforma modellen har en litteraturöversikt genomförts där element hardefinierats och en struktur formats. Intervjuer med IT-forensiker från polisen och NFC hölls därefterför att förädla den initiala modellens olika element och struktur samt att skapa enverklighetsförankring. Resultatet av detta arbete är en slutprodukt i form av en modell som går attnyttja för att skapa biografiska ordböcker utifrån målpersoner. Modellen påvisar vilka biografiskaelement som är relevanta för att hitta potentiella lösenord. Slutsatsen som dras gör gällande attmodellen kan underlätta polisens och IT-forensikers arbete när det kommer till att knäcka personersbiografiska lösenord. Genom att nyttja en ordbok som är uppbyggd med modellen behöver intetidskrävande angrepp som ”brute force” attacker eller mer generella ordboksattacker appliceras. Biographical dictionaries password Cracking Dictionary attack police digital forensics. Biografiska ordböcker lösenordsknäckning ordboksattack Polis it-forensik. Information Systems
107	Constructing and Evaluating a Raspberry Pi Penetration Testing/Digital Forensics Reconnaissance Tool Lundgren, Marcus, Persson, Johan January 2020 (has links) Tools that automate processes are always sough after across the entire IT field. This project's aim was to build and evaluate a semi-automated reconnaissance tool based on a Raspberry Pi 4, for use in penetration testing and/or digital forensics. The software is written in Python 3 and utilizes Scapy, PyQt5 and the Aircrack-ng suite along with other pre-existing tools. The device is targeted against wireless networks and its main purpose is to capture what is known as the WPA handshake and thereby crack Wi-Fi passwords. Upon achieving this, the program shall then connect to the cracked network, start packet sniffing and perform a host discovery and scan for open ports. The final product underwent three tests and passed them all, except the step involving port scanning - most likely due to hardware and/or operating system faults, since other devices are able to perform these operations. The main functionalities of this device and software are to: identify and assess nearby network access points, perform deauthentication attacks, capture network traffic (including WPA handshakes), crack Wi-Fi passwords, connect to cracked networks and finally to perform host discovery and port scanning. All of these steps shall be executed automatically after selecting the target networks and pressing the start button. Based on the test results it can be stated that this device is well suited for practical use within cyber security and digital forensics. However, due to the Raspberry Pi's limited computing power users may be advised to outsource the cracking process to a more powerful machine, for the purpose of productivity and time efficiency. Scapy Python 3 Aircrack-ng Reconnaissance Tool Penetration testing Wi-Fi Cracking Password Cracking Raspberry Pi Information Systems
108	The effect of human memory on password behavior : An investigation Tarczal, Márton January 2023 (has links) Passwords are widely used as a primary method of authentication and access control, making them a critical component in safeguarding digital assets. However, individuals’ password-related behaviors, such as password selection, memorization, and management, significantly impact the security of their accounts. Cognitive abilities, one of which is memory capacity, have also been shown in past research to affect cybersecurity awareness and therefore password behavior, as an extension of this. This thesis aimed to explore how individuals’ short-term memory capacity influenced their password behavior and its implications for cybersecurity. The research methodology used a questionnaire as a quantitative approach towards this issue. The study examined participants’ password creation strategies and their ability to remember different aspects using cued recall. Furthermore, the relationship between password behavior and short-term memory capacity was also explored in terms of four different demographic subgroups, namely gender, age, level of education, and IT competence. The evaluation has been performed using statistical analysis on 315 complete questionnaire responses. The results of this thesis work corroborate most of the previous research on the aforementioned topics, such that females and older age were the strongest predictors of correlation between password behavior and short-term memory capacity. This thesis work can be used as guidance when conducting further research on the effects of various cognitive abilities on cybersecurity awareness. Cybersecurity awareness cognitive ability password behavior memory cued recall demographics questionnaire Information Systems, Social aspects
109	A Comparative Analysis of SecurityServices Using Identity and AccessManagement (IAM) Muddychetty, Nithya Sree January 2024 (has links) Background: Identity and Access Management (IAM) is a critical IT securityframework for managing digital identities and resource access. With roots datingback to ancient civilizations, IAM has evolved from basic authentication to sophisticated methods. Okta, a leading cloud-based IAM platform founded in 2009, excelsin identity management, authentication, and access control. It is recognized for itscommitment to security and adaptability to cybersecurity challenges. As of October2023, Okta maintains its prominent position in the IAM market, acknowledged byGartner’s Magic Quadrant for Access Management, worldwide. Objectives: The objective of this thesis is to conduct a comprehensive comparative analysis of security services, specifically focusing on their integration with IAMsolutions. This investigation seeks to provide an examination of security serviceslike Multi-factor authentication (MFA) and Single Sign On (SSO) and evaluate theireffectiveness in conjunction with IAM. By doing so, we aim to determine which security approach offers the most robust protection in our digitally interconnected world. Methods: The primary goal of this methodology is to create a robust, secure,and user-friendly authentication and access management system using Okta withinan IAM framework. This involves the integration of both MFA and SSO features.To kickstart the process, we establish a controlled environment that mirrors thereal-world scenarios. Okta is chosen as the IAM tool, and its deployment involvesmanaging user identities, controlling access, and handling authentication. Results: The result of the study on the comparative analysis of security servicesusing IAM reveals distinct differences in the effectiveness and features among securityservices. Key findings highlight variations in authentication methods, authorizationmechanisms, and overall security robustness. This comprehensive examination provides valuable insights into the strengths and weaknesses of different IAM-basedsecurity services, offering a foundation for informed decision-making in selecting themost suitable solution for specific organizational needs. Conclusions: This thesis conclusively demonstrates the efficacy of integrating SSOand MFA into IAM. The incorporation of Biometric Authentication and Time basedOne Time-Password (TOTP) in MFA garnered strong user preference. SSO implementation streamlined authentication, reducing steps and enhancing ease of use.The overwhelmingly positive user feedback and robust security measures validateSSO+MFA as a valuable contribution to IAM, ensuring data security and user confidence. Access Control Lists Identity Access Management Multi-Factor Authentication One time password Single sign on System Usability Scale Virtual private network Computer Sciences Datavetenskap (datalogi)
110	Improving the Security of Mobile Devices Through Multi-Dimensional and Analog Authentication Gurary, Jonathan, Gurary 28 March 2018 (has links) No description available. Computer Engineering Computer Science authentication mobile authentication graphical password analog authentication multi-dimensional authentication shoulder-surfing challenge-response keystroke dynamics virtual reality

Search results