Diseño de un sistema de seguridad física mediante Reconocimiento Facial a través del flujo de video, siguiendo las mejores prácticas de las normas ISO 80601, 13154, 19794 y el NISTIR 8238, para el área de seguridad de una empresa minera / Design of a physical security system through Facial Recognition through the video stream, following the best practices of the ISO 80601, 13154, 19794 and NISTIR 8238 standards, for the security area of a mining company

Filio Torres, Edgar Alfredo

24 April 2021

El presente trabajo se basa en el diseño de un sistema de seguridad física, aplicando tecnología de reconocimiento facial, para el control de acceso en una empresa del sector minero, este sistema permite tener un control robusto y confiable de los usuarios que ingresan y transitan por el campamento minero, este sistema se adapta a la nueva realidad que estamos viviendo, donde el distanciamiento social, el contacto físico personal y la medición de la temperatura, es un requisito indispensable. El diseño propuesto toma como referencia las mejores prácticas de las normas IEC 80601-2-59:2017 e ISO/TR 13154:2017, así como las recomendaciones del NISTIR 8238 que nos habla sobre la prueba continua de proveedores de reconocimiento facial. La problemática actual, es con referencia a la desactualización tecnología que tienen casi el 90% de los sistemas de seguridad de las empresas del sector minero, ya que, tras la llegada de la pandemia, estos sistemas se vieron evidenciados del pobre avance tecnológico con el que contaban. El diseño propuesto integra el uso de algoritmos con inteligencia artificial que permiten automatizar el proceso de identificación de los usuarios a través de su rostro, utilizando el flujo de video de las cámaras, analizamos la cobertura de las áreas a cubrir a través de los cálculos ópticos y distancia focal de las cámaras, proponemos también un mecanismo de gestión y tratamiento de las alertas que se generen de las analíticas aplicadas. Finalmente realizamos una comprobación y evidenciamos los resultados del diseño para cada objetivo específico planteado. / This work is based on the design of a physical security system, applying facial recognition technology, for access control in a company in the mining sector, this system allows to have a robust and reliable control of users entering and passing through the mining camp, this system adapts to the new reality we are living, where social distancing, personal physical contact, and temperature measurement, are indispensable requirements. The proposed design takes as a reference the best practices of the IEC 80601-2-59:2017 and ISO/TR 13154:2017 standards, as well as the recommendations of the NISTIR 8238 that tells us about the continuous testing of facial recognition providers. The current problem is related to the technological outdatedness of almost 90% of the security systems of the companies in the mining sector, since, after the arrival of the pandemic, these systems were evidenced by the poor technological progress they had. The proposed design integrates the use of algorithms with artificial intelligence that allow us to automate the process of identifying users through their face, using the video flow of the cameras, we analyse the coverage of the areas to be covered through optical calculations and focal length of the cameras, we also propose a mechanism for the management and treatment of alerts generated from applied analytics. Finally, we verify and show the results of the design for each specific objective set previously. / Tesis

Seguridad física

Reconocimiento facial

Distancia focal

Inteligencia artificial

Physical security

Facial recognition

Focal distance

Artificial intelligence

Detection of attacks against cyber-physical industrial systems / Détection des attaques contre les systèmes cyber-physiques industriels

Rubio Hernan, Jose Manuel

18 July 2017

Nous abordons des problèmes de sécurité dans des systèmes cyber-physiques industriels. Les attaques contre ces systèmes doivent être traitées à la fois en matière de sûreté et de sécurité. Les technologies de contrôles imposés par les normes industrielles, couvrent déjà la sûreté. Cependant, du point de vue de la sécurité, la littérature a prouvé que l’utilisation de techniques cyber pour traiter la sécurité de ces systèmes n’est pas suffisante, car les actions physiques malveillantes seront ignorées. Pour cette raison, on a besoin de mécanismes pour protéger les deux couches à la fois. Certains auteurs ont traité des attaques de rejeu et d’intégrité en utilisant une attestation physique, p. ex., le tatouage des paramètres physiques du système. Néanmoins, ces détecteurs fonctionnent correctement uniquement si les adversaires n’ont pas assez de connaissances pour tromper les deux couches. Cette thèse porte sur les limites mentionnées ci-dessus. Nous commençons en testant l’efficacité d’un détecteur qui utilise une signature stationnaire afin de détecter des actions malveillantes. Nous montrons que ce détecteur est incapable d’identifier les adversaires cyber-physiques qui tentent de connaître la dynamique du système. Nous analysons son ratio de détection sous la présence de nouveaux adversaires capables de déduire la dynamique du système. Nous revisitons le design original, en utilisant une signature non stationnaire, afin de gérer les adversaires visant à échapper à la détection. Nous proposons également une nouvelle approche qui combine des stratégies de contrôle et de communication. Toutes les solutions son validées à l’aide de simulations et maquettes d’entraînement / We address security issues in cyber-physical industrial systems. Attacks against these systems shall be handled both in terms of safety and security. Control technologies imposed by industrial standards already cover the safety dimension. From a security standpoint, the literature has shown that using only cyber information to handle the security of cyber-physical systems is not enough, since physical malicious actions are ignored. For this reason, cyber-physical systems have to be protected from threats to their cyber and physical layers. Some authors handle the attacks by using physical attestations of the underlying processes, f.i., physical watermarking to ensure the truthfulness of the process. However, these detectors work properly only if the adversaries do not have enough knowledge to mislead crosslayer data. This thesis focuses on the aforementioned limitations. It starts by testing the effectiveness of a stationary watermark-based fault detector, to detect, as well, malicious actions produced by adversaries. We show that the stationary watermark-based detector is unable to identify cyber-physical adversaries. We show that the approach only detects adversaries that do not attempt to get any knowledge about the system dynamics. We analyze the detection performance of the original design under the presence of adversaries that infer the system dynamics to evade detection. We revisit the original design, using a non-stationary watermark-based design, to handle those adversaries. We also propose a novel approach that combines control and communication strategies. We validate our solutions using numeric simulations and training cyber-physical testbeds

Sécurité cyber-physique

Théorie du contrôle

Sécurité du réseau

Systèmes contrôlés via un réseau

Infrastructures critiques

Détection d’attaques

Modèle d’adversaire

Adversaire cyber-physique

Cyber-physical security

Control theory

Network security

Networked-control system

Critical infrastructures

Attack detection

Adversary model

Cyber-physical adversary

Srovnávací studie proveditelnosti informačních systému pro nakládání s utajovanými informacemi do stupně utajení důvěrné v oblasti informačně - technologické a ekonomické. / Comparative study of feasibility of information systems handling classified information up to the CONFIDENTIAL level in the area of information-technological and economical.

HULIČOVÁ, Hana

January 2015

This thesis deals with the design of a comparative study of the feasibility of an information system handling classified information up to the Confidebtial level in the information-technological and economic area (i.e. economical and financial analysis).

Management informační bezpečnosti ve zdravotnickém zařízení / Information Security Management in Healthcare Organization

Hajný, Jiří

January 2014

The diploma thesis focuses on implementation and deployment of information security management system (ISMS) into healthcare organizations. Specifies what is required to include in this process and what not to forget. It includes a risk analysis of a branch of the selected company, and for it is written a safety guide. Safety guide provides advice and recommendations regarding security in terms of human resources, physical security, ICT security and other aspects that should be included in the ISMS deployment in healthcare organizations. The work also reflects the newly emerging law on cyber security. It is expected that the law will also address cyber security in healthcare.

Návrh zabezpečovacího systému areálu společnosti / A Proposal for a Security System of the Company Premises

Černý, Jan

January 2014

The content of this thesis is the complex security system proposal, specifically of PZTS system and CCTV system. The thesis is divided into three parts. The first part is analysis of the current state, the second is theoretical part and the third part is a practical part. The first part deals with the analysis of the current state of physical security and technical protection of the premises. The theoretical part deals with theoretical solutions for security system proposal. The practical part is focused on separate PZTS and CCTV systems proposal, that will meet all the requirements and standards of the customer.

Advanced EM/Power Side-Channel Attacks and Low-overhead Circuit-level Countermeasures

Debayan Das (11178318)

27 July 2021

<div>The huge gamut of today’s internet-connected embedded devices has led to increasing concerns regarding the security and confidentiality of data. To address these requirements, most embedded devices employ cryptographic algorithms, which are computationally secure. Despite such mathematical guarantees, as these algorithms are implemented on a physical platform, they leak critical information in the form of power consumption, electromagnetic (EM) radiation, timing, cache hits and misses, and so on, leading to side-channel analysis (SCA) attacks. Non-profiled SCA attacks like differential/correlational power/EM analysis (DPA/CPA/DEMA/CEMA) are direct attacks on a single device to extract the secret key of an encryption algorithm. On the other hand, profiled attacks comprise of building an offline template (model) using an identical device and the attack is performed on a similar device with much fewer traces.</div><div><br></div><div>This thesis focusses on developing efficient side-channel attacks and circuit-level low-overhead generic countermeasures. A cross-device deep learning-based profiling power side-channel attack (X-DeepSCA) is proposed which can break the secret key of an AES-128 encryption engine running on an Atmel microcontroller using just a single power trace, thereby increasing the threat surface of embedded devices significantly. Despite all these advancements, most works till date, both attacks as well as countermeasures, treat the crypto engine as a black box, and hence most protection techniques incur high power/area overheads.</div><div><br></div><div>This work presents the first white-box modeling of the EM leakage from a crypto hardware, leading to the understanding that the critical correlated current signature should not be passed through the higher metal layers. To achieve this goal, a signature attenuation hardware (SAH) is utilized, embedding the crypto core locally within the lower metal layers so that the critical correlated current signature is not passed through the higher metals, which behave as efficient antennas and its radiation can be picked up by a nearby attacker. Combination of the 2 techniques – current-domain signature suppression and local lower metal routing shows >350x signature attenuation in measurements on our fabricated 65nm test chip, leading to SCA resiliency beyond 1B encryptions, which is a 100x improvement in both EM and power SCA protection over the prior works with comparable overheads. Moreover, this is a generic countermeasure and can be utilized for any crypto core without any performance degradation.</div><div><br></div><div>Next, backed by our physics-level understanding of EM radiation, a digital library cell layout technique is proposed which shows >5x reduction in EM SCA leakage compared to the traditional digital logic gate layout design. Further, exploiting the magneto-quasistatic (MQS) regime of operation for the present-day CMOS circuits, a HFSS-based framework is proposed to develop a pre-silicon EM SCA evaluation technique to test the vulnerability of cryptographic implementations against such attacks during the design phase itself.</div><div><br></div><div>Finally, considering the continuous growth of wearable and implantable devices around a human body, this thesis also analyzes the security of the internet-of-body (IoB) and proposes electro-quasistatic human body communication (EQS-HBC) to form a covert body area network. While the traditional wireless body area network (WBAN) signals can be intercepted even at a distance of 5m, the EQS-HBC signals can be detected only up to 0.15m, which is practically in physical contact with the person. Thus, this pioneering work proposing EQS-HBC promises >30x improvement in private space compared to the traditional WBAN, enhancing physical security. In the long run, EQS-HBC can potentially enable several applications in the domain of connected healthcare, electroceuticals, augmented and virtual reality, and so on. In addition to these physical security guarantees, side-channel secure cryptographic algorithms can be augmented to develop a fully secure EQS-HBC node.</div>

Circuits and Systems

Microelectronics and Integrated Circuits

Computer System Security

Electromagnetic Security

Hardware Security

Mixed-Signal Circuit design for security

Generic Low-overhead countermeasure

Signature Attenuation Hardware

STELLAR

X-DeepSCA

An evaluation of contract and in-house security : a South African case study

Gwara, Nyeperayi

03 1900

The existence of security breaches in most spheres of modern society has caused loss of property and life. Some of these losses are so big that they eventually cripple organisations they affect. There is a need for private security within the South African context. Private security is executed through various security strategies. In most cases, companies operate with both contract and in-house security personnel on site. Regardless of the strategy adopted, companies continue to experience a variety of security risks. Therefore, swift transformation is needed in the security industry. To achieve this, appropriate security strategies will be necessary to overcome security risks. This study was directed by its aim and objectives. The aim was to evaluate contract and in-house security strategies in order to recommend the appropriate strategy to be used in security programmes. This aim was achieved through the sum of its outlined objectives. The first research objective was to establish the advantages and disadvantages of contract and in-house security. The second objective was to examine the effectiveness of contract and in-house security strategies, and the third to recommend appropriate security strategies to be used in security programmes. This study evaluated contract and in-house security in a registered security company located in Johannesburg, South Africa. A qualitative inquiry was implemented, and a case study approach was used to conduct the research study. The research study combines both literature and empirical research to reach its findings and make its recommendations. While there are 500 employees in the company, the sample was made up of 38 participants. A non-probability sampling method was adopted, and a purposive sampling method was used to select the participants. Furthermore, a face-to-face semi-structured interview schedule that included probing questions was used to collect data. The participants were targeted based on their knowledge and experience in issues surrounding management, policy, and security strategies. The sample consisted of 10 employees in the management category, 13 human resources employees and 15 security employees. The findings of this study were wide, but specific to the context in which it was researched. The advantages and disadvantages of contract and in-house security were comprehensively explored and narrated. This was done through a review of the literature and the raw data obtained from the research participants. The study determined the effectiveness of the two security strategies within the milieu of the case study under study. Furthermore, the study determined that there is no conclusive answer with regards to the most appropriate security strategy to be used. This chosen strategy is dependent on the specific security requirements. Once these requirements have been outlined, the specific strategy can be chosen, namely: contract security, in-house security or a hybrid approach. Recommendations are surplus to the findings of the study. The findings of a research study often go beyond the aim and objectives it set out to achieve. This study produced findings wider than the context of its predetermined aim and objectives and that are relevant to role players within the security industry. / Ukuba khona kwezenzo zokuphula amahlelo wezokuphepha emikhakheni eminengi yomphakathi wesimodeni sekubangele ukulahleka kwepahla nepilo. Ezinye zezehlakalo zalokhu kulahleka kwepahla ngendlela kukukhulu ngakho kuze kubulala neenhlangano ezithintekako. Kunesidingo sehlelo lezokuphepha langasese ngaphakathi kobujamo beSewula Afrika. Ihlelo lezokuphepha langasese/langeqadi Ihlelo lezokuphepha langeqadi lisetjenziswa ngamano ahlukeneko. Esikhathini esinengi, iinkampani zisebenza ngabasebenzi besivumelwano sesikhatjhana (contract) nabasebenzi bezokuphepha abahlaliswe esikhungweni esisodwa. Ngaphandle kokuqala amano amukelweko, iinkampani ziragela phambili nokuhlangabezana neengozi zokuphepha ezahlukahlukeneko. Yeke-ke, ihlelo elirhabileko lamatjhuguluko liyadingeka ebubulweni lezokuphepha. Ukuphumelela kilokhu, kuzokufuneka amano wezokuphepha afaneleko ukuze kuqedwe iingozi kezokuphepha. Leli rhubhululo belirholwa phambili mnqopho neenhloso zalo. Umnqopho kwakukuhlola ikontraga kanye namano wezokuphepha okwenziwa esikhungwini esisodwa ukuze kunconywe amano afaneleko okufanele asetjenziswemkumaphrogremu wezokuphepha. Lo mnqopho wafikelelwa ngeenhloso zoke zeminqopho zawo eyendlaliweko. Irhubhululo lokuthoma kwakukuhloma amathuba amahle kanye namathuba amambi wehlelo lezokuphepha eliyikontraga nelingaphakathi kwesikhungo. Umnqopho wesibili kwakukuhlolisisa ukusebenza kuhle kwamano wekontraga namano wezokuphepha ezisesikhungwini, kanti umnqopho wesithathu kuncoma amano afaneleko wezokuphepha ukobana asetjenziswe kumaphrogremu wezokuphepha. Leli rhubhululo lihlole ihlelo lezokuphepha lesivumelwano/sekontraga nelesikhungo kukhamphani yezokuphepha etlolisiweko enzinze eJohannesburg, eSewula Afrika. Iphenyisiso elidzimelele kukhwalithi lisetjenzisiwe ukwenza isifundo serhubhululo. Isifundo serhubhululo sihlanganisa yomibili imitlolo yobukghwari kanye nerhubhululo eliphathekako ukufikelela kulwazi belenze iincomo zalo. Njengombana kunabasebenzi abama-500 kukhamphani, isampuli yenziwa ngabadlalindima abama-38. Indlela yezampula i-non-probability sampling yalandelwa, kanti kusetjenziswe indlela yesampuli enehloso i-purposive sampling isetjenziselwe ukukhetha abadlalindima. Ngaphezu kwalokho, itjhejuli yehlolombono equntwe phakathi yokuqalana ubuso nobuso efaka imibuzo ephenyako isetjenziswe ukubuthelela idatha. Abadlalindima bebakhethwa ngokuqala ilwazi labo kanye nelwazi elimalungana neendaba zokuphatha, umthethomgomo kanye namano wezokuphepha. Isampuli beyinabasebenzi abali-10 esigabeni sezokuphatha, 13 yabasebenzi bomnyango wezokuqatjhwa kwabasebenzi kanye nabasebenzi abali-15 bezokuphepha. Ilwazi elitholakeleko laleli rhubhululo belinabile, kodwana linqophe ikakhulukazi ebujameni lapho irhubhululo lenziwa khona. Ubuhle nobumbi bamahlelo wezokuphepha wekontraga newesikhungwini ahlolisiswe begodu acocwa ngendlela enabileko. Lokhu kwenziwe ngokubuyekezwa komtlolo wobukghwari kanye nedatha ehlaza etholakele kubadlalindima berhubhululo. Irhubhululo liveze ukusebenza kuhle kwamano amabili wezokuphepha ngaphakathi kobujamo (milieu) besibonelorhubhululo (case study) ngaphasi kwesifundo serhubhululo. Ngaphezu kwalokho, irhubhululo liveze ukuthi akunapendulo yinye esiphetho malungana namano afaneleko wezokuphepha okufanele asetjenziswe. La mano akhethiweko adzimelele phezu kweemfuneko ezithileko zokuphepha. Ngemva kobana iimfuneko lezi sezendlaliwe, amano athileko angakhethwa, wona ngilawa: ihlelo lezokuphepha lekontraga, ihlelo lezokuphepha langendleni nanyana indlela ehlanganisiweko. / U vha hone ha matavhi a tsireledzo kha masia manzhi a tshitshavha tsha zwino ho vhanga ndozwo kha ndaka na matshilo. Dzinwe dza ndozwo idzi ndi khulwanesa dzine dza fhedzisela dzi tshi khou hotefhadza zwiimiswa zwine zwa khou zwi thithisa. Hu na thodea ya tsireledzo ya phuraivethe kha nyimele ya Afrika Tshipembe. Tsireledzo ya phuraivethe dzi shumiswa kha zwitirathedzhi zwa tsireledzo zwo fhambanaho. Kha nyimele nnzhi, khamphani dzi shuma na vhuvhili ha vhashumi vha khonthiraka na vha tshiimiswa kha vhupo. Zwi si na ndavha na tshitirathedzhi tshine tsha khou shumiswa, khamphani dzi bvela phanda na u tshenzhela khohakhombo dza tsireledzo dzo fhambanaho. Nga zwenezwo, hu khou todea tshanduko nga u tavhanya kha ndowetshumo ya tsireledzo. U swikelela izwi, zwitirathedzhi zwo teaho zwa tsireledzo zwi do vha zwa ndeme u kunda khohakhombo dza tsireledzo. Tsedzuluso iyi i do sedza kha ndivho na zwipikwa zwayo. Ndivho ho vha u ela zwitirathedzhi zwa tsireledzo ya khonthiraka na ya tshiimiswa u itela u themendela zwitirathedzhi zwo teaho u shumiswa kha mbekanyamushumo dza tsireledzo. Ndivho yo swikelelwa nga kha tshivhalo tsha zwipikwa zwo bviselwaho khagala. Tshipikwa tsha u thoma tsha thodisiso ho vha u bveledza vhudi na vhuvhi ha tsireledzo ya khonthiraka na ya tshiimiswa. Tshipikwa tsha vhuvhili ho vha u tola u shuma ha zwitirathedzhi zwa tsireledzo ya khontiraka na ya tshiimiswa, na tsha vhuraru u themendela zwitirathedzhi zwo teaho zwa tsireledzo zwine zwa do shumiswa kha mbekanyamushumo dza tsireledzo. Tsedzuluso yo tola tsireledzo ya khontiraka na ya tshiimiswa kha khamphani ya tsireledzo yo nwaliswaho ine ya wanala Johannesburg, Afrika Tshipembe. Ho shumiswa maitele a khwaḽithathivi, na maitele a thodisiso o shumiswa u ita ngudo dza thodisiso. Ngudo ya thodisiso yo tanganyisa manwalwa na zwithu zwi re khagala u swikelela mawanwa ayo na u ita themendelo dzayo. Musi hu na vhashumi vha 500 kha khamphani, tsumbonanguludzwa dzo bveledzwa nga vhadzheneleli vha 38. Ho shumiswa kuitele kwa tsumbonanguludzwa dza vhadzheneleli vhane vha si fhiwe zwikhala zwine zwa edana, na u shumisa kuitele kwa tsumbonanguludzwa ho sedzwa vhukoni kha vhadzheneleli. U isa phanda, kha u kuvhanganya data ho shumiswa inthaviwu ya u tou livhana zwifhatuwo ya mbudziso dzo tou u dzudzanywaho ine ya katela na u vhudzisa mbudziso. Vhadzheneleli vho tiwa ho sedzwa ndivho na tshenzhemo zwavho, kha mafhungo ane a kwama ndangulo, mbekanyamaitele, na zwitirathedzhi zwa tsireledzo. Tsumbonanguludzwa dzo vhumbwa nga vhashumi vha 10 kha khethekanyo ya ndangulo, 13 u bva kha vhashumi vha zwiko zwa vhashumi na vhashumi vha tsireledzo vha 15. Mawanwa a ngudo heyi o tandavhuwa, fhedzi o dodombedza nyimele ye ha itwa thodisiso khayo. Vhudi na vhuvhi ha tsireledzo ya khonthiraka na ya tshiimiswa zwo wanulusa na u talutshedzwa nga vhudalo. Hezwi zwo itwa nga kha u sedzwa hafhu ha manwalwa na data i songo vanganyiwaho ye ya waniwa u bva kha vhadzheneleli vha vhatodisisi. Thodisiso yo ta u shuma ha zwitirathedzhi zwa tsireledzo zwivhili fhethu ha ngudo nga fhasi ha ngudo. U ya phanda, ngudo yo ta uri a hu na phindulo yo khwathisedzwaho zwi tshi da kha tsireledzo yo teaho nga maanda ine ya fanela u shumiswa. Tshitirathedzhi tsho nangiwaho tsho ditika nga thodea dza tsireledzo dzo tiwaho. Musi thodea idzi dzo no bviselwa khagala, tshitirathedzhi tsho tiwaho tshi nga nangiwa, tshine tsha vha: tsireledzo ya khonthiraka, tsireledzo ya tshiimiswa, kana maitele o tanganelaho. Themendelo ndi zwo salaho kha mawanwa a ngudo. Mawanwa a thodisiso dza ngudo tshifhinga tshothe a fhira ndivho na zwipikwa zwo vhewaho u zwi swikelelwa. Ngudo heyi yo bveledza mawanwa o tandavhuwaho u fhira nyimele ya ndivho na zwipikwa zwo tiwaho u thoma o teaho kha vhashelamulenzhe kha ndowetshumo ya tsireledzo. / Security Risk Management / M. Tech. (Security Management)

Absorption

Contract security

Crime prevention

Exposure

In-house security

Loss control

Physical security

Security

Security programmes

Security strategy

Ukudoswa/ukufakwa

Ihlelo lezokuphepha lekontraga

Ukuvikelwa kobulelesi

Ukuhlangabezana

Ihlelo lezokuphepha langendlini

Ukulahlekelwa lilawulo

Ihlelo lezokuphepha okuphathekako

Zokuphepha

Amaphrogremu wezokuphepha

Amano wezokuphepha

U tanganelana

Tsireledzo ya khonthiraka

U thivhela vhutshinyi

U tanela

Tsireledzo ya tshiimiswa

U xelelwa nga ndango

U xelelwa nga ndango

Tsireledzo ya vhathu na ndaka

Tsireledzo

Mbekanyamushumo dza tsireledzo

Tshitirathedzhi tsha tsireledzo

363.28909682215