Global ETD Search

441	Architektura a správa zabezpečených sítí / Architecture and management of secure networks Štangler, Jan January 2020 (has links) This work is focused on the security of small to medium-sized networks with central administration, especially on the creation of a methodology for secure network design.The design of a secure network for a start-up IT company, using open-source software, is described. Deployment of the designed secure network, with central management, is performed and the connectivity of network elements are tested. The model simulates network traffic situations and network attacks using penetration testing techniques. In terms of the severity of the impact on network security, intercepted attacks are evaluated and immediately reported to responsible persons. Finally, the results of the intercepted attacks are processed and further actions are recommended.
442	Creating a safe and secure teaching and learning environment: a successful school leadership imperative Sinthumule, Dzivhonele Albert 18 September 2017 (has links) DEd (Educational Management) / Department of Educational Management / This study focuses on safety and security in public schools. School violence is a sad reality encountered by whoever takes up the responsibility for the safety of learners and teachers. Both teachers and learners have the right to feel safe and secure at school. The aim of the study was to investigate how school management teams and school governing bodies take reasonable measures to ensure the safety and security of learners at schools. A mixed-methods research design was used in this study. The quantitative data, collected through questionnaires, were analysed through Statistical Package for Social Sciences version 23, while the qualitative data, gathered through semi-structured interviews, were thematically analysed. The study revealed that successful school leaders have the potential to tremendously reduce safety and security challenges when necessary support is provided. Establishing partnerships with other sectors not only manage and improve the learners' behaviour and lessen learning difficulties but also create a more supportive climate within the school, home and society. Unavailability of school psychologists and/or social workers who would join forces with teachers, parents, and other professionals to create safe and supportive learning environments increase the manifestations of school safety and security challenges. Effective school School safety School violence Secure school School Management Teams 363.1193710968257 Violence -- South Africa -- Limpopo Teaching -- South Africa -- Limpopo
443	Building a secure infrastructure for IoT systems in distributed environments / Une infrastructure sécurisée pour les systèmes IdO dans les environnements distribués Zhu, Xiaoyang 24 June 2019 (has links) Le principe de l'Internet des objets (IdO) est d'interconnecter non seulement les capteurs, les appareils mobiles et les ordinateurs, mais aussi les particuliers, les maisons, les bâtiments intelligents et les villes, ainsi que les réseaux électriques, les automobiles et les avions, pour n'en citer que quelques-uns. Toutefois, la réalisation de la connectivité étendue de l'IdO tout en assurant la sécurité et la confidentialité des utilisateurs reste un défi. Les systèmes IdO présentent de nombreuses caractéristiques non conventionnelles, telles que l'évolutivité, l'hétérogénéité, la mobilité et les ressources limitées, qui rendent les solutions de sécurité Internet existantes inadaptées aux systèmes basés sur IdO. En outre, l'IdO préconise des réseaux peer-to-peer où les utilisateurs, en tant que propriétaires, ont l'intention d'établir des politiques de sécurité pour contrôler leurs dispositifs ou services au lieu de s'en remettre à des tiers centralisés. En nous concentrant sur les défis scientifiques liés aux caractéristiques non conventionnelles de l'IdO et à la sécurité centrée sur l'utilisateur, nous proposons une infrastructure sécurisée de l'IdO activée par la technologie de la chaîne de blocs et pilotée par des réseaux peer-to-peer sans confiance. Notre infrastructure sécurisée IoT permet non seulement l'identification des individus et des collectifs, mais aussi l'identification fiable des objets IoT par leurs propriétaires en se référant à la chaîne de blocage des réseaux peer-to-peer sans confiance. La chaîne de blocs fournit à notre infrastructure sécurisée de l'IdO une base de données fiable, immuable et publique qui enregistre les identités individuelles et collectives, ce qui facilite la conception du protocole d'authentification simplifié de l'IdO sans dépendre des fournisseurs d'identité tiers. En outre, notre infrastructure sécurisée pour l'IdO adopte un paradigme d'IdO socialisé qui permet à toutes les entités de l'IdO (à savoir les individus, les collectifs, les choses) d'établir des relations et rend l'IdO extensible et omniprésent les réseaux où les propriétaires peuvent profiter des relations pour définir des politiques d'accès pour leurs appareils ou services. En outre, afin de protéger les opérations de notre infrastructure sécurisée de l'IdO contre les menaces de sécurité, nous introduisons également un mécanisme autonome de détection des menaces en complément de notre cadre de contrôle d'accès, qui peut surveiller en permanence le comportement anormal des opérations des dispositifs ou services. / The premise of the Internet of Things (IoT) is to interconnect not only sensors, mobile devices, and computers but also individuals, homes, smart buildings, and cities, as well as electrical grids, automobiles, and airplanes, to mention a few. However, realizing the extensive connectivity of IoT while ensuring user security and privacy still remains a challenge. There are many unconventional characteristics in IoT systems such as scalability, heterogeneity, mobility, and limited resources, which render existing Internet security solutions inadequate to IoT-based systems. Besides, the IoT advocates for peer-to-peer networks where users as owners intend to set security policies to control their devices or services instead of relying on some centralized third parties. By focusing on scientific challenges related to the IoT unconventional characteristics and user-centric security, we propose an IoT secure infrastructure enabled by the blockchain technology and driven by trustless peer-to-peer networks. Our IoT secure infrastructure allows not only the identification of individuals and collectives but also the trusted identification of IoT things through their owners by referring to the blockchain in trustless peer-to-peer networks. The blockchain provides our IoT secure infrastructure with a trustless, immutable and public ledger that records individuals and collectives identities, which facilitates the design of the simplified authentication protocol for IoT without relying on third-party identity providers. Besides, our IoT secure infrastructure adopts socialized IoT paradigm which allows all IoT entities (namely, individuals, collectives, things) to establish relationships and makes the IoT extensible and ubiquitous networks where owners can take advantage of relationships to set access policies for their devices or services. Furthermore, in order to protect operations of our IoT secure infrastructure against security threats, we also introduce an autonomic threat detection mechanism as the complementary of our access control framework, which can continuously monitor anomaly behavior of device or service operations. Informatique Internet des Objets Infrastructure sécurisée Sécurité informatique Réseau pair à pair Identitification Détection menaces Connectique étentue Blockchain Information Technology Internet of Things Secure infrastructure IT security Peer-To-Peer Networks Identification Threat detection Extensive connectivity Blockchain 004.678 207 2
444	Physical Layer Security vs. Network Layer Secrecy: Who Wins on the Untrusted Two-Way Relay Channel? Richter, Johannes, Franz, Elke, Engelmann, Sabrina, Pfennig, Stefan, Jorswieck, Eduard A. January 2013 (has links) We consider the problem of secure communications in a Gaussian two-way relay network where two nodes exchange confidential messages only via an untrusted relay. The relay is assumed to be honest but curious, i.e., an eavesdropper that conforms to the system rules and applies the intended relaying scheme. We analyze the achievable secrecy rates by applying network coding on the physical layer or the network layer and compare the results in terms of complexity, overhead, and efficiency. Further, we discuss the advantages and disadvantages of the respective approaches. info:eu-repo/classification/ddc/004 ddc:004
445	The Security Layer O'Neill, Mark Thomas 01 January 2019 (has links) Transport Layer Security (TLS) is a vital component to the security ecosystem and the most popular security protocol used on the Internet today. Despite the strengths of the protocol, numerous vulnerabilities result from its improper use in practice. Some of these vulnerabilities arise from weaknesses in authentication, from the rigidity of the trusted authority system to the complexities of client certificates. Others result from the misuse of TLS by developers, who misuse complicated TLS libraries, improperly validate server certificates, employ outdated cipher suites, or deploy other features insecurely. To make matters worse, system administrators and users are powerless to fix these issues, and lack the ability to properly control how their own machines communicate securely online. In this dissertation we argue that the problems described are the result of an improper placement of security responsibilities. We show that by placing TLS services in the operating system, both new and existing applications can be automatically secured, developers can easily use TLS without intimate knowledge of security, and security settings can be controlled by administrators. This is demonstrated through three explorations that provide TLS features through the operating system. First, we describe and assess TrustBase, a service that repairs and strengthens certificate-based authentication for TLS connections. TrustBase uses traffic interception and a policy engine to provide administrators fine-tuned control over the trust decisions made by all applications on their systems. Second, we introduce and evaluate the Secure Socket API (SSA), which provides TLS as an operating system service through the native POSIX socket API. The SSA enables developers to use modern TLS securely, with as little as one line of code, and also allows custom tailoring of security settings by administrators. Finally, we further explore a modern approach to TLS client authentication, leveraging the operating system to provide a generic platform for strong authentication that supports easy deployment of client authentication features and protects user privacy. We conclude with a discussion of the reasons for the success of our efforts, and note avenues for future work that leverage the principles exhibited in this work, both in and beyond TLS. SSL TLS man in the middle certificate OpenSSL security operating system administrator control kernel security policy certificates transport layer security secure sockets layer developer mistakes vulnerabilities client authentication DANE OSCP CRLSet CRL Convergence notary POSIX socket API API Computer Sciences
446	Domov a rodina / When the family is not around Kantor, Táňa January 2019 (has links) The aim of this work is to introduce a new concept of children's home which seeks to find a relationship between family environment, specific needs of children or necessary architecture requirements which are important in perceiving the space in which children are.
447	Secure and Efficient Comparisons between Untrusted Parties Beck, Martin 11 September 2018 (has links) A vast number of online services is based on users contributing their personal information. Examples are manifold, including social networks, electronic commerce, sharing websites, lodging platforms, and genealogy. In all cases user privacy depends on a collective trust upon all involved intermediaries, like service providers, operators, administrators or even help desk staff. A single adversarial party in the whole chain of trust voids user privacy. Even more, the number of intermediaries is ever growing. Thus, user privacy must be preserved at every time and stage, independent of the intrinsic goals any involved party. Furthermore, next to these new services, traditional offline analytic systems are replaced by online services run in large data centers. Centralized processing of electronic medical records, genomic data or other health-related information is anticipated due to advances in medical research, better analytic results based on large amounts of medical information and lowered costs. In these scenarios privacy is of utmost concern due to the large amount of personal information contained within the centralized data. We focus on the challenge of privacy-preserving processing on genomic data, specifically comparing genomic sequences. The problem that arises is how to efficiently compare private sequences of two parties while preserving confidentiality of the compared data. It follows that the privacy of the data owner must be preserved, which means that as little information as possible must be leaked to any party participating in the comparison. Leakage can happen at several points during a comparison. The secured inputs for the comparing party might leak some information about the original input, or the output might leak information about the inputs. In the latter case, results of several comparisons can be combined to infer information about the confidential input of the party under observation. Genomic sequences serve as a use-case, but the proposed solutions are more general and can be applied to the generic field of privacy-preserving comparison of sequences. The solution should be efficient such that performing a comparison yields runtimes linear in the length of the input sequences and thus producing acceptable costs for a typical use-case. To tackle the problem of efficient, privacy-preserving sequence comparisons, we propose a framework consisting of three main parts. a) The basic protocol presents an efficient sequence comparison algorithm, which transforms a sequence into a set representation, allowing to approximate distance measures over input sequences using distance measures over sets. The sets are then represented by an efficient data structure - the Bloom filter -, which allows evaluation of certain set operations without storing the actual elements of the possibly large set. This representation yields low distortion for comparing similar sequences. Operations upon the set representation are carried out using efficient, partially homomorphic cryptographic systems for data confidentiality of the inputs. The output can be adjusted to either return the actual approximated distance or the result of an in-range check of the approximated distance. b) Building upon this efficient basic protocol we introduce the first mechanism to reduce the success of inference attacks by detecting and rejecting similar queries in a privacy-preserving way. This is achieved by generating generalized commitments for inputs. This generalization is done by treating inputs as messages received from a noise channel, upon which error-correction from coding theory is applied. This way similar inputs are defined as inputs having a hamming distance of their generalized inputs below a certain predefined threshold. We present a protocol to perform a zero-knowledge proof to assess if the generalized input is indeed a generalization of the actual input. Furthermore, we generalize a very efficient inference attack on privacy-preserving sequence comparison protocols and use it to evaluate our inference-control mechanism. c) The third part of the framework lightens the computational load of the client taking part in the comparison protocol by presenting a compression mechanism for partially homomorphic cryptographic schemes. It reduces the transmission and storage overhead induced by the semantically secure homomorphic encryption schemes, as well as encryption latency. The compression is achieved by constructing an asymmetric stream cipher such that the generated ciphertext can be converted into a ciphertext of an associated homomorphic encryption scheme without revealing any information about the plaintext. This is the first compression scheme available for partially homomorphic encryption schemes. Compression of ciphertexts of fully homomorphic encryption schemes are several orders of magnitude slower at the conversion from the transmission ciphertext to the homomorphically encrypted ciphertext. Indeed our compression scheme achieves optimal conversion performance. It further allows to generate keystreams offline and thus supports offloading to trusted devices. This way transmission-, storage- and power-efficiency is improved. We give security proofs for all relevant parts of the proposed protocols and algorithms to evaluate their security. A performance evaluation of the core components demonstrates the practicability of our proposed solutions including a theoretical analysis and practical experiments to show the accuracy as well as efficiency of approximations and probabilistic algorithms. Several variations and configurations to detect similar inputs are studied during an in-depth discussion of the inference-control mechanism. A human mitochondrial genome database is used for the practical evaluation to compare genomic sequences and detect similar inputs as described by the use-case. In summary we show that it is indeed possible to construct an efficient and privacy-preserving (genomic) sequences comparison, while being able to control the amount of information that leaves the comparison. To the best of our knowledge we also contribute to the field by proposing the first efficient privacy-preserving inference detection and control mechanism, as well as the first ciphertext compression system for partially homomorphic cryptographic systems. info:eu-repo/classification/ddc/004 ddc:004
448	Secure Communication in a Multi-OS-Environment Bathe, Shivraj Gajanan 25 January 2016 (has links) Current trend in automotive industry is moving towards adopting the multicore microcontrollers in Electronic Control Units (ECUs). Multicore microcontrollers give an opportunity to run a number of separated and dedicated operating systems on a single ECU. When two heterogeneous operating systems run in parallel on a multicore environment, the inter OS communication between these operating systems become the key factor in the overall performance. The inter OS communication based on shared memory is studied in this thesis work. In a setup where two operating systems namely EB Autocore OS which is based on AUTomotive Open System Architecture standard and Android are considered. Android being the gateway to the internet and due to its open nature and the increased connectivity features of a connected car, many attack surfaces are introduced to the system. As safety and security go hand in hand, the security aspects of the communication channel are taken into account. A portable prototype for multi OS communication based on shared memory communication with security considerations is developed as a plugin for EB tresos Studio. info:eu-repo/classification/ddc/004 ddc:004 Informatik; AUTOSAR; LINUX
449	Hur påverkar implementering av multifaktorautentisering användarnas digitala arbetsmiljö? : En intervjustudie om förutsättningar och motivation för säker användning i en professionell utbildningsorganisation / How does implementation of multi-factor authentication affect users' digital work environment? : An interview study on conditions and motivation for secure usage in a professional educational organization Geronson, Carl, Mellvé, Oscar January 2023 (has links) I takt med en ökad digitalisering har det blivit ett allt större fokus på IT-säkerhet. Det finns olika typer av lösningar för att stärka IT-säkerheten och att implementera multifaktorautentisering är en av dem. I organisationers säkerhetsarbete spelar användarna en viktig roll, samtidigt kan de betraktas som ett säkerhetshot snarare än en resurs. I den här intervjustudien undersöker vi hur en implementering av multifaktorautentisering påverkar användarnas digitala arbetsmiljö. För att förstå detta har studien använt en kvalitativ datainsamlingsmetod där tio semistrukturerade intervjuer med anställda från Malmö universitet har genomförts. I analysen av resultatet har bland annat Technology Acceptance Model, Protection Motivation Theory samt ett fenomenologiskt perspektiv använts som teoretiska utgångspunkter. Studien visar att det finns en oförutsägbarhet med multifaktorautentisering som skapar en kognitiv omställning och ett hinder i arbetsflödet. Det framgår även att användarnas medvetenhet om IT-säkerhet är en viktig faktor i acceptansen av säkerhetsåtgärder så som multifaktorautentisering. Studien lyfter fram att det krävs en bra användarupplevelse bland befintliga IT-system för att välkomna och anpassa sig till framtida implementeringar av säkerhetssystem. / As digitalization has increased, there has been a growing focus on IT security. There are various types of solutions to strengthen IT security, and implementing multi-factor authentication is one of them. In the security efforts of organizations, users play an important role, but they can also be seen as a security threat rather than a resource. In this interview study, we examine how the implementation of multi-factor authentication affects users' digital work environment. To understand this, the study used a qualitative data collection method, conducting ten semi-structured interviews with employees from Malmö university. In the analysis of the results, the study utilized theoretical frameworks such as the Technology Acceptance Model, Protection Motivation Theory, and a phenomenological perspective. The study reveals that there is unpredictability associated with multi-factor authentication, creating a cognitive adjustment and a hindrance in workflow. It is also evident that users' awareness of IT security is an important factor in accepting security measures such as multi-factor authentication. The study emphasizes the need for a good user experience in existing IT systems to welcome and adapt to future implementations of security systems. Digital work environment IT security Multi-factor authentication Secure usage Ease of use User acceptance Information system Digital arbetsmiljö IT-säkerhet Multifaktorautentisering Säker användning Användarvänlighet Användaracceptans Informationssystem Engineering and Technology Teknik och teknologier
450	Secure degrees of freedom on widely linear instantaneous relay-assisted interference channel Ho, Zuleita K.-M., Jorswieck, Eduard January 2013 (has links) The number of secure data streams a relay-assisted interference channel can support has been an intriguing problem. The problem is not solved even for a fundamental scenario with a single antenna at each transmitter, receiver and relay. In this paper, we study the achievable secure degrees of freedom of instantaneous relay-assisted interference channels with real and complex coefficients. The study of secure degrees of freedom with complex coefficients is not a trivial multiuser extension of the scenarios with real channel coefficients as in the case for the degrees of freedom, due to secrecy constraints. We tackle this challenge by jointly designing the improper transmit signals and widely-linear relay processing strategies. info:eu-repo/classification/ddc/621.3 ddc:621.3

Search results