Security Architecture and Technologies for the Electronic Document Exchange with SOAP as Communication Protocol / Säkerhetsarkitektur och -tekniker för utbyte av elektroniska dokument med SOAP som kommunikationsprotokoll

Dahlén, Marcus

January 2005

In many industries the tracking and tracing of products within the supply chain is required by law. Companies in the metal working industry exchange so-called material test reports, which specify the product’s properties, the customer’s requirements, and serve as an assurance between the supplier and the customer. Internet technologies have changed the way companies exchange information and conduct business. In the metal working industry companies can implement an intermediary platform and make the exchange of material test reports more efficient. Furthermore, a client application that allows the company to export test reports from their information system directly to the intermediary can significantly decrease the processing costs. This inter-organizational collaboration can render an increase in productivity for customers and suppliers. The main goal of the thesis is to analyze how companies in a supply chain can exchange documents with an intermediary over the protocol SOAP as well as support companies by showing a structured procedure for how to achieve security in a system using SOAP. SOAP is a platform independent XML-based communication protocol. The Extensible Markup Language (XML) is of major importance in e-business applications, because of its platform, language, and vendor independent way of describing data. As a universal data format, it enables the seamless connection of business systems. SOAP does not provide any security and is usually implemented over HTTP, which allows it to pass through firewalls. Companies are only prepared to join an inter-organizational collaboration if IT-security is guaranteed. In the exchange of material test reports, security has two objectives. The first is to replace the handwritten signature in the paper-based document exchange. The second is to guarantee security for the material test reports as well as for the information intermediary. SOAP’s extensibility model allows organizations to develop new extensions, which build upon the protocol and provide functions which aren’t specified. Specifications for attachments as well as for security should be implemented in the electronic document exchange. To design a secure system, each security concept, such as confidentiality, authentication and integrity, can be analyzed in its context and the appropriate standard can thereafter be implemented.

Informationsteknik

SOAP

XML

Web Service

J2EE

security

SSL

MTOM

Risk Assessment

XML Digital Signature

XML Encryption

XKMS

Informationsteknik

Computer and Information Sciences

Data- och informationsvetenskap

Security Auditing and Testing of two Android Client-Server Applications

Engström Ericsson, Matilda

January 2020

How secure is your application? How can you evaluate if it is secure? The threats are many and may be hard to find. In a world where things are more and more automated; how does manual labour contribute to security auditing applications? This study aims to assess two proof of concept Android client-server applications, developed by students to suit the needs of a fictitious Police Department and Fire Department, respectively. The approach is unconventional yet supported by well-established theory. The gist of a vulnerability assessment methodology initially developed to assess the security of middleware is followed and applied to the entire architecture of these client-server applications. How the manual labour contributed to the end results, in comparison to the use of automated tools and a list of known threats, is then evaluated.   It is concluded that the applications encompass multiple of the Open Web Application Security Project (OWASP) Top 10 Mobile Risks and that automated tools find most of those vulnerabilities. However, relying on automation may lead to a false sense of security, which in effect may cause developers to lose understanding of why vulnerabilities occur and how they should be mitigated. Understanding how the design and architecture of the application influence its security is key.   As of Android 9.0+, default is that applications use SSL encrypted communication. Only 40% of Android users are in 2020 affected by this change according to Android studio developer information, leaving a majority of users unaware of if or how their data is being protected, also observed in analysis results from this thesis work. One should consider if or how to inform users of how their data is being handled, not only in newer Android versions or regarding SSL communication.    This work also shows that developers' decisions may be greatly affected by time pressed situations, which is reflected upon in the last chapter. Another important finding was that the third-party software Sinch, which enabled the use of voice and video communication in one of the applications, sent IP addresses and usernames of the users in clear text during the binding request, when the Session Traversal Utilities for NAT (STUN) protocol was used.

Security audit

Security testing

Android Client-Server

OWASP Top 10 Mobile Risks

Automated tools

MITM attack

SSL

Authorization

Computer Sciences

Datavetenskap (datalogi)

Zabezpečení komunikace a ochrana dat v Internetu věcí / Secure Communication and Data Protection in the Internet of Things

Chadim, Pavel

January 2018

This Master's thesis „Secure communication and data protection in the internet of things“ is dealing with crypthografy and crypthographic libraries, which are compared with eachother according to supporting algorithm and standard. For comparing therewere used following libraries: openSSL, wolfSSL, nanoSSL and matrixSSL. Practical part of the thesis is focused on testing the productivity of each ciphers and protocols of openSSL and wolfSSL libraries on RaspberryPi 2 device. Further, the thesis shows the design of communication scenario client-server in the Internet of Things (IoT). Simple authentication protocol client-server was implemented and simulated on RaspberryPi 2 device.

Zabezpečený peer to peer komunikační systém / Secure peer-to-peer communication system

Eliáš, Luboš

January 2008

The main aim of this master's thesis is to implement a common, secure and peer-to-peer communication system. The system has ability to automatically establish and run a secure end-to-end connection. It has this ability even if a network address translator is in the way to the destination system, without need of any explicit configuration of this translator. The security procedures of this system are in a transparent manner masked from individual applications, which had to solve this challenge in their own way. A responsibility for a security is delegate to an application-independent subsystem working within the core of an operating system. The security of this subsystem is based on capturing the outbound and inbound IP packets and their authentication and encryption. The system was successfully implemented in MS Windows XP operating system, in programming language C++. Transfer rate of communication tunnel in different network bandwidth speeds was measured. Result shows, that in the case of use the system on standard PC sold nowadays is practically no decrease of the transfer rate in comparison to a common channel.

Entwicklung eines mobilen Social Semantic Web Clients

Arndt, Natanael

22 January 2018

Diese Arbeit befasst sich mit der Konzeption und der Entwicklung eines mobilen Social Semantic Web Clients. Er ist auf internetfahigen Handys, Internettablets, Netbooks und weiteren Geraten mit dem Android-System einsetzbar. Der Client ermöglicht es, das Onlineprofil des Benutzers zu importieren und zu bearbeiten. Er importiert ebenfalls die darin referenzierten Profile von Bekannten von den verschiedenen verteilten Servern. Außerdem beherrscht der Client eine Authentifizierung mittels FOAF+SSL, um dasAbrufen von privaten Daten zu ermöglichen. Diese Arbeit befasst sich damit, die genannte Funktionalität durch eine Middleware bereitzustellen. Dies bietet die Möglichkeit darauf aufbauende Anwendungen in Zukunft zu entwickeln. Im Rahmen dieser Arbeit wird zusätzlich eine auf diese Middleware aufbauende Benutzeroberfäche und eine Integration der Kontakte in das Android-Adressbuch entwickelt.

info:eu-repo/classification/ddc/000

ddc:000

Web site security maturity of the European Union and its member states : A survey study on the compliance with best practices of DNSSEC, HSTS, HTTPS, TLS-version, and certificate validation types

Rapp, Axel

January 2021

With e-governance steadily growing, citizen-to-state communication via Web sites is as well, placing enormous trust in the protocols designed to handle this communication in a secure manner. Since breaching any of the protocols enabling Web site communication could yield benefits to a malicious attacker and bring harm to end-users, the battle between hackers and information security professionals is ongoing and never-ending. This phenomenon is the main reason why it is of importance to adhere to the latest best practices established by specialized independent organizations. Best practice compliance is important for any organization, but maybe most of all for our governing authorities, which we should hold to the highest standard possible due to the nature of their societal responsibility to protect the public. This report aims to, by conducting a quantitative survey, study the Web sites of the governments and government agencies of the member states of the European Union, as well as Web sites controlled by the European Union to assess to what degree their domains comply with the current best practices of DNSSEC, HSTS, HTTPS, SSL/TLS, and certificate validation types. The findings presented in this paper show that there are significant differences in compliance level between the different parameters measured, where HTTPS best practice deployment was the highest (96%) and HSTS best practice deployment was the lowest (3%). Further, when comparing the average best practice compliance by country, Denmark and the Netherlands performed the best, while Cyprus had the lowest average.

Web site security

information security

e-governance

best practice

DNSSEC

HSTS

HTTPS

SSL

TLS

certificate validation

Information Systems, Social aspects

Relay Racing with X.509 Mayflies : An Analysis of Certificate Replacements and Validity Periods in HTTPS Certificate Logs / Stafettlöpning med X.509-dagsländor : En Analys av Certifikatutbyten och Giltighetsperioder i HTTPS-certifikatloggar

Bruhner, Carl Magnus, Linnarsson, Oscar

January 2020

Certificates are the foundation of secure communication over the internet as of today. While certificates can be issued with long validity periods, there is always a risk of having them compromised during their lifetime. A good practice is therefore to use shorter validity periods. However, this limits the certificate lifetime and gives less flexibility in the timing of certificate replacements. In this thesis, we use publicly available network logs from Rapid7's Project Sonar to provide an overview of the current state of certificate usage behavior. Specifically, we look at the Let's Encrypt mass revocation event in March 2020, where millions of certificates were revoked with just five days notice. In general, we show how this kind of datasets can be used, and as a deeper exploration we analyze certificate validity, lifetime and use of certificates with overlapping validity periods, as well as discuss how our findings relate to industry standard and current security trends. Specifically, we isolate automated certificate services such as Let's Encrypt and cPanel to see how their certificates differ in characteristics from other certificates in general. Based on our findings, we propose a set of rules to help improve the trust in certificate usage and strengthen security online, introducing an Always secure policy aligning certificate validity with revocation time limits in order to replace revocation requirements and overcoming the fact that mobile devices today ignore this very important security feature. To round things off, we provide some ideas for further research based on our findings and what we see possible with datasets such as the one researched in this thesis.

certificate authorities

certificate lifetime

certificate overlap

certificate replacement

certificate validity

certificates

HTTPS

network security

PKI

Project Sonar

SSL

TLS

X.509

Computer Sciences

Datavetenskap (datalogi)

¡Bienvenides! La percepción y la actitud del alumnado sueco con respecto al lenguaje inclusivo en el mundo hispanohablante : Un estudio cuantitativo del alumnado sueco en las clases de ELE. / Welcome! The Swedish student’s perception and attitude towards the inclusive  language in the Spanish speaking world : A quantitative study of the Swedish  students in ELE classes.

Sjöstedt, Nora

January 2022

El propósito de esta investigación es descubrir lo que piensa el alumnado sueco en las clases de ELE (Español como Lengua Extranjera) sobre el lenguaje inclusivo en el mundo hispanohablante. El interés aquí se encuentra en descubrir las percepciones y las actitudes hacia el lenguaje inclusivo en esta área. En adición, queremos investigar cuáles variables influirán la frecuencia de uso del lenguaje inclusivo. La razón de este estudio es agregar datos a este nuevo campo dentro de los estudios lingüísticos, al igual que hallar cómo sienten les alumnes de Suecia sobre el tema viniendo de un país donde no existe un genérico masculino en la lengua y donde tratan de ser inclusivos a través de usar un pronombre neutro (hen). Les alumnes participando en este estudio estudian español en los niveles de 3 a 5 en diferentes Bachilleratos en el sur de Suecia y tienen entre 15 y 18 años. La mayoría de les alumnes identifican como mujeres, y esto se puede explicar en que la mayoría de les alumnes de una lengua moderna en el bachillerato sueco son mujeres (Statistikmyndigheten SCB, 2018). La investigación se hizo usando un método cuantitativo y para recibir los datos necesarios para la investigación mandamos una encuesta, hecho por el internet, a les profesores que a su vez la enseñaron a sus alumnes. La encuesta en sí está basada en varias preguntas, empezando con información básica sobre les alumnes y también una autocompletación de su conocimiento en español. Después preguntamos a les alumnes diferentes preguntas sobre la percepción del lenguaje inclusivo en el mundo hispanohablante, su actitud hacia ello, y finalmente, cuáles variables podrían influir la frecuencia de uso de un lenguaje inclusivo. En cuanto a los resultados, pudimos identificar algunos hallazgos importantes. Por ejemplo, hallamos que existe una correlación estadísticamente significativa entre algunas variables: género y actitud, competencia y actitud, y conocimiento y actitud. Aparte de eso, generalmente, nuestra hipótesis fue verificada en el sentido de que la percepción del alumnado sueco hacia el lenguaje inclusivo en el mundo hispanohablante es algo necesario en el mundo en que vivimos al igual que hay una actitud abierta hacia ello, significando que quieren que todes serán incluides cuando se dirige a una identidad desconocida. Con respecto a las variables que podrían influir el uso del lenguaje inclusivo y aumentarlo, son la generación, grado de aceptación y el impacto de las figuras públicas las que tiene mucha importancia. / The purpose of this investigation is to find out what the Swedish students in the SSL (Spanish as a foreign language) classes think about the inclusive language in the Spanish-speaking world. The interest here lies in finding out how they perceive the use of the inclusive language in said area, and also their attitude towards it. In addition to this, we wanted to investigate which variables would influence the frequency of use of the inclusive language. The reason for this study is to add data to a new area within the linguistic studies, as well as discover how Swedish students feel about the subject, coming from a country where there does not exist a generic masculine in the spoken language and they try to be inclusive by using a gender-neutral pronoun (hen). The students participating in this investigation study Spanish on the levels between 3 to 5 in different upper secondary schools in the south of Sweden and they are between the ages of 15 and 18. Most of the informants identify themselves as women, and this can be explained by the fact that the majority of students of a modern language in the Swedish upper secondary school are women (Statistikmyndigheten SCB, 2018). The investigation was made using a quantitative method and in order to receive the data necessary for the investigation we sent out a survey, made on the internet, to the teachers who in turn presented it to their students. The survey itself was based on numerous questions, beginning with some basic information about the students and also an autocompletion of their knowledge in Spanish. Afterwards we asked the students different questions concerning the perception of the inclusive language in the Spanish speaking world, their attitude towards it and, finally, which variables could influence the frequency of use of an inclusive language. As far as the results go, we could identify some important findings. For example, we found out there exists a statistically significant correlation between a few variables: gender and attitude, competence and attitude, and knowledge and attitude. Apart from that, generally speaking, our hypothesis was proved in the sense that the perception of the Swedish student towards the inclusive language in the Spanish speaking world is something necessary in the world we live in as well as that they have an open minded attitude towards it, meaning they want everyone to be included when addressing an unknown identity. Concerning the possible variables that could influence the use of the inclusive language and make it increase, the generation, degree of acceptance and the impact from public figures are of high importance.

Inclusive language

generic masculine

SSL

perception

attitude

variables.

Lenguaje inclusivo

masculino genérico

ELE

percepción

actitud

variables.

General Language Studies and Linguistics

La importancia de las tecnologías de información y comunicación (TIC) en la didáctica del español como lengua extranjera (ELE)

Arapé, Alejandro

05 1900

No description available.

Espagnol langue étrangère (ELE)

Didactique

Spanish Second language (SSL)

Didactic

Web 2.0

Bezpečné kryptografické algoritmy / Safe Cryptography Algorithms

Zbránek, Lukáš

January 2008

In this thesis there is description of cryptographic algorithms. Their properties are being compared, weak and strong points and right usage of particular algorithms. The main topics are safeness of algorithms, their bugs and improvements and difficulty of breaching. As a complement to ciphers there are also hash functions taken in consideration. There are also showed the most common methods of cryptanalysis. As a practical application of described algorithms I analyze systems for secure data transfer SSH and SSL/TLS and demonstrate an attack on SSL connection. In conclusion there is recommendation of safe algorithms for further usage and safe parameters of SSH and SSL/TLS connections.