IEEE 802.11 wireless LAN traffic analysis: a cross-layer approach

Na, Chen

28 August 2008

Not available / text

IEEE 802.11 (Standard)

Wireless LANs--Security measures

Security protocols for mobile ad hoc networks

Davis, Carlton R.

January 2006

Mobile ad hoc networks (MANETs) are generating much interest both in academia and the telecommunication industries. The principal attractions of MANETs are related to the ease with which they can be deployed due to their infrastructure-less and decentralized nature. For example, unlike other wireless networks, MANETs do not require centralized infrastructures such as base stations, and they are arguably more robust due to their avoidance of single point of failures. Interestingly, the attributes that make MANETs attractive as a network paradigm are the same phenomena that compound the challenge of designing adequate security schemes for these innovative networks. / One of the challenging security problems is the issue of certificate revocation in MANETs where there are no on-line access to trusted authorities. In wired network environments, when certificates are to be revoked, certificate authorities (CAs) add the information regarding the certificates in question to certificate revocation lists (CRLs) and post the CRLs on accessible repositories or distribute them to relevant entities. In purely ad hoc networks, there are typically no access to centralized repositories or trusted authorities; therefore the conventional method of certificate revocation is not applicable. / Another challenging MANET security problem is the issue of secure routing in the presence of selfish or adversarial entities which selectively drop packets they agreed to forward; and in so doing these selfish or adversarial entities can disrupt the network traffic and cause various communication problems. / In this thesis, we present two security protocols we developed for addressing the above-mentioned MANET security needs. The first protocol is a decentralized certificate revocation scheme which allows the nodes within a MANET to have full control over the process of certificate revocation. The scheme is fully contained and it does not rely on any input from centralized or external entities such as trusted CAs. The second protocol is a secure MANET routing scheme we named Robust Source Routing (RSR). In addition to providing data origin authentication services and integrity checks, RSR is able to mitigate against intelligent, colluding malicious agents which selectively drop or modify packets they are required to forward.

SCRIPSIT : a model for establishing trustable privacies in online public spaces.

Rodda, Paul Trevor-John.

January 2004

This dissertation proposes a model supporting the creation of trustable privacies in public online spaces, with the model demonstrating the potential for supporting trustable data handling in the qualitative domain. Privacy and trust, from the pivotal perspective of the individual were identified as crucial intangibles in the qualitative research and personal trust domains. That both privacy and trust depend heavily upon credible mechanisms for privacy became clear during the literature review and interview processes. Privacy, in its many forms, is a concept requiring greatly varying degrees of anonymity, confidentiality and control (Rotenberg, 2001; Lessig, 1998) and this was position was validated by literature and by qualitative comments by academic interviewees. Facilitation of secondary users including academics, public and private organisations, communities, casual information browsers is a goal of this research. This goal of facilitation is supported by the model proposed, and is discussed in Chapter 6, where future work is discussed. The core requirement to address confidentiality, ethics, privacy, ownership and control of data (Corti, 2000) is satisfied by the model as proposed and discussed. Expected outcomes of this research project are summarised as: • Proposed model for the creation of trustable privacies in public spaces. [Primary outcome] • Promotion of collaboration amongst domains and disciplines through improved universal access to archived data [Secondary outcome] • Identification of application domains outside of the initially identified domain set [Secondary outcome]. Self-Contained ReposItory ProcesSIng Template (SCRIPSIT) describes a model supporting a decentralised, trustable set of structures and mechanisms. SCRIPSIT has its eponymous origin in the Latin word scripsit, meaning "he or she wrote". / Thesis (M.A.)-University of KwaZulu-Natal, Durban, 2004.

Privacy, Right of.

Computers--Access control.

Data protection.

Theses--Digital media.

Occlusion tolerant object recognition methods for video surveillance and tracking of moving civilian vehicles

Pati, Nishikanta. Guturu, Parthasarathy,

January 2007

Thesis (M.S.)--University of North Texas, Dec., 2007. / Title from title page display. Includes bibliographical references.

An approach to information system isolation and security in a shared facility,

January 1973

by Stuart E. Madnick [and] John J. Donovan. / Bibliography: leaf 15.

HD28 .M414 no.648-, 73

Email security policy implementation in multinational organisations with special reference to privacy laws

Dixon, Henry George

January 2003

In 1971, scientist Ray Tomlinson sent what is now considered the first email message. It was considered as “nothing short of revolutionary … deserv[ing] a spot in the list of great communication inventions such as the printing press, telegraph and telephone” (Festa, 2001). Whereas email was first used exclusively in the military (Arpanet) and in academic circles, it has now become almost ubiquitous, used widely for private, as well as for business correspondence. According to a Berkeley study (Berkeley, 2000), there were approximately 440 million corporate and personal [e-] mailboxes worldwide in 2001, of which more than a third was corporate mailboxes. As a result of the extensive use of email in the corporate environment, Information Officers have to ensure that the use of email adds business value. In an “always on” market place, the efficiency, immediacy and cost effectiveness of email communication are immediately evident. A study by Ferris Research, quoted by Nchor (2001), shows that there is “an overall productivity gain of US$9000 per employee as they send and receive emails to get projects done.” However, the use of email in the corporate envi-ronment also poses business risks that need to be uniquely addressed. Among these “key business risks” (Surfcontrol, 2001) are security risks, viruses, legal liability, pro-ductivity loss and bandwidth abuse. To address the risks mentioned above and to protect the business value of email, spe-cific policies have to be implemented that address email usage. Information Security Policies are defined in most corporate environments. In a study done by Elron Soft-ware (2001), 83% of respondents who have abused email have company policies regu-lating email usage. There appears to be a gap between policy conception and policy implementation. Various factors inhibit effective policy implementation – ethical, legal and cultural. The implementation of corporate policy becomes especially complex in multinational environments where differing information law Email usage is ubiquitous in the modern business environment, but few companies adequately manage the risks associated with email.

Privacy, Right of

Electronic mail systems -- Management

WISP: a wireless information security portal

Diakite, Soumaila Dit Moule

10 March 2010

M.Sc. / Wireless networking is a fairly new technology that is important in information technology (IT). Hotels, Airports, Coffee shops, and homes are all installing wireless networks at a record pace, making wireless networks the best choice for consumers. This popularity of wireless networks is because of the affordability of wireless networks devices, and the easy installation [11]. In spite of the popularity of the wireless networks, one factor that has prevented them from being even more widespread can be summed up in a single word: security. It comes as no surprise that these two – wireless and security – converge to create one of the most important topics in the IT industry today [11]. Wireless networks by nature bring about new challenges unique to its environment. One example of these new challenges is: “Signal overflow beyond physical walls”, and with these kinds of new challenges unique to wireless networks, we have new security risks. Hence wireless networks lend themselves to a host of attack possibilities and risks. That is because wireless networks provide a convenient network access point for an attacker, potentially beyond the physical security controls of the organization [7]. Therefore it is challenging for managers to introduce wireless networks and properly manage the security of wireless networks, Security problems of wireless networks are the main reason for wireless networks not being rolled out optimally [1]. In this dissertation, we aim to present to both specialist and non–specialists in the IT industry the information needed to protect a wireless network. We will first identify and discuss the different security requirements of wireless networks. After that we shall examine the technology that helps make wireless networks secure, and describe the type of attacks against wireless networks and defense techniques to secure wireless networks. The research will concentrate on wireless LANs (Local Area Networks), and leading wireless LAN protocols and standards. The result of the research will be used to create WISP (A Wireless Information Security Portal). WISP will be a tool to support the management of a secure wireless network, and help assure the confidentiality, integrity, and availability of the information systems in a wireless network environment.

Wireless LANs security measures

Computer networks security measures

Amber : a aero-interaction honeypot with distributed intelligence

Schoeman, Adam

January 2015

For the greater part, security controls are based on the principle of Decision through Detection (DtD). The exception to this is a honeypot, which analyses interactions between a third party and itself, while occupying a piece of unused information space. As honeypots are not located on productive information resources, any interaction with it can be assumed to be non-productive. This allows the honeypot to make decisions based simply on the presence of data, rather than on the behaviour of the data. But due to limited resources in human capital, honeypots’ uptake in the South African market has been underwhelming. Amber attempts to change this by offering a zero-interaction security system, which will use the honeypot approach of decision through Presence (DtP) to generate a blacklist of third parties, which can be passed on to a network enforcer. Empirical testing has proved the usefulness of this alternative and low cost approach in defending networks. The functionality of the system was also extended by installing nodes in different geographical locations, and streaming their detections into the central Amber hive.

Security systems -- Security measures

Computer viruses

Computer security

A framework for information security governance in SMMEs

Coertze, Jacques Jacobus

January 2012

It has been found that many small, medium and micro-sized enterprises (SMMEs) do not comply with sound information security governance principles, specifically the principles involved in drafting information security policies and monitoring compliance, mainly as a result of restricted resources and expertise. Research suggests that this problem occurs worldwide and that the impact it has on SMMEs is great. The problem is further compounded by the fact that, in our modern-day information technology environment, many larger organisations are providing SMMEs with access to their networks. This results not only in SMMEs being exposed to security risks, but the larger organisations as well. In previous research an information security management framework and toolbox was developed to assist SMMEs in drafting information security policies. Although this research was of some help to SMMEs, further research has shown that an even greater problem exists with the governance of information security as a result of the advancements that have been identified in information security literature. The aim of this dissertation is therefore to establish an information security governance framework that requires minimal effort and little expertise to alleviate governance problems. It is believed that such a framework would be useful for SMMEs and would result in the improved implementation of information security governance.

Computer networks -- Security measures

Utilizing the Technology Acceptance Model to Assess Employee Adoption of Information Systems Security Measures

Jones, Cynthia

16 September 2009

Companies are increasing their investment in technologies to enable better access to information and to gain a competitive advantage. Global competition is driving companies to reduce costs and enhance productivity, increasing their dependence on information technology. Information is a key asset within an organization and needs to be protected. Expanded connectivity and greater interdependence between companies and consumers has increased the damage potential of a security breach to a company's information systems. Improper unauthorized use of computer systems can create a devastating financial loss even to the point of causing the organization to go out of business. It is critically important to understand what causes users to understand, accept and to follow the organization's information systems security measures so that companies can realize the benefits of their technological investments. In the past several years, computer security breaches have stemmed from insider misuse and abuse of the information systems and non-compliance to the information systems security measures. The purpose of this study was to address the factors that affect employee acceptance of information systems security measures. The Technology Acceptance Model was extended and served as the theoretical framework for this study to examine the factors that affect employee adoption of information systems security measures. The research model included three independent dimensions, perceived ease of use, perceived usefulness and subjective norm. These constructs were hypothesized to predict intention to use information systems security measures, moderated by management support affecting subjective norm. Five hypotheses were posited. A questionnaire was developed to collect data from employees across multiple industry segments to test these hypotheses. Partial least squares statistical methodology was used to analyze the data and to test the hypotheses. The results of the statistical analysis supported three of the five hypotheses with subjective norm and management support showing the strongest effect on intention to use information systems security measures. Few studies have used TAM to study acceptance of systems in a mandatory environment and to specifically examine the employee acceptance of computer information systems security measures. This study, therefore, adds to the body of knowledge. Further, it provides important information for senior management and security professionals across multiple industries regarding the need to develop security policies and processes and to effectively communicate them throughout the organization and to design these measures to promote their use by employees in the organization.

Information Systems Security

Mandatory environment

Partial Least Squares

structural equation modeling

Technology Acceptance Model

Business