Global ETD Search

1	Towards a Trustworthy Thin Terminal for Securing Enterprise Networks Frenn, Evan 25 April 2013 (has links) Organizations have many employees that lack the technical knowledge to securely operate their machines. These users may open malicious email attachments/links or install unverified software such as P2P programs. These actions introduce significant risk to an organization's network since they allow attackers to exploit the trust and access given to a client machine. However, system administrators currently lack the control of client machines needed to prevent these security risks. A possible solution to address this issue lies in attestation. With respect to computer science, attestation is the ability of a machine to prove its current state. This capability can be used by client machines to remotely attest to their state, which can be used by other machines in the network when making trust decisions. Previous research in this area has focused on the use of a static root of trust (RoT), requiring the use of a chain of trust over the entire software stack. We would argue this approach is limited in feasibility, because it requires an understanding and evaluation of the all the previous states of a machine. With the use of late launch, a dynamic root of trust introduced in the Trusted Platform Module (TPM) v1.2 specification, the required chain of trust is drastically shortened, minimizing the previous states of a machine that must be evaluated. This reduced chain of trust may allow a dynamic RoT to address the limitations of a static RoT. We are implementing a client terminal service that utilizes late launch to attest to its execution. Further, the minimal functional requirements of the service facilitate strong software verification. The goal in designing this service is not to increase the security of the network, but rather to push the functionality, and therefore the security risks and responsibilities, of client machines to the network€™s servers. In doing so, we create a platform that can more easily be administered by those individuals best equipped to do so with the expectation that this will lead to better security practices. Through the use of late launch and remote attestation in our terminal service, the system administrators have a strong guarantee the clients connecting to their system are secure and can therefore focus their efforts on securing the server architecture. This effectively addresses our motivating problem as it forces user actions to occur under the control of system administrators. Late launch Trusted Platform Module Trusted Computing
2	Privacy Preserving Authentication Schemes and Applications Asokan, Pranav 23 June 2017 (has links) With the advent of smart devices, Internet of things and cloud computing the amount of information collected about an individual is enormous. Using this meta-data, a complete profile about a person could be created - professional information, personal information like his/her choices, preferences, likes/dislikes etc. The concept of privacy is totally lost with this gamut of technology. The ability to separate one's on-line identity from their personal identity is near impossible. The conflicting interests of the two parties - service providers' need for authentication and the users' privacy needs - is the cause for this problem. Privacy Preserving Authentication could help solve both these problems by creating valid and anonymous identities for the users. And simply by proving the authenticity and integrity of this anonymous identity (without revealing/exposing it) the users can obtain services whilst protecting their privacy. In this thesis, I review and analyze the various types of PPA schemes leading to the discussion of our new scheme 'Lightweight Anonymous Attestation with Efficient Revocation'. Finally, the scenarios where these schemes are applicable are discussed in detail. / Master of Science Privacy Preserving Authentication Direct Anonymous Attestation Trusted Platform Module
3	Um Data Diode com hardware criptográfico para Redes Industriais Críticas Teixeira, Gabriel Carrijo Bento, 69-99292-1505 15 December 2017 (has links) Submitted by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2018-03-05T15:59:13Z No. of bitstreams: 2 license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) Dissertação_Gabriel C. B. Teixeira.pdf: 7518481 bytes, checksum: f8b49cd06f0d81fce33b270fade5aa54 (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2018-03-05T15:59:25Z (GMT) No. of bitstreams: 2 license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) Dissertação_Gabriel C. B. Teixeira.pdf: 7518481 bytes, checksum: f8b49cd06f0d81fce33b270fade5aa54 (MD5) / Made available in DSpace on 2018-03-05T15:59:25Z (GMT). No. of bitstreams: 2 license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) Dissertação_Gabriel C. B. Teixeira.pdf: 7518481 bytes, checksum: f8b49cd06f0d81fce33b270fade5aa54 (MD5) Previous issue date: 2017-12-15 / Industrial networks are highly sensitive environments from the point of view of information security with a view to computer incidents can cause incalculable damage. Over the years the connection of those networks with enterprise environments and consequently the Internet, has brought serious concerns about the integrity of the information and equipment involved. Several solutions have been proposed with the aim of protecting Industrial Networks in data communications infrastructure. However, is it really possible or feasible to ensure that the solutions implemented are really safe? In this sense, this work presents a security scheme able to deal with the problems encountered in the integration of critical industrial networks with insecure corporate networks, aiming to ensure data integrity and reliability being the devices. To this end it is proposed to use a Data Diode in the interconnection of networks for the protection of industrial plant and a cryptographic hardware TPM (Trusted Platform Module) to guarantee integrity and reliability of the devices involved. In order to prove the effectiveness of this architecture, tests were carried out to the end the work show that it is possible to achieve better results than those existing in the literature. / Redes Industriais são ambientes altamente sensíveis do ponto de vista da Segurança da Informação, visto que incidentes computacionais podem ocasionar prejuízos incalculáveis. Com o passar dos anos a interligação dessas redes com ambientes corporativos e, consequentemente a Internet, trouxe sérias preocupações sobre a integridade das informações e equipamentos envolvidos. Diversas soluções têm sido propostas com o objetivo de proteger infraestruturas de comunicação de dados em Redes Industriais. Contudo, será que realmente é possível ou factível garantir que as soluções implementadas são realmente seguras? Neste sentido, esta dissertação apresenta um esquema de segurança capaz de tratar os problemas encontrados na integração de redes industriais críticas com redes corporativas inseguras, objetivando garantir integridade dos dados e confiabilidade entre os dispositivos. Para esse fim é proposta a utilização de um Data Diode na interligação das redes para a proteção da planta industrial e um hardware criptográfico TPM (Trusted Platform Module) para garantia de integridade e confiabilidade dos dispositivos envolvidos. Como forma de provar a efetividade dessa arquitetura, foram realizados testes, que ao final no trabalho, mostram que é possível alcançar resultados superiores aos trabalhos já existentes na literatura. TPM (Trusted Platform Module) Redes Industriais Data Diode Segurança da Informação
4	Comparative Study of Network Access Control Technologies Qazi, Hasham Ud Din January 2007 (has links) <p>This thesis presents a comparative study of four Network Access Control (NAC) technologies; Trusted Network Connect by the Trusted Computing group, Juniper Networks, Inc.’s Unified Access Control, Microsoft Corp.’s Network Access Protection, and Cisco Systems Inc.’s Network Admission Control. NAC is a vision, which utilizes existing solutions and new technologies to provide assurance that any device connecting to a network policy domain is authenticated and is subject to the network’s policy enforcement. Non-compliant devices are isolated until they have been brought back to a complaint status. We compare the NAC technologies in terms of architectural and functional features they provide.</p><p>There is a race of NAC solutions in the marketplace, each claiming their own definition and terminology, making it difficult for customers to adopt such a solution, resulting in much uncertainty. The NAC paradigm can be classified into two categories: the first category embraces open standards; the second follows proprietary standards. By selecting these architectures, we cover a representative set of proprietary and open standards-based NAC technologies.</p><p>This study concludes that there is a great need for standardization and interoperability of NAC components and that the four major solution proposals that we studied fall short of the desired interoperability. With standards, customers have the choice to adopt solution components from different vendors, selecting, what is commonly referred to as the best of breed. One example for a standard technology that all four NAC technologies that we studied did adopt is the IEEE’s 802.1X port-based access control technology. It is used to control endpoint device access to the network.</p><p>One shortcoming that most NAC architectures (with the exception of Trusted Network Connect) have in common, is the lack of a strong root-of-trust. Without it, clients’ compliance measurements cannot be trusted by the policy server whose task is to assess each client’s policy compliance.</p> NAC Network Access Control Trusted Platform Module Trusted Computing Group Trusted Network Connect Network Access Protection Network Admission Control 802.1X root of trust Computer science Datavetenskap
5	Secure network programming in wireless sensor networks Tan, Hailun, Computer Science & Engineering, Faculty of Engineering, UNSW January 2010 (has links) Network programming is one of the most important applications in Wireless Sensor Networks as It provides an efficient way to update program Images running on sensor nodes without physical access to them. Securing these updates, however, remains a challenging and important issue, given the open deployment environment of sensor nodes. Though several security schemes have been proposed to impose the authenticity and Integrity protection on network programming applications, they are either energy Inefficient as they tend to use digital signature or lacks the data confidentiality. In addition, due to the absence of secure memory management in the current sensor hardware, the attacker could inject malicious code into the program flash by exploiting buffer overflow In the memory despite the secure code dissemination. The contribution of this thesis Is to provide two software-based security protocols and one hardware-based remote attestation protocol for network programming application. Our first protocol deploys multiple one-way key chains for a multi-hop sensor network. The scheme Is shown to be lower In computational, power consumption and communication costs yet still able to secure multi??hop propagation of program images. Our second protocol utilizes an Iterative hash structure to the data packets in network programming application, ensuring the data confidentiality and authenticity. In addition, we Integrated confidentiality and DoS-attack-resistance in a multi??hop code dissemination protocol. Our final solution is a hardware-based remote attestation protocol for verification of running codes on sensor nodes. An additional piece of tamper-proof hardware, Trusted Platform Module (TPM), is imposed into the sensor nodes. It secures the sensitive information (e.g., the session key) from attackers and monitors any platform environment changes with the Internal registers. With these features of TPM, the code Injection attack could be detected and removed when the contaminated nodes are challenged in our remote attestation protocol. We implement the first two software-based protocols with Deluge as the reference network programming protocol in TinyOS, evaluate them with the extensive simulation using TOSSIM and validate the simulation results with experiments using Tmote. We implement the remote attestation protocol on Fleck, a sensor platform developed by CSIRO that Integrates an Atmel TPM chip. Network Programming Broadcast Authentication Wireless Sensor Network Code Dissemination Trusted Platform Module Sensor Worm Attack Wormhole Attack Remote Attestation Secure Network Protocol
6	Secure network programming in wireless sensor networks Tan, Hailun, Computer Science & Engineering, Faculty of Engineering, UNSW January 2010 (has links) Network programming is one of the most important applications in Wireless Sensor Networks as It provides an efficient way to update program Images running on sensor nodes without physical access to them. Securing these updates, however, remains a challenging and important issue, given the open deployment environment of sensor nodes. Though several security schemes have been proposed to impose the authenticity and Integrity protection on network programming applications, they are either energy Inefficient as they tend to use digital signature or lacks the data confidentiality. In addition, due to the absence of secure memory management in the current sensor hardware, the attacker could inject malicious code into the program flash by exploiting buffer overflow In the memory despite the secure code dissemination. The contribution of this thesis Is to provide two software-based security protocols and one hardware-based remote attestation protocol for network programming application. Our first protocol deploys multiple one-way key chains for a multi-hop sensor network. The scheme Is shown to be lower In computational, power consumption and communication costs yet still able to secure multi??hop propagation of program images. Our second protocol utilizes an Iterative hash structure to the data packets in network programming application, ensuring the data confidentiality and authenticity. In addition, we Integrated confidentiality and DoS-attack-resistance in a multi??hop code dissemination protocol. Our final solution is a hardware-based remote attestation protocol for verification of running codes on sensor nodes. An additional piece of tamper-proof hardware, Trusted Platform Module (TPM), is imposed into the sensor nodes. It secures the sensitive information (e.g., the session key) from attackers and monitors any platform environment changes with the Internal registers. With these features of TPM, the code Injection attack could be detected and removed when the contaminated nodes are challenged in our remote attestation protocol. We implement the first two software-based protocols with Deluge as the reference network programming protocol in TinyOS, evaluate them with the extensive simulation using TOSSIM and validate the simulation results with experiments using Tmote. We implement the remote attestation protocol on Fleck, a sensor platform developed by CSIRO that Integrates an Atmel TPM chip. Network Programming Broadcast Authentication Wireless Sensor Network Code Dissemination Trusted Platform Module Sensor Worm Attack Wormhole Attack Remote Attestation Secure Network Protocol
7	Comparative Study of Network Access Control Technologies Qazi, Hasham Ud Din January 2007 (has links) This thesis presents a comparative study of four Network Access Control (NAC) technologies; Trusted Network Connect by the Trusted Computing group, Juniper Networks, Inc.’s Unified Access Control, Microsoft Corp.’s Network Access Protection, and Cisco Systems Inc.’s Network Admission Control. NAC is a vision, which utilizes existing solutions and new technologies to provide assurance that any device connecting to a network policy domain is authenticated and is subject to the network’s policy enforcement. Non-compliant devices are isolated until they have been brought back to a complaint status. We compare the NAC technologies in terms of architectural and functional features they provide. There is a race of NAC solutions in the marketplace, each claiming their own definition and terminology, making it difficult for customers to adopt such a solution, resulting in much uncertainty. The NAC paradigm can be classified into two categories: the first category embraces open standards; the second follows proprietary standards. By selecting these architectures, we cover a representative set of proprietary and open standards-based NAC technologies. This study concludes that there is a great need for standardization and interoperability of NAC components and that the four major solution proposals that we studied fall short of the desired interoperability. With standards, customers have the choice to adopt solution components from different vendors, selecting, what is commonly referred to as the best of breed. One example for a standard technology that all four NAC technologies that we studied did adopt is the IEEE’s 802.1X port-based access control technology. It is used to control endpoint device access to the network. One shortcoming that most NAC architectures (with the exception of Trusted Network Connect) have in common, is the lack of a strong root-of-trust. Without it, clients’ compliance measurements cannot be trusted by the policy server whose task is to assess each client’s policy compliance. NAC Network Access Control Trusted Platform Module Trusted Computing Group Trusted Network Connect Network Access Protection Network Admission Control 802.1X root of trust Computer Sciences Datavetenskap (datalogi)

1

Page generated in 0.0632 seconds