Global ETD Search

91	Towards Realistic Datasets forClassification of VPN Traffic : The Effects of Background Noise on Website Fingerprinting Attacks / Mot realistiska dataset för klassificering av VPN trafik : Effekten av bakgrundsoljud på website fingerprint attacker Sandquist, Christoffer, Ersson, Jon-Erik January 2023 (has links) Virtual Private Networks (VPNs) is a booming business with significant margins once a solid user base has been established and big VPN providers are putting considerable amounts of money into marketing. However, there exists Website Fingerprinting (WF) attacks that are able to correctly predict which website a user is visiting based on web traffic even though it is going through a VPN tunnel. These attacks are fairly accurate when it comes to closed world scenarios but a problem is that these scenarios are still far away from capturing typical user behaviour.In this thesis, we explore and build tools that can collect VPN traffic from different sources. This traffic can then be combined into more realistic datasets that we evaluate the accuracy of WF attacks on. We hope that these datasets will help us and others better simulate more realistic scenarios.Over the course of the project we developed automation scripts and data processing tools using Bash and Python. Traffic was collected on a server provided by our university using a combination of containerisation, the scripts we developed, Unix tools and Wireshark. After some manual data cleaning we combined our captured traffic together with a provided dataset of web traffic and created a new dataset that we used in order to evaluate the accuracy of three WF attacks.By the end we had collected 1345 capture files of VPN traffic. All of the traffic were collected from the popular livestreaming website twitch.tv. Livestreaming channels were picked from the twitch.tv frontpage and we ended up with 245 unique channels in our dataset. Using our dataset we managed to decrease the accuracy of all three tested WF attacks from 90% down to 47% with a WF attack confidence threshold of0.0 and from 74% down to 17% with a confidence threshold of 0.99. Even though this is a significant decrease in accuracy it comes with a roughly tenfold increase in the number of captured packets for the WF attacker.Thesis artifacts are available at github.com/C-Sand/rds-collect. / Virtual Private Network (VPN) marknaden har växt kraftigt och det finns stora marginaler när en solid användarbas väl har etablerats. Stora VPN-leverantörer lägger dessutom avsevärda summor pengar på marknadsföring. Det finns dock WF-attacker som kan korrekt gissa vilken webbplats en användare besöker baserat på webbtrafik, även om den går genom en VPN-tunnel.Dessa attacker har rätt bra precision när det kommer till scenarier i sluten värld, men problemet är att dessa fortfarande är långt borta från att simulera typiskt användarbeteende.I det här examensarbetet utforskar och bygger vi verktyg som kan samla in VPNtrafik från olika källor. Trafiken kan användas för att kombineras till mera realistiska dataset och sedan användas för att utvärdera träffsäkerheten av WF-attacker. Vi hoppas att dessa dataset kommer att hjälpa oss och andra att bättre simulera verkliga scenarier.Under projektets gång utvecklade vi ett par automatiserings skript och verktyg för databearbetning med hjälp av Bash och Python. Trafik samlades in på en server från vårt universitet med en kombination av containeriseringen, skripten vi utvecklade, Unix-verktyg och Wireshark. Efter en del manuell datarensning kombinerade vi vår infångade trafik tillsammans med det tillhandahållna datasetet med webbtrafik och skapade ett nytt dataset som vi använde för att utvärdera riktigheten av tre WF attacker.Vid slutet hade vi samlat in 1345 filer med VPN-trafik. All trafik samlades in från den populära livestream plattformen twitch.tv. Livestreamingkanaler plockades ut från twitchs förstasida och vi slutade med 245 unika kanaler i vårat dataset. Med hjälp av vårat dataset lyckades vi minska noggrannheten för alla tre testade WF-attacker från 90% ner till 47% med tröskeln på 0,0 och från 74% ner till 17% med en tröskel på 0,99. Även om detta är en betydande minskning av noggrannheten kommer det med en ungefär tiofaldig ökning av antalet paket. I slutändan samlade vi bara trafik från twitch.tv men fick ändå några intressanta resultat och skulle gärna se fortsatt forskning inom detta område.Kod, instruktioner, dataset och andra artefakter finns tillgängliga via github.com/CSand/rds-collect. Data collection Website fingerprinting dataset traffic analysis VPN encrypted traffic machine learning deep learning network measurements twitch Datainsamling Profilering av hemsidor dataset trafikanalys VPN krypterad trafik maskininlärning djupinlärning nätverksmätningar twitch Computer and Information Sciences Data- och informationsvetenskap
92	Refined Access Control in a Distributed Environment / Finkornig åtkomstkontroll i en distribuerad miljö Boström, Erik January 2002 (has links) <p>In the area of computer network security, standardization work has been conducted for several years. However, the sub area of access control and authorization has so far been left out of major standardizing. </p><p>This thesis explores the ongoing standardization for access control and authorization. In addition, areas and techniques supporting access control are investigated. Access control in its basic forms is described to point out the building blocks that always have to be considered when an access policy is formulated. For readers previously unfamiliar with network security a number of basic concepts are presented. An overview of access control in public networks introduces new conditions and points out standards related to access control. None of the found standards fulfills all of our requirements at current date. The overview includes a comparison between competing products, which meet most of the stated conditions. </p><p>In parallel with this report a prototype was developed. The purpose of the prototype was to depict how access control could be administered and to show the critical steps in formulating an access policy.</p> Informationsteknik access control PKI VPN X.509 RBAC role-based access control computer security cryptography Informationsteknik Information technology Informationsteknik
93	Rekommendationer för införande av public key infrastructure / Recommendations for implementing Public Key Infrastructure Andersson, Johan January 2002 (has links) <p>The use of insecure networks -such as the Internet- to send and receive information has made the need for preventing unauthorised people reading it yet more important. One of the easiest way to do this is through public key cryptography. However, the problem with this solution is how to tie a specific public key to a certain subject. This is solved by letting a trusted third party issue a certificate that holds, as a minimum, the name of the subject and the subject's public key along with the issuer's digital signature on the information. The rules we make for issuing, revoking and verifying of certificates and the entities that are being used to do so are called PKI - Public Key Infrastructure. In this thesis we shall se what PKI really is in a more detailed way and which entities it constitutes of. We will also investigate some of the areas in which we could make use of it, for instance secure e-mail and virtual private networks. Next, we will look into some of the drawbacks with PKI and what you should think of in order to aviod these. Finally, we'll give recommendations for the implementation itself. As for the theory of cryptography, the basics is presented to the interested reader in a separate appendix.</p> Informationsteknik PKI datasäkerhet certifikat CA RA CP CPS kryptering SSO VPN S/MIME Informationsteknik Information technology Informationsteknik
94	Wireless-LAN im Studentennetzwerk (CSN) Glöckner, Alexander 02 April 2006 (has links) (PDF) Inhalt der Diplomarbeit sind Untersuchungen zur Authentifizierung und Verschlüsselung von drahtlosen Netzwerkverbindungen. 802.1X AAA AES-CCMP DIAMETER EAP TKIP VPN WPA2 ddc:004 Netzwerk RADIUS <Informatik> Virtuelles privates Netzwerk
95	Rekommendationer för införande av public key infrastructure / Recommendations for implementing Public Key Infrastructure Andersson, Johan January 2002 (has links) The use of insecure networks -such as the Internet- to send and receive information has made the need for preventing unauthorised people reading it yet more important. One of the easiest way to do this is through public key cryptography. However, the problem with this solution is how to tie a specific public key to a certain subject. This is solved by letting a trusted third party issue a certificate that holds, as a minimum, the name of the subject and the subject's public key along with the issuer's digital signature on the information. The rules we make for issuing, revoking and verifying of certificates and the entities that are being used to do so are called PKI - Public Key Infrastructure. In this thesis we shall se what PKI really is in a more detailed way and which entities it constitutes of. We will also investigate some of the areas in which we could make use of it, for instance secure e-mail and virtual private networks. Next, we will look into some of the drawbacks with PKI and what you should think of in order to aviod these. Finally, we'll give recommendations for the implementation itself. As for the theory of cryptography, the basics is presented to the interested reader in a separate appendix. Informationsteknik PKI datasäkerhet certifikat CA RA CP CPS kryptering SSO VPN S/MIME Informationsteknik Computer and Information Sciences Data- och informationsvetenskap
96	Secure Routing Schemes In Mobile Ad Hoc Networks Prashant, Dixit Pratik 07 1900 (has links) (PDF) No description available. Local Area Networks Routing (Computer Networks) Mobile Ad Hoc Networks (MANETs) Virtual Private Network (VPN) Multicasting (Computer Networks) Communciation Engineering
97	Aplikace pro Android na bezpečnostní monitorování komunikace / Android App for Security Monitoring of Communication Klepáčková, Karolína January 2019 (has links) This diploma thesis is focused on implementation of application for security monitoring of network communication of other applications in mobile device with Android platform. Provides users information about security risks that may harm his/her privacy or device. It uses a local VPN to tunnel all data sent to the wireless network. These can be linked to an application that has sent them because the Android kernel is derived from the Linux kernel and can be used to retrieve information about established network connections and the application identifier associated with the connection. This mapping allows to get more information about an app that is potentially dangerous for your mobile device.
98	Spojovací systémy založené na IP telefonii / Communication systems based on IP telephony Zimek, Josef January 2008 (has links) My master’s thesis is focused on designing and creating communication network, which provides communication between two independent networks through encrypted tunnel. My solution is based on routers formed by older personal computers with FreeBSD like a operating system. Between routers is created static encrypted tunnel by using IPSec protocol. Voice services provides packet oriented exchange Asterisk with support of signaling protocol SIP. This solution can be used eg. for connecting remote branch to headquarters of company and then can branch utilize shrared resources. To headquarters can connect also remote workers from their home. In this case are used SSL certificates to authentication of user. This scenario is very required today.
99	Anonymní komunikace v prostředí Internetu / Anonymous communication in Internet environment Pajtinová, Mária January 2011 (has links) Master´s thesis focuses on certain possibilities of how user can anonymously commununicate through the Internet. There are described following anonymous programs: TOR, JAP, I2P and CyberGhost, which allow user to hide his own identity to other IP address. Subsequently, measurements from different technologies are made by anonymous program TOR for calculate transmission speed.
100	Identita v tunelovaných a překládaných sítích / Identities in Tunelled Networks and during Network Address Translation Šeptun, Michal January 2015 (has links) This thesis introduces the design and implementation of the extension of the system for lawful interception. The system is developed as a part of the Sec6Net project at FIT BUT and provides a platform for research activities in determining identities in computer networks. Parts which has the task of monitoring changes in a user's identity will be extended, so that the system is able to determine the identity even in the tunneled and translated networks. It describes the problems encountered during implementation and their solutions. There are described mechanisms for tunneling networks, mainly virtual private networks and transition mechanisms for IPv6, IP addresses and NAT variants. In the end the tests of the individual modules are described.

Search results