Global ETD Search

341	Energy-efficient MAC protocol for wireless sensor networks Tonsing, Christoph Erik 04 September 2008 (has links) A Wireless Sensor Network (WSN) is a collection of tiny devices called sensor nodes which are deployed in an area to be monitored. Each node has one or more sensors with which they can measure the characteristics of their surroundings. In a typical WSN, the data gathered by each node is sent wirelessly through the network from one node to the next towards a central base station. Each node typically has a very limited energy supply. Therefore, in order for WSNs to have acceptable lifetimes, energy efficiency is a design goal that is of utmost importance and must be kept in mind at all levels of a WSN system. The main consumer of energy on a node is the wireless transceiver and therefore, the communications that occur between nodes should be carefully controlled so as not to waste energy. The Medium Access Control (MAC) protocol is directly in charge of managing the transceiver of a node. It determines when the transceiver is on/off and synchronizes the data exchanges among neighbouring nodes so as to prevent collisions etc., enabling useful communications to occur. The MAC protocol thus has a big impact on the overall energy efficiency of a node. Many WSN MAC protocols have been proposed in the literature but it was found that most were not optimized for the group of WSNs displaying very low volumes of traffic in the network. In low traffic WSNs, a major problem faced in the communications process is clock drift, which causes nodes to become unsynchronized. The MAC protocol must overcome this and other problems while expending as little energy as possible. Many useful WSN applications show low traffic characteristics and thus a new MAC protocol was developed which is aimed at this category of WSNs. The new protocol, Dynamic Preamble Sampling MAC (DPS-MAC) builds on the family of preamble sampling protocols which were found to be most suitable for low traffic WSNs. In contrast to the most energy efficient existing preamble sampling protocols, DPS-MAC does not cater for the worst case clock drift that can occur between two nodes. Rather, it dynamically learns the actual clock drift experienced between any two nodes and then adjusts its operation accordingly. By simulation it was shown that DPS-MAC requires less protocol overhead during the communication process and thus performs more energy efficiently than its predecessors under various network operating conditions. Furthermore, DPS-MAC is less prone to become overloaded or unstable in conditions of high traffic load and high contention levels respectively. These improvements cause the use of DPS-MAC to lead to longer node and network lifetimes, thus making low traffic WSNs more feasible. / Dissertation (MEng)--University of Pretoria, 2008. / Electrical, Electronic and Computer Engineering / MEng / Unrestricted Energy efficient Preamble sampling Clock drift Synchronization. Wireless sensor networks Medium access control UCTD
342	Comparing Access Control Security Policies : A Case Study Using SBVR Graisithikul, Gunyarat January 2012 (has links) Companies today are required more and more to interconnect their information systems with partners and suppliers in order to be competitive in a global marketplace. A problem of how to compare a security policy between two different companies when they need to agree upon a single security policy has been raised. Can a comparison of two access control policies made through Semantic of Business Vocabulary and Business Rules (SBVR) be more appropriate than the traditional way of intuitively comparing two information security policies? In this research, a case study has been conducted along with the questionnaires as a data collection approach. In the case study, a calculation for a degree of policy statement similarity of Company A’s and Company B has been done. Both calculations were based on the questionnaire results of the Company A and Company B in form of SBVR and traditional policy statements separately. This research has revealed that SBVR applied policy is more appropriate for comparing two company policies than a traditional written policy. By applying SBVR to the policy statements, Company A and Company B had their policy in the same structure, which is in the SBVR format. They could get a very clear similar part of the policy statements (70% calculated by the results of the second questionnaire in this case study) agreed by both companies. SBVR business vocabulary business rules access control security policy comparing Engineering and Technology Teknik och teknologier
343	Social Networks and Privacy Bodriagov, Oleksandr January 2015 (has links) Centralized online social networks pose a threat to their users’ privacy as social network providers have unlimited access to users’ data. Decentralized social networks address this problem by getting rid of the provider and giving control to the users themselves, meaning that only the end-users themselves should be able to control access of other parties to their data. While there have been several proposals and advances in the development of privacy- preserving decentralized social networks, the goal of secure, efficient, and available social network in a decentralized setting has not been fully achieved. This thesis contributes to the research in the field of security for social networks with focus on decentralized social networks. It studies encryption-based access control and man- agement of cryptographic keys/credentials (required for this access control) via user accounts with password-based login in decentralized social networks. First, this thesis explores the requirements of encryption for decentralized social networks and proposes a list of criteria for evaluation that is then used to assess existing encryption- based access control systems. We find that all of them provide confidentiality guarantees (of the content itself), while privacy (of information about the content or access policies) is either not addressed at all or it is addressed at the expense of system’s performance and flexibility. We highlight the potential of two classes of privacy preserving schemes in the decen- tralized online social network (DOSN) context: broadcast encryption schemes with hidden access structures and predicate encryption (PE) schemes, and propose to use them. Both of these classes contain schemes that exhibit desirable properties and better fulfill the criteria. Second, the thesis analyses predicate encryption and adapts it to the DOSN context as it is too expensive to use out of the box. We propose a univariate polynomial construction for access policies in PE that drastically increases performance of the scheme but leaks some part of the access policy to users with access rights. We utilize Bloom filters as a means of decreasing decryption time and indicate objects that can be decrypted by a particular user. The thesis demonstrates that adapted scheme shows good performance and thus user experience by making a newsfeed assembly experiment. Third, the thesis presents a solution to the problem of management of cryptographic keys for authentication and communication between users in decentralized online social networks. We propose a password-based login procedure for the peer-to-peer (P2P) setting that allows a user who passes authentication to recover a set of cryptographic keys required for the application. In addition to password logins, we also present supporting protocols to provide functionality related to password logins, such as remembered logins, password change, and recovery of the forgotten password. The combination of these protocols allows emulating password logins in centralized systems. The results of performance evaluation indicate that time required for logging in operation is within acceptable bounds. / Centraliserade sociala online nätverk utgör ett hot mot användarnas integritet. Detta eftersom leverantörer av sociala nätverkstjänster har obegränsad tillgång till användarnas information. Decentraliserade sociala nätverk löser integritetsproblemet genom att eliminera leverantörer och ge användarna kontroll över deras data. Innebörden av detta är att användarna själva får bestämma vem som får tillgång till deras data. Även om det finns flera förslag och vissa framsteg i utvecklingen avseende integritetsbevarande decentraliserade sociala nätverk, har målet om säkra, effektiva, och tillgängliga sociala nätverk i en decentraliserad miljö inte uppnåtts fullt ut. Denna avhandling bidrar till forskning inom säkerhet avseende sociala nätverk med fokus på decentraliserade sociala nätverk. Avhandlingen inriktas på krypteringsbaserad åtkomstkontroll och hantering av kryptografiska nycklar (som krävs för denna åtkomstkontroll) med hjälp av användarkonton med lösenordsbaserad inloggning i decentraliserade sociala nätverk. Först undersöker denna avhandling krav på kryptering för decentraliserade sociala nätverk och föreslår utvärderingskriterier. Dessa utvärderingskriterier används sedan för bedömning av befintliga krypteringsbaserade system för åtkomstkontroll. Vår utredning visar att samtliga garanterar sekretess av själva innehållet. Integritet av information om innehållet eller åtkomstprinciper är dock inte skyddat alls, alternativt skyddade på bekostnad av systemets prestanda och flexibilitet. Vi lyfter fram potentialen i två klasser av integritetsbevarande system i DOSN sammanhang: broadcast-krypteringssystem med dolda tillgångsstrukturer och predikat krypteringssystem; vi föreslår användning av dessa system. Båda dessa klasser innehåller system som uppvisar önskvärda egenskaper och uppfyller kriterier på ett bättre sätt. För det andra analyserar avhandlingen predikat kryptering och anpassar denna till DOSN sammanhang, eftersom det är för dyrt att använda som det är. Vi föreslår en ”univariate polynomial construction” för åtkomstprinciper i predikat kryptering som drastiskt ökar systemets prestanda, men läcker någon del av åtkomstprincipen till användare med åtkomsträttigheter. Vi använder Bloom-filter för att minska dekrypteringstiden och indikera objekt som kan dekrypteras av en viss användare. Genom att göra ett experiment med nyhetsflödessammansättning visas att det anpassade systemet ger goda resultat och därmed användarupplevelse. För det tredje presenterar avhandlingen en lösning på problemet avseende hanteringen av kryptografiska nycklar för autentisering och kommunikation mellan användare i decentraliserade sociala online nätverk. Vi föreslår en lösenordsbaserad inloggningsprocedur för peer-to-peer (P2P) miljön, som gör att användaren som passerar autentisering får återvinna en uppsättning kryptografiska nycklar som krävs för applikationen. Förutom lösenordsinloggning presenterar vi också stödprotokoll för att ge relaterat funktionalitet, såsom inloggning med lagrade lösenord, lösenordsbyte, och återställning av bortglömda lösenord. Kombinationen av dessa protokoll tillåter simulera lösenordsinloggning i centraliserade system. Prestandautvärderingen visar att tiden som krävs för inloggning är inom acceptabla gränser. / <p>QC 20150602</p> social networks privacy decentralized encryption-based access control Computer Sciences Datavetenskap (datalogi)
344	Protecting Location-Data Against Inference Attacks Using Pre-Defined Personas Chini Foroushan, Amir Hossein January 2011 (has links) Usage of locational data is getting more popular day by day. Location-aware application, context aware application and Ubiquities applications are some of the major categories of applications which are based on locational data. One of the most concerning issues regarding such applications is how to protect user’s privacy against malicious attackers. Failing in this task would result in a total failure for the project, considering how privacy concerns are getting more and more important for the end users. In this project, we will propose a theoretical solution for protecting user privacy in location-based application against inference attacks. Our solution is based on categorizing target users into pre-defined groups (a. k. a. Personas) and utilizing their common characteristics in order to synthesize access control rules for the collected data. Location-based application User Privacy Inference Attacks Access Control Engineering and Technology Teknik och teknologier
345	Implementing and Investigating Partial Consent for Privacy Management of Android Nallamilli, Mohan Krishna Reddy, Jagatha, Satya Venkat Naidu January 2022 (has links) Background: Data privacy and security has been a big concern in recent years. Data privacy is a concern for everybody who owns a smartphone or accesses a website. This is due to the applications that have been installed on the device or the cookies that have been acquired via websites in the form of advertising cookies. Advertising cookies within programs or sites that track user content provide access to all of the user’s personal sensitive data. The viability of applying conditional consent to boost consumers’ trust in sharing their data is examined in this study. We assess the societal and technological implications of conditional consent implementation. This is accomplished by integrating a third option – maybe – into the access control mechanism. Research Idea: After reviewing all of the issues concerning user privacy breaches in android applications, we came up with the idea of implementing a Maybe option in which the user can grant access to the permissions for a specified period of time and then automatically disable those permissions at the end of that period. Objectives and Research Methods: The primary goal of our work is to determine the feasibility of implementing partial consent on Android applications, as well as how users understand and are willing to use this suggested option. We chose Experiment, Systematic mapping study, and survey as our study methods. Results: We built a permissions application prototype and provided an option maybe where the user may grant rights for a certain period of time and then automatically deactivate the permissions. Using a poll, many people chose the offered choice and fully comprehended the Maybe option. Conclusions: We understood the usability aspect of the proposed option. The respondents accepted the proposed option and felt the desire for the proposed option. This can cause a change in the security aspects of providing data to the third party applications. Keywords: Partial consent, Access control, Data Privacy, Data Security, Usability Aspect. Partial consent Access control Data Privacy Data Security Usability Aspect Computer Sciences Datavetenskap (datalogi)
346	Security vs. Usability: designing a secure and usable access control event log Zeba, Vedrana, Levin, Lykke January 2019 (has links) Säkerhet och användbarhet beskrivs ofta som motpoler. I detta examensarbete så undersöks möjligheterna till att inkorporera både säkerhet och användbarhet i ett passagekontrollsgränssnitt. Forskningen är fokuserad på den del av passagekontrollen som benämns som händelseloggen. Loggens ändamål är att lagra och presentera information om händelser som sker i övervakade entréer. Syftet med forskningen är att undersöka i vilken utsträckning det är möjligt att implementera användarkrav och samtidigt uppfylla säkerhets- och användbarhetsheuristik. En klassisk interaktionsdesignsprocess utförs. Semi-strukturerade intervjuer genomförs med respondenter från två olika målgrupper, för att kontrollera om deras behov skiljer sig åt. Den ena gruppen består av användare som primärt jobbar med säkerhetsrelaterade arbetsuppgifter medan den andra gruppen har säkerhet som sekundär arbetsuppgift. Svaren analyseras genom en tematisk analys. Analysen resulterar i fyra olika teman innehållandes 26 stycken användarkrav. Användarkraven och heuristiken tas i beaktning när en prototyp skapas. Prototypen utvärderas sedan genom en heuristisk utvärdering av experter. Resultatet av denna forskning tyder på att användarkrav bidrar till att uppfylla heuristik. Utöver detta, så visar det sig att de två målgrupperna, på flera punkter, har olika behov. Användarkrav som härstammar från den första gruppen anses vara mer dynamiska och omedelbara, medan den andra gruppen har krav som är desto mer statiska och sporadiska. / Security and usability are often thought of as being contradictive. In this thesis, we explore the possibility of incorporating both security and usability in an access control GUI. The research is concentrated towards the part of the access control that is referred to as the event log. The purpose of the log is to store and present information about events that occur at monitored entry points. The intention of the research is to investigate to what extent it is possible to implement user requirements, while still complying with security and usability heuristics. A traditional interaction design process is conducted. Semi-structured interviews are held with respondents from two different target groups, to see if their needs differ. One of the groups consists of users who primarily do security related work, and the other one consists of users who have security as a secondary job assignment. The answers undergo a thematic analysis. The outcome of the analysis is four different themes, consisting of a total of 26 user requirements. The user requirements and the heuristics are taken into consideration when creating a prototype. The prototype is then subjected to a heuristic evaluation by experts. The results of this research indicate that the gathering of user requirements does aid the compliance with heuristics. Moreover, the user needs between the two groups do differ on several accounts. The requirements that originate from the first group can be thought of as more dynamic and instantaneous, while the other group has requirements that are more static and occasional. security usability event log access control GUI heuristics user requirements Engineering and Technology Teknik och teknologier
347	Digital Provenance Techniques and Applications Amani M Abu Jabal (9237002) 13 August 2020 (has links) This thesis describes a data provenance framework and other associated frameworks for utilizing provenance for data quality and reproducibility. We first identify the requirements for the design of a comprehensive provenance framework which can be applicable to various applications, supports a rich set of provenance metadata, and is interoperable with other provenance management systems. We then design and develop a provenance framework, called SimP, addressing such requirements. Next, we present four prominent applications and investigate how provenance data can be beneficial to such applications. The first application is the quality assessment of access control policies. Towards this, we design and implement the ProFact framework which uses provenance techniques for collecting comprehensive data about actions which were either triggered due to a network context or a user (i.e., a human or a device) action. Provenance data are used to determine whether the policies meet the quality requirements. ProFact includes two approaches for policy analysis: structure-based and classification-based. For the structure-based approach, we design tree structures to organize and assess the policy set efficiently. For the classification-based approach, we employ several classification techniques to learn the characteristics of policies and predict their quality. In addition, ProFact supports policy evolution and the assessment of its impact on the policy quality. The second application is workflow reproducibility. Towards this, we implement ProWS which is a provenance-based architecture for retrieving workflows. Specifically, ProWS transforms data provenance into workflows and then organizes data into a set of indexes to support efficient querying mechanisms. ProWS supports composite queries on three types of search criteria: keywords of workflow tasks, patterns of workflow structure, and metadata about workflows (e.g., how often a workflow was used). The third application is the access control policy reproducibility. Towards this, we propose a novel framework, Polisma, which generates attribute-based access control policies from data, namely from logs of historical access requests and their corresponding decisions. Polisma combines data mining, statistical, and machine learning techniques, and capitalizes on potential context information obtained from external sources (e.g., LDAP directories) to enhance the learning process. The fourth application is the policy reproducibility by utilizing knowledge and experience transferability. Towards this, we propose a novel framework, FLAP, which transfer attribute-based access control policies between different parties in a collaborative environment, while considering the challenges of minimal sharing of data and support policy adaptation to address conflict. All frameworks are evaluated with respect to performance and accuracy. Applied Computer Science data provenance access control policy quality analysis policy learning scientific workflows
348	Vérification et validation de politiques de contrôle d'accès dans le domaine médical / Verification and validation of healthcare access control policies Huynh, Nghi 06 December 2016 (has links) Dans le domaine médical, la numérisation des documents et l’utilisation des dossiers patient électroniques (DPE, ou en anglais EHR pour Electronic Health Record) offrent de nombreux avantages, tels que le gain de place ou encore la facilité de recherche et de transmission de ces données. Les systèmes informatiques doivent reprendre ainsi progressivement le rôle traditionnellement tenu par les archivistes, rôle qui comprenait notamment la gestion des accès à ces données sensibles. Ces derniers doivent en effet être rigoureusement contrôlés pour tenir compte des souhaits de confidentialité des patients, des règles des établissements et de la législation en vigueur. SGAC, ou Solution de Gestion Automatisée du Consentement, a pour but de fournir une solution dans laquelle l’accès aux données du patient serait non seulement basée sur les règles mises en place par le patient lui-même mais aussi sur le règlement de l’établissement et sur la législation. Cependant, cette liberté octroyée au patient est source de divers problèmes : conflits, masquage des données nécessaires aux soins ou encore tout simplement erreurs de saisie. C’est pour cela que la vérification et la validation des règles d’accès sont cruciales : pour effectuer ces vérifications, les méthodes formelles fournissent des moyens fiables de vérification de propriétés tels que les preuves ou la vérification de modèles.Cette thèse propose des méthodes de vérification adaptées à SGAC pour le patient : elle introduit le modèle formel de SGAC, des méthodes de vérifications de propriétés telles l’accessibilité aux données ou encore la détection de document inaccessibles. Afin de mener ces vérifications de manière automatisée, SGAC est modélisé en B et Alloy ; ces différentes modélisations donnent accès aux outils Alloy et ProB, et ainsi à la vérification automatisée de propriétés via la vérification de modèles ou model checking / In healthcare, data digitization and the use of the Electronic Health Records (EHR) offer several benefits, such as reduction of the space occupied by data, or the ease of data search or data exchanges. IT systems must gradually act as the archivists who manage the access over sensitive data. Those have to be checked to be consistent with patient privacy wishes, hospital rules, and laws and regulations.SGAC, or Solution de Gestion Automatisée du Consentement, aims to offer a solution in which access to patient data would be based on patient rules, hospital rules and laws. However, the freedom granted to the patient can cause several problems: conflicts, hiding of the needed data to heal the patient or simply data-capture error. Therefore, verification and validation of policies are crucial: to conduct this verification, formal methods provide reliable ways to verify properties like proofs or model checking.This thesis provides verification methods applied on SGAC for the patient: it introduces the formal model of SGAC, verification methods of properties such as data reachability or hidden data detection. To conduct those verification in an automated way, SGAC is modelled in B and Alloy; these different models provide access to the tools Alloy and ProB, and thus, automated property verification with model checking Méthodes formelles Vérification Contrôle d'accès Dmp Médical Formal methods Verification Access control Ehr Healthcare
349	Tweakable Ciphers: Constructions and Applications Terashima, Robert Seth 07 August 2015 (has links) Tweakable ciphers are a building block used to construct a variety of cryptographic algorithms. Typically, one proves (via a reduction) that a tweakable-cipher-based algorithm is about as secure as the underlying tweakable cipher. Hence improving the security or performance of tweakable ciphers immediately provides corresponding benefits to the wide array of cryptographic algorithms that employ them. We introduce new tweakable ciphers, some of which have better security and others of which have better performance than previous designs. Moreover, we demonstrate that tweakable ciphers can be used directly (as opposed to as a building block) to provide authenticated encryption with associated data in a way that (1) is robust against common misuses and (2) can, in some cases, result in significantly shorter ciphertexts than other approaches. Cryptography -- Mathematics Computer security Computer systems -- Access control Data encryption (Computer science) Computer Sciences Theory and Algorithms
350	Physical-layer Security Based Authentication and Key Generation for Seamless IoT Communications Yu, Jiahui January 2019 (has links) No description available. Computer Engineering Physical layer security Seamless IoT Authentication Security parameter generation Access control

Search results