Spelling suggestions: "subject:"accesscontrol"" "subject:"accesskontroll""
271 |
Prevention and Detection of Intrusions in Wireless Sensor NetworksButun, Ismail 01 January 2013 (has links)
Wireless Sensor Networks (WSNs) continue to grow as one of the most exciting and challenging research areas of engineering. They are characterized by severely constrained computational and energy
resources and also restricted by the ad-hoc network operational
environment. They pose unique challenges, due to limited power
supplies, low transmission bandwidth, small memory sizes and limited energy. Therefore, security techniques used in traditional networks cannot be directly adopted. So, new ideas and approaches are needed, in order to increase the overall security of the network. Security applications in such resource constrained WSNs with minimum overhead provides significant challenges, and is the main focus of this dissertation.
There is no "one size fits all" solution in defending WSNs against intrusions and attacks. Therefore, intrusions and attacks against WSNs should be carefully examined to reveal specific vulnerabilities associated with them, before beginning the design of any kind of intrusion prevention and detection systems. By following this rationale, the dissertation starts with providing information regarding the WSNs, types of attacks towards WSNs, and the methods on how to prevent and detect them. Then, in order to secure WSNs, a security provisioning plan is provided.
In general, the following processes may be involved in securing WSNs: Intrusion Prevention, Intrusion Detection, and Intrusion
Mitigation. This dissertation presents solutions (algorithms and
schemes) to the first two lines of defenses of the security
provisioning plan, namely, Intrusion Prevention and Intrusion
Detection.
As a first line of defense in securing WSNs, this dissertation
presents our proposed algorithm ("Two-Level User Authentication" scheme) as an Intrusion Prevention System (IPS) for WSNs. The algorithm uses two-level authentication between a sensor node and a user. It is designed for heterogeneous WSNs, meaning that
the network consists of two components: regular nodes and more
powerful cluster heads. The proposed scheme is evaluated both
analytically and also in a simulation environment, by comparing it
to the current state-of-the-art schemes in the literature.
A comprehensive and systematic survey of the state-of-the-art in
Intrusion Detection Systems (IDSs) that are proposed for Mobile
Ad-Hoc Networks (MANETs) and WSNs is presented. Firstly, detailed
information about IDSs is provided. This is followed by the analysis
and comparison of each scheme along with their advantages and
disadvantages from the perspective of security. Finally, guidelines
on IDSs that are potentially applicable to WSNs are provided. Overall, this work would be very helpful to the researchers in developing their own IDSs for their WSNs.
Clustering (of the nodes) is very important for WSNs not only in
data aggregation, but also in increasing the overall performance of
the network, especially in terms of total life-time. Besides, with the help of clustering, complex intrusion prevention and detection algorithms can be implemented. Therefore, background on the
clustering algorithms is provided and then a clustering algorithm
for WSNs is proposed, that is both power and connectivity aware. The proposed algorithm provides higher energy efficiency and increases the life-time of the network. In evaluating the proposed clustering algorithm (in a simulation environment by comparing its' performance to the previously proposed algorithm, namely Kachirski et al.'s algorithm), it is demonstrated that the proposed algorithm
improves energy efficiency in WSNs.
Finally, an IDS framework based on multi-level clustering for
hierarchical WSNs is proposed. It is based upon (the nodes use our
proposed clustering algorithm while forming their clusters) the
clustering algorithm that is proposed in this dissertation. The
framework provides two types of intrusion detection approaches,
namely "Downwards-IDS (D-IDS)" to detect the abnormal behavior (intrusion) of the subordinate (member) nodes and "Upwards-IDS (U-IDS)" to detect the abnormal behavior of the cluster heads. By using analytical calculations, the optimum parameters for the D-IDS (number of maximum hops) and U-IDS (monitoring group size) of the framework are evaluated and presented.
Overall, this dissertation research contributes to the first two lines of defenses towards the security of WSNs, namely, IPS and IDS.
Furthermore, the final contribution of this dissertation is towards
the topology formation of the WSNs (especially for the hierarchical
WSNs), namely, clustering; which would be very useful in implementation of the IPS and IDS systems that are presented in this dissertation.
|
272 |
Protecting sensitive information from untrusted codeRoy, Indrajit 13 December 2010 (has links)
As computer systems support more aspects of modern life, from finance to health care, security is becoming increasingly important. However, building secure systems remains a challenge. Software continues to
have security vulnerabilities due to reasons ranging from programmer
errors to inadequate programming tools. Because of these
vulnerabilities we need mechanisms that protect sensitive data
even when the software is untrusted.
This dissertation shows that secure and practical frameworks can be built
for protecting users' data from untrusted applications in both desktop
and cloud computing environment.
Laminar is a new framework that secures desktop applications by
enforcing policies written as information flow rules. Information flow control, a form of mandatory access control, enables programmers to write powerful, end-to-end security guarantees while reducing
the amount of trusted code. Current programming abstractions and implementations of this model either compromise end-to-end security guarantees or require substantial modifications to applications, thus deterring adoption. Laminar addresses these shortcomings by exporting
a single set of abstractions to control information flows through
operating system resources and heap-allocated objects. Programmers express security policies by labeling data and represent access restrictions on code using a new abstraction called a security region.
The Laminar programming model eases incremental deployment, limits dynamic security checks, and supports multithreaded programs that can access
heterogeneously labeled data.
In large scale, distributed computations safeguarding information requires solutions beyond mandatory access control. An important challenge is to ensure that the computation, including its output,
does not leak sensitive information about the inputs. For untrusted code, access control cannot guarantee that the output does not leak information. This dissertation proposes Airavat, a MapReduce-based system which augments mandatory access control with differential privacy to guarantee security and privacy for distributed computations. Data providers control the security policy for their sensitive data, including a mathematical bound on potential privacy violations. Users without security expertise can perform computations
on the data; Airavat prevents information leakage beyond the data
provider's policy. Our prototype implementation of Airavat
demonstrates that several data mining tasks can be performed in a
privacy preserving fashion with modest performance overheads. / text
|
273 |
Secure and Spectrally-Efficient Channel Access in Multi-Channel Wireless NetworksZhang, Yan January 2015 (has links)
Wireless services have become an indispensable part of our social, economic, and everyday activities. They have facilitated and continue to facilitate rapid access to information and have created a highly-interconnected web of users who are untethered to particular locations. In fact, it is expected that in the very near future, the number of users that access the Internet through their mobile devices will surpass those access the Internet from the fixed infrastructure. Aside from mobile Internet access, wireless technologies enable many critical applications such as emergency response, healthcare and implantable medical devices, industrial automation, tactical communications, transportation networks, smart grids, smart homes, navigation, and weather services. The proliferation and wealth of wireless applications has created a soaring demand for ubiquitous broadband wireless access. This demand is further fueled by the richness of the information accessed by users. Low-bit rate voice communications and text have been replaced with graphics, high-definition video, multi-player gaming, and social networking. Meeting the growing traffic demand poses many challenges due to the spectrum scarcity, the cost of deploying additional infrastructure, and the coexistence of several competing technologies. These challenges can be addressed by developing novel wireless technologies, which can efficiently and securely manage multi-user access to the wireless medium. The multi-user access problem deals with the sharing of the wireless resource among contending users in an efficient, secure, and scalable manner. To alleviate contention and interference among the multiple users, contemporary wireless technologies divide the available spectrum to orthogonal frequency bands (channels). The availability of multiple channels has been demonstrated to substantially improve the performance and reliability of wireless networks by alleviating contention and interference. Multi-channel networks, whether cellular, sensor, mesh, cognitive radio, or heterogeneous ones, can potentially achieve higher throughput and lower delay compared to single-channel networks. However, the gains from the existence of orthogonal channels are contingent upon the efficient and secure coordination of channel access. Typically, this coordination is implemented at the medium access control (MAC) layer using a multi-channel MAC (MMAC) protocol. MMAC protocols are significantly more sophisticated than their single-channel counterparts, due to the additional operations of destination discovery, contention management across channels, and load balancing. A significant body of research has been devoted to designing MMAC protocols. The majority of solutions negotiate channel assignment every few packet transmissions on a default control channel. This design has several critical limitations. First, it incurs significant overhead due to the use of in-band or out-of-band control channels. Second, from a security standpoint, operating over a default control channel constitutes a single point of failure. A DoS attack on the control channel(s) would render all channels inoperable. Moreover, MMAC protocols are vulnerable to misbehavior from malicious users who aim at monopolizing the network resources, or degrading the overall network performance. In this dissertation, we improve the security and spectral efficiency of channel access mechanisms in multi-channel wireless networks. In particular, we are concerned with MAC-layer misbehavior in multi-channel wireless networks. We show that selfish users can manipulate MAC-layer protocol parameters to gain an unfair share of network resources, while remaining undetected. We identify possible misbehavior at the MAC-layer, evaluate their impact on network performance, and develop corresponding detection and mitigation schemes that practically eliminate the misbehavior gains. We extend our misbehavior analysis to MAC protocols specifically designed for opportunistic access in cognitive radio networks. Such protocols implement additional tasks such as cooperative spectrum sensing and spectrum management. We then discuss corresponding countermeasures for detecting and mitigating these misbehavior. We further design a low-overhead multi-channel access protocol that enables the distributed coordination of channel access over orthogonal channels for devices using a single transceiver. Compared with prior art, our protocol eliminates inband and out-of-band control signaling, increases spatial channel reuse, and thus achieves significant higher throughput and lowers delay. Furthermore, we investigate DoS attacks launched against the channel access mechanism. We focus on reactive jamming attacks and show that most MMAC protocols are vulnerable to low-effort jamming due to the utilization of a default control channel. We extend our proposed MMAC protocol to combat jamming by implementing cryptographic interleaving at the PHY-layer, random channel switching, and switching according to cryptographically protected channel priority lists. Our results demonstrate that under high load conditions, the new protocol maintains communications despite the jammer's effort. Extensive simulations and experiments are conducted to evaluate the impact of the considered misbehaviors on network performance, and verify the validity of the proposed mechanisms.
|
274 |
Elektroninių mokėjimų universitetinėje aplinkoje programinės įrangos projektavimo tyrimas / The software for digital cash in the university environment: the research of designingBabelis, Viktoras, Kel, Robert 11 August 2008 (has links)
Magistrinio darbo tikslas yra ištirti ir sukurti elektroninių mokėjimų universitetinėje aplinkoje programinę įrangą. Darbo metu buvo atlikta projektavimo ir technologinių sprendimų analizė. Iškelti penki pagrindiniai sistemos realizavimo probleminiai uždaviniai ir pateikti jų galimi sprendimai. Suprojektuotos ir sukurtos programinės įrangos architektūra remiasi trisluoksnio projektavimo principais. Atliekant sistemos kokybės tyrimą ji buvo įvertinta kaip vidutiniška išskiriant tik gana prastai įvertinta sistemos palaikomumo kriterijų. O lyginant sistemos teikiamą naudingumą su alternatyviais sprendimais ji buvo įvertinta kaip naudingiausia. / The objective of this master project was to research and to develop the software for digital cash in the university environment. During the work execution, the analysis of design and technology solutions was performed. Further, five basic goals of system realization were formulated, the potential solutions for which were presented in the thesis. The architecture of the designed and the developed software is based on the principle of three layer design. During the quality analysis of the system, it was evaluated as an average system except that its maintainability rate was rather low. Its comparison with the alternative systems disclosed its superiority over them from the viewpoint of its expediency.
|
275 |
Performance study on a dual prohibition Multiple Access protocol in mobile Ad Hoc and Wireless Mesh networksWu, Qian 03 January 2008 (has links)
Wireless networks are less reliable than wired networks because channels are “exposed” to the surrounding environment that is susceptible to interference and noise. To minimize losses of data due to collisions, wireless networks need a mechanism to regulate the access on the transmission medium. Medium Access Control (MAC) protocols control access to the shared communication medium so that it can be used efficiently.
In this thesis, we first describe the collision-controlled Dual Prohibition Multiple Access (DPMA) protocol [45]. The main mechanisms implemented in DPMA, such as binary dual prohibition, power control, interference control, and support for differentiated services (DiffServ), are presented in detail. We conducted a thorough simulation study on DPMA protocol from several aspects. First, we conduct simulations to observe the effects of binary competition number (BCN), unit slot length and safe margin on the performance of DPMA. Secondly, the DiffServ capability of DPMA is demonstrated through simulation results. Finally, we compare the DPMA protocol with the CSMA/CA protocol and find that DPMA with optimal configuration has better performance than CSMA/CA under both low and high network density. / Thesis (Master, Electrical & Computer Engineering) -- Queen's University, 2007-09-28 16:25:02.515
|
276 |
Adaptive Cryptographic Access Control for Dynamic Data Sharing EnvironmentsKayem, ANNE 21 October 2008 (has links)
Distributed systems, characterized by their ability to ensure the execution of multiple
transactions across a myriad of applications, constitute a prime platform for
building Web applications. However, Web application interactions raise issues pertaining to security and performance that make manual security management both
time-consuming and challenging. This thesis is a testimony to the security and performance enhancements afforded by using the autonomic computing paradigm to design an adaptive cryptographic access control framework for dynamic data sharing environments. One of the methods of enforcing cryptographic access control in these environments is to classify users into one of several groups interconnected in the form of a partially ordered set. Each group is assigned a single cryptographic key that is used for encryption/decryption. Access to data is granted only if a user holds the "correct" key, or can derive the required key from the one in their possession. This approach to access control is a good example of one that provides good security but has the drawback of reacting to changes in group membership by replacing keys, and re-encrypting the associated data, throughout the entire hierarchy. Data re-encryption is time-consuming, so, rekeying creates delays that impede performance. In order to support our argument in favor of adaptive security, we begin by presenting two cryptographic key management (CKM) schemes in which key updates
affect only the class concerned or those in its sub-poset. These extensions enhance
performance, but handling scenarios that require adaptability remain a challenge.
Our framework addresses this issue by allowing the CKM scheme to monitor the rate
at which key updates occur and to adjust resource (keys and encrypted data versions) allocations to handle future changes by anticipation rather than on demand. Therefore, in comparison to quasi-static approaches, the adaptive CKM scheme minimizes the long-term cost of key updates. Finally, since self-protecting CKM requires a lesser degree of physical intervention by a human security administrator, we consider the case of "collusion attacks" and propose two algorithms to detect as well as prevent
such attacks. A complexity and security analysis show the theoretical improvements
our schemes offer. Each algorithm presented is supported by a proof of concept
implementation, and experimental results to show the performance improvements. / Thesis (Ph.D, Computing) -- Queen's University, 2008-10-16 16:19:46.617
|
277 |
The significance of records management to fostering accountability in the public service reform programme of Tanzania.Ndenje-Sichalwe, Esther. January 2010 (has links)
This study investigated the extent to which records management practices fostered accountability in the Public Service Reform Programme (PSRP) in some government ministries in Tanzania. The effective implementation of the PSRP depends largely on many factors, the most important of which is the proper and well organized methods of managing public records. It is essential for government ministries to ensure that records are properly managed at every stage of the records life cycle, so that the information they contain can provide evidence of transactions and the efficient and effective provision of
service to the public. The records life cycle model through its phases formed the theoretical foundation of the study. A mixed methods research approach was adopted and quantitative approach was used as a dominant paradigm. Both quantitative and qualitative data were gathered simultaneously during a single phase of data collection. Data was collected through a questionnaire administered to registry personnel from the government ministries, interviews with senior ministerial officials, National Archives personnel from the Records and Archives Management Department (RAMD) and staff from Tanzania Public Service College. The overall response rate from the questionnaire was 67%. An observation checklist was further used to verify data obtained from the questionnaire and interviews. Quantitative data was analyzed using the SPSS statistical package version 15.0 and the results of the study are presented in the form of figures, tables and text, while qualitative data from interviews was content analyzed and in some instances presented in tabular form. The findings of the study indicated that records in some government ministries in Tanzania were not properly managed to foster accountability in the implementation of the PSRP. The study established that although the introduction of the PSRP has resulted in some efforts in reforming records management practices in the government ministries, current records management in the government ministries was still weak, thus fostering
accountability in the PSRP would be difficult. The findings of the study revealed a lack of registry mission statements, records management policy and dedicated budgets for registry sections. The majority of government registries in Tanzania lacked records retention schedules and systematic disposal of records resulting in heavy congestion of records and poor retrieval of information. Further, disaster preparedness and security control for records and archives did not form a significant part of the records management activities in the government ministries of Tanzania. On the extent of the use of computer applications in the management of records, the findings indicated the existence of computers in some registries but few computers were used to create records. National Archives and registry personnel faced challenges in the management of electronic records. The study established that National Archives personnel had not undertaken surveys to determine the number of electronic records created in the ministries. The findings of the study showed that although registry personnel received professional records management advice from the National Archives
personnel, they did not implement the advice. The findings of the study revealed that the levels of skills and training of registry personnel was relatively low. The majority of registry personnel had not attended courses to update their knowledge and skills. To foster accountability in the public sector, the major recommendation of the study was the restructuring of records management systems. The restructuring should include enacting records management policies in order to accommodate the changes brought about by technology to enhance the proper management of records and effective
implementation of the PSRP. The study recommends that government ministries should allocate dedicated budgets for registries. A budget should make provision for registry supplies and equipment and should ensure that registry personnel are provided with formal training in records management so as to develop their levels of skills and training. In order to ensure reliability, integrity, authenticity and long-term preservation of electronic records in support of the requirements of good government and fostering accountability, the study recommended for the integrated approach to records management to be considered in order to incorporate records in both paper and electronic formats. Further, the National Archives should undertake a survey at least
annually, to determine the number of electronic records created in the government ministries. It is recommended that the government should update Records and Archives Management Act No.3 of 2002 to reflect the management of electronic records. National Archives should develop records retention and disposition schedules and records should be disposed of regularly in order to create more space for the current records, thus
enhancing accountability in the implementation of the PSRP. The study recommends that professional records management advice should be provided
on a regular and continuing basis. The National Archives should work closely with the President’s Office-Public Service Management to organize training for senior ministerial officials in order to create awareness regarding the importance of managing records as a strategic resource and its effectiveness in fostering accountability in the implementation of the public service reform programme. The setting up of standards and guidelines on the training of registry personnel is also necessary in order to enhance their status and
skills. Enhancing their status and skills would be important for the proper management of records throughout their life cycle to foster accountability in the effective implementation of the PSRP. The study further recommended several issues which could be the subject of further investigation by other researchers in the field, including investigating the current records management practices in Judiciary, Parliament and local government authorities in Tanzania, a study to establish the levels of e-records readiness and e-government in the public sector in Tanzania, and a study to investigate the training of National Archives personnel in order to establish their levels of education and how they impact on the management of records in the government ministries. Furthermore, a study should be conducted to establish the role of records management in addressing corruption, fraud and maladministration in the public sector of Tanzania. A study to assess records
management performance in the public sector using international standards such as ISO 15489 Information and Documentation-Records Management, General International Standard Archival Description (ISAD(G)), ISO/DIS 11799 Document Storage Requirements for Archive and Library Materials and ISO 11108: 1996 Information and Documentation-Paper for Archival Documents, is also important. / Thesis (Ph.D.)-University of KwaZulu-Natal, Pietermaritzburg, 2010.
|
278 |
The significance of records management to fostering accountability in the public service reform programme of Tanzania.Ndenje-Sichalwe, Esther. January 2010 (has links)
This study investigated the extent to which records management practices fostered accountability in the Public Service Reform Programme (PSRP) in some government ministries in Tanzania. The effective implementation of the PSRP depends largely on many factors, the most important of which is the proper and well organized methods of managing public records. It is essential for government ministries to ensure that records are properly managed at every stage of the records life cycle, so that the information they contain can provide evidence of transactions and the efficient and effective provision of service to the public. The records life cycle model through its phases formed the theoretical foundation of the study. A mixed methods research approach was adopted and quantitative approach was used as a dominant paradigm. Both quantitative and qualitative data were gathered simultaneously during a single phase of data collection. Data was collected through a questionnaire administered to registry personnel from the government ministries, interviews with senior ministerial officials, National Archives personnel from the Records and Archives Management Department (RAMD) and staff from Tanzania Public Service College. The overall response rate from the questionnaire was 67%. An observation checklist was further used to verify data obtained from the questionnaire and interviews. Quantitative data was analyzed using the SPSS statistical package version 15.0 and the results of the study are presented in the form of figures, tables and text, while qualitative data from interviews was content analyzed and in some instances presented in tabular form. The findings of the study indicated that records in some government ministries in Tanzania were not properly managed to foster accountability in the implementation of the PSRP. The study established that although the introduction of the PSRP has resulted in some efforts in reforming records management practices in the government ministries, current records management in the government ministries was still weak, thus fostering accountability in the PSRP would be difficult. The findings of the study revealed a lack of registry mission statements, records management policy and dedicated budgets for v registry sections. The majority of government registries in Tanzania lacked records retention schedules and systematic disposal of records resulting in heavy congestion of records and poor retrieval of information. Further, disaster preparedness and security control for records and archives did not form a significant part of the records management activities in the government ministries of Tanzania. On the extent of the use of computer applications in the management of records, the findings indicated the existence of computers in some registries but few computers were used to create records. National Archives and registry personnel faced challenges in the management of electronic records. The study established that National Archives personnel had not undertaken surveys to determine the number of electronic records created in the ministries. The findings of the study showed that although registry personnel received professional records management advice from the National Archives personnel, they did not implement the advice. The findings of the study revealed that the levels of skills and training of registry personnel was relatively low. The majority of registry personnel had not attended courses to update their knowledge and skills. To foster accountability in the public sector, the major recommendation of the study was the restructuring of records management systems. The restructuring should include enacting records management policies in order to accommodate the changes brought about by technology to enhance the proper management of records and effective implementation of the PSRP. The study recommends that government ministries should allocate dedicated budgets for registries. A budget should make provision for registry supplies and equipment and should ensure that registry personnel are provided with formal training in records management so as to develop their levels of skills and training. In order to ensure reliability, integrity, authenticity and long-term preservation of electronic records in support of the requirements of good government and fostering accountability, the study recommended for the integrated approach to records management to be considered in order to incorporate records in both paper and electronic formats. Further, the National Archives should undertake a survey at least annually, to determine the number of electronic records created in the government vi ministries. It is recommended that the government should update Records and Archives Management Act No.3 of 2002 to reflect the management of electronic records. National Archives should develop records retention and disposition schedules and records should be disposed of regularly in order to create more space for the current records, thus enhancing accountability in the implementation of the PSRP. The study recommends that professional records management advice should be provided on a regular and continuing basis. The National Archives should work closely with the President’s Office-Public Service Management to organize training for senior ministerial officials in order to create awareness regarding the importance of managing records as a strategic resource and its effectiveness in fostering accountability in the implementation of the public service reform programme. The setting up of standards and guidelines on the training of registry personnel is also necessary in order to enhance their status and skills. Enhancing their status and skills would be important for the proper management of records throughout their life cycle to foster accountability in the effective implementation of the PSRP. The study further recommended several issues which could be the subject of further investigation by other researchers in the field, including investigating the current records management practices in Judiciary, Parliament and local government authorities in Tanzania, a study to establish the levels of e-records readiness and e-government in the public sector in Tanzania, and a study to investigate the training of National Archives personnel in order to establish their levels of education and how they impact on the management of records in the government ministries. Furthermore, a study should be conducted to establish the role of records management in addressing corruption, fraud and maladministration in the public sector of Tanzania. A study to assess records management performance in the public sector using international standards such as ISO 15489 Information and Documentation-Records Management, General International Standard Archival Description (ISAD(G)), ISO/DIS 11799 Document Storage Requirements for Archive and Library Materials and ISO 11108: 1996 Information and Documentation-Paper for Archival Documents, is also important. / Thesis (Ph.D.)-University of KwaZulu-Natal, Pietermaritzburg, 2010.
|
279 |
SCRIPSIT : a model for establishing trustable privacies in online public spaces.Rodda, Paul Trevor-John. January 2004 (has links)
This dissertation proposes a model supporting the creation of trustable privacies in public online spaces, with the model demonstrating the potential for supporting trustable data handling in the qualitative domain. Privacy and trust, from the pivotal
perspective of the individual were identified as crucial intangibles in the qualitative
research and personal trust domains. That both privacy and trust depend heavily upon
credible mechanisms for privacy became clear during the literature review and
interview processes.
Privacy, in its many forms, is a concept requiring greatly varying degrees of
anonymity, confidentiality and control (Rotenberg, 2001; Lessig, 1998) and this was
position was validated by literature and by qualitative comments by academic
interviewees.
Facilitation of secondary users including academics, public and private organisations,
communities, casual information browsers is a goal of this research. This goal of
facilitation is supported by the model proposed, and is discussed in Chapter 6, where
future work is discussed. The core requirement to address confidentiality, ethics,
privacy, ownership and control of data (Corti, 2000) is satisfied by the model as
proposed and discussed.
Expected outcomes of this research project are summarised as:
• Proposed model for the creation of trustable privacies in public spaces.
[Primary outcome]
• Promotion of collaboration amongst domains and disciplines through
improved universal access to archived data [Secondary outcome]
• Identification of application domains outside of the initially identified domain
set [Secondary outcome].
Self-Contained ReposItory ProcesSIng Template (SCRIPSIT) describes a model
supporting a decentralised, trustable set of structures and mechanisms. SCRIPSIT has
its eponymous origin in the Latin word scripsit, meaning "he or she wrote". / Thesis (M.A.)-University of KwaZulu-Natal, Durban, 2004.
|
280 |
Efficient Anonymous Biometric Matching in Privacy-Aware EnvironmentsLuo, Ying 01 January 2014 (has links)
Video surveillance is an important tool used in security and environmental monitoring, however, the widespread deployment of surveillance cameras has raised serious privacy concerns. Many privacy-enhancing schemes have been recently proposed to automatically redact images of selected individuals in the surveillance video for protection. To identify these individuals for protection, the most reliable approach is to use biometric signals as they are immutable and highly discriminative. If misused, these characteristics of biometrics can seriously defeat the goal of privacy protection. In this dissertation, an Anonymous Biometric Access Control (ABAC) procedure is proposed based on biometric signals for privacy-aware video surveillance. The ABAC procedure uses Secure Multi-party Computational (SMC) based protocols to verify membership of an incoming individual without knowing his/her true identity. To make SMC-based protocols scalable to large biometric databases, I introduce the k-Anonymous Quantization (kAQ) framework to provide an effective and secure tradeoff of privacy and complexity. kAQ limits systems knowledge of the incoming individual to k maximally dissimilar candidates in the database, where k is a design parameter that controls the amount of complexity-privacy tradeoff. The relationship between biometric similarity and privacy is experimentally validated using a twin iris database. The effectiveness of the entire system is demonstrated based on a public iris biometric database.
To provide the protected subjects with full access to their privacy information in video surveillance system, I develop a novel privacy information management system that allows subjects to access their information via the same biometric signals used for ABAC. The system is composed of two encrypted-domain protocols: the privacy information encryption protocol encrypts the original video records using the iris pattern acquired during ABAC procedure; the privacy information retrieval protocol allows the video records to be anonymously retrieved through a GC-based iris pattern matching process. Experimental results on a public iris biometric database demonstrate the validity of my framework.
|
Page generated in 0.063 seconds