Global ETD Search

451	A framework to implement delegation in offline PACS : A strategy to restrict user’s path Bharath, Tati January 2013 (has links) Physical access control systems (PACS) deal with the security of the availability of resources. They work as an alternative to traditional manual security access control. Access control has two variants, the logical which deals with computer environments and the physical which deals with the physical entry into a property or warehouses. However, offline physical access control systems cannot enforce the user’s path making it unsuitable for use in classified areas, such as places where the public is restricted. Therefore, offline PACS need a framework that can delegate the authority to enforce the user’s path. This is satisfactorily met in the presented research with a new design of offline PACS that has the capability to implement delegation. This framework allows the locks to dynamically write and read access policies onto and from a smart card. It works by means of a construct called “Path Array” and communication among different entities occurs via a chain of trust formed with the use of pre-shared keys. smart card authentication offline physical access control delegation shared secret keys design science Engineering and Technology Teknik och teknologier
452	Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management Infrastructure Khodaei, Mohammad January 2016 (has links) Vehicular Communication (VC) systems can greatly enhance road safety and transportation efficiency. Vehicles are equipped with sensors to sense their surroundings and the internal Controller Area Network (CAN) bus. Hence, vehicles are becoming part of a large-scale network, the so-called Internet of Vehicles (IoV). Deploying such a large-scale VC system cannot materialize unless the VC systems are secure and do not expose their users’ privacy. Vehicles could be compromised or their sensors become faulty, thus disseminating erroneous information across the network. Therefore, participating vehicles should be accountable for their actions. Moreover, user privacy is at stake: vehicles should disseminate spatio-temporal information frequently. Due to openness of the wireless communication, an observer can eavesdrop the communication to infer users’ sensitive information, thus profiling users. The objective is to secure the communication, i.e., prevent malicious or compromised entities from affecting the system operation, and ensure user privacy, i.e., keep users anonymous to any external observer but also for security infrastructure entities and service providers.In this thesis, we focus on the identity and credential management infrastructure for VC systems, taking security, privacy, and efficiency into account. We begin with a detailed investigation and critical survey of the standardization and harmonization efforts. We point out the remaining challenges to be addressed in order to build a Vehicular Public-Key Infrastructure (VPKI). We provide a VPKI design that improves upon existing proposals in terms of security and privacy protection and efficiency. More precisely, our scheme facilitates multi-domain operations in VC systems and enhances user privacy, notably preventing linking of pseudonyms based on timing information and offering increased protection in the presence of honest-but-curious VPKI entities. We further extensively evaluate the performance of the full-blown implementation of our VPKI for a large-scale VC deployment. Our results confirm the efficiency, scalability and robustness of our VPKI. / <p>QC 20160927</p> Vehicular Communications Security Privacy Access Control Identity and Credential Management Vehicular PKI Elektroteknik och elektronik
453	Discretionary Version Control : Access Control for Versionable Documents / Diskretionär versionshantering : Accesskontroll för versionshanterade dokument Hermansson, Rickard, Hellström, Johan January 2014 (has links) A common problem in the workplace is sharing digital documents with coworkers. Forsome companies the problem extends to wanting the documentskept internally backedup and controlling which people in the company has rights to read and revise certaindocuments.This paper shows different systems and models for access control, version control,and distribution of the documents that can be used to create asystem that solves theseproblems.One requirement for this system was a user interface where users can upload, down-load and manage access to their documents. Another requirement was a service thathandles version control for the documents, and a way to quickly connect and distributethe documents. The system also needed to be able to handle access control of the ver-sioned documents on document level, referred to as "fine grained access control" in thispaper.These models and systems were evaluated based on aspects of the access control mod-els, version control systems, and distribution systems andprotocols. After evaluating,appropriate selections were made to create a prototype to test the system as a whole.The prototype ended up meeting the goals that Nordicstationset for the project butonly with basic functionality. Functionality for retrieving any version from a docu-ments history, controlling access for the documents at document level, and a simpleweb based user interface for managing the documents. / Att enkelt dela dokument med arbetskollegor är något alla företag har ett behov utav.Ofta är dessa dokument interna och skall hållas inom företaget. Även inom företagetkan det finnas behov av att styra vem som har rätt att läsa ellerrevidera dokumenten.Denna examensarbetesrapport beskriver olika tekniker ochmodeller för accesskon-troll, versionshantering och distribution som kan användas för att implementera ettsystem som kan lösa de nämnda problemen.Ett av kraven för systemet var ett användargränssnitt där användare kan ladda upp ochned sina dokument. Ytterligare krav var att systemet skulleversionshantera dokumenetenoch att användare skall kunna komma åt de olika versionerna.Systemet skulle ocksåkunna hantera åtkomstkontroll på dokumentnivå, något denna examensrapport definerarsom "fine grained access control".För att designa ett sådant system så utredes och utvärderades olika tekniker kringåtkomstkontroll och versionshantering samt distributionav dokumenten. För att testasystemet så utvecklads en prototyp baserad på de valda lösningsmetoderna.Den resulterande prototypen uppfyllde de mål som Nordicstation satte för projektet,dock endast med grundläggande funktionalitet. Stöd för atthämta olika versioner avdokument, kontrollera access till dokumentet nere på dokument nivå och ett webbaseratgränssnitt för att administrera dokumenten. Version control access control content management docu ment control java content repository webDAV document sharing Computer Engineering Datorteknik
454	Discretionary Version Control : Access Control for Versionable Documents / Diskretionär versionshantering : Accesskontroll för versionshanterade dokument Hermansson, Rickard, Hellström, Johan January 2014 (has links) A common problem in the workplace is sharing digital documents with coworkers. Forsome companies the problem extends to wanting the documentskept internally backedup and controlling which people in the company has rights to read and revise certaindocuments.This paper shows different systems and models for access control, version control,and distribution of the documents that can be used to create asystem that solves theseproblems.One requirement for this system was a user interface where users can upload, down-load and manage access to their documents. Another requirement was a service thathandles version control for the documents, and a way to quickly connect and distributethe documents. The system also needed to be able to handle access control of the ver-sioned documents on document level, referred to as "fine grained access control" in thispaper.These models and systems were evaluated based on aspects of the access control mod-els, version control systems, and distribution systems andprotocols. After evaluating,appropriate selections were made to create a prototype to test the system as a whole.The prototype ended up meeting the goals that Nordicstationset for the project butonly with basic functionality. Functionality for retrieving any version from a docu-ments history, controlling access for the documents at document level, and a simpleweb based user interface for managing the documents. / Att enkelt dela dokument med arbetskollegor är något alla företag har ett behov utav.Ofta är dessa dokument interna och skall hållas inom företaget. Även inom företagetkan det finnas behov av att styra vem som har rätt att läsa ellerrevidera dokumenten.Denna examensarbetesrapport beskriver olika tekniker ochmodeller för accesskon-troll, versionshantering och distribution som kan användas för att implementera ettsystem som kan lösa de nämnda problemen.Ett av kraven för systemet var ett användargränssnitt där användare kan ladda upp ochned sina dokument. Ytterligare krav var att systemet skulleversionshantera dokumenetenoch att användare skall kunna komma åt de olika versionerna.Systemet skulle ocksåkunna hantera åtkomstkontroll på dokumentnivå, något denna examensrapport definerarsom "fine grained access control".För att designa ett sådant system så utredes och utvärderades olika tekniker kringåtkomstkontroll och versionshantering samt distributionav dokumenten. För att testasystemet så utvecklads en prototyp baserad på de valda lösningsmetoderna.Den resulterande prototypen uppfyllde de mål som Nordicstation satte för projektet,dock endast med grundläggande funktionalitet. Stöd för atthämta olika versioner avdokument, kontrollera access till dokumentet nere på dokument nivå och ett webbaseratgränssnitt för att administrera dokumenten. Version control access control content management docu ment control java content repository webDAV document sharing Computer Engineering Datorteknik
455	User access control platform based on simple IoT household devices Xiao, Ruijie January 2021 (has links) The Internet of Things (IoT) industry has been thriving for the past few years, especially in the household field. The proposal of smart homes has enabled a increasing number of IoT products to enter people’s daily lives. However, the access control in smart homes has gradually grown up to be a prominent problem. Traditional access control mechanisms consider one unique trusted user that controls all access to the devices. However, multiuser and multi-device smart home scenarios pose fundamentally different challenges to the traditional single-user systems. Multiple trusted users are expected to manage the whole smart home system. Furthermore, the access control system of smart homes needs to consider the complexity of user relationships, the convenience of user experience, and the flexibility of access control. So the basic question this project is intended to answer can be concluded as: how to design an access control system based on the user-desired access control mechanism in the context of multiple users and multiple devices? This project first investigates both technical background and user study researches, summarizing current issues. Then, to study user perceptions of current access control systems, this project carries out semi-structured interviews, identifying user needs in access control systems. Finally, a fine-grained prototype satisfying user needs is offered. It consists of three modules, namely the user interaction module, the backend module and the manager module. Permissions are assigned through the user interaction module, translated into access control policies at the backend module and enforced by the manager module. The proposed prototype is then implemented in a simulated smart home environment and evaluated on its feasibility to identified requirements. / Internet of Things (IoT) industrin har blomstrat de senaste åren, särskilt inom hushållsområdet. Förslaget om smarta hem har gjort det möjligt för ett ökande antal IoT produkter att komma in i människors vardag. Tillgångskontrollen i smarta hem har dock gradvis vuxit till att bli ett framstående problem. Traditionella åtkomstkontrollmekanismer överväger en unik betrodd användare som styr all åtkomst till enheterna. Men smarta hemscenarier för flera användare och flera enheter utgör emellertid fundamentalt olika utmaningar för de traditionella enanvändarsystemen. Flera betrodda användare förväntas hantera hela systemet för smarta hem. Dessutom måste system för åtkomstkontroll i smarta hänsyn beakta komplexiteten i användarrelationer, användarupplevelsens bekvämlighet och flexibiliteten i åtkomstkontroll. Så den grundläggande frågan som detta projekt är tänkt att besvara kan slutas som: hur man utformar ett åtkomstkontrollsystem baserat på den användarönskade åtkomstkontrollmekanismen i flera användare och flera enheter? Detta projekt undersöker först både teknisk bakgrund och användarstudier, som sammanfattar aktuella frågor. För att studera användaruppfattningar om nuvarande åtkomstkontrollsystem genomför detta projekt halvstrukturerade intervjuer som identifierar användarens behov i åtkomstkontrollsystem. Slutligen erbjuds en finkornig prototyp som uppfyller användarens behov. Den består av tre moduler, nämligen användarinteraktionsmodulen, backendmodulen och chefsmodulen. Behörigheter tilldelas via användarinteraktionsmodulen, översätts till åtkomstkontrollpolicyer på backend-modulen och tillämpas av chefsmodulen. Den föreslagna prototypen implementeras sedan i en simulerad smart hemmiljö och utvärderas om det är genomförbart för identifierade krav. IoT Smart Home Multiuser Multi-device Access Control IoT Smart hem Fleranvändare Multi-enhet Åtkomstkontroll Computer and Information Sciences Data- och informationsvetenskap
456	A Scheduling Scheme for Efficient Wireless Charging of Sensor Nodes in WBAN Rabby, Md Khurram M., Alam, Mohammad Shah, Shawkat, Shamim Ara, Hoque, Mohammad A. 14 August 2017 (has links) This paper presents a scheduling algorithm for point to point wireless power transfer system (WPTS) to sensor nodes of wireless body area networks (WBAN). Since the sensors of wireless body area networks are continuously monitoring and sending data to remote central unit, power crisis for these sensor nodes degrades the data transfer of patient monitoring system. Although energy harvesting from ambient sources using electromagnetic induction enhances the longevity of sensor performance, continuous operation in the primary side decreases the overall efficiency. With such paradigm in sight, a framework is proposed for increasing the primary battery longevity and reducing the transmission loss, inductive power is transmitted from primary to secondary unit using medium access control (MAC) protocols for underlying the centralized scheduling opportunity in a collision free scheme for channel access of rare yet critical emergency situation. In a preliminary study, the proposed scheduling for charging sensor nodes in a wireless body area network (WBAN) is evaluated in a case consideration. energy harvesting (EH) medium access control (MAC) wireless body area networks (WBAN) wireless power transfer system (WPTS) Computing
457	Partage de documents sécurisé dans le Cloud Personnel / Secure document sharing through Personnal Cloud Tran van, Paul 03 April 2018 (has links) Ces dernières années ont été marquées par une numérisation croissante de nos vies, conjuguée à une explosion du volume des données personnelles sur Internet. Cela a favorisé l’émergence d’un marché focalisé sur leur analyse, afin d’établir des profils de plus en plus poussés et intrusifs des individus, généralement à leur insu. Parallèlement, des surveillances d’états se mettent en place qui font craindre un glissement progressif vers des dystopies jusqu’ici réservées à la littérature. Afin de répondre à cette situation, le paradigme du Cloud personnel s’est développé : chaque utilisateur a désormais la possibilité de stocker et gérer l’intégralité de son patrimoine numérique dans un unique espace de confiance dont il est le seul responsable.Cette responsabilisation entraîne cependant un changement de gouvernance sur les données, dont la sécurité et l’administration reposent désormais sur les épaules des individus. En particulier lorsqu’ils souhaitent partager leurs documents et donc les exposer à des personnes ou services tiers. Cette thèse propose ainsi un nouveau paradigme dans la façon de partager dans le Cloud personnel qui met l’accent sur la sécurité, mais aussi sur le contrôle et la simplicité d’utilisation par les individus. Trois contributions sont faites en ce sens : (i) une architecture Privacy-by-Design, dédiée au Cloud personnel, (ii) un modèle de partage adapté aux propriétés du Cloud personnel et (iii) un protocole de partage implémenté dans la plateforme Cozy. / These past years have witnessed a growing digitalization of our lives, combined with an explosion of personal data quantity on the Internet. This has opened the way to a data-driven market focused on their analysis for profiling purposes, increasingly intrusive and most of the time performed without the user acknowledgement. At the same time, states surveillances are being established, raising concerns about potential dystopias, until now confined in the literature. To tackle this situation, the Personal Cloud paradigm has risen: each user has now the possibility to store and manage all her digital life in a trusted space in which she is the sole responsible.However, this empowerment leads to a governance switch. The user is now in charge of the security and the administration of their data. In particular in the sharing context, where the data is exposed to people or third-parties. Therefore, this thesis proposes a new paradigm in the way the sharing is performed in the Personal Cloud. It focuses on security, control and on a better simplicity of use for the users. Three contributions are made in this direction: (i) a Privacy-by-Design architecture, dedicated for the Personal Cloud context, (ii) a sharing model suited for the Personal Cloud properties and (iii) a sharing protocol implemented in the Cozy platform. Partage Sécurité Informatique dans les nuagesl Vie privée Contrôle d'accès Sharing Security Personal Cloud Privacy Access Control 004.36
458	Sharing and Usage Control of Personal Information / Partage et Contrôle d'Usage de Données Personnelles Katsouraki, Athanasia 28 September 2016 (has links) Nous vivons une véritable explosion du volume des données personnelles numériques qui sont générés dans le monde chaque jour (ex. capteurs, web, réseaux sociaux, etc.). En conséquence, les particuliers se sentent exposés tandis qu'ils partagent et publient leurs données. Ainsi, il est clair que des outils et des méthodes sont nécessaires pour contrôler la façon dont leurs données sont collectées, gérées et partagées. Les défis sont principalement axées sur le manque d'applications ou de solutions techniques qui assurent la gestion et le partage sécurisés de données personnelles. Le défi principal est de fournir un outil sécurisé et adaptable qui peut être utilisé par tout utilisateur, sans formation technique. Cette thèse fait trois contributions importantes dans le domaine de la protection de la vie privée : (i) Une implémentation du model UCONABC, un modèle de contrôle d'usage, appliqué à un scénario de réseau social, (ii) une extension algébrique de UCON pour contrôler des partages complexes de données (en transformant des données personnelles en données partageable et/ou publiables), et (iii) la conception, l'implémentation et le déploiement sur le terrain d'une plateforme pour la gestion de données sensibles collectées au travers de formulaires d'enquêtes. / We are recently experiencing an unprecedented explosion of available personal data from sensors, web, social networks, etc. and so people feel exposed while they share and publish their data. There is a clear need for tools and methods to control how their data is collected managed and shared. The challenges are mainly focused on the lack of either applications or technical solutions that provide security on how to collect, manage and share personal data. The main challenge is to provide a secure and adaptable tool that can be used by any user, without technical background. This thesis makes three important contributions to the field of privacy: (i) a prototype implementation of the UCONABC model, a usage control model, applied to an online social networks scenario, (ii) an algebraic extension to UCON to control the complex sharing of data (by transforming personal data into sharable and publishable data) and (iii) the design, implementation and field testing of a secure platform to manage sensitive data collected through online forms. Confidentialité Sécurité Contrôle d'accès Workflows Opérateurs Contrôle de l'utilisation Privacy Security Access Control Workflows Operators Usage Control 005.8
459	Securing Data in a Cloud Environment: Access Control, Encryption, and Immutability / Säkerhetshantering av data som överförs genom molnbaserade tjänster: åtkomstkontroll, kryptering och omutlighet Al Khateeb, Ahmad, Summaq, Abdulrazzaq January 2023 (has links) The amount of data and the development of new technologies used by all society-critical organizations are increasing dramatically. In parallel, data breaches, cyber-attacks, and their devastating consequences are also on the rise, as well as the number of individuals and organizations that are potential targets for such attacks. This places higher demands on security in terms of protecting data against cyber-attacks and controlling access to data that authenticated users want to access. The paper focuses on studying concepts of secure data practices in a GitLab-based cloud environment. The objective is to give answers to questions such as how to ensure the guarantee of secure data and protect it from unauthorized access and changes. The work behind this thesis includes exploring techniques for access control, data encryption, and data immutability. The study is followed by an implementation project that includes fetching code from GitLab verifying user identity and access control, managing data access, and displaying the results. The results of the thesis demonstrate the effectiveness of the implemented security measures in protecting data and controlling access. / Mängden av data och utvecklingen av banbrytande teknologier som idag används av alla samhällsbärande organisationer ökar drastiskt. I samma takt ökar dataintrång, cyberattacker och dess förödande konsekvenser samt antalet personer och organisationer som utgör potentiella offer för sådana typer av attacker. Detta ställer högre krav på säkerheten när det gäller att skydda data mot cyberattacker, men även att kontrollera åtkomsten till data som autentiserade användare vill komma åt. Rapporten fokuserar på att studera hur data säkras i GitLab-baserade molnsystem. Syftet med detta arbete är att ge svar på frågeställningar som till exempel att lova säker åtkomst och skydd för data från obehörig åtkomst och ändringar. Arbetet bakom detta projekt inkluderade undersökning av tekniker som används inom accesskontroll, datakryptering och data-omutlighet. Studien resulterade i en implementation som möjliggör att hämta signerade ändringar (Commits) från GitLab, verifiera användaridentiteten och åtkomstbehörighet, hantera dataåtkomst samt presentera resultaten. Resultaten av detta examensarbete demonstrerar effektiviteten av den implementerade säkerhetsteknikerna i att skydda data och kontrollera access. Access Control Authorization Keycloak GPG Keys Encryption GitLab Version Control Neo4j Data Security Computer Sciences Datavetenskap (datalogi)
460	Integration of Attribute-Based Encryption and IoT: An IoT Security Architecture Elbanna, Ziyad January 2023 (has links) Services relying on internet of things (IoTs) are increasing day by day. IoT makes use of internet services like network connectivity and computing capability to transform everyday objects into smart things that can interact with users, and the environment to achieve a purpose they are designed for. IoT nodes are memory, and energy constrained devices that acquire information from the surrounding environment, those nodes cannot handle complex data processing and heavy security tasks alone, thus, in most cases a framework is required for processing, storing, and securing data. The framework can be cloud-based, a publish/subscribe broker, or edge computing based. As services relying on IoT are increasing enormously nowadays, data security and privacy are becoming concerns. Security concerns arise from the fact that most IoT data are stored unencrypted on untrusted third-party clouds, which results in many issues like data theft, data manipulation, and unauthorized disclosure. While some of the solutions provide frameworks that store data in encrypted forms, coarse-grained encryption provides less specific access policies to the users accessing data. A more secure control method applies fine-grained access control, and is known as attribute-based encryption (ABE). This research aims to enhance the privacy and the security of the data stored in an IoT middleware named network smart objects (NOS) and extend its functionality by proposing a new IoT security architecture using an efficient ABE scheme known as key-policy attribute-based encryption (KP-ABE) along with an efficient key revocation mechanism based on proxy re-encryption (PRE). Design science research (DSR) was used to facilitate the solution. To establish the knowledge base, a previous case study was reviewed to explicate the problem and the requirements to the artefact were elicited from research documents. The artefact was designed and then demonstrated in a practical experiment by means of Ubuntu operating system (OS). Finally, the artefact’s requirements were evaluated by applying a computer simulation on the Ubuntu OS. The result of the research is a model artefact of an IoT security architecture which is based on ABE. The model prescribes the components and the architectural structure of the IoT system. The IoT system consists of four entities: data producers, data consumers, NOS, and the TA. The model prescribes the new components needed to implement KP-ABE and PRE modules. First, data is transferred from data producers to NOS through secure hypertext transfer protocol (HTTPS), then the data is periodically processed and analyzed to obtain a uniform representation and add useful metadata regarding security, privacy, and data-quality. After that, the data is encrypted by KP-ABE using users’ attributes. PRE takes place when a decryption key is compromised, then the ciphertext is re-encrypted to prevent it’s disclosure. The evaluation results show that the proposed model improved the data retrieval time of the previous middleware by 32% and the re-encryption time by 87%. Finally, the author discusses the limitations of the proposed model and highlights directions for future research. Internet of things Attribute based encryption Fine-grained access control Key revocation Proxy re-encryption Computer Sciences Datavetenskap (datalogi)

Search results