Performance Analysis of Security Protocols

Donta, Praveen Kumar

01 January 2007

Security is critical to a wide range of applications and services. Numerous security mechanisms and protocols have been developed and are widely used with today’s Internet. These protocols, which provide secrecy, authentication, and integrity control, are essential to protecting electronic information. There are many types of security protocols and mechanisms, such as symmetric key algorithms, asymmetric key algorithms, message digests, digital certificates, and secure socket layer (SSL) communication. Symmetric and asymmetric key algorithms provide secrecy. Message digests are used for authentication. SSL communication provides a secure connection between two sockets. The purpose of this graduate project was to do performance analysis on various security protocols. These are performance comparisons of symmetric key algorithms DES (Data Encryption Standard), 3DES (Triple DES), AES (Advanced Encryption Standard), and RC4; of public-private key algorithms RSA and ElGamal; of digital certificates using message digests SHA1 (Secure Hash Algorithm) and MD5; and of SSL (Secure Sockets Layer) communication using security algorithms 3DES with SHA1 and RC4 with MD5.

UNF

University of North Florida

School of Computing

Computer security -- Evaluation

Computer network protocols -- Evaluation

Computer Sciences

Efficient Schemes for Improving the Performance of Clock Synchronization Protocols in Wireless Sensor Networks Using TDMA- based MAC Protocols

Watwe, Siddharth P

January 2015

Clock synchronization in a wireless sensor network (WSN) is essential as it provides a consistent and a coherent time frame for all the nodes across the network. Typically, clock synchronization is achieved by message passing using carrier sense multiple access (CSMA) for media access. The nodes try to synchronize with each other, by sending synchronization request messages. If many nodes try to send messages simultaneously, contention-based schemes cannot efficiently avoid collisions which results in message losses and affects the synchronization accuracy. Since the nodes in a WSN have limited energy, it is required that the energy consumed by the clock synchronization protocols is as minimum as possible. This can be achieved by reducing the duration for which the clock synchronization protocols execute. Synchronous clock synchronization protocols in WSNs execute the clock synchronization process at each node, roughly during the same real-time interval, called synchronization phase. The duration when there is no synchronization activity is called the synchronization interval. Synchronization phases are divided into synchronization rounds. The energy consumed by these protocols depends on the duration of the synchronization phase and how frequently the synchronization phase is executed. Hence, to minimize the energy consumption by each node, the duration of synchronization phase should be as small as possible. Due to different drift rates of the clocks, the synchronization phases at different nodes drift apart and special techniques are required to keep them in sync. An existing protocol, called improved weighted-average based clock synchronization (IWICS) uses a pullback technique to achieve this. If a message from (i + 1)th synchronization round is received by a node still executing the ith synchronization round, the receiving node reduces its next synchronization interval to ensure greater overlap in the synchronization rounds. The reduction in overlap is a gradual and continuous phenomenon, and so, it can be detected and dealt with continuously. In this thesis, first, we make use of TDMA-based MAC protocols, instead of CSMA, to deal with the problem of message losses. We discuss the challenges of using TDMA-based MAC protocols for clock synchronization and how to overcome these challenges. Second, The IWICS protocol calculates the virtual drift rate which we use to modify the duration of the synchronization interval so that there is more overlap between the synchronization phases of neighbouring nodes. We refer to this technique as drift rate correction. Finally, we propose a different pullback technique where the pullback detection is carried out in each of the synchronization phase as opposed to the old pullback mechanism where it would be detected only when an out-of-round synchronization message is received. The proposed pullback technique when applied to the current synchronization interval ensures that the synchronization phases, that follow the current synchronization interval, are better synchronized with each other. As a result of this, we are able to reduce the duration of synchronization phases further. The IWICS protocol with all these modifications incorporated is termed as the TIWICS (TDMA-based IWICS) protocol. Simulation and experimental results confirm that the TIWICS protocol performs better in comparison to the existing protocols.

Wireless Sensor Networks

Media Access Control (MAC) Protocols

Clock Synchronization

Time Division Multiple Acccess (TDMA)

Energy Efficiency

TIWICS Protocol

TDMA MAC Protocol

Energy Conservation

Information Networking

WSNs

TDMA-based MAC Protocol

Clock Synchronization Protocol

Computer Science

Enhancing Security in Managing Personal Data by Web Systems

Wild, Stefan

12 June 2017

Web systems have become an integral part in daily life of billions of people. Social is a key characteristic today’s web projects need to feature in order to be successful in the social age. To benefit from an improved user experience, individual persons are continually invited to reveal more and more personal data to web systems. With a rising severity of attacks on web systems, it is evident that their security is inadequate for the amount of accumulated personal data. Numerous threat reports indicate that social media has become a top-ranking attack target, with climbing impacts, with ramifications beyond single individuals and with a booming black market to trade leaked personal data. To enhance information security in managing personal data by web systems for the mutual benefit of individual persons, companies and governments, this dissertation proposes a solution architecture and three research contributions. While the solution architecture establishes the foundation for a more secure management of personal data by web systems, the research contributions represent complementary components for protecting personal data against unwanted data disclosure, tampering and use without the actual data owner’s intent or knowledge. Not only do these components enable seamless integration and combination, but they also contribute to assure quality and maintainability. The dissertation concludes with discussing evaluation results and providing an outlook towards future work.

Identitätsmanagement

Integritätsprüfung

Informationssicherheit

Persönliche Daten

Websystem

Identity Management

Access Control

Integrity Verification Delegation

Information Security

Personal Data

Semantic Web World Wide Web

Web Engineering

Web Systems

ddc:004

Identitätsverwaltung

Zugriffskontrolle

Delegation

Personenbezogene Daten

Modellierung

Security in cloud computing / La sécurité dans le Cloud

Lounis, Ahmed

03 July 2014

Le Cloud Computing, ou informatique en nuages, est un environnement de stockage et d’exécution flexible et dynamique qui offre à ses utilisateurs des ressources informatiques à la demande via internet. Le Cloud Computing se développe de manière exponentielle car il offre de nombreux avantages rendus possibles grâce aux évolutions majeures des Data Centers et de la virtualisation. Cependant, la sécurité est un frein majeur à l’adoption du Cloud car les données et les traitements seront externalisés hors de site de confiance de client. Cette thèse contribue à résoudre les défis et les issues de la sécurité des données dans le Cloud pour les applications critiques. En particulier, nous nous intéressons à l’utilisation de stockage pour les applications médicales telles que les dossiers de santé électroniques et les réseaux de capteurs pour la santé. D’abord, nous étudions les avantages et les défis de l’utilisation du Cloud pour les applications médicales. Ensuite, nous présentons l’état de l’art sur la sécurité dans le Cloud et les travaux existants dans ce domaine. Puis nous proposons une architecture sécurisée basée sur le Cloud pour la supervision des patients. Dans cette solution, nous avons développé un contrôle d’accès à granularité fine pour résoudre les défis de la sécurité des données dans le Cloud. Enfin, nous proposons une solution de gestion des accès en urgence. / Cloud computing has recently emerged as a new paradigm where resources of the computing infrastructures are provided as services over the Internet. However, this paradigm also brings many new challenges for data security and access control when business or organizations data is outsourced in the cloud, they are not within the same trusted domain as their traditional infrastructures. This thesis contributes to overcome the data security challenges and issues due to using the cloud for critical applications. Specially, we consider using cloud storage services for medical applications such as Electronic Health Record (EHR) systems and medical Wireless Sensor Networks. First, we discuss the benefits and challenges of using cloud services for healthcare applications. Then, we study security risks of the cloud, and give an overview on existing works. After that, we propose a secure and scalable cloud-based architecture for medical applications. In our solution, we develop a fine-grained access control in order to tackle the challenge of sensitive data security, complex and dynamic access policies. Finally, we propose a secure architecture for emergency management to meet the challenge of emergency access.

Virtualisation

Applications médicales

Réseaux de capteurs pour la santé

E-santé

Dossiers de santé électroniques

Cloud computing

E-health

Wireless sensor networks

Sensitive data

Security

Fine-grained access control

Attribute based encryption

Confidentiality

Privacy

Factors influencing reports on anti-retroviral therapy sites at Amathole health district

Roboji, Zukiswa

January 2014

The study sought to investigate the factors influencing the contents of antiretroviral therapy (ART) reports in the Amathole Health District of the Eastern Cape Province. A qualitative and quantitative study was conducted to assess the challenges that inhibit this phenomenon. Structurally, the population consists of Amahlati and Nkonkobe sub-districts. Operational managers, information officers, professional nurses, data capturers, and administration clerks were randomly selected from sixteen facilities. Data collection was done on semi-structured interviews, questionnaires; observations were done using the probability sampling method, and the findings were analysed according to the same technique. The study revealed that the District Health Information System (DHIS) is the universal data management and reporting system which all healthcare and ART facilities are using to manage ART. However, regardless of all these universal arrangements such as the use of the DHIS to aid in reporting, the contents of ART reports from various facilities have not been uniform due to various factors. There is a lack of a reliable network to link DHIS computers across facilities. The shift from paper-based to electronic data management has caused the difficulties in the collating and management of ART data since some facilities are manual paper- based while others are automated using the modern DHIS. Lack of daily capturing and validation is a major challenge across the ART facilities. Further, there are Non-Governmental Organisations(NGOs) such as AFRICARE and the IYDSA that have signed a memorandum of understanding (MOU) with the district to provide a budgetary support for staff training in data management of ART reports in the district. While the NGOs keep on assisting the ART facilities with data management, there is a lack of skills transfer. The district could not account on follow-up of ART patients from one facility to another. This is increasing the number of defaulting in ART patients, thus there is no accurate figures on retention of patients in ART Programme. The officials from ART sites tend to use their own transport to carry data from facilities to the district offices and this resulted in late submission of reports. The study thus recommends that, inter alia, data management and trainings should be done to improve data quality in reporting, a reliable computer network be installed, backed-up and maintained for data and report management in the all healthcare facilities. All the ART sites should adopt and use the automated data management system for universality and eliminating the faults of manual paper data management and reporting. This would ensure that the contents of ART reports are uniform and a true reflection of the situation on the ground towards universal access to ART and healthcare in the Amathole Health District, and South Africa at large.

Medical records -- Access control

Performance Analysis Of MAC Layer Of High Rate Wireless Personal Area Network (HR WPAN)

Mishra, Rajan

07 1900

No description available.

Wireless Personal Area Network

Medium Access Control Protocol

High Rate Wireless Personal Area Network

Quality of Service

HR-WPAN MAC

Queuing Systems

Communication Engineering

An ultra-low duty cycle sleep scheduling protocol stack for wireless sensor networks

Kleu, Christo

18 July 2012

A wireless sensor network is a distributed network system consisting of miniature spatially distributed autonomous devices designed for using sensors to sense the environment and cooperatively perform a specific goal. Each sensor node contains a limited power source, a sensor and a radio through which it can communicate with other sensor nodes within its communication radius. Since these sensor nodes may be deployed in inaccessible terrains, it might not be possible to replace their power sources. The radio transceiver is the hardware component that uses the most power in a sensor node and the optimisation of this element is necessary to reduce the overall energy consumption. In the data link layer there are several major sources of energy waste which should be minimised to achieve greater energy efficiency: idle listening, overhearing, over-emitting, network signalling overhead, and collisions. Sleep scheduling utilises the low-power sleep state of a transceiver and aims to reduce energy wastage caused by idle listening. Idle listening occurs when the radio is on, even though there is no data to transmit or receive. Collisions are reduced by using medium reservation and carrier sensing; collisions occur when there are simultaneous transmissions from several nodes that are within the interference range of the receiver node. The medium reservation packets include a network allocation vector field which is used for virtual carrier sensing which reduces overhearing. Overhearing occurs when a node receives and decodes packets that are not destined to it. Proper scheduling can avoid energy wastage due to over-emitting; over-emitting occurs when a transmitter node transmits a packet while the receiver node is not ready to receive packets. A protocol stack is proposed that achieves an ultra-low duty cycle sleep schedule. The protocol stack is aimed at large nodal populations, densely deployed, with periodic sampling applications. It uses the IEEE 802.15.4 Physical Layer (PHY) standard in the 2.4 GHz frequency band. A novel hybrid data-link/network cross-layer solution is proposed using the following features: a global sleep schedule, geographical data gathering tree, Time Division Multiple Access (TDMA) slotted architecture, Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA), Clear Channel Assessment (CCA) with a randomised contention window, adaptive listening using a conservative timeout activation mechanism, virtual carrier sensing, clock drift compensation, and error control. AFRIKAANS : 'n Draadlose sensor-netwerk is 'n verspreide netwerk stelsel wat bestaan uit miniatuur ruimtelik verspreide outonome toestelle wat ontwerp is om in harmonie saam die omgewing te meet. Elke sensor nodus besit 'n beperkte bron van energie, 'n sensor en 'n radio waardeur dit met ander sensor nodusse binne hulle kommunikasie radius kan kommunikeer. Aangesien hierdie sensor nodusse in ontoeganklike terreine kan ontplooi word, is dit nie moontlik om hulle kragbronne te vervang nie. Die radio is die hardeware komponent wat van die meeste krag gebruik in 'n sensor nodus en die optimalisering van hierdie element is noodsaaklik vir die verminder die totale energieverbruik. In die data-koppelvlak laag is daar verskeie bronne van energie vermorsing wat minimaliseer moet word: ydele luister, a uistering, oor-uitstraling, oorhoofse netwerk seine, en botsings. Slaap-skedulering maak gebruik van die lae-krag slaap toestand van 'n radio met die doel om energie vermorsing wat veroorsaak word deur ydele luister, te verminder. Ydele luister vind plaas wanneer die radio aan is selfs al is daar geen data om te stuur of ontvang nie. Botsings word verminder deur medium bespreking en draer deteksie; botsings vind plaas wanneer verskeie nodusse gelyktydig data stuur. Die medium bespreking pakkies sluit 'n netwerk aanwysing vektor veld in wat gebruik word vir virtuele draer deteksie om a uistering te verminder. Afluistering vind plaas wanneer 'n nodus 'n pakkie ontvang en dekodeer maar dit was vir 'n ander nodus bedoel. Behoorlike skedulering kan energie verkwisting as gevolg van oor-uistraling verminder; oor-uistraling gebeur wanneer 'n sender nodus 'n pakkie stuur terwyl die ontvang nog nie gereed is nie. 'n Protokol stapel is voorgestel wat 'n ultra-lae slaap-skedule dienssiklus het. Die protokol is gemik op draadlose sensor-netwerke wat dig ontplooi, groot hoeveelhede nodusse bevat, en met periodiese toetsing toepassings. Dit maak gebruik van die IEEE 802.15.4 Fisiese-Laag standaard in die 2.4 GHz frekwensie band. 'n Nuwe baster datakoppelvlak/netwerk laag oplossing is voorgestel met die volgende kenmerke: globale slaap-skedulering, geogra ese data rapportering, Tyd-Verdeling-Veelvuldige-Toegang (TVVT) gegleufde argitektuur, Draer-Deteksie-Veelvuldige-Toegang met Botsing-Vermyding (DDVT/BV), Skoon-Kanaal-Assessering (SKA) met 'n wisselvallige twis-tydperk, aanpasbare slaap-skedulering met 'n konserwatiewe aktiverings meganisme, virtuele draer-deteksie, klok-wegdrywing kompensasie, en fout beheer. Copyright / Dissertation (MEng)--University of Pretoria, 2012. / Electrical, Electronic and Computer Engineering / unrestricted

Dienssiklus

Energie-doeltreffendheid

Energie-beheer

Geographical routing

Clock drift

Slaap-skedulering

Sleep scheduling

Klok-wegdrywing

Wireless sensor networks

Energy e fficiency

Energy management

Geografiese data-rapportering

Draadlose sensor netwerke

Duty cycle

Medium access control

Medium-toegangsbeheer

UCTD

Návrh přístupového systému jako součást řešení fyzické bezpečnosti / Design of Access System as a Part of Physical Security Solution

Dohnal, Matěj

January 2017

This master’s thesis deals with design of an access system as a part of physical security solution for an energy company in the Czech Republic. The access system is designed to meet all legal requirements and conform to ISO 27001 certification. Implementation of the proposed access system is demonstrated on the selected company object, a representative example of connecting the critical infrastructure element and the company's common facility.

Návrh optimalizace a monitoringu infrastruktury serverovny podniku / Enterprise Server Room Infrastructure Optimalization and Monitoring

Hink, Tomáš

January 2019

This master's thesis deals with the design and implementation of optimization and monitoring of the server room. Optimization consists in designing access system and server room temperature measurement, automatic infrastructure start-up and power management, server and network infrastructure optimization, server virtualization management and network monitoring.

Rozpoznávání obličejů v zabezpečovacích a dohledových kamerových systémech / Face Recognition in Security and Surveillance Camera Systems

Malach, Tobiáš

January 2020

Tato práce se zabývá zvýšením úspěšnosti rozpoznávání obličejů v dohledových CCTV systémech a systémech kontroly vstupu. K dosažení tohoto cíle je využit nový přístup - optimalizace vzorů obličejů. Optimalizace tvorby vzorů umožní vytvořit vzory, které zajistí zvýšení úspěšnosti rozpoznání. Měření a další zvyšování úspěšnosti rozpoznávání obličejů vyžaduje naplnění následujících dílčích cílů této práce. Prvním cílem je návrh a sestavení reprezentativní databáze obličejů, která umožní dosáhnout věrohodných a statisticky spolehlivých výsledků rozpoznávání obličejů v dohledových CCTV systémech a systémech kontroly vstupu. Druhým cílem je vytvoření metodiky pro statisticky spolehlivé porovnání výsledků, která umožní konstatování relevantních závěrů. Třetím cílem je výzkum tvorby vzorů a jejich optimalizace. Z dosažených výsledků vyplývá, že optimalizace tvorby vzorů zvyšuje úspěšnost rozpoznávání v uvedených a náročných aplikacích typicky o 4-8%, a v některých případech i 15%. Optimalizace tvorby vzorů přispívá použitelnosti rozpoznávání obličejů v uvedených aplikacích.