Global ETD Search

231	Single Sign-On : Risks and Opportunities of Using SSO (Single Sign-On) in a Complex System Environment with Focus on Overall Security Aspects Cakir, Ece January 2013 (has links) Main concern of this thesis is to help design a secure and reliable network system which keeps growing in complexity due to the interfaces with multiple logging sub-systems and to ensure the safety of the network environment for everyone involved. The parties somewhat involved in network systems are always in need of developing new solutions to security problems and striving to have a secure access into a network so as to fulfil their job in safe computing environments. Implementation and use of SSO (Single Sign-On) offering secure and reliable network in complex systems has been specifically defined for the overall security aspects of enterprises. The information to be used within and out of organization was structured layer by layer according to the organizational needs to define the sub-systems. The users in the enterprise were defined according to their role based profiles. Structuring the information layer by layer was shown to improve the level of security by providing multiple authentication mechanisms. Before implementing SSO system necessary requirements are identified. Thereafter, user identity management and different authentication mechanisms were defined together with the network protocols and standards to insure a safe exchange of information within and outside the organization. A marketing research was conducted in line of the SSO solutions. Threat and risk analysis was conducted according to ISO/IEC 27003:2010 standard. The degree of threat and risk were evaluated by considering their consequences and possibilities. These evaluations were processed by risk treatments. MoDAF (Ministry of Defence Architecture Framework) used to show what kind of resources, applications and the other system related information are needed and exchanged in the network. In essence some suggestions were made concerning the ideas of implementing SSO solutions presented in the discussion and analysis chapter. SSO information security authentication federated identity multi-factor authentication MoDAF framework SAML LDAP certificate authority kerberos shibboleth SSO architectures risk evaluation. Computer Sciences Datavetenskap (datalogi)
232	Enhanced communication security and mobility management in small-cell networks Namal, S. (Suneth) 09 December 2014 (has links) Abstract Software-Defined Networks (SDN) focus on addressing the challenges of increased complexity and unified communication, for which the conventional networks are not optimally suited due to their static architecture. This dissertation discusses the methods about how to enhance communication security and mobility management in small-cell networks with IEEE 802.11 backhaul. Although 802.11 has become a mission-critical component of enterprise networks, in many cases it is not managed with the same rigor as the wired networks. 802.11 networks are thus in need of undergoing the same unified management as the wired networks. This dissertation also addresses several new issues from the perspective of mobility management in 802.11 backhaul. Due to lack of built-in quality of service support, IEEE 802.11 experiences serious challenges in meeting the demands of modern services and applications. 802.11 networks require significantly longer duration in association compared to what the real-time applications can tolerate. To optimise host mobility in IEEE 802.11, an extension to the initial authentication is provided by utilising Host Identity Protocol (HIP) based identity attributes and Elliptic Curve Cryptography (ECC) based session key generation. Finally, this dissertation puts forward the concept of SDN based cell mobility and network function virtualization, its counterpart. This is validated by introducing a unified SDN and cognitive radio architecture for harmonized end-to-end resource allocation and management presented at the end. / Tiivistelmä Ohjelmisto-ohjatut verkot (SDN) keskittyvät ratkaisemaan haasteita liittyen kasvaneeseen verkkojen monimutkaisuuteen ja yhtenäiseen kommunikaatioon, mihin perinteiset verkot eivät staattisen rakenteensa vuoksi sovellu. Väitöskirja käsittelee menetelmiä, joilla kommunikaation turvallisuutta ja liikkuvuuden hallintaa voidaan parantaa IEEE 802.11 langattomissa piensoluverkoissa. Vaikkakin 802.11 on muodostunut avainkomponentiksi yritysverkoissa, monissa tapauksissa sitä ei hallinnoida yhtä täsmällisesti kuin langallista verkkoa. 802.11 verkoissa on näin ollen tarve samantyyppiselle yhtenäiselle hallinnalle, kuin langallisissa verkoissa on. Väitöskirja keskittyy myös moniin uusiin liikkuvuuden hallintaan liittyviin ongelmiin 802.11 verkoissa. Johtuen sisäänrakennetun yhteyden laatumäärittelyn (QoS) puuttumisesta, IEEE 802.11 verkoille on haasteellista vastata modernien palvelujen ja sovellusten vaatimuksiin. 802.11 verkot vaativat huomattavasti pidemmän ajan verkkoon liittymisessä, kuin reaaliaikasovellukset vaativat. Työssä on esitelty laajennus alustavalle varmennukselle IEEE 802.11-standardiin isäntälaitteen liikkuvuuden optimoimiseksi, joka hyödyntää Host Identity Protocol (HIP)-pohjaisia identiteettiominaisuuksia sekä elliptisten käyrien salausmenetelmiin (ECC) perustuvaa istunnon avaimen luontia. Lopuksi työssä esitellään ohjelmisto-ohjattuihin verkkoihin pohjautuva solujen liikkuvuuden konsepti, sekä siihen olennaisesti liittyvä verkon virtualisointi. Tämä validoidaan esittelemällä yhtenäinen SDN:ään ja kognitiiviseen radioon perustuva arkkitehtuuri harmonisoidulle päästä päähän resurssien varaamiselle ja hallinnoinnille, joka esitellään lopussa. authentication fast initial authentication mobile femtocells software defined networking mobiilit femtosolut nopea alustava varmennus ohjelmisto-ohjattu verkko varmentaminen Host Identity Protocol OMNet++ OpenFlow
233	Direct Online/Offline Digital Signature Schemes. Yu, Ping 12 1900 (has links) Online/offline signature schemes are useful in many situations, and two such scenarios are considered in this dissertation: bursty server authentication and embedded device authentication. In this dissertation, new techniques for online/offline signing are introduced, those are applied in a variety of ways for creating online/offline signature schemes, and five different online/offline signature schemes that are proved secure under a variety of models and assumptions are proposed. Two of the proposed five schemes have the best offline or best online performance of any currently known technique, and are particularly well-suited for the scenarios that are considered in this dissertation. To determine if the proposed schemes provide the expected practical improvements, a series of experiments were conducted comparing the proposed schemes with each other and with other state-of-the-art schemes in this area, both on a desktop class computer, and under AVR Studio, a simulation platform for an 8-bit processor that is popular for embedded systems. Under AVR Studio, the proposed SGE scheme using a typical key size for the embedded device authentication scenario, can complete the offline phase in about 24 seconds and then produce a signature (the online phase) in 15 milliseconds, which is the best offline performance of any known signature scheme that has been proven secure in the standard model. In the tests on a desktop class computer, the proposed SGS scheme, which has the best online performance and is designed for the bursty server authentication scenario, generated 469,109 signatures per second, and the Schnorr scheme (the next best scheme in terms of online performance) generated only 223,548 signatures. The experimental results demonstrate that the SGE and SGS schemes are the most efficient techniques for embedded device authentication and bursty server authentication, respectively. bursty server authentication standard model Online/offline digital signature schemes embedded dvice authentication Digital signatures. Computer networks -- Access control. Computer networks -- Security measures.
234	PUF-enabled blockchain for IoT security : A comparative study / PUF-enabled blockchain for IoT security : A comparative study Bisiach, Jonathon, Elfving, Victor January 2021 (has links) The introduction of Physical Unclonable Functions (PUFs) and lightweight consensus algorithms to aid in the bolstering of security and privacy in both IoT and IoE does show a great deal of promise not only in these areas, but in resource cost over traditional methods of blockchain. However, several previous studies make claims regarding performance of novel solutions without providing detailed information as to the physical components of their experiments. This comparative study shows that Proof of Authentication (PoAh) performs the best out of three selected consensus algorithms and that the claims made regarding the performance of PUFChain and Proof of PUF-enabled Authentication (PoP) could not be replicated in this instance. Internet of Things Internet of Everything Blockchain Physical Unclonable Functions Consensus Algorithms Proof of Work Proof of Authentication Proof of PUF-enabled Authentication Computer Sciences Datavetenskap (datalogi)
235	Bezpečnostní rizika autentizačních metod / The security risks of authentication methods Dzurenda, Petr January 2013 (has links) Master's thesis deals with the security risks of current authentication methods. There are described methods which are based on user's knowledge and ownership of authentication object and biometric authentication method. The practical part of this Master's thesis deals with a specific design of authentication system based on protocol ACP, when the user proves his identity by smart card on provider assets, which is represented by ACP portal on the user's computer.
236	Mikroelektronick© ÄasovÄ-prostorov© autentizaÄn techniky / Microelectronics Time-Space Authentication Techniques Jaro, David January 2015 (has links) This dissertation work focusses on using information about the location of the user during the authentication process on computer networks. With the growth of mobile computer devices over the last two decades the physical location of users is becoming one of the main issues for access management. This work researches existing solutions which are divided in to two groups related to the source of location information (SATNAV systems for example GPS and based on communication with active infrastructure such as GSM, Wi-Fi). This work shows the methodology for evaluating authentication data which use the principle of fuzzy logic. In comparison with binary logic it is possible to evaluate authentication data accurately. As a result of the authentication process the information is of a higher value, which can be taken into account when setting the levels of user privileges. An important aspect of working with location information is that the user is located in the same place and from where they are asking for access to the system. Solving this question could be linking user biometrics for example finger prints. This principle is used in two types of microelectronic authentication terminals which were developed in conjunction with this work. The first type of terminal uses a SATNAV receiver and an ISM wireless communication module as a source of location information. On the first type of authentication terminal newly developed authentication techniques were tested. The users biometrics are checked by finger print sensor with embedded processing. In the second type authentication terminal a Wi-Fi and GSM module were added for location purposes. In the conclusion of this dissertation the testing methodology of the data authorization and evaluation process of the second type of microelectronic authentication terminal is shown. This confirms the practicality of the suggested methodology and the time-space information in the authentication process.
237	Implementace autentizace Cosign v PHP / Cosign Authentication in PHP Kovářík, Jiří January 2008 (has links) Master's thesis deals with issue of cookie-based central authentication services. Present-day methods of single sign-on are described. The specification of single sign-on mechanism Cosign and its authentication filter is closely viewed. Cryptographic algorithms needed by this filter are described, as well as their possible realization in PHP. Next, the implementation of Cosign authentication filter is described. Performance of the filter is tested and its future use is analysed.
238	Network Authentication to the Physical World Sandberg, Joakim January 2018 (has links) Quick Response (QR) codes have been used for both non-authentication purposes and authentication & authorization of a user. The visual representation of a QR code requires a reader/decoder to convert the code to a readable resource for an application. This raises some concerns, such as: What kind of information and how much information can be stored in this representation? What kind of vulnerabilities are there when using this technology in some type of authentication? The concrete problem addressed in this thesis is whether a mobile device displaying a QR code can be used as an authenticator for an Axis Communications A8105-E Network Video Door Station. To solve this problem the thesis investigates the use of QR codes in authentication & authorization based upon displaying a QR code on a mobile device, scanning this code via a camera, and then verifying the code using a validation server. Two important issues were what information to put into the QR code (given that the QR code is to be read by a camera) and where the decoding process should be carried out. This thesis also considers multiple types of authentication. Moreover, the system contains multiple components which themselves rely on secure communication and well-designed protocols to ensure security (against popular methods of attack) and stability. A prototype of the proposed authentication process was evaluated using a testbed consisting of three door stations, an Android app, and a backend service for analysing QR codes and making an authentication & authorization decision. QR codes proved to be as secure as the current solutions, such as magnetic stripe or RFID access cards. Using QR codes together with the user’s mobile device also offered additional functionality, such as easy management of the device registration/deregistration and compatibility with multifactor authentication. The conclusion is with the current door station products and the finalized design of the software; it is possible to have a secure and scalable system which is also cost-effective by eliminating the need of human verification as well as equipment required for access card systems. / Quick-Response (QR) koder har använts både för icke autentiseringssyften men även för just autentisering av en användare. Den visuella representationen av en QR-kod behöver en läsare för att kunna omvandla koden till en läsbar resurs för en applikation. Detta leder till frågeställningarna: Vad för information och hur mycket kan man lagra i en QR-kod? Vilka sårbarheter finns det med användningen av denna teknologi inom autentisering? Det konkreta problemet i detta examensarbete är huruvida en mobil enhet som visar en QR-kod kan användas med en Axis Communications A8105-E Network Video Door Station. För att lösa detta problem så undersöker detta arbete användningen av QR-koder inom autentisering baserat på att visa QR koden på den mobila enheten, skanna denna kod med en kamera och validera denna kod med en valideringsserver. Två viktiga frågor var vilken information som skulle lagras i QR-koden samt vart avläsningen av en QR-kod tog plats. Detta arbete undersöker också olika typer av multifaktor autentisering. Systemet består vidare av flera komponenter som förlitar sig på säker kommunikation och väldesignade protokoll sam ger säkerhet (mot de mest populära nätverksattackerna) och stabilitet. Den tänkta autentiseringsprocessens prototyp evaluerades i en testmiljö bestående av tre Door Station, en Android applikation och en backend service för att analysera QR-koder samt hantera autentiserings och behörighetslogik. QR-koder bevisades vara lika säkert som befintliga lösningar som till exempel kort accesskort med magnetremsa och RFID chip. Användning av QR-koder med de mobila enheterna gör dessutom att hantering av registrering/avregistrering av enheterna kan ske på ett enkelt sätt samt även integreras med multifaktor autentisering. Slutsatsen är att med de befintliga Door Station enheterna och den slutgiltiga designen av mjukvaran ger det säkert och skalbart system som dessutom är kostnadseffektivt genom att behovet av en mänsklig verifiering samt de fysiska komponenterna av befintliga accesskortsystem, inte längre finns. Authentication Authorization Accounting Security applications QR-code door station Validation Server Authentication Authorization Accounting Säkerhetsapplikationer QR-kod IoT Door Station Valideringsserver Communication Systems Kommunikationssystem
239	Secure Authentication in Near Field Communication based Access Control Systems Jakobsson, Anders January 2015 (has links) Today there exist a myriad of different types of access control systems that use a smart card or mobile device as a key. The mobile device enabled smart locks, as they are often referred to, operate using either WiFi or Bluetooth. This thesis has explored the use of a third emerging wireless technology called Near Field Communication (NFC). NFC technology is a relatively new technology that is on the rise and is included in almost every new mobile device. Using a NFC enabled mobile device, a highly secure access control system was developed on a Raspberry Pi Linux platform. Several different authentication protocols, mobile operating systems and NFC modes of operation where analyzed and evaluated, to ensure that the system was as secure as possible. Eventually the system was implemented using the Secure Remote Password authentication protocol on top of a NFC card emulation scheme with the client application running on the Android operating system. The final system was a secure and responsive system that would be easy to deploy in many different situations. This project shows that NFC enables a mobile device to act as akey in a secure access control system and as the user base for NFC grows larger sowill the likelihood that we will come to see more of these types of systems. / Idag finns det flera olika typer av inpasserings system som använder någon form av ”smart card” eller mobil enhet som nyckel. De smarta låsen, som det oftast kallas, som använder sig av en mobile enhet, använder antingen Wi-‐‑Fi eller Bluetooth för att kommunicera med inpasserings systemet. I den här uppsatsen kommer en relativt ny teknologi som kalls Near Field Communication (NFC) att utforskas. Användandet av NFC är på uppgång och det finns inkluderat i nästan varje ny mobil enhet som släpps på marknaden idag. Ett inpasserings system med hög säkerhet utvecklades genom att använda en mobile enhet med NFC kapabilitet tillsammans med en Raspberry Pi Linux plattform. Flera olika typer av autentiserings protokoll, mobila operativsystem och NFC användnings moder, analyserades och utvärderades för att säkerställa att systemet var så säkert som möjligt. Tillslut valdes ett autentiserings protokoll vid namn, Secure Remote Password (SRP), som integrerades ovanpå ett kort emulerings NFC ramverk som finns tillgängligt i Android operativsystemet. Det slutgiltiga systemet har hög säkerhet och är snabbt och responsivt och kan användas i flera olika situationer. NFC tillåter en mobile enhet att agera nyckel i ett inpasseringssystem och användandet kommer bara öka med den expanderande användare basen. NFC SRP Authentication Android Raspberry Pi NXP NFC SRP Authentication Android Raspberry Pi NXP Elektroteknik och elektronik
240	HASH STAMP MARKING SCHEME FOR PACKET TRACEBACK NEIMAN, ADAM M. January 2005 (has links) No description available. Computer Science hash message authentication code MAC hash-keyed message authentication HMAC Internet Protocol IP spoofing packet stamping packet marking traceback computer network security denial of service DoS

Search results