111 |
Protection and Cybersecurity in Inverter-Based MicrogridsMohammadhassani, Ardavan 06 July 2023 (has links)
Developing microgrids is an attractive solution for integrating inverter-based resources (IBR) in the power system. Distributed control is a potential strategy for controlling such microgrids. However, a major challenge toward the proliferation of distributed control is cybersecurity. A false data injection (FDI) attack on a microgrid using distributed control can have severe impacts on the operation of the microgrid. Simultaneously, a microgrid needs to be protected from system faults to ensure the safe and reliable delivery of power to loads. However, the irregular response of IBRs to faults makes microgrid protection very challenging. A microgrid is also susceptible to faults inside IBR converters. These faults can remain undetected for a long time and shutdown an IBR. This dissertation first proposes a method that reconstructs communicated signals using their autocorrelation and crosscorrelation measurements to make distributed control more resilient against FDI attacks. Next, this dissertation proposes a protection scheme that works by classifying measured harmonic currents using support vector machines. Finally, this dissertation proposes a protection and fault-tolerant control strategy to diagnose and clear faults that are internal to IBRs. The proposed strategies are verified using time-domain simulation case studies using the PSCAD/EMTDC software package. / Doctor of Philosophy / Renewable energy resources, such as wind, solar, and geothermal, are interfaced with the grid using DC-to-AC power electronic converters, popularly known as inverters. These “inverterbased resources (IBR)” are mostly distributed and located near consumers. During outages, IBRs can be used to provide power to customers. This gives developers the idea of integrating IBRs in microgrids. A microgrid is a miniature grid that consists of IBRs and customers. A microgrid is normally connected to the grid but can disconnect from the grid and operate on its own. To run efficiently, a microgrid uses fast and reliable communication between IBRs to create a high-performance distributed control strategy. However, this creates cybersecurity concerns for microgrids. This dissertation proposes a cybersecure distributed control strategy to make sure microgrids can keep their advantages. This dissertation also proposes a protection method that relies on machine learning to clear short circuits in the microgrid. Finally, this dissertation proposes a strategy to diagnose failures inside IBRs and ride through them. The proposed solutions are verified using the industry-grade simulation software PSCAD/EMTDC.
|
112 |
<b>EXPLORING FACTORS INFLUENCING ADOPTION AND USAGE OF PRIVACY-ENHANCING TOOLS AMONG SMARTPHONE USERS</b>Renusree Varma Mudduluru (18859075) 24 June 2024 (has links)
<p dir="ltr">In this era of digital surveillance and data breaches, it is important to understand how users protect their smartphone privacy. There needs to be more detailed information regarding the prevalence, factors, and motivations influencing the adoption of privacy-enhancing tools and settings on mobile devices. This study aimed to address this knowledge gap by investigating the use of privacy tools among smartphone users and examining the impact of factors like demographics, awareness levels, and device platforms.</p><p dir="ltr">The study surveyed 342 participants recruited through Amazon Mechanical Turk (MTurk), and the data were analyzed. The survey gathered data on user characteristics, privacy concerns, experiences with breaches, and use of various privacy tools. Statistical analysis showed that demographic factors, particularly age, significantly influenced the use of privacy tools, aligning with previous research. Users with a higher awareness of digital privacy risks were likelier to adopt privacy-enhancing tools. The study found no significant difference in the prevalence and type of privacy tools used between iOS and Android users.</p><p dir="ltr">The study's focus on privacy-enhancing tools among smartphone users and the proposed hypotheses provide valuable insights for law enforcement and forensic practitioners, aiding in digital investigations, evidence collection, and understanding user behavior related to smartphone privacy measures. The study's outcomes contribute to digital forensics, cybersecurity, and privacy domains by providing insights into user behaviors, motivations, and the factors shaping privacy tool adoption on smartphones. These findings can inform the development of more user-centric privacy tools, policies, and educational campaigns, ultimately enhancing digital privacy protection and supporting law enforcement investigations in the digital age.</p>
|
113 |
Cybersecurity and The Resilience Measures in Critical Infrastructure in Sweden : A Comparative Desk Study Between Sweden and The United StatesIdengren, Pauline January 2024 (has links)
In an era marked by pervasive digitization, the reliance on interconnected information and communication technologies (ICTs) has become indispensable for the functioning of modern society. However, this digital transformation has exposed critical infrastructure sectors to a multitude of cyber threats, ranging from malicious cybercriminal activities to state-sponsored cyber espionage. As a result, ensuring the resilience of cybersecurity measures within critical infrastructure has emerged as a paramount concern for governments, organizations, and societies worldwide. This thesis investigates the approaches to cybersecurity resilience protection, with a comparative analysis between Sweden and the United States. Through an examination of cybersecurity risk management practices, threat intelligence sharing mechanisms, and public-private partnerships, the study aims to evaluate the resilience measures implemented in safeguarding vital sectors such as energy, healthcare and finance against cyber threats. Drawing upon complexity theory and human security theory as theoretical frameworks, the research explores the institutional dynamics and socio-political factors shaping cybersecurity resilience strategies in both countries. By synthesizing empirical data from government reports, literature, industry publications, and expert interviews, the thesis aims to identify strengths and weaknesses together with key challenges, best practices, and areas for improvement in enhancing cybersecurity resilience capabilities. The findings of this study contribute to the academic discourse on cybersecurity resilience and by understanding the comparative strengths and weaknesses of cybersecurity resilience approaches, decision-makers can formulate evidence-based strategies to mitigate cyber risks and foster greater resilience in the face of evolving cyber threats.
|
114 |
An analysis of authentication models in cloud computing and on-premise Windows environments.Viktorsson, Samuel January 2024 (has links)
The increased usage of cloud computing has transformed modern information technology by providing organisations with a scalable, flexible, and cost-effective alternative to the traditional on-premise service model. Both service models have their own set of advantages and disadvantages. One key aspect both service models have in common is the importance of keeping private data secure. There is an ongoing debate on whether cloud computing is safe enough to store private data. This thesis will help organisations understand the security considerations of the different service models. This will be accomplished through a case study researching the different authentication models of both service models and an experiment to gain further insights. The case study and experiment will conclude with a heuristic that organisations can use when picking an authentication model. The main conclusion of this thesis is that we consider the cloud computing service model less secure than the on-premise Windows service model. We also concluded that we consider an LDAP on-premise Windows authentication model and the Azure authentication model to have a higher chance of being less secure than the other authentication models researched in this thesis.
|
115 |
Essays on Innovation and Dynamic Capabilities: Evidence from Public Sector Operations and CybersecurityMiller, Marcus Soren 16 August 2024 (has links)
The public sector needs the capacity for continual improvement and innovation. Cybersecurity threats against U.S. federal civilian agencies and national critical infrastructure stand out as a major problem area requiring agile and timely responses. Moreover, curbing ransomware attacks directed towards uniquely vulnerable domains, such as healthcare, education, and local government poses a particularly vexing policy challenge for government leaders. In three discrete essays, this dissertation examines management theories applied to the public sector and cybersecurity. The first two essays investigate a public management approach for improvement and innovation based on dynamic capabilities - that is, the organizational capacity to observe, understand, learn, and react in a transformational manner. The first essay of this dissertation presents a systematic literature review of empirical research on dynamic capabilities in the public sector which indicates clear benefits from the employment of dynamic capabilities through impacts on organizational capabilities, innovation, organizational change, operational performance, and public value. Building upon that literature review, the second essay of this dissertation applies archival data research and first-person interviews to examine the pivotal role played by dynamic capabilities in facilitating the generation and deployment of innovative cybersecurity approaches among the federal civilian agencies. This novel research identified and categorized dynamic capabilities in action and assessed their operational influence, specifically inter- and intra-agency collaboration, strategic planning, governance, and signature processes. The third essay of this dissertation was the first-ever documented system dynamics model of the ransomware ecosystem to understand incident trend patterns and provide insight into policy decisions. Simulation showed improvement by mandating incident reporting, reducing reporting delays, and strengthening passive defenses, but unexpectedly not by capping ransom payments. / Doctor of Philosophy / The public sector needs the capacity for continual improvement and innovation. Cybersecurity threats against U.S. federal civilian agencies and national critical infrastructure stand out as a major problem area requiring agile and timely responses. Moreover, curbing ransomware attacks directed towards uniquely vulnerable domains, such as healthcare, education, and local government poses a particularly vexing policy challenge for government leaders. In three discrete essays, this dissertation examines management theories applied to the public sector and cybersecurity. The first two essays investigate a public management approach for improvement and innovation based on dynamic capabilities - that is, the organizational capacity to observe, understand, learn, and react in a transformational manner. This dissertation first presents a review of prior research on dynamic capabilities in the public sector which indicates clear operational benefits. In the following essay, this dissertation examines the pivotal role played by dynamic capabilities in facilitating the generation and deployment of innovative cybersecurity approaches among the federal civilian agencies. The third essay of this dissertation highlights the simulation of the ransomware ecosystem to better understand incident trend patterns and provide insight into policy decisions such mandatory reporting requirements and defensive measures.
|
116 |
Elliptic curve cryptography, zero-knowledge proof, and Lamport's hash chain in a distributed authentication systemChang, Simon Yi-Fan January 2013 (has links)
Thesis (M.S.C.S.) PLEASE NOTE: Boston University Libraries did not receive an Authorization To Manage form for this thesis or dissertation. It is therefore not openly accessible, though it may be available by request. If you are the author or principal advisor of this work and would like to request open access for it, please contact us at open-help@bu.edu. Thank you. / This paper proposes a novel distributed authentication system that uses robust alternatives in cryptographic algorithms to grant a third-party access to personal data without compromising a user's credentials. The paper examines briefly the concept of distributed authentication systems, and discusses how elliptic curve cryptography and Lamport's hash chain can operate in a zero-knowledge proof to establish and manage trust. The paper also discusses how this design avoids some of the most common flaws in distributed authentication systems. Finally, based on results from tests conducted with included source codes, the paper argues that increasing number of rounds of zero-knowledge proof yields substantially faster performance than increasing the modulus for elliptic curve calculations while maintaining comparable levels of security. / 2999-01-01
|
117 |
Challenges Within V2X : A cybersecurity risk assessment for V2X use casesBrorsson, Adrian January 2022 (has links)
Vehicle-to-Everything (V2X) is referred to as the technology enabling communication and data exchange between vehicles and is considered a significant milestone within automotive. By enabling inter-vehicle communication, the vehicles will be more aware of their surroundings—including things outside their current line-of-sight (LOS). The vehicles utilizing this technology are in Europe referred to as Cooperative Intelligent Transport Systems (C-ITS). A single vehicle is referred to as an ITS station (ITS-S). These are the terms presented in the European V2X standard called the ETSI ITS. This thesis considered the ETSI ITS standard since it is one of the most mature within the V2X standardization flora. This thesis investigated some significant V2X use cases and conducted a risk assessment on a selection of these use cases. These significant use cases were discovered by performing semi-structured interviews with five candidates within the field. The conducted risk assessment was performed according to a method called Threat, Vulnerability, and Risk Assessment (TVRA), which ETSI has developed. The results of this thesis work became a set of safety-functional use cases that were considered significant. The cybersecurity risk varied and spanned from critical to minor risk concerning the attacks taken into account. Since security and hardening are critical aspects of automotive connectivity, this thesis provides some future research directions at the end of this thesis. One of these topics is, for example, the privacy perspective on V2X, which was not considered in this thesis.
|
118 |
The effect of time pressure on human behavior regarding phishing susceptibility : Human aspects in information securityAbbasi, Muhammad Abbas Khan January 2023 (has links)
Human errors are common in the contemporary cyber ecosystem, and in an organization’s cybersecurity chain, humans are considered the weakest link. Cybercriminals exploit human vulnerabilities using sophisticated attacks such as phishing. Human susceptibility to phishing is a persistent threat, and has a devastating effect on organizational and personal security. Previous researchers found that human susceptibility to phishing increases in presence of some factors such as organizational, individual, and environmental. Various studies highlight time pressure as one of the influencing factors that can negatively or positively impact human behavior. This research study aimed to investigate the effect of time pressure on human cybersecurity behavior regarding the ability to detect phishing. The study used quantitative research and developed a questionnaire comprising interactive phishing emails distributed online to 03 random groups having different time limits to complete the questionnaire. The study received 356 complete responses. The study's result shows a slight change in user behavior under time pressure, and the impact of time pressure can be positive or negative. However, the results are not statistically significant for all demographic groups to accept this slight change in variance. Moreover, this study's results validate previous studies on human susceptibility to phishing and found more than 50 % of respondents vulnerable to phishing. Thus, the results of this study indicate that the factor of time pressure itself does not significantly impact the human ability to detect phishing. However, it is essential to note that other work-related tasks or stress associated with time pressure can influence human behavior in detecting phishing attempts. In conclusion, the author also proposes further testing and some methodology tweaking by modifying the time given to each tested group and adding more elements to the questionnaire. Finally, the study also suggested conducting the same analysis on physically controlled groups in an organizational or institutional setting.
|
119 |
A MACHINE LEARNING BASED WEB SERVICE FOR MALICIOUS URL DETECTION IN A BROWSERHafiz Muhammad Junaid Khan (8119418) 12 December 2019 (has links)
Malicious URLs pose serious cyber-security threats to the Internet users. It is critical to detect malicious URLs so that they could be blocked from user access. In the past few years, several techniques have been proposed to differentiate malicious URLs from benign ones with the help of machine learning. Machine learning algorithms learn trends and patterns in a data-set and use them to identify any anomalies. In this work, we attempt to find generic features for detecting malicious URLs by analyzing two publicly available malicious URL data-sets. In order to achieve this task, we identify a list of substantial features that can be used to classify all types of malicious URLs. Then, we select the most significant lexical features by using Chi-Square and ANOVA based statistical tests. The effectiveness of these feature sets is then tested by using a combination of single and ensemble machine learning algorithms. We build a machine learning based real-time malicious URL detection system as a web service to detect malicious URLs in a browser. We implement a chrome extension that intercepts a browser’s URL requests and sends them to web service for analysis. We implement the web service as well that classifies a URL as benign or malicious using the saved ML model. We also evaluate the performance of our web service to test whether the service is scalable.
|
120 |
Development of a guideline for cybersecurity awareness-raising in large Swedish public organizations : A design science projectBurvall, Felicia January 2023 (has links)
Technological advancement has significantly impacted people and organizations during the last decade. Society is exposed to an increasing rate of cyber-attacks utilizing sophisticated tools to accomplish their objectives. Previously attackers’ primary focus was exploiting technological vulnerabilities to access organizations’ information; however, attackers have shifted their focus to exploiting the vulnerabilities in people’s human nature instead. This has resulted in organizations acknowledging that technical security measures alone are insufficient in providing adequate protection for organizations and need to invest in mitigating the risk people pose to an organization’s cybersecurity. Thus realizing the need to address cybersecurity’s social-technical nature. Organizations have begun implementing cybersecurity awareness-raising initiatives to increase people’s cybersecurity awareness to reduce human-instigated breaches. This is especially crucial for organizations in the public sector to achieve because they tend to produce more destructive and widespread repercussions to society. To provide organizations in the public sector with the means to achieve good cybersecurity awareness, this thesis aims to develop a guideline for managers in large Swedish public organizations to assist them in their complex cybersecurity awareness-raising endeavors. The thesis employs a design science research strategy to develop, evaluate, and validate the guideline with the assistance of cybersecurity awareness experts. The results show six principal factors have been established as significant for raising cybersecurity awareness in large Swedish public organizations. These factors range from user-oriented, managerial, and technical, supporting the assertion that cybersecurity is a complex socio-technical matter. The key contribution of this thesis is to introduce a highly abstract guideline to enhance large Swedish public organizations’ cybersecurity awareness efforts.
|
Page generated in 0.0615 seconds