Cryptography and Computer Communications Security. Extending the Human Security Perimeter through a Web of Trust

Adeka, Muhammad I.

January 2015

This work modifies Shamir’s algorithm by sharing a random key that is used to lock up the secret data; as against sharing the data itself. This is significant in cloud computing, especially with homomorphic encryption. Using web design, the resultant scheme practically globalises secret sharing with authentications and inherent secondary applications. The work aims at improving cybersecurity via a joint exploitation of human factors and technology; a human-centred cybersecurity design as opposed to technology-centred. The completed functional scheme is tagged CDRSAS. The literature on secret sharing schemes is reviewed together with the concepts of human factors, trust, cyberspace/cryptology and an analysis on a 3-factor security assessment process. This is followed by the relevance of passwords within the context of human factors. The main research design/implementation and system performance are analysed, together with a proposal for a new antidote against 419 fraudsters. Two twin equations were invented in the investigation process; a pair each for secret sharing and a risk-centred security assessment technique. The building blocks/software used for the CDRSAS include Shamir’s algorithm, MD5, HTML5, PHP, Java, Servlets, JSP, Javascript, MySQL, JQuery, CSS, MATLAB, MS Excel, MS Visio, and Photoshop. The codes are developed in Eclipse IDE, and the Java-based system runs on Tomcat and Apache, using XAMPP Server. Its code units have passed JUnit tests. The system compares favourably with SSSS. Defeating socio-cryptanalysis in cyberspace requires strategies that are centred on human trust, trust-related human attributes, and technology. The PhD research is completed but there is scope for future work. / Petroleum Technology Development Fund (PTDF), Abuja, Nigeria.

Examining Cooperative System Responses Against Grid Integrity Attacks

Parady, Alexander D

01 January 2022

Smart grid technologies are integral to society’s transition to sustainable energy sources, but they do not come without a cost. As the energy sector shifts away from a century’s reliance on fossil fuels and centralized generation, technology that actively monitors and controls every aspect of the power infrastructure has been widely adopted, resulting in a plethora of new vulnerabilities that have already wreaked havoc on critical infrastructure. Integrity attacks that feedback false data through industrial control systems, which result in possible catastrophic overcorrections and ensuing failures, have plagued grid infrastructure over the past several years. This threat is now at an all-time high and shows little sign of cooling off. To combat this trajectory, this research explores the potential for simulated grid characteristics to examine robust security measures by use of a cyber-physical system (CPS) testbed constructed across the University of Central Florida (UCF) Resilient, Intelligent and Sustainable Energy Systems (RISES) Lab Cluster. This thesis explores hypothesized defense mechanisms and awareness algorithms to protect against unforeseen vulnerabilities brought on by grid attacks that will test the boundaries of commercial cybersecurity standards. Through an extensive probe across proposed defenses and vulnerability analysis of industrial systems, a blueprint for future research is outlined that will yield results that have the potential to ripple improvements across the power sector. The sanctity of critical infrastructure is of the highest priority for global powers. As such, this research bolsters the tools at the disposal of international entities and seeks to protect the ever-expanding lifestyle that reliable access to energy provides.

Critical Infrastructure

Smart Grid

Cybersecurity

Power Systems

Cooperative System

Cyberattack

Computer Engineering

Information Security

Malware Analysis Skills Taught in University Courses

Gorugantu, Swetha

07 June 2018

No description available.

Computer Science

Computer Engineering

Educational Evaluation

Curriculum Development

Cybersecurity

Malware

Malware Analysis

Software Reverse Engineering

How Secure are you Online? : A Cybersecurity Assessment of the Recommendations Provided to Swedish Citizens / Hur säker är du online? : En cybersäkerhetsbedömning av rekommendationerna till svenska medborgare

Papadopoulos, Nikolaos

January 2021

With computers, mobile phones and other smart devices being an increasingly part of peoples lives. It is important now, more than ever that people know how to operate them safely and stay protected in the cyber landscape. For citizens to understand how to stay protected online, it is important to understand what to stay safe from. This thesis is therefore examining the cyber threat landscape to understand what threats pose the greatest threat to users. To understand the prerequisites people have in defending themselves, the thesis also examines and evaluates what are recommendations provided to the general public. The results show that the biggest threat is malware with phishing being the usual access vector for it. Recommendations seem to fall behind in reflecting the most prevalent threats, but manage to stay relevant nonetheless.

cybersecurity

recommendations

citizen

individuals

cyber threat landscape

Computer Sciences

Datavetenskap (datalogi)

Making the Most of Limited Cybersecurity Budgets with AnyLogic Modeling

George Joseph Hamilton (13149225)

26 July 2022

<p>In an increasingly interconnected world, technology is now central to the operations of most businesses. In this environment, businesses of all sizes face an ever-growing threat from cyberattacks. Successful cyberattacks can result in data breaches, which may lead to financial loss, business interruptions, regulatory fines, and reputational damage. In 2021, the losses from cyber attacks in the United States were estimated at $6.9 Billion.</p> <p>Confronting the threat of cyberattacks can be particularly challenging for small businesses, which must defend themselves using a smaller budget and less in-house talent while balancing the pursuit of growth. Risk assessments are one method for organizations to determine how to best use their cybersecurity budgets. However, for small businesses, a risk assessment may require a significant portion of the budget which could otherwise be used to implement cybersecurity controls.</p> <p>This research builds on existing research from Lerums et al. for simulating a phishing attack to present a model that very small businesses may use in place of or as a precursor to a risk assessment. The updated model includes sensible default values for the cost and effectiveness of cybersecurity controls as well as the number of cyberattacks expected per year. Default values are based on academic literature, technical reports, and vendor estimates, but they may all be changed by organizations using the model. The updated model can also be tailored by non-technical users to reflect their network, relevant threat actors, and budget. Lastly, the updated model can output an optimized control set that yields the maximum annual net return and the single control with the greatest annual return on investment based on a user's inputs.</p> <p>After construction, the updated model is tested on organizations with 5, 25, and 50 employees facing varied sets of threat actors and attacks per year. Key takeaways include the high net return of all security controls tested, benefits of defense-in-depth strategies for maximizing return across multiple attack types, and the role of threat actors in tempering high estimates of security control effectiveness.</p> <p>    </p> <p>All code and releases are open source and available from: <a href="https://github.com/gjhami/AttackSimulation" target="_blank">https://github.com/gjhami/AttackSimulation</a>.</p>

cyberscurity

budgeting

small business

return on investment

simulation

cyberattack

A comparison between on-premise and cloud environments in terms of security : With an emphasis on Software-as-a-Service &amp; Platform-as-a-Service

Byström, Oliver

January 2022

Background: Cloud- and on-premise environments have been compared in terms of security several times. Many of these comparisons based their assessments on qualitative data rather than quantitative metrics. Some recent articles have considered comparing environments by using quantitative data. These methodologies are often complicated and based on incident simulations that might not be relevant in a real-life scenario. Therefore it could be troublesome for a company to evaluate and compare two environments before deciding which environment they would prefer in terms of security. Before an environment migration, it is decisive to know if that environment has been a target for recent cyberattacks. Unfortunately, this data is not available to the public. Objectives: This study aims to provide the reader with an overview of the environmental aspects of the victims of recent cyberattacks. It will reveal what environment cybercriminals have targeted the most. The study will also propose a methodology to compare two environments to each other based on quantitative measurements. The measurements were based on cybersecurity metrics that quantified the threats in each environment. Methods: A structured literature- and dataset review was conducted to find how much each environment had been exposed to cybersecurity incidents. Several expert interviews were held to help explain the findings made in the reviews. A threat analysis was used as the foundation for the proposed comparison methodology. A case study of a recent environment migration was used to test the proposed comparison methodology. Results: The results show that on-premise environments have been more exposed to cybersecurity incidents during recent years than cloud environments. The proposed methodology showed that the cloud environment was the preferred choice in the conducted case study. Conclusions: In recent years, cloud environments have been the preferred choice in terms of security as long as the cloud consumer takes heed to best practices. There is a knowledge gap when it comes to cloud environments. It has been the same for both cloud consumers and cybercriminals. However, according to recent threat reports, cybercriminals have started to improve. Therefore there will likely be more cloud-related incidents in the future. It was determined that the proposed methodology could represent the security posture of each environment. However, a decision should not be based entirely on this methodology because it has not been tested on a large scale. / Bakgrund: Moln- och on-premise-miljöer har jämförts vad gäller säkerhet flera gånger. De flesta jämförelser baserade sina bedömningar på kvalitativ data snarare än kvantitativa mått. Några nya artiklar har jämfört miljöer med hjälp av kvantitativ data. Dessa metoder är ofta komplicerade och baserade på incidentsimuleringar som kanske inte är relevanta i ett verkligt scenario. Därför kan det vara besvärligt för ett företag att utvärdera och jämföra två miljöer innan de bestämmer sig för vilken miljö de skulle föredra vad gäller säkerhet. Innan en miljömigrering är det avgörande att veta om den miljön har varit ett mål för de senaste cyberattackerna. Tyvärr är denna information inte tillgänglig för allmänheten. Syfte: Denna studie syftar till att ge läsaren en översikt av miljöaspekterna hos offren för de senaste cyberattackerna. Det kommer att avslöja vilken miljö cyberkriminella har riktat sig mest mot. Studien kommer också att föreslå en metodik för att jämföra två miljöer med varandra baserat på kvantitativa mått. Mätningarna baserades på cybersäkerhetsmått som kvantifierade hoten i varje miljö. Metod: En strukturerad litteratur- och datasetgranskning genomfördes för att ta reda på hur mycket varje miljö har varit utsatt för cybersäkerhetsincidenter. Flera expertintervjuer hölls för att förklara resultaten som gjorts i granskningarna. En hotanalys genomfördes för att ge underlag för den föreslagna jämförelsemetodiken. Jämförelsemetoden testades i en fallstudie av en nyligen genomförd miljömigrering. Resultat: Resultaten visar att on-premise miljöer har varit mer utsatta för cybersäkerhetsincidenter under de senaste åren än molnmiljöer. Den föreslagna metoden visade att molnmiljön var det föredragna valet i den genomförda fallstudien. Slutsatser: Under de senaste åren har molnmiljöer varit det föredragna valet när det gäller säkerhet så länge som molnkonsumenten tar hänsyn till bästa praxis. Det finns en kunskapslucka när det kommer till molnmiljöer. Det har varit samma sak för både molnkonsumenter och cyberkriminella. Men enligt de senaste hotrapporterna har cyberkriminella börjat kommit ikapp. Därför kommer det troligen att finnas fler molnrelaterade incidenter i framtiden. Det fastställdes att den föreslagna metoden kunde representera säkerheten för varje miljö väl. Ett beslut bör dock inte baseras helt på denna metodik eftersom den inte har testats i stor skala.

on-premise

cloud

comparison

cybersecurity

metric

on-premise

moln

jämförelse

cybersäkerhet

mått

Computer Sciences

Datavetenskap (datalogi)

A DYNAMIC CYBER-BASED VIEW OF THE FIRM

Schwartz, Tamara

January 2019

Technology, perceived by many organizations to be a tool, has evolved from a set of tools, to a location in which many companies have located their key terrain through digitization. That location is cyberspace, an inherently compromised, hostile environment, marked by rapid change and intense competition. It is analogous to a dark alley lined with dumpsters and shadowy doorways with numerous people seeking to challenge organizational objectives. Despite the prevalence of digitization, which has transformed the organization from an anthropological manifestation to a cyborg construction, there does not currently exist a strategic view of the firm which explores the integration of the organization and cyberspace. This paper conceptualizes the Cyber-Based View of the Firm, a dynamic view designed to capture the complex interactions between people, technology, and data that enable cyberattack. A meta-analysis of current theory frames the research gap into which the Cyber-Based View fits. This meta-analysis, in conjunction with an exploratory case study of the Stuxnet attack, identified the need for physical mediation of the cognitive – informational interaction. Finally, the Cyber-Based View was used as a forensic tool to conduct a qualitative multi-case study. Using a failure autopsy approach, eight events were developed into case studies by examining, coding, and recombining the narratives within the qualitative data. A pattern matching technique was used to compare the empirical patterns of the case studies with the proposed patterns of the research construct, providing strong evidence of model validity. / Business Administration/Strategic Management

Business Administration

Information Technology

Cyberattack

Cyber-based View

Cybersecurity

Cyberthreat

Hybrid Warfare

Praktisk analys av vilken skyddsförmåga VLAN har mot cyberattacker i nätverk / Practical analysis of the protective capability of VLAN against cyberattacks in networks

Berglund, Anton, Ayoub, Yousif

January 2024

Nätverkssäkerheten har blivit viktigare än någonsin med tanke på de allt mer sofistikeradecyberattackerna. Bristande nätverkssäkerhet kan leda till förödande konsekvenser såsomdataförluster, läckage av konfidentiella dokument eller total systemnedgång. Det är en allmänfakta mellan nätverksingenjörer att VLAN är en teknik för att höja säkerheten i nätverk genomatt segmentera det. Men hur effektivt kan det skydda mot verkliga cyberattacker? Det härarbetet bidrar till att öka kunskapen om vilken förmåga VLAN har för att skydda mot olikacyberattacker. I arbetet används programvaran GNS3 för att bygga två likadana nätverk där enaär segmenterat med VLAN och andra är inte segmenterat. Nätverken bestod av bland annat tvåklientdatorer där ena var offret med operativsystemet Windows 10 och andra var angriparenmed Kali Linux. I nätverken fanns även en switch och en router. Med hjälp av verktygenEttercap, Dsniff och Hping3 utfördes attackerna ARP spoofing, MAC flooding och Pingflooding. Syftet med detta är att jämföra attackernas skadeeffekt med och utan VLAN.Resultaten visade att VLAN-tekniken kunde mildra skadeeffekterna mot Ping flooding,blockera ARP spoofing, men hade ingen effekt mot MAC flooding-attacken. Slutsatsen vikunde dra av arbetet är att VLAN kan vara ett bra skydd mot vissa typer av attacker, men äringet skydd mot andra. Därför bör nätverksingenjörer inte förlita sig enbart på VLAN somsäkerhetsåtgärd för sina nätverk. / Network security has become more important than ever, given the increasingly sophisticatedcyberattacks. Lacking network security can lead to devastating consequences such as data loss,leakage of confidential documents, or complete system downtime. It is a well-known factbetween network engineers that VLANs is a technique to enhance network security bysegmenting it. But how effective can it be against real cyberattacks? This work contributes toincreasing the knowledge of VLAN ability to protect against various cyberattacks. In the study,the software GNS3 is used to build two identical networks where one is segmented with VLANand the other is not segmented. The networks consisted of among other things two clientcomputers where one acted as the victim with the Windows 10 operating system and the otheras the attacker with Kali Linux. The networks also included a switch and a router. Using thetools Ettercap, Dsniff, and Hping3, the attacks ARP spoofing, MAC flooding, and Ping floodingwere carried out. The purpose of this is to compare the impact of the attacks with and withoutVLAN. The results showed that the VLAN technique could mitigate the damage from Pingflooding, block ARP spoofing, but had no effect against the MAC flooding attack. Theconclusion we drew from the study is that VLAN can be a good protection against certain typesof attacks but are of no use against others. Therefore, network engineers should not rely solelyon VLAN as a security measure for their networks.

VLAN

Cybersecurity

DOS

MIM

Computer Systems

Datorsystem

Communication Systems

Kommunikationssystem

Computer Engineering

Datorteknik

Cyberattack Evaluation of Cloud-controlled Energy Storage / Utvärdering av cyberattacker mot molnstyrda energilagringssystem

Oscarsson, Joakim, Öhrström, Frans

January 2024

The demand for electricity is rising rapidly, with more power generated through re-newable energy sources. Renewable energy sources can fluctuate in their power output atshort notice, making it more difficult to maintain the balance between electricity consump-tion and production in the short term. A solution that has gained increased interest recentlyis to connect battery energy storage systems to the grid as a means of maintaining balance.However, such systems are often controlled remotely by a cloud control system, creatingtime-critical control loops over the internet that are partly responsible for the stability andcontinued function of the electrical grid. Cyberattacks against these closed-loop systemscould devastate the electrical grid and the apparatus connected to it.In this thesis, a reference model is designed for an electrical grid load-balancing cloudcontrol system connected to remote battery energy storage systems and remote grid fre-quency sensors (measuring the balance between production and consumption). The modelis evaluated from a cybersecurity perspective by implementing a simulator and applyingdifferent cyberattacks on the simulated system.The results show that some of the most critical attack methods that a threat actor couldutilize are: disrupting the connections over the internet that are part of the closed-loopsystem, abusing remote access links from the outside to gain access to subsystems (suchas seizing control of batteries), or disturbing external dependencies to the cloud such asdomain name system (DNS) and network time protocol (NTP) servers or the contractsrelated to electricity trading. The most important cyberattacks identified in the thesis are:time delay switch (delays of messages), denial of service (disturbing message availability),false data injection (modifying message contents), replay (replaying old messages), andload altering (affecting the grid balance through direct altering of electricity consumptionand production).The simulated cyberattacks differ in how they affect the grid frequency, i.e. the gridproduction-consumption balance. Large enough network packet delays caused oscilla-tions in the simulated frequency. Denial of service attacks caused unpredictable behavior,and a high enough packet drop rate caused oscillations. For false data injection, the re-sults depend on which internet link was attacked and what injection strategy was used;some attacks caused oscillations, while others caused a steady state error or even an in-creasingly deviating frequency. Replay attacks were able to cause a deviation during thereplay window when used effectively. Finally, large enough load altering caused oscilla-tions, especially when an attacker had control over at least 15% of the system’s balancingpower.Overall, attacks on the simulated system are serious and precautions must be carefullyconsidered before such a system is implemented in the real world.

battery energy storage systems

cloud control systems

load frequency control

cybersecurity

Computer Systems

Datorsystem

Cybersecurity Learning Modules for Programming in Java and Computer Networking Courses

Kenneth Andrew Guernsey (20421209)

17 December 2024

<p dir="ltr">As the world becomes increasingly reliant on technology, the role of software and systems in everyday life has increased exponentially. From mobile applications to critical infrastructure systems, software runs at the core of most modern systems. However, with this widespread usage comes the increased risk of cyber threats silently embedded in these systems. As software systems grow in complexity and scale, vulnerabilities become more difficult to detect and mitigate. The growing number of cyberattacks in recent years highlights the importance of not only building functional systems but also ensuring they are secure from the development stages. This emphasizes the need for a strong focus on secure coding practices as a vital component of both the software development process and education. Every computer engineering or computer science student is required to take programming courses as part of their curriculum. These courses teach fundamental programming aspects and skills, but lack the educational material about writing secure code. Many vulnerabilities that are present in software systems are caused by human error, and are introduced in code. This makes it imperative that students must be introduced to secure coding practices and general cybersecurity awareness while they are learning a new programming language. In this research we focus on the development of educational modules for secure software development and secure networking. A total of six secure coding modules were created, and a total of four secure networking modules were created. These modules provide clarity on a variety of vulnerabilities that may be introduced in code, such as lack of input validation, integer overflow, SQL injection, and SlowHTTP attacks. The module are designed as supplemental work that is performed concurrently with the regular curriculum, reinforcing the general information with security aspects. The goal of the modules are to increase the general cybersecurity awareness in students, and teach them how to mitigate to common vulnerabilities in code.</p>

Software and application security

System and network security

cybersecurity knowledge needs