Global ETD Search

351	ARTIFICIAL INTELLIGENCE-BASED SOLUTIONS FOR THE DETECTION AND MITIGATION OF JAMMING AND MESSAGE INJECTION CYBERATTACKS AGAINST UNMANNED AERIAL VEHICLES Joshua Allen Price (15379817) 01 May 2023 (has links) <p>This thesis explores the usage of machine learning (ML) algorithms and software-defined radio (SDR) hardware for the detection of signal jamming and message injection cyberattacks against unmanned aerial vehicle (UAV) wireless communications. In the first work presented in this thesis, a real-time ML solution for classifying four types of jamming attacks is proposed for implementation with a UAV using an onboard Raspberry Pi computer and HackRF One SDR. Also presented in this thesis is a multioutput multiclass convolutional neural network (CNN) model implemented for the purpose of identifying the direction in which a jamming sample is received from, in addition to detecting and classifying the jamming type. Such jamming types studied herein are barrage, single-tone, successive-pulse, and protocol-aware jamming. The findings of this chapter forms the basis of a reinforcement learning (RL) approach for UAV flightpath modification as the next stage of this research. The final work included in this thesis presents a ML solution for the binary classification of three different message injection attacks against ADS-B communication systems, namely path modification, velocity drift and ghost aircraft injection attacks. The collective results of these individual works demonstrate the viability of artificial-intelligence (AI) based solutions for cybersecurity applications with respect to UAV communications.</p> Deep learning Machine Learning Unmanned Aerial Vehicle Convolutional Neural Network Software-Defined Radio
352	ARTIFICIAL INTELLIGENCE-BASED GPS SPOOFING DETECTION AND IMPLEMENTATION WITH APPLICATIONS TO UNMANNED AERIAL VEHICLES Mohammad Nayfeh (15379369) 30 April 2023 (has links) <p>In this work, machine learning (ML) modeling is proposed for the detection and classification of global positioning system (GPS) spoofing in unmanned aerial vehicles (UAVs). Three testing scenarios are implemented in an outdoor yet controlled setup to investigate static and dynamic attacks. In these scenarios, authentic sets of GPS signal features are collected, followed by other sets obtained while the UAV is under spoofing attacks launched with a software-defined radio (SDR) transceiver module. All sets are standardized, analyzed for correlation, and reduced according to feature importance prior to their exploitation in training, validating, and testing different multiclass ML classifiers. Two schemes for the dataset are proposed, location-dependent and location-independent datasets. The location-dependent dataset keeps the location specific features which are latitude, longitude, and altitude. On the other hand, the location-independent dataset excludes these features. The resulting performance evaluation of these classifiers shows a detection rate (DR), misdetection rate (MDR), and false alarm rate (FAR) better than 92%, 13%, and 4%, respectively, together with a sub-millisecond detection time. Hence, the proposed modeling facilitates accurate real-time GPS spoofing detection and classification for UAV applications.</p> <p><br></p> <p>Then, a three-class ML model is implemented on a UAV with a Raspberry Pi processor for classifying the two GPS spoofing attacks (i.e., static, dynamic) in real-time. First, several models are developed and tested utilizing the prepared dataset. Models evaluation is carried out using the DR, F-score, FAR, and MDR, which all showed an acceptable performance. Then, the optimum model is loaded to the onboard processor and tested for real-time detection and classification. Location-dependent applications, such as fixed-route public transportation, are expected to benefit from the methodology presented herein as the longitude, latitude, and altitude features are characterized in the implemented model.</p> Global Positioning System Machine Learning Software-Defined Radio Spoofing attacks Unmanned Aerial Vehicle
353	What are the motivations and barriers for incorporating multi-factor authentication among IT students? Henriksson, Adam January 2022 (has links) The need for greater account security has grown as the globe has become more digitally connected. One of the solutions available today is multi-factor authentication, which enables users to add additional authentication factors to secure their accounts. However, multi-factor authentication has not become widespread in organisations due to a lack of user accessibility and knowledge of the subject's importance. This study aimed to identify possible motivations and barriers to adopting multi-factor authentication from students at the University of Skövde to motivate possible improvements in the education and tools of multi-factor authentication. Ten students from the Network and system administration program at the University of Skövde were interviewed in the spring of 2022. The answers received were analysed qualitatively with thematic analysis. The results from the analysed answers formed a theme named ‘NSA students consider themselves secure’ derived from the three categories found during the coding. All students were familiar with multi-factor authentication and its importance for account security. Despite this, not all the students used it for their private accounts, stating that they considered it inconvenient and not required. The students who used multi-factor authentication did not use it for every account they owned, instead opting to secure important services like email, social media and crypto-wallets. Based on the results, improvements regarding usability in authenticator applications and teaching users about the cybersecurity risks and advantages of utilising MFA may increase its adoption rate. / <p>Adam Lasu Henriksson</p> IT Cybersecurity Information security MFA 2FA Information Systems Learning Lärande Information Systems, Social aspects
354	Security of Embedded Software : An Analysis of Embedded Software Vulnerabilities and Related Security Solutions Gaboriau-Couanau, Clément January 2017 (has links) The increased use of computer systems for storing private data or doing critical operations leads to some security issues gathered in the area cybersecurity. This neologism leads people to think about the security of information systems and general-purpose computers. However, with the growth of the Internet of Things, embedded systems are also concerned with these issues. The speed of development of this area often leads to a backwardness in the security features. The thesis investigates the security of embedded systems by focusing on embedded software. After classifying the vulnerabilities which could be encountered in this field, a first part of this work introduces the realisation of a document gathering guidelines related to secure development of embedded software. This realisation is based on an analysis of the literature review, but also on the knowledge of engineers of the company. These guidelines are applied to the project of a client. The result of their application allows us to prove their consistency and to write a set of recommendations to enhance the security of the project. The thesis presents the implementation of some of them. Particularly, it introduces a way to secure an Inter-Process Communication (IPC) mean: D-Bus, through a proof of concept. The result shows that the security policy of D-Bus is efficient against some attacks. Nevertheless, it also points out that some att acks remain feasible. The solution is implemented on an embedded board to analyse the computational overhead related to this embedded aspect. As expected, a more complex and detailed a policy is, the higher the overhead tends to be. Nevertheless, this computational overhead is proportional to the number of rules of the policy. / Den ökade användningen av datorsystem för att lagra privata data eller göra kritiska operationer leder till vissa säkerhetsproblem som samlas i området cybersäkerhet. Denna neologism leder människor att tänka på säkerhetssystemen för informationssystem och allmänt tillgängliga datorer. Men med tillväxten av saker i saken är inbyggda system också berörda av dessa frågor. Utvecklingshastigheten för detta område leder ofta till en underutveckling säkerhetsfunktionerna.Avhandlingen undersöker säkerheten för inbyggda system genom att fokusera på inbyggd programvara. Efter att ha klassificerat de sårbarheter som kan uppstå i det här fältet introducerar en första del av det här arbetet realisationen av ett dokument av riktlinjer om säker utveckling av inbyggd programvara. Denna insikt bygger på en analys av litteraturgranskningen, men också på kunskap om ingenjörer i företaget. Dessa riktlinjer tillämpas på en kunds projekt.Resultatet av deras ansökan gör det möjligt för oss att bevisa deras konsistens och att skriva rekommendationer för att förbättra projektets säkerhet. Avhandlingen presenterar genomförandet av några av dem. Ett sätt införs särskilt patt säkra en interprocesskommunikation (IPC) menande: DBus, genom ett konceptbevis. Resultatet visar att D-Busens säkerhetspolitik är effektiv mot vissa attacker. Det påpekar emellertid också att vissa attacker fortfarande är möjliga. Lösningen implementeras på ett inbyggd kort för att analysera beräkningsoverhead som är relaterad till denna inbyggda aspekt. Som förväntat är en mer komplex och detaljerad politik, desto högr e överhuvudtaget tenderar att vara. Ändå är denna beräkningskostnad proportionell mot antalet av regler av säkerhetspolitiken. Embedded Software Cybersecurity Guideline Inter-Process Communication (IPC) D-Bus Monitoring Inbyggd Programvara Cybersäkerhet Riktlinje Interprocesskommunikation (IPC) D-Bus Övervakning Computer Sciences Datavetenskap (datalogi)
355	Penetration testing of a smart speaker / Penetrationstestning av en smart högtalare Nouiser, Amin January 2023 (has links) Smart speakers are becoming increasingly ubiquitous. Previous research has studied the security of these devices; however, only some studies have employed a penetration testing methodology. Moreover, most studies have only investigated models by well-known brands such as the Amazon or Google. Therefore, there is a research gap of penetration tests on less popular smart speaker models. This study aims to address this gap by conducting a penetration test on the less popular JBL Link Music with firmware version 23063250. The results show that the speaker is subject to several security threats and is vulnerable to some attacks. The Bluetooth Low Energy implementation is vulnerable to passive eavesdropping. Additionally, the speaker is vulnerable to an 802.11 denial of service attack, and a boot log containing sensitive information can be accessed through a serial communication interface. It is concluded that the speaker is, in some aspects, insecure. / Smarta högtalare blir alltmer närvarande. Tidigare forskning har undersökt säkerheten kring dessa, dock har endast några använt en penetrerings testnings metolologi. Därutover har de flesta studier endast studerat modeller av välkända varumärken som Google eller Amazon. Därmed finns en vetenskaplig kunskapslucka kring penetrationstester av mindre populära modeller. Denna studie syftar till att bemöta denna lucka genom att utföra ett penetrationstest av den mindre populära JBL Link Music med mjukvaruversion 23063250. Resultaten visar att högtalaren är utsatt för flera säkerhetshot och är sårbar för några attacket. Bluetooth Low Energy implementationen är sårbar för passiv avlyssning. Därutöver är högtalaren sårbar för en 802.11 denial of service attack och en boot logg innehållande känslig information kan nås genom ett seriellt kommunikations gränssnitt. Slutsatsen dras att högtalaren, i vissa aspekter, är osäker. Penetration testing Ethical hacking Smart speaker Cybersecurity Internet of Things Penetrationstestning Etisk hackning Smart högtalare Cybersäkerhet Sakernas Internet Computer and Information Sciences Data- och informationsvetenskap
356	Penetration Testing of an In-Vehicle Infotainment System / Penetrationstestning av ett Infotainmentsystem i Fordon Andersson, Philip January 2022 (has links) With the growing demand for smart and luxurious vehicles, the automotive industry has moved toward developing technologies to enhance the in-vehicle user experience. As a result, most vehicles today have a so-called In-Vehicle Infotainment (IVI) system, or simply an infotainment system, which provides a combination of information and entertainment in one system. IVI systems are used to control, for instance, the audio, navigation, and air conditioning in vehicles. Increasingly more IVI systems are also connected to the internet which has enabled features such as web browsers and third-party apps on them. This raises questions concerning the cybersecurity of IVI systems. As more vehicles are connected to the internet, it increases the risk of vehicles getting hacked. Previous research has shown that it is possible to take control of an entire vehicle by hacking the IVI system. In this thesis, penetration testing was conducted on an IVI system included on a rig from Volvo Cars to find potential vulnerabilities in the system. To the best of the author’s knowledge, this is the first paper describing penetration tests performed on a greater attack surface of the Android Automotive operating system used by the IVI system than previous research which only focused on the attack surface of third-party apps. Moreover, threat modeling was performed by employing the threat analysis and risk assessment part of the ISO/SAE 21434: Road vehicles — Cybersecurity engineering. This has not yet been done in the research area of security of IVI systems as far as the author knows. The results from the various penetration tests show that no major vulnerabilities were discovered in the IVI system. However, several findings were made in the thesis where the main one was that multiple content providers, managing access to storage (e.g., relational databases) in Android, were found to be exported by Android apps on the IVI system, and that some of these were vulnerable to SQL injection. This vulnerability of some of the content providers was exploited but did not lead to any collection of private information. For future work, penetration testing of the cellular interface of the IVI system is suggested. / Med en ökad efterfrågan för smarta och lyxiga fordon så har fordonsindustrin behövt utveckla teknologier som förbättrar användarupplevelsen i fordon. Ett resultat av detta är att de flesta fordon idag har ett så kallat infotainmentsystem vilket kombinerar information och underhållning i ett system. Infotainmentsystem används till exempel för att styra ljudet, navigationen och luftkonditioneringen i fordon. Fler infotainmentsystem börjar också bli uppkopplade mot internet som möjliggör för användare att surfa på internet och ladda ner tredjepartsappar. Detta väcker frågor beträffande cybersäkerheten hos dessa. I takt med att fler fordon blir uppkopplade mot internet så ökar det risken för att fordon blir hackade. Tidigare forskning har visat att det är möjligt att ta kontroll över ett helt fordon genom att hacka infotainmentsystemet. I detta examensarbete har penetrationstestning utförts på ett infotainmentsystem som var inkluderad på en rigg från Volvo Personvagnar för att hitta potentiella säkerhetsbrister i infotainmentsystemet. Till författarens bästa vetskap är denna rapport den första som beskriver om penetrationstester utförda på en större attackyta av operativsystemet Android Automotive som används av infotainmentsystemet än tidigare forskning som bara har fokuserat på tredjepartsappar som attackyta. Hotmodellering har också utförts i examensarbetet enligt ett avsnitt kallad hotanalys och riskbedömning i ISO/SAE 21434: Vägfordon — Process och metod för cybersäkerhet. Detta har ännu inte gjorts inom forskningsområdet säkerhet för infotainmentsystem så vitt författaren känner till. Resultaten från de olika penetrationstesterna visar att inga allvarliga säkerhetsbrister hittades i infotainmentsystemet. Dock gjordes flera upptäckter under examensarbetet där den mest väsentliga var att ett flertal innehållsleverantörer, som hanterar åtkomst till lagring (t.ex. relationsdatabaser) i Android, var exporterade från Android appar på infotainmentsystemet, och att några av dem var sårbara till SQL-injektioner. Denna sårbarhet hos vissa innehållsleverantörer utnyttjades men ledde inte till någon insamling av privat information. Ett förslag för framtida arbeten är att utföra penetrationstestning på det mobila gränssnittet hos infotainmentsystemet. Cybersecurity Penetration testing In-Vehicle Infotainment system Android Automotive ISO/SAE 21434 Cybersäkerhet Penetrationstestning Infotainmentsystem i fordon Android Automotive ISO/SAE 21434 Computer Sciences Datavetenskap (datalogi)
357	Working from Home : The New Norm in a Post-COVID-19 World : Information and Cyber Security in the Digital Work from Home Environment Ringström, Sebastian January 2023 (has links) Work from Home (WFH) gained momentum as a result of the pandemic. When large portions of the world were under government mandated lockdowns, and forced to institute WFH, companies began to slowly realize that the WFH model come with significant benefits such as the possibility to reduce office space or obtaining access to talent globally. Employees too are incentivized to WFH as it allows them more freedom in where to live, reduce commuting costs, and allow employees to space out work during the day and better manage energy levels. The thesis investigated cybersecurity and information security risks connected to the WFH model through collecting qualitative data by conducting a systematic literature review to gain background knowledge on the topic which was then used to create the interview guide that was used to carry out semi-structured interviews with four heterogeneous Swedish companies of various sizes, working in different fields. The SLR identified social engineering attacks in general, and phishing attacks in particular, to be the greatest threat to employees working in a WFH model suggesting employee security awareness training to be the key security measure in protecting the WFH model. The semi-structured interviews revealed that companies working in a WFH model have also drawn the same conclusion and have made significant efforts to raise security awareness through employee training programs. Telework Work from Home WFH Remote Work Cybersecurity Information Security Incentives Cyberattacks Security Awareness Security Culture Information Systems
358	DIGITAL LITERACY AND THE PERCEPTIONS OF ONLINE GROOMING Motunrola Mutiat Afolabi (17199070) 18 October 2023 (has links) <p dir="ltr">Recent developments in computer technology have increased the number of internet stalkers, child pornographers, traffickers and sexual predators. In a world where digital literacy is on the rise and people strive to keep up with the latest technology, this paper explores the relationship between digital literacy and online grooming(computer-mediated sexual grooming) and offline grooming (localized sexual grooming) and the effect of age, gender, marital status and parental status on the way individuals perceive grooming. This data was collected via a survey from 256 respondents who are 18 years and above and classified as parents within the United States. Several analyses such as correlations, Mann-Whitney U test and Kruskal Wallis H test were conducted, and our results suggest that there is a relationship between digital literacy and the perceptions of grooming, which may have implications on cybersecurity awareness training. The results highlight the importance of digital literacy in the perception of computer-mediated sexual grooming and familial sexual grooming, with enough evidence to support its essential role in people’s sense of safety. In conclusion, this study emphasized the need for targeted programs and campaigns to create education and awareness with the aim of improving parental digital literacy skills, understanding of grooming risks, and responsible Internet use education across society.</p> digital literacy minors computer-mediated sexual grooming familial sexual grooming localized sexual grooming online grooming offline grooming perception prevalence
359	Penetration testing of current smart thermostats : Threat modeling and security evaluation of Shelly TRV and Meross Smart Thermostat / Penetrationstestning av aktuella smarta termostater : Hotmodellering och säkerhetbedömning av Shelly TRV och Meross Smart Termostat Lindberg, Adam January 2023 (has links) As smart homes become increasingly common and concerns over Internet of Things (IoT) security grow, this study delves into the vulnerabilities of smart thermostats. These devices offer convenience but also comes with increased risk of cyber attacks. This study evaluates the susceptibility of the Shelly Thermostatic Radiator Valve (TRV) and the Meross Smart Thermostat to potential threats across various attack vectors – encompassing firmware, network, radio, and cloud – through penetration testing guided by the PatrIoT methodology. Findings reveal four unknown vulnerabilities in the Meross Smart Thermostat and two in the Shelly TRV. These vulnerabilities consist of insecure firmware updates, lack of network encryption, exploitable radio communication, and cloud-related gaps. Recommendations aiming at mitigating the found vulnerabilities include implementing secure Wi-Fi access points for both models during setup, and ensuring strong encryption for the Meross Smart Thermostat’s radio communication. The study contributes to an increased awareness of potential security risks associated with these devices, though the extent of vulnerabilities across all smart thermostat models cannot be definitively concluded. / I takt med att smarta hem blir allt vanligare och med växande medvetenhet om säkerhet för Internet of Things (IoT), undersöker denna studie potentiella sårbarheter hos smarta termostater. Dessa enheter förenklar användares vardag, men ger också upphov till nya cyberhot. Denna studie granskar Shelly TRV och Meross Smart Thermostat för potentiella hot inom attackvektorerna firmware, nätverk, radio och moln, genom penetreringstestning som vägleds av PatrIoT-metodiken. Resultatet är fyra upptäckta sårbarheter i Meross-modellen och två i Shelly Thermostatic Radiator Valve (TRV) inklusive osäkra firmware-uppdateringar, brist på nätverkskryptering, utnyttjbar radiokommunikation och molnrelaterade problem. Rekommendationer med syfte att mitigera de upptäckta sårbarheterna inkluderar att implementera säkra Wi-Fi-åtkomstpunkter för båda modellerna under installationen och att säkerställa stark kryptering för Meross Smart Thermostat:s radiokommunikationen. Studien bidrar till en ökad medvetenhet om potentiella säkerhetsrisker som är förknippade med dessa enheter, även om det inte kan fastställas hur vanligt det är med sårbarheter i smarta termostater IoT penetration testing Smart thermostat Ethical hacking PatrIoT Cybersecurity IoT penetrationstestning Smart termostat Etisk hackning PatrIoT Cybersäkerhet Computer and Information Sciences Data- och informationsvetenskap
360	Demonstration of Digital Selective Call spoofing / Förfalskning av Digitala Selektivanrop Lindbäck, Axel, Javid, Yamha January 2023 (has links) Digital Selective Calling (DSC) is a vital maritime communications and safety system, enabling ships in distress to alert nearby vessels and coast guard stations of their emergency. While DSC is suitable for calling, its technical format is substandard from a cybersecurity perspective. Specifically, this work aims to demonstrate that Very High Frequency (VHF) DSC distress calls can be spoofed using Software Defined Radio (SDR). A VHF DSC distress call encoder and VHF DSC SDR signal constructor were developed. The forged distress call was transmitted using various techniques to two different DSC decoder programs, as well as to the maritime VHF transceiver ICOM IC-M510. It was shown that all of the targeted DSC decoders were susceptible to spoofing. This thesis concludes that VHF DSC distress calls can be spoofed using SDR, and infers that the DSC system as a whole has inherent security vulnerabilities that need to be addressed to assure the safety of future seafaring. Digital Selective Calling Software Defined Radio Spoofing Cybersecurity Maritime Communication Systems Communication Systems Kommunikationssystem Signal Processing Signalbehandling Computer Systems Datorsystem Telecommunications Telekommunikation

Search results