Har vi verkligen ett säkert beteende på internet? : En kvalitativ studie om hur användare hanterar lösenord på internet och varför de gör som de gör. / Is our behavior on Internet secure? : A qualitative study on how users manage their online password and why they do as they do

Ahlqvist, Klas, Norell, Per-Ivar

January 2022

Introduktion: För att kunna använda möjligheterna som internet erbjuder krävs i många fall ett användarkonto som identifierar och autentiserar användaren. En förutsättning för att det ska vara säkert är att ingen annan har tillgång till användarens kontouppgifter, vilket ställer krav på att användaren har komplexa och unika lösenord. Syfte: I denna studie har vi undersökt vilken kunskap användare har kring säkra lösenord, hur de agerar samt undersökt varför de agerar som de gör. Metod: Studien är genomförd som en kvalitativ intervjustudie med 12 respondenter i varierande ålder och bakgrund. Resultat: Våra resultat visar att användarens kunskaper ofta bygger på äldre, ej längre aktuella, rekommendationer. De har även bristande kunskaper om vad en lösenordsgenerator eller lösenordshanterare är och hur de fungerar. Kunskapsbristerna, kombinerat med önskan om att det ska gå snabbt, medför att användarna ej genomför korrekta hot- och konsekvensbedömningar av riskerna på internet. Diskussion/Slutsats: Kunskaperna hos användarna behöver höjas för att minska riskerna de utsätter sig för. Teknikutvecklingen går fort och ökad kunskap och medvetenhet krävs för ett säkert agerande på internet. / Introduction: An account, that identify and authorize the user, is nowadays almost a condition for the user’s ability to use the many services Internet provides. If the account shall remain safe, only the user should have access to the user account. The user needs to create unique and complex passwords. Aim: In this study we have examined the end-user’s knowledge regarding safe passwords, how they act. We have also examined why they act as they do. Method: This qualitative study was made through interviews with 12 respondents of varying age. Results: Our findings show that the user’s knowledge often is based on older recommendations. They also lack knowledge about what a password generator, or a password manger, is and how they work. The lack of knowledge combined with a high wish of swift Internet usage leads to inadequate threat and impact assessments of Internet risks. Conclusion: The end-user’s knowledge, regarding security online needs to be improved, to reduce their risk exposure. The development of technology is moving fast so a raised awareness is mandatory for a safe Internet behavior.

Internet security

Passwords

Security awareness. Security behavior

User accounts

Användarkonton

Internetsäkerhet

Lösenord

Säkerhetsbeteende

Säkerhetsmedvetande

Computer Sciences

Datavetenskap (datalogi)

Computer and Information Sciences

Data- och informationsvetenskap

A new model for worm detection and response : development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis

Mohd Saudi, Madihah

January 2011

Worms have been improved and a range of sophisticated techniques have been integrated, which make the detection and response processes much harder and longer than in the past. Therefore, in this thesis, a STAKCERT (Starter Kit for Computer Emergency Response Team) model is built to detect worms attack in order to respond to worms more efficiently. The novelty and the strengths of the STAKCERT model lies in the method implemented which consists of STAKCERT KDD processes and the development of STAKCERT worm classification, STAKCERT relational model and STAKCERT worm apoptosis algorithm. The new concept introduced in this model which is named apoptosis, is borrowed from the human immunology system has been mapped in terms of a security perspective. Furthermore, the encouraging results achieved by this research are validated by applying the security metrics for assigning the weight and severity values to trigger the apoptosis. In order to optimise the performance result, the standard operating procedures (SOP) for worm incident response which involve static and dynamic analyses, the knowledge discovery techniques (KDD) in modeling the STAKCERT model and the data mining algorithms were used. This STAKCERT model has produced encouraging results and outperformed comparative existing work for worm detection. It produces an overall accuracy rate of 98.75% with 0.2% for false positive rate and 1.45% is false negative rate. Worm response has resulted in an accuracy rate of 98.08% which later can be used by other researchers as a comparison with their works in future.

621.382

A influência da percepção de segurança da Internet sobre a intenção de compra de usuários habituais / A influência da percepção de segurança da Internet sobre a intenção de compra de usuários habituais

Melo, Rogério Alves de

14 March 2006

Made available in DSpace on 2016-03-15T19:26:29Z (GMT). No. of bitstreams: 1 Rogerio Alves de Melo.pdf: 892369 bytes, checksum: 4af200efff3cb556cc018adff3611897 (MD5) Previous issue date: 2006-03-14 / This paper deals with the influence of the perception of Internet security when habitual users have the intention of buying something through the Internet. Therefore, a descriptive research was conducted, of which data was collected through a semi-structured questionnaire and a sample composed of 154 university students who are attending the Science of Computation course. The data was considered by the statistic: a) descriptive, using simple average and the answers frequency; b) Inference, through the techniques of the multiple linear regression, logistics and the tests t and x2 (qui-squared). The results gave evidences that: a) women and users who are not employed feel more insecure in the Internet; b) users with a higher income and who have used the Internet for a longer period (in years) feel more secure; c) the higher is the perception of security, the bigger is the intention of buying something through the Internet; d) users who have already bought something through the Internet feel more secure than those who never did; and e) among those users with the same degree of perception of security, the users who have already bought something through the Internet have a lesser degree of intention to buy something again. Thence, the main conclusions were: a) the intention of buying something through the Internet increases according to the increasing of the perception of security and; b) those users who have already bought something through the Internet are more influenced by their perception of security than those who never did. Before these evidences, the companies may direct investments in publicity in order that potential costumers realise their sale systems security and, specially, keep or increase this perception of security after the purchasing has been done. In order to continue this paper, it is suggested: a) reapplication of the research including new variables related to the perception of security; b) specific studies with women and low-income users; and c) reapplication with a population of non- university students who intensely use the Internet. / O presente trabalho trata da influência da percepção de segurança da internet sobre a intenção de compra de usuários habituais. Para tanto, realizou-se uma pesquisa descritiva, cujos dados foram coletados por meio de um questionário semi-estruturado, de uma amostra composta de 154 estudantes de um curso universitário de Ciências da Computação . Os dados foram tratados pela estatística: a) descritiva, utilizando-se da média simples e das freqüências de respostas e; b) inferencial, por meio das técnicas da regressão linear múltipla e logística e dos testes t e do x2 (Qui-Quadrado). Os resultados evidenciaram que: a) mulheres e usuários que não trabalham são mais inseguros na internet, b) usuários com maior renda familiar e com maior tempo de utilização da internet (em anos) são mais seguros; c) quanto maior a percepção de segurança, maior a intenção de comprar pela Internet; d) usuários que já compraram pela internet sentem-se mais seguros do que os que nunca compraram; e e) entre os usuários com o mesmo grau de percepção de segurança, os usuários que já compraram têm menor intenção de compra. Com isso, as principais conclusões foram que: a) à medida que aumenta a percepção de segurança, aumenta intenção de compra pela internet e b) os usuários que já compraram são mais influenciados pela percepção de segurança do que os que nunca compraram. Diante dessas evidências, as empresas podem direcionar investimentos em publicidade para que seus potenciais clientes percebam a segurança dos seus sistemas de vendas e, principalmente, mantenham ou aumentem esta percepção após a realização da compra. Para prosseguimento deste trabalho, sugere-se: a) replicação da pesquisa com a inclusão de novas variáveis relacionadas à percepção de segurança; b) estudos específicos com mulheres e usuários de internet de baixa renda e c) replicação com população de não universitários com uso intensivo da internet.

comércio eletrônico

segurança na internet

percepção de segurança

fraude eletrônica

compras online

comportamento do consumidor

e-commerce

internet security

perception of security

e-fraud

online purchasing

consumer behaviour

Improving internet usability - a framework for domain name policy evaluation.

Rowe, Joshua Luke, josh@email.nu

January 2009

A domain name is a unique alphanumeric designation that facilitates reference to sets of numbers which actually locate a particular computer on the Internet. Domain names are a fundamental part of the Internet's user interface. Improving the usability of the Internet depends upon effective domain name policy. This study is intended to contribute to improvement in Internet usability for the end users of domain names. Benefits of more usable domain names include: higher sales, customer satisfaction and productivity, and reduced support costs. Domain name policies worldwide vary considerably. Consequently, end users are inconvenienced by contradictory domain name policies, diminishing the predictability of an entity's domain name, and thus decreasing usability for end users. The study objective was to develop criteria with which policy makers can evaluate their domain name policies, in order to improve the usability of domain names for end users. The main research question posed was: What are the criteria for an effective domain name policy? The research methodology included a literature review, domain name policy examination and an ethnographic narrative. The literature review found existing research examining either domain names or usability in isolation. However, research examining the intersection of the two is scarce. The existing research describes domain names as part of the web user interface. In practical terms, this is about how people use domain names to access web sites, email addresses and other Internet resources. It was established that the predictability (and thus usability) of domain names relies on effective domain name policy. The non-standardised and widely delegated process of domain name policy development leads to unpredictable and inconsistent domain names. The narrative recollection presented the researcher's inside perspective on the domain name industry, with a focus on domain name usability. The researcher provided first-hand insights into the evolution of the industry and policy development process, from Australian and international perspectives. To address the problem of poor domain name usability, a framework for domain name policy evaluation is proposed. The framework extends the current research that treats domain names as a user interface by proposing criteria which address usability concerns. The framework allows policy makers to critically assess domain name policies with end users in mind. Examples of the criteria include: understanding who are its intended and untended users, and whether it's consistent with other domain names. The framework has the potential to set an international standard for the critical evaluation of domain name policy, and become the basis for further research. This study was developed from the researcher's perspective as a participant in the domain name industry. A secondary lens regarding the usability of domain names was then applied. This study has only scraped the surface in terms of how the research fields of domain names and usability may be considered together. The research methodology for this study was primarily qualitative and interpretive. A quantitative study of domain name policies globally could provide further insight into areas including: the differences in second level country code domain names, and language implications of domain names.

Domain name usability

domain names

usability

Internet governanance

Internet politics

Internet economics

electronic identifiers

telecommunications

Internet standards

domain name policy

intellectual property

trademarks

Internet security

Internet privacy

web site design

web site usability

human-computer interaction

online marketing

online brands.

The use of technology to automate the registration process within the Torrens system and its impact on fraud : an analysis

Low, Rouhshi

January 2008

Improvements in technology and the Internet have seen a rapid rise in the use of technology in various sectors such as medicine, the courts and banking. The conveyancing sector is also experiencing a similar revolution, with technology touted as able to improve the effectiveness of the land registration process. In some jurisdictions, such as New Zealand and Canada, the paper-based land registration system has been replaced with one in which creation, preparation, and lodgement of land title instruments are managed in a wholly electronic environment. In Australia, proposals for an electronic registration system are under way. The research question addressed by this thesis is what would be the impact on fraud of automating the registration process. This is pertinent because of the adverse impact of fraud on the underlying principles of the Torrens system, particularly security of title. This thesis first charts the importance of security of title, examining how security of title is achieved within the Torrens system and the effects that fraud has on this. Case examples are used to analyse perpetration of fraud under the paper registration system. Analysis of functional electronic registration systems in comparison with the paper-based registration system is then undertaken to reveal what changes might be made to conveyancing practices were an electronic registration system implemented. Whether, and if so, how, these changes might impact upon paper based frauds and whether they might open up new opportunities for fraud in an electronic registration system forms the next step in the analysis. The final step is to use these findings to propose measures that might be used to minimise fraud opportunities in an electronic registration system, so that as far as possible the Torrens system might be kept free from fraud, and the philosophical objectives of the system, as initially envisaged by Sir Robert Torrens, might be met.

The design and implementation of a security and containment platform for peer-to-peer media distribution / Die ontwerp en implimentasie van ’n sekure en begeslote platvorm vir portuurnetwerk mediaverspreiding

Storey, Quiran

12 1900

Thesis (MScEng)--Stellenbosch University, 2013. / ENGLISH ABSTRACT: The way in which people consume video is changing with the adoption of new technologies such as tablet computers and smart televisions. These new technologies, along with the Internet, are moving video distribution away from satellite and terrestrial broadcast to distribution over the Internet. Services online now offer the same content that originally was only available on satellite broadcast television. However, these services are only viable in countries with high speed, inexpensive Internet bandwidth. The need therefore exists for alternative services to deliver content in countries where bandwidth is still expensive and slow. These include many of the developing nations of Africa. In this thesis we design and develop a video distribution platform that relies on peer-to-peer networking to deliver high quality video content. We use an existing video streaming peer-to-peer protocol as the primary distribution mechanism, but allow users to share video over other protocols and services. These can include BitTorrent, DC++ and users sharing hard drives with one another. In order to protect the video content, we design and implement a security scheme that prevents users from pirating video content, while allowing easy distribution of video data. The core of the security scheme requires a low bandwidth Internet connection to a server that streams keys to unlock the video content. The project also includes the development of a custom video player application to integrate with the security scheme. The platform is not limited to, but is aimed at high speed local area networks where bandwidth is free. In order for the platform to support feasible business models, we provision additional services, such as video cataloging and search, video usage monitoring and platform administration. The thesis includes a literature study on techniques and solutions to secure video entertainment, specifically in a peer-to-peer environment. / AFRIKAANSE OPSOMMING: Die wyse waarvolgens mense video verbruik is aan die verander met die ingebruikneming van nuwe tegnologie soos tabletrekenaars en slim televisiestelle. Hierdie nuwe tegnologie tesame met die Internet maak dat die verspreiding van video al hoe minder plaasvind deur middel van satellietuitsendings en al hoe meer versprei word deur die Internet. Aanlyn-Internetdienste bied deesdae dieselfde inhoud aan as wat voorheen slegs deur beeldsending versprei is. Hierdie dienste is egter slegs lewensvatbaar in lande met hoëspoed- en goedkoop Internetbandwydte. Daar is dus ’n behoefte aan alternatiewe tot hierdie dienste in lande waar bandwydte steeds duur en stadig is. Baie lande in Afrika kan in hierdie kategorie ingesluit word. In hierdie tesis word ’n videoverspreidingsplatform ontwerp en ontwikkel, wat van portuurnetwerke gebruik maak om hoëkwaliteit-beeldmateriaal te versprei. Die stelsel gebruik ’n bestaande portuurnetwerk-datavloeiprotokol as die premêre verspreidingsmeganisme, maar laat gebruikers ook toe om videoinhoud direk met ander gebruikers en dienste te deel. BitTorrent, DC++ en gebruikers wat hardeskywe met mekaar deel word hierby ingesluit. Ten einde die videoinhoud te beskerm ontwerp en implimenteer ons ’n sekuriteitstelsel wat verhoed dat gebruikers die videoinhoud onregmatig kan toe-eien, maar wat terselfdertyd die verspreiding van die data vergemaklik. Hierdie sluit die ontwikkeling van ’n pasgemaakte videospeler in. Die kern van die sekuriteitstelsel benodig ’n lae-bandwydte-Internetverbinding na ’n bediener wat sleutels uitsaai om die videoinhoud te ontsluit. Alhoewel nie daartoe beperk nie, is die platform gemik op hoëspoed-plaaslikegebiedsnetwerke met gratis bandwydte. Om die platvorm aan ’n haalbare sakemodel te laat voldoen het ons vir addisionele dienste soos videokatalogisering met soekfunksies, videoverbruikersmonitering en platvormadministrasie voorsiening gemaak. Die tesis sluit ’n literatuurstudie oor tegnieke en oplossings vir die beskerming van video data, spesifiek in die portuurnetwerke omgeving, in.

Streaming videos

Internet security measures

Computing platforms

Local area networks (Computer networks)

Video distribution platforms

A new model for worm detection and response. Development and evaluation of a new model based on knowledge discovery and data mining techniques to detect and respond to worm infection by integrating incident response, security metrics and apoptosis.

Mohd Saudi, Madihah

January 2011

Worms have been improved and a range of sophisticated techniques have been integrated, which make the detection and response processes much harder and longer than in the past. Therefore, in this thesis, a STAKCERT (Starter Kit for Computer Emergency Response Team) model is built to detect worms attack in order to respond to worms more efficiently. The novelty and the strengths of the STAKCERT model lies in the method implemented which consists of STAKCERT KDD processes and the development of STAKCERT worm classification, STAKCERT relational model and STAKCERT worm apoptosis algorithm. The new concept introduced in this model which is named apoptosis, is borrowed from the human immunology system has been mapped in terms of a security perspective. Furthermore, the encouraging results achieved by this research are validated by applying the security metrics for assigning the weight and severity values to trigger the apoptosis. In order to optimise the performance result, the standard operating procedures (SOP) for worm incident response which involve static and dynamic analyses, the knowledge discovery techniques (KDD) in modeling the STAKCERT model and the data mining algorithms were used. This STAKCERT model has produced encouraging results and outperformed comparative existing work for worm detection. It produces an overall accuracy rate of 98.75% with 0.2% for false positive rate and 1.45% is false negative rate. Worm response has resulted in an accuracy rate of 98.08% which later can be used by other researchers as a comparison with their works in future. / Ministry of Higher Education, Malaysia and Universiti Sains Islam Malaysia (USIM)

Apoptosis

Data mining

Security metrics

Knowledge discovery technique (KDD)

Standard Operating Procedures (SOP)

Worm incident response

Static analysis

Dynamic analysis

Worm rules

Worm classification

STAKCERT model

Worm detection

Internet security

Internet-based electronic payment systems

Kortekaas, Birgit Friederike

01 January 2002

As today, the traditional payment systems of cash, cheques and credit cards are being supplemented by electronic cheques, electronic credit card-based systems, and token-based systems, online security is of utmost importance and one of the biggest criteria used for evaluating electronic payment systems. Electronic payment systems must guarantee the essential security requirements: confidentiality, privacy, integrity, availability. authentication, non-repudiation as well as anonymity and trust. This paper compares the various payment systems (both traditional and electronic) available today mainly according to their security aspects. Secure processing can be accomplished including access controls and detection techniques, such as, encrypted communication channels, user and/or message authentication, symmetric and asymmetric encryption, digital certificates and firewalls. These effective security measures, which are outlined in detail in this paper, will protect the information and payment systems against security risks that currently threaten the Internet / Computing / M.Sc. (Information Systems)

Internet

Electronic commerce

Electronic payment systems

Authentication

Confidentiality

Identification

Integrity

Privacy

Security

Cryptography

Certificates

Encryption

Digital signatures

Anonymity

Threats

Electronic cash

Electronic cheque

Smart cards

Electronic credit cards

658.478

Internet -- Economic aspects

Internet -- Security measures

Payment

Electronic commerce -- Security measures

Computer networks -- Security measures

Data encryption (Computer science)

Smart cards

The law of data (privacy) protection: a comparative and theoretical study

Roos, Anneliese

31 October 2003

In present-day society more and more personal information is being collected. The nature of the collection has also changed: more sensitive and potentially prejudicial information is collected. The advent of computers and the development of new telecommunications technology, linking computers in networks (principally the Internet) and enabling the transfer of information between computer systems, have made information increasingly important, and boosted the collection and use of personal information. The risks inherent in the processing of personal information are that the data may be inaccurate, incomplete or irrelevant, accessed or disclosed without authorisation, used for a purpose other than that for which they were collected, or destroyed. The processing of personal information poses a threat to a person's right to privacy. The right to identity is also infringed when incorrect or misleading information relating to a person is processed. In response to the problem of the invasion of the right to privacy by the processing of personal information, many countries have adopted "data protection" laws. Since the common law in South Africa does not provide adequate protection for personal data, data protection legislation is also required. This study is undertaken from a private law perspective. However, since privacy is also protected as a fundamental right, the influence of constitutional law on data protection is also considered. After analysing different foreign data protection laws and legal instruments, a set of core data protection principles is identified. In addition, certain general legal principles that should form the basis of any statutory data protection legislation in South Africa are proposed. Following an analysis of the theoretical basis for data protection in South African private law, the current position as regards data protection in South-Africa is analysed and measured against the principles identified. The conclusion arrived at is that the current South African acts can all be considered to be steps in the right direction, but not complete solutions. Further legislation incorporating internationally accepted data protection principles is therefore necessary. The elements that should be incorporated in a data protection regime are discussed. / Jurisprudence / LL. D. (Jurisprudence)

South African private law

OECD Guidelines on data protection

Right to identity

Computers and privacy

Right to privacy

Data protection

342.858068

Privacy, Right of -- South Africa

Internet -- Security measures

Inter-device authentication protocol for the Internet of Things

Wilson, Preethy

18 May 2017

The Internet of things (IoT) recently blossomed remarkably and has been transforming the everyday physical entities around us into an ecosystem of information that will enrich our lives in unimaginable ways. Authentication is one of the primary goals of security in the IoT and acts as the main gateway to a secure system which transmits confidential and/or private data.This thesis focuses on a Device-to-Device Mutual Authentication Protocol, designed for the smart home network, which is an essential component of communication in the Internet of Things(IoT). The protocol has been developed based on asymmetric cryptography to authenticate the devices in the network and for the devices to agree on a shared secret session key. In order to ensure the security of a communications session between the devices, the session keys are changed frequently - ideally after every communication session. The proposed scheme has been programmed in HLPSL, simulated and its efficiency verified using the SPAN/ AVISPA tool. When SPAN substantiates the protocol simulation and the attacker simulation, the back-ends of the AVISPA tool verifies the safety and security of the proposed authentication protocol. The thesis also evaluates the protocol's security against the attacks successful against protocols proposed by other researchers. / Graduate / 0544 / 0984 / 0537 / pwilson1@uvic.ca

Authentication

Internet of Things (IoT)

Smart Homes

Smart Home Network

AVISPA/SPAN

AVISPA

Internet Security

Cryptography

Encryption

Asymmetric Cryptography

Shared Session Key

Private Key

Public Key

Cloud

Fog

Security

HLPSL

Quality Metrics

Simulation

Protocol Simulation

Attacker Simulation

Formal Verification

Verification

Multi-protocol Attack

Reflection Attack

OFMC

CL-AtSe

Communication

Computing

Mutual Authentication

Device-to-device

inter-device

machine-to-machine

Attacks