Global ETD Search

41	Library and Tools for Server-Side DNSSEC Implementation / Library and Tools for Server-Side DNSSEC Implementation Včelák, Jan January 2014 (has links) Tato práce se zabývá analýzou současných open source řešení pro zabezpečení DNS zón pomocí technologie DNSSEC. Na základě provedené rešerše je navržena a implementována nová knihovna pro použití na autoritativních DNS serverech. Cílem knihovny je zachovat výhody stávajících řešení a vyřešit jejich nedostatky. Součástí návrhu je i sada nástrojů pro správu politiky a klíčů. Funkčnost vytvořené knihovny je ukázána na jejím použití v serveru Knot DNS.
42	Secure handling of encryption keys for small businesses : A comparative study of key management systems Gustafsson, Jacob, Törnkvist, Adam January 2019 (has links) Background: A recent study shows that key management in the cooperate world is very painful due to, among other reasons, a lack of knowledge and resources. Instead, some companies embed the encryption keys and other software secrets directly in the source code for the application that uses them, introducing the risk of exposing the secrets. Today, there are multiple systems for managing keys. However, it can be hard to pick a suitable one. Objectives: The objectives of the thesis are to identify available key management systems for securing secrets in software, evaluate their eligibility to be used by small businesses based on various attributes and recommend a best practice to configure the most suited system for managing software secrets. Methods: Key management systems are identified through an extensive search, using both scientific and non-scientific search engines. Identified key management systems were compared against a set of requirements created from a small business perspective. The systems that fulfilled the requirements were implemented and comprehensively evaluated through SWOT analyses based on various attributes. Each system was then scored and compared against each other based on these attributes. Lastly, a best practice guide for the most suitable key management system was established. Results: During the thesis, a total of 54 key management systems were identified with various features and purposes. Out of these 54 systems, five key management systems were comprehensively compared. These were Pinterest Knox, Hashicorp Vault, Square Keywhiz, OpenStack Barbican, and Cyberark Conjur. Out of these five, Hachicorp Vault was deemed to be the most suitable system for small businesses. Conclusions: There is currently a broad selection of key management systems available. The quality, price, and intended use of these vary, which makes it time-consuming to identify the system that is best suitable based on the needs. The thesis concludes Hachicorp Vault to be the most suitable system based on the needs presented. However, the thesis can also be used by businesses with other needs as a guideline to aid the problem of choosing a key management system. / Bakgrund: En ny studie visar att nyckelhantering i företagsvärlden är väldigt omständligt, bland annat på grund av brist av kunskap och resurser. Istället väljer vissa företag att inkludera krypteringsnycklar och andra mjukvaruhemligheter direkt i källkoden för applikationen som ska använda dem, och därmed introducerar risken att exponera hemligheterna om källkoden skulle bli tillgänglig för en obehörig part. Syfte: Syftet med denna avhandling är att identifiera tillgängliga nyckelhanteringssystem för att säkra upp mjukvaruhemligheter, bedöma deras lämplighet för småföretag genom att utvärdera dem baserat på olika egenskaper, och rekommendera bästa praxis för att konfigurera det mest lämpliga nyckelhanteringssystemet. Metod: Nyckelhanteringssystem har identifierats genom en omfattande sökning i både vetenskapliga och icke-vetenskapliga sökmotorer. Identifierade nyckelhanteringssystem jämfördes med ett antal krav skapade från ett småföretags-perspektiv. De systemen som uppfyllde kraven implementerades och utvärderades omfattande genom SWOT analyser baserade på attribut för exempelvis funktioner, prestanda, användarvänlighet och uppskattat framtida stöd. Varje system fick sedan en poäng som jämfördes mot de andra systemen baserat på dessa attributen. Till sist togs även en bästa praxis fram för det mest lämpade nyckelhanteringssystemet. Resultat: Under avhandlingen identifierades totalt 54 nyckelhanteringssystem med olika funktioner och syften. Utav dessa system jämfördes fem omfattande. Dessa var Pinterest Knox, Hashicorp Vault, Square Keywhiz, OpenStack Barbican och Cyberark Conjur. Utav dessa fem ansågs Hachicorp Vault vara det mest lämpade systemet för småföretag. Slutsatser: Det finns nuvarande ett brett utbud av nyckelhanteringssystem tillgängliga. Kvalitén, priset och deras syfte varierar vilket gör det tidskrävande att identifiera det systemet som best lämpar sig till ens behov. Avhandlingen anser Hachicorp Vault vara den mest lämpliga baserat på de presenterade behoven, men avhandlingen kan också användas av företag med andra behov som en guide för att underlätta problemet med att välja ett lämpligt nyckelhanteringssystem. Key management system encryption keys cryptography comparison Nyckelhantering krypteringsnycklar kryptering jämförelse Computer Sciences Datavetenskap (datalogi)
43	Secure Data Service Outsourcing with Untrusted Cloud Xiong, Huijun 10 June 2013 (has links) Outsourcing data services to the cloud is a nature fit for cloud usage. However, increasing security and privacy concerns from both enterprises and individuals on their outsourced data inhibit this trend. In this dissertation, we introduce service-centric solutions to address two types of security threats existing in the current cloud environments: semi-honest cloud providers and malicious cloud customers. Our solution aims not only to provide confidentiality and access controllability of outsourced data with strong cryptographic guarantee, but, more importantly, to fulfill specific security requirements from different cloud services with effective systematic ways. To provide strong cryptographic guarantee to outsourced data, we study the generic security problem caused by semi-honest cloud providers and introduce a novel proxy-based secure data outsourcing scheme. Specifically, our scheme improves the efficiency of traditional proxy re-encryption algorithm by integrating symmetric encryption and proxy re-encryption algorithms. With less computation cost on applying re-encryption operation directly on the encrypted data, our scheme allows flexible and efficient user revocation without revealing underlying data and heavy computation in the untrusted cloud. To address specific requirement from different cloud services, we investigate two specific cloud services: cloud-based content delivery service and cloud-based data processing service. For the former one, we focus on preserving cache property in the content delivery network and propose CloudSeal, a scheme for securely and flexibly sharing and distributing content via the public cloud. With the ability of caching the major part of a stored cipher content object in the delivery network for content distribution and keeping the minor part with the data owner for content authorization, CloudSeal achieves security and efficiency both theoretically and experimentally. For the later service, we design and realize CloudSafe, a framework that supports secure and efficient data processing with minimum key leakage in the vulnerable cloud virtualization environment. Through the adoption of one-time cryptographic key strategy and a centralized key management framework, CloudSafe efficiently avoids cross-VM side channel attack from malicious cloud customers in the cloud. Our experimental results confirm the practicality and scalability of CloudSafe. / Ph. D. Cloud Computing Outsource Data Security Proxy Re-encryption Content Delivery Network Key Management
44	Efficient authenticated multi-service group key management for secure wireless mobile multicast Mapoka, Trust T., Shepherd, Simon J., Abd-Alhameed, Raed, Anoh, Kelvin O.O. January 2014 (has links) No Wireless networks Mobile multicast communication Security Multi-service group key management
45	Security and Efficiency Tradeoffs in Multicast Group Key Management Duma, Claudiu January 2003 (has links) An ever-increasing number of Internet applications, such as content and software distribution, distance learning, multimedia streaming, teleconferencing, and collaborative workspaces, need efficient and secure multicast communication. However, efficiency and security are competing requirements and balancing them to meet the application needs is still an open issue. In this thesis we study the efficiency versus security requirements tradeoffs in group key management for multicast communication. The efficiency is in terms of minimizing the group rekeying cost and the key storage cost, while security is in terms of achieving backward secrecy, forward secrecy, and resistance to collusion. We propose two new group key management schemes that balance the efficiency versus resistance to collusion. The first scheme is a flexible category-based scheme, and addresses applications where a user categorization can be done based on the user accessibility to the multicast channel. As shown by the evaluation, this scheme has a low rekeying cost and a low key storage cost for the controller, but, in certain cases, it requires a high key storage cost for the users. In an extension to the basic scheme we alleviate this latter problem. For applications where the user categorization is not feasible, we devise a cluster-based group key management. In this scheme the resistance to collusion is measured by an integer parameter. The communication and the storage requirements for the controller depend on this parameter too, and they decrease as the resistance to collusion is relaxed. The results of the analytical evaluation show that our scheme allows a fine-tuning of security versus efficiency requirements at runtime, which is not possible with the previous group key management schemes. / <p>Report code: LiU-TEK-LIC-2003:53.</p> Key management Multicast communication Security-efficiency tradeoffs Collusion resistance Push-oriented approaches Computer Sciences Datavetenskap (datalogi)
46	Private Key Allocation based Access Control Scheme for Social Networks Srinivas, Preethi 17 August 2010 (has links) No description available. Computer Science Social Structure Technology social network access control key management resource sharing security
47	PARALLEL CLUSTER FORMATION FOR SECURED COMMUNICATION IN WIRELESS AD HOC NETWORKS SHAH, VIVEK January 2004 (has links) No description available. Computer Science Ad Hoc Networks Network Security Key Distribution Key Management Wireless Communications
48	Handover optimised authentication scheme for high mobility wireless multicast Mapoka, Trust T., Shepherd, Simon J., Abd-Alhameed, Raed, Anoh, Kelvin O.O. January 2015 (has links) No / In this paper a distributed handover optimized authentication scheme based on independent session key per access network (HOISKA) is developed for the decentralized multi-service group key management scheme over wireless mobile multicast. It enables a handover user Mi involved in multiple multicast service subscriptions to securely reuse the long term credential initially issued by the trusted authentication server (As) for deriving unique session keys per access network as it performs handover authentication across various access networks. The distributed nature of the scheme enables offloading the authentication function to the area network controllers (AKDs) such that As is not involved during handover exchange authentication signaling. This simplifies handover by reducing handover exchange signalling constituting to handover delays. Handover Access authentication (HAA) phase in HOISKA is presented then analyzed using the delay analytical model. The model proves efficacy by inducing minimum delays with less handover blocking probability while providing same level of security to the widely deployed handover authentication scheme.
49	Improving authentication function in wireless mobile multicast communications Mapoka, Trust T., Shepherd, Simon J., Anoh, Kelvin O.O., Abd-Alhameed, Raed, Dama, Yousef A.S., AlSabbagh, Haider M. January 2015 (has links) No / In this paper a distributed authentication scheme based on independent session key per access network (HOISKA) is proposed for the decentralized multi-service group key management scheme in a wireless multicast environment. It enables a handover user Mi involved in multiple multicast service subscriptions to establish the long term credential from the trusted authentication server (As) during initial registration. The Mi then securely reuses the long term credential established to derive unique session keys per access network during handover across diverse access networks. The distributed nature HOISKA enables offloading the authentication function to the area network controllers (AKDs) such that As does not participate during handover authentication signalling. This simplifies handover by reducing handover exchange signalling constituting to less handover delays. Two scenarios for HOISKA, initial handover access (IAA) and Handover Access authentication (HAA) are presented then analyzed using the delay analytical model. The HOISKA model proves efficacy in both scenarios by inducing less transmission delays with comparable level of security compared to the widely deployed authentication scheme. Wireless networks User handover authentication Security Multicast communication Mobility management Group key management
50	Multi-Service Group Key Establishment for Secure Wireless Mobile Multicast Networks Mapoka, Trust T., Dama, Yousef A.S., AlSabbagh, Haider M., Shepherd, Simon J., Abd-Alhameed, Raed 10 1900 (has links) Yes / Recently there is high demand in distributing multimedia services over the internet to ubiquitous and computational intelligent mobile subscribers by the service providers (SPs). In this instance, provision of those services must be restricted to authorized subscribers via integration of authentication and group key management (GKM). GKM with diverse group services subscribed dynamically by moving subscribers in wireless networks has been omitted in conventional approaches. However it is expected that significant key management overhead will arise in them due to multi-services co-existing in the same network. In this paper, we propose a scalable decentralized multi-service GKM scheme considering host mobility in wireless environment. In the scheme, authentication of mobile subscribers and key management phases are delegated from the trusted domain key distributor (DKD) to the subgroup controllers known as area key distributors (AKD). The trusted intermediate AKDs can then establish and distribute the service group keys to valid subscribers in a distributed manner using identity-based encryption without involving the domain key distributor (DKD). This alleviates unnecessary delays and possible bottlenecks at the DKD. We show by simulation that the proposed scheme has some unique scalability properties over known schemes in terms of optimized rekeying communication and storage overheads. The security performance studies have shown resilience to various attacks. Multicast communication Multi-service group key management Wireless mobile multicast networks

Search results