Global ETD Search

191	Zefektivnění zabezpečení bezdrátových sítí / Security Protection efficiency improvement for Wireless Networks Marušek, Michal January 2009 (has links) Nowadays every wireless radio-communication services encompass huge type of technology used for transfer video, voice or data. Wireless communication is the most expanded branch and many companies are using this technology because of low cost and simply management. The biggest advantage is easy connection to shared wireless medium and allows users of network to move around whole covered area. The most expanded types of wireless networks are called Wireless LAN (WLAN). With rising number of WLANs is rising chance to attack shared wireless medium by hacker and many sensitive information can be stolen or modified. To avoid this chance was created the first security protocol used in WLAN called WEP. Its goal was protect data transmitted trough WLAN as strong as were protected in wired networks. Unfortunately WEP was hiding a big weakness which can be used in a crack of WLAN in a minute with the aid of special software. Example of this kid of software can be Airsnort constructed to monitor shared medium and captured every packet transferred trough this medium. Based on statistical method Airsnort can obtain hidden password in a few minutes. The second type of this software can be Aircrack-ng, which can crack hidden password without any user connected to WLAN. Aircrack-ng uses active techniques to generate network load and can obtain password more effectively and faster. The result of both cases was successful and protection of WLAN was completely cracked. Later was created new security protocol called WPA, which had to fix the cryptography weakness of previous WEP. WPA was only temporary security protocol, during standard 802.11 was developing which had to offer highest security and integrity protection of transferred data trough WLAN. For this reasons was created new version of WPA called WPA2 which satisfy requirements of standard 802.11i. Both protocols WPA/WPA2 contain weakness, which can crash security of WLAN. This crack is based on authentication PSK. Attacker during authentication is using information from four-way handshake between user of WLAN and access point. Based on this information attacker can crack password with the aid of password list attack which took approximately 30 minutes. Based on previous result is important to chose strong password contains alphanumeric string or special strings with satisfy length.
192	Detekce anomálií v síťovém provozu / Network Anomaly Detection Bartoš, Václav January 2011 (has links) This work studies systems and methods for anomaly detection in computer networks. At first, basic categories of network security systems and number of methods used for anomaly detection are briefly described. The core of the work is an optimization of the method based on detection of changes in distributions of packet features originally proposed by Lakhina et al. This method is described in detail and two optimizations of it are proposed -- first is focused to speed and memory efficiency, second improves its detection capabilities. Next, a software created to test these optimizations is briefly described and results of experiments on real data with artificially generated and also real anomalies are presented.
193	Security Risk Analysis based on Data Criticality Zhou, Luyuan January 2020 (has links) Nowadays, security risk assessment has become an integral part of network security as everyday life has become interconnected with and dependent on computer networks. There are various types of data in the network, often with different criticality in terms of availability or confidentiality or integrity of information. Critical data is riskier when it is exploited. Data criticality has an impact on network security risks. The challenge of diminishing security risks in a specific network is how to conduct network security risk analysis based on data criticality. An interesting aspect of the challenge is how to integrate the security metric and the threat modeling, and how to consider and combine the various elements that affect network security during security risk analysis. To the best of our knowledge, there exist no security risk analysis techniques based on threat modeling that consider the criticality of data. By extending the security risk analysis with data criticality, we consider its impact on the network in security risk assessment. To acquire the corresponding security risk value, a method for integrating data criticality into graphical attack models via using relevant metrics is needed. In this thesis, an approach for calculating the security risk value considering data criticality is proposed. Our solution integrates the impact of data criticality in the network by extending the attack graph with data criticality. There are vulnerabilities in the network that have potential threats to the network. First, the combination of these vulnerabilities and data criticality is identified and precisely described. Thereafter the interaction between the vulnerabilities through the attack graph is taken into account and the final security metric is calculated and analyzed. The new security metric can be used by network security analysts to rank security levels of objects in the network. By doing this, they can find objects that need to be given additional attention in their daily network protection work. The security metric could also be used to help them prioritize vulnerabilities that need to be fixed when the network is under attack. In general, network security analysts can find effective ways to resolve exploits in the network based on the value of the security metric. network security risk assessment attack graph data criticality security metric threat modeling Software Engineering Programvaruteknik
194	Towards Secure Multipath TCP Communication Afzal, Zeeshan January 2017 (has links) The evolution in networking coupled with an increasing demand to improve user experience has led to different proposals to extend the standard TCP. Multipath TCP (MPTCP) is one such extension that has the potential to overcome few inherent limitations in the standard TCP. While MPTCP's design and deployment progresses, most of the focus has been on its compatibility. The security aspect is confined to making sure that the MPTCP protocol itself offers the same security level as the standard TCP. The topic of this thesis is to investigate the unexpected security implications raised by using MPTCP in the traditional networking environment. The Internet of today has security middle-boxes that perform traffic analysis to detect intrusions and attacks. Such middle-boxes make use of different assumptions about the traffic, e.g., traffic from a single connection always arrives along the same path. This along with many other assumptions may not be true anymore with the advent of MPTCP as traffic can be fragmented and sent over multiple paths simultaneously. We investigate how practical it is to evade a security middle-box by fragmenting and sending traffic across multiple paths using MPTCP. Realistic attack traffic is used to evaluate such attacks against Snort IDS to show that these attacks are feasible. We then go on to propose possible solutions to detect such attacks and implement them in an MPTCP proxy. The proxy aims to extend the MPTCP performance advantages to servers that only support standard TCP, while ensuring that intrusions can be detected as before. Finally, we investigate the potential MPTCP scenario where security middle-boxes only have access to some of the traffic. We propose and implement an algorithm to perform intrusion detection in such situations and achieve a nearly 90% detection accuracy. Another contribution of this work is a tool, that converts IDS rules into equivalent attack traffic to automate the evaluation of a middle-box. / Multipath TCP (MPTCP) is an extension to standard TCP that is close to being standardized. The design of the protocol is progressing, but most of the focus has so far been on its compatibility. The security aspect is confined to making sure that the MPTCP protocol itself offers the same security level as standard TCP. The topic of this thesis is to investigate the unexpected security implications raised by using MPTCP in a traditional networking environment. Today, the security middleboxes make use of different assumptions that may not be true anymore with the advent of MPTCP.We investigate how practical it is to evade a security middlebox by fragmenting and sending traffic across multiple paths using MPTCP. Realistic attack traffic generated from a tool that is also presented in this thesis is used to show that these attacks are feasible. We then go on to propose possible solutions to detect such attacks and implement them in an MPTCP proxy. The proxy aims to extend secure MPTCP performance advantages. We also investigate the MPTCP scenario where security middleboxes can only observe some of the traffic. We propose and implement an algorithm to perform intrusion detection in such situations and achieve a high detection accuracy. / HITS network security MPTCP TCP IDS snort edit-distance Computer Sciences Datavetenskap (datalogi)
195	Secure Key Agreement for Wearable Medical Devices Kasparek, Alexander J 05 December 2019 (has links) In this thesis we explore if a proposed random binary sequence generation algorithm can be combined with a separately proposed symmetric key agreement protocol to provide usable security for communications in Wireless Body Area Networks (WBAN). Other previous works in this area fall short by only considering key generation between two of the same signals or allowing for key generation between two different types of signals but with the cost of a significant signal collection time requirement. We hoped to advance this area of research by making secure key generation more efficient with less signal collection time and allowing keys to be generated between two sensors that measure two different physiological signals. However, while the binary sequence generation algorithm and key agreement protocol perform well separately, they do not perform well together. The combined approach yields keys that have good properties for use in a WBAN, but the generation rate is low. WBAN Body Area Network Security Bio-cryptography Physiological signals Symmetric key agreement
196	Mobile Application for Secure Healthcare System Yesmin, Sabina January 2013 (has links) Usage of mobile applications and wireless networks is growing rapidly at different sectors in the world. Mobile healthcare application is devotedly accepted by the healthcare organizations and also by patients. The reasons behind accepting mobile healthcare applications are as user friendly, reliable, low cost, time efficient, mobility etc. Though the use of mobile applications is rising day by day in the healthcare sectors still those applications are not completely secure to prevent disclosure and misuse of patient’s sensitive data. However, security issues in healthcare applications get attention by many organizations. In this thesis we have presented an integrated architecture for secure mobile healthcare system. This application provides management of patient medical records in a regional environment. Our mobile application is developed for Android platform. This solution is secure enough, because it fulfills important security requirements: integrity, confidentiality and availability. Mobile healthcare Engineering and Technology Teknik och teknologier
197	Refining a Network Model Concerning Network Security Risk Analysis / Förfina en nätverksmodul beträffande säkerhetsriskanalys inom nätverkssäkerhet Kuehn, Daniel, Ljunggren, Sofia January 2014 (has links) P²CySeMoL is a framework in which security risks are calculated and presented with a value referring to the probability that an attack will succeed in a system, mainly SCADA systems. This thesis covers the creation of a more granular network module for the P²CySeMoL security riskanalysis framework to better be able to represent a network in concrete modules and to enable security riskanalysis on a network infrastructure at a greater detail. This paper outlines the creation of a network module with the base in the OSI model. It is replicated in a way that the network module is an extension to the P²CySeMoL metamodel, without interfering and restructuring it. It also covers a smaller survey to verify and get feedback about the created module from security and network experts and analysis of the survey. The conclusion is made that the network module is a good base to build upon and reflects to good degree a model needed to do security risk analysis on a network infrastructure and suggestions about further validation and research to improve the module are outlined. This thesis was produced in cooperation with Spotify AB and parts of the team behind P²CySeMoL at the ICS department at KTH. / P²CySeMoL är ett ramverk där säkerhetsrisker beräknas och redovisas i form av ett värde som hän-visar till sannolikheten att en attack lyckas i ett system, huvudsakligen SCADA system. Den här avhandlingen behandlar skapandet av en mer detaljerad nätverksmodul för säkerhetsriskramverket P²CySeMoL för att bättre representera ett nätverks konkreta moduler och för att möjliggöra analys av säkerhetsrisker rörande en nätverksinfrastruktur på ett mer detaljerat sätt. Den här rapporten beskriver skapandet av en nätverksmodul med en bas i OSI-modellen. Den är replikerad på ett sätt att den är en extension av P²CySeMoL metamodell, utan att omstrukturera den. Det omfattar även en mindre undersökning för att kontrollera och samla återkoppling på den skapade modulen från säkerhet- och nätverksexperter samt en analys av undersökningen. Slutsatsen fastställer att nätverksmodulen är en bra bas att bygga vidare på och den återspeglar till hög grad en modell som behövs för att göra säkerhetsriskanalyser på en infrastruktur, förslag om ytterligare validering och forskning för att förbättra modulnätet beskrivs. Det här arbetet har producerats i samarbete med Spotify och delar av teamet bakom P²CySeMoL vidICS avdelningen på KTH. Network Security Risk Analysis CySeMoL P2AMF Nätverkssäkerhet Riskanalys CySeMoL P2AMF Communication Systems Kommunikationssystem
198	Novel System Compartmentalization and Reverse Engineering Methods Derrick P Mckee (12868367) 14 June 2022 (has links) <p>The need to secure software systems is more important than ever. However, while a lot of work exists to design and implement secure systems, a fundamental weakness remains. Instead of implementing software with least privilege policies, developers create monolithic systems that allow any instruction near universal memory access. This dissertation attempts to rectify this fundamental weakness to software design through three different contributions.</p> <p>First, I address the monolithic software design problem by proposing and evaluating a novel compartmentalization enforcement mechanism called Hardware-Assisted Kernel Compartmentalization (HAKC). HAKC is capable of enforcing an arbitrary compartmentalization policy using features of the ARMv9 ISA, without the need of any extra virtualization or trusted software layer. I then introduce a method of determining an optimal compartmentalization policy based on user performance and security constraints called FlexC, which is tested using HAKC as the enforcement mechanism. The end result is a hardened, com-partmentalized kernel, customized to a user’s needs, which enforces a least privilege policy that minimizes overhead. Finally, as an avenue for further compartmentalization policy generation, I introduce a novel program analysis framework called IOVec Function Identifier (IOVFI), which foregoes the use of language processing and model learning, but instead uses program state changes as a unique function fingerprint. I show that IOVFI is a more stable and accurate function identifier than the state-of-the-art, even in the presence of differing compilation environments, purposeful obfuscations, and even architecture changes.</p> Software and application security System and network security Compartmentalization Reverse engineering Computer security
199	A Network based Home surveillance/ monitoring system : Router based Deployment and Network Security Song, Zixuan January 2011 (has links) Home surveillance/monitoring systems are widely used nowadays. An intelligent surveillance system can provide multiple functions for uses. The assumption underlying this thesis project is that a home surveillance system can help people manage their homes better. The thesis presents two investigations into an intelligent home surveillance system implementation. First we will focus on the development of a router platform, which can manage the cameras connected to an intelligent home surveillance system. Such a system will include at least one router, one or more cameras. Some of these cameras will be connected by wireless links. Each camera will be dynamically allocated an IP address. The system will manage and control the various elements of the home surveillance/monitoring system via the network. Second, we will examine potential network security solutions, and choose a suitable solution. A key result of this thesis project is that SRTP and MIKEY are suitable for use in a home surveillance/monitoring system and together they provide authentication and privacy for the information from the camera (and potentially other information). This privacy is an important aspect of a home surveillance/monitoring system, since improper use of this information could be damaging to the homeowner’s privacy and personal integrity. Home surveillance/monitoring system router platform development network security SRTP MIKEY. Engineering and Technology Teknik och teknologier
200	Security Countermeasure Selection as a Constraint Solving Problem Kathem, Aya January 2021 (has links) Network systems often contain vulnerabilities that remain unmitigated in a network for various reasons, such as lack of a patch and limited budget. Adversaries can exploit these existing vulnerabilities through different strategies. The attackers can use the existing vulnerabilities to gain capabilities that will enable them to reach their target goal. This thesis aims to find the most effective defense strategy that can defend against all discovered/known attack scenarios in attempt to secure the system's critical assets. Threat modeling is a well-known technique to find and assess vulnerabilities and threats in the system. Attack graphs are one of the common models used to illustrate and analyze attack scenarios. They provide a logical overview that illustrates how an attacker can combine multiple vulnerabilities to reach a specific part of the system. This project utilizes attack graphs, taking advantage of the causal relationship of their elements to formulate a Constraint Solving Problem, performs a number of analyses to define some constraints and objectives to select the most appropriate actions to be taken by the defender. This is achieved by addressing the security requirements and organization requirements for a given budget. The results show that the selected combination of countermeasures restricts all attack paths presented in the Logical attack graph. The countermeasures are be distributed on the most critical parts of a system and reduce the potential harm for several vulnerabilities rather than provide high protection to a few vulnerabilities. This approach aids in finding the most relevant way to protect system's assets based on the available budget. Logical attack graph Optimization problem Constraint Solving Problems Computer Network Security. Computer Sciences Datavetenskap (datalogi)

Search results