Global ETD Search

341	New cryptanalysis and modelling for wireless networking Alzaabi, Mohamed Abdulla Hasan Saif January 2015 (has links) High data rates and interoperability of vender devices have made WiMAX a prime desire for use worldwide. WiMAX is based on the IEEE 802.16 standard. IEEE 802.16a, b, c & d versions were updated within three years of the first launch of WiMAX. However, during those early years reports were published that highlighted the security weaknesses of the standard. These weaknesses prompted the IEEE to issue a new version, 802.16e to tackle the security issues. Despite this security enhancement, WiMAX remains vulnerable. This research project looks at the vulnerability of WiMAX 802.16e Subscriber Station/Mobile Station authentication at the initial entry and proposes approaches to the prevention of Denial of Service (DoS) attacks at this point in order to secure the Media Access Control (MAC) layer from such threats. A new protocol has been designed and developed to provide confidentiality, authentication and integrity to WiMAX users. This new protocol is integrated with Z algorithm (an algorithm described later in this paper) to provide: • Confidentiality of management messages • Message Authentication code • ID to provide for message integrity and user authentication. A simulation package was also required, to prove that a linear load of DoS attack would disable or exhaust the capacity of the base station of a WiMAX network, as well as providing other simulation functions. The freely available simulation tool NIST (NIST IPSec (Internet Protocol Security) and IKE (Internet Key Exchange) Simulation) is oriented towards fixed network communications (NIIST, 2003). There are no other relevant simulation tools; hence the purpose of this research project is to develop a new tool to simulate WiMAX security vulnerabilities and test the new protocol. 004.6
342	Un système de médiation distribué pour l'e-santé et l'épidémiologie / A shared mediation system for E-health and epidemiology Cipière, Sébastien 12 July 2016 (has links) À ce jour, les mesures de risque des cancers ou d’efficacité de leur suivi, se font à partir de recueils de données médicales spécifiques initiés par les médecins épidémiologistes. Ces recueils disposent néanmoins de certaines limites : perte d’information, biais de déclaration, absence de données pour un risque non connu, biais de mesure (par exemple pour les données de nature médico-économiques). Le partage sécurisé de données médicales entre différentes structures médicales publiques et/ou privées est à ce jour en pleine mutation technologique. Les technologies proposées doivent rendre possible un partage électronique et sécurisé de ces données de manière à les rendre disponible à tout instant dans le cadre de l’observation sanitaire à l’évaluation de prises en charge ou de politiques de santé. Pour répondre à ces besoins, l’infrastructure GINSENG se base sur des informations produites dans le cadre des soins, sans nouvelles modalités de recueil, permettant à la fois une vitesse d’accès à l’information et une exhaustivité accrue. Ce recueil se fait par ailleurs avec de meilleures garanties d’anonymat et un chaînage de l’information médicale pour chaque patient. Une autorisation de la CNIL a été octroyée à l’infrastructure informatique du projet ainsi qu’à son utilisation pour le suivi des cancers en octobre 2013. Depuis le portail web e-ginseng.com, les médecins habilités s’authentifient grâce à leur Carte de Professionnel de Santé (CPS). Chaque patient, dont les données médicales sont réparties dans les établissements de santé, est identifié avec son accord, par les attributs suivants : nom, prénom, année et mois de naissance ainsi que son code postal de résidence avant d’être assigné à un numéro d’identification unique et anonyme. La mise à jour des données médicales de chaque patient est réalisée une fois par semaine ; chaque médecin peut alors consulter toutes les informations médicales relatives à chaque patient par une simple connexion au réseau. Ces informations lui apparaissent sous forme d’une arborescence d’évènements médicaux. Par exemple, un médecin chargé du suivi des patients dans le cadre du dépistage organisé pourra accéder directement depuis le portail web aux informations médicales dont il aura besoin pour établir une fiche médicale exhaustive du parcours du patient pour lequel un cancer aurait été détecté ou bien une suspicion de cancer qui se serait avérée négative suite à plusieurs examens médicaux. Un médecin épidémiologiste peut également réaliser des requêtes statistiques d’envergure sur les données médicales afin de répondre à des questions d’intérêt en santé publique. Pour aller plus loin, les requêtes épidémiologiques lancées sur les données médicales peuvent être couplées à des informations d’utilité publique recueillies sur d’autres bases de données en accès libre sur internet. L’infrastructure informatique GINSENG est actuellement déployée pour le suivi des cancers en région Auvergne entre les structures de gestion du dépistage organisé du cancer (SGDO) et le cabinet d’anatomie et cytologie pathologiques (ACP) Sipath-Unilabs. Le recours à un hébergeur de données de santé (HADS), nommé Informatique de sécurité (IDS), est également proposé pour le stockage des informations confidentielles des patients. Cette infrastructure permet actuellement de collecter toutes les informations médicales d’intérêt pour le suivi des cancers et l’évaluation des pratiques médicales. Les équipes de bio-statistiques et de santé publique du CHU de Clermont-Ferrand établissent actuellement les analyses épidémiologiques d’intérêt à partir des données collectées par le réseau. / The implementation of a grid network to support large-scale epidemiology analysis (based on distributed medical data sources) and medical data sharing require medical data integration and semantic alignment. In this thesis, we present the GINSENG (Global Initiative for Sentinel eHealth Network on Grid) network that federates existing Electronic Health Records through a rich metamodel (FedEHR), a semantic data model (SemEHR) and distributed query toolkits. A query interface based on the VIP platform, and available through the e-ginseng.com web portal helps medical end-users in the design of epidemiological studies and the retrieval of relevant medical data sets. E-Santé Données médicales distribuées Épidémiologie Architecture de grille Identification des patients Réseau sécurisé Cancérologie E-health Distributed medical data Epidemiology Distributed grid framework Record linkage Network security Oncology
343	Monitorování bezpečnosti firemní počítačové sítě / Company network security monitoring Kališ, Martin January 2009 (has links) Main focus of this work is on computer network security monitoring. In first part basic definitions for the area are formed and it also offers different ways to encompass monitoring into company security. Next part defines main functions of monitoring systems and provides guidelines for its implementation in organization. Practical part consists of defining key conditions for selection of monitoring solution and it also applies them when comparing several products available on the market. Then it presents author's view on future trends and development in this area based on facts from previous chapters. Whole work provides complete approach to security monitoring and offers definition of all key concepts and competencies for monitoring systems.
344	Modeling Security and Cooperation in Wireless Networks Using Game Theory Kamhoua, Charles A. K. 27 May 2011 (has links) This research involves the design, development, and theoretical demonstration of models resulting in integrated misbehavior resolution protocols for ad hoc networked devices. Game theory was used to analyze strategic interaction among independent devices with conflicting interests. Packet forwarding at the routing layer of autonomous ad hoc networks was investigated. Unlike existing reputation based or payment schemes, this model is based on repeated interactions. To enforce cooperation, a community enforcement mechanism was used, whereby selfish nodes that drop packets were punished not only by the victim, but also by all nodes in the network. Then, a stochastic packet forwarding game strategy was introduced. Our solution relaxed the uniform traffic demand that was pervasive in other works. To address the concerns of imperfect private monitoring in resource aware ad hoc networks, a belief-free equilibrium scheme was developed that reduces the impact of noise in cooperation. This scheme also eliminated the need to infer the private history of other nodes. Moreover, it simplified the computation of an optimal strategy. The belief-free approach reduced the node overhead and was easily tractable. Hence it made the system operation feasible. Motivated by the versatile nature of evolutionary game theory, the assumption of a rational node is relaxed, leading to the development of a framework for mitigating routing selfishness and misbehavior in Multi hop networks. This is accomplished by setting nodes to play a fixed strategy rather than independently choosing a rational strategy. A range of simulations was carried out that showed improved cooperation between selfish nodes when compared to older results. Cooperation among ad hoc nodes can also protect a network from malicious attacks. In the absence of a central trusted entity, many security mechanisms and privacy protections require cooperation among ad hoc nodes to protect a network from malicious attacks. Therefore, using game theory and evolutionary game theory, a mathematical framework has been developed that explores trust mechanisms to achieve security in the network. This framework is one of the first steps towards the synthesis of an integrated solution that demonstrates that security solely depends on the initial trust level that nodes have for each other. Wireless network Ad hoc network Wireless sensor network Telecommunication Cooperation Game theory Evolutionary game theory Network security Trust Prisoner's dilemma game
345	Datově úsporné zabezpečení cloudových úložišť / Data-efficient security of cloud storages Elis, Martin January 2016 (has links) This work is focused on problematics of a cloud solution, especially on its security side. It describes the current security trends and approaches used by security engineers when creating sophisticated designs of secure cloud systems. As part of it there is a risk analysis and an overview of the most common types of attacks led against the cloud solutions. Also, this document deals with the possibilities, principles, advantages and negatives of different types of cloud distributions. Another text deals with the usual methods used for accessing the cloud. This thesis contains author’s own design of possible realization. In the next part of the document, process of building a safe cloud data storage is described together with principles of ensuring its security. In the conclusion, the author focuses on comparison of cryptographic algorithms and their behavior depending on the length of a used keys.
346	Analys av datakommunikationssäkerhet för VoIP-protokoll / Analysis of data communications security for VoIP protocols Boongerd, Sanhawad, Lindstein, Fredrik January 2012 (has links) Voice over IP (VoIP) is a relatively new technology that enables voice calls over data networks.With VoIP it is possible to lower expenses, and increase functionality and flexibility. FromSwedish Armed Forces point of view, the security issue is of great importance, why the focus inthis report is on the security aspect of the two most common open-source VoIP-protocols H.323and SIP, some of the most common attacks, and counter-measures for those attacks.Because of the level of complexity with a network running H.323 or SIP, and the fact that it hasyet to stand the same level of trial as of traditional telephony, a VoIP-system includes manyknown security-issues, and probably at present many unknown security flaws. The conclusion is that it takes great knowledge and insight about a VoIP-network based onH.323 or SIP to make the network satisfyingly safe as it is today, and is therefore perhaps not asuitable solution for the Swedish Armed Forces today for their more sensitive communications. / Voice over IP (VoIP) är en datakommunkationsteknik som möjliggör röstsamtal överdatanätverk. Med VoIP är det möjligt att sänka kostnader, utöka funktionalitet och flexibilitet.Från Försvarsmaktens perspektiv är säkerhetsfrågan med VoIP av stor vikt, därför läggs speciellfokus för denna rapport på säkerhetsaspekten av de två största öppna VoIP-protokollen H.323och SIP, några av de vanligaste attackerna, och åtgärder mot dessa attacker. Eftersom uppbyggnaden av ett H.323- eller SIP-baserat nätverk är komplext och inte allsbeprövat i samma utsträckning som traditionell telefoni, innehåller det många kända säkerhetshåloch förmodligen för närvarande många okända säkerhetsbrister. Slutsatsen är att det krävs mycket stor kunskap och insikt hur ett VoIP-nätverk baserat på H.323eller SIP fungerar för att göra nätverket tillräckligt säkert i nuläget, vilket gör det till en tveksamttillfredställande lösning för Försvarsmakten idag för deras kommunikation av känsligare slag. Swedish Armed Forces Voice over IP H.323 SIP network security and countermeasures voice and video communication. Försvarsmakten Voice over IP H.323 SIP säkerhetsrisker och -åtgärder röst och videokommunikation. Telecommunications Telekommunikation
347	Security challenges within Software Defined Networks Ahmed, Haroon, Sund, Gabriel January 2014 (has links) A large amount of today's communication occurs within data centers where a large number of virtual servers (running one or more virtual machines) provide service providers with the infrastructure needed for their applications and services. In this thesis, we will look at the next step in the virtualization revolution, the virtualized network. Software-defined networking (SDN) is a relatively new concept that is moving the field towards a more software-based solution to networking. Today when a packet is forwarded through a network of routers, decisions are made at each router as to which router is the next hop destination for the packet. With SDN these decisions are made by a centralized SDN controller that decides upon the best path and instructs the devices along this path as to what action each should perform. Taking SDN to its extreme minimizes the physical network components and increases the number of virtualized components. The reasons behind this trend are several, although the most prominent are simplified processing and network administration, a greater degree of automation, increased flexibility, and shorter provisioning times. This in turn leads to a reduction in operating expenditures and capital expenditures for data center owners, which both drive the further development of this technology. Virtualization has been gaining ground in the last decade. However, the initial introduction of virtualization began in the 1970s with server virtualization offering the ability to create several virtual server instances on one physical server. Today we already have taken small steps towards a virtualized network by virtualization of network equipment such as switches, routers, and firewalls. Common to virtualization is that it is in early stages all of the technologies have encountered trust issues and general concerns related to whether software-based solutions are as rugged and reliable as hardwarebased solutions. SDN has also encountered these issues, and discussion of these issues continues among both believers and skeptics. Concerns about trust remain a problem for the growing number of cloud-based services where multitenant deployments may lead to loss of personal integrity and other security risks. As a relatively new technology, SDN is still immature and has a number of vulnerabilities. As with most software-based solutions, the potential for security risks increases. This thesis investigates how denial-of-service (DoS) attacks affect an SDN environment and a singlethreaded controller, described by text and via simulations. The results of our investigations concerning trust in a multi-tenancy environment in SDN suggest that standardization and clear service level agreements are necessary to consolidate customers’ confidence. Attracting small groups of customers to participate in user cases in the initial stages of implementation can generate valuable support for a broader implementation of SDN in the underlying infrastructure. With regard to denial-of-service attacks, our conclusion is that hackers can by target the centralized SDN controller, thus negatively affect most of the network infrastructure (because the entire infrastructure directly depends upon a functioning SDN controller). SDN introduces new vulnerabilities, which is natural as SDN is a relatively new technology. Therefore, SDN needs to be thoroughly tested and examined before making a widespread deployment. / Dagens kommunikation sker till stor del via serverhallar där till stor grad virtualiserade servermiljöer förser serviceleverantörer med infrastukturen som krävs för att driva dess applikationer och tjänster. I vårt arbete kommer vi titta på nästa steg i denna virtualiseringsrevolution, den om virtualiserade nätverk. mjukvarudefinierat nätverk (eng. Software-defined network, eller SDN) kallas detta förhållandevis nya begrepp som syftar till mjukvarubaserade nätverk. När ett paket idag transporteras genom ett nätverk tas beslut lokalt vid varje router vilken router som är nästa destination för paketet, skillnaden i ett SDN nätverk är att besluten istället tas utifrån ett fågelperspektiv där den bästa vägen beslutas i en centraliserad mjukvaruprocess med överblick över hela nätverket och inte bara tom nästa router, denna process är även kallad SDN kontroll. Drar man uttrycket SDN till sin spets handlar det om att ersätta befintlig nätverksutrustning med virtualiserade dito. Anledningen till stegen mot denna utveckling är flera, de mest framträdande torde vara; förenklade processer samt nätverksadministration, större grad av automation, ökad flexibilitet och kortare provisionstider. Detta i sin tur leder till en sänkning av löpande kostnader samt anläggningskostnader för serverhallsinnehavare, något som driver på utvecklingen. Virtualisering har sedan början på 2000-talet varit på stark frammarsch, det började med servervirtualisering och förmågan att skapa flertalet virtualiserade servrar på en fysisk server. Idag har vi virtualisering av nätverksutrustning, såsom switchar, routrar och brandväggar. Gemensamt för all denna utveckling är att den har i tidigt stadie stött på förtroendefrågor och överlag problem kopplade till huruvida mjukvarubaserade lösningar är likvärdigt robusta och pålitliga som traditionella hårdvarubaserade lösningar. Detta problem är även något som SDN stött på och det diskuteras idag flitigt bland förespråkare och skeptiker. Dessa förtroendefrågor går på tvären mot det ökande antalet molnbaserade tjänster, typiska tjänster där säkerheten och den personliga integriten är vital. Vidare räknar man med att SDN, liksom annan ny teknik medför vissa barnsjukdomar såsom kryphål i säkerheten. Vi kommer i detta arbete att undersöka hur överbelastningsattacker (eng. Denial-of-Service, eller DoS-attacker) påverkar en SDN miljö och en singel-trådig kontroller, i text och genom simulering. Resultatet av våra undersökningar i ämnet SDN i en multitenans miljö är att standardisering och tydliga servicenivåavtal behövs för att befästa förtroendet bland kunder. Att attrahera kunder för att delta i mindre användningsfall (eng. user cases) i ett inledningsskede är också värdefullt i argumenteringen för en bredare implementering av SDN i underliggande infrastruktur. Vad gäller DoS-attacker kom vi fram till att det som hackare går att manipulera en SDN infrastruktur på ett sätt som inte är möjligt med dagens lösningar. Till exempel riktade attacker mot den centraliserade SDN kontrollen, slår man denna kontroll ur funktion påverkas stora delar av infrastrukturen eftersom de är i ett direkt beroende av en fungerande SDN kontroll. I och med att SDN är en ny teknik så öppnas också upp nya möjligheter för angrepp, med det i åtanke är det viktigt att SDN genomgår rigorösa tester innan större implementation. Software Defined Networks (SDN) network security denial of service distributed denial of service multi-tenancy mjukvarudefinierat nätverk nätverkssäkerhet överbelastningsattack distribuerad överbelastningsattack multitenans Computer and Information Sciences Data- och informationsvetenskap
348	Relay Racing with X.509 Mayflies : An Analysis of Certificate Replacements and Validity Periods in HTTPS Certificate Logs / Stafettlöpning med X.509-dagsländor : En Analys av Certifikatutbyten och Giltighetsperioder i HTTPS-certifikatloggar Bruhner, Carl Magnus, Linnarsson, Oscar January 2020 (has links) Certificates are the foundation of secure communication over the internet as of today. While certificates can be issued with long validity periods, there is always a risk of having them compromised during their lifetime. A good practice is therefore to use shorter validity periods. However, this limits the certificate lifetime and gives less flexibility in the timing of certificate replacements. In this thesis, we use publicly available network logs from Rapid7's Project Sonar to provide an overview of the current state of certificate usage behavior. Specifically, we look at the Let's Encrypt mass revocation event in March 2020, where millions of certificates were revoked with just five days notice. In general, we show how this kind of datasets can be used, and as a deeper exploration we analyze certificate validity, lifetime and use of certificates with overlapping validity periods, as well as discuss how our findings relate to industry standard and current security trends. Specifically, we isolate automated certificate services such as Let's Encrypt and cPanel to see how their certificates differ in characteristics from other certificates in general. Based on our findings, we propose a set of rules to help improve the trust in certificate usage and strengthen security online, introducing an Always secure policy aligning certificate validity with revocation time limits in order to replace revocation requirements and overcoming the fact that mobile devices today ignore this very important security feature. To round things off, we provide some ideas for further research based on our findings and what we see possible with datasets such as the one researched in this thesis. certificate authorities certificate lifetime certificate overlap certificate replacement certificate validity certificates HTTPS network security PKI Project Sonar SSL TLS X.509 Computer Sciences Datavetenskap (datalogi)
349	Un système de surveillance et détection de menaces utilisant le traitement de flux comme une fonction virtuelle pour le Big Data / A monitoring and threat detection system using stream processing as a virtual function for Big Data Andreoni Lopez, Martin Esteban 06 June 2018 (has links) La détection tardive des menaces à la sécurité entraîne une augmentation significative du risque de dommages irréparables, invalidant toute tentative de défense. En conséquence, la détection rapide des menaces en temps réel est obligatoire pour l'administration de la sécurité. De plus, la fonction de virtualisation de la fonction réseau (NFV) offre de nouvelles opportunités pour des solutions de sécurité efficaces et à faible coût. Nous proposons un système de détection de menaces rapide et efficace basé sur des algorithmes de traitement de flux et d'apprentissage automatique. Les principales contributions de ce travail sont : i) un nouveau système de détection des menaces de surveillance basé sur le traitement en continu, ii) deux ensembles de données, d'abord un ensemble de données de sécurité synthétiques contenant à la fois du trafic légitime et malveillant, et le deuxième, une semaine de trafic réel d'un opérateur de télécommunications à Rio de Janeiro, au Brésil, iii) un algorithme de pré-traitement de données, un algorithme de normalisation et un algorithme de sélection de caractéristiques rapides basé sur la corrélation entre des variables, iv) une fonction de réseau virtualisé dans une plate-forme Open Source pour fournir un service de détection des menaces en temps réel, v) placement quasi-optimal des capteurs grâce à une heuristique proposée pour positionner stratégiquement les capteurs dans l'infrastructure du réseau, avec un nombre minimal de capteurs, et enfin vi) un algorithme glouton qui alloue à la demande une séquence de fonctions de réseau virtuel. / The late detection of security threats causes a significant increase in the risk of irreparable damages, disabling any defense attempt. As a consequence, fast real-time threat detection is mandatory for security administration. In addition, Network Function Virtualization (NFV) provides new opportunities for efficient and low-cost security solutions. We propose a fast and efficient threat detection system based on stream processing and machine learning algorithms. The main contributions of this work are i) a novel monitoring threat detection system based on streaming processing, ii) two datasets, first a dataset of synthetic security data containing both legitimate and malicious traffic, and the second, a week of real traffic of a telecommunications operator in Rio de Janeiro, Brazil, iii) a data pre-processing algorithm, a normalizing algorithm and an algorithm for fast feature selection based on the correlation between variables, iv) a virtualized network function in an Open source Platform for providing a real-time threat detection service, v) near-optimal placement of sensors through a proposed heuristic for strategically positioning sensors in the network infrastructure, with a minimum number of sensors, and finally vi) a greedy algorithm that allocates on demand a sequence of virtual network functions. Cybersécurité Gros volumes de données Apprentissage automatique Données de sécurité Sécurité de réseau Fonction de réseau virtuel Machine learning Virtual network function Network security 005.8
350	Reputace zdrojů škodlivého provozu / Reputation of Malicious Traffic Sources Bartoš, Václav January 2019 (has links) An important part of maintaining network security is collecting and processing information about cyber threats, both from network operator's own detection tools and from third parties. A commonly used type of such information are lists of network entities (IP addresses, domains, URLs, etc.) which were identified as malicious. However, in many cases, the simple binary distinction between malicious and non-malicious entities is not sufficient. It is beneficial to keep other supplementary information for each entity, which describes its malicious activities, and also a summarizing score, which evaluates its reputation numerically. Such a score allows for quick comprehension of the level of threat the entity poses and allows to compare and sort entities. The goal of this work is to design a method for such summarization. The resulting score, called Future Maliciousness Probability (FMP score), is a value between 0 and 1, assigned to each suspicious network entity, expressing the probability that the entity will do some kind of malicious activity in a near future. Therefore, the scoring is based of prediction of future attacks. Advanced machine learning methods are used to perform the prediction. Their input is formed by previously received alerts about security events and other relevant data related to the entity. The method of computing the score is first described in a general way, usable for any kind of entity and input data. Then a more concrete version is presented for scoring IPv4 address by utilizing alerts from an alert sharing system and supplementary data from a reputation database. This variant is then evaluated on a real world dataset. In order to get enough amount and quality of data for this dataset, a part of the work is also dedicated to the area of security analysis of network data. A framework for analysis of flow data, NEMEA, and several new detection methods are designed and implemented. An open reputation database, NERD, is also implemented and described in this work. Data from these systems are then used to evaluate precision of the predictor as well as to evaluate selected use cases of the scoring method.

Search results