Global ETD Search

41	Biometriska säkerhetslösningars inverkan på IT-forensik inom polisen : En kvalitativ intervjustudie / Biometric security solution´s effects on IT-forensics within the swedish police authority : A qualitative interview study Lars, Bartha January 2018 (has links) Lösenord har länge varit den metod som föredragits av användare för att skydda användarkonton och känslig information. I strävan till att finna enklare, snabbare och säkrare autentiseringsmetoder har biometriska säkerhetslösningar snabbt vuxit i popularitet. Mobiltelefoner har traditionellt skyddats med hjälp av lösenord men har på senare tid även börjat inkludera någon form av biometrisk sensor för autentisering. Genom att utföra en kvalitativ intervjustudie med IT-forensiker som arbetar på Polismyndigheten inom olika distrikt i Västra Götalands län undersökte denna studie forskningsfrågan: hur har biometriska säkerhetslösningar i jämförelse med lösenord påverkat IT-forensikerns arbete på Polismyndigheten? Studien visar att biometrisk utrustning inte ger extra säkerhet i jämförelse med lösenord, eftersom en bakomliggande säkerhetskod alltid finns till hands ifall den biometriska sensorn slutar fungera. Därmed dras biometriska enheter med samma sorts svagheter som alltid funnits med lösenord. Nyckelord: biometri, lösenord, säkerhet, etik, juridik, IT-forensik. / Passwords have long been the users’ preferred method of choice to protect user accounts and sensitive data. In a strive to find simpler, quicker and more secure forms of authentication methods, biometric security solutions have seen an increased in popularity. Most mobile phones now include a type of biometrical sensors as an option for authentication. By conducting a qualitative interview study with IT-forensics employed by the police force in different districts in Västra Götaland county, this study aims to investigate the research question: How have biometric security solutions in comparison to passwords influenced the working methods of IT-forensics at the Swedish Police Authority? The study shows that biometric security solutions give no added benefit to security in comparison to passwords, because there is always an underlying security code that is ready to be used in case the biometric authentication fails to work. Therefore, biometric devices suffer from the same kinds of weaknesses that have always plagued passwords. Keywords: biometrics, passwords, security, ethics, law, IT-forensics. biometrics passwords security ethics law IT-forensics biometri lösenord säkerhet etik juridik IT-forensik Computer Systems Datorsystem Computer Sciences Datavetenskap (datalogi)
42	O Teorema chinês dos restos e a partilha de senhas PRAZERES, Sidmar Bezerra dos 16 June 2014 (has links) Submitted by (lucia.rodrigues@ufrpe.br) on 2017-03-29T14:30:56Z No. of bitstreams: 1 Sidmar Bezerra dos Prazeres.pdf: 511759 bytes, checksum: cf327985c0961f16751448a107717241 (MD5) / Made available in DSpace on 2017-03-29T14:30:56Z (GMT). No. of bitstreams: 1 Sidmar Bezerra dos Prazeres.pdf: 511759 bytes, checksum: cf327985c0961f16751448a107717241 (MD5) Previous issue date: 2014-06-16 / This paper aims to show the reader the importance of some topics of Number Theory. Work here, and prerequisites (Euclid Algorithms, Divisibility, Maxim Common Divisor), content with Linear Diophantine equations, congruences, and the main theme, which is the mighty Chinese Remainder Theorem of presenting their theories, importance, applicability on the day and its usefulness in the Theory of Numbers. The main applicability of Chinese Remainder Theorem of this work is Sharing Passwords. Sharing of passwords is a security mechanism, where a certain amount of people take possession of a key to access the secret without the possibility of obtaining the secret with his own key. / Este trabalho tem como objetivo mostrar ao leitor a importância de alguns t ópicos da Teoria dos N úmeros. Trabalharemos aqui, al ém de pré-requisitos (Algoritmo de Euclides, Divisibilidade, M áximo Divisor Comum), conte údos como Equa ções Diofantinas Lineares, Congruências e o principal tema, que e o poderoso Teorema Chinês dos Restos, apresentando suas teorias, importâncias, aplicabilidade no dia a dia e sua a utilidade na Teoria dos N úmeros. A principal aplicabilidade do Teorema Chinês apresentada neste trabalho e a Partilha de Senhas. Esta partilha de senhas é um mecanismo de seguran ça, onde uma certa quantidade de pessoas tomam posse de uma chave de acesso sem a possibilidade de obter a senha principal com a sua pr ópria chave. Teorema chinês dos restos Algoritmo de Euclides Equações Diofantinas Partilha de senhas Euclidean algorithm Chinese remainder theorem Diophantine equations Sharing passwords CIENCIAS EXATAS E DA TERRA::MATEMATICA
43	Bezpečnost a ochrana dat a informací v bankovnictví pro manažery / Security and Protection of Data and Information in Banking Business for Managers Melichar, Jan January 2009 (has links) This dissertation describes information as an economic object and focuses on information security with reference to all technical and social aspects and documents the necessity to consider both those areas simultaneously. The dissertation determines information security standards and describes some tools being used for effective data protection and information systems protection. One part of this dissertation is a model design for effective controlling of data and process protection, which can be used by bank managers on process control design especially in transaction processing area. This model is divided into several logical and consequential blocks and provides help to operating managers to design or redesign new or existing processes accordingly. The dissertation clearly highlights related insufficiencies especially those related to data access protection and passwords and one related survey has been performed to prove that
44	Ukládání důvěrných informací pro Windows Mobile / Confidential Information Storage for Windows Mobile System Štorek, Vojtěch January 2010 (has links) Confidential information such as passwords, cryptographic keys, certificates, etc. are used every day on various places. Mobile phone can be a good storage for such informations, but is necessary to ensure data security. Main goal of this project is to create a program for Windows Mobile phones which will keep all the informations in one place protected by password. Designed program lets user to store passwords, cryptographic keys, various files, important contacts, credit card numbers, etc. Some of the stored informations can be downloaded from remote server via FTP protocol or from smart card. It is also possible that two clients will synchronize their informations via Network and other usefull functions.
45	Secure web applications against off-line password guessing attack : a two way password protocol with challenge response using arbitrary images Lu, Zebin 14 August 2013 (has links) Indiana University-Purdue University Indianapolis (IUPUI) / The web applications are now being used in many security oriented areas, including online shopping, e-commerce, which require the users to transmit sensitive information on the Internet. Therefore, to successfully authenticate each party of web applications is very important. A popular deployed technique for web authentication is the Hypertext Transfer Protocol Secure (HTTPS) protocol. However the protocol does not protect the careless users who connect to fraudulent websites from being trapped into tricks. For example, in a phishing attack, a web user who connects to an attacker may provide password to the attacker, who can use it afterwards to log in the target website and get the victim’s credentials. To prevent phishing attacks, the Two-Way Password Protocol (TPP) and Dynamic Two-Way Password Protocol (DTPP) are developed. However there still exist potential security threats in those protocols. For example, an attacker who makes a fake website may obtain the hash of users’ passwords, and use that information to arrange offline password guessing attacks. Based on TPP, we incorporated challenge responses with arbitrary images to prevent the off-line password guessing attacks in our new protocol, TPP with Challenge response using Arbitrary image (TPPCA). Besides TPPCA, we developed another scheme called Rain to solve the same problem by dividing shared secrets into several rounds of negotiations. We discussed various aspects of our protocols, the implementation and experimental results. Web Security Web sites -- Security measures World Wide Web -- Security measures Computer network protocols -- Standards Computer hackers Computers -- Access control -- Passwords Internet -- Security measures Phishing -- Security measures
46	Two-Factor Authentication : Selecting and implementing a two-factor authentication method for a digital assessment platform Tellini, Niklas, Vargas, Fredrik January 2017 (has links) Two-Factor Authentication (2FA) is a two-step verification process that aims to provide an additional layer of security by requiring the user to authenticate himself/herself using a secondary means (ownership factor or inheritance factor). Without the use of 2FA, an attacker could gain access to a person’s devices or accounts solely by knowing the victim’s password, while with 2FA knowing only this password is insufficient to pass the authentication check. In this project, we analyze different methods in which 2FA could be implemented by a Digital Assessment Platform. These platforms allow test assessments to be built directly into digital content; therefore, an important requirement of these systems is secure authentication. Moreover, it is important to securely protect teachers’ account in order to avoid unauthorized people gaining access to those accounts. We investigate how 2FA could be used to add an extra layer of security to teachers’ accounts, focusing on cost, user experience, ease of use, and deployment of the solution. We arrived at the conclusion that 2FA through an ownership factor is a suitable method and we implemented a solution based upon One-Time Passwords. This thesis project will hopefully benefit Digital Assessment Platforms who wish to implement 2FA by providing broader knowledge regarding this subject. The project should also benefit society by increasing the general knowledge of 2FA, hence leading to more secure services. / Tvåfaktorsautentisering (2FA) är en tvåstegs verifieringsprocess som syftar att ge en extra nivå av säkerhet, i och med att den kräver användaren att autentisera sig själv genom en sekundär faktor (något man äger eller har ärvt). Utan användning av 2FA, kan en förövare få åtkomst till en persons mobila enhet eller konto endast genom att kunna offrets lösenord. Att enbart kunna lösenordet är inte tillräckligt för att en autentiseringsprocess ska vara godkänd om 2FA är implementerad. I det här projektet analyseras olika 2FA som skulle kunna implementeras av en digital utvärderingsplattform. Sådana plattformar förvandlar tester och prov till digitalt innehåll och kräver därför en säker autentisering. Dessutom är det viktigt att säkra lärarnas konton för att undvika att icke auktoriserade personer loggar in på deras konton. Vi undersöker hur 2FA kan användas för att lägga till en extra nivå av säkerhet på lärarnas konton, med fokus på kostnad, användarupplevelse, lättanvändlighet och utplacering av lösningen. Vi kom fram till att 2FA via en faktor man äger är en passande metod och vi implementerade sedan en lösning grundad på engångslösenord. Detta projekt kan förhoppningsvis vara till förmån för digitala utvärderingsplattformar som vill implementera 2FA, genom att ge en bredare kunskap inom detta område. Projektet skulle kunna gynna allmänheten genom att bidra till ökad generell kunskap om 2FA, och därav leda till säkrare tjänster. Two-Factor Authentication Security One-Time Passwords Access control Digital Assessment Platform Två-stegs autentisering Säkerhet Engångslösenord Åtkomst kontroll Digital bedömningsplattform Communication Systems Kommunikationssystem
47	Authentication challenges for people with neurodevelopmental disorders Chrzan, Patryk January 2023 (has links) We live in a world where we increasingly depend on information technology, as much of our work and education occurs online, often from home. An average user has an increasing amount of accounts for all kinds of online services, making authentication more and more important. As people authenticate several times a day, it is important that everyone is able to use online services and authenticate themselves, including minorities such as individuals with neurodevelopmental disorders. This thesis explores the challenges people with neurodevelopmental disorders have with authentication as well as authentication methods that can help them. This was achieved by doing a systematic literature review on collected bibliography with the help of thematic analysis. 18 studies were analyzed and helped us answer the research questions and give us an overview of the research field. The analysis showed that text-based authentication was a big issue for individuals with neurodevelopmental disorders, where passwords were often highlighted as the culprit. Alternative authentication methods were identified but showed us that there was no easy fix to the issue at hand, and that more had to be done to make authentication more accessible. / Vi lever i en värld där vi är alltmer beroende av informationsteknologi, eftersom mycket av vårt arbete och utbildning nu istället sker online, ofta även hemifrån. En genomsnittlig användare har ett ökande antal konton för alla sorters onlinetjänster, vilket gör autentisering allt viktigare. Då människor autentiserar flera gånger om dagen är det viktigt att alla kan använda onlinetjänster och auntentisera sig, inklusive minoriteter som individer med neuropsykiatriska funktionsnedsättningar. Detta examensarbete utforskar de utmaningar som personer medneuropsykiatriska funktionsnedsättningar har med autentisering samt autentiseringsmetoder som kan hjälpa dem. Detta uppnåddes genom att göra en systematisk litteraturöversikt med insamlad bibliografi med hjälp av tematisk analys. 18 studier analyserades och hjälpte oss att svara på forskningsfrågorna samt ge oss en överblick över forskningsfältet. Analysen visade att textbaserad autentisering var ett stort problem för individer med neuropsykiatriska funktionsnedsättningar, där lösenord ofta lyfts fram som boven. Alternativa autentiseringsmetoder som identifierades visade oss att det inte fanns någon enkel lösning på problemet och att mer behöver göras för att göra autentisering tillgänglig för alla. Authentication passwords neurodevelopmental disorders cybersecurity disabilities Autentisering lösenord datasäkerhet funktionshinder Information Systems, Social aspects
48	Har vi verkligen ett säkert beteende på internet? : En kvalitativ studie om hur användare hanterar lösenord på internet och varför de gör som de gör. / Is our behavior on Internet secure? : A qualitative study on how users manage their online password and why they do as they do Ahlqvist, Klas, Norell, Per-Ivar January 2022 (has links) Introduktion: För att kunna använda möjligheterna som internet erbjuder krävs i många fall ett användarkonto som identifierar och autentiserar användaren. En förutsättning för att det ska vara säkert är att ingen annan har tillgång till användarens kontouppgifter, vilket ställer krav på att användaren har komplexa och unika lösenord. Syfte: I denna studie har vi undersökt vilken kunskap användare har kring säkra lösenord, hur de agerar samt undersökt varför de agerar som de gör. Metod: Studien är genomförd som en kvalitativ intervjustudie med 12 respondenter i varierande ålder och bakgrund. Resultat: Våra resultat visar att användarens kunskaper ofta bygger på äldre, ej längre aktuella, rekommendationer. De har även bristande kunskaper om vad en lösenordsgenerator eller lösenordshanterare är och hur de fungerar. Kunskapsbristerna, kombinerat med önskan om att det ska gå snabbt, medför att användarna ej genomför korrekta hot- och konsekvensbedömningar av riskerna på internet. Diskussion/Slutsats: Kunskaperna hos användarna behöver höjas för att minska riskerna de utsätter sig för. Teknikutvecklingen går fort och ökad kunskap och medvetenhet krävs för ett säkert agerande på internet. / Introduction: An account, that identify and authorize the user, is nowadays almost a condition for the user’s ability to use the many services Internet provides. If the account shall remain safe, only the user should have access to the user account. The user needs to create unique and complex passwords. Aim: In this study we have examined the end-user’s knowledge regarding safe passwords, how they act. We have also examined why they act as they do. Method: This qualitative study was made through interviews with 12 respondents of varying age. Results: Our findings show that the user’s knowledge often is based on older recommendations. They also lack knowledge about what a password generator, or a password manger, is and how they work. The lack of knowledge combined with a high wish of swift Internet usage leads to inadequate threat and impact assessments of Internet risks. Conclusion: The end-user’s knowledge, regarding security online needs to be improved, to reduce their risk exposure. The development of technology is moving fast so a raised awareness is mandatory for a safe Internet behavior. Internet security Passwords Security awareness. Security behavior User accounts Användarkonton Internetsäkerhet Lösenord Säkerhetsbeteende Säkerhetsmedvetande Computer Sciences Datavetenskap (datalogi) Computer and Information Sciences Data- och informationsvetenskap
49	User Efficient Authentication Protocols with Provable Security Based on Standard Reduction and Model Checking Lin, Yi-Hui 12 September 2012 (has links) Authentication protocols are used for two parties to authenticate each other and build a secure channel over wired or wireless public channels. However, the present standards of authentication protocols are either insufficiently secure or inefficient for light weight devices. Therefore, we propose two authentication protocols for improving the security and user efficiency in wired and wireless environments, respectively. Traditionally, TLS/SSL is the standard of authentication and key exchange protocols in wired Internet. It is known that the security of TLS/SSL is not enough due to all sorts of client side attacks. To amend the client side security, multi-factor authentication is an effective solution. However, this solution brings about the issue of biometric privacy which raises public concern of revealing biometric data to an authentication server. Therefore, we propose a truly three factor authentication protocol, where the authentication server can verify their biometric data without the knowledge of users¡¦ templates and samples. In the major wireless technologies, extensible Authentication Protocol (EAP) is an authentication framework widely used in IEEE 802.11 WLANs. Authentication mechanisms built on EAP are called EAP methods. The requirements for EAP methods in WLANs authentication have been defined in RFC 4017. To achieve user efficiency and robust security, lightweight computation and forward secrecy, excluded in RFC 4017, are desired in WLAN authentication. However, all EAP methods and authentication protocols designed for WLANs so far do not satisfy all of the above properties. We will present a complete EAP method that utilizes stored secrets and passwords to verify users so that it can (1) meet the requirements of RFC 4017, (2) provide lightweight computation, and (3) allow for forward secrecy. In order to prove our proposed protocols completely, we apply two different models to examine their security properties: Bellare¡¦s model, a standard reduction based on computational model, that reduces the security properties to the computationally hard problems and the OFMC/AVISPA tool, a model checking approach based on formal model, that uses the concept of the search tree to systematically find the weaknesses of a protocol. Through adopting Bellare¡¦s model and OFMC/AVISPA tool, the security of our work is firmly established. Wireless Local Area Networks (WLANs) Wired and Wireless Security Model Checking Standard Reduction Formal Security Proofs Lightweight Devices Authentication Passwords Smart Cards Forward Secrecy Extensible Authentication Protocol (EAP) Biometric Privacy
50	A shoulder-surfing resistant graphical password system Alesand, Elias, Sterneling, Hanna January 2017 (has links) The focus of this report is to discuss graphical password systems and how they can contribute to handle security problems that threaten authentication processes. One such threat is shoulder-surfing attacks, which are also reviewed in this report. Three already existing systems that are claimed to be shoulder-surfing resilient are described and a new proposed system is presented and evaluated through a user study. Moreover, the system is compared to the mentioned existing systems to further evaluate the usability, memorability and the time it takes to authenticate. The user study shows that test subjects are able to remember their chosen password one week after having registered and signed in once. It is also shown that the average time to sign in to the system after five minutes of practice is within a range of 3.30 to 5.70 seconds. The participants in the experiments gave the system an average score above 68 on the System Usability Scale, which is the score of an average system. shoulder-surfing resistant graphical password system guessing attacks graphical passwords recognition-based recall-based pure recall-based password security password space pictorial superiority effect brute-force attack dictionary attack hot-spots memorability graphical components authentication Computer Sciences Datavetenskap (datalogi)

Search results