351 |
Efficient schemes for anonymous credential with reputation supportYu, Kin-ying., 余見英. January 2012 (has links)
Anonymous credential is an important tool to protect the identity of users in the Internet for various reasons (e.g. free open speech) even when a service provider (SP) requires user authentication. Yet, misbehaving users may use anonymity for malicious purposes and SP would have no way to refrain these users from creating further damages.
Revocable anonymous credential allows SP to revoke a particular anonymous user based on the observed behavior of a session the user conducted. However, such kind of all-or-nothing revocation does not work well with the “Web 2.0” applications because it does not give a user a second chance to remedy a misconduct, nor rewards for positive behaviors. Reputation support is vital for these platforms.
In this thesis, we propose two schemes with different strengths that solve this privacy and reputation dilemma. Our first scheme, PE(AR)2, aims to empower anonymous credential based authentication with revocation and rewarding support. The scheme is efficient, outperforms PEREA which was the most efficient solution to this problem, with an authentication time complexity O(1) as compared with other related works that has dependency on either the user side storage or the blacklist size. PEREA has a few drawbacks that make it vulnerable and not practical enough. Our scheme fixes PEREA's vulnerability together with efficiency improvement. Our benchmark on PE(AR)2 shows that an SP can handle over 160 requests/second when the credentials store 1000 single-use tickets, which outperforms PEREA with a 460 fold efficiency improvement.
Our second scheme, SAC, aims to provide a revocation and full reputation support over anonymous credential based authentication system. With a small efficiency trade-o_ as compared with PE(AR)2, the scheme now supports both positive and negative scores. The scoring mechanism is now much more flexible, that SP could modify the rated score of any active sessions, or declare that no more rating should be given to it and mark it as finalized. SAC provides a much more elastic user side credential storage, there is no practical limit on the number of authentication sessions associated with a credential. Unlike other schemes, SAC make use of a combined membership proof instead of multiple non-membership proofs to distinguish if a session is active, finalized, or blacklisted. This special consideration has contributed to the reduction of efficiency-flexibility trade-off from PE(AR)2, making the scheme stay practical in terms of authentication time. Our benchmark on SAC shows that an SP can handle over 2.9 requests/second when the credentials store 10000 active sessions, which outperforms BLACR-Express (a related work based on pairing cryptography with full reputation support) with a 131 fold efficiency improvement.
Then we analyze the potential difficulties for adopting the solutions to any existing web applications. We present a plugin based approach such that our solutions could run on a user web browser directly, and how a service provider could instruct the plugin to communicate using our protocol in HTML context.
We conclude our thesis stating the solutions are practical, efficient and easy to integrate in real world scenario, and discuss potential future works. / published_or_final_version / Computer Science / Doctoral / Doctor of Philosophy
|
352 |
Secure multi-party protocol using modern cryptographic technique and tamper resistant hardwareZhang, Ping, Echo., 张萍. January 2012 (has links)
Secure Multi-party Computation (SMC) is one significant research area in information security. In SMC, multiple parties jointly work on some function and no parties take the risk of revealing their private data. Since A.C. Yao first proposed this problem in 1982, there have been a lot of researchers working on different versions of SMC. In this thesis, we address three different researches in this setting, including the Privacy-Preserving Cooperative Scientific Computation, Privacy Preserving Data Mining (PPDM), and PPDM in cloud environment.
In Privacy-Preserving Cooperative Scientific Computation, we propose a solution to the Privacy Preserving Weighted Average Problem (PPWAP) under the hybrid security model, which guarantees the malicious parties will not get the correct final result if they behalf maliciously. Later, the extended version of our scheme is shown as a highly efficient and secure PPWAP solution under the malicious model, a stronger security model requiring more resource.
Privacy reserving data mining is one important branch of SMC, where all participants want to get the same and correct mining result from collaborated data mining without any threat of disclosing their private data. In another word, each party refuses to review its individual private database while carrying out collaborated data mining. We propose a PPDM solution of building up a decision tree from a hybrid distributed database, which is a quite common situation in real life but has not been solved before. Previous research works only focus on horizontally or vertically distributed database. With the great development of cloud computing, it provides a much more flexible and efficient platform for Internet service providers and users. However, the privacy issues of cloud service has become the bottleneck of its further development, and this problem also draw a lot of researchers' attention in recent decade. In this thesis, we propose the first solution to cloud-based PPDM. The cloud server carries out data mining on encrypted databases, and our solution can guarantee the privacy of each client. This scheme can protect client from malicious users. With aid of a hardware box, our design can also protect clients from untrusted cloud server. Another novel feature
of this solution is that it works even when the databases from different parties share overlapped parts. Furthermore, with the help of homomorphic encryption and black box, our scheme can carry out the calculation on the overlapped data. This kind of problem has never been resolved by previous works as far as we know. / published_or_final_version / Computer Science / Doctoral / Doctor of Philosophy
|
353 |
Information security deviant behavior: its typology, measures, and causesChu, Man-ying., 朱文英. January 2012 (has links)
Although information security is important to all organizations, little
behavioral research has been carried out in this area. Particularly lacking is research
on negative forms of behavior involved in information security. The aim of this thesis
is to fill this research gap by conducting three related studies on information security
deviant behavior (ISDB), which refers to the voluntary behavior of employees within
organizations that differs markedly from the information security norms of the
organizations and that is normally considered by other employees to be wrong.
Prior research work on this topic is insufficient, and the information security
deviance concept remains unclear. This thesis explores the topic by considering three
fundamental research questions: 1) What is ISDB? 2) How can ISDB be measured? 3)
Why do employees commit ISDB?
Study I addresses the first question—“What is ISDB?”—by identifying and
organizing ISDB using a typology. A four-step method, comprising content analysis,
multidimensional scaling, expert judgmental analysis, and empirical testing, is
proposed for the development of typologies, which can fulfill the criteria for being a
theory. The findings of this study suggest that ISDB can be organized into four ideal
types that are interrelated along two dimensions—severity and frequency. Four
constructs are identified from this typology. They are resource misuse (“high
frequency, high severity” deviance), security carelessness (“high frequency, low
severity” deviance), access control deviance (“low frequency, low severity” deviance),
and system protection deviance (“low frequency, high severity” deviance). Study I not
only develops an organized and theoretical framework for systematic research on
ISDB and constitutes a critical starting point for the development of measures of the
behavior, but also makes an important theoretical contribution by demonstrating the
development of a typology, which is a unique form of theory building for an
underdeveloped topic.
Study II focuses on the second research question—“How can ISDB be
measured?”—by developing valid and reliable scales to measure ISDB. My target is
to develop scales to measure commonly found types of ISDB using an empirical
method. Accordingly, the two “low frequency” types of deviance, access control and
system protection deviance, are omitted from consideration. A rigorous measurement
development process which includes three surveys and a number of tests is adopted. A
four-item scale of resource misuse and a three-item scale of security carelessness are
developed. The development of these two scales makes an important contribution to
future ISDB research by providing a means to measure two types of information
security deviance, thus facilitating the empirical study of ISDB.
Study III is aimed at answering the third research question—“Why do
employees commit ISDB?”—through construction of a causal model. Rather than
consider “intention” as existing behavioral research on information security
commonly does, Study III investigates actual behavior and employs resource misuse
(“high frequency, high severity” deviance) as the dependent variable. Data from a
Web-based survey are analyzed using the partial least squares approach. Considering
the dual-process approach in the theory of planned behavior, the findings suggest that
resource misuse may be both an intentional type of behavior and an unreasoned action.
Perceived behavioral control influences employees’ resource misuse actions via their
desires or intentions, whereas attitude toward resource misuse affects these actions via
employees’ desires alone. Subjective norm is found not to affect employees’ resource
misuse via either desires or intentions. In terms of the theoretical contributions, Study
III takes steps to consider information security deviance by incorporating the
dual-process approach and the theory of planned behavior. In terms of managerial
significance, the results of Study III can help managers to better understand why
employees commit resource misuse.
In conclusion, this thesis provides a number of significant insights into ISDB
and useful guidelines for further research on the topic. In addition, the findings of the
three studies can help managers to develop better company strategies and policies to
reduce internal security threats. / published_or_final_version / Business / Doctoral / Doctor of Philosophy
|
354 |
A security and safety rover made from off-the-shelf partsWang, James Ho 17 February 2015 (has links)
This report describes the security and safety rover capable of monitoring the the indoor areas of a home and alerting the homeowner of events, such as burglary, fire, or flood. Physical security has always been a concern for homeowners. Digital video security systems are becoming commonplace in modern homes. The majority of the cameras available in this consumer market are fixed-mount cameras with limited capability. The pan-tilt-zoom feature is much less common due to cost. However, with the recent availability of low-cost, powerful, micro-controller boards along with high definition cameras and a myriad of electronic sensors this nascent product comes to mind. This report describes an experimental effort to build a robot using ``off-the-shelf'' hardware and custom software. Specifically, it will answer the question: ``Is it possible to build such a rover with the requisite capability and, if so, at what cost?'' / text
|
355 |
Dispersability and vulnerability analysis certificate systemsJung, Eunjin 28 August 2008 (has links)
Not available / text
|
356 |
A theory for the design and analysis of firewallsLiu, Xiang-Yang Alexander 28 August 2008 (has links)
Not available / text
|
357 |
The strategic use of diaspora politics in Russia's national security policy : evidence from the Commonwealth of Independent States, 1991-2010Le Noan, Rachel January 2012 (has links)
This thesis examines Russia’s national security policies and objectives by strictly focusing on the role of Russia and the strategic use of diaspora politics in Moldova, Ukraine and Georgia. The research specifically emphasises the emergence of the Russian diaspora as an instrument of power and specifically assesses the strategic use of diaspora politics and the varied relationships existing between the Kremlin and the diaspora Diasporas do not only represent sociological or economic phenomena, these formations are also political and redefine the notions of sovereignty, power and national identity that permeate world politics. In the current geopolitical environment, sovereign states need to find new ways of enhancing their influence locally, regionally and internationally. Consequently, it is worth considering the impact of these socio-political formations as national security actors, and as worthy subjects of attention in the field of security studies. By focusing on Moscow’s view and the examples of Moldova, Ukraine and Georgia, the purpose of the thesis is threefold. Firstly, it will demonstrate the pertinence of diaspora politics as an element of the international security logic by proposing a framework that emphasises a realist interpretation of diaspora politics highlighting the use of diasporas as tools of power politics. Secondly, it will determine in what ways Moscow has shaped its diaspora as an instrument of power in the Commonwealth of Independent States exploiting both ‘hard’ and ‘soft’ power resources resulting in the establishment of ‘ethnic’ and ‘legal’ relationships with compatriots abroad. Thirdly, it will emphasise the continuities and changes of diaspora politics from Boris Yeltsin to Dmitri Medvedev. This thesis highlights the extent to which the Russian diaspora has either been ignored, treated as an asset or treated as a liability depending on the evolution of Russia's national strategic interests and circumstances between 1991 and 2010.
|
358 |
Identitying vulnerabilities and controls in complex composite security architecturesTaylor, Barry January 2014 (has links)
The ability to design and reason about architectures (here understood as organisations which are designed according to hierarchies of roles and those processes that link them) which co-exist and interact within complex environments is of increasing importance. With the introduction of more interconnected technology affecting the way in which stakeholders manage information and conduct their operations, the need for such a capability is clear. Current approaches either address this issue with a mathematical approach which presents an obstacle to most non-specialist analysts, or they choose not to incorporate the full spread of factors that fall within the scope of this thesis. This thesis aims to develop a capability that provides those decision-makers who have information security management responsibilities with the means to analyse isolated, as well as interacting, security and business architectures. It aims to provide this capability at a level of modelling abstraction that is accessible to such non-technical specialists. The first stage of the thesis builds on earlier work on hierarchical structures by Beautement and Pym (2010b). It is dedicated to the development of a suitable conceptual framework which is both general and flexible enough to embody the required properties of a system, as well as their method of implementation spread across hierarchies of rˆoles describing organisations. This concept is expanded to describe how such architectures may interact with one another, and notation which is helpful in discussing these operations carefully is also developed. The framework is then applied to three broad areas within information security, those of trust (which is interpreted as a specific property within a given domain), heuristics (which are broadly treated as actions that should be undertaken during certain conditions), and access control. In each case the suitability of the framework is investigated, leading to refinements in the model which support the common goal of providing a novel view on these approaches to security analysis. This view is characterised by a unified consideration of the underlying architectures, to properties and policies applied across organisations. A key driver in conducting this analysis is to enable the description of how properties, fundamental to the legitimacy of systems, may firstly be established and then by how they may be compromised—providing a view on system vulnerabilities in that controls may fail or be circumvented. Following this, the framework is also intended as a tool to address such vulnerabilities, and to provide a means by which to scope measures designed to mitigate them.
|
359 |
SECURITY OF COMMUNICATION IN COMPUTER NETWORKS (KEY MANAGEMENT, VERIFICATION).LU, WEN-PAI. January 1986 (has links)
This dissertation concerns investigations on two of the most important problems in establishing communication security in computer networks: (1) developing a model which precisely describes the mechanism that enforces the security policy and requirements for a secure network, and (2) designing a key management scheme for establishing a secure session for end-to-end encryption between a pair of communicants. The security mechanism attempts to ensure secure flow of information between entities assigned to different security classes in different computer systems attached to a computer communication network. The mechanism also controls the accesses to the network devices by the subjects (users and processes executed on behalf of the users). The communication security problem is formulated by using a mathematical model which precisely describes the security requirements for the network. The model integrates the notions of access control and information flow control to provide a Trusted Network Base (TNB) for the network. The demonstration of security of the network when the security mechanism is designed following the present model is given by using mathematical induction techniques. The problem of designing key management schemes for establishing end-to-end encrypted sessions between source-destination pairs when the source and the destination are on different networks interconnected via Gateways and intermediate networks is examined. In such an internet environment, the key management problem attains a high degree of complexity due to the differences in the key distribution mechanisms used in the constituent networks and the infeasibility of effecting extensive hardware and software changes to the existing networks. A hierarchical approach for key management is presented which utilizes the existing network specific protocols at the lower levels and protocols between Authentication Servers and/or Control Centers of different networks at the higher levels. Details of this approach are discussed for specific illustrative scenarios to demonstrate the implementational simplicity. A formal verification of the security of the resulting system is also conducted by an axiomatic procedure utilizing certain combinatory logic principles. This approach is general and can be used for verifying the security of any existing key management scheme.
|
360 |
Community partnerships- enhancing municipal food security policyMalan, LP, van Rooyen, EJ January 2010 (has links)
Whilst many developing countries engage in sound policy processes on
macro level as far as economic and social development are concerned,
the day-to-day victual needs of impoverished communities also depend
on sound policies as well as appropriate arrangements, which take effect in the
municipal sphere. Such needs, as food security, is dependant on the establishment
of effective partnership agreements among all stakeholders, including local councils,
district councils as well as metropolitan councils; the actual entities that are responsible
to create the enabling environment in which food security could be enhanced.
In this article, issues relating to food security, partnership models, the
enabling environment, and community involvement in this partnership process,
are discussed briefly. Public administration practitioners should ensure they
contributively involve themselves in this debate. The article concludes by
emphasising the need for a proper and structured approach to be followed, of a
food security policy is due to be operationalised in practice.
|
Page generated in 0.0412 seconds