Key establishment for wireless sensor networks using third parties

Almowuena, Saleh

18 October 2011

Wireless sensor networks are employed in a wide range of applications including disaster relief operations, forest-fire detection, battlefield surveillance, pollution measurement, and healthcare applications. Because of the characteristics of these applications, a wireless sensor network is more vulnerable to security threats than traditional networks. In order to protect the sensor network from outside attacks, it is necessary to implement a cryptographic mechanism that can achieve three major security objectives: confidentiality, integrity and authentication. Even though the topic of cryptography has been well studied for traditional networks, many conventional cryptographic approaches cannot easily be applied to sensor networks. To illustrate, public key-based schemes and even some symmetric key methods are complex with regards to computations, memory, communication, and packet size requirements. On the other hand, sensor networks suffer from severe constraints on their available resources as a result of the necessity to increase the lifetime of the complete network, minimize the physical size of the sensor nodes, and reduce the cost of sensor nodes. Consequently, it is important to propose cryptographic solutions designed specifically for wireless sensor networks. A fundamental element in an effective cryptographic system is how sensor nodes are equipped with the cryptographic keys needed to create secure radio connections with their local neighbours. This thesis contributes to the challenging field of key establishment by introducing three key agreement schemes whose memory, processing, and communication requirements are low. These methods utilize the concept of third parties, and sometimes also deployment knowledge, to reduce the cryptographic burden of public-key based schemes and the key management overhead of symmetric key approaches. The proposed methods employ just a few simple hash operations in the sensor nodes. Furthermore, additional nodes called third parties are deployed to assist sensor nodes in the key establishment phase. Our key agreement schemes have many advantages over existing approaches. For instance, a sensor node in these schemes needs to make just a few local contacts to establish a secure radio connection with its neighbours with very high probability. In addition, the majority of sensor nodes must store only a small number of secret keys in their memory. These methods also employ an authentication mechanism to prevent impersonation attacks. / Graduate

security threats

cryptography

cryptographic

The Discursive Construction of National Security Threats from 2001-2018

Stieper, Erica Marie

29 June 2018

This thesis seeks to explain the discursive construction of national security threats facing the United States from 2001-2018. The driving argument is that the nation's perception of threats and conceptualization of itself are vulnerable to Presidential rhetoric. Presidents convey threats through rhetorical frameworks, a simplified means to present a manipulated perception of reality to a wider audience, which intentionally provoke reactions from the nation to garner consensus towards executive decision-making. Presidents apply frames from prior administrations as well as new frames to define adverse states, organizations, groups of people, etc., and to justify disciplinary practices, military action, or policy implementation against threats. Primarily, they portray threats as the binary opposite of the American national identity to reinforce the country's legitimacy in national security decision-making. This discourse influences how the public internalizes major issues facing the nation and triggers emotions that can either unite or divide the national identity. This research maps variation among the rhetorical frameworks and strategies of President George W. Bush, President Barack Obama, and President Donald J. Trump to evaluate: how national security threats are constructed, how the nation interprets threats, and the resulting social and political effects. / Master of Arts

Presidential Rhetoric

National Security Threats

The Complexity of Security Threats in Urban Areas: The Case of Johannesburg. / The Complexity of Security Threats in Urban Areas: The Case of Johannesburg.

Sanjoh, Charles

January 2017

Cities today have become a playground for man-made security threats. From terrorism, drug abuse, and different forms of physical violence that impedes the smooth functioning of the activities of those living within the city spaces. Considering the present day violence and insecurity in our cities, it is vital not only to embark on preventive measures, but also to learn how to cope with and adapt to them. Since it would be an illusion to think of eliminating violence, resilience becomes an important aspect, a gateway to move on with our daily activities without fear and with greater hope for a better future. It is in this respect that I decided in this thesis to talk about resilience within our municipalities with a special focus on the city of Johannesburg in South Africa.

The PHP programmer`s guide to secure code

Clarinsson, Richard, Magnusson, Samuel

January 2005

<p>Abstract</p><p>Security threats against computer systems are a big problem today which also includes PHP made applications. The report is focused on protection with the help of code and not how you protect a web server. Its purpose is not to educate the readers of the thesis how to make a PHP application, the purpose is how to program a safer PHP application. The thesis contains information about common security threats against PHP scripts. It contains in most cases examples of what an attack can look like and how a protection for that example can be achieved. We have tested all code examples if they work by installing our own server with the configurations according to the delimitations of the thesis and putting up small PHP applications, which we have attacked and then protected. The contents and result of this thesis can benefit developers that use PHP as a programming language for creating web applications, by giving them information about common threats and protection.</p>

Keywords: security

PHP

security threats

programming

code

protectio

Informatics

Informatik

A Prudent Access Control Behavioral Intention Model for the Healthcare Domain

Mussa, Constance Cecilia

01 January 2011

In recent years, many health care organizations have begun to take advantage of computerized information systems to facilitate more effective and efficient management and processing of information. However, commensurate with the vastly innovative enhancements that computer technology has contributed to traditional paper-based health care information systems, are security vulnerabilities that have potentially devastating effects on these systems. To ensure the confidentiality, integrity, and availability of information and to ensure compliance with the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA), health care organizations have implemented a number of security controls. Although the objectives of these controls are understood and acknowledged by users of computerized patient care information management systems, the controls are sometimes circumvented or ignored. The purpose of this study was the development of an instrument that measures key determinants of healthcare professionals' prudent access control behavior. The study examined healthcare professionals' prudent access control behavior using a model that integrates the Theory of Planned Behavior (TPB) and the Health Belief Model (HBM). Two additional variables - information security awareness and perceived information security responsibility were incorporated into the model. Rather than focusing on a single behavior or a few specific behaviors, a category of behaviors was proposed. Results of the study indicate that the HBM and TPB constructs as well as the two additional constructs included in the model are indeed key determinants of healthcare professionals' intention to engage in prudent access control behavior that mitigate security threats. Additionally, results of the study provide support for the partial mediating effects of perceived benefits and perceived responsibility for information security on attitude, information security awareness, subjective norm, perceived behavioral control, and perceived severity. The study contributes to the IS knowledge domain by providing theoretically grounded explanations for a subset of prudent information security behaviors of healthcare professionals.

access control

confidentiality

health belief model

information security

security threats

theory of planned behavior

Computer Sciences

Web authenticity

Sedaghat, Soroush, University of Western Sydney, School of Computing and Information Technology

January 2002

Advancements in web technology such as the integration of operating platforms, the application of mobile applets and connectivity with databases into an encompassing web environment has promoted the development of complex web-based systems for enterprise computing. In this integration the inherent security flaws and associated problems of these technological advancements are also brought together under this web environment. These flaws, when exploited, could lead to system compromises of various kinds including stealing of security sensitive information, system take-over fabrication of fake electronic documents and illegal alteration to web sites contents. Therefore, the successful, prompt and appropriate responses of these complex web-based systems to security threats and breaches, such as in the cases of document tampering and misrepresentation from illegal users, are imperative in promoting the user's willingness and confidence when interacting with these systems. Accordingly, this has become one of the major concerns in development, management and operation of web-based systems. This thesis also studies the authentication of dynamic web contents through the application of a one-time digital signature. To this effect, relevant concepts and possible approaches have been discussed. Authentication and verification of dynamic contents, efficiently in the web environment, is suggested as a separate research area and as a direction for future work. / Master of Science (Honours) Computing

web technology

platform

mobile

security threats

breaches

connectivity

sensitive information

fabrication

illegal

Smarttelefonen - en säkerhetsrisk i samhället

Engberg, Emelie, Landerup, Marina

January 1900

Den tekniska utvecklingen i samhället går fortare och fortare framåt. Idag är det inte ovanligt att mobiltelefonerna används för att göra bankärenden, hantera e-post och vara aktiv på sociala medier. Tekniker och lösningar som utvecklas ska vara kostnadseffektiva och användarvänliga, men är detta på bekostnad av informationssäkerheten? Frågeställningar som har besvarat handlar om vilka sårbarheter i tekniken som angripare kan utnyttja för att ta sig in i en telefon, hur det upptäcks och vilka proaktiva åtgärder som kan implementeras. Dessutom har det undersökts hur personer använder sina smarta telefoner och hur pass insatta personer är inom telefonernas säkerhet. På vilka sätt en mobiltelefon kan innebära en säkerhetsrisk i samhället har undersökts genom att en fallstudie utförts. Studien är kvantitativ då bland annat en enkät har skickats ut på ett socialt medie för att undersöka allmänhetens medvetenhet och kunskap gällande mobiltelefoners informationssäkerhet. I studien har hela 210 respondenter deltagit, av dessa är det exempelvis endast 17 % som tycker det är självklart att använda antivirusprogram på mobiltelefonen. Dessutom är det enbart 27 % som prioriterar säkerheten före pris, utseende och popularitet, när de ska ladda ner en app. Genom att räkna ut korrelationer mellan respondenternas svar så kunde flertalet samband fastställas, exempelvis påvisas det att personer som anser sig ha bra koll på informationssäkerhet inte använder anti-virus på sin smarttelefon. Allmänhetens insikt och beteende gällande informationssäkerhet är i många avseenden direkt avgörande när det kommer till tekniska lösningars säkerhet. Om en anslutning har säkerhetsbrister är det extra viktigt att enheter används på ett korrekt och skyddande sätt, så att inte informationsläckage uppstår. Resultatet av studien kan användas som underlag för vidare forskning inom arbetet med mobiltelefoners informationssäkerhet. Fallstudien har gjorts på uppdrag av två utvecklingsingenjörer, vilka har utvecklat Portiér, ett portlås som ska låsas upp med hjälp av användarens mobiltelefon. Informationssäkerheten i portlåset har undersökts på det sättet att riskidentifiering och konsekvensbedömning har sammansats till en riskanalys. Genom fallstudien kunde frågan kring huruvida smarttelefonen utgör en säkerhetsrisk i samhället eller inte besvaras. / The technical development of society goes faster and faster. Today it is not rare that we use mobile phones to make banking transactions, manage email and be active on social media. Technologies and solutions that are developed should be cost-effective and user-friendly, but is it at the expense of information security? It ́s important to consider how unauthorized persons can penetrate a mobile phone, how it ́s detected and what proactive measures can be implemented. Moreover, in this study it has been investigated how people use their smart phones and how familiar people are in the phones' security. In what ways a cell phone can cause a security issue in modern society has also been raised in a case study. This study performed a quantitative analysis where a questionnaire was sent via social media to examine public awareness regarding mobile phones information. In the study, 210 respondents participated, of these, for example, only 17% responded that it ́s obvious to use antivirus program on their mobile phone. Moreover, only 27% that prioritize safety before price, appearance and popularity, when considering downloading an app. By calculating correlations between respondents' answers, several pertience established. Among other things, demonstrated correlation between people who, although they claimed to have good eye of information security, they did not use anti-virus on your smart phone. Public awareness and behavior regarding information security is in many respects crucial when it comes to technical solutions, security. If a connection involves security flaws, it ́s especially important that the devices are used correctly and in protective manner, to avoid information leakage. The results of the study can be used as a basis for further research and work in the field of mobile phone information security. The case study has been conducted in collaboration with two development engineers, who have developed a modern door lock which can be unlocked using a mobile phone. The information security in the door lock has been investigated and analyzied in the way that risk identification and impact assessment has the same batch to a risk analysis. The question to be answered through the case study is the one regarding whether the smartphone constitute a security risk in the society or not.

Informationssecurity

malware

smartphone

bluetooth

security threats.

Informationssäkerhet

skadlig kod

smarttelefon

blåtand

säkerhetshot.

Consistent threat, political-economic institutions, and Northeast Asian developmentalism

Zhu, Tianbiao.

January 2000

Thesis (Ph. D.)--Cornell University, 2000. / Includes bibliographical references (leaves 296-328).

Resilience, security, and the railway station : a unique case study of the current and future resilience to security threats

Gregson-Green, Lucy E.

January 2018

Major railway stations in England and Wales are highly networked and open locations, frequently crowded, and are vulnerable to criminal and terrorist activities. Successive Government policies and agendas have sought to lessen this susceptibility, by promoting the understanding of and the application of resilience and security measures. Thus, the complex stakeholders are responsibilised (Garland, 1996) and urged to integrate and merge resilience, crime prevention and counter-terrorism measures into their governance, and operational policies and agendas. The aim of this research is to determine and examine the interdependencies and boundaries of the multiple stakeholders within St Pancras International Railway Station (SPIRS), and to analyse how their governance, operational and legislative requirements, and agendas influence current and future resilience of complex Category A railway stations to human malign security threats. Through a unique single case study of SPIRS, qualitative data was collected from thirty-two stakeholder participants, sampled for their expert opinion and experience. Data was also collected via documents and observations. SPIRS interconnected and complex stakeholders were represented using stakeholder analysis and mapping to create an original and innovative map highlighting those who can influence and impact the resilience of the space to human malign security threats. From the thematic analysis of the data, the overarching themes exposed the resilience within SPIRS operates in an uncertain legal space, competing with disparate institutional processes creating a gulf between reality and rhetoric of the responsibilisation of resilience and security strategies. The blurred boundaries of responsibility and understanding of the resilience and security agendas within SPIRS created tension between the national and local level stakeholders. The research adds an original and novel contribution to knowledge, as through contemporary empirical evidence it has established the political rhetoric of responsibilisation (Garland, 1996) for resilience and security policies are inconsistent and contradictory with the reality of how these transpire in an ambiguous operational and legal space such as SPIRS. Regardless of the mapped interdependencies between the multiple stakeholders and their interconnecting operational and legislative obligations, there is a definite absence of a clear and united approach to resilience, with concerns being dealt with by multiple stakeholders and policies. The research has revealed the complications and disparities the complex and multiple stakeholders face implementing policy and subsequently institutional changes in a cohesive manner. The findings of the research necessitate transformations in established organisational procedures, thus ensuring these interdependencies are dealt with now to make certain the effectual incorporation and integration of agendas and strategies are unified, and which maintain the resilience of Category A railway stations and SPIRS for future generations.

Europeiska Unionens vidgade säkerhetsbegrepp i relation till terrorism : En systematiserande undersökning om hur EU:s hotbild av terrorism har förändrats sedan terrorattacken på USA 2001. / The European Unions broaden security concept in relation to terrorism : A systematic study on how the Euroean Union view of terrorism has changed since the 2001 terrorist attack.

Wäppling, Louise

January 2018

Most of the European citizen can today live their lives in relative security. At the same time our communities are faced with more and greater security threats than ever. Terrorism has risen to become one of the greatest security threats to the European union and its citizens and one can therefore ask the question; has the European Union view of terrorism changed over time or has the interpretation of the threat been constant?                       The purpose of this essay is thus to analyse how the European Union describe and see the threat of terrorism before and after the attack on the United States 2001. The analytical instrument of the essay consist of Buzan et al. (1998) Securitization Theory that enables extraordinary measures to be used in the name of security. Furthermore, the essay is a systematic study and the material consist of documents from the European Union.

European Union

Security

Terrorism

Cooperation

Security Threats

Europeiska Unionen

terrorism

samarbete

säkerhet

säkerhetshot

Social Sciences

Samhällsvetenskap