Global ETD Search

31	A Systematic Framework For Analyzing the Security and Privacy of Cellular Networks Syed Rafiul Hussain (5929793) 16 January 2020 (has links) <div>Cellular networks are an indispensable part of a nation's critical infrastructure. They not only support functionality that are critical for our society as a whole (e.g., business, public-safety message dissemination) but also positively impact us at a more personal level by enabling applications that often improve our quality of life (e.g., navigation). Due to deployment constraints and backward compatibility issues, the various cellular protocol versions were not designed and deployed with a strong security and privacy focus. Because of their ubiquitous presence for connecting billions of users and use for critical applications, cellular networks are, however, lucrative attack targets of motivated and resourceful adversaries. </div><div><br></div><div></div><div>In this dissertation, we investigate the security and privacy of 4G LTE and 5G protocol designs and deployments. More precisely, we systematically identify design weaknesses and implementation oversights affecting the critical operations of the networks, and also design countermeasures to mitigate the identified vulnerabilities and attacks. Towards this goal, we developed a systematic model-based testing framework called LTEInspector. LTEInspector can be used to not only identify protocol design weaknesses but also deployment oversights. LTEInspector leverages the combined reasoning capabilities of a symbolic model checker and a cryptographic protocol verifier by combining them in a lazy fashion. We instantiated \system with three critical procedures (i.e., attach, detach, and paging) of 4G LTE. Our analysis uncovered 10 new exploitable vulnerabilities along with 9 prior attacks of 4G LTE all of which have been verified in a real testbed. Since identifying all classes of attacks with a unique framework like \system is nearly impossible, we show that it is possible to identify sophisticated security and privacy attacks by devising techniques specifically tailored for a particular protocol and by leveraging the findings of LTEInspector. As a case study, we analyzed the paging protocol of 4G LTE and the current version of 5G, and observed that by leveraging the findings from LTEInspector and other side-channel information and by using a probabilistic reasoning technique it is possible to mount sophisticated privacy attacks that can expose a victim device's coarse-grained location information and sensitive identifiers when the adversary is equipped only with the victim's phone number or other soft-identity (e.g., social networking profile). An analysis of LTEInspector's findings shows that the absence of broadcast authentication enables an adversary to mount a wide plethora of security and privacy attacks. We thus develop an attack-agnostic generic countermeasure that provides broadcast authentication without violating any common-sense deployment constraints. Finally, we design a practical countermeasure for mitigating the side-channel attacks in the paging procedure without breaking the backward compatibility.</div> Computer System Security Networking and Communications Cellular Networks security threats Privacy 4G LTE 5G NR Side Channel Attacks Defenses
32	Security threats to critical infrastructure: the human factor Ghafir, Ibrahim, Saleem, J., Hammoudeh, M., Faour, H., Prenosil, V., Jaf, S., Jabbar, S., Baker, T. 24 January 2020 (has links) Yes / In the twenty-first century, globalisation made corporate boundaries invisible and difficult to manage. This new macroeconomic transformation caused by globalisation introduced new challenges for critical infrastructure management. By replacing manual tasks with automated decision making and sophisticated technology, no doubt we feel much more secure than half a century ago. As the technological advancement takes root, so does the maturity of security threats. It is common that today’s critical infrastructures are operated by non-computer experts, e.g. nurses in health care, soldiers in military or firefighters in emergency services. In such challenging applications, protecting against insider attacks is often neither feasible nor economically possible, but these threats can be managed using suitable risk management strategies. Security technologies, e.g. firewalls, help protect data assets and computer systems against unauthorised entry. However, one area which is often largely ignored is the human factor of system security. Through social engineering techniques, malicious attackers are able to breach organisational security via people interactions. This paper presents a security awareness training framework, which can be used to train operators of critical infrastructure, on various social engineering security threats such as spear phishing, baiting, pretexting, among others. Critical infrastructure security Security awareness Cyber security training Work-based security training
33	Hur säkerhetsmedvetna är dagens pensionärer? : En kvalitativ studie om äldres säkerhetsmedvetande i en alltmer digitaliserad värld Le, Thanh Quang January 2024 (has links) Syftet med denna kvalitativa studie är att hitta förbättringspunkter i den äldre generationens onlinebeteende och säkerhetsmedvetande. Samt att kunna ge förslag och rekommendationer på säkerhetsåtgärder som kan bidra positivt till att motverka dagslägets vanligaste informationssäkerhetsrisker och hot. Metoden som användes för att uppnå detta var en kombination av litteratursökning och intervjustudie för datainsamling. Resultatet påvisade att respondenterna hade medvetenhet angående huvudsakligen olika sorters bedrägerier med inslag av social manipulation, såsom phishing, vishing, och smishing. Dock inte lika mycket medvetenhet angående mer tekniska säkerhetshot relaterade till exempelvis skadlig kod eller programvara. Det ansågs därmed existera förbättringspunkter gällande pensionärers säkerhetsmedvetande i form av behov av mer information och nyttjande av grundläggande säkerhetsåtgärder i högre grad, främst tekniska verktyg och åtgärder. / The purpose of this qualitative study is to find points of improvement in the older generation’s online behaviour and security awareness. Also to be able to give recommendations and suggestions on security measures that can contribute positively to the preventative work and counteraction against some of the most common information security risks and threats the elderly could face in today’s day and age as well. The method used to achieve this was a combination of a literature overview and an interview study for data collection. The results showed that the respondents had awareness regarding mainly different types of fraud including certain elements of social manipulation, such as phishing, vishing, and smishing. However, they showed less awareness regarding more technical security threats related to, for example, malicious code or software. It was therefore concluded that points of improvement exist regarding the pensioners’ security awareness. This is in the form of a need for more information and greater use of basic security measures, particularly technical tools and measures. Pensioners elderly security awareness security risks security threats security measures. Pensionärer säkerhetsmedvetande säkerhetsrisker säkerhetshot säkerhetsåtgärder. Computer and Information Sciences Data- och informationsvetenskap
34	From National Defence to International Operations? : A study on the transformation of Sweden's armed forces between 1989-2009 Kettil, Daniel January 2011 (has links) Since the cold war, most countries have moved on from the classical security perception that all threats are external and aiming to invade the sovereignty of the state, thus leading to military armies fighting each other. Instead as Globalization have become more predominant since the beginning of the 1990’s new threats have also emerged that militaries can’t fight as they used to, thus it has become necessary for a wider view on security which also involves human suffering, and the general trend among armies have been to combat these through international peacekeeping and humanitarian operations. This study aims at showing the change in which the Swedish army have undergone since the end of the cold war and into modern days, both in terms of political decisions and also show how the use of language have been changed throughout the course. The thesis covers a time period between 1989 to 2009 and following the process of change from the Swedish political institution that works with military issues, called the Försvarsutskottet or the FöU and the method applied is process tracing with a detailed narrative. Several important conceptions are also explained such as Globalization, Collective security and Human security, which will make the result chapter more understandable. The results showed that the biggest changes in Sweden’s military policy came in three steps, the beginning of the 1990’s was influenced with economic problems for Sweden which also lead to budget downsizings in the military. The mid-1990’s was the time where there existed no real external threat to Sweden, and hence it came to be dominated by several large reforms which also aimed at lowering the costs of the military and adapt it into becoming rapid response forces. After the 9/11 attacks in 2001 the new threats emerged and the Swedish military focused even more on improving their international and humanitarian operations. The thesis ends by discussing these finding and present some changes in the use of languages in-between the 20 years. Military Swedish Transformation 1989 2009 military policy process tracing National security International security Collective Security Human security Globalization Non-traditional security threats Försvarsutskottet FöU
35	Lutte aux botnets : les politiques de prévention s'avèrent-elles efficaces? Allaire, Marie-Renée 07 1900 (has links) No description available. Menaces informatiques cybercriminalité cybermenaces Politiques de prévention Botnets Security threats cyber crime cyber threats Prevention policies
36	Risk Management Strategies to Prevent and Mitigate Emerging Operational Security Threats Larrimore, Nancy Page 01 January 2018 (has links) Dependence on technology brings security compromises that have become a global threat that costs businesses millions of dollars. More than 7.6 million South Carolinians incurred effects from the 162 security breaches reported in 2011-2015. The purpose of this multiple case study was to explore the risk management strategies small business leaders use to prevent and mitigate operational security threats that produce financial losses. The population for this study consisted of 6 business leaders in South Carolina who have demonstrated successful experience in preventing and mitigating operational security threats. Transformational leadership theory provided the conceptual framework for exploring the overreaching research question. Data collection consisted of semistructured interviews with each participant and the collection of company documents that pertained to security procedures, audits, and reviews. Conducting semistructured interviews allowed participants to provide details of real-life experiences. Recorded interviews and transcriptions were analyzed through Moustakas's modified van Kaam method of analysis to identify emerging topics. The 4 themes that emerged were: (a) operational security training and awareness, (b) operational security culture and behavioral effects, (c) operational security policy and compliance, and (d) operational security challenges and risk management. By developing strategies and processes that reflect these themes, small business leaders can reduce financial losses to improve profitability and reduce unemployment, achieving social changes that can benefit society as a whole. Leadership management strategies risk management security behavior security culture security threats Business Databases and Information Systems
37	Wi-Fi network security : Gender differences in China Liuxinwei, Ma January 2015 (has links) With the development of Wi-Fi networks, Wi-Fi connection become a very important part of people‟s life, it seems that Wi-Fi networks are everywhere, especially in China. However, Wi-Fi networks not only bring convenience to users, but also bring some security threats. Nowadays, Wi-Fi security problems become increasingly acute. This thesis investigates the differences between male and female users regarding Wi-Fi network security. By distributing a questionnaire in China, specific questions have been asked about key factors within the area of Wi-Fi security. The questions focus on the usage situation, information security awareness and the knowledge level in Wi-Fi related fields. The found result is: Wi-Fi security issues are more prominent for female users than for male users. Wi-Fi Network Wi-Fi Security Threats Public Wi-Fi Home Wi-Fi Router Security Gender Different Computer and Information Sciences Data- och informationsvetenskap
38	Money laundering and countermeasures : a comparative security analysis of selected case studies with specific reference to South Africa Moodley, M.S. (Maiendra Sadanandan) 15 December 2008 (has links) This study focuses on examining the security implications of money laundering and countermeasures, with reference to South Africa. The purpose of this study was to establish the following: <ul> <li> What is the extent, and what are the security implications of money laundering in South Africa;</li> <li> whether the current money laundering countermeasures in South Africa were effectively implemented from 1994 up to the end of 2006;</li> <li> if South Africa could implement better money laundering controls when compared to the G7/8 countries; and</li> <li> what the factors were that influenced money laundering in South Africa, compared to the G7/8 countries</li> </ul> This study also examined the validity of the following assumptions: <ul> <li>That there are still shortcomings in the practical application of money laundering countermeasures in South Africa, despite these countermeasures being based on the legislative measures adopted by the G7/8 countries; and</li> <li> money laundering promotes crime and corruption in South Africa.</li> </ul> An analysis of the South African anti-money laundering legislation indicated that South Africa had legislatively adopted all of the Financial Action Task Force money laundering recommendations. It was found that despite the strong legislative framework to combat money laundering in South Africa, these efforts were undermined by a lack of capacity; poor coordination that led to a large volume of reports being filed without a corresponding track record of successful prosecutions; and the failure to adopt advances in information technology. This led to a lack of effectively and efficiently translating the anti-money laundering legislation into practice in South Africa. / Dissertation (M(Security Studies))--University of Pretoria, 2008. / Political Sciences / unrestricted Legislation Money laundering Narcotics smuggling Organised crime Predicate offences Security threats Transnational crime Terrorist financing Group 7/8 Corruption Financial intelligence centre UCTD
39	Internet of Things based Smart Homes : Security Risk Assessment and Recommendations Ali, Bako January 2016 (has links) The Internet of Things (IoT) is an emerging paradigm focusing on the inter-connection of things or devices to each other and to the users. Over time, the most of connections in IoT are shifting from ‘Human to Thing’ to ‘Thing to Thing’. This technology is anticipated to become an essential milestone in the development of smart homes to bring convenience and efficiency into our lives and our homes. But, by bringing this IoT technology into our homes there will be important implications for security in these technologies. Connecting every smart objects inside the home to the internet and to each other results in new security and privacy problems, e.g., confidentiality, authenticity, and integrity of data sensed and exchanged by objects. These technologies are very much vulnerable to different security attacks that make an IoT-based smart home unsecure to live in and therefore it is necessary to evaluate the security risks to judge the situation of the smart homes. For any technology to be successful and achieve widespread use, it needs to gain the trust of users by providing sufficient security and privacy assurance. As in all sectors, maintaining security will be a critical challenge to overcome. As homes are increasingly computerized and filled with devices, potential computer security attacks and their impact on residents need to be investigated. This report uses OCTAVE Allegro Methodology which focuses mainly on information assets and considers containers (technical, physical and people) and conducts a security risk assessment with the goal of highlighting various security flaws in IoT-based smart home, impacts and proposing countermeasures to the identified issues satisfying most of security requirements. Finally, it comes up with some recommendations to the users. The research findings documented into a thesis paper for secure IoT-based smart home systems and the resulted list and recommendations will be some useful contribution which can be used as a foundation for the specification of security requirements. For future work, the assessment will be extended to include more types of smart home applications rather than just typical one. / <p>Validerat; 20160620 (global_studentproject_submitter)</p> Social Behaviour Law Internet of Things Smart Homes Intelligent Homes Building Automation Smart Buildings Security Risk Assessment Security Recommendations Security Threats Security Countermeasures Samhälls- beteendevetenskap juridik
40	Bezpečnostní rizika v pasivních optických sítích / Security Risks in Passive Optical Networks Šimoník, Jan January 2018 (has links) This diploma thesis deals with the historical development of passive optical networks, according to the standards that was defined by International Telecommunication Union (APON, BPON, GPON, XG-PON and NG-PON). Further, the thesis describes the security of passive optical networks, but also a security threats which the deployment and use of passive optical technology carry. In the introductory chapters of this thesis the passive optical networks are described. The following is a description of the standards of passive optical networks in terms of their historical development. The next part is dedicated to the security of passive optical networks and possible security threats. In conclusion a description of the practical part of this thesis is given -- rack assembly, which will serve for future testing. The basic configuration of the optical line terminations that are fitted in the rack is also described. The last part of this diploma thesis is dedicated to the testing of selected security risks, which was described in the theoretical part of this thesis.

Search results