Nulägesanalys och verifiering av autentiseringsmetoder : En studie på ett konsultbolag i nätverksbranschen

Vilhelmsson, Philip, Tallberg, Christer

January 2010

<p>This report is written for a consultant networking company with the purpose to review the development ofthe company's remote connections from a user friendly and security perspective.This includes an investigation of the possibilities to consolidate existing authentication methods foraccessing customers. The problem lies in the amount of methods being used. Through case study wefound that smart cards, SMS-service, software and hardware tokens exist.The only method feasible from a security perspective is smart cards. Since the method is not commonlyused by the company's customers a standardization of it would be counterproductive.Also, the purpose of this report is to investigate how the ongoing internal development of the remoteconnection will affect the company's clients. Within this framework we have also verified a designsuggestion.We interpret, after the completion of the case study, that the internal development of the remoteconnection is marginally affected by legal perspectives. Tests and interviews shows that all of thesolutions are user friendly, but not adequate from a security perspective. With respect to customers'demands we recommend that the company's internal network should be accessed with smart cards. Thisguarantees that only intended authentications are performed.</p> / <p>Rapporten är skriven åt ett nätverksbolag i konsultbranschen. Syftet med rapporten är att se överutvecklingen av företagets distansuppkopplingar ur ett användarvänlighets- och säkerhetsperspektiv.Detta innebär dels att undersöka möjligheterna för att konsolidera förekommande autentiseringsmetodersom används för uppkoppling mot kunder. Problematiken handlar då om att mängdenautentiseringsmetoder för konsulter i dagsläget är svåradministrerad. Genom fallstudie har vi fått reda attsmarta kort, SMS-tjänst, mjuk- och hårdvarutokens figurerar.Den enda metod som är tänkbar ur ett säkerhetsperspektiv är smarta kort. Då metoden inte ärframträdande hos företagets kunder skulle dock en standardisering i dagsläget vara kontraproduktiv.Avsikten med rapporten är också att utreda hur den pågående interna utvecklingen avdistansuppkopplingen påverkar företagets kunder. Vi har inom ramen för detta även verifierat ettdesignförslag.Efter utförd fallstudie tolkar vi att den interna utvecklingen av distansuppkopplingen påverkas marginelltur ett juridiskt perspektiv. Efter tester och intervjuer konstaterar vi att samtliga lösningar äranvändarvänliga men ur säkerhetssynpunkt inte tillräckliga. Med hänseende till kundernas kravbildrekommenderar vi att uppkoppling mot företagets interna nätverk sker med smarta kort. Detta för attkunna garantera att endast avsvedd autentisering utförs.</p>

Autentisering

PKI

certifikat

smarta kort

engångslösenord

Computer science

Datavetenskap

Utvärdering av Falköpings kommuns Informations säkerhet

Alshami, Suha

January 2013

A student at the Technical University in Jönköping was given an assignment from Falköping municipality. The assignment was to evaluate their IT systems 'users' awareness of information security and even present suggestions for IT-Users to improve their information security within Falköping municipality. Falköping municipality consists today of seven administrations. The target groups for the study of the information security are a pilot group consisting of 30 IT Users and four different managers from various administrations within Falköping Municipality. The purpose of this work is mainly to indicate an understanding of the importance of the information security knowledge among IT Users in Falkopings municipality, mainly those who use their smartphones and tablets for work-related activities. This work aims to answer the following questions: • How wide is the awareness of information security among municipality's IT users? • How can information security improve among the municipality's IT users? Theories that work consists of are mainly what information security is, how it is handled and the threats and risks that may create problems for the municipality, basically when IT Users use their smart phones and tablets. The Work Implementation started with sending surveys to a pilot group of IT- system users and the student even interviewed four general managers working in Falköpings municipality. Both the questionnaires results and interviews results are presented in diagram and text. The result from both surveys and interviews was very positive and it shows that the municipality investigated IT-Users are very aware and have knowledge about information security, when they use their smart phones and tablets. There are some suggestions presented for the IT-Users to improve their security in their smart phones and tablets. At the end of the report a discussion as well as a conclusion is presented. In conclusion there are some points, which explain how risk awareness among municipality’s investigated IT Users appears in the current situation and also there are some suggestions presented for the IT-Users to improve their security in their smart phones and tablets in the future. Falköping municipality should in the future make a larger study to produce a risk assessment. The risk assessment should discuss various threats and risks that IT-systems users experience with their use of smartphones and tablets in their workplace. The student hopes that this thesis will be a good basis for future studies.

Informationssäkerhet

IT-avdelning

Falköpings kommun

Smarta mobiltelefoner

Surfplattor

Utveckling och tillämpning av modeller förkvantifiering av de ekonomiska konsekvensernaav ökad förbrukningsflexibilitet inom eldistribution / Development and application of models for quantifying the economical consequences of increased demand response in electrical power distribution

Grahn, Elin

January 2015

One step towards a more sustainable energy system is to create a more flexible electrical grid, where increased demand response among electricity consumers can play an important role. A distribution grid owner can encourage their customers to use electricity more evenly distributed during the day by introducing different types of grid fees such as time-differentiated power tariffs. In this master thesis, the theoretical economic impact of a flattened load profile for a distribution grid owner is investigated. Different factors that impact the distribution grid owner’s economy are identified and two are chosen to be quantified; losses in the grid and the fee to the feeding grid. The possibility to save money by avoiding future investments is discussed but not quantified. Models are developed for modifying an existing load profile, calculating the losses associated with a certain grid and load profile, and calculating the value of a lowered subscribed power to the feeding grid. The models are applied on the distribution grid owner Sala-Heby Energi Elnät AB. The results show that with a load profile that is flattened out 100% every day, which is the theoretical best possible scenario, the losses can be reduced with 2.6% which corresponds to a value of 81 000 SEK. By lowering the subscribed power to the feeding grid as much as the highest peak of the year is reduced in the modified load curve, the cost to the feeding grid would be reduced 1.2 million SEK, or 10% of the fee to the feeding grid. In the 20% curve modification case, which would be more realistic to achieve in reality, the losses decreased by 0.9% which corresponds to a value of 29 000 SEK. Furthermore, the fee to feeding grid would be reduced with 0.34 million SEK which corresponds to 2.8% of the total fee. In summary, the theoretical economic saving potential is around 10 times higher for the fee to feeding grid than for grid losses. / Marknadsbaserade styrmedel i bostadssektorn

distributionsnät

förbrukningsflexibilitet

förbrukningsprofil

smarta elnät

nätförluster

elförbrukning

överliggande nät

mätosäkerhet

Hur lönsamt är solel? : Förändras lönsamheten av solel i kombination med smarta elnät?

Lindström, Klas

January 2018

I detta examensarbete har syftet varit att undersöka huruvida smarta elnät kommer att motivera en investering i solcellsanläggningar, rapporten riktar sig främst till bostadsrättsföreningar. För att genomföra detta har en litteraturstudie genomförts. Detta resulterade i vilka typer av lagar och regler som gäller idag och hur de används. Litteraturstudien resulterade även i vilka olika scenarion som var troliga att kunna inträffa i framtiden och utifrån dessa kunde ett resultat arbetas fram. De scenarion som valdes att titta närmare på var om vad som skulle hända om fler började köra elbil, om föreningarna agerar elhandlare och säljer solel till medlemmarna och två olika typer av lagring, nätlagring och batterilagring. När scenarierna var fastställda började arbetet med att jämföra dessa för att se vilken som skulle ge bäst ekonomiska avkastning. Resultatet som erhölls var att batterilagring gav högst avkastning men också längst återbetalningstid. Det visade sig även att nuvärdet för en anläggning med batterilagring var lägst bland de undersökta fallen däremot hade lagring i nätet högst nuvärde. Det som gav kortast återbetalningstid var lagring i elnät. Det går att konstatera att bäst resultat skulle erhållas med hjälp av lagring i elbilar då man slipper den dyra investeringskostnaden i batterier men samtidigt kan behålla högst självförbrukandegrad och därmed högst avkastning. / In this thesis, the aim has been to investigate whether smart grids will motivate an investment in solar cell installations. The report is primarily aimed at housing associations. To complete this, a literature study has been conducted. This resulted in what types of laws and regulations apply today and how they are used. The literature study also resulted in the different scenarios that were likely to occur in the future, and from this a result could be produced. The Scenarios that was chosen to look into was “what would happen if more people started driving electric cars, if the associations acted as electricity dealers and sold solar power to the members and two different types of storage, grid storage and battery storage”. Once the scenarios were established, the work started comparing these to see which one would give the best economic return. The result that could be obtained was that battery storage yielded the highest return but also the longest repayment period, which gave the lowest repayment time was storage in power grids. It was also found that the present value of a battery storage facility was lowest among the cases investigated, but on the other hand, storage in the power grid had the highest present value. It can be concluded that the best results could be obtained from storage in electric cars, avoiding the expensive in-vestment cost in batteries but at the same time maintaining the highest self-consuming degree therefore keeping the highest yield.

energieffektivisering

smarta elnät

solenergi

solceller

energilagring.

Energy Engineering

Energiteknik

Framtidens fastighetsbransch: PropTech och co-workings påverkan på kundvärdet i kontorslokaler : Identifikationen av de faktorer som möjliggör kundvärde och dess påverkan på tjänsteerbjudandet

Ackerstierna, Joel, Gullbrandsson, Marcus

January 2018

Problem definition: Digital innovation affects the world's economies and markets, where business-independent industry changes its way of working. The commercial real estate industry faces a change, where the two concepts of smart home and mobility change the appearance of the future market. On the market, there is an exponential increase in the number of companies utilizing the two concepts, companies collectively called PropTech companies, which act as catalysts for the transformation. Another trend is co-working, a new flexible office solution that utilizes the mobility change and disrupts the current value chain. These trends affect existing property managers, who should review their business model in view of the new technology to remain competitive. A major challenge with PropTech is the lack of understanding of the benefits it brings and what customer value it actually creates, making it difficult to create value offers that actually meet customer needs. The different types of PropTech and co-working provide a potential for new types of services that benefit the tenants in their business and can provide an easier work life balance. Purpose of the study: The purpose of this master thesis is to identify the impact PropTech and co-working has on commercial real estate tenants in Stockholm. Methodology: The study is of an exploratory character and aimed to explore what contributes to customer value for commercial tenants in Stockholm today and the impact PropTech and co-working has on it. The performance of the study was a combination of a cross-sectional approach, a qualitative, deductive and partly an inductive approach. A total of 16 semi-structured interviews were conducted, consisting of 11 property managers with internal management and five tenants working in the consulting industry. By interviewing tenants simultaneously with the property manager, it was established that the property managers' insight into the tenants' needs were in line with reality. The collected empirical data was analyzed on the basis of the applied reference framework and its factors that drive the customer value of tenants in office premises in Stockholm. Conclusions: The impact of digitization is of a complex nature and ranges from negative to positive aspects and everything in-between. The study identified four PropTech-services that can benefit company tenants in various ways and their impacts on customer value: property management, quantification &amp; efficiency, office services and search platforms for working places. Co-working was also included as a service that affects customer value in office spaces.Identified factors creating customer value for company tenants were quality, adaptability, cost reduction and price. Each factor was further dissected to describe more accurately how it impacts tenants, these under factors consisted of tangibles, reliability, assurance, customer focus, co-creation, mass customization, flexibility, monetary costs, non-monetary costs, low cost and premium price.The study found that the most important aspect of property management, in order to have a positive impact on the tenants, is assurance. There also exists a potential positive impact for the service via non-monetary cost reductions. Furthermore, property management has a negative impact on customer focus and assurance.  The most important aspects of quantification &amp; efficiency, in order to have a positive impact on the tenants, are tangibles, non-monetary cost reductions and flexibility. There also exists both a potential positive impact as well as a negligible impact for the service via monetary cost reductions.The most important aspect of office services, in order to have a positive impact on the tenants, is low price. There also exists a negligible impact for the service via non-monetary cost reductions.The most important aspects of search platforms for working places, in order to have a positive impact on the tenants, are flexibility and monetary cost reductions.The most important aspects of co-working, in order to have a positive impact on the tenants, are mass customization, flexibility and monetary cost reductions. There also exists a negative impact for the service via tangibles.The authors of this study encourage for further quantitative research regarding the subject.

Business Administration

Företagsekonomi

Betydelsen av informationsdesign vid utveckling av appar för smartphones : En kvalitativ studie om informationsdesign i applikationer

Rooth, Thomas, Szilagyi, Peter

January 2012

Smartphones blir en allt större del av vår vardag privat somyrkesmässigt. Genom smartphonen matas vi konstant av stora mängder information genom de appar som finns installerade på telefonen. IT-konsulter och utvecklare jobbar dagligen med att utveckla appar för många olika syften och ändamål och de står inför en svår uppgift när de designar dessa applikationer för att kunna möta sina kunders behov.   Denna studie syftar till att undersöka typen av information som kunder efterfrågar. Hur denna information bör vara utformad för användning i appar på smartphones och att förklara varför ett visst utseende eller innehållsmängd på information kan vara bra eller dåligt att distribuera via appar. Studien genomförs med en kvalitativ datainsamlingsmetod där flera informanter intervjuas. Informanterna är IT-konsulter och utvecklare som arbetar med stora företag, främst i Sverige. Resultaten visar att informationstypen kunder efterfrågar är av typen “Just-in-time”, att utvecklare inte skall presentera för mycket information i en app och att informationen bör vara mycket specifik och ändamålsenlig. / Smartphones represent a growing part of ourdaily private and professionallife. Throughour smartphones we’re constantly exposed to large amounts of information via apps installed on the phone. IT consultants and developers are continuously working to develop apps for many different purposes and they face a daunting task when they design these apps to meet their customer needs. The study aims to investigate the type of information that customers demand. How this information should be designed for use in apps on smartphones and to explain why a certain look or content amount of information can be good or bad to distribute via apps. The study was conducted with a qualitative method approach where multiple informants where interviewed. The informants are IT consultants and developers who work with large companies, primarily in Sweden. The results show that the type of information customers are asking for is of the type "Just-in-time", that developers should not present too much information in one app, and that the information should be very specific and effective.

Smarta telefoner

applikationer

användning

informationsdesign

Information Systems

Nulägesanalys och verifiering av autentiseringsmetoder : En studie på ett konsultbolag i nätverksbranschen

Vilhelmsson, Philip, Tallberg, Christer

January 2010

This report is written for a consultant networking company with the purpose to review the development ofthe company's remote connections from a user friendly and security perspective.This includes an investigation of the possibilities to consolidate existing authentication methods foraccessing customers. The problem lies in the amount of methods being used. Through case study wefound that smart cards, SMS-service, software and hardware tokens exist.The only method feasible from a security perspective is smart cards. Since the method is not commonlyused by the company's customers a standardization of it would be counterproductive.Also, the purpose of this report is to investigate how the ongoing internal development of the remoteconnection will affect the company's clients. Within this framework we have also verified a designsuggestion.We interpret, after the completion of the case study, that the internal development of the remoteconnection is marginally affected by legal perspectives. Tests and interviews shows that all of thesolutions are user friendly, but not adequate from a security perspective. With respect to customers'demands we recommend that the company's internal network should be accessed with smart cards. Thisguarantees that only intended authentications are performed. / Rapporten är skriven åt ett nätverksbolag i konsultbranschen. Syftet med rapporten är att se överutvecklingen av företagets distansuppkopplingar ur ett användarvänlighets- och säkerhetsperspektiv.Detta innebär dels att undersöka möjligheterna för att konsolidera förekommande autentiseringsmetodersom används för uppkoppling mot kunder. Problematiken handlar då om att mängdenautentiseringsmetoder för konsulter i dagsläget är svåradministrerad. Genom fallstudie har vi fått reda attsmarta kort, SMS-tjänst, mjuk- och hårdvarutokens figurerar.Den enda metod som är tänkbar ur ett säkerhetsperspektiv är smarta kort. Då metoden inte ärframträdande hos företagets kunder skulle dock en standardisering i dagsläget vara kontraproduktiv.Avsikten med rapporten är också att utreda hur den pågående interna utvecklingen avdistansuppkopplingen påverkar företagets kunder. Vi har inom ramen för detta även verifierat ettdesignförslag.Efter utförd fallstudie tolkar vi att den interna utvecklingen av distansuppkopplingen påverkas marginelltur ett juridiskt perspektiv. Efter tester och intervjuer konstaterar vi att samtliga lösningar äranvändarvänliga men ur säkerhetssynpunkt inte tillräckliga. Med hänseende till kundernas kravbildrekommenderar vi att uppkoppling mot företagets interna nätverk sker med smarta kort. Detta för attkunna garantera att endast avsvedd autentisering utförs.

Autentisering

PKI

certifikat

smarta kort

engångslösenord

Computer Sciences

Datavetenskap (datalogi)

Interaktiva radiotjänster : - en applikation för mobila Androidenheter

Gräslund, Andreas

January 2011

The increase in sales of the so called smart phones has meant that there has also been a requirement to determine new applications for which they are suitable. One of the largest platforms for smart phones is Android and the task of this thesis is to develop an application for a company that wishes to create interactive radio for the Internet. In addition to ordinary radio features, the company would like the application to be able to present images and a small web page called Canvas. The overall aim ,of this thesis, is to build a fully functional media player that is compatible with the majority of the commonly used Android based mobile units. To fulfill the overall aim, nine explicit goals were targeted. The first stage involved studying solutions for each goal and the second stage involved implementing them in the application and the stage involved evaluating the application by enlisting the help of an expert. An application was built that allows the user to choose a radio channel and listen to it whilst interacting with the canvas. The application was built in modules, each of which had its own task, for example dealing with the web services or the sound. The expert tested the application on three mobile units and answered a series of questions regarding the explicit goals. The expert considered that all the goals had been achieved , which can thus be interpreted that a well-functioning media player compatible with Android based units had been created. Keywords: Android, compatibility, web services, Java, smart telephone-down, media players

Android

kompabilitet

webbtjänster

Java

smarta telefoner

mediespelare

Computer Engineering

Datorteknik

Produktansvar och produktsäkerhet vid användandet av AI-produkter : - En analys av svensk gällande rätt / Products Liability and Products Safety when using AI-based products : –An analysis regarding Swedish applicable law

Lundin, Lovisa

January 2020

The progressive development of artificial intelligence (AI) products has led to the creation of smart robots which have the capacity to learn and make independent decisions. These high- tech smart robots are unpredictable, which entails risks for, among other things, third parties. Today, product safety is mainly regulated by Produktsäkerhetslag (2004:451) (PSL) and product liability by Produktansvarslag (1992:18) (PAL). The overarching goal of these two safety and liability regulations is to ensure that all products, including AI products, function safely and that any damage caused is effectively addressed. Although applicable Swedish law constitutes a reliable regulatory framework for safety and product liability, the legislation is not fully comprehensive; current legislation is not adapted to product safety issues or product liability conditions which can arise specifically from smart robots.

AI

smarta robotar

produktansvar

produktsäkerhet

produktsäkerhetslag.

Law

Juridik

Faktorer som möjliggör säkerhetsmedvetenhet inom smarta hem

Holmertz, Felix, Backlund, Marcus

January 2021

Syftet med denna studie är att utforska användares uppfattningar och åsikter kring säkerhetsmedvetenhet av IoT-artefakter. För att möjliggöra studien har förarbetet varit en viktig del. Förarbetet har skett genom att djupdyka inom ämnet IoT och säkerhet i olika vetenskapliga databaser. Utförandet av studien har skett genom en kvalitativ studie med en beskrivande och abduktiv ansats följt av en blandning datainsamlingsmetoder. Datainsamlingsmetoderna bestod av primärdata i form av en enkät och sekundärdata där faktorer har identifierats utifrån hemsidor och rapporter från företag och myndigheter. Materialet har identifierats utifrån sökningar via sökmotorn Google. Faktorerna som utvecklats från sekundärdata analyserades emot den teori kring IoT och säkerhet inom hem som tagits fram av tidigare forskning för att se likheter och skillnader kring säkerhetsmedvetenhetsfaktorerna. Vidare jämförs sekundärdata till de uppfattningar som primärdata samlat in för identifiera det viktigaste åtgärderna som användare kan vidta för att förbättra säkerheten. Dessa åtgärder sammanfattas i en tabell med riktlinjer. Studien har identifierat faktorer som möjliggör säkerhetsmedvetenhet och utifrån det har riktlinjer utvecklats för att öka medvetandet för säker användning av IoT enheter. Genom de riktlinjerna som tagits fram kan utvecklare se utifrån användarens perspektiv på säkerheten och de risker som finns. Följer användare de riktlinjer som tagits fram, till exempel att säkra sitt Wi-Fi nätverk, kan säkerheten förbättras och riskerna minskas vid användandet av IoT. / This study aims to explore user’s perceptions and opinions about security awareness of IoT artifacts. The study was carried out in a Facebook group for members that are interested in smart homes. To enable the study, a literature oversight was carried out with the focus on IoT and security, and using various scientific databases. The study was a qualitative study with a description and abductive approach followed by using different data collection methods. The data collection consisted of primary data in the form of a survey and secondary data consisting of reports and homepages from companies, authority and other organisations. This material was identified using the search engine Google. The factors identified from the secondary data collection were analyzed against the theory developed around IoT and security in homes from previous research to see similarities and differences. Furthermore, the factors about security awareness identified in the secondary data have been used to develop guidelines for increased security awareness for smart home users. The guidelines that have been developed can give developers insights about the security and its risks from the user’s perspective.

internet of things

smarta hem

säkerhetsmedvetenhet

Information Systems