Dissertationen zum Thema „Security Suite“

Nowadays, the great diffusion of advanced devices, such as smart-phones, has shown that there is a growing trend to rely on new technologies to generate and/or support progress; the society is clearly ready to trust on next-generation communication systems to face today’s concerns on economic and social fields. The reason for this sociological change is represented by the fact that the technologies have been open to all users, even if the latter do not necessarily have a specific knowledge in this field, and therefore the introduction of new user-friendly applications has now appeared as a business opportunity and a key factor to increase the general cohesion among all citizens. Within the actors of this technological evolution, wireless machine-to-machine (M2M) networks are becoming of great importance. These wireless networks are made up of interconnected low-power devices that are able to provide a great variety of services with little or even no user intervention. Examples of these services can be fleet management, fire detection, utilities consumption (water and energy distribution, etc.) or patients monitoring. However, since any arising technology goes together with its security threats, which have to be faced, further studies are necessary to secure wireless M2M technology. In this context, main threats are those related to attacks to the services availability and to the privacy of both the subscribers’ and the services providers’ data. Taking into account the often limited resources of the M2M devices at the hardware level, ensuring the availability and privacy requirements in the range of M2M applications while minimizing the waste of valuable resources is even more challenging. Based on the above facts, this Ph. D. thesis is aimed at providing efficient security solutions for wireless M2M networks that effectively reduce energy consumption of the network while not affecting the overall security services of the system. With this goal, we first propose a coherent taxonomy of M2M network that allows us to identify which security topics deserve special attention and which entities or specific services are particularly threatened. Second, we define an efficient, secure-data aggregation scheme that is able to increase the network lifetime by optimizing the energy consumption of the devices. Third, we propose a novel physical authenticator or frame checker that minimizes the communication costs in wireless channels and that successfully faces exhaustion attacks. Fourth, we study specific aspects of typical key management schemes to provide a novel protocol which ensures the distribution of secret keys for all the cryptographic methods used in this system. Fifth, we describe the collaboration with the WAVE2M community in order to define a proper frame format actually able to support the necessary security services, including the ones that we have already proposed; WAVE2M was funded to promote the global use of an emerging wireless communication technology for ultra-low and long-range services. And finally sixth, we provide with an accurate analysis of privacy solutions that actually fit M2M-networks services’ requirements. All the analyses along this thesis are corroborated by simulations that confirm significant improvements in terms of efficiency while supporting the necessary security requirements for M2M networks.

Internet of things is getting more and more popular in healthcare as it comes with benefits that help with efficiency in saving lives and reduce its cost, but it also presents a new attack vector for an attacker to steal or manipulate information sent between them. This report will focus on three properties in the definition of security, confidentiality, integrity and access control. The report will look into what challenges there is in healthcare IoT today through a literature review and from those challenges look into what could minimise these challenges before a device gets into production. The report found that the lack of standardisation has lead to errors that could be easily prevented by following a guideline of tests as those from the European Union Agency for Network and Information Security, or by running a penetration test with the tools brought up in the report on the device to see what vulnerabilities are present.

Widespread adoption of cloud services is fundamentally changing the way IT services are delivered and how data is stored. Current forensic tools and techniques have been slow to adapt to new challenges and demands of collecting and analyzing cloud artifacts. Traditional methods focusing only on client data collection are incomplete, as the client may have only a (partial) snapshot and misses cloud-native artifacts that may contain valuable historical information. In this work, we demonstrate the importance of recovering and analyzing cloud-native artifacts using G Suite as a case study. We develop a tool that extracts and processes the history of Google Documents and Google Slides by reverse engineering the web applications private protocol. Combined with previous work that has focused on API-based acquisition of cloud drives, this presents a more complete solution to cloud forensics, and is generalizable to any cloud service that maintains a detailed log of revisions.

This thesis is focused on smart meters cyber security using DLMS Security Suite standard. Security is more important every day and DLMS specifies multiple methods of authentication and message encryption which is defined in Security Suites. For message creation there are multiple possible formats that can be used. For a better understanding all formats are analysed and compared using a specific example. Main part of this work is about making a testing application called VUT DLMS Tester which is used for testing this standard for real usage in distribution network. Whole development is cooperated with distribution companies and smart meter manufacturers. Application also implements higher levels of security which DLMS specifies. This application is used for testing multiple scenarios regarding security impact on data volume.

Les protocoles historiques d’Internet (TCP/IP) qui servaient à interconnecter les tous premiers ordinateurs ne sont plus adaptés à la diffusion massive de contenus qui en est fait aujourd’hui. De nouveaux protocoles réseau centrés sur les contenus (Information-Centric Networking) sont actuellement conçus pour optimiser ces échanges en pariant sur un changement de paradigme où les contenus, plutôt que les machines sont adressables à l’échelle d’Internet. Cependant, un tel changement ne peut se faire que progressivement et si tous les impératifs opérationnels sont assurés. Ainsi, cette thèse a pour objectif d’étudier et de lever les principaux verrous technologiques empêchant l’adoption du protocole NDN (Name Data Networking) par les opérateur en garantissant la sécurité, les performances, l’interopérabilité, la bonne gestion et le déploiement automatisé d’un réseau NDN. Dans un premier temps, nous évaluons les performances actuelles d’un réseau NDN à l’aide d’un outil de notre conception, ndnperf, et constatons le coût élevé pour un serveur utilisant ce protocole. Puis nous proposons un ensemble de solutions pour améliorer l’efficacité d’un serveur NDN pouvant être jusqu’à 6,4 fois plus efficient que les paramètres de base. Ensuite nous nous intéressons à la sécurité de NDN à travers l’évaluation de l’attaque par empoisonnement de contenus, connue pour être critique mais jamais caractérisée. Cette étude se base sur deux scénarios, en utilisant un serveur et un client pour effectuer la pollution, ou en exploitant une faille dans le traitement des paquets au niveau du routeur. Nous montrons ainsi la dangerosité de l’attaque et proposons une correction de la faille la permettant. Dans un troisième temps, nous cherchons à adapter le protocole HTTP pour qu’il puisse être transporté sur un réseau NDN à des fins d’interopérabilité. Pour ce faire, nous avons développé deux passerelles qui effectuent les conversions nécessaires pour qu’un contenu web puisse rentrer ou sortir d’un réseau NDN. Après avoir décrit notre solution, nous l’évaluons et l’améliorons afin de pouvoir bénéficier d’une fonctionnalité majeure de NDN, à savoir la mise en cache des contenus dans le réseau à hauteur de 61,3% lors de tests synthétiques et 25,1% lors de simulations de navigation avec plusieurs utilisateurs utilisant une loi Zipf de paramètre 1,5. Pour finir, nous proposons une architecture à base de microservices virtualisés et orchestrés pour le déploiement du protocole NDN en suivant le paradigme NFV (Network Function Virtualization). Les sept microservices présentés reprennent soit une fonction atomique du routeur, soit proposent un nouveau service spécifique. Ces fonctions peuvent ensuite être chaînées pour constituer un réseau optimisé. Cette architecture est orchestrée à l’aide d’un manager qui nous permet de pleinement tirer parti des avantages des microservices comme la mise à l’échelle des composants les plus lents ou encore le changement dynamique de topologie en cas d’attaque.Une telle architecture, associée aux contributions précédentes, permettrait un déploiement rapide du protocole NDN, notamment grâce à un développement facilité des fonctions, à l’exécution sur du matériel conventionnel, ou encore grâce à la flexibilité qu’offre ce type d’architecture
Internet historical protocols (TCP/IP) that were used to interconnect the very first comput-ers are no longer suitable for the massive distribution of content that is now being made. New content-based network protocols (Information-Centric Networking) are currently being designed to optimize these exchanges by betting on a paradigm shift where content, rather than machines, are addressable across the Internet. However, such a change can only be made gradually and if all operational imperatives are met. Thus, this thesis aims to study and remove the main tech-nological obstacles preventing the adoption of the NDN (Name Data Networking) protocol by operators by guaranteeing the security, performance, interoperability, proper management and automated deployment of an NDN network. First, we evaluate the current performance of an NDN network thanks to a tool we made, named ndnperf, and observe the high cost for a provider delivering fresh content using this protocol. Then, we propose some optimizations to improve the efficiency of packet generation up to 6.4 times better than the default parameters. Afterwards, we focus on the security of the NDN protocol with the evaluation of the content poisoning attack, known as the second more critical attack on NDN, but never truly characterized. Our study is based on two scenarios, with the usage of a malicious user and content provider, or by exploiting a flaw we found in the packet processing flow of the NDN router. Thus, we show the danger of this kind of attacks and propose a software fix to prevent the most critical scenario. Thirdly, we are trying to adapt the HTTP protocol in a way so that it can be transported on an NDN network for interoperability purposes. To do this, we designed an adaptation protocol and developed two gateways that perform the necessary conversions so that web content can seamlessly enter or exit an NDN network. After describing our solution, we evaluate and improve it in order to make web content benefit from a major NDN feature, the in-network caching, and show up to 61.3% cache-hit ratio in synthetic tests and 25.1% in average for browsing simulations with multiple users using a Zipf law of parameter 1.5. Finally, we propose a virtualized and orchestrated microservice architecture for the deploy-ment of an NDN network following the Network Fonction Virtualization (NFV) paradigm. We developed seven microservices that represent either an atomic function of the NDN router or a new one for specific purposes. These functions can then be chained to constitute a full-fledged network. Our architecture is orchestrated with the help of a manager that allows it to take the full advantages of the microservices like scaling the bottleneck functions or dynamically change the topology for the current needs (an attack for example). Our architecture, associated with our other contributions on performance, security and in-teroperability, allows a better and more realistic deployment of NDN, especially with an easier development of new features, a network running on standard hardware, and the flexibility allowed by this kind of architecture

Main goal of this thesis is analyzing potential security risks of the SAP NetWeaver platform and identifying various vulnerabilities, that are results of poor system configuration, incorrect segregation of duties or insufficient patch management. Methodology for platform evaluation is defined by vulnerabilities, security requirements and controls will be created.

La lutte contre le terrorisme, ainsi que ses conséquences sur la sphère des droits de l'Homme, n'est pas un thème nouveau en Europe. Cependant, depuis les attentats du 11 septembre 2001 perpétrés sur le sol des Etats-Unis, «confirmés» par ceux de Madrid en 2004 et Londres en 2005, elle n'a jamais incarné une telle priorité. La majeure partie des mesures prises par l'Union européenne tombe sous le titre de la coopération en matière pénale, c’est-à-dire sousl’ex-troisième Pilier, parmi lesquelles la décision-cadre sur la lutte contre le terrorisme, la décision-cadre sur le mandat d'arrêt européen et les accords entre l'Union européenne et les Etats-Unis d'Amérique sur l'extradition et l'assistance juridique mutuelle. Sur base des mesures européennes, certains Etats, historiquement non concernés par ce phénomène, ont été pressés à adopter des mesures anti-terroristes alors que d’autres y ont vu une légitimation pour renforcer leur corpus juridique déjà existant. Quel est l'impact des mesures européennes et de celles prises par les Etats sur le délicat équilibre entre la sécurité et la liberté ? En d'autres termes, quel est le rôle de l'Etat de droit : une limitation à ces mesures ou, un principe visant au renforcement du combat contre le terrorisme?
The fight against terrorism, as well as its consequences in the field of Human Rights, is not a new theme for Europe. However, since the terrorist attacks of September the 11th 2001 in the United States of America, “confirmed” by the ones of Madrid in 2004 and London in 2005, it has never embodied such a priority. The larger part of the measures taken by the European Union falls under the heading of cooperation in criminal matters, i.e. within the scope of the former Third Pillar, among which the framework decision on combating terrorism, the framework decision on the European arrest warrant and the agreements between the European Union and the United States of America on extradition and mutual legal assistance. On basis of the European measures, some States, not historically concerned by terrorism, have been compelled to carry out counter-terrorism measures whereas, others have seen a legitimation to reinforce their existing body of law. What is the impact of the European measures and the ones taken by States on the delicate balance between security and liberty? In other words, what is the role of the Rule of Law: a limitation to those measures or, a principle aiming to the strengthening of the fight against terrorism?

Enterprise level software development using traditional software engineeringapproaches with third-generation programming languages is becoming morechallenging and cumbersome task with the increased complexity of products,shortened development cycles and heightened expectations of quality. MDD(Model Driven Development) has been counting as an exciting and magicaldevelopment approach in the software industry from several years. The ideabehind MDD is the separation of business logic of a system from its implementationdetails expressing problem domain using models. This separation andmodeling of problem domain simplify the process of system design as well asincrease the longevity of products as new technologies can be adopted easily.With appropriate tool support, MDD shortens the software development lifecycle drastically by automating a significant portion of development steps.MDA (Model Driven Architecture) is a framework launched by OMG (ObjectManagement Group) to support MDD. SPACE is an engineering methodfor rapid creation of services, developed at NTNU (Norwegian University ofScience and Technology) which follows MDA framework. Arctis and Ramsesare tool suits, also developed at NTNU to support SPACE method. Severalsolutions have been developed on Arctis tool suit covering several domainslike mobile services, embedded systems, home automation, trust managementand web services.This thesis presents a case study on the web application domain with Arctis,where the underlying technologies are AJAX (asynchronous JavaScriptand XML), GWT (Google Web Toolkit) framework and Java Servlet. Inorder to do that, this thesis contributes building up some reusable buildingblocks with Arctis tool suit. This thesis also describes a use case scenario touse those building blocks. This thesis work tries to implement the specifiedsystem and evaluates the resulting work.

Thesis (M.A. in National Security Affairs)--Naval Postgraduate School, March 2003.
Thesis advisor(s): Robert Simeral, Robert Looney. Includes bibliographical references (p. 105-111). Also available online.

Non-functional requirements such as Security and Dependability (S&D) become more and more important as well as more and more difficult to achieve, particularly in embedded systems development. Such systems come with a large number of common characteristics, including real-time and temperature constraints, security and dependability as well as efficiency requirements. In particular, the development of Resource Constrained Embedded Systems (RCES) has to address constraints regarding memory, computational processing power and/or energy consumption. In this work, we propose a modeling environment which associates model-driven paradigm and a model-based repository, to support the design and the packaging of S&D patterns, resource models and their property models. The approach is based on a set of modeling languages coupled with a model-repository, search and instantiation engines towards specific development environments. These modeling languages allow to specify patterns, resources and a set of property models. These property models will allow to govern the use of patterns and their analysis for reuse. In addition, we propose a specification and generation process of repositories. As part of the assistance for the development of S&D applications, we have implemented a suite of tool-chain based on the Eclipse platform to support the different activities around the repository, including the analysis activities. The proposed solutions were evaluated in the TERESA project through a case study from the railway domain.

This thesis deals with the security of wireless sensor networks, mainly of the industrial standard ZigBee. The aim of the work is to familiarize with the 802.15.4 standard and the ZigBee technology, especially with present methods of security in this field. I have also analysed the requirements for the security of this technology. Further aim of this work is the introduction of the ZigBee kit and description of the Microchip's ZigBee stack. Analysis of the stack is connected with practical test of security functions in the ZigBee laboratory.

Dans cette thèse, une nouvelle manière de générer des nombres pseudo-aléatoires est présentée.La proposition consiste à mixer deux générateurs exitants avec des itérations chaotiquesdiscrètes, qui satisfont à la définition de chaos proposée par Devaney. Un cadre rigoureux estintroduit, dans lequel les propriétés topologiques du générateur résultant sont données. Deuxréalisations pratiques d’un tel générateur sont ensuite présentées et évaluées. On montre que lespropriétés statistiques des générateurs fournis en entrée peuvent être grandement améliorées enprocédant ainsi. Ces deux propositions sont alors comparées, en profondeur, entre elles et avecun certain nombre de générateurs préexistants. On montre entre autres que la seconde manièrede mixer deux générateurs est largement meilleure que la première, à la fois en terme de vitesseet de performances.Dans la première partie de ce manuscrit, la fonction d’itérations considérée est la négation vectorielle.Dans la deuxième partie, nous proposons d’utiliser des graphes fortement connexescomme critère de sélection de bonnes fonctions d’itérations. Nous montrons que nous pouvonschanger de fonction sans perte de propriétés pour le générateur obtenu. Finalement, une illustrationdans le domaine de l’information dissimulée est présentée, et la robustesse de l’algorithmede tatouage numérique proposé est évalué
In this thesis, a new way to generate pseudorandom numbers is presented. The propositionis to mix two exiting generators with discrete chaotic iterations that satisfy the Devaney’sdefinition of chaos. A rigorous framework is introduced, where topological properties of theresulting generator are given, and two practical designs are presented and evaluated. It is shownthat the statistical quality of the inputted generators can be greatly improved by this way, thusfulfilling the up-to-date standards. Comparison between these two designs and existing generatorsare investigated in details. Among other things, it is established that the second designedtechnique outperforms the first one, both in terms of performance and speed.In the first part of this manuscript, the iteration function embedded into chaotic iterations isthe vectorial Boolean negation. In the second part, we propose a method using graphs havingstrongly connected components as a selection criterion.We are thus able to modify the iterationfunction without deflating the good properties of the associated generator. Simulation resultsand basic security analysis are then presented to evaluate the randomness of this new family ofpseudorandom generators. Finally, an illustration in the field of information hiding is presented,and the robustness of the obtained data hiding algorithm against attacks is evaluated

Recursive Inter-Network Architecture (RINA) networks have a shorter protocol stack than the current architecture (the Internet) and rely instead upon separation of mech- anism from policy and recursive deployment to achieve large scale networks. Due to this smaller protocol stack, fewer networking mechanisms, security or otherwise, should be needed to secure RINA networks. This thesis examines the security proto- cols included in the Internet Protocol Suite that are commonly deployed on existing networks and shows that because of the design principles of the current architecture, these protocols are forced to include many redundant non-security mechanisms and that as a consequence, RINA networks can deliver the same security services with substantially less complexity.

M.Sc.
Using the Internet for communication purposes constitutes a high risk, considering the security of such information. The protocol suite used on the Internet is the TCP/IP protocol suite, which consists of the Transmission Control Protocol (TCP) and the Internet Protocol (IP). In a bid to create a basis to support the newly conceptualised ideas, various areas of networking are briefly discussed in this dissertation. The first in this series of areas is that of the OSI layers. This model forms the basis of all networking concepts. The model describes seven layers, of which each performs a certain networking function. The TCP/IP protocol suite fits into this model. Network security and encryption methods are applied and followed to secure information on the Internet. These methods have been used over a long period of time and will also be used to support the newly conceptualised ideas. The main focus of this dissertation falls on the securing of certain parts of the information contained in the headers of both the Transmission Control Protocol (TCP) and the Internet Protocol (IP) in a bid to minimise the amount of data that may be inferred about the communicating parties from these headers. In addition, where multiple routes exist between hosts, the possibility of the deliberate distribution of a single message across these routes is examined. Such distribution will further complicate the task of a hacker attempting to gather information from TCP and IP headers. In addition, such distribution will minimise the possibility that a hacker may assemble a complete message from its constituent parts and that he/she may infer information about the message that cannot be inferred from the isolated parts. The length of a message sent between hosts is one simple example of such information.

碩士
國立交通大學
電機資訊國際學程
103
Security is one of the fundamental aspects one needs to carefully design and implement for IoT systems. Fortunately, ETSI, as a standard body in telecommunication industry, has defined a comprehensive set of common security mechanisms to protect the IoT system including the corresponding security protocols that we can utilize. For TLS protocols, ETSI also suggests a set of cipher suite algorithms. Those options are categorized into two types, access-dependent and access-independent, based on the relationship between the M2M Service Provider and the Access Network Provider. According to this categorization, ETSI allows the M2M Service Provider to select the one that is the most suitable for their M2M applications. The standards do not describe in what condition a particular protocol will be the best among the others. Although M2M Service Providers can easily choose one out of many options, it is most ideal if some analytic methods can be defined for selecting a protocol that is the most secure and the least resource demanding one according to the characteristics and the traffic patterns of IoT applications. In this research we examine which conditions are most suitable for a security protocol and a cipher suite algorithm. We focus only on access-independent protocols which do not require any relationship between the M2M Service Provider and the Access Network Provider, because these protocols are most applicable in the industry. Also, the whole end-to-end system can be simulated easily by assuming no support from access networks. In TS 102 690, ETSI defines three levels of security mechanisms: Service Bootstrapping, Connection, and mId security. • M2M Service Bootstrapping mechanism aims to mutually authenticate the M2M Service Provider and the M2M Device or Gateway. EAP-IBAKE over EAP/PANA, EAP-TLS over EAP/PANA and TLS over TCP will be analyzed with regard to this study. The result of M2M Service Bootstrapping is an M2M Root Key (Kmr). • M2M Connection mechanism uses the M2M Root Key to set up a secure data session between a Network M2M Node and an M2M Device / Gateway. EAP-GPSK over EAP/PANA and TLS-PSK are the objects to be analyzed. This mechanism generates M2M Connection Key (Kmc) which will be used for the last mechanism, mId security. • The mId security protects the data transmission over the mId interface. Although there are three ways to secure the interface: access network layer security, channel security, and object security, we will focus on the channel security in our study. To proceed with our analysis, we develop these security mechanisms on top of the OpenMTC platform, which is an ETSI-M2M-compliant system. We use people management system in a factory as the use case for our testing samples, in particular, testing the situation where a large amount of small data traffic is generated in a very short time. Based on the result, we analyze what is the most suitable protocol for the type of traffic pattern in this use case. Several parameters can be utilized to determine the most suitable protocol, such as efficiency, cost, and effectiveness. In order to measure efficiency, we record the processing time, CPU usage, and memory usage. To measure the cost, we use the number of sent and received messages, including their total sizes, as the parameters for comparison. For the effectiveness of a particular protocol, we use the degree of security guarantee from a protocol / cipher suite such as very strong, strong, average, weak, or very weak.

碩士
中原大學
室內設計研究所
90
It is observable that most designers, such as interior designers, and product designs, are male gender who tend to design based on masculine values. Whether from the perspectives of sociology, aesthetics, or functional demands of design products, it is a commonplace that male designs often neglected female values. This may be an indirect cause of the lack of sense-of-security to female college students who reside in off-campus rental suites. Threats to female safety are substantial, including raping, peeping, robbing, or that caused by natural hazards. This calls for a further study about female demands for security in off-campus rental suites. This study conducted a field survey of psychological and physical demands for safety to female college students who reside in off-campus rental suites around Chung Yuan Christian University. It is found through quantitative analyses that the majority of female students concerned deeply about their safety in off-campus rental environments. In all, their sense-of-security can be depicted from five dimensions, i.e., safety-configuration of residential spaces, limited human threats, brightness of residential vicinities, social engagements among neighboring individuals, and controlled physical quality. Some of which are human-related, unpredictable, or uncontrollable. This study concludes with these dimensions and componential variables that designers as well as landlords are to bear in mind such concerns.

碩士
國立嘉義大學
休閒事業管理研究所
97
Since consumers cannot observe quality before flying, an airline’s safety history and reputation can play an important role in the formulation of their beliefs. Among those 19 airlines, China Airlines has the highest flight accident rate and per million flight accident rate is 7.16. Obviously, safety is the most important factor while customers are making their purchasing decision. In fact, have much of ads to use child endorse safety, such as Mitsubishi Savrin a series of ads use child to endorse for safety and reliable. Interestingly, the most emphasis on safety at the airline, the ads will be very few child fit with the airlines, on the contrary the use of many celebrities to endorse. Interestingly if we take safety and match-up into consideration, what kind of endorser is most fitted to airline which is in low reputation for its flight safety? This research wants using the image of child to transfer to emphasize airline safety. With respect to the methodology, a 5x2 factorial experiment design is employed, that is different types of endorsers (celebrity, expert, CEO, typical consumer, and child) with (low reputation of the airline in the ad emphasize its flight safety and high reputation of the airline in the ad emphasize its flight safety). The results showed that: 1. In the low reputation of the airline’s ad, the children to serve as endorser, and its ad attitude, brand attitude, purchase intention and the communication effect of advertising is the best. In the low reputation of the airline’s ad, with special emphasis on the safety of product attributes, and its ad attitude, brand attitude, purchase intention and the communication effect of advertising is the best 3. In the low reputation of the airline’s ad, the children to serve as endorser and with special emphasis on the safety of product attributes, and its ad attitude, brand attitude, purchase intention and the communication effect of advertising is the best.