Dissertations / Theses on the topic 'Authentication authorization and accounting'
To see the other types of publications on this topic, follow the link: Authentication authorization and accounting.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Authentication authorization and accounting.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Sandberg, Joakim. "Network Authentication to the Physical World." Thesis, KTH, Kommunikationssystem, CoS, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-221177.
Full textAbstract:
Quick Response (QR) codes have been used for both non-authentication purposes and authentication & authorization of a user. The visual representation of a QR code requires a reader/decoder to convert the code to a readable resource for an application. This raises some concerns, such as: What kind of information and how much information can be stored in this representation? What kind of vulnerabilities are there when using this technology in some type of authentication? The concrete problem addressed in this thesis is whether a mobile device displaying a QR code can be used as an authenticator for an Axis Communications A8105-E Network Video Door Station. To solve this problem the thesis investigates the use of QR codes in authentication & authorization based upon displaying a QR code on a mobile device, scanning this code via a camera, and then verifying the code using a validation server. Two important issues were what information to put into the QR code (given that the QR code is to be read by a camera) and where the decoding process should be carried out. This thesis also considers multiple types of authentication. Moreover, the system contains multiple components which themselves rely on secure communication and well-designed protocols to ensure security (against popular methods of attack) and stability. A prototype of the proposed authentication process was evaluated using a testbed consisting of three door stations, an Android app, and a backend service for analysing QR codes and making an authentication & authorization decision. QR codes proved to be as secure as the current solutions, such as magnetic stripe or RFID access cards. Using QR codes together with the user’s mobile device also offered additional functionality, such as easy management of the device registration/deregistration and compatibility with multifactor authentication. The conclusion is with the current door station products and the finalized design of the software; it is possible to have a secure and scalable system which is also cost-effective by eliminating the need of human verification as well as equipment required for access card systems.Quick-Response (QR) koder har använts både för icke autentiseringssyften men även för just autentisering av en användare. Den visuella representationen av en QR-kod behöver en läsare för att kunna omvandla koden till en läsbar resurs för en applikation. Detta leder till frågeställningarna: Vad för information och hur mycket kan man lagra i en QR-kod? Vilka sårbarheter finns det med användningen av denna teknologi inom autentisering? Det konkreta problemet i detta examensarbete är huruvida en mobil enhet som visar en QR-kod kan användas med en Axis Communications A8105-E Network Video Door Station. För att lösa detta problem så undersöker detta arbete användningen av QR-koder inom autentisering baserat på att visa QR koden på den mobila enheten, skanna denna kod med en kamera och validera denna kod med en valideringsserver. Två viktiga frågor var vilken information som skulle lagras i QR-koden samt vart avläsningen av en QR-kod tog plats. Detta arbete undersöker också olika typer av multifaktor autentisering. Systemet består vidare av flera komponenter som förlitar sig på säker kommunikation och väldesignade protokoll sam ger säkerhet (mot de mest populära nätverksattackerna) och stabilitet. Den tänkta autentiseringsprocessens prototyp evaluerades i en testmiljö bestående av tre Door Station, en Android applikation och en backend service för att analysera QR-koder samt hantera autentiserings och behörighetslogik. QR-koder bevisades vara lika säkert som befintliga lösningar som till exempel kort accesskort med magnetremsa och RFID chip. Användning av QR-koder med de mobila enheterna gör dessutom att hantering av registrering/avregistrering av enheterna kan ske på ett enkelt sätt samt även integreras med multifaktor autentisering. Slutsatsen är att med de befintliga Door Station enheterna och den slutgiltiga designen av mjukvaran ger det säkert och skalbart system som dessutom är kostnadseffektivt genom att behovet av en mänsklig verifiering samt de fysiska komponenterna av befintliga accesskortsystem, inte längre finns.
2
Crespo, Juan Carlos. "Requirements for a secure and efficientAuthentication System for a large organizationJuan Carlos." Thesis, Linnaeus University, School of Computer Science, Physics and Mathematics, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-7575.
Full textAbstract:
In this thesis, a full review on what are the minimum requirements needed to perform an Authentication System is explained. While building the system we have in consideration the users of it, the security needed for each of the resources that must be accessed by the users and what methods can be applied to access to these resources.
In basics, an Authentication System is built when we need to keep track to who is entering on an organization, the bigger the organization is and the more information must be keep safe the more complex the system will be.
Although there are other methods, I tried to keep it easy and understandable for all the possible readers. With this, the reader will understand the basics that he need to keep in mind when implementing such a system like this. The organization in mind for the system is a University that consist between twenty two thousand (22.000) and twenty five thousand (25.000) users.
3
af, Sandeberg Joakim. "Graphical system visualization and flow display : A visual representation of an authentication, authorization, and accounting backend." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-190007.
Full textAbstract:
Displaying the architecture of a software system is not a simple task. Showing all of the available information will unnecessarily complicate the view, while showing too little might render the view unhelpful. Furthermore, showing the dynamics of the operation of such a system is even more challenging. This thesis project describes the development of a graphical tool that can both display the configuration of an advanced authentication, authorization, and accounting (AAA) system and the messages passed between nodes in the system. The solution described uses force-based graph layouts coupled with adaptive filters as well as vector-based rendering to deliver a view of the status of the system. Force-based layout spreads out the nodes in an adaptive fashion. The adaptive filters starts by showing what is most often the most relevant information, but can be configured by the user. Finally, the vector based rendering offers unlimited zoom into the individual nodes in the graph in order to display additional detailed information. Unified Modeling Language (UML) sequence charts are used to display the message flow inside the system (both between nodes and inside individual nodes). To validate the results of this thesis project each iteration of the design was evaluated through meetings with the staff at Aptilo Networks. These meetings provided feedback on the direction the project was taking as well as provided input (such as ideas for features to implement). The result of this thesis project shows a way to display the status of an AAA system with multiple properties displayed at the same time. It combines this with a view of the flow of messages and application of policies in the network via a dynamically generated UML sequence diagram. As a result human operators are able to see both the system’s architecture and the dynamics of its operation using the same user interface. This integrated view should enable more effective management of the AAA system and facilitate responding to problems and attacks.Att visualisera arkitekturen av ett mjukvarusystem är inte lätt. Visas all tillgänglig information så blir vyn för komplicerad medan ifall för lite visas så blir vyn onödig. Att samtidigt visa dynamiken som uppstår när systemet arbetar är ytterligare en utmaning. Detta examensprojektet beskriver hur utvecklingen av ett grafiskt verktyg, som både kan visa konfigurationen av ett avancerat autentisering-, tillåtelse- och bokförings-system (AAA) och meddelanden som skickas mellan noder i systemet.<p> Lösningen använder en kraftriktad graflayout tillsammans med adaptiva filter och vektorbaserad rendering för att visa en vy av systemets status. De adaptiva filtren börjar med att visa den information som oftast är mest relevant men kan ställas in av användaren. Nyttjandet av vektorbaserad grafik tillhandahåller obegränsade möjligheter för användaren att zooma in på delar av grafen för att visa mer detaljerad information. UML sekvensdiagram används för att visa medelandeflödet inuti systemet (både mellan noder och inuti noder). För att utvärdera resultatet av examensprojektet blev varje iteration av designen utvärderad vid möten med personalen på Aptilo Networks. Dessa möten gav återkoppling på vilken rikting projektet tog samt input med t. ex. id´eer på nya egenskaper att lägga till. Resultatet av detta examensarbete visar ett sätt att visa statusen för ett AAA system med många av systemets egenskaper visade samtidigt. Det kombinerar detta med en vy av flödet av meddelanden och applikationpolicies i nätverket via ett dynamiskt genererat UML sekvensdiagram. Resultatet av detta är att mänskliga operatörer kan se både systemets arkitektur och dynamiken i hur det fungerar i samma gränssnitt. Detta gränssnitt bör möjliggöra mer effektiv hantering av AAA systemet och underlätta lösningar på både problem i systemet och attacker mot systemet.
4
Zaghloul, Said Ismail Said [Verfasser], and Admela [Akademischer Betreuer] Jukan. "Design and Performance Optimization of Authentication, Authorization, and Accounting (AAA) Systems in Mobile Telecommunications Networks / Said Ismail Said Zaghloul ; Betreuer: Admela Jukan." Braunschweig : Technische Universität Braunschweig, 2010. http://d-nb.info/1175828149/34.
Full text
5
Hakobyan, Davit. "Authentication and Authorization Systems in Cloud Environments." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-102870.
Full textAbstract:
The emergence of cloud computing paradigm offers attractive and innovative computing services through resource pooling and virtualization techniques. Cloud providers deliver various types of computing services to customers according to a pay-per-use economic model. However, this technology shift introduces a new concern for enterprises and businesses regarding their privacy and security. Security as a Service is a new cloud service model for the security enhancement of a cloud environment. This is a way of centralizing security solutions under the control of professional security specialists. Identity and access control services are one of the areas of cloud security services, and sometimes, are presented under the term Identity as a Service. This master thesis research is focused on identity-security solutions for cloud environments. More specifically, architecture of a cloud security system is designed and proposed for providing two identity services for cloud-based systems: authentication and authorization. The main contribution of this research is to design these services using service-oriented architectural approach, which will enable cloud-based application service providers to manage their online businesses in an open, flexible, interoperable and secure environment. First, the architecture of the proposed services is described. Through this architecture all system entities that are necessary for managing and providing those identity services are defined. Then, the design and specification of each service is described and explained. These services are based on existing and standardized security mechanisms and frameworks. As a demonstration, a prototype system of an authorization service is implemented and tested based on the designed authorization solution. The implementation is done using Web Service technology respective to the service-oriented design approach. It is shown that both services are at least computationally secure against potential security risks associated with replay attacks, message information disclosure, message tampering, repudiation and impersonation. The designed security system ensures a secure and reliable environment for cloud-based application services which is very easy to deploy and exploit on cloud-based platforms.
6
Hamedtoolloei, Hamidreza. "A service-oriented architecture for authentication and authorization." Diss., Connect to a 24 p. preview or request complete full text in PDF format. Access restricted to UC campuses, 2009. http://wwwlib.umi.com/cr/ucsd/fullcit?p1460003.
Full textAbstract:
Thesis (M.S.)--University of California, San Diego, 2009.Title from first page of PDF file (viewed January 9, 2009). Available via ProQuest Digital Dissertations. Includes bibliographical references (p. 94-97).
7
Yao, Danfeng. "Privacy-aware authentication and authorization in trust management." View abstract/electronic edition; access limited to Brown University users, 2008. http://gateway.proquest.com/openurl?url_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&res_dat=xri:pqdiss&rft_dat=xri:pqdiss:3318375.
Full text
8
Subils, Jean-Baptiste. "Authentication Via Multiple Associated Devices." Scholar Commons, 2015. http://scholarcommons.usf.edu/etd/5778.
Full textAbstract:
This thesis presents a practical method of authentication utilizing multiple devices. The factors contributing to the practicality of the method are: the utilization of devices already commonly possessed by users and the amenability to being implemented on a wide variety of devices. The term “device” refers to anything able to perform cryptographic operations, store data, and communicate with another such device.
In the method presented herein, multiple devices need to be associated with a single user to provide this user an identity in the system. A public key infrastructure is used to provide this identity. Each of the devices associated with a user possesses a public and private key which allow cryptographic operations to be performed. These operations include signing and encrypting data and will prove the identity of each device. The addition of these identities helps authenticate a single user.
A wide variety of devices qualifies to be used by this authentication method. The minimum requirements are: the storage of data such as a private key, the ability to communicate, and a processor to perform the cryptographic operations. Smart devices possess these requirements and the manufacture of such devices can be realized at a reasonable cost.
This method is malleable and implemented in numerous authentication protocols. This thesis illustrates and explains several instances of these protocols.
The method’s primary novelty is its resistance to theft-based attacks, which results from the utilization of multiple devices to authenticate users. A user associated with multiple devices needs to be in possession of these devices to correctly perform the authentication task. This thesis focuses on the system design of this novel authentication method.
9
Tran, Florén Simon. "Implementation and Analysis of Authentication and Authorization Methods in a Microservice Architecture : A Comparison Between Microservice Security Design Patterns for Authentication and Authorization Flows." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-301620.
Full textAbstract:
Microservices have emerged as an attractive alternative to more classical monolithic software application architectures. Microservices provides many benefits that help with code base comprehension, deployability, testability, and scalability. As the Information technology (IT) industry has grown ever larger, it makes sense for the technology giants to adopt the microservice architecture to make use of these benefits. However, with new software solutions come new security vulnerabilities, especially when the technology is new and vulnerabilities are yet to be fully mapped out. Authentication and authorization are the cornerstone of any application that has a multitude of users. However, due to the lack of studies of microservices, stemming from their relatively young age, there are no standardized design patterns for how authentication and authorization are best implemented in a microservice. This thesis investigates an existing microservice in order to secure it by applying what is known as a security design pattern for authentication and authorization. Different security patterns were tested and compared on performance. The differing levels of security provided by these approaches assisted in identifying an acceptable security versus performance trade-off. Ultimately, the goal was to give the patterns greater validity as accepted security patterns within the area of microservice security. Another goal was to find such a security pattern suitable for the given microservice used in this project. The results showed a correlation between increased security and longer response times. For the general case a security pattern which provided internal authentication and authorization but with some trust between services was suggested. If horizontal scaling was used the results showed that normal services proved to be the best target. Further, it was also revealed that for lower user counts the performance penalties were close to equal between the tested patterns. This meant that for the specific case where microservices sees lower amounts of traffic the recommended pattern was the one that implemented the maximum amount access control checks. In the case for the environment where the research were performed low amounts of traffic was seen and the recommended security pattern was therefore one that secured all services of the microservices.Mikrotjänster har framträtt som ett mer attraktivt alternativ än mer konventionella mjukvaruapplikationsarkitekturer såsom den monolitiska. Mikrotjänster erbjuder flera fördelar som underlättar med en helhetsförståelse för kodbasen, driftsättning, testbarhet, och skalbarhet. Då IT industrin har växt sig allt större, så är det rimligt att tech jättar inför mikrotjänstarkitekturen för att kunna utnyttja dessa fördelar. Nya mjukvarulösningar medför säkerhetsproblem, speciellt då tekniken är helt ny och inte har kartlagts ordentligt. Autentisering och auktorisering utgör grunden för applikationer som har ett flertal användare. Då mikrotjänster ej hunnit blivit utförligt täckt av undersökning, på grund av sin relativt unga ålder, så finns det ej några standardiserade designmönster för hur autentisering och auktorisering är implementerade till bästa effekt i en mikrotjänst. Detta examensarbete undersöker en existerande mikrotjänst för att säkra den genom att applicera vad som är känt som ett säkerhetsdesignmönster för autentisering och auktorisering. Olika sådana mönster testades och jämfördes baserat på prestanda i olika bakgrunder. De varierade nivåerna av säkerhet från de olika angreppssätten som säkerhetsmönstrena erbjöd användes för att identifiera en acceptabel kompromiss mellan säkerhet mot prestanda. Målet är att i slutändan så kommer detta att ge mönstren en högre giltighet när det kommer till att bli accepterade som säkerhetsdesignmönster inom området av mikrotjänstsäkerhet. Ett annat mål var att hitta den bästa kandidaten bland dessa säkerhetsmönster för den givna mikrotjänsten som användes i projektet. Resultaten visade på en korrelation mellan ökad säkerhet och längre responstider. För generella fall rekommenderas det säkerhetsmönster som implementerade intern autentisering och auktorisering men med en viss del tillit mellan tjänster. Om horisontell skalning användes visade resultaten att de normala tjänsterna var de bästa valet att lägga dessa resurser på. Fortsättningsvis visade resultaten även att för ett lägre antal användare så var den negativa effekten på prestandan nästan likvärdig mellan de olika mönstren. Detta innebar att det specifika fallet då mikrotjänster ser en lägre mängd trafik så är det rekommenderade säkerhetsmönstret det som implementerad flest åtkomstkontroller. I fallet för den miljö där undersökningen tog plats förekom det en lägre mängd trafik och därför rekommenderades det säkerhetsmönster som säkrade alla tjänster närvarande i mikrotjänsten.
10
Aas, Dag-Inge. "Authentication and Authorization for Native Mobile Applications using OAuth 2.0." Thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for datateknikk og informasjonsvitenskap, 2013. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-22969.
Full textAbstract:
OAuth 2.0 has in the recent years become the de-facto standard of doing API authorization and authentication on mobile devices. However, recent critics have claimed that OAuth does not provide sufficient security or ease-of-use for developers on mobile devices. In this thesis, I study four approaches to mobile authorization using OAuth 2.0, and suggest an improved solution based on current industry best-practices for security on Android. The end result is a solution which provides a native authorization flow for third-party developers to integrate with an existing API endpoint. However, the thesis shows that even with current industry best-practices the proposed solution does not provide a completely secure approach, and developers must keep the security consequences of that fact in mind when implementing OAuth on mobile devices.
11
Dasun, Weerasinghe P. W. H. "Parameter based identification, authentication and authorization method for mobile services." Thesis, City University London, 2010. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.510696.
Full text
12
Alenius, Fabian. "Authentication and Authorization : Achieving Single Sign-on in an Erlang Environment." Thesis, Uppsala University, Department of Information Technology, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-129523.
Full textAbstract:
Forcing users to enter their credentials every time they want to use a service is associated with several problems. Common problems include lowered user productivity, increased administration costs and security issues. As companies and organizations are adding more services to their networks, it is becoming an increasingly important problem. By allowing users to sign on once and centralizing access control decisions, it is possible to reduce or completely mitigate this problem. This paper describes how a service written in Erlang was modified to allow for single sign-on and centralized access control.
13
Mensah, Francis. "Framework to Implement Authentication, Authorization and Secure Communications in a Multiuser Collaborative CAx Environment." BYU ScholarsArchive, 2014. https://scholarsarchive.byu.edu/etd/4314.
Full textAbstract:
Computer Aided Design (CAD) applications have historically been based on a single user per application architecture. Although this architecture is still popular to date, it does have several drawbacks. First of all the single user CAD architecture inhibits a concurrent engineering design process where several designers can work on the same model simultaneously. This limitation introduces time inefficiency especially when a project involves geographically dispersed designers. A solution to these drawbacks could be a transition from the traditional single user CAD architecture to a multiuser collaborative architecture. Advances in computer networking technologies, especially relating to the Internet, have provided the needed tools to make this transition a reality, thus making it possible for designers to simultaneously work on geometric models from one or more networked computers regardless of the location of the user. This new paradigm is expected to improve collaboration and greatly reduce product design times and consequently reduce cost and improve productivity. The multi-user architecture will, however, also require reliable security mechanisms to ensure its successful deployment in an enterprise environment where protection of intellectual property is of critical importance. This thesis proposes a framework to implement authentication, authorization and secure data communications in a multiuser collaborative CAD software system. This framework has been tested on an emerging multiuser collaborative CAD system called v-CAx being developed at Brigham Young University.
14
Gerdzhikov, Petko. "Behaviour of Port-knocking authentication mechanism." Thesis, Linnéuniversitetet, Institutionen för datavetenskap (DV), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-60929.
Full textAbstract:
Port-knocking is a security mechanism used in computer systems to hide available network services. Its operation relies on a drop policy firewall setting in order to make impossible for port-scanning attacks to occur. This project researches the impact of implementing such a software solution. Furthermore, it looks into the behavior of three chosen implementations and make conclusions on the benefits and disadvantages that they bring. In addition, the surrounding implications related to both user and administrator are explored. This thesis includes tests on the resource consumption of the implementations as well as records of the added delay of using the mechanism when initiating a SSH session. There has not been such research performed in this field and the results of it could be beneficial to those who are involved in computer science and network security in particular. Finally, the product of this study state that port-knocking is overlooked and has great benefits in preventing zero-day exploits and hacker tools relying on exposed network services.
15
Das, Devaraj. "Design and Implementation of an Authentication and Authorization Framework for a Nomadic Service Delivery System." Thesis, Indian Institute of Science, 2002. http://hdl.handle.net/2005/70.
Full textAbstract:
Internet has changed our lives. It has made the true distributed computing paradigm a reality. It has opened up a lot of opportunities both in the research domain and in business domain. One can now think of developing software and make it available to the large community of users. Hyper Text Transfer Protocol (HTTP), which was originally developed for the purpose of requesting/transferring content (text, images, etc.), is now a standard for remotely invoking services and getting back results.
The wireless technologies have also matured. 802.11 is the existing standard for wireless communication in a LAN environment. Today, even the small computers like the Personal Digital Assistants (PDA) is wireless enabled. This makes access to information and computing significantly much more convenient.
Hotspot! server has been designed to provide connectivity and services in public places (called hotspots). It acts as a wireless Network Access Server (NAS) to users who want to obtain connectivity and services at public places. We believe that the primary applications that have importance and relevance in public places are Internet Access, and specific context-based or location specific services. These services are deployed by Internet Service Providers. Secure access is one of the primary concerns in public networks. We designed, developed and tested a framework for secure access to HTTP-based services through the Hotspot! server. Internet Access is a special case of a HTTP-based Proxy service.
16
Odyurt, Uraz. "Evaluation of Single Sign-On Frameworks, as a Flexible Authorization Solution : OAuth 2.0 Authorization Framework." Thesis, Linnéuniversitetet, Institutionen för datavetenskap (DV), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-37097.
Full textAbstract:
This work introduces the available authorization frameworks for the purpose of Single Sign-On functionality within an enterprise, along with the fundamental technicalities. The focus of the work is on SAML 2.0 and OAuth 2.0 frame- works. Following the details related to available protocol flows, supported client profiles and security considerations, the two frameworks are compared in accordance with a set of factors given in a criteria. The report discusses the possibilities provided by a Microsoft Windows based infrastructure, as well as different scenarios and their feasibility in an enterprise environment. The preferred framework, OAuth 2.0, is selected according to the given criteria and the comparative discussions.
17
Guitérrez, Barquín Jesús Miguel. "Network Independent Quality of Service : The role of Authentication, Authorization, and Accouting in a roaming environment." Thesis, KTH, Kommunikationssystem, CoS, 2006. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-92253.
Full textAbstract:
With the increasing shift to the Internet Protocol [3] for all networks and the desire of telecommunications service providers to offer new value to their customers, the need exists to coordinate the delivery of end-to-end quality of service so that providers may offer new services to support their customer’s applications. The key objective of the EuQoS project is to research, integrate, test, validate, and demonstrate end-to-end QoS technologies to support advanced QoS-aware applications over multiple, heterogeneous research, scientific, and industrial network domains. End-to-end quality of service support for multiple applications is a great added value and could become the next major growth spurt in the telecommunications industry. A crucial requirement for the QoS model is that it must not add significant complexity to the existing mechanisms and must be compatible with legacy applications and equipment. Proxy signaling handlers will be used to satisfy the latter constraint. This thesis analyzes possible roaming scenarios and how Authentication, Authorization, and Accounting should be tackled. I seek to provide reasonable solutions and to consider the current environment, always trying to re-use, when possible, the existing architecture and components.De huvudsakliga målen med EuQoS projektet är att integrera, testa, utvärdera och demonstrera QoS från en ende av kommunikationen till en annan för att stödja avancerade QoS tillämpningar inom multipla nätverksdomäner industrioch forskningsverksamhet. Denna nya teknik är av stort värde och kan komma att bli nästa stora steg i utvecklingen av telekommunikation. Användandet av IPnätverk ökar och i samma takt ökar även efterfrågan av nya och bättre kommunikationstjänster. Därför finns det ett stort behov av QoS hos Internetleverantörerna som ständigt måste tillgodose kundernas önskemål. Det är viktigt att QoS modellen inte komplicerar den redan existerande tekniken. Därför måste den vara kompatibel med befintliga tekniker och utrustning. För att uppfylla dessa krav kommer Proxy signalbehandlare att användas. Den här rapporten behandlar möjliga roaming scenarier och hur AAA bör hanteras. Jag har som mål att presentera rimliga lösningar som tar hänsyn till miljön. För detta används i största möjliga mån redan existerande infrastruktur.
Con la continua evolución de las aplicaciones basadas en el protocolo IP en todas las redes, y el deseo de los proveedores de servicios de telecomunicaciones de ofrecer un valor añadido a sus clientes, cohabita la necesidad de coordinar la entrega de calidad de servicio (QoS) extremo a extremo. De esta forma los proveedores pueden aumentar la oferta de servicios mediante nuevas aplicaciones. El principal objetivo del proyecto EuQoS es investigar, desarrollar, integrar y probar una tecnología independiente de la red de acceso que garantice QoS extremo a extremo. El sistema esta pensado inicialmente para dar soporte a las aplicaciones: VoIP, VoD, video conferencia, y a una aplicación médica llamada MEDIGRAF, sobre múltiples y heterogéneas redes de acceso. Los parámetros que EuQoS tiene en cuenta para la reserva de la calidad de servicio son el ancho de banda, el retardo, la variación del retardo (jitter), y las pérdidas permitidas. Un requisito fundamental para el modelo de QoS es que debe añadir la mínima complejidad posible al existe funcionamiento del sistema y debe ser compatible con el legado de aplicaciones y equipo. Esto se solucionará mediante el uso de señalización a nivel de Proxy. Este proyecto analiza los posibles escenarios de roaming y cómo se debería afrontar la Autenticación, Autorización, y Accounting (AAA) en estas condiciones de itinerancia. En los capítulos iniciales hacen una descripción general del sistema EuQoS, para tener una visión global del proceso de reserva de recursos. Es necesario conocer la estructura completa para lograr una integración mayor y con el menor coste posible. El proyecto EuQoS propone y desarrolla un nuevo mecanismo de QoS que se construye sobre un estado del arte que incorpora los siguientes mecanismos: Monitorización y Medición, Control de Admisión, Gestión de Fallos, Señalización y Negociación de Servicio, Seguridad y AAA, Charging, Ingeniería de Tráfico y Optimización de Recursos. Con el fin de conocer lo que anteriormente otros habían hecho en este campo, antes de escribir una sola línea de este proyecto, llevé a cabo una extensa búsqueda de documentación. Parte de la información utilizada en este documento ha sido extraída de las entregas públicas del proyecto EuQoS hechas a la Comisión Europea. Además de la bibliografía mostrada en las referencias, Ericsson tiene sus propios informes técnicos e implementaciones de protocolos como el protocolo de iniciación de sesión (SIP) y DIAMETER, que se han consultado en varias ocasiones y han contribuido a lo largo de la investigación. Existe una enorme similitud entre la arquitectura del sistema y la de IMS. De esta manera, algunos de los conceptos aplicados a la hora de desarrollar una solución para el caso de roaming para EuQoS se basan en los flujos de señalización utilizados en IMS y en los anteproyectos de nuevos RFCs.
18
Shen, Ziyi. "Red Door: Firewall Based Access Control in ROS." Thesis, University of North Texas, 2020. https://digital.library.unt.edu/ark:/67531/metadc1752358/.
Full textAbstract:
ROS is a set of computer operating system framework designed for robot software development, and Red Door, a lightweight software firewall that serves the ROS, is intended to strengthen its security. ROS has many flaws in security, such as clear text transmission of data, no authentication mechanism, etc. Red Door can achieve identity verification and access control policy with a small performance loss, all without modifying the ROS source code, to ensure the availability and authentication of ROS applications to the greatest extent.
19
Lavesson, Alexander, and Christina Luostarinen. "OAuth 2.0 Authentication Plugin for SonarQube." Thesis, Karlstads universitet, Institutionen för matematik och datavetenskap (from 2013), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-67526.
Full textAbstract:
Many web services today give users the opportunity to sign in using an account belonging to a different service. Letting users authenticate themselves using another service eliminates the need of a user having to create a new identity for each service they use. Redpill Linpro uses the open source platform SonarQube for code quality inspection. Since developers in the company are registered users of another open source platform named OpenShift, they would like to authenticate themselves to SonarQube using their OpenShift identity. Our task was to create a plugin that offers users the functionality to authenticate themselves to SonarQube using OpenShift as their identity provider by applying the authentication framework OAuth. Theproject resulted in a plugin of high code quality according to SonarQube’s assessment. RedpillLinpro will use the plugin to easily access SonarQube’s functionality when using theapplication in their developer platform.
20
Hortai, František. "DYNAMICKÝ BIOMETRICKÝ PODPIS JAKO EFEKTIVNÍ NÁSTROJ PRO VNITROPODNIKOVOU KOMUNIKACI." Doctoral thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2019. http://www.nusl.cz/ntk/nusl-402115.
Full textAbstract:
The aim of this thesis is to provide comprehensive information on the possibilities of authentication, combination of authentication factors and the integration of this issue into corporate communication. The work focuses on this issue and specifies the possibilities for obtaining authentication information, analyses the authentication methods, identification and authorization. It examines the applicability of biometric technologies, the principle of their functionality, examples of their use, their impact, the advantages and disadvantages they bring. A natural, easy-to-use, convenient tool for effective and secure communication is authentication including the dynamic biometric signature. The issues of the dynamic biometric signature technology and its implementation are examined from a comprehensive perspective involving experiments. The research proved that the dynamic biometric signature can serve as a method for supporting secure corporate communication and reduce authentication risks in companies and for individuals.
21
Chan, Fuk-Wing Thomas. "Preserving Trust Across Multiple Sessions in Open Systems." BYU ScholarsArchive, 2004. https://scholarsarchive.byu.edu/etd/137.
Full textAbstract:
Trust negotiation, a new authentication paradigm, enables strangers on the Internet to establish trust through the gradual disclosure of digital credentials and access control policies. Previous research in trust negotiation does not address issues in preserving trust across multiple sessions. This thesis discusses issues in preserving trust between parties who were previously considered strangers. It also describes the design and implementation of trust preservation in TrustBuilder, a prototype trust negotiation system. Preserving trust information can reduce the frequency and cost of renegotiation. A scenario is presented that demonstrates that a server supporting trust preservation can recoup the cost of the trust preservation facility when approximately 25% of its requests are from repeat customers. The throughput and response time improve up to approximately 33% as the percentage of repeat customers grows to 100%.
22
Sharma, Gaurav Medhi Deepankar. "Hash chain based authentication and accounting for fast handoffs in wireless LANs." Diss., UMK access, 2004.
Find full textAbstract:
Thesis (M.S.)--School of Computing and Engineering. University of Missouri--Kansas City, 2004."A thesis in computer science." Typescript. Advisor: Deepankar Medhi. Vita. Title from "catalog record" of the print edition Description based on contents viewed Feb. 28, 2006. Includes bibliographical references (leaves 54-60). Online version of the print edition.
23
Alzomai, Mohammed Hamad. "Identity management : strengthening one-time password authentication through usability." Thesis, Queensland University of Technology, 2011. https://eprints.qut.edu.au/46213/1/Mohammed_Alzomai_Thesis.pdf.
Full textAbstract:
Usability in HCI (Human-Computer Interaction) is normally understood as the simplicity and clarity with which the interaction with a computer program or a web site is designed. Identity management systems need to provide adequate usability and should have a simple and intuitive interface. The system should not only be designed to satisfy service provider requirements but it has to consider user requirements, otherwise it will lead to inconvenience and poor usability for users when managing their identities. With poor usability and a poor user interface with regard to security, it is highly likely that the system will have poor security. The rapid growth in the number of online services leads to an increasing number of different digital identities each user needs to manage. As a result, many people feel overloaded with credentials, which in turn negatively impacts their ability to manage them securely. Passwords are perhaps the most common type of credential used today. To avoid the tedious task of remembering difficult passwords, users often behave less securely by using low entropy and weak passwords. Weak passwords and bad password habits represent security threats to online services. Some solutions have been developed to eliminate the need for users to create and manage passwords. A typical solution is based on generating one-time passwords, i.e. passwords for single session or transaction usage. Unfortunately, most of these solutions do not satisfy scalability and/or usability requirements, or they are simply insecure. In this thesis, the security and usability aspects of contemporary methods for authentication based on one-time passwords (OTP) are examined and analyzed. In addition, more scalable solutions that provide a good user experience while at the same time preserving strong security are proposed.
24
Bourass, Achraf. "Échanges entre véhicules intelligents électriques et la grille pour la planification de la charge et le routage." Mémoire, Université de Sherbrooke, 2017. http://hdl.handle.net/11143/11546.
Full textAbstract:
Le nombre de véhicules électriques (VEs) augmente de plus en plus depuis des dernières années. De ce fait, des problèmes d’attente dans les stations de recharge apparaissent, vu leur nombre limité dû aux coûts élevés d’installation. En outre, il y a des problèmes liés d'une part à l’autonomie due à la capacité limitée des batteries et des problèmes liés d'autre part à la crainte d’avoir une portée insuffisante pour atteindre une destination du véhicule ou de tomber en rupture d’énergie entre un point de départ et un point de destination. Faire de la planification de recharge et diriger les conducteurs vers des stations de recharge disponibles pendant leur trajet pourraient contribuer à résoudre ces deux problèmes. Pour ce faire, une communication bidirectionnelle entre les VEs et la grille serait utile. C’est dans ce cadre, que ce projet est proposé.
D’une part, dans ce projet, on propose une architecture sécurisée où les VEs et la grille intelligente peuvent échanger les données pour effectuer une réservation des créneaux horaires dans les stations de recharge et planifier les itinéraires. Une étape d’authentification et d’autorisation du véhicule ou de l’usager est primordiale pour garantir la sécurisation des échanges et la confidentialité des données des VEs. Cela implique une demande de fournir des informations en mode crypté à travers les protocoles de sécurisation. Cette étape d’authentification et d’autorisation est établie après une étape de notification du VE.
D’autre part, on met en place un nouveau schéma pour planifier les itinéraires des VEs. Ce schéma prend en compte l’état de charge du véhicule, son origine, sa destination et les stations de recharge disponibles sur la route. Le schéma établit la réservation dans les stations selon des mécanismes d’optimisation de temps d’attente du VE dans les stations de recharge et de sa consommation d’énergie globale durant son voyage depuis le point d’origine jusqu’à la destination voulue.Abstract : The number of electric vehicles (EVs) has increased significantly in recent years. Owing to the limited number of charging stations (CSs), the waiting time in charging stations has swelled. In addition, the limited capacity of EV batteries can evoke the drivers’ range-anxiety, defined as the fear of having insufficient range to reach a destination. Make a charging planning and directing the drivers to the available charging stations during their journey could help to solve these problems. To do this, a bidirectional communication between the EVs and the smart grid would be useful. It is within this framework that this project is proposed. In this project, we propose a secure architecture where EVs and the smart grid can exchange data information for making slots reservation at the charging stations and route planning. Authentication and authorization of EVs or users is essential to guarantee EVs confidentiality and the exchange of information. This implies a request to provide the sensitive information in encrypted mode through security protocols. These procedures are executed after the EV notification process. Besides, we propose a new scheme for planning EVs itineraries. This scheme considers the state of charge of EVs, their starting positions, their destinations and the charging stations available on the road. The system establishes the reservation of the charging slots via optimizing the waiting time at charging stations as well as the energy consumption during EVs journey, from their starting positions to their designated destinations.
25
Zuccato, Diego. "Progettazione e realizzazione di un portale multi-Ente." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2019. http://amslaurea.unibo.it/17920/.
Full text
26
Hines, Larry, and Jeff Kalibjian. "Securing Print Services for Telemetry Post-Processing Applications." International Foundation for Telemetering, 2006. http://hdl.handle.net/10150/604260.
Full textAbstract:
ITC/USA 2006 Conference Proceedings / The Forty-Second Annual International Telemetering Conference and Technical Exhibition / October 23-26, 2006 / Town and Country Resort & Convention Center, San Diego, CaliforniaOne of the primary goals of telemetry post processing is to format received data for review and analysis. This occurs by both displaying processed data on video monitors and by printing out the results to hardcopy media. Controlling access (i.e. viewing) of telemetry data in soft form (i.e. video monitor) is achieved by utilizing the existing framework of authentication and authorization on the client/server machines hosting the telemetry data (and post processing applications). Controlling access to hardcopy output has historically been much more problematic. This paper discusses how to implement secure printing services for telemetry post processing applications.
27
Gonzalez, Nelson Mimura. "Proposta de arquitetura e solução de gerenciamento de credenciais para autenticação e autorização em ambientes de computação em nuvem." Universidade de São Paulo, 2014. http://www.teses.usp.br/teses/disponiveis/3/3141/tde-12122014-154305/.
Full textAbstract:
O modelo de computação em nuvem (cloud computing) reúne características como elasticidade, compartilhamento de recursos, obtenção de serviços sob demanda, e escalabilidade. Este modelo aumenta a eficiência de utilização de recursos, reduzindo drasticamente o custo de manutenção de infraestruturas de hardware e software. Contudo, diversos problemas relacionados a aspectos de segurança são observados nos ambientes de nuvem, o que reduz a adoção da tecnologia de maneira significativa. Os principais problemas identificados referem-se à confidencialidade dos dados dos usuário e à proteção dos canais de comunicação. Estes problemas podem ser resolvidos por meio do emprego de mecanismos de autenticação e autorização que controlem efetivamente o acesso aos recursos e aos serviços da nuvem por parte dos usuários e quaisquer outras entidades que consigam acessar estes elementos. Isto sugere a utilização de credenciais, que permitem estabelecer permissões e obrigações das entidades de um ecossistema de computação em nuvem. Esta dissertação apresenta uma proposta de Sistema de Gerenciamento de Credenciais (SGC) para computação em nuvem, que visa implementar uma solução de identificação de entidades e controle de acesso à nuvem. Para isto foi realizada uma pesquisa para levantar as principais referências relativas à computação em nuvem, segurança em computação em nuvem, e gerenciamento de credenciais. A partir dos resultados desta pesquisa, foi definido um modelo conceitual que descreve a solução proposta, identificando os seus requisitos e a sua arquitetura. Finalmente foi desenvolvido um protótipo para realização de testes, de modo a validar a solução proposta e verificar o atendimento aos requisitos definidos previamente. Os resultados revelam a possibilidade de desenvolver um Sistema de Gerenciamento de Credenciais (SGC) capaz de prover os mecanismos de segurança adequados para a nuvem sem a necessidade de modificar as aplicações e serviços originais da mesma, culminando em uma solução transparente para usuários, desenvolvedores, e administradores da nuvem. O sistema proposto foi, também, capaz de estabelecer canais de comunicação seguro entre as entidades da nuvem, permitindo proteger de maneira seletiva as informações que trafegam pela rede. Desta forma, é possível afirmar que soluções em nuvem podem ser tornar mais seguras (e confiáveis) por meio do emprego de mecanismos transparentes e abrangentes para autenticação e autorização de entidades e operações.Cloud computing is a computing model based on characteristics such as elasticity, resource sharing, on-demand resource acquisition, and scalability. This model increases resource usage efficiency, drastically reducing maintenance costs of hardware and software infrastructures. However, problems related to security aspects represent obstacles for a wider adoption of the technology. The main problems identified are related to data confidentiality and communication channels protection. These problems can be addressed by authentication and authorization mechanisms which are able to effectively control the access to resources and services. This suggests the use of credentials which define the permissions and obligations of entities from a cloud computing ecosystem. This work presents a Credential Management System (CMS) for cloud computing, which implements a solution for identification and access control in the cloud environment. The research included a survey of references related to cloud computing, security in cloud computing, and credential management. Taking the results of this research, it was specified a conceptual model which describes the proposed solution, identifying the main requirements of the solution and its architecture. Finally it was developed a prototype in order to perform tests to validate the solution and verify if the requirements were addressed. The results reveal the possibility of developing a credential management solution able to provide the adequate security mechanisms without the need to modify the original applications and services, leading to a transparent solution for users, developers, and cloud administrators. The solution was also able to establish secure communication channels between cloud entities, allowing to selectively protect information that is exchanged in the network. The conclusion is that it is possible to make cloud applications and services more secure (and reliable) by using transparent and comprehensive mechanisms for authentication and authorization of entities and operations.
28
Jaroš, David. "Mikroelektronické časově-prostorové autentizační techniky." Doctoral thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2015. http://www.nusl.cz/ntk/nusl-234525.
Full textAbstract:
This dissertation work focusses on using information about the location of the user during the authentication process on computer networks. With the growth of mobile computer devices over the last two decades the physical location of users is becoming one of the main issues for access management. This work researches existing solutions which are divided in to two groups related to the source of location information (SATNAV systems for example GPS and based on communication with active infrastructure such as GSM, Wi-Fi). This work shows the methodology for evaluating authentication data which use the principle of fuzzy logic. In comparison with binary logic it is possible to evaluate authentication data accurately. As a result of the authentication process the information is of a higher value, which can be taken into account when setting the levels of user privileges. An important aspect of working with location information is that the user is located in the same place and from where they are asking for access to the system. Solving this question could be linking user biometrics for example finger prints. This principle is used in two types of microelectronic authentication terminals which were developed in conjunction with this work. The first type of terminal uses a SATNAV receiver and an ISM wireless communication module as a source of location information. On the first type of authentication terminal newly developed authentication techniques were tested. The users biometrics are checked by finger print sensor with embedded processing. In the second type authentication terminal a Wi-Fi and GSM module were added for location purposes. In the conclusion of this dissertation the testing methodology of the data authorization and evaluation process of the second type of microelectronic authentication terminal is shown. This confirms the practicality of the suggested methodology and the time-space information in the authentication process.
29
Phiri, Jackson. "A digital identity management system." Thesis, UWC, 2007. http://hdl.handle.net/11394/2871.
Full textAbstract:
>Magister Scientiae - MScThe recent years have seen an increase in the number of users accessing online services using communication devices such as computers, mobile phones and cards based credentials such as credit cards. This has prompted most governments and business organizations to change the way they do business and manage their identity information. The coming of the online services has however made most Internet users vulnerable to identity fraud and theft. This has resulted in a subsequent increase in the number of reported cases of identity theft and fraud, which is on the increase and costing the global industry excessive amounts. Today with more powerful and effective technologies such as artificial intelligence, wireless communication, mobile storage devices and biometrics, it should be possible to come up with a more effective multi-modal authentication system to help reduce the cases of identity fraud and theft. A multi-modal digital identity management system is proposed as a solution for managing digital identity information in an effort to reduce the cases of identity fraud and theft seen on most online services today. The proposed system thus uses technologies such as artificial intelligence and biometrics on the current unsecured networks to maintain the security and privacy of users and service providers in a transparent, reliable and efficient way. In order to be authenticated in the proposed multi-modal authentication system, a user is required to submit more than one credential attribute. An artificial intelligent technology is used to implement a technique of information fusion to combine the user’s credential attributes for optimum recognition. The information fusion engine is then used to implement the required multi-modal authentication system.
30
Marek, Martin. "Bezpečnost lokálních počítačových sítí." Master's thesis, Vysoké učení technické v Brně. Fakulta strojního inženýrství, 2010. http://www.nusl.cz/ntk/nusl-229175.
Full textAbstract:
The diploma thesis is concerned with solving security problems in local computer networks. The main part deals with the solution of authorization of wireless clients against the RADIUS server and with the proposal of domain controller using open-source products and the tools of operating system GNU/Linux.
31
Bülling, Emelie, and Annchristine Lind. "Vem granskar vem?" Thesis, Högskolan i Borås, Institutionen Handels- och IT-högskolan, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:hb:diva-20758.
Full textAbstract:
Senast som revisionsplikten var föremål för aktiebolagskommitténs arbete var 1995. Skälet som angavs då för inskränkning av revisionsplikten var att revisionen innebar en kostnad för företagen. Vid det tillfället skedde inga ändringar då revisionsplikten ansågs förhindra ekonomisk brottslighet i framförallt de mindre bolagen med ett litet aktiekapital. Vid ett möte i mars 2007 betonade det Europeiska rådet kraftiga gemensamma insatser för att minska de administrativa bördorna för företag. Det betonades att små och medelstora företags kostnader för revision och redovisning är särskilt betungande. Den 1 november 2010 avskaffades revisionsplikten i Sverige för aktiebolag som underskrider två av tre följande värden: 3 mnkr i nettoomsättning, 1,5 mnkr i balansomslutning och tre anställda.Uppsatsen fokuserar på hur aktören redovisningskonsult har påverkats av den frivilliga revisionen och följande fråga kan ställas: Innebär den frivilliga revisionen att auktoriserade redovisningskonsulter kan komma att få en alltmer framträdande och betydande roll bland de mindre bolagen och intressenterna och i sådana fall hur?Syftet med denna studie är att övergripande undersöka och belysa redovisningskonsultens mer framträdande roll och ansvar efter det att reglerna om frivillig revision trätt i kraft. I studien har vi även försökt klarlägga om redovisningskonsulten har fått något indirekt ökat ansvar efter det att reformen trätt i kraft och hur det kan ha påverkat intressenterna. Avsikten med litteraturgenomgången är att belysa samt är att ge en översiktsbild av redovisningskonsulten.Empirin består av kvalitativa intervjuer som har genomförts med intressenter som har påverkats av den frivilliga revisionen. Det empiriska materialet har sammanställts för att sedan analyseras genom vår fördjupade litteraturgenomgång. Från resultatet som framkommer ur vår analys kan slutsatsen dras att den frivilliga revisonen leder till att den auktoriserade redovisningskonsulten kommer få en mer betydande roll. Den nya situationen kommer att leda till omstruktureringar i branschen och redovisningskonsultens roll och ansvar blir mer framträdande. Studiens avsikt och resultat bidrar till att lyfta fram och skapa en helhetsbild av redovisningskonsulten som kan sättas in i en större kontext inom redovisningen.Program: Civilekonomprogrammet
32
Andersson, Fredrik, and Malmqvist Simon Cedergren. "Effective construction of data aggregation services in Java." Thesis, Malmö högskola, Fakulteten för teknik och samhälle (TS), 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-20735.
Full textAbstract:
Stora mängder data genereras dagligen av slutanvändare hos olika tjänster. Denna data tenderar att tillhandahållas av olika aktörer, vilket skapar en fragmenterad marknad där slutanvändare måste nyttja flera programvaror för att ta del av all sin data. Detta kan motverkas genom utvecklandet av aggregeringstjänster vilka samlar data från flera tjänster på en enskild ändpunkt. Utveckling av denna typ av tjänster riskerar dock att bli kostsamt och tidskrävande, då ny kod skrivs för flera projekt trots att stora delar av funktionaliteten är snarlik. För att undvika detta kan etablerade tekniker och ramverk användas för att på så vis återanvända mer generella komponenter. Vilka av dessa tekniker som är bäst lämpade och således kan anses vara mest effektiva ur ett utvecklingsperspektiv, kan dock vara svårt att avgöra. Därför baseras denna uppsats på vad som genom analys av akademisk litteratur kan utläsas som ett akademiskt konsensus.Innan denna uppsats påbörjades utvecklades en Java-baserad dataaggeringstjänst baserad på krav från ÅF i Malmö. Denna experimentella implementation har som syfte att samla in data från två separata tjänster, och tillgängliggöra denna på en enskild ändpunkt. Efter att implementationen färdigställts påbörjades arbetet på uppsatsen. Denna består av en litteraturstudie för att undersöka vilka tekniker och ramverk som akademisk forskning funnit bäst lämpad för användningsområdet. Vidare används resultaten från studien även för att analysera i vilken grad dessa korrelerar med de krav som ÅF presenterade inför den experimentella implementationen.Litteraturstudien visar på att de teknikmässiga val som gjordes av företaget i stor utsträckning korrelerar med de tekniker som akademisk forskning funnit bäst lämpade för användningsområdet. Detta innefattar bland annat OAuth 2.0 för autentisering, JSON som serialiseringsformat samt REST som kommunikationsarkitektur. Vidare visar denna litteraturstudie på en eventuell lucka inom den tillgängliga litteraturen, då sökningar kring specifika programvaror relaterade till området endast resulterar i en mindre mängd artiklar.Large quantities of data are generated daily by the end users of various services. This data is often provided by different providers, which creates a fragmented market where the end users have to utilize multiple applications in order to access all of their data. This can be counteracted by the development of aggregation services that gather data from multiple services to a combined endpoint. The development of these kinds of services does however run the risk of becoming costly and time-consuming since new code is written for several projects even though large portions of the functionality is similar. To avoid this, established technologies and frameworks can be utilized, thereby reusing the more general components. Which of the technologies are the best suited, and thereby can be considered the most effective from a development perspective, can however be difficult to determine. This essay is therefore based on what can be considered an academic consensus through analysis of literature regarding earlier reasearch on the subject. Before the writing of the essay began a Java-based data aggregation service was developed, based on requirements from the company ÅF in Malmö. The purpose of this experimental implementation is to gather data from two separate services, and make them accessible on a unified endpoint.After the implementation was finished, work on the essay began. This consists of a literature review to investigate what technologies and frameworks that has been found best suited for this area of application by academic research. The results from this study are also used to analyze the extent of the correlation between the results and the requirements presented by ÅF regarding the experimental implementation. The literature review shows that the choices made by the company largely correlates with the technologies that the academic research has found best suited for this area of application. This includes OAuth 2.0 for authentication, JSON as a serialization format and REST for communications architecture. The literature review also indicates a possible gap within the available academic literature since searches regarding specific pieces of software related to the subject only results in a small amount of articles.
33
Khan, Hiba. "What Are the Security Challenges Concerning Maintenance Data in the Railway Industry." Thesis, Luleå tekniska universitet, Digitala tjänster och system, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-75741.
Full textAbstract:
Recently, technology advancement has brought improvement in all the sectors, including the railway sector. The Internet of Things (IoT) based railway systems have immense potential to improve quality and systems that will enable more efficient, environmental friendly railway system. Many research brought innovations that offer enormous benefits for rail travel. The current research focuses on the railway industries, as they want to reap the benefits of IT concept such as Cloud Computing, Information Security, and Internet of Things (IoT). Railway industries are generating a large volume of data every day from different sources. In addition, machine and human interactions are rapidly increasing along with the development of technologies. This data need to be properly gathered, analysed and shared in a way that it is safe from different types of cyberattacks and calamities. To overcome smart devices’ and Cloud’s limitations, the new paradigm known as Fog computing has appeared. In which an additional layer processes the data and sends the results to the Cloud. Despite numerous benefits of Fog, computing brings into IoT-based environments, privacy and security issues remain the main challenge for its implementation. Hence, the primary purpose of this research is to investigate the potential challenges, consequences, threats, vulnerabilities, and risk management of data security in the railway infrastructure in the context of eMaintenance.
34
Villar, Melissa Vieira Fernandes. "Modelo de autenticaÃÃo e autorizaÃÃo baseado em certificados de atributos para controle de acesso de aplicaÃÃes em ambiente distribuÃdo utilizando redes de petri coloridas." Universidade Federal do CearÃ, 2007. http://www.teses.ufc.br/tde_busca/arquivo.php?codArquivo=2047.
Full textAbstract:
Devido Ãs crescentes ameaÃas inerentes aos sistemas de informaÃÃo, o uso de mecanismos de autenticaÃÃo e autorizaÃÃo baseados em identificador de usuÃrio e senha nÃo à mais suficiente para garantir a seguranÃa das informaÃÃes. Este trabalho propÃe um novo modelo de autenticaÃÃo e autorizaÃÃo para controle de acesso de aplicaÃÃes distribuÃdas, baseado em resumos criptogrÃficos e certificados de atributos. Os resumos criptogrÃficos sÃo utilizados no processo de autenticaÃÃo da aplicaÃÃo, enquanto os certificados de atributos especificam privilÃgios e outras informaÃÃes de autorizaÃÃo associadas ao seu proprietÃrio. Os certificados de atributos sÃo gerenciados pela infra-estrutura de gerenciamento de privilÃgios (IGP). A arquitetura e o funcionamento do modelo bem como os processos de geraÃÃo do certificado de atributos, autenticaÃÃo e autorizaÃÃo da aplicaÃÃo sÃo descritos. O modelo proposto foi especificado em Redes de Petri Coloridas e validado por meio de simulaÃÃes.Due to increasing threats inherent to the information systems, the use of authentication and authorization mechanisms based in login and password does not enough to assure the information security. This work proposes a new model of authentication and authorization for distributed applications, based in hash and attributes certificates. Hash is used in the application authentication process, while certificates of attributes specify privileges and other authorization information. Its use is managed by the privilege management infrastructure (PMI). In this work, we describe the architecture and the functioning of the model, as well the processes of the attributes certificates generation, authentication and authorization of the application. The proposed model was specified in Coloured Petri Nets and validated by simulation.
35
Foltýn, Petr. "Návrh a realizace jednotek modulárního přístupového systému." Master's thesis, Vysoké učení technické v Brně. Fakulta strojního inženýrství, 2010. http://www.nusl.cz/ntk/nusl-229208.
Full text
36
Mazák, Matej. "Výber autentizačnej metódy pri prihlasovaní do elektronického bankovníctva v nadväznosti na zrušenie autentizácie GRID kartou." Master's thesis, Vysoká škola ekonomická v Praze, 2017. http://www.nusl.cz/ntk/nusl-358806.
Full textAbstract:
The aim of this Master thesis is to choose appropriate authentication method for logging in to the electronic banking. The chosen solution will serve as an additional factor for authentication and authorization of client and at the same time as the replacement of the outdated security method GRID card. Development and direction of the electronic banking is explained in the theoretical part of the thesis. Further on, the advantages of this channel that are provided to clients and bank, are described. Some of the trends which daily affect the direction of the electronic banking are also described. Security is very important part of the electronic banking and that is why it is mentioned in the each part of this thesis. The practical part contains proposed cancellation procedure of GRID cards and proposal of the new solutions that could replace them in the future. It also contains selection and description of evaluation criteria and multi-criteria evaluation of the selected solutions. Saaty method and scoring method were used to determine the weight of the particular criteria. Conclusion of the thesis compares achieved results of the individual authentication methods and assets of this Master thesis.
37
MORAES, Falkner de Área Leão. "SEGURANÇA E CONFIABILIDADE EM IDS BASEADOS EM AGENTES." Universidade Federal do Maranhão, 2009. http://tedebc.ufma.br:8080/jspui/handle/tede/1843.
Full textAbstract:
Submitted by Maria Aparecida (cidazen@gmail.com) on 2017-08-21T12:14:23Z
No. of bitstreams: 1
Falkner de Arêa Leão Moraes.pdf: 2601896 bytes, checksum: 0fa8b49e3f279d911a70b4f78d9cbe08 (MD5)Made available in DSpace on 2017-08-21T12:14:23Z (GMT). No. of bitstreams: 1 Falkner de Arêa Leão Moraes.pdf: 2601896 bytes, checksum: 0fa8b49e3f279d911a70b4f78d9cbe08 (MD5) Previous issue date: 2009-02-16
Lack of security is a constant concern in open distributed systems. Threats are present within environments insecure, uncertain and constantly changing. Due to this problem, many tools for evaluating vulnerabilities of the network as well as for their protection are being developed as techniques for encryption and software systems such as antivirus, firewall and IDS (Intrusion Detection System). Among these, there are IDS systems that are being conceived, designed and implemented, using techniques executed by agents. However, it is necessary to assure security and reliability of exchanged messages inside IDS. For this purpose, this paper proposes a security solution for IDS based on agents. The proposed solution provides a methodology and a secure mechanism for communication among agents, through information protection configuration mechanisms, authentication and authorization, key control and messages persistence using XML. The proposed solution is implemented as an extension to the IDS-NIDIA (Network Intrusion Detection System based on Intelligent Agents), whose architecture has an intelligent agent society that communicate in a cooperative way in a distributed environment. The implementation of the prototype and tests proposed in this work show the applicability of the proposed solution.
A falta de segurança é uma preocupação constante em sistemas distribuídos abertos. Ameaças estão presentes dentro de ambientes inseguros, incertos e que mudam constantemente. Devido a esses problemas, diversas ferramentas para avaliação de vulnerabilidades da rede, bem como para sua proteção, estão sendo desenvolvidas como técnicas de criptografia e softwares como antivírus, firewall e IDS (Intrusion Detection System). Dentre estas, destaca-se Sistemas IDS que estão crescentemente sendo concebidos, projetados e implementados, usando técnicas de segurança executadas por agentes. Entretanto, é necessário que a segurança e a confiabilidade das mensagens trocadas dentro de um sistema IDS sejam asseguradas. Para este fim, este trabalho propõe uma solução segura e confiável para IDS baseada em agentes. A solução propõe estabelecer um esquema de execução e comunicação segura dos agentes através de mecanismos de proteção de informações de configuração, autenticação e autorização, controle de chaves e persistência de mensagens do IDS, utilizando XML. A solução proposta é implementada como uma extensão do IDS-NIDIA (Network Intrusion Detection System based on Intelligent Agents), cuja arquitetura consiste em uma sociedade de agentes inteligentes que se comunicam de forma cooperativa em um ambiente distribuído. A implementação do protótipo e os testes apresentados neste trabalho demonstram a aplicabilidade da solução proposta.
38
Klaška, Patrik. "Návrh autentizace uživatelů ve společnosti." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2018. http://www.nusl.cz/ntk/nusl-378339.
Full textAbstract:
This thesis is focused on the creation of functional authentication process of users into computer network in company Wistron InfoComm s.r.o. and discusses issues related to this process. The main aim of the thesis is to implement a functional and simultaneously realistic solution based on the company's requirements as well as described problems associated with the implementation of this solution.
39
Elis, Martin. "Datově úsporné zabezpečení cloudových úložišť." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2016. http://www.nusl.cz/ntk/nusl-242018.
Full textAbstract:
This work is focused on problematics of a cloud solution, especially on its security side. It describes the current security trends and approaches used by security engineers when creating sophisticated designs of secure cloud systems. As part of it there is a risk analysis and an overview of the most common types of attacks led against the cloud solutions. Also, this document deals with the possibilities, principles, advantages and negatives of different types of cloud distributions. Another text deals with the usual methods used for accessing the cloud. This thesis contains author’s own design of possible realization. In the next part of the document, process of building a safe cloud data storage is described together with principles of ensuring its security. In the conclusion, the author focuses on comparison of cryptographic algorithms and their behavior depending on the length of a used keys.
40
Grešša, Pavol. "Vícedimenzionální přístup k WWW aplikacím." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2011. http://www.nusl.cz/ntk/nusl-236997.
Full textAbstract:
This master's thesis deals with the analysis, design and implementation of authentication and authorization subsystem into the environment of distributed web application. It unifies the well-known security models into the one universal security model that can be used for the development of authorization device enabling the user to secure the applications with various security models. Furthermore, it applies this integration of models into the Takeplace system.
41
Håkansson, Daniel Clarke, and Markus Lundström. "Autentisering och Riskmedvetande : En studie om Lösenordshantering och Risktagande." Thesis, Högskolan i Halmstad, Akademin för informationsteknologi, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-36255.
Full textAbstract:
Efter regelbundna diskussioner om huruvida autentisering med statiska lösenord är ett bra tillvägagångssätt växte en idé fram om att undersöka hur människor hanterar sina autentiseringsuppgifter. Detta arbete tar sig an uppgiften att kartlägga svagheter i samband med autentisering vad gäller metoden, samt människors säkerhetsmedvetande och risktagande. Under studien genomfördes en enkätundersökning där 100 personer med varierande ålder och sysselsättning svarade fullständigt. Vi frågade hur de värderar, skapar och hanterar lösenord. De svarande fick även ta ställning till ett antal påståenden, vad gäller deras säkerhetsmedvetande och risktagande i samband med autentisering.Resultatet från studien visar att en majoritet återanvänder lösenord i mycket hög grad. Det framkommer också att en övervägande majoritet använder sig av memorering som huvudsaklig teknik för hantering av lösenord. Resultatet visar även att de svarande i hög utsträckning tycker lösenordets komplexitet är viktigare än dess längd. Dessutom kände sig endast 22% av de svarande ej trygga med ett lösenord som är 8 tecken långt, vilket är en låg procentandel eftersom 8 tecken är för svagt idag. Ämnet är dock komplext, en kombination av längd och komplexitet är önskvärt för att skapa ett starkt lösenord, samtidigt som lösenorden skall vara unika för varje enskild tjänst. Att använda memorering som sin huvudsakliga metod är dessvärre i dessa fall ej applicerbart. En bättre strategi är att använda sig av exempelvis en lösenordshanterare eller att memorera en ramsa. Exempelvis ta förstabokstaven från varje ord i en mening, Min katt heter Glenn han har 3 ben Vit nos & Rött koppel vilket kan resultera i MkhGhh3bVn&Rk. En bra början för att förbättra sin lösenordshantering är att först och främst värdera sina autentiseringsuppgifter som värdefulla, läsa på om ämnet, samt därefter ta fram en egen strategi som är lämplig.After regular discussions about whether authentication with static passwords is a good approach, an idea emerged to investigate how people handle their authentication credentials. This report tackles the task of mapping weaknesses associated with authentication regarding the method, as well as human security awareness and risk taking. During the study, a survey was conducted in which 100 people completely responded, all with varying age and employment. We asked how they value, create, and manage their passwords. The respondents were also tasked to take a position on a number of allegations, regarding their security awareness and risk-taking in connection with authentication.The result of the study shows that the majority reuse passwords to a very high extent. It also appears that a large majority uses memorization as the maintechnique for password management. The result also shows that respondents to a great extent think the complexity of the password is more important than its length. In addition, only 22% of respondents felt unsafe with a password that is 8 characters long, which is a low percentage since 8 characters are too weak today.Though the subject is complex, a combination of length and complexity is desirable to create a strong password. In addition to that the passwords must be unique to each service. Using memorization as its main method is unfortunately not applicable in these cases. A better strategy is to use, for example, a password manager or to generate a memorandum chant. For example, take the first letter of each word in one sentence, My cat is called Glenn he has 3 legs White nose & Redlink which can result in McicGhh3lWn&Rl. A good start to improve one’s password management is to firstly evaluate authentication credentials as valuable, read upon the subject, and then develop a strategy that is appropriate to one’s needs.
42
Hrdina, Jan. "Rámec pro tvorbu aplikací s podporou peer-to-peer spolupráce." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2019. http://www.nusl.cz/ntk/nusl-403189.
Full textAbstract:
The thesis deals with the design and implementation of the application framework for the creation of collaborative web editors that enable peer-to-peer collaboration in real time. The thesis summarizes existing approaches for data replication, from which M. Kleppmann's CRDT (conflict-free replicated data type) for JSON is chosen as the most suitable. Using the resulting framework, the created content can be safely shared in groups of peers, where each member can be assigned different permissions. Own communication protocols based on WebRTC, WebSocket and WebCrypto are designed and implemented for P2P connection establishment and subsequent communication. The framework allows to resolve conflicts and work independently without an Internet connection. For a consistent user experience, the library includes a set of user interface elements for managing friends, groups, and other common tasks. The framework is implemented using functional design patterns implemented in the ReasonML language. The functionality of the result is verified by creating an example application of the mind map editor.
43
Parsa, Parnia, and Björn Hedlund. "Room management system : Integrating Raspberry Pi with Graph API." Thesis, Karlstads universitet, Institutionen för matematik och datavetenskap (from 2013), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-70808.
Full textAbstract:
The increase in connectivity and use of “smart” devices offers companies new possibilities to improve their efficiency by using digitalization. For example, booking of meeting rooms have gone from using a paper calendar to electronic booking. To enable both digital remote booking, as well as being able to book a room directly (as with a paper calendar) this project has developed a room manager system. The room manager is a device that provides a quick and intuitive way for employees to handle conference room booking. The project was started on behalf of the company ÅF, who would like to optimize their use of conference rooms. The result was a fully functional touchscreen device built using a Raspberry Pi. The room manager integrates successfully with the existing calendar system used at ÅF and meets all the requirements set by ÅF. The device will be used to determine if a room manager system is worth investing in and may be used as a foundation for continued development.
44
Kukuruzovic, Naida. "Security Management : Fulfillment of the Government Requirements for a component assurance process." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-189983.
Full textAbstract:
Protecting organization’s assets from various security threats is a necessity for every organization. Efficient security management is vital to effectively protect the organization’s assets. However, the process of implementing efficient security management is complex and needs to address many requirements. The problem that this master’s thesis project addressed was to propose a component assurance process for the Swedish Armed Forces. This process has to be followed in order for a solution or product to be approved at a specific component assurance level. This problem was solved by first performing market research regarding security management. Various security management approaches were examined and the top security management solutions were selected. These solutions were then compared with the assurance requirements stated in Swedish Armed Forces’ KSF v3.1 (Swedish: “Krav på IT-säkerhetsförmågor hos IT-system”, English: Requirements for IT security capabilities of IT systems). This documentation lists the requirements for information technology (IT) security capabilities of IT systems. The solution that satisfied the most of these requirements was selected and modified in order to satisfy the full set of requirements. Finally, a component assurance process is proposed. This process may be used to decide which solutions or products can be used, along with the manner in which each solution or product should be used. The impact of having a component assurance process is that all the solutions and products are approved to a specific component assurance level exclusively based on this process. The ability to include such requirements in the acquisition of any product or service provides the Swedish Armed Forces with assurance that all products or services are approved to specific assurance levels in the same manner and hence provides the Swedish society with assurance that procedures within the Swedish Armed Forces are documented and protect the interests of the country and its citizens.För varje organisation är det nödvändigt att skydda information från olika säkerhetshot. Att ha en effektiv säkerhetshantering är avgörande för att kunna skydda informationen. Denna process är komplex och många krav måste tillfredsställas. Problemet som detta examensarbete avser att lösa handlar om hur införandet av en assuransprocess kommer påverka Försvarsmakten. Denna process måste följas för att en lösning eller produkt ska godkännas till en specifik komponents säkerhetsnivå. Frågeställningen besvaras i första hand av en marknadsundersökning om säkerhetshantering. Olika säkerhetshanteringsstrategier undersöktes och de bästa säkerhetslösningar valdes. Lösningarna jämfördes därefter med de assuranskrav som anges i Försvarsmaktens KSF V3.1 (Krav på IT säkerhetsförmågor hos IT – system) som är den dokumentation som anger kraven för IT säkerhetsfunktioner i ett IT system. Lösningen som uppfyllde de flesta kraven valdes och modifierades för att uppfylla samtliga kraven. Slutligen rekommenderades en komponent assuransprocess, vilken skulle kunna användas för att avgöra vilken lösning eller produkt som skulle kunna användas samt på vilket sätt det skulle kunna användas. Möjligheten att införa sådana krav i förvärvet av vilken produkt eller tjänst det än gäller förser Försvarsmakten med garantier för att alla produkter eller tjänster är godkända enligt särskilda säkringsnivåer på samma sätt och därmed försäkras det svenska samhället att förfaranden inom svenska väpnade krafter dokumenteras samt skyddar landet och dess medborgare.
Säkerhetshantering, informationssäkerhet, autentisering, auktorisering, styrning, riskhantering, följsamhet, användaradministration
45
Oliveira, Pedro Ricardo. "Fayol: um sistema multi-agente de gerência e controle de acesso à plataforma Milos." Universidade do Vale do Rio dos Sinos, 2014. http://www.repositorio.jesuita.org.br/handle/UNISINOS/3219.
Full textAbstract:
Submitted by Maicon Juliano Schmidt (maicons) on 2015-04-01T14:03:45Z
No. of bitstreams: 1
Pedro Ricardo Oliveira.pdf: 3516247 bytes, checksum: fe607fb7b2a6385ce7dccf6748ccdfe9 (MD5)Made available in DSpace on 2015-04-01T14:03:45Z (GMT). No. of bitstreams: 1 Pedro Ricardo Oliveira.pdf: 3516247 bytes, checksum: fe607fb7b2a6385ce7dccf6748ccdfe9 (MD5) Previous issue date: 2014-01-31
Nenhuma
A utilização crescente de objetos de aprendizagem e, em consequência, de plataformas de conteúdos que realizam as funções de armazenagem, criação, modificação e consulta de forma gerenciada e controlada, cria a necessidade de um mecanismo de autorização e controle de acesso a estas plataformas. Inserido em uma plataforma de conteúdos específicos que suporta o ciclo de vida completo de objetos de aprendizagem, o presente trabalho tem por objetivo desenvolver uma ferramenta que irá prover os serviços de autenticação e autorização (controle de acesso) de forma integrada e compatível com as tecnologias relacionadas a ontologias, web semântica e agentes inteligentes de software, que compõem o ambiente operacional da plataforma. O trabalho procura explorar o potencial destas tecnologias e ferramentas, e sua efetividade na especificação e detalhamento de um modelo e mecanismo de autorização e controle de acesso. A análise do estado da arte mostra que a aplicação das tecnologias de sistemas multiagente e ontologias nas questões de autorização e controle de acesso é uma tendência de pesquisa importante, mas muito recente. Assim o trabalho pretende contribuir com o avanço dessas pesquisas. Ao propor um modelo ontológico completo para autenticação e controle de acesso, além de um mecanismo baseado em agentes, federado e com comunicação segura que implementa este modelo, a presente dissertação explora possibilidades ainda não consideradas nessa nova abordagem, mas presentes em mecanismos mais tradicionais de autenticação e autorização. A avaliação do modelo proposto e do mecanismo implementado foi realizada através de experimentos funcionais e de desempenho realizados em laboratório, seguindo a prática de avaliação dos mecanismos atuais de autenticação e autorização.
The increase use of learning objects and content platforms that perform the functions of storage, creation, modification and query of these objects on a managed and controlled manner, creates the need for mechanisms to control the access to these platforms. Inserted into a specific content platform that supports the complete life-cycle of learning objects, the present work aims to develop a tool that will provide authentication and authorization (access control) services, integrated and compatible with the technologies already in use on platform. The work makes use of ontologies, semantic web and intelligent software agents technologies that comprise the operating environment of the platform, looking to exploit the potential of these technologies and tools, and its effectiveness in the specification and detailing models and mechanisms for authentication and access control. The analysis of the state of the art shows that the application of multi-agent systems and ontologies technologies on authorization and access control questions is an important, but very recent, research trend. Thus, this work aims to contribute to the advancement of such research. This dissertation proposes an complete ontological model for authentication and access control plus an agent-based, federated and secure communication mechanism that implements this model. As a result, this dissertation explores possibilities not yet considered in this new approach, but present in more traditional mechanismos of authentication and authorization. The evaluation of the proposed model and the implemented mechanism was conducted through functional and performance laboratory experiments, following the practice of evaluation of existing mechanisms for authentication and authorization.
46
Rennét, Jiří. "Bezpečnost elektronického bankovnictví pro firmu." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2010. http://www.nusl.cz/ntk/nusl-222646.
Full textAbstract:
Master’s thesis analyzes in detail the security of electronic banking within the chosen banks in Czech republic. On the base of these knowledge it defines and recommendes the most secure electronic banking for Profes Project s.r.o. company. In the folowing it investigates a current electronic banking in the company and it carries out basic theoretical findings.
47
Cunha, Hugo Assis. "An architecture to resilient and highly available identity providers based on OpenID standard." Universidade Federal do Amazonas, 2014. http://tede.ufam.edu.br/handle/handle/4431.
Full textAbstract:
Submitted by Lúcia Brandão (lucia.elaine@live.com) on 2015-07-14T15:58:20Z
No. of bitstreams: 1
Dissertação - Hugo Assis Cunha.pdf: 4753834 bytes, checksum: 4304c038b5fb3c322af4b88ba5d58195 (MD5)Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2015-07-20T14:08:11Z (GMT) No. of bitstreams: 1 Dissertação - Hugo Assis Cunha.pdf: 4753834 bytes, checksum: 4304c038b5fb3c322af4b88ba5d58195 (MD5)
Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2015-07-20T14:12:26Z (GMT) No. of bitstreams: 1 Dissertação - Hugo Assis Cunha.pdf: 4753834 bytes, checksum: 4304c038b5fb3c322af4b88ba5d58195 (MD5)
Made available in DSpace on 2015-07-20T14:12:26Z (GMT). No. of bitstreams: 1 Dissertação - Hugo Assis Cunha.pdf: 4753834 bytes, checksum: 4304c038b5fb3c322af4b88ba5d58195 (MD5) Previous issue date: 2014-09-26
Não Informada
Quando se trata de sistemas e serviços de autenticação seguros, há duas abordagens principais: a primeira procura estabelecer defesas para todo e qualquer tipo de ataque. Na verdade, a maioria dos serviços atuais utilizam esta abordagem, a qualsabe-sequeéinfactívelefalha. Nossapropostautilizaasegundaabordagem, a qual procura se defender de alguns ataques, porém assume que eventualmente o sistema pode sofrer uma intrusão ou falha e ao invés de tentar evitar, o sistema simplesmente as tolera através de mecanismos inteligentes que permitem manter o sistema atuando de maneira confiável e correta. Este trabalho apresenta uma arquiteturaresilienteparaserviçosdeautenticaçãobaseadosemOpenIDcomuso deprotocolosdetolerânciaafaltaseintrusões, bemcomoumprotótipofuncional da arquitetura. Por meio dos diversos testes realizados foi possível verificar que o sistema apresenta um desempenho melhor que um serviço de autenticação do OpenID padrão, ainda com muito mais resiliência, alta disponibilidade, proteção a dados sensíveis e tolerância a faltas e intrusões. Tudo isso sem perder a compatibilidade com os clientes OpenID atuais.
Secure authentication services and systems typically are based on two main approaches: the first one seeks to defend itself of all kind of attack. Actually, the major current services use this approach, which is known for present failures as well as being completely infeasible. Our proposal uses the second approach, which seeks to defend itself of some specific attacks, and assumes that eventually the system may suffer an intrusion or fault. Hence, the system does not try avoiding the problems, but tolerate them by using intelligent mechanisms which allow the system keep executing in a trustworthy and safe state. This research presents a resilient architecture to authentication services based on OpenID by the use of fault and intrusion tolerance protocols, as well as a functional prototype. Through the several performed tests, it was possible to note that our system presents a better performance than a standard OpenID service, but with additional resilience, high availability, protection of the sensitive data, beyond fault and intrusion tolerance, always keeping the compatibility with the current OpenID clients.
48
Касянчук, Н. В., and Л. М. Ткачук. "Захист інформації в базах даних." Thesis, ВНТУ, 2019. http://ir.lib.vntu.edu.ua//handle/123456789/24448.
Full textAbstract:
В даній статті розглянуто питання захисту інформації в базах даних та методи їх захисту. Проаналізовано основні методи захисту інформацію в базах даних,виявлено їх позитивні та негативні сторони. А також в даній роботі розглянуто основні моделі безпеки для організації доступу до бази даних та процедури ідентифікації, аутентифікації та авторизації в СУБД.This article deals with the protection of information in databases and methods of protection. The basic methods of protecting information in databases revealed their positive and negative sides. Also in this paper, the basic security model to provide access to the database and procedures identification, authentication and authorization in the DBMS
49
Čepelák, Tomáš. "Portál univerzálního protokolu řízení přístupu." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2014. http://www.nusl.cz/ntk/nusl-220668.
Full textAbstract:
The paper focuses on the issue of access control. It presents an universal bilateral protocol of access control of ACP. The paper describes the messages and its sequences that AC portals uses for communication. It describes the functions and features of the modules from which the portal is composed. The paper suggests the concept of a modular AC portal solutions including the design of basic modules. It also outlines possible test scenarios. Under this proposal is generated functional AC portal on the .NET Framework platform using the C\# programming language. The portal provides access to local assets or to the assets on other computers in the local network. Created application is tested according to the scenarios proposed in both the network version and the local version of the AC portal. Test results are objectively evaluated and commented.
50
Huang, Po-Wei, and 黃博威. "Wireless LAN Authentication, Authorization, and Accounting by Association Service Monitoring." Thesis, 2004. http://ndltd.ncl.edu.tw/handle/74045833884353599029.
Full textAbstract:
碩士國立暨南國際大學
資訊管理學系
92
Due to the advance of IEEE 802.11 wireless LANs (WLANs) and the wireless characteristics of WLANs, there are increasing demands for the authentication, authorization, and accounting (AAA) of WLANs. Currently, 802.1X with RADIUS is the only available and standard solution for WLAN AAA. The port-based network access control defined in IEEE 802.1X focuses on the development of authentication protocols. Mobile clients in a WLAN with 802.1X must support EAP and the same authentication scheme as the one of the 802.1X authentication server. To further support the other AAA functions, the WLAN should also support RADIUS services. That is, access points should act as a RADIUS client and authentication server is replaced by a RADIUS server. These increase the hardware/software requirements for WLAN AAA. In this thesis, we will propose a novel and simple WLAN AAA architecture based on association service monitoring. Via a real-time monitoring of association services happening in the WLAN, we can realize where and when the associations, disassociations, and reassociations of mobile clients happen. The association related services could be monitored efficiently by receiving the SNMP traps sent from access points. When receiving association related traps, the AAA server performs required AAA functions. If any authentication or authorization fails, the AAA server will send SNMP commands to the access point sending traps previously to disallow the access of a mobile client. For legal users, accounting can be performed according to the time and traffic between an association and the corresponding disassociation. It can be seen that no additional hardware and software are required in both mobile clients and access points. In addition, only the standard SNMP protocol is used for AAA. Therefore, our WLAN AAA architecture is simpler than previous approaches.