To see the other types of publications on this topic, follow the link: ENHANCING SECURITY.
Dissertations / Theses on the topic 'ENHANCING SECURITY'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'ENHANCING SECURITY.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Zhang, Linfan, and Shuang Zheng. "Enhancing QR Code Security." Thesis, Högskolan Kristianstad, Sektionen för hälsa och samhälle, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:hkr:diva-14145.
Full textAbstract:
Quick Response code opens possibility to convey data in a unique way yet insufficient prevention and protection might lead into QR code being exploited on behalf of attackers. This thesis starts by presenting a general introduction of background and stating two problems regarding QR code security, which followed by a comprehensive research on both QR code itself and related issues. From the research a solution taking advantages of cloud and cryptography together with an implementation come after. We also give an objective evaluation on the outcome in comparison to existing QR products. They are based on the purpose of enhancing QR code security and aim to interpret how we have tackle the specified problems meanwhile to suggest possible further work for bringing security of QR code to a higher level.
2
Yue, Chuan. "Enhancing Web Browsing Security." W&M ScholarWorks, 2010. https://scholarworks.wm.edu/etd/1539623575.
Full textAbstract:
Web browsing has become an integral part of our lives, and we use browsers to perform many important activities almost everyday and everywhere. However, due to the vulnerabilities in Web browsers and Web applications and also due to Web users' lack of security knowledge, browser-based attacks are rampant over the Internet and have caused substantial damage to both Web users and service providers. Enhancing Web browsing security is therefore of great need and importance.;This dissertation concentrates on enhancing the Web browsing security through exploring and experimenting with new approaches and software systems. Specifically, we have systematically studied four challenging Web browsing security problems: HTTP cookie management, phishing, insecure JavaScript practices, and browsing on untrusted public computers. We have proposed new approaches to address these problems, and built unique systems to validate our approaches.;To manage HTTP cookies, we have proposed an approach to automatically validate the usefulness of HTTP cookies at the client-side on behalf of users. By automatically removing useless cookies, our approach helps a user to strike an appropriate balance between maximizing usability and minimizing security risks. to protect against phishing attacks, we have proposed an approach to transparently feed a relatively large number of bogus credentials into a suspected phishing site. Using those bogus credentials, our approach conceals victims' real credentials and enables a legitimate website to identify stolen credentials in a timely manner. to identify insecure JavaScript practices, we have proposed an execution-based measurement approach and performed a large-scale measurement study. Our work sheds light on the insecure JavaScript practices and especially reveals the severity and nature of insecure JavaScript inclusion and dynamic generation practices on the Web. to achieve secure and convenient Web browsing on untrusted public computers, we have proposed a simple approach that enables an extended browser on a mobile device and a regular browser on a public computer to collaboratively support a Web session. A user can securely perform sensitive interactions on the mobile device and conveniently perform other browsing interactions on the public computer.
3
H, Fruchter Nathaniel. "Enhancing ISP-consumer security notifications." Thesis, Massachusetts Institute of Technology, 2019. https://hdl.handle.net/1721.1/122916.
Full textAbstract:
This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Thesis: S.M. in Technology and Policy, Massachusetts Institute of Technology, School of Engineering, Institute for Data, Systems, and Society, Technology and Policy Program, 2019
Cataloged from student-submitted PDF version of thesis.
Includes bibliographical references (pages 79-85).
Security notification schemes hold great promise for improving both consumer cybersecurity and general network health as malware and other sources of malicious activity are becoming more prevalent on home networks. For example, botnets of Internet of Things devices engage in denial of service (DoS) attacks and ransomware holds data on personal and commercial systems hostage. Many of these threats are relatively opaque for an end user. An end user may not know that their smart device is participating in a DoS attack at all, unless they notice a protracted slowdown in network speeds. An upstream network provider like a consumer ISP has more visibility into the issue. Due to their privileged position, ISPs often have more data about the status of a malware infection, denial of service attack, or other malicious activity. This extra information can be of great benefit for the purposes of notification. For instance, an ISP may be able to notify a customer that a device on their network is being used for a DoS attackor that they see communication with a server involved in distributing ransomware. ISPs and other organizations that try and implement these schemes often run into a set of questions: How do I get the right data to power the notification? How do I ensure the user trusts the notification? Can I ensure the notification is not spoofed? Is there an optimal way to present the notification? How do I make sure a user takes the proper remedial action? This thesis presents a framework for new notification schemes to answer these questions by examining four key elements of a notification: form, delivery, and content. It also proposes multi-factor verification, a novel scheme to address trust and spoofing issues within a notification scheme. Finally, it provides a model for a new ISP-user security notification scheme within the context of the United States market and policy landscape.
by Nathaniel H. Fruchter.
S.M. in Technology and Policy
S.M.inTechnologyandPolicy Massachusetts Institute of Technology, School of Engineering, Institute for Data, Systems, and Society, Technology and Policy Program
4
Mohammed, Ali, Sachin Sama, and Majeed Mohammed. "Enhancing Network Security in Linux Environment." Thesis, Högskolan i Halmstad, Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE), 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-17144.
Full textAbstract:
Designing a secured network is the most important task in any enterprise or organization development. Securing a network mainly involves applying policies and procedures to protect different network devices from unauthorized access. Servers such as web servers, file servers, mail servers, etc., are the important devices in a network. Therefore, securing these servers is the first and foremost step followed in every security implementation mechanism. To implement this, it is very important to analyse and study the security mechanisms provided by the operating system. This makes it easier for security implementation in a network. This thesis work demonstrates the tasks needed to enhance the network security in Linux environment. The various security modules existing in Linux makes it different from other operating systems. The security measures which are mainly needed to enhance the system security are documented as a baseline for practical implementation. After analysing the security measures for implementing network security, it is important to understand the role of network monitoring tools and Linux inbuilt log management in maintaining the security of a network. This is accomplished by presenting a detailed discussion on network monitoring tools and log management in Linux. In order to test the network security, a network is designed using Linux systems by configuring different servers and application firewall for packet filtering. The security measures configured on each server to enhance its security are presented as part of the implementation. The results obtained while an unauthorized user accessing the servers from the external network are also documented along with attack information retrieved by different network monitoring tools and Linux inbuilt log messages.
5
Liu, Ying. "Enhancing security for XML Web services." Thesis, University of Ottawa (Canada), 2007. http://hdl.handle.net/10393/27531.
Full textAbstract:
The XML-based interoperable characteristics make enhancing security for XML Web Services a lot different from that of the traditional network-based applications. SSL VPN gateways are usually used to provide security for traditional network-based applications, but not for Web Services. This thesis presents an integrated security solution for securing both traditional network-based applications and Web Services.
The integrated security solution includes a VPN framework and a Web Services framework. Considering that we have already had an SSL VPN gateway developed by our lab, we take it as the motherboard of the solution and the VPN server of the gateway as the security functional part of the VPN framework. As the highlight of this thesis project, a Web Services security component, also the security functional part of the Web Services framework, has been developed, implemented and integrated with the SSL VPN gateway to get the integrated security solution.
The problem of applying ECC over binary fields for XML security, SOAP message security and Web Services security to make the Web Services security component share the same set of ECC keys with the VPN server on the gateway has been studied. Tools for reading ECC keys and certificates from the BUL's key files have been developed. Methods to adopt the ECC key files to ensure security of Web Services have also been developed. To the best of our knowledge, there is no previous work on adopting ECC keys over binary fields for Web Services security.
The integrated security solution we present in this thesis is the prototype of a network device that has functions of three gateways: a VPN gateway, a Web Services security gateway and a Web Services gateway.
6
Kadhum, Hamza. "Enhancing Zigbee Security for Industrial Implementation." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-279559.
Full textAbstract:
Zigbee network is a popular choice for deploying low power personal area network (LoWPAN). The application areas vary but the most popular are industrial area monitoring and home automation. But Zigbee has been identified to have weak security and is not applicable for industrial implementation. This paper is collaboration with Ericsson to investigate Zigbee network security and implementation. This paper will cover security solutions for Zigbee and touch on how to configure Zigbee network such that it can operate for a long period of time without battery changes. The security solutions will demonstrate how public-key respective symmetric key algorithm can be used for enhancing Zigbee security such that it provide authentication and authorization of joining devices while maintaining confidentiality and integrity of the network communication. Security solutions will also take regards to the power consumption of each proposed solution. For the network configuration part of the thesis, it will present node lifetime for different network configuration, i.e. how polling period between each message will affect the total cur- rent consumption of a node and how the joining procedure, depending on the security solution will affect the total node lifetime. Achieving longer node lifetime is desired because it is assumed that the network will be deployed in remote and unfavorable areas. The result of this paper compares different solutions for enhancing the security. Further, it concludes that Zigbee security with authentication and authorization of joining devices is reached through secret-splitting key establishment - which is the best solution. This is possible while maintaining low power consumption in the network.Zigbee nätverk är ett populärt val vid uppsättning av ett nätverk med låg strömförbrukning. Zigbees användningsområde är olika men den är väldigt populär inom industriell områdesövervakning och hemautomation. Däremot har Zigbees säkerhet varit en nackdel, då det har framkommit att den inte möter kraven för industriell användning. Arbetet kom till genom ett samarbete med Ericsson och KTH för att undersöka Zigbee nätverks implementation och säkerhet. Arbetet bearbetar olika säkerhetslösningar för Zigbee nätverk och hur den kan implementeras för att uppnå långtidsanvändning utan batteribyte. Säkerhetslösningar bygger på public-key samt symmetric key kryptografi algoritmer för att förbättra och öka Zigbees säkerhet genom autentisering och tillåtelse av noder som ansluter sig till nätverket. Nätverkets konfiguration för långtidsanvändning redovisas genom att jämföra olika polling tidsintervaller mellan meddelanden. Långtidsanvändning utan batteribyte är viktigt för att nätverket kommer implementeras i ett avlägset område som är svåråtkomlig. Arbetet redovisar och jämföra olika lösningar för att öka säkerheten för Zigbee nätverk. Den optimala lösningen för att uppnå autentisering samt tillåtelse av noder som ansluter sig uppnås med nyckel skapande genom secret-splitting metoden. Metoden följer NIST rekommendationer och anses vara säker, därav uppfyller den kraven för industriell implementation. Nätverkets säkerhet ökar samt bibehåller ett nätverk med låg strömförbrukning.
7
Makkar, Ankush. "Enhancing IoT Security Using 5G Capabilities." Thesis, Luleå tekniska universitet, Digitala tjänster och system, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-85109.
Full textAbstract:
Internet of Things (IoT) is an ecosystem comprises CT (Communication Technology),IT (Information Technology) and sometime OT (Operational Technologies) wheredifferent machines and devices can interact with each other and exchange useful datawhich can be processed using different IoT applications to take decisions and performrequired actions. Number of IoT devices and IoT networks are growing exponentially.Security is of utmost importance and without proper security implementation, IoTNetworks with billions of devices will be hacked and used as botnets which can createdisaster. The new IoT use cases cannot be realized using the current communicationtechnologies due to the QoS (Quality of Service) and business requirements. 5Gnetwork are designed keeping IoT use cases in mind and with the development of 5Gnetwork, it will be easier to implement more secured IoT network and enable differentIoT use cases which are not feasible today.To build the future IoT networks with 5G, it’s important to study and understand 5Gsecurity features. Security is perceived as one of the most important considerationwhile building IoT solutions and to implement 5G network for IoT solutions require anoverall understanding of 5G security features. In the thesis, work have been done toidentify the gap in the current research with respect to 5G security features anddescribe 5G features that will enhance IoT security. After identifying key 5G securityfeatures, the implementation of the identified 5G security features will be describedwith the 5G based smart grid and smart factory use cases. The key finding is howdifferent 5G security capabilities secure IoT communication and another importantfinding is that not all security capabilities are applicable to all IoT use cases. Hence,security capabilities to be used based on the 5G use case requirement.
8
Fekete, Florian. "Civil-military relations : enhancing international security." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03Mar%5FFekete.pdf.
Full textAbstract:
Thesis (M.A. in International Security and Civil-Military Relations)--Naval Postgraduate School, March 2003.Thesis advisor(s): Donald Abenheim, Karen Guttieri. Includes bibliographical references (p. 65-70). Also available online.
9
Kirkham, E., and C. Flew. "Strengthening embargoes and enhancing human security." Thesis, International Alert, Saferworld and University of Bradford, Department of Peace Studies, Centre for International Co-operation and Security, 2003. http://hdl.handle.net/10454/4275.
Full textAbstract:
yesArms embargoes are one of the principal tools of states in seeking to prevent, limit and bring an end to armed conflict and human rights abuses. Despite the frequency with which arms embargoes have been imposed, there are significant problems with their implementation. Pressure is therefore growing for the international governmental community to act in order to ensure that the political commitment embodied by the imposition of arms embargoes is matched by the commitment to ensure their rigorous enforcement and to achieve enhanced human security on the ground. Increasing the effectiveness of arms embargoes is a specific aim of the United Nations Programme of Action for Preventing and Combating the Illicit Trade in Small Arms and Light Weapons in All Its Aspects1 which specifically calls upon states "To take appropriate measures, including all legal or administrative means, against any activity that violates a United Nations Security Council arms embargo in accordance with the Charter of the United Nations".2 Accordingly, within the context of the implementation of the UN PoA, the overall aim of this paper is to explore ways in which the international community can act in order to strengthen the impact of arms embargoes and enhance human security. It will begin by examining the purposes, processes and effects relating to arms embargoes, with particular attention to those agreed at international (UN) level, and by highlighting issues of concern in each regard. An overview of the main issues and challenges facing implementation of arms embargoes will include the elaboration of three case-study examples showing the impact of UN arms embargoes on the availability of arms and on human security and a further five that illustrate the dilemmas faced by states in seeking to implement arms embargoes. Priority areas for attention in any international effort to strengthen the effectiveness of arms embargoes will be followed by more extensive proposals for enhancing international embargo regimes within the context of implementing the UN PoA. Whilst it is recognised that the UN PoA contains measures that relate only to the illicit trade in small arms and light weapons (SALW), if implemented fully, many of these would serve to strengthen the international apparatus of control, information exchange and provision of assistance relating to arms proliferation and misuse as a whole. In turn, this would greatly enhance the implementation of UN arms embargoes. Therefore, as well as providing an opportunity for reviewing progress on implementing the PoA, the first Biennial Meeting of States in July 2003 is clearly a major opportunity for states to address a number of the pressing challenges facing states in the implementation of UN embargoes.
10
Lee, Man Hee. "Architectural support for enhancing security in clusters." [College Station, Tex. : Texas A&M University, 2008. http://hdl.handle.net/1969.1/ETD-TAMU-2889.
Full text
11
Beygo, Ömer Kerem, and Cihan Eraslan. "Enhancing Security and Usability Features of NFC." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5620.
Full textAbstract:
Near Field Communication (NFC) is a short range wireless communication protocol which is primarily intended to be used on mobile phones. Building upon existing infrastructure of RFID, NFC brings simplicity for connection of mobile devices, service initiation, mobile payment and ticketing. However, NFC still remains as a field that number of researches done are limited. The aim of this paper was to provide solutions for the problems of NFC that cause security risks and hurt user experience. To reach this goal we have reviewed the current literature and implemented an NFC application that we have used throughout our user experience tests. This application provides a practical way to store and transfer contact information using NFC. The results of the study indicated that usability and security suffer from lack of user awareness and physical design of the mobile phones.
12
Assora, Mohammed. "Enhancing the Security of web commerce transactions." Thesis, Anglia Ruskin University, 2008. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.478891.
Full text
13
Khu-Smith, Vorpranee. "Enhancing the security of electronic commerce transactions." Thesis, Royal Holloway, University of London, 2003. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.406487.
Full text
14
Alsaid, Adil. "Enhancing end user security : attacks and solutions." Thesis, Royal Holloway, University of London, 2007. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.439012.
Full text
15
Malan, LP, and Rooyen EJ van. "Community partnerships- enhancing municipal food security policy." Journal of Public Administration, 2010. http://encore.tut.ac.za/iii/cpro/DigitalItemViewPage.external?sp=1001174.
Full textAbstract:
Whilst many developing countries engage in sound policy processes on
macro level as far as economic and social development are concerned,
the day-to-day victual needs of impoverished communities also depend
on sound policies as well as appropriate arrangements, which take effect in the
municipal sphere. Such needs, as food security, is dependant on the establishment
of effective partnership agreements among all stakeholders, including local councils,
district councils as well as metropolitan councils; the actual entities that are responsible
to create the enabling environment in which food security could be enhanced.
In this article, issues relating to food security, partnership models, the
enabling environment, and community involvement in this partnership process,
are discussed briefly. Public administration practitioners should ensure they
contributively involve themselves in this debate. The article concludes by
emphasising the need for a proper and structured approach to be followed, of a
food security policy is due to be operationalised in practice.
16
Krupp, Brian Michael. "Enhancing Security And Privacy For Mobile Systems." Cleveland State University / OhioLINK, 2015. http://rave.ohiolink.edu/etdc/view?acc_num=csu1432156543.
Full text
17
Hussein, Nesrin. "Enhancing Software Security through Modeling Attacker Profiles." University of Cincinnati / OhioLINK, 2018. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1523635219435409.
Full text
18
Smedlund, Kristoffer. "Enhancing the security of an audit log." Thesis, Uppsala universitet, Institutionen för informationsteknologi, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-372076.
Full textAbstract:
In todays society data breaches have become an all too common issue. Insecure databases allows intruders to access sensitive data. This thesis examines how to enhance the security of a relational database. The database is used as an audit log in a system platform at LeanOn AB. The security enhancements are made by implementing cryptographic hash sums to ensure that the data in the database can’t be altered without detection, and by implementing symmetric cryptography to ensure that only authorized people can read and write the data. Some basic security features that the database management system provides are also used. The thesis project resulted in a database with an enhanced security compared to the old database design. This did however come at the cost of performance as the new design significantly lowered the scalability of the database.
19
Al-Hamar, Aisha. "Enhancing information security in organisations in Qatar." Thesis, Loughborough University, 2018. https://dspace.lboro.ac.uk/2134/33541.
Full textAbstract:
Due to the universal use of technology and its pervasive connection to the world, organisations have become more exposed to frequent and various threats. Therefore, organisations today are giving more attention to information security as it has become a vital and challenging issue. Many researchers have noted that the significance of information security, particularly information security policies and awareness, is growing due to increasing use of IT and computerization. In the last 15 years, the State of Qatar has witnessed remarkable growth and development of its civilization, having embraced information technology as a base for innovation and success. The country has undergone tremendous improvements in the health care, education and transport sectors. Information technology plays a strategic role in building the country's knowledge-based economy. Due to Qatar s increasing use of the internet and connection to the global environment, it needs to adequately address the global threats arising online. As a result, the scope of this research is to investigate information security in Qatar and in particular the National Information Assurance (NIA) policy. There are many solutions for information security some technical and some non-technical such as policies and making users aware of the dangers. This research focusses on enhancing information security through non-technical solutions. The aim of this research is to improve Qatari organisations information security processes by developing a comprehensive Information Security Management framework that is applicable for implementation of the NIA policy, taking into account Qatar's culture and environment. To achieve the aim of this research, different research methodologies, strategies and data collection methods will be used, such as a literature review, surveys, interviews and case studies. The main findings of this research are that there is insufficient information security awareness in organisations in Qatar and a lack of a security culture, and that the current NIA policy has many barriers that need to be addressed. The barriers include a lack of information security awareness, a lack of dedicated information security staff, and a lack of a security culture. These barriers are addressed by the proposed information security management framework, which is based on four strategic goals: empowering Qataris in the field of information security, enhancing information security awareness and culture, activating the Qatar National Information Assurance policy in real life, and enabling Qatar to become a regional leader in information security. The research also provides an information security awareness programme for employees and university students. At the time of writing this thesis, there are already indications that the research will have a positive impact on information security in Qatar. A significant example is that the information security awareness programme for employees has been approved for implementation at the Ministry of Administrative Development Labour and Social Affairs (ADLSA) in Qatar. In addition, the recommendations proposed have been communicated to the responsible organisations in Qatar, and the author has been informed that each organisation has decided to act upon the recommendations made.
20
Li, Yue. "On Enhancing Security of Password-Based Authentication." W&M ScholarWorks, 2019. https://scholarworks.wm.edu/etd/1563898928.
Full textAbstract:
Password has been the dominant authentication scheme for more than 30 years, and it will not be easily replaced in the foreseeable future. However, password authentication has long been plagued by the dilemma between security and usability, mainly due to human memory limitations. For example, a user often chooses an easy-to-guess (weak) password since it is easier to remember. The ever increasing number of online accounts per user even exacerbates this problem. In this dissertation, we present four research projects that focus on the security of password authentication and its ecosystem. First, we observe that personal information plays a very important role when a user creates a password. Enlightened by this, we conduct a study on how users create their passwords using their personal information based on a leaked password dataset. We create a new metric---Coverage---to quantify the personal information in passwords. Armed with this knowledge, we develop a novel password cracker named Personal-PCFG (Probabilistic Context-Free Grammars) that leverages personal information for targeted password guessing. Experiments show that Personal-PCFG is much more efficient than the original PCFG in cracking passwords. The second project aims to ease the password management hassle for a user. Password managers are introduced so that users need only one password (master password) to access all their other passwords. However, the password manager induces a single point of failure and is potentially vulnerable to data breach. To address these issues, we propose BluePass, a decentralized password manager that features a dual-possession security that involves a master password and a mobile device. In addition, BluePass enables a hand-free user experience by retrieving passwords from the mobile device through Bluetooth communications. In the third project, we investigate an overlooked aspect in the password lifecycle, the password recovery procedure. We study the password recovery protocols in the Alexa top 500 websites, and report interesting findings on the de facto implementation. We observe that the backup email is the primary way for password recovery, and the email becomes a single point of failure. We assess the likelihood of an account recovery attack, analyze the security policy of major email providers, and propose a security enhancement protocol to help securing password recovery emails by two factor authentication. \newline Finally, we focus on a more fundamental level, user identity. Password-based authentication is just a one-time checking to ensure that a user is legitimate. However, a user's identity could be hijacked at any step. For example, an attacker can leverage a zero-day vulnerability to take over the root privilege. Thus, tracking the user behavior is essential to examine the identity legitimacy. We develop a user tracking system based on OS-level logs inside an enterprise network, and apply a variety of techniques to generate a concise and salient user profile for identity examination.
21
Fischer-Hübner, Simone. "IT-security and privacy : design and use of privacy-enhancing security mechanisms /." Berlin [u.a.] : Springer, 2001. http://www.loc.gov/catdir/enhancements/fy0812/2001034161-d.html.
Full text
22
Zaaba, Zarul Fitri. "Enhancing usability using automated security interface adaptation (ASIA)." Thesis, University of Plymouth, 2014. http://hdl.handle.net/10026.1/3025.
Full textAbstract:
Many users are now significantly dependent upon computer application. Whilst many aspects are now used very successfully, an area in which usability difficulties continue to be encountered is in relation to security. Thus can become particularly acute in situations where users are required to interact and make decisions, and a key context here is typically when they need to respond to security warnings. The current implementation of security warnings can often be considered as an attempt to offer a one size fits all solution. However, it can be argued that many implementations are still lacking the ability to provide meaningful and effective warnings. As such, this research focuses upon achieving a better understanding of the elements that aid end-users in comprehending the warnings, the difficulties with the current approaches, and the resulting requirements in order to improve the design and implementation of such security dialogues. In the early stage of research, a survey was undertaken to investigate perceptions of security dialogues in practice, with a specific focus upon security warnings issued within web browsers. This provided empirical evidence of end-users’ experiences, and revealed notable difficulties in terms of their understanding and interpretation of the security interactions. Building upon this, the follow-up research investigated understanding of application level security warnings in wider contexts, looking firstly at users’ interpretation of what constitutes a security warning and then at their level of comprehension when related warnings occurred. These results confirmed the need to improve the dialogues so that the end-users are able to act appropriately, and consequently promoted the design and prototype implementation of a novel architecture to improve security warnings, which has been titled Automated Security Interface Adaptation (ASIA). The ASIA approach aims to improve security warnings by tailoring the interaction more closely to individual user needs. By automatically adapting the presentation to match each user’s understanding and preferences, security warnings can be modified in ways that enable users to better comprehend them, and thus make more informed security decisions and choices. A comparison of the ASIA-adapted interfaces compared to standard versions of warnings revealed that the modified versions were better understood. As such, the ASIA approach has significant potential to assist (and thereby protect) the end-user community in their future interactions with security.
23
Al-Talabani, Ali Mohammed Noori Hasan. "Enhancing physical layer security in cognitive radio networks." Thesis, King's College London (University of London), 2016. https://kclpure.kcl.ac.uk/portal/en/theses/enhancing-physical-layer-security-in-cognitive-radio-networks(d9036158-5310-4292-b93d-f542354269a7).html.
Full textAbstract:
A cognitive radio is an intelligent wireless communication system that improves spectrum utilisation by allowing secondary users to use the idle radio spectrum from primary licensed networks or to share the spectrum with primary users. Due to several significant challenges for cryptographic approaches of upper layers in protocol stacks | for example, private key management complexity and key transmission security issues | physical layer (PHY) security has drawn significant attention as an alternative for cryptographic approaches at the upper layers of the protocol stack. Security threats may arise from passive eavesdropping node(s), which try to intercept communications between authenticated nodes. Most recent studies consider information theoretic secrecy to be a promising approach. The idea of information theoretic secrecy lies in exploiting the randomness of communication channels to ensure the secrecy of the transmitted messages. Due to the constraints imposed on cognitive radio networks by secondary networks, allocating their resources in an optimal way is a key to maximising their achievable secrecy rates. Therefore, in this thesis, optimal resource allocation and secrecy rate maximisation of cognitive radio networks (CRNs) are proposed. Cooperative jamming is proposed to enhance the primary secrecy rate, and a new chaos-based cost function is introduced in order to design a power control algorithm and analyse the dynamic spectrum-sharing issue in the uplink of cellular CRNs. For secondary users as the game players in underlay scenarios, utility/cost functions are defined, taking into account the interference from and interference tolerance of the primary users. The existence of the Nash equilibrium is proved in this power control game, which leads to significantly lower power consumption and a relatively fast convergence rate when compared to existing game algorithms. The simulation results indicate that the primary secrecy rate is significantly improved by cooperative jamming, and the proposed power control algorithm achieves low power consumption. In addition, an integrated scheme with chaotic scrambling (CS), chaotic artificial noise, and a chaotic shift keying (CSK) scheme are proposed in an orthogonal frequency division multiplexing (OFDM)-based CR system to enhance its physical layer security. By employing the chaos-based third-order Chebyshev map to achieve the optimum bit error rate (BER) performance of CSK modulation, the proposed three-layer integrated scheme outperforms the traditional OFDM system in an overlay scenario with a Rayleigh fading channel. Importantly, under three layers of encryption that are based on chaotic scrambling, chaotic artificial noise, and CSK modulation, a large key size can be generated to resist brute-force attacks and eavesdropping, leading to a significantly improved security rate. Furthermore, a game theory-based cooperation scheme is investigated to enhance physical layer (PHY) security in both the primary and secondary transmissions of a cognitive radio network (CRN). In CRNs, the primary network may decide to lease its own spectrum for a fraction of time to the secondary nodes in exchange for appropriate remuneration. The secondary transmitter (ST) is considered to be a trusted relay for primary transmission in the presence of the ED. The ST forwards a message from the primary transmitter (PT) in a decode-and-forward (DF) fashion and, at the same time, allows part of its available power to be used to transmit an artificial noise (i.e., jamming signal) to enhance secrecy rates. In order to allocate power between the message and jamming signals, the optimisation problem is formulated and solved for maximising the primary secrecy rate (PSR) and secondary secrecy rate (SSR) with malicious attempts from a single eavesdropper or multiple eavesdroppers. Cooperation between the primary and secondary transmitters is also analysed from a game-theoretic perspective, and their interaction modelled as a Stackelberg game. This study proves theoretically and computes the Stackelberg equilibrium. Numerical examples are provided to illustrate the impact of the Stackelberg game-based optimisation on the achievable PSR and SSR. The numerical results indicate that spectrum leasing, based on trading secondary access for cooperation by means of relay and a jammer, is a promising framework for enhancing primary and secondary secrecy rates in cognitive radio networks when the ED can intercept both the primary and secondary transmission. Finally, this thesis focuses on physical-layer security in cognitive radio networks where multiple secondary nodes assist multiple primary nodes in combating unwanted eavesdropping from malicious eavesdroppers. Two scenarios are considered: a single eavesdropper (scenario I) and multiple eavesdroppers (scenario II). The secondary users act as a relay and jammer in scenario I, whereas they act only as a jammer in scenario II. Furthermore, the multiple eavesdroppers are distributed according to a homogenous Poison Point Process (PPP) in scenario II. Closed forms are derived for the outage probability and mean secrecy rate for both the primary and secondary transmissions. Furthermore, the scalability and convergence of the matching theory are proved. Both the analytical and numerical results show that the proposed matching model is a promising approach for exploiting the utility functions of both primary and secondary users.
24
Jokhio, Imran Ali. "A scalable scheme for enhancing EPC network security." Thesis, University of Leeds, 2010. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.530830.
Full text
25
Cooney, Geoffrey T. (Geoffrey Thomas) 1980. "Optimizing neural networks for enhancing air traffic security." Thesis, Massachusetts Institute of Technology, 2004. http://hdl.handle.net/1721.1/28382.
Full textAbstract:
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.Includes bibliographical references (leaves 81-83).
This thesis contains the process and results related to optimizing a neural network to predict future positions of airplanes in the vicinity of airports. These predicted positions are then used to calculate future separation distances between pairs of airplanes. The predicted values of the separation distance are used to ensure adequate distances between adjacent aircrafts in the air and, if necessary, to create early warning alarms to alert air traffic control tower personnel about planes that may pass too near each other in the immediate future. The thesis covers three areas of work on this topic. The first section involves optimizing a neural network for Chicago O'Hare Airport. The second is related to gathering data on the performance of this network in different scenarios. These data can be used to determine if the different days/runways have different characteristics. The final phase of this document describes how to generalize the process used to build an optimized neural network for Chicago O'Hare airport in order to provide the capability to easily recreate the process for another airport.
by Geoffrey T. Cooney.
M.Eng.
26
Cadar, Cristian. "Enhancing availability and security through boundless memory blocks." Thesis, Massachusetts Institute of Technology, 2004. http://hdl.handle.net/1721.1/33123.
Full textAbstract:
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.Includes bibliographical references (leaves 49-52).
We present a new technique, boundless memory blocks, that automatically eliminates buffer overflow errors, enabling programs to continue to execute through memory errors without memory corruption. Buffer overflow vulnerabilities are caused by programming errors that allow an attacker to cause the program to write beyond the bounds of an allocated memory block to corrupt other data structures. The standard way to exploit a buffer overflow vulnerability involves a request that is too large for the buffer intended to hold it. The buffer overflow error causes the program to write part of the request beyond the bounds of the buffer, corrupting the address space of the program and causing the program to execute injected code contained in the request. Our boundless memory blocks compiler inserts checks that dynamically detect all out of bounds accesses. When it detects an out of bounds write, it stores the value away in a hash. Our compiler can then return the stored value as the result of an out of bounds read to that address. In the case of uninitialized addresses, our compiler simply returns a predefined value. We have acquired several widely used open source applications (Apache, Sendmail, Pine, Mutt, and Midnight Commander). With standard compilers, all of these applications are vulnerable to buffer overflow attacks as documented at security tracking web sites. Instead, our compiler enables the applications to execute successfully through buffer overflow attacks to continue to correctly service user requests without security vulnerabilities. We have also found that only one application contains uninitialized reads, which means that in most cases, the net effect of our compiler is to (conceptually) give each allocated memory block unbounded size and to eliminate out of bounds accesses as a programming error.
by Cristian Cadar.
M.Eng.
27
Frantz, Miles Eugene. "Enhancing CryptoGuard's Deployability for Continuous Software Security Scanning." Thesis, Virginia Tech, 2020. http://hdl.handle.net/10919/98521.
Full textAbstract:
The increasing development speed via Agile may introduce overlooked security steps in the process, with an example being the Iowa Caucus application. Verifying the protection of confidential information such as social security numbers requires security at all levels, providing protection through any connected applications. CryptoGuard is a static code analyzer for Java. This program verifies that developers do not leave vulnerabilities in their application. The program aids the developer by identifying cryptographic misuses such as hard-coded keys, weak program hashes, and using insecure protocols. In my Master thesis work, I made several important contributions to improving the deployability, accessibility, and usability of CryptoGuard. I extended CryptoGuard to scan source and compiled code, created live documentation, and supported a dual cloud and local tool-suite. I also created build tool plugins and a program aid for CryptoGuard. In addition, I also analyzed several Java-related surveys encompassing more than 50,000 developers and reported interesting current practices of real-world software developers.Master of Science
Throughout the rise of software development, there has been an increase in development speed with developers embracing methodologies that use higher rates of changes, such as Agile. Since Agile naturally addresses "problems of rapid change", this also increases the likelihood of insecure and vulnerable coding practices. Though consumers depend on various public applications, there can still be failures throughout the development process in applications such as the Iowa caucus application. It was determined the Iowa cacus application development teams' repository credentials (API key) was left within the application itself. API keys provide the credential to be able to directly interact with server systems, and if left unguarded can be easily exploited. Since the Iowa cacus application was released publicly, malicious actors (other people looking to exploit the application) may have already discovered this credential. Within our team we have created CryptoGuard, a program to analyze applications to detect cryptographic issues such as an API key. Creating it with scalability in mind, it was created to be able to scan enterprise code at a reasonable speed. To ensure its use within companies, we have been working on extending and enhancing the work to the current needs of Java developers. Verifying the current Java landscape, we investigated three different companies and their developer ecosystem surveys that are publicly available. Amongst these companies are; JetBrains, known for their Integrated Development Environments (IDE, or application to help write applications) and their own programming language, Snyk, known for their public security platform and anti-virus capability, and Jakarta EE, which is the new platform for the enterprise version of Java. Throughout these surveys, we accumulate more than 50,000 developers' responses, spanning various countries, company experience, and ages. With their responses amalgamated, we enhance CryptoGuard to be available to as many developers and their requests as possible.First, CryptoGuard is enhanced to scan a projects source code. After that, ensuring our project is hosted by a cloud service, we actively are extending our project to the Security Assurance Marketplace (SWAMP). Funded by the DHS, SWAMP not only supplies a public cloud for developers to use, but a local download option to scan a program within the user's own computer. Next, we create a plugin for two most used build tools, Gradle and Maven. Then to ensure CryptoGuard can be have reactive aide, CryptoSoule is created to aide minimal interface aide. Finally utilizing a live documentation service, an open source documentation website was created to provide working examples to the community.
28
Al-Shareeda, Sarah Yaseen Abdulrazzaq. "Enhancing Security, Privacy, and Efficiency of Vehicular Networks." The Ohio State University, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=osu150032914711847.
Full text
29
Van, Balen Nicolas Jorge. "Enhancing Usability and Security through Alternative Authentication Methods." W&M ScholarWorks, 2017. https://scholarworks.wm.edu/etd/1516639579.
Full textAbstract:
With the expanding popularity of various Internet services, online users have be- come more vulnerable to malicious attacks as more of their private information is accessible on the Internet. The primary defense protecting private information is user authentication, which currently relies on less than ideal methods such as text passwords and PIN numbers. Alternative methods such as graphical passwords and behavioral biometrics have been proposed, but with too many limitations to replace current methods. However, with enhancements to overcome these limitations and harden existing methods, alternative authentications may become viable for future use. This dissertation aims to enhance the viability of alternative authentication systems. In particular, our research focuses on graphical passwords, biometrics that depend, directly or indirectly, on anthropometric data, and user authentication en- hancements using touch screen features on mobile devices. In the study of graphical passwords, we develop a new cued-recall graphical pass- word system called GridMap by exploring (1) the use of grids with variable input entered through the keyboard, and (2) the use of maps as background images. as a result, GridMap is able to achieve high key space and resistance to shoulder surfing attacks. to validate the efficacy of GridMap in practice, we conduct a user study with 50 participants. Our experimental results show that GridMap works well in domains in which a user logs in on a regular basis, and provides a memorability benefit if the chosen map has a personal significance to the user. In the study of anthropometric based biometrics through the use of mouse dy- namics, we present a method for choosing metrics based on empirical evidence of natural difference in the genders. In particular, we develop a novel gender classifi- cation model and evaluate the model’s accuracy based on the data collected from a group of 94 users. Temporal, spatial, and accuracy metrics are recorded from kine- matic and spatial analyses of 256 mouse movements performed by each user. The effectiveness of our model is validated through the use of binary logistic regressions. Finally, we propose enhanced authentication schemes through redesigned input, along with the use of anthropometric biometrics on mobile devices. We design a novel scheme called Triple Touch PIN (TTP) that improves traditional PIN number based authentication with highly enlarged keyspace. We evaluate TTP on a group of 25 participants. Our evaluation results show that TTP is robust against dictio- nary attacks and achieves usability at acceptable levels for users. We also assess anthropometric based biometrics by attempting to differentiate user fingers through the readings of the sensors in the touch screen. We validate the viability of this biometric approach on 33 users, and observe that it is feasible for distinguishing the fingers with the largest anthropometric differences, the thumb and pinkie fingers.
30
Yi, Shanhe. "Enhancing Usability, Security, and Performance in Mobile Computing." W&M ScholarWorks, 2018. https://scholarworks.wm.edu/etd/1530192793.
Full textAbstract:
We have witnessed the prevalence of smart devices in every aspect of human life. However, the ever-growing smart devices present significant challenges in terms of usability, security, and performance. First, we need to design new interfaces to improve the device usability which has been neglected during the rapid shift from hand-held mobile devices to wearables. Second, we need to protect smart devices with abundant private data against unauthorized users. Last, new applications with compute-intensive tasks demand the integration of emerging mobile backend infrastructure. This dissertation focuses on addressing these challenges. First, we present GlassGesture, a system that improves the usability of Google Glass through a head gesture user interface with gesture recognition and authentication. We accelerate the recognition by employing a novel similarity search scheme, and improve the authentication performance by applying new features of head movements in an ensemble learning method. as a result, GlassGesture achieves 96% gesture recognition accuracy. Furthermore, GlassGesture accepts authorized users in nearly 92% of trials, and rejects attackers in nearly 99% of trials. Next, we investigate the authentication between a smartphone and a paired smartwatch. We design and implement WearLock, a system that utilizes one's smartwatch to unlock one's smartphone via acoustic tones. We build an acoustic modem with sub-channel selection and adaptive modulation, which generates modulated acoustic signals to maximize the unlocking success rate against ambient noise. We leverage the motion similarities of the devices to eliminate unnecessary unlocking. We also offload heavy computation tasks from the smartwatch to the smartphone to shorten response time and save energy. The acoustic modem achieves a low bit error rate (BER) of 8%. Compared to traditional manual personal identification numbers (PINs) entry, WearLock not only automates the unlocking but also speeds it up by at least 18%. Last, we consider low-latency video analytics on mobile devices, leveraging emerging mobile backend infrastructure. We design and implement LAVEA, a system which offloads computation from mobile clients to edge nodes, to accomplish tasks with intensive computation at places closer to users in a timely manner. We formulate an optimization problem for offloading task selection and prioritize offloading requests received at the edge node to minimize the response time. We design and compare various task placement schemes for inter-edge collaboration to further improve the overall response time. Our results show that the client-edge configuration has a speedup ranging from 1.3x to 4x against running solely by the client and 1.2x to 1.7x against the client-cloud configuration.
31
Liyanage, M. (Madhusanka). "Enhancing security and scalability of Virtual Private LAN Services." Doctoral thesis, Oulun yliopisto, 2016. http://urn.fi/urn:isbn:9789526213767.
Full textAbstract:
Abstract Ethernet based VPLS (Virtual Private LAN Service) is a transparent, protocol independent, multipoint L2VPN (Layer 2 Virtual Private Network) mechanism to interconnect remote customer sites over IP (Internet Protocol) or MPLS (Multiprotocol Label Switching) based provider networks. VPLS networks are now becoming attractive in many Enterprise applications, such as DCI (data center interconnect), voice over IP (VoIP) and videoconferencing services due to their simple, protocol-independent and cost efficient operation. However, these new VPLS applications demand additional requirements, such as elevated security, enhanced scalability, optimum utilization of network resources and further reduction in operational costs. Hence, the motivation of this thesis is to develop secure and scalable VPLS architectures for future communication networks. First, a scalable secure flat-VPLS architecture is proposed based on a Host Identity Protocol (HIP). It contains a session key-based security mechanism and an efficient broadcast mechanism that increase the forwarding and security plane scalability of VPLS networks. Second, a secure hierarchical-VPLS architecture is proposed to achieve control plane scalability. A novel encrypted label-based secure frame forwarding mechanism is designed to transport L2 frames over a hierarchical VPLS network. Third, a novel Distributed Spanning Tree Protocol (DSTP) is designed to maintain a loop free Ethernet network over a VPLS network. With DSTP it is proposed to run a modified STP (Spanning Tree Protocol) instance in each remote segment of the VPLS network. In addition, two Redundancy Identification Mechanisms (RIMs) termed Customer Associated RIMs (CARIM) and Provider Associated RIMs (PARIM) are used to mitigate the impact of invisible loops in the provider network. Lastly, a novel SDN (Software Defined Networking) based VPLS (Soft-VPLS) architecture is designed to overcome tunnel management limitations in legacy secure VPLS architectures. Moreover, three new mechanisms are proposed to improve the performance of legacy tunnel management functions: 1) A dynamic tunnel establishment mechanism, 2) a tunnel resumption mechanism and 3) a fast transmission mechanism. The proposed architecture utilizes a centralized controller to command VPLS tunnel establishment based on real-time network behavior. Hence, the results of the thesis will help for more secure, scalable and efficient system design and development of VPLS networks. It will also help to optimize the utilization of network resources and further reduction in operational costs of future VPLS networksTiivistelmä Ethernet-pohjainen VPLS (Virtual Private LAN Service) on läpinäkyvä, protokollasta riippumaton monipisteverkkomekanismi (Layer 2 Virtual Private Network, L2VPN), jolla yhdistetään asiakkaan etäkohteet IP (Internet Protocol)- tai MPLS (Multiprotocol Label Switching) -yhteyskäytäntöön pohjautuvien palveluntarjoajan verkkojen kautta. VPLS-verkoista on yksinkertaisen protokollasta riippumattoman ja kustannustehokkaan toimintatapansa ansiosta tullut kiinnostavia monien yrityssovellusten kannalta. Tällaisia sovelluksia ovat esimerkiksi DCI (Data Center Interconnect), VoIP (Voice over IP) ja videoneuvottelupalvelut. Uusilta VPLS-sovelluksilta vaaditaan kuitenkin uusia asioita, kuten parempaa tietoturvaa ja skaalautuvuutta, optimaalista verkkoresurssien hyödyntämistä ja käyttökustannusten pienentämistä entisestään. Tämän väitöskirjan tarkoituksena onkin kehittää turvallisia ja skaalautuvia VPLS-arkkitehtuureja tulevaisuuden tietoliikenneverkoille. Ensin väitöskirjassa esitellään skaalautuva ja turvallinen flat-VPLS-arkkitehtuuri, joka perustuu Host Identity Protocol (HIP) -protokollaan. Seuraavaksi käsitellään istuntoavaimiin perustuvaa tietoturvamekanismia ja tehokasta lähetysmekanismia, joka parantaa VPLS-verkkojen edelleenlähetyksen ja tietoturvatason skaalautuvuutta. Tämän jälkeen esitellään turvallinen, hierarkkinen VPLS-arkkitehtuuri, jolla saadaan aikaan ohjaustason skaalautuvuus. Väitöskirjassa kuvataan myös uusi salattu verkkotunnuksiin perustuva tietokehysten edelleenlähetysmekanismi, jolla L2-kehykset siirretään hierarkkisessa VPLS-verkossa. Lisäksi väitöskirjassa ehdotetaan uuden Distributed Spanning Tree Protocol (DSTP) -protokollan käyttämistä vapaan Ethernet-verkkosilmukan ylläpitämiseen VPLS-verkossa. DSTP:n avulla on mahdollista ajaa muokattu STP (Spanning Tree Protocol) -esiintymä jokaisessa VPLS-verkon etäsegmentissä. Väitöskirjassa esitetään myös kaksi Redundancy Identification Mechanism (RIM) -mekanismia, Customer Associated RIM (CARIM) ja Provider Associated RIM (PARIM), joilla pienennetään näkymättömien silmukoiden vaikutusta palveluntarjoajan verkossa. Viimeiseksi ehdotetaan uutta SDN (Software Defined Networking) -pohjaista VPLS-arkkitehtuuria (Soft-VPLS) vanhojen turvallisten VPLS-arkkitehtuurien tunnelinhallintaongelmien poistoon. Näiden lisäksi väitöskirjassa ehdotetaan kolmea uutta mekanismia, joilla voidaan parantaa vanhojen arkkitehtuurien tunnelinhallintatoimintoja: 1) dynaaminen tunnelinluontimekanismi, 2) tunnelin jatkomekanismi ja 3) nopea tiedonsiirtomekanismi. Ehdotetussa arkkitehtuurissa käytetään VPLS-tunnelin luomisen hallintaan keskitettyä ohjainta, joka perustuu reaaliaikaiseen verkon käyttäytymiseen. Tutkimuksen tulokset auttavat suunnittelemaan ja kehittämään turvallisempia, skaalautuvampia ja tehokkaampia VLPS järjestelmiä, sekä auttavat hyödyntämään tehokkaammin verkon resursseja ja madaltamaan verkon operatiivisia kustannuksia
32
Saed, Mustafa. "Techniques for Enhancing the Security of Future Smart Grids." Thesis, University of Detroit Mercy, 2019. http://pqdtopen.proquest.com/#viewpdf?dispub=10793626.
Full textAbstract:
The smart grid is a new technology that uses new and sophisticated techniques for electrical transmission and distribution in order to provide excellent electrical service to customers, and allow them to manage their electricity consumption in a two-way communication. The idea of the “Smart Grid” was most likely invented by researchers and engineers at the U.S. Department of Energy, who were concerned with increasing the level of functionalities and intelligence of the contemporary electrical grid. Some of these functionalities typically include knowledge about generation, the ability to automate substations, and methods of communicating with consumers.
Improvements in the performance of network and smart grid systems have significantly enriched their effectiveness and consistency. Unfortunately, these advances also pose new threats when the systems are not equipped with the proper security measures resulting in use safety issues, such as a disconnection of electrical power source. Even though addressing the security concerns of a massive and powerful system can be overwhelming, appropriate installation of electrical equipment can prevent cyber-attacks from harming essential functions.
The most effective security measures can be employed by every component of the smart grid communications network through understanding practices and principles found in similar systems and industries.
This dissertation leverages the work that has been done with regards to the security of the smart grid. Protecting the two-way direct and indirect communication of smart meters with collectors through the introduction of the three cryptographic protocols based on PKI will be emphasized. The security of indirect communication is more difficult in comparison to the direct one as readings (measurements) have to travel through other smart meters before reaching the collector. The introduced schemes satisfy the security requirements; confidentiality, integrity, and nonrepudiation. Furthermore, a risk analysis of the three designed security protocols for smart meters in smart grid networks will be performed. Finally, a technique for verifying the security of the three developed security protocols between smart meters, the central gateway (collector), and supervisory nodes (substation) will be presented. The verification process of these protocols relies on the CryptoVerif tool using two phases. In the first phase, the protocols were manually investigated for security flaws, inconsistencies, and incorrect usage of cryptographic primitives. During the second phase, the protocols were analyzed using the CryptoVerif, an automated formal method-based analysis tool. Several efficiency improvements are presented as an outcome of these analyses. Furthermore, the future work will concentrate on simulating and integrating the three designed protocols, and securing the data reading (Smart Meter-Collector-Substation/Utility) before uploading it to the smart grid cloud by the public utility. In addition, a new security technique to secure the smart grid cloud will be discussed.
33
Dresser, Eric L. (Eric Lane). "The effectiveness and economic impact of enhancing container security." Thesis, Massachusetts Institute of Technology, 2004. http://hdl.handle.net/1721.1/33424.
Full textAbstract:
Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Ocean Engineering, 2004.Includes bibliographical references (p. 96-101).
Over the past few decades, international containerized shipping has evolved to become the main artery of global trade, providing both convenient and inexpensive access to goods from markets around the world. Yet the very size and efficiencies that have made container shipping such an attractive means of transport have also created a system that is highly vulnerable to terrorist exploitation. This paper outlines the current initiatives taken by both the public and private sector to address the security vulnerabilities in the container industry. The solution targets three main areas for, security: documentation/information, physical security, and inspections. The technology utilized to improve the physical security of the container can also be used to track shipments and secure the container from pilferage. This generates a win-win relationship between enhancing container security while improving supply chain information and control. An economic model is used to demonstrate the cost savings and cost avoidance from the information and control provided by security technologies. The savings to shippers more than offsets the cost of implementing these technologies. This is a valuable approach to solving the problem of container security because it concurrently provides incentive to the private sector and protects global interests.
by Eric L. Dresser.
S.M.
34
Wild, Stefan. "Enhancing Security in Managing Personal Data by Web Systems." Universitätsverlag Chemnitz, 2016. https://monarch.qucosa.de/id/qucosa%3A20629.
Full textAbstract:
Web systems have become an integral part in daily life of billions of people. Social is a key characteristic today’s web projects need to feature in order to be successful in the social age. To benefit from an improved user experience, individual persons are continually invited to reveal more and more personal data to web systems.
With a rising severity of attacks on web systems, it is evident that their security is inadequate for the amount of accumulated personal data. Numerous threat reports indicate that social media has become a top-ranking attack target, with climbing impacts, with ramifications beyond single individuals and with a booming black market to trade leaked personal data.
To enhance information security in managing personal data by web systems for the mutual benefit of individual persons, companies and governments, this dissertation proposes a solution architecture and three research contributions. While the solution architecture establishes the foundation for a more secure management of personal data by web systems, the research contributions represent complementary components for protecting personal data against unwanted data disclosure, tampering and use without the actual data owner’s intent or knowledge. Not only do these components enable seamless integration and combination, but they also contribute to assure quality and maintainability. The dissertation concludes with discussing evaluation results and providing an outlook towards future work.
35
Wild, Stefan. "Enhancing Security in Managing Personal Data by Web Systems." Doctoral thesis, Universitätsbibliothek Chemnitz, 2017. http://nbn-resolving.de/urn:nbn:de:bsz:ch1-qucosa-217284.
Full textAbstract:
Web systems have become an integral part in daily life of billions of people. Social is a key characteristic today’s web projects need to feature in order to be successful in the social age. To benefit from an improved user experience, individual persons are continually invited to reveal more and more personal data to web systems.
With a rising severity of attacks on web systems, it is evident that their security is inadequate for the amount of accumulated personal data. Numerous threat reports indicate that social media has become a top-ranking attack target, with climbing impacts, with ramifications beyond single individuals and with a booming black market to trade leaked personal data.
To enhance information security in managing personal data by web systems for the mutual benefit of individual persons, companies and governments, this dissertation proposes a solution architecture and three research contributions. While the solution architecture establishes the foundation for a more secure management of personal data by web systems, the research contributions represent complementary components for protecting personal data against unwanted data disclosure, tampering and use without the actual data owner’s intent or knowledge. Not only do these components enable seamless integration and combination, but they also contribute to assure quality and maintainability. The dissertation concludes with discussing evaluation results and providing an outlook towards future work.
36
Lee, Danielle. "Enhancing national security by strengthening the legal immigration system." Thesis, Monterey, California : Naval Postgraduate School, 2009. http://edocs.nps.edu/npspubs/scholarly/theses/2009/Dec/09Dec%5FLee_Danielle.pdf.
Full textAbstract:
Thesis (M.A. in Security Studies (Homeland Security and Defense)--Naval Postgraduate School, December 2009.Thesis Advisor(s): Bach, Robert; Joyce, Nola. "December 2009." Description based on title screen as viewed on January 26, 2009. Author(s) subject terms: U.S. Citizenship and Immigration Services (USCIS), immigration, benefit, fraud, terrorism, border security, watch list, immigration reform. Includes bibliographical references (p. 83-91). Also available in print.
37
Bi, Ying. "Enhancing Physical-Layer Security in Wireless Powered Communication Networks." Thesis, The University of Sydney, 2017. http://hdl.handle.net/2123/16890.
Full textAbstract:
In modern society, the communications sector is a critical enabler of economic and social activity. Despite the benefit of the improved ubiquitousness, the rapid diffusion of communications technologies is driving one to question the security of communications networks and systems. It is this situation which has motivated the research and development work to be reported in this thesis. Especially, this thesis consists of two parts: The first part focuses on our main research under the umbrella of physical-layer security (PLS), and the second part presents our work on security and data management in Smart Grid communication networks (SGCNs). Security technologies embedded at the physical layer of the communication systems can provide additional countermeasure against the inherent interception threat associated with a wireless transmission medium. Unlike traditional cryptographic solutions, which usually handle security at the network and application layer, the PLS techniques exploit the randomness that is intrinsic to the physical communication channel. Specifically, the first part of this thesis addresses the problem of defeating passive eavesdroppers in wireless-powered communication networks (WPCNs). The primary concern is to develop and analyze secure transmission protocols based on PLS and radio frequency energy harvesting techniques in WPCNs. This thesis starts with investigating the problem of secure transmission between a wireless-powered transmitter and a receiver in the presence of multiple eavesdroppers. To counteract eavesdropping, a transmission protocol named accumulate-then-transmit (ATT) is proposed. Specifically, the proposed protocol employs a multi-antenna power beacon (PB) to assist the transmitter with secure transmission. First, the PB transfers wireless power to charge the transmitter's battery. After accumulating enough energy, the transmitter sends confidential information to the receiver, and simultaneously, the PB emits jamming signals (i.e., artificial noise) to interfere with the eavesdroppers. A key element of the protocol is the perfect channel state information (CSI), with which the jamming signals can be deliberately designed to avoid disturbing the intended receiver. Based on the assumption that the eavesdroppers do not collude, the secrecy performance of the proposed protocol is evaluated in terms of secrecy outage probability and secrecy throughput. This study reveals that cooperative jamming (CJ) is a critical enabler of physical-layer security in WPCNs. After investigating the use of a multi-antenna PB with perfect CSI, this thesis exploits the employment of a wireless-powered full-duplex (FD) jammer to enhance the secrecy in the presence of CSI errors. Noteworthy, due to imperfect CSI, the jamming signals transmitted by the jammer yield undesired interference at the receiver. This study analyzes the impact of channel estimation error on the secrecy performance. Besides, due to the FD capability, the jammer is able to perform simultaneous jamming and energy harvesting. It hence makes the energy storage of the jammer experience concurrent charging and discharging. A hybrid energy storage system with finite capacity is adopted, and its long-term stationary distribution of the energy state is characterized through a finite-state Markov Chain. The secrecy performance of the proposed accumulate-and-jam (AnJ) protocol is evaluated to reveal its merits. Moreover, an alternative energy storage model with infinite capacity and the use of a wireless-powered half-duplex (HD) jammer are also exploited to serve as benchmarks. In the second part of the thesis, security and data management issues are investigated in SGCNs. Due to the integrations of communications and information technologies with the power system, data security and management play a crucial role in the Smart Grid. First, the problem of the unauthorized real-time pricing (RTP) information redistribution between advanced metering infrastructure (AMI) participants and nonparticipants is addressed via an evolutionary game model. The objective is to find the optimal AMI subscription price associated with the maximal proportion of participating consumers. Second, a voluntary real-time incentive scheme is proposed to promote the participation of electricity consumers in reporting their power demand. Simulation results demonstrate that the proposed voluntary scheme can achieve satisfactory social welfare as compared with compulsory demand upload schemes. Finally, time-varying attacks in the SGCNs are studied, and a time-correlated attacker-defender model is developed and analyzed to ensure attack detection while maintaining low defense expense.
38
Reid, Jason Frederick. "Enhancing security in distributed systems with trusted computing hardware." Thesis, Queensland University of Technology, 2007. https://eprints.qut.edu.au/16379/1/Jason_Reid_Thesis.pdf.
Full textAbstract:
The need to increase the hostile attack resilience of distributed and internet-worked computer systems is critical and pressing. This thesis contributes to concrete improvements in distributed systems trustworthiness through an enhanced understanding of a technical approach known as trusted computing hardware. Because of its physical and logical protection features, trusted computing hardware can reliably enforce a security policy in a threat model where the authorised user is untrusted or when the device is placed in a hostile environment.
We present a critical analysis of vulnerabilities in current systems, and argue that current industry-driven trusted computing initiatives will fail in efforts to retrofit security into inherently flawed operating system designs, since there is no substitute for a sound protection architecture grounded in hardware-enforced domain isolation. In doing so we identify the limitations of hardware-based approaches. We argue that the current emphasis of these programs does not give sufficient weight to the role that operating system security plays in overall system security. New processor features that provide hardware support for virtualisation will contribute more to practical security improvement because they will allow multiple operating systems to concurrently share the same processor. New operating systems that implement a sound protection architecture will thus be able to be introduced to support applications with stringent security requirements. These can coexist alongside inherently less secure mainstream operating systems, allowing a gradual migration to less vulnerable alternatives.
We examine the effectiveness of the ITSEC and Common Criteria evaluation and certification schemes as a basis for establishing assurance in trusted computing hardware. Based on a survey of smart card certifications, we contend that the practice of artificially limiting the scope of an evaluation in order to gain a higher assurance rating is quite common. Due to a general lack of understanding in the marketplace as to how the schemes work, high evaluation assurance levels are confused with a general notion of 'high security strength'. Vendors invest little effort in correcting the misconception since they benefit from it and this has arguably undermined the value of the whole certification process.
We contribute practical techniques for securing personal trusted hardware devices against a type of attack known as a relay attack. Our method is based on a novel application of a phenomenon known as side channel leakage, heretofore considered exclusively as a security vulnerability. We exploit the low latency of side channel information transfer to deliver a communication channel with timing resolution that is fine enough to detect sophisticated relay attacks. We avoid the cost and complexity associated with alternative communication techniques suggested in previous proposals. We also propose the first terrorist attack resistant distance bounding protocol that is efficient enough to be implemented on resource constrained devices.
We propose a design for a privacy sensitive electronic cash scheme that leverages the confidentiality and integrity protection features of trusted computing hardware. We specify the command set and message structures and implement these in a prototype that uses Dallas Semiconductor iButtons.
We consider the access control requirements for a national scale electronic health records system of the type that Australia is currently developing. We argue that an access control model capable of supporting explicit denial of privileges is required to ensure that consumers maintain their right to grant or withhold consent to disclosure of their sensitive health information in an electronic system. Finding this feature absent in standard role-based access control models, we propose a modification to role-based access control that supports policy constructs of this type. Explicit denial is difficult to enforce in a large scale system without an active central authority but centralisation impacts negatively on system scalability. We show how the unique properties of trusted computing hardware can address this problem. We outline a conceptual architecture for an electronic health records access control system that leverages hardware level CPU virtualisation, trusted platform modules, personal cryptographic tokens and secure coprocessors to implement role based cryptographic access control. We argue that the design delivers important scalability benefits because it enables access control decisions to be made and enforced locally on a user's computing platform in a reliable way.
39
Reid, Jason Frederick. "Enhancing security in distributed systems with trusted computing hardware." Queensland University of Technology, 2007. http://eprints.qut.edu.au/16379/.
Full textAbstract:
The need to increase the hostile attack resilience of distributed and internet-worked computer systems is critical and pressing. This thesis contributes to concrete improvements in distributed systems trustworthiness through an enhanced understanding of a technical approach known as trusted computing hardware. Because of its physical and logical protection features, trusted computing hardware can reliably enforce a security policy in a threat model where the authorised user is untrusted or when the device is placed in a hostile environment.
We present a critical analysis of vulnerabilities in current systems, and argue that current industry-driven trusted computing initiatives will fail in efforts to retrofit security into inherently flawed operating system designs, since there is no substitute for a sound protection architecture grounded in hardware-enforced domain isolation. In doing so we identify the limitations of hardware-based approaches. We argue that the current emphasis of these programs does not give sufficient weight to the role that operating system security plays in overall system security. New processor features that provide hardware support for virtualisation will contribute more to practical security improvement because they will allow multiple operating systems to concurrently share the same processor. New operating systems that implement a sound protection architecture will thus be able to be introduced to support applications with stringent security requirements. These can coexist alongside inherently less secure mainstream operating systems, allowing a gradual migration to less vulnerable alternatives.
We examine the effectiveness of the ITSEC and Common Criteria evaluation and certification schemes as a basis for establishing assurance in trusted computing hardware. Based on a survey of smart card certifications, we contend that the practice of artificially limiting the scope of an evaluation in order to gain a higher assurance rating is quite common. Due to a general lack of understanding in the marketplace as to how the schemes work, high evaluation assurance levels are confused with a general notion of 'high security strength'. Vendors invest little effort in correcting the misconception since they benefit from it and this has arguably undermined the value of the whole certification process.
We contribute practical techniques for securing personal trusted hardware devices against a type of attack known as a relay attack. Our method is based on a novel application of a phenomenon known as side channel leakage, heretofore considered exclusively as a security vulnerability. We exploit the low latency of side channel information transfer to deliver a communication channel with timing resolution that is fine enough to detect sophisticated relay attacks. We avoid the cost and complexity associated with alternative communication techniques suggested in previous proposals. We also propose the first terrorist attack resistant distance bounding protocol that is efficient enough to be implemented on resource constrained devices.
We propose a design for a privacy sensitive electronic cash scheme that leverages the confidentiality and integrity protection features of trusted computing hardware. We specify the command set and message structures and implement these in a prototype that uses Dallas Semiconductor iButtons.
We consider the access control requirements for a national scale electronic health records system of the type that Australia is currently developing. We argue that an access control model capable of supporting explicit denial of privileges is required to ensure that consumers maintain their right to grant or withhold consent to disclosure of their sensitive health information in an electronic system. Finding this feature absent in standard role-based access control models, we propose a modification to role-based access control that supports policy constructs of this type. Explicit denial is difficult to enforce in a large scale system without an active central authority but centralisation impacts negatively on system scalability. We show how the unique properties of trusted computing hardware can address this problem. We outline a conceptual architecture for an electronic health records access control system that leverages hardware level CPU virtualisation, trusted platform modules, personal cryptographic tokens and secure coprocessors to implement role based cryptographic access control. We argue that the design delivers important scalability benefits because it enables access control decisions to be made and enforced locally on a user's computing platform in a reliable way.
40
Miguel, Moneo Jorge. "An information security model based on trustworthiness for enhancing security in on-line collaborative learning." Doctoral thesis, Universitat Oberta de Catalunya, 2015. http://hdl.handle.net/10803/399030.
Full textAbstract:
L'objectiu principal d'aquesta tesi és incorporar propietats i serveis de la seguretat en sistemes d'informació en l'aprenentatge col·laboratiu en línia, seguint un model funcional basat en la valoració i predicció de la confiança. Aquesta tesi estableix com a punt de partença el disseny d'una solució de seguretat innovadora, basada en una metodologia pròpia per a oferir als dissenyadors i gestors de l'e-learning les línies mestres per a incorporar mesures de seguretat en l'aprenentatge col·laboratiu en línia. Aquestes guies cobreixen tots els aspectes sobre el disseny i la gestió que s'han de considerar en els processos relatius a l'e-learning, entre altres l'anàlisi de seguretat, el disseny d'activitats d'aprenentatge, la detecció d'accions anòmales o el processament de dades sobre confiança. La temàtica d'aquesta tesi té una naturalesa multidisciplinària i, al seu torn, les diferents disciplines que la formen estan íntimament relacionades. Les principals disciplines de què es tracta en aquesta tesi són l'aprenentatge col·laboratiu en línia, la seguretat en sistemes d'informació, els entorns virtuals d'aprenentatge (EVA) i la valoració i predicció de la confiança. Tenint en compte aquest àmbit d'aplicació, el problema de garantir la seguretat en els processos d'aprenentatge col·laboratiu en línia es resol amb un model híbrid construït sobre la base de solucions funcionals i tecnològiques, concretament modelatge de la confiança i solucions tecnològiques per a la seguretat en sistemes d'informació.El principal objetivo de esta tesis es incorporar propiedades y servicios de la seguridad en sistemas de información en el aprendizaje colaborativo en línea, siguiendo un modelo funcional basado en la valoración y predicción de la confianza. Esta tesis establece como punto de partida el diseño de una solución de seguridad innovadora, basada en una metodología propia para ofrecer a los diseñadores y gestores del e-learning las líneas maestras para incorporar medidas de seguridad en el aprendizaje colaborativo en línea. Estas guías cubren todos los aspectos sobre el diseño y la gestión que hay que considerar en los procesos relativos al e-learning, entre otros el análisis de la seguridad, el diseño de actividades de aprendizaje, la detección de acciones anómalas o el procesamiento de datos sobre confianza. La temática de esta tesis tiene una naturaleza multidisciplinar y, a su vez, las diferentes disciplinas que la forman están íntimamente relacionadas. Las principales disciplinas tratadas en esta tesis son el aprendizaje colaborativo en línea, la seguridad en sistemas de información, los entornos virtuales de aprendizaje (EVA) y la valoración y predicción de la confianza. Teniendo en cuenta este ámbito de aplicación, el problema de garantizar la seguridad en los procesos de aprendizaje colaborativo en línea se resuelve con un modelo híbrido construido en base a soluciones funcionales y tecnológicas, concretamente modelado de la confianza y soluciones tecnológicas para la seguridad en sistemas de información.
This thesis' main goal is to incorporate information security properties and services into online collaborative learning using a functional approach based on trustworthiness assessment and prediction. As a result, this thesis aims to design an innovative security solution, based on methodological approaches, to provide e-learning designers and managers with guidelines for incorporating security into online collaborative learning. These guidelines include all processes involved in e-learning design and management, such as security analysis, learning activity design, detection of anomalous actions, trustworthiness data processing, and so on. The subject of this research is multidisciplinary in nature, with the different disciplines comprising it being closely related. The most significant ones are online collaborative learning, information security, learning management systems (LMS), and trustworthiness assessment and prediction models. Against this backdrop, the problem of securing collaborative online learning activities is tackled by a hybrid model based on functional and technological solutions, namely, trustworthiness modelling and information security technologies.
41
Nia, Ramadianti Putri Mganga, and Medard Charles. "Enhancing Information Security in Cloud Computing Services using SLA based metrics." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-1999.
Full textAbstract:
Context: Cloud computing is a prospering technology that most organizations are considering for adoption as a cost effective strategy for managing IT. However, organizations also still consider the technology to be associated with many business risks that are not yet resolved. Such issues include security, privacy as well as legal and regulatory risks. As an initiative to address such risks, organizations can develop and implement SLA to establish common expectations and goals between the cloud provider and customer. Organizations can base on the SLA to measure the achievement of the outsourced service. However, many SLAs tend to focus on cloud computing performance whilst neglecting information security issues. Objective: We identify threats and security attributes applicable in cloud computing. We also select a framework suitable for identifying information security metrics. Moreover, we identify SLA based information security metrics in the cloud in line with the COBIT framework. Methods: We conducted a systematic literature review (SLR) to identify studies focusing on information security threats in the cloud computing. We also used SLR to select frameworks available for identification of security metrics. We used Engineering Village and Scopus online citation databases as primary sources of data for SLR. Studies were selected based on the inclusion/exclusion criteria we defined. A suitable framework was selected based on defined framework selection criteria. Based on the selected framework and conceptual review of the COBIT framework we identified SLA based information security metrics in the cloud. Results: Based on the SLR we identified security threats and attributes in the cloud. The Goal Question Metric (GQM) framework was selected as a framework suitable for identification of security metrics. Following the GQM approach and the COBIT framework we identified ten areas that are essential and related with information security in the cloud computing. In addition, covering the ten essential areas we identified 41 SLA based information security metrics that are relevant for measuring and monitoring security performance of cloud computing services. Conclusions: Cloud computing faces similar threats as traditional computing. Depending on the service and deployment model adopted, addressing security risks in the cloud may become a more challenging and complex undertaking. This situation therefore appeals to the cloud providers the need to execute their key responsibilities of creating not only a cost effective but also a secure cloud computing service. In this study, we assist both cloud provider and customers on the security issues that are to be considered for inclusion in their SLA. We have identified 41 SLA based information security metrics to aid both cloud providers and customers obtain common security performance expectations and goals. We anticipate that adoption of these metrics can help cloud providers in enhancing security in the cloud environment. The metrics will also assist cloud customers in evaluating security performance of the cloud for improvements.
42
Guymon, Daniel Wade. "Cyber-physical Algorithms for Enhancing Collaboration." Thesis, Virginia Tech, 2012. http://hdl.handle.net/10919/31919.
Full textAbstract:
The research presented in this thesis covers two specific problems within the larger domain of cyber-physical algorithms for enhancing collaboration between one or more people. The two specific problems are 1) determining when people are going to arrive late to a meeting and 2) creating ad-hoc secure pairing protocols for short-range communication. The domain was broken down at opposite extremes in order to derive these problems to work on: 1) collaborations that are planned long in advance and deviations from the plan need to be detected and 2) collaborations that are not planned and need to be dynamically created and secured. Empirical results show the functionality and performance of user late arrival detection for planned collaborations and end-user authentication protocols for unplanned collaborations.Master of Science
43
Feng, Yuhui. "Enhancing Efficiency of Beaconing in VANETs." The Ohio State University, 2016. http://rave.ohiolink.edu/etdc/view?acc_num=osu1461253651.
Full text
44
KANADE, Sanjay Ganesh. "Enhancing information security and privacy by combining biometrics with cryptography." Phd thesis, Institut National des Télécommunications, 2010. http://tel.archives-ouvertes.fr/tel-01057728.
Full textAbstract:
Securing information during its storage and transmission is an important and widely addressed issue. Generally, cryptographic techniques are used for information security. Cryptography requires long keys which need to be kept secret in order to protect the information. The drawback of cryptography is that these keys are not strongly linked to the user identity. In order to strengthen the link between the user's identity and his cryptographic keys, biometrics is combined with cryptography. In this thesis, we present various methods to combine biometrics with cryptography. With this combination, we also address the privacy issue of biometric systems: revocability, template diversity, and privacy protection are added to the biometric verification systems. Finally, we also present a protocol for generating and sharing biometrics based crypto-biometric session keys. These systems are evaluated on publicly available iris and face databases
45
Kanade, Sanjay Ganesh. "Enhancing information security and privacy by combining biometrics with cryptography." Thesis, Evry, Institut national des télécommunications, 2010. http://www.theses.fr/2010TELE0022/document.
Full textAbstract:
La sécurité est un enjeu majeur de notre société numérique. En règle générale, les techniques cryptographiques sont utilisées pour sécuriser l'information avec des clés cryptographiques. Un inconvénient majeur de ces systèmes est le faible lien entre les clés et l’utilisateur. Avec la biométrie on a une preuve plus forte de la présence physique d’un individu, mais ces systèmes possèdent aussi leurs inconvénients, tels que la non-révocabilité ainsi que le potentiel de compromettre notre vie privée. Un axe de recherche multidisciplinaire se profile depuis 1998, la crypto-biométrie. Dans cette thèse des solutions innovantes sont proposées pour améliorer la sécurité tout en protégeant notre vie privée. Plusieurs systèmes crypto-biométriques sont proposés, tels que la biométrie révocable, des systèmes de régénérations de clés crypto-biométriques, ainsi qu’une proposition pratique d’un protocole d'authentification. Ces systèmes sont évaluées sur des bases de données publiques d'images de visage et d'irisSecuring information during its storage and transmission is an important and widely addressed issue. Generally, cryptographic techniques are used for information security. Cryptography requires long keys which need to be kept secret in order to protect the information. The drawback of cryptography is that these keys are not strongly linked to the user identity. In order to strengthen the link between the user's identity and his cryptographic keys, biometrics is combined with cryptography. In this thesis, we present various methods to combine biometrics with cryptography. With this combination, we also address the privacy issue of biometric systems: revocability, template diversity, and privacy protection are added to the biometric verification systems. Finally, we also present a protocol for generating and sharing biometrics based crypto-biometric session keys. These systems are evaluated on publicly available iris and face databases
46
Liu, Weigang. "Enhancing physical layer security in wireless networks with cooperative approaches." Thesis, University of Edinburgh, 2016. http://hdl.handle.net/1842/19565.
Full textAbstract:
Motivated by recent developments in wireless communication, this thesis aims to characterize the secrecy performance in several types of typical wireless networks. Advanced techniques are designed and evaluated to enhance physical layer security in these networks with realistic assumptions, such as signal propagation loss, random node distribution and non-instantaneous channel state information (CSI). The first part of the thesis investigates secret communication through relay-assisted cognitive interference channel. The primary and secondary base stations (PBS and SBS) communicate with the primary and secondary receivers (PR and SR) respectively in the presence of multiple eavesdroppers. The SBS is allowed to transmit simultaneously with the PBS over the same spectrum instead of waiting for an idle channel. To improve security, cognitive relays transmit cooperative jamming (CJ) signals to create additional interferences in the direction of the eavesdroppers. Two CJ schemes are proposed to improve the secrecy rate of cognitive interference channels depending on the structure of cooperative relays. In the scheme where the multiple-antenna relay transmits weighted jamming signals, the combined approach of CJ and beamforming is investigated. In the scheme with multiple relays transmitting weighted jamming signals, the combined approach of CJ and relay selection is analyzed. Numerical results show that both these two schemes are effective in improving physical layer security of cognitive interference channel. In the second part, the focus is shifted to physical layer security in a random wireless network where both legitimate and eavesdropping nodes are randomly distributed. Three scenarios are analyzed to investigate the impact of various factors on security. In scenario one, the basic scheme is studied without a protected zone and interference. The probability distribution function (PDF) of channel gain with both fading and path loss has been derived and further applied to derive secrecy connectivity and ergodic secrecy capacity. In the second scenario, we studied using a protected zone surrounding the source node to enhance security where interference is absent. Both the cases that eavesdroppers are aware and unaware of the protected zone boundary are investigated. Based on the above scenarios, further deployment of the protected zones at legitimate receivers is designed to convert detrimental interference into a beneficial factor. Numerical results are investigated to check the reliability of the PDF for reciprocal of channel gain and to analyze the impact of protected zones on secrecy performance. In the third part, physical layer security in the downlink transmission of cellular network is studied. To model the repulsive property of the cellular network planning, we assume that the base stations (BSs) follow the Mat´ern hard-core point process (HCPP), while the eavesdroppers are deployed as an independent Poisson point process (PPP). The distribution function of the distances from a typical point to the nodes of the HCPP is derived. The noise-limited and interference-limited cellular networks are investigated by applying the fractional frequency reuse (FFR) in the system. For the noise-limited network, we derive the secrecy outage probability with two different strategies, i.e. the best BS serve and the nearest BS serve, by analyzing the statistics of channel gains. For the interference-limited network with the nearest BS serve, two transmission schemes are analyzed, i.e., transmission with and without the FFR. Numerical results reveal that both the schemes of transmitting with the best BS and the application of the FFR are beneficial for physical layer security in the downlink cellular networks, while the improvement due to the application of the FFR is limited by the capacity of the legitimate channel.
47
Shepherd, Lynsay A. "Enhancing security risk awareness in end-users via affective feedback." Thesis, Abertay University, 2016. https://rke.abertay.ac.uk/en/studentTheses/e5af92fb-4936-43d2-878e-fbc16711e36d.
Full textAbstract:
Background: Risky security behaviour displayed by end-users has the potential to leave devices vulnerable to compromise, despite the availability of security tools designed to aid users in defending themselves against potential online threats. This indicates a need to modify the behaviour of end-users, allowing them to consider the security implications of their actions online. Previous research has indicated affective feedback may serve as a successful method of educating users about risky security behaviours. Thus, by influencing end-users via affective feedback it may be possible to engage users, improving their security awareness. Aims: Develop and apply knowledge of monitoring techniques and affective feedback, establishing if this changes users’ awareness of risky security behaviour in the context of a browser-based environment. Methodology: The methodology employs the use of log files derived from the monitoring solution, and information provided by users during the experiments. Questionnaire data was compared against log files and information provided during experiments, providing an overall quantitative approach. Results: In the case of the log files and questionnaires, participants were found to have engaged in instances of risky security behaviours, which they were unaware of, and this indicated a low-level of awareness of risky security behaviour. Whilst the results indicate the affective feedback did not make a difference to behaviour during the course of the experiments, participants felt that the affective feedback delivered had an impact, raising their security awareness, encouraging them to learn about online security. Conclusions: This body of research has made a novel contribution to the field of affective feedback and usable security. Whilst the results indicate the affective feedback made no difference to behaviour, users felt it had an impact on them, persuading them to consider their security behaviours online, and encouraging them to increase their knowledge of risky security behaviours. The research highlights the potential application of affective feedback in the field of usable security. Future work seeks to explore different ways in which affective feedback can be positioned on-screen, and how feedback can be tailored to target specific groups, such as children, or elderly people, with the aim of raising security awareness.
48
Spencer, David K. "Enhancing the European Union's development strategy in Afghanistan." Thesis, Monterey, California : Naval Postgraduate School, 2010. http://edocs.nps.edu/npspubs/scholarly/theses/2010/Jun/10Jun%5FSpencer.pdf.
Full textAbstract:
Thesis (M.A. in Security Studies (Europe and Eurasia))--Naval Postgraduate School, June 2010.Thesis Advisor(s): Spencer, David K.; Siegel, Scott N. "June 2010." Description based on title screen as viewed on July 14, 2010. Author(s) subject terms: European Union, Afghanistan, regional development strategy, sustainable economic growth, development coordination, private sector, European Commission, European Council, EU member states, value chain, ANDS, Afghanistan National Development Strategy, UNAMA, JCMB, Nangarhar Inc, Provincial Development Plan, PDP, Lisbon Treaty, NGO, super envoy, donors, mineral, natural resources. Includes bibliographical references (p. 143-158). Also available in print.
49
Vilarinho, Thomas Carlyle. "Trusted secure service design : Enhancing trust with the future sim-cards." Thesis, Norwegian University of Science and Technology, Department of Telematics, 2009. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9013.
Full textAbstract:
The SIM cards are going through several new enhancements both in the underlying hardware and its capabilities. They are becoming secure wireless networked devices containing embedded sensors. This thesis assess how this new SIM capabilities together with its pervasiveness and security can support the development and design of trust-based applications. It reviews the new trust possibilities based on the identity factor, connectivity and context-awareness sensors on the SIM. Moreover, we present a specific use-case around a seamless trust builder for social networks, which makes use of sensed inputs towards building hard contextual evidences to trust relations. We conclude with the description of the challenges of building this evidence based trust-builder and the necessary steps to going from the prototype we developed to a real application which may accurately describe trust relations.
50
Gill, Khusvinder. "Enhancing the security of wireless sensor network based home automation systems." Thesis, Loughborough University, 2009. https://dspace.lboro.ac.uk/2134/5951.
Full textAbstract:
Home automation systems (HASs)seek to improve the quality of life for individuals through the automation of household devices. Recently, there has been a trend, in academia and industry, to research and develop low-cost Wireless Sensor Network (WSN) based HASs (Varchola et al. 2007). WSNs are designed to achieve a low-cost wireless networking solution, through the incorporation of limited processing, memory, and power resources. Consequently, providing secure and reliable remote access for resource limited WSNs, such as WSN based HASs, poses a significant challenge (Perrig et al. 2004). This thesis introduces the development of a hybrid communications approach to increase the resistance of WSN based HASs to remote DoS flooding attacks targeted against a third party. The approach is benchmarked against the dominant GHS remote access approach for WSN based HASs (Bergstrom et al. 2001), on a WSN based HAS test-bed, and shown to provide a minimum of a 58.28%, on average 59.85%, and a maximum of 61.45% increase in remote service availability during a DoS attack. Additionally, a virtual home incorporating a cryptographic based DoS detection algorithm, is developed to increase resistance to remote DoS flooding attacks targeted directly at WSN based HASs. The approach is benchmarked against D-WARD (Mirkovic 2003), the most effective DoS defence identified from the research, and shown to provide a minimum 84.70%, an average 91.13% and a maximum 95.6% reduction in packets loss on a WSN based HAS during a DoS flooding attack. Moreover, the approach is extended with the integration of a virtual home, hybrid communication approach, and a distributed denial of defence server to increase resistance to remote DoS attacks targeting the home gateway. The approach is again benchmarked against the D-WARD defence and shown to decrease the connection latency experienced by remote users by a minimum of 90.14%, an average 90.90%, and a maximum 91.88%.