Dissertations / Theses on the topic 'LI. Authentication, and access control'
To see the other types of publications on this topic, follow the link: LI. Authentication, and access control.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'LI. Authentication, and access control.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
SILVESTRE, BRUNO OLIVEIRA. "INTERINSTITUTIONAL ACCESS: AUTHENTICATION AND ACCESS CONTROL." PONTIFÍCIA UNIVERSIDADE CATÓLICA DO RIO DE JANEIRO, 2005. http://www.maxwell.vrac.puc-rio.br/Busca_etds.php?strSecao=resultado&nrSeq=6619@1.
Full textAbstract:
COORDENAÇÃO DE APERFEIÇOAMENTO DO PESSOAL DE ENSINO SUPERIORO uso de computação distribuída vem expandindo seu escopo, saindo de aplicações em redes locais para aplicações envolvendo diversas instituições. Em termos de segurança, essa expansão introduz desafios em identificar usuários oriundos das diferentes organizações e definir seus direitos de acesso a determinado recurso. Abordagens comuns adotam a replicação do cadastro dos usuários pelas diversas instituições ou o compartilhamente de uma mesma identidade por um conjunto de usuários. Entretanto, essas estratégias apresentam deficiências, demandando, por exemplo, maior esforço de gerência por parte dos administradores e até esbarrando em políticas de privacidade. Neste trabalho propomos uma arquitetura que utiliza o conceito de papéis para a autenticação e o controle de acesso entre diferentes instituições. Baseado em uma relação de confiança entre as organizações, a arquitetura permite que os usuários sejam autenticados na instituições onde estão afiliados e utiliza o papel por eles desempenhados para controlar o acesso aos recursos disponibilizados pelas demais organizações.
Distributed computing has been expanding its scope from local area network applications to wide-area applications, involving different organizations. This expansion implies in several new security challenges, such as the identification of users originating from different organizations and the definition of their access rights. Commom aproaches involve replicating user data in several institutions or sharing identities among sets of users. However, these approaches have several limitations, sucj as the increased management effort of administrators or problems with privacy policies. This work proposes a framework for inter-institucional authentication. The framework is based on the concepts of RBAC (role-based access control) and of trust between organizations.
2
Johnson, Henric. "Toward adjustable lightweight authentication for network access control /." Karlskrona : Blekinge Institute of Technology, 2005. http://www.bth.se/fou/Forskinfo.nsf/allfirst2/30ef501d402539d3c12570f5005184f4?OpenDocument.
Full text
3
Behrad, Shanay. "Slice specific authentication and access control for 5G." Electronic Thesis or Diss., Institut polytechnique de Paris, 2020. http://www.theses.fr/2020IPPAS007.
Full textAbstract:
La cinquième génération de réseaux cellulaires mobiles, 5G, est conçue pour prendre en charge un ensemble de nouveaux cas d'utilisation et exigences, par exemple concernant la qualité de service ou la sécurité. En utilisant les technologies de virtualisation et le concept de découpage de réseau, les opérateurs de réseau 5G seront en mesure de fournir des capacités de connectivité spécifiques afin de prendre en charge ces différents cas d'utilisation. Chaque tranche de réseau (network slice) peut être dédiée à un tiers (c'est-à-dire tout acteur commercial qui n'est pas l'opérateur de réseau) et être conçue pour répondre à ses besoins.Cependant, bien que les tranches de réseau puissent être conçues en activant ou en désactivant certaines fonctions réseau, les mécanismes d'authentification et de contrôle d'accès (AAC) restent les mêmes pour toutes les tranches, avec des composants réseau étroitement couplés.Cette thèse propose 5G-SSAAC (5G Slice-Specific AAC), comme première étape pour introduire une conception à couplage plus lâche dans l'ensemble de l'architecture de réseau 5G. 5G-SSAAC permet aux réseaux 5G de fournir divers mécanismes AAC aux tiers selon leurs exigences de sécurité. Pour évaluer ce mécanisme innovant, la thèse analyse les conséquences de l'utilisation du 5G-SSAAC sur la sécurité de l'ensemble du système 5G. La faisabilité du 5G-SSAAC est également présentée avec la mise en œuvre d'un réseau mobile entièrement virtualisé via un banc d'essai basé sur OAI (Open Air Interface). Ce travail évalue enfin l'impact du mécanisme 5G-SSAAC sur la charge du réseau compte tenu du nombre prévu de messages de signalisation AAC par rapport aux mécanismes AAC existants dans les réseaux cellulairesThe fifth generation of mobile cellular networks, 5G, is designed to support a set of new use cases and requirements, e.g. concerning quality of service or security. Using the virtualization technologies and the concept of network slicing, the 5G network operators will be able to provide specific connectivity capabilities in order to support these various use cases. Each network slice can be dedicated to a 3rd party (i.e., any business actor that is not the network operator), and be designed to fit its requirements.However, although network slices can be designed by enabling or disabling certain network functions, the Authentication and Access Control (AAC) mechanisms remain the same for all slices, with tightly coupled network components.This thesis proposes 5G-SSAAC (5G Slice-Specific AAC), as an initial step to introduce a more loosely coupled design into the whole 5G network architecture. 5G-SSAAC enables 5G networks to provide various AAC mechanisms to the 3rd parties according to their security requirements. To assess this innovative mechanism, the thesis analyses the consequences of using the 5G-SSAAC on the security of the whole 5G system. The feasibility of the 5G-SSAAC is also presented with the implementation of a fully virtualized mobile network through an OAI (Open Air Interface) based testbed. This work finally evaluates the impact of 5G-SSAAC mechanism on the network load considering the anticipated number of AAC signalling messages compared to the existing AAC mechanisms in cellular networks
4
OLSSON, JOAKIM. "Method for gesture based authentication in physical access control." Thesis, KTH, Maskinkonstruktion (Inst.), 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-209339.
Full textAbstract:
ASSA Abloy är den största globala leverantören av intelligenta lås och säkerhetslösningar. Företaget strävar ständigt efter att utveckla nya och innovativa lösningar för fysisk passerkontroll. Ett koncept som företaget ville undersöka riktade sig mot att göra det möjligt för användaren att enkelt låsa upp en dörr med hjälp av gester, vilket resulterar i en användarvänlig upplevelse. Tanken var att använda en wearable som en credential-enhet och identifiera användarens gester med sensorerna som tillhandahålls av denna. Gesten som används i denna avhandling var knackar, vilket innebär att användaren låser uppdörren genom att knacka på den. Huvudsyftet med detta arbete var att utveckla ett system som tillåter knackar att användas som en metod för autentisering och att utvärdera systemet baserat på systemsäkerhet och användarvänlighet. Systemet som har utvecklats består av två accelerometersensorer; en belägen i wearablen och en belägen i låset/dörren. Signalerna från varje sensor bearbetas och analyseras för att detektera knackar. Tidskorrelationen mellan knackar som detekteras av varje sensor analyseras för att kontrollera att de härstammar från samma användare. En teoretisk modell av systemet har utvecklats för att underlätta utvärdering av systemet. Utvärderingen av systemet visade att både systemetsäkerheten och användarvänligheten uppnår tillfredsställande värden. Denna avhandling visar att konceptet har stor potential men det krävs ytterligare arbete. Metoderna som har används för att utvärdera systemet i denna avhandling kan på samma sätt användas för att utvärdera system under fortsatt arbete.ASSA Abloy is the largest global supplier of intelligent locks and security solutions. The company constantly strives to develop new and innovative solutions for physical access control. One concept the company wanted to investigate aimed to allow the user to effortlessly unlock a door using gestures, resulting in a seamless experience. The idea was to use a wearable as a credential device and identifying the user gestures with the sensors supplied by the wearable. The gesture used in this thesis project were knocks, meaning that the user unlocks the door by knocking on it. The main objective of this thesis project was to develop a system allowing knocks to be used as a method of authentication and evaluate the system based on system security and user convenience. The system developed consists of two accelerometer sensors; one located in the wearable and one located in the lock/door. The signals from each sensor are processed and analyzed to detect knocks. The time correlation between the knocks detected by each sensor are analyzed to verify that they originate from the same user. A theoretical model of the system was developed to facilitate the evaluation of the system. The evaluation of the system showed that both the system security and the user continence attained satisfying values. This thesis shows that the concept has high potential but further work is needed. The framework of methods used to evaluate the system in this thesis can in the same way be used to evaluate systems during any further work.
5
Burdis, Keith Robert. "Distributed authentication for resource control." Thesis, Rhodes University, 2000. http://hdl.handle.net/10962/d1006512.
Full textAbstract:
This thesis examines distributed authentication in the process of controlling computing resources. We investigate user sign-on and two of the main authentication technologies that can be used to control a resource through authentication and providing additional security services. The problems with the existing sign-on scenario are that users have too much credential information to manage and are prompted for this information too often. Single Sign-On (SSO) is a viable solution to this problem if physical procedures are introduced to minimise the risks associated with its use. The Generic Security Services API (GSS-API) provides security services in a manner in- dependent of the environment in which these security services are used, encapsulating security functionality and insulating users from changes in security technology. The un- derlying security functionality is provided by GSS-API mechanisms. We developed the Secure Remote Password GSS-API Mechanism (SRPGM) to provide a mechanism that has low infrastructure requirements, is password-based and does not require the use of long-term asymmetric keys. We provide implementations of the Java GSS-API bindings and the LIPKEY and SRPGM GSS-API mechanisms. The Secure Authentication and Security Layer (SASL) provides security to connection- based Internet protocols. After finding deficiencies in existing SASL mechanisms we de- veloped the Secure Remote Password SASL mechanism (SRP-SASL) that provides strong password-based authentication and countermeasures against known attacks, while still be- ing simple and easy to implement. We provide implementations of the Java SASL binding and several SASL mechanisms, including SRP-SASL.
6
Subils, Jean-Baptiste. "Authentication Via Multiple Associated Devices." Scholar Commons, 2015. http://scholarcommons.usf.edu/etd/5778.
Full textAbstract:
This thesis presents a practical method of authentication utilizing multiple devices. The factors contributing to the practicality of the method are: the utilization of devices already commonly possessed by users and the amenability to being implemented on a wide variety of devices. The term “device” refers to anything able to perform cryptographic operations, store data, and communicate with another such device.
In the method presented herein, multiple devices need to be associated with a single user to provide this user an identity in the system. A public key infrastructure is used to provide this identity. Each of the devices associated with a user possesses a public and private key which allow cryptographic operations to be performed. These operations include signing and encrypting data and will prove the identity of each device. The addition of these identities helps authenticate a single user.
A wide variety of devices qualifies to be used by this authentication method. The minimum requirements are: the storage of data such as a private key, the ability to communicate, and a processor to perform the cryptographic operations. Smart devices possess these requirements and the manufacture of such devices can be realized at a reasonable cost.
This method is malleable and implemented in numerous authentication protocols. This thesis illustrates and explains several instances of these protocols.
The method’s primary novelty is its resistance to theft-based attacks, which results from the utilization of multiple devices to authenticate users. A user associated with multiple devices needs to be in possession of these devices to correctly perform the authentication task. This thesis focuses on the system design of this novel authentication method.
7
May, Brian 1975. "Scalable access control." Monash University, School of Computer Science and Software, 2001. http://arrow.monash.edu.au/hdl/1959.1/8043.
Full text
8
Yildirim, Merve. "Security and usability in password authentication." Thesis, University of Sussex, 2017. http://sro.sussex.ac.uk/id/eprint/71873/.
Full textAbstract:
This thesis investigates the human-factor problems in password authentication and proposes some usable solutions to these problems by focusing on both forms of knowledge based authentication: textual passwords and graphical passwords. It includes a range of empirical studies to examine users' password-related behaviour and practices in authentication, and helps users to adopt secure password behaviour. This thesis consists of two parts. The first part focuses on traditional text-based passwords. Design flaws and usability issues of existing text-password mechanisms used by many organisations cause employees to adopt insecure password practices. The first work in this thesis investigates the reasons for employees' lack of motivation regarding password protection against security failures. An empirical study is conducted to identify the factors causing employees' insecure behaviours in organisations, and several persuasion strategies are tested to persuade employees to use passwords more safely. The results of the study revealed that some persuasion strategies are effective in motivating users to adopt good password practices. The study also found that the failure of password policies and authentication schemes deployed by organisations is a common problem among the organisations. Considering the results of the first study, in the second work of this thesis, a password guideline/advice study is conducted to help users to create stronger and more memorable passwords. A password guideline including a number of password creation methods and a persuasive message is proposed, and its effectiveness in improving the strength of user-chosen passwords is evaluated. The results show that the users who received the proposed guideline produced stronger and more memorable passwords than the users followed the usual password restrictions while creating their passwords. The results also demonstrate that the given password creation methods can be helpful and inspirational for users to create their own encryption formula. All these works reveal the weaknesses of user-chosen textual passwords and inefficacy of existing text-based password mechanisms. Although these studies show that text-based password mechanisms can be strengthened, they are still problematic where usability is concerned. Thus, the second part of this thesis focuses on another form of knowledge-based authentication: graphical passwords. A novel hybrid authentication scheme integrating text and images is introduced to minimise the brute force and shoulder surfing attacks which text and graphical passwords suffer. In the last work of this thesis, the proposed hybrid scheme is implemented and evaluated. The evaluation shows that the proposed scheme provides security and usability at the same time, and it also makes the password creation process enjoyable for users. In summary, the thesis contributes to the analysis of some key security and usability problems which arise in knowledge-based authentication. A series of empirical studies has been conducted. Based on their results, usable solutions to the human-factor problems in password-based authentication are proposed and evaluated.
9
Shen, Ziyi. "Red Door: Firewall Based Access Control in ROS." Thesis, University of North Texas, 2020. https://digital.library.unt.edu/ark:/67531/metadc1752358/.
Full textAbstract:
ROS is a set of computer operating system framework designed for robot software development, and Red Door, a lightweight software firewall that serves the ROS, is intended to strengthen its security. ROS has many flaws in security, such as clear text transmission of data, no authentication mechanism, etc. Red Door can achieve identity verification and access control policy with a small performance loss, all without modifying the ROS source code, to ensure the availability and authentication of ROS applications to the greatest extent.
10
Ceccato, Silvia. "Security in Global Navigation Satellite Systems: authentication, integrity protection and access control." Doctoral thesis, Università degli studi di Padova, 2019. http://hdl.handle.net/11577/3425426.
Full textAbstract:
In the last decades the use of Global Navigation Satellite System (GNSS) positioning has spread through numerous commercial applications and permeated our daily life.
Matching this growing interest for precise positioning worldwide, new systems have been designed and deployed, such as Galileo, the European GNSS. As these systems are relied upon in an ever growing number of safety critical applications, it is vital to devise protections and countermeasures against any threats that may target GNSS modules to harm underlying service. The potential economical advantage that derives from disrupting or manipulating the service is indeed an incentive for malicious users to devise smarter and more sophisticated threats. This thesis tackles the evolution of attacks and corresponding security measures in GNSS, investigating state-of-the-art approaches from both the attacker’s and the system’s point of view. The work focuses on various security targets, such as authentication, integrity protection and access control, exploring threats and solutions at both signal and data level. Securing GNSS from malicious entities indeed requires protecting all of its components: the navigation message, the signal-in-space and the computed Position, Velocity and Time (PVT). All three domains are investigated with the aim of assessing the vulnerability of the system to state-of-the-art threats and providing guidelines for the addition of future security features.
11
Looi, Mark H. "Authentication for applications in computer network environments using intelligent tokens." Thesis, Queensland University of Technology, 1995.
Find full text
12
Falkcrona, Jerry. "Role-based access control and single sign-on for Web services." Thesis, Linköping University, Department of Electrical Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-11224.
Full textAbstract:
Nowadays, the need for sharing information between different systems in a secure manner is common, not only in the corporate world but also in the military world. This information often resides at different locations, creating a distributed system. In order to share information in a secure manner in a distributed system, credentials are often used to attain authorization.
This thesis examines how such a distributed system for sharing information can be realized, using the technology readily available today. Accounting to the results of this examination a basic system is implemented, after which the overall security of the system is evaluated. The thesis then presents possible extensions and improvements that can be done in future implementations.
The result shows that dynamic roles do not easily integrate with a single sign-on system. Combining the two technologies leads to several synchronization issues, where some are non-trivial to solve.
13
Venne, Jacob. "Tradeoffs in Protocol Designs for Collaborative Authentication." Scholar Commons, 2017. http://scholarcommons.usf.edu/etd/6633.
Full textAbstract:
Authentication is a crucial tool used in access control mechanisms to verify a user’s identity. Collaborative Authentication (co-authentication) is a newly proposed authentication scheme designed to improve on traditional token authentication. Co-authentication works by using multiple user devices as tokens to collaborate in a challenge and authenticate a user request on single device.
This thesis adds two contributions to the co-authentication project. First, a detailed survey of applications that are suitable for adopting co-authentication is presented. Second, an analysis of tradeoffs between varying protocol designs of co-authentication is performed to determine whether, and how, any designs are superior to other designs.
14
Yachouh, Marwan. "Re-authentication of Critical Operations." Thesis, Linköping University, Department of Electrical Engineering, 2002. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-1174.
Full textAbstract:
This is a study on the development of a re-authentication prototype. Re- authentication serves as a receipt for e.g. system administrators that authorise them to carry out a critical operation in a system that already is protected by a security architecture. A critical operation is a kind of operation that can cause serious damage to a network node or a set of network nodes, if it is done without one giving it a second thought. The purpose is to prevent mistakes and secure the users’ audit trail.
The main task is to propose and implement a re-authentication prototype, that is to enable the incorporation of the re-authentication prototype to an already complete security architecture and yet preserve the security and performance level of the architecture.
This thesis deals with this problem by using digitally signed certificates to provide the necessary security issues. The certificates used are called re- authentication certificates and follows the X.509 attribute certificate standard. The re-authentication certificate is optimised so that it only holds authorisation information regarding one critical operation. An access control decision function is used to decide if the re-authentication certificate and its owner are authentic. On basis of that decision the user can get the authority to execute critical operations.
The finished prototype confirms that a re-authentication can be incorporated with the security architecture. The report also shows that the security status of the architecture is preserved. The performance of the prototype is rather difficult to prove since the prototype implementation only initialises the objects that are required to prove the security issues. A performance test can therefore never prove how the prototype will perform in an authentic environment. The performance is assumed to be adequate since it uses the same authentication function that is used by the security architecture.
15
Cavdar, Davut. "A Certificate Based Authentication Control Model Using Smart Mobile Devices For Ubiquitous Computing Environments." Master's thesis, METU, 2011. http://etd.lib.metu.edu.tr/upload/12613682/index.pdf.
Full textAbstract:
In this thesis work, a certificate based authentication model supported by mobile devices is provided for ubiquitous computing environments. The model primarily aims to create an infrastructure for controlling and regulating access requests through mobile devices to local resources and services. The model also allows users from different domains to use local resources and services within the scope of agreements between domains. In addition to conceptual description of the model, a real prototype implementation is developed and successful application of the model is demonstrated. Within the prototype implementation, a mobile application is developed for access requests and sensors are used as representative local resources. Sample cases applied on the prototype demonstrate applicability and feasibility of the model.
16
Yao, Li. "A structured approach to electronic authentication assurance level derivation." Thesis, University of Manchester, 2010. https://www.research.manchester.ac.uk/portal/en/theses/a-structured-approach-to-electronic-authentication-assurance-level-derivation(c6a98938-f3e1-4727-9eac-c2cb0480a3df).html.
Full textAbstract:
We envisage a fine-grained access control solution that allows a user's access privilege to be linked to the confidence level (hereafter referred to as the assurance level) in identifying the user. Such a solution would be particularly attractive to a large-scale distributed resource sharing environment, where resources are likely to be more diversified and may have varying levels of sensitivity and resource providers may wish to adjust security protection levels to adapt to resource sensitivity levels or risk levels in the underlying environment. However, existing electronic authentication systems largely identify users through the verification of their electronic identity (ID) credentials. They take into account neither assurance levels of the credentials, nor any other factors that may affect the assurance level of an authentication process, and this binary approach to access control may not provide cost-effective protection to resources with varying sensitivity levels. To realise the vision of assurance level linked access control, there is a need for an authentication framework that is able to capture the confidence level in identifying a user, expressed as an authentication Level of Assurance (LoA), and link this LoA value to authorisation decision-making. This research investigates the feasibility of estimating a user's LoA at run-time by designing, prototyping and evaluating an authentication model that derives an LoA value based upon not only users' ID credentials, but also other factors such as access location, system environment and authentication protocol used. To this aim, the thesis has identified and analysed authentication attributes, processes and procedures that may influence the assurance level of an authentication environment. It has examined various use-case scenarios of authentication in Grid environments (a well-known distributed system) and investigated the relationships among the attributes in these scenarios. It has then proposed an authentication model, namely a generic e-authentication LoA derivation model (GEA-LoADM). The GEA-LoADM takes into account multiple authentication attributes along with their relationships, abstracts the composite effect by the multiple attributes into a generic value called the authentication LoA, and provides algorithms for the run-time derivation of LoA values. The algorithms are tailored to reflect the relationships among the attributes involved in an authentication instance. The model has a number of valuable properties, including flexibility and extensibility; it can be applied to different application contexts and supports easy addition of new attributes and removal of obsolete ones. The prototypes of the algorithms and the model have been developed. The performance and security properties of the LoA derivation algorithms and the model are analysed here and evaluated based on the prototypes. The performance costs of the GEA-LoADM are also investigated and compared against conventional authentication mechanisms, and the security of the model is tested against various attack scenarios. A case study has also been conducted using a live system, the Multi-Agency Information Sharing (MAIS) system.
17
Cetin, Cagri. "Design, Testing and Implementation of a New Authentication Method Using Multiple Devices." Scholar Commons, 2015. http://scholarcommons.usf.edu/etd/5660.
Full textAbstract:
Authentication protocols are very common mechanisms to confirm the legitimacy of someone’s or something’s identity in digital and physical systems.
This thesis presents a new and robust authentication method based on users’ multiple devices. Due to the popularity of mobile devices, users are becoming more likely to have more than one device (e.g., smartwatch, smartphone, laptop, tablet, smart-car, smart-ring, etc.). The authentication system presented here takes advantage of these multiple devices to implement authentication mechanisms. In particular, the system requires the devices to collaborate with each other in order for the authentication to succeed. This new authentication protocol is robust against theft-based attacks on single device; an attacker would need to steal multiple devices in order to compromise the authentication system.
The new authentication protocol comprises an authenticator and at least two user devices, where the user devices are associated with each other. To perform an authentication on a user device, the user needs to respond a challenge by using his/her associated device. After describing how this authentication protocol works, this thesis will discuss three different versions of the protocol that have been implemented. In the first implementation, the authentication process is performed by using two smartphones. Also, as a challenge, a QR code is used. In the second implementation, instead of using a QR code, NFC technology is used for challenge transmission. In the last implementation, the usability with different platforms is exposed. Instead of using smartphones, a laptop computer and a smartphone combination is used. Furthermore, the authentication protocol has been verified by using an automated protocol-verification tool to check whether the protocol satisfies authenticity and secrecy properties. Finally, these implementations are tested and analyzed to demonstrate the performance variations over different versions of the protocol.
18
Bursum, Kim. "Initial Comparative Empirical Usability Testing for the Collaborative Authentication System." Scholar Commons, 2017. http://scholarcommons.usf.edu/etd/6614.
Full textAbstract:
The Collaborative Authentication (co-authentication) system is an authentication system that relies on some or all members of a pre-registered set of secure hardware tokens being concurrently present to an authentication server at the moment of authentication. Previous researchers have compared various embodiments of the co-authentication system to each other including using Quick Response (QR) codes/cellphone cameras and Near Field Communication (NFC) between tokens. This thesis concerns the initial design and implementation of empirical comparative testing mechanisms between one embodiment of the co-authentication system and other commonly used authentication systems. One contribution is the simulated standard user ID and password login in a computer browser and a simulated RSA SecureID ® one time password (OTP) and login with embedded usability testing mechanisms. Another contribution is the development and implementation of a new Bluetooth communication functionality between tokens. A third contribution is the addition of usability testing mechanisms to two versions of this new functionality.
19
Akmayeva, Galina. "Impact of access control and copyright in e-learning from user's perspective in the United Kingdom." Thesis, Brunel University, 2017. http://bura.brunel.ac.uk/handle/2438/16867.
Full textAbstract:
The widespread adoption of E-Learning has largely been driven by the recommendations of educational technologists seeking to convey the benefits of E-Learning as a valuable accessory to teaching and possible solution for distance-based education. Research in the E-Learning domain has mainly focused on providing and delivering content andinfrastructure. Security issues are usually not taken as central concern in most implementations either because systems are usually deployed in controlled environments, or because they take the one-to-one tutoring approach, not requiring strict security measures. The scope of this research work is to investigate the impact of Access Control and Copyright in E-Learning system. An extensive literature review, theories from the field of information systems, psychology and cognitive sciences, distance and online learning, as well as existing E-Learning models show that research in E-learning is still hardly concerned with the issues of security. It is obvious that E-learning receives a new meaning as technology advances and business strategies change. The trends of learning methods have also led to the adjustment of National Curriculum and standards. However, research has also shown that any strategy or development supported by the Internet requires security and is therefore faced with challenges. This thesis is divided into six Chapters. Chapter 1 sets the scene for the research rationale and hypotheses, and identifies the aims and objectives. Chapter 2 presents the theoretical background and literature review. Chapter 3 is an in-depth review of the methods and methodology with clear justification of their adaptation and explains the underlying principles. Chapter 4 is based on the results and limitations obtained from the six case studies observations supported with literature review and ten existing models, while Chapter 5 is focused on the questionnaire survey. Chapter 6 describes the proposed Dynamic E-Learning Access Control and Copyright Framework (DEACCF) and the mapping of the threats from the Central Computing and Telecommunications Agency (CCTA) Risk Analysis and Management Method (CRAMM) to Annualised Loss Expectancy (ALE). Chapter 7 presents the conclusions and recommendations, and the contribution to knowledge with further development plans for future work.
20
Zhang, Zhen. "Delivering mobile services to mobile users in open networks: Quality of service, authentication and trust-based access control." Thesis, University of Ottawa (Canada), 2008. http://hdl.handle.net/10393/27745.
Full textAbstract:
This thesis describes scenarios in which a mobile user needs various services, such as Internet telephony, secure printing and online data services in a number of places. From these scenarios we summarize the requirements for quality of service control, service discovery, user authentication and authorization, service access control, and user privacy. In order to implement a prototype to support service discovery, we studied different technologies including Bluetooth, Jini, and Web Services. SDPtool from BlueZ was chosen to limit the search range within the user's local area while using minimal power consumption. Also included in the implementation, the Session Initiation Protocol is used to initiate the session and exchange messages while Java Media Framework is used to capture and deliver multimedia data. In the process of adapting Dupre's authentication protocol for user authentication, we found that it is possible for a third party to intercept the messages exchanged between a user and a Foreign Agent, which may lead to denial of service attack and weakens the strength of the user's password. The protocol is then improved by introducing additional message segments and altering the way to verify the server's response. The thesis also deals with trust relationships, which are needed as a basis for communication between the two parties. Shi's probability distribution model is introduced to integrate recommendations from different domains so that a service provider could make better decisions whether a given user should be assigned certain access rights. In the other hand, a user also depends on a trust relationship to make sure that his or her sensitive data will be handled properly. Finally, based on all of the above, a trust-based access control framework for mobile users and services is proposed and choices of implementation are briefly discussed.
21
Merritt, John W. "Distributed file systems in an authentication system." Thesis, Kansas State University, 1986. http://hdl.handle.net/2097/9938.
Full text
22
Yu, Jiahui. "Physical-layer Security Based Authentication and Key Generation for Seamless IoT Communications." University of Dayton / OhioLINK, 2019. http://rave.ohiolink.edu/etdc/view?acc_num=dayton1576178965071975.
Full text
23
Tellini, Niklas, and Fredrik Vargas. "Two-Factor Authentication : Selecting and implementing a two-factor authentication method for a digital assessment platform." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-208097.
Full textAbstract:
Two-Factor Authentication (2FA) is a two-step verification process that aims to provide an additional layer of security by requiring the user to authenticate himself/herself using a secondary means (ownership factor or inheritance factor). Without the use of 2FA, an attacker could gain access to a person’s devices or accounts solely by knowing the victim’s password, while with 2FA knowing only this password is insufficient to pass the authentication check. In this project, we analyze different methods in which 2FA could be implemented by a Digital Assessment Platform. These platforms allow test assessments to be built directly into digital content; therefore, an important requirement of these systems is secure authentication. Moreover, it is important to securely protect teachers’ account in order to avoid unauthorized people gaining access to those accounts. We investigate how 2FA could be used to add an extra layer of security to teachers’ accounts, focusing on cost, user experience, ease of use, and deployment of the solution. We arrived at the conclusion that 2FA through an ownership factor is a suitable method and we implemented a solution based upon One-Time Passwords. This thesis project will hopefully benefit Digital Assessment Platforms who wish to implement 2FA by providing broader knowledge regarding this subject. The project should also benefit society by increasing the general knowledge of 2FA, hence leading to more secure services.Tvåfaktorsautentisering (2FA) är en tvåstegs verifieringsprocess som syftar att ge en extra nivå av säkerhet, i och med att den kräver användaren att autentisera sig själv genom en sekundär faktor (något man äger eller har ärvt). Utan användning av 2FA, kan en förövare få åtkomst till en persons mobila enhet eller konto endast genom att kunna offrets lösenord. Att enbart kunna lösenordet är inte tillräckligt för att en autentiseringsprocess ska vara godkänd om 2FA är implementerad. I det här projektet analyseras olika 2FA som skulle kunna implementeras av en digital utvärderingsplattform. Sådana plattformar förvandlar tester och prov till digitalt innehåll och kräver därför en säker autentisering. Dessutom är det viktigt att säkra lärarnas konton för att undvika att icke auktoriserade personer loggar in på deras konton. Vi undersöker hur 2FA kan användas för att lägga till en extra nivå av säkerhet på lärarnas konton, med fokus på kostnad, användarupplevelse, lättanvändlighet och utplacering av lösningen. Vi kom fram till att 2FA via en faktor man äger är en passande metod och vi implementerade sedan en lösning grundad på engångslösenord. Detta projekt kan förhoppningsvis vara till förmån för digitala utvärderingsplattformar som vill implementera 2FA, genom att ge en bredare kunskap inom detta område. Projektet skulle kunna gynna allmänheten genom att bidra till ökad generell kunskap om 2FA, och därav leda till säkrare tjänster.
24
Hirai, Tatsuya. "A Study on Access Control Mechanism in Storage Devices for Audiovisual Contents." 京都大学 (Kyoto University), 2016. http://hdl.handle.net/2433/216162.
Full text
25
Pokorný, Lukáš. "Multiplatformní autentizační systém." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2015. http://www.nusl.cz/ntk/nusl-220411.
Full textAbstract:
This thesis describes the design of a multiplatform authentication system that enables user authentication by using a wide variety of authentication tokens. The theoretical part is devoted to an overview of authentication interfaces with focus on modern methods of verification. There is also an overview of authentication schemes. The practical part gives requirements for an authentication terminal and sets a specific hardware structure, including the specification of individual functional blocks. The implementation of the software logic uses Java and JavaScript programming languages. Attention is also paid to the used authentication schemes including details and comparison of used platforms. Finally, we evaluate the user and security aspects of the proposed solution. It is also given the possibility of additional hardware and software optimization.
26
Richter, Lars. "Untersuchung und Bewertung von Netzzugangssteuerungen auf Basis des Standards 802.1x (Port-Based Network Access Control)." [S.l. : s.n.], 2005. http://www.bsz-bw.de/cgi-bin/xvms.cgi?SWB11719676.
Full text
27
Chance, Christopher P. "Designing and implementing a network authentication service for providing a secure communication channel." Thesis, Kansas State University, 1986. http://hdl.handle.net/2097/9903.
Full text
28
Ležák, Petr. "Testovací implementace protokolu ACP." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2012. http://www.nusl.cz/ntk/nusl-219478.
Full textAbstract:
In general this master’s thesis deals with access control methods and their individual modules and in particular with authentication of supplicants. There are listed authentication methods useful in the implementation of the ACP protocol. ACP protocol is also discussed including possibilities and uses. ACP message format is described in detail with AVP format and types. The transaction mechanism is also mentioned here. The main part of the thesis is focused on software design for protocol testing. Possibilities of the testing are discussed and test scenarios are suggested. Consequently, requirements for test software are listed and its implementation is designed. Furthermore, there is technical documentation of the program. The main ideas used in the program are explained in it. The purpose of each part of the program is written including links between them. Finally, there is a manual for the program. It also contains an illustrative example describing how to make and test a simple scenario of the authentication.
29
Al-Ibrahim, Mohamed Hussain. "Source authentication in group communication." Thesis, Electronic version, 2005. http://hdl.handle.net/1959.14/549.
Full textAbstract:
Title from screen page; viewed 10 Oct 2005.Thesis (PhD)--Macquarie University, Division of Information and Communication Sciences, Dept. of Computing, 2004.
Bibliography: leaves 163-175.
Introduction -- Cryptographic essentials -- Multicast: structure and security -- Authentication of multicast streams -- Authentication of concast communication -- Authentication of transit flows -- One-time signatures for authenticating group communication -- Authentication of anycast communication -- Authentication of joining operation - Conclusion and future directions.
Electronic publication; full text available in PDF format.
Multicast is a relatively new and emerging communication mode in which a sender sends a message to a group of recipients in just one connection establishment... reducing broadband overhead and increasing resource utilization in the already congested and contented network... The focus of the research in this area has been in two directions: first, building an efficient routing infrastructure, and secondly, building a sophisticated security infrastructure. The focus of this work is on the second issue.
An ideal authenticated multicast environment ... provides authenticity for all the communication operations in the system... We ... propose a comprehensive solution to the problem ... for all its possible operations... 1. one-to-one (or joining mode) 2. one-to-many (or broadcast mode) 3. many-to-one (or concast mode) 4. intermediate (or transit mode) ... We study the ... mode known as anycast, in which a server is selected from a group of servers. Further we develop ... schemes for group-based communication exploiting the distinct features of one-time signatures... cover situations when a threshold number of participants are involved and ... where a proxy signer is required.
Electronic reproduction.
Mode of access: World Wide Web.
Also available in a print form
30
Mensah, Francis. "Framework to Implement Authentication, Authorization and Secure Communications in a Multiuser Collaborative CAx Environment." BYU ScholarsArchive, 2014. https://scholarsarchive.byu.edu/etd/4314.
Full textAbstract:
Computer Aided Design (CAD) applications have historically been based on a single user per application architecture. Although this architecture is still popular to date, it does have several drawbacks. First of all the single user CAD architecture inhibits a concurrent engineering design process where several designers can work on the same model simultaneously. This limitation introduces time inefficiency especially when a project involves geographically dispersed designers. A solution to these drawbacks could be a transition from the traditional single user CAD architecture to a multiuser collaborative architecture. Advances in computer networking technologies, especially relating to the Internet, have provided the needed tools to make this transition a reality, thus making it possible for designers to simultaneously work on geometric models from one or more networked computers regardless of the location of the user. This new paradigm is expected to improve collaboration and greatly reduce product design times and consequently reduce cost and improve productivity. The multi-user architecture will, however, also require reliable security mechanisms to ensure its successful deployment in an enterprise environment where protection of intellectual property is of critical importance. This thesis proposes a framework to implement authentication, authorization and secure data communications in a multiuser collaborative CAD software system. This framework has been tested on an emerging multiuser collaborative CAD system called v-CAx being developed at Brigham Young University.
31
Worm, Stefan. "Administration of Access Rights in Web Applications." Thesis, Universitätsbibliothek Chemnitz, 2005. http://nbn-resolving.de/urn:nbn:de:swb:ch1-200501436.
Full textAbstract:
This work deals with the problem to find and rate a solution how to administrate access rights in web based applications that are flexible and offer a fine-grained allocation of rights. In particular the program phpGACL is analyzed and integrated into an example application to prove the feasibility of this system in principleDiese Arbeit beschäftigt sich mit der Lösungsfindung und -bewertung des Problems, Zugriffsrechte webbasierter Anwendungen flexibel zu administrieren und eine möglichst feinkörnige Rechtevergabe zu erlauben. Insbesondere das Programm phpGACL wird analysiert und in eine Beispielanwendung integriert um die prinzipielle Realisierbarkeit des System zu überprüfen
32
Tran, Florén Simon. "Implementation and Analysis of Authentication and Authorization Methods in a Microservice Architecture : A Comparison Between Microservice Security Design Patterns for Authentication and Authorization Flows." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-301620.
Full textAbstract:
Microservices have emerged as an attractive alternative to more classical monolithic software application architectures. Microservices provides many benefits that help with code base comprehension, deployability, testability, and scalability. As the Information technology (IT) industry has grown ever larger, it makes sense for the technology giants to adopt the microservice architecture to make use of these benefits. However, with new software solutions come new security vulnerabilities, especially when the technology is new and vulnerabilities are yet to be fully mapped out. Authentication and authorization are the cornerstone of any application that has a multitude of users. However, due to the lack of studies of microservices, stemming from their relatively young age, there are no standardized design patterns for how authentication and authorization are best implemented in a microservice. This thesis investigates an existing microservice in order to secure it by applying what is known as a security design pattern for authentication and authorization. Different security patterns were tested and compared on performance. The differing levels of security provided by these approaches assisted in identifying an acceptable security versus performance trade-off. Ultimately, the goal was to give the patterns greater validity as accepted security patterns within the area of microservice security. Another goal was to find such a security pattern suitable for the given microservice used in this project. The results showed a correlation between increased security and longer response times. For the general case a security pattern which provided internal authentication and authorization but with some trust between services was suggested. If horizontal scaling was used the results showed that normal services proved to be the best target. Further, it was also revealed that for lower user counts the performance penalties were close to equal between the tested patterns. This meant that for the specific case where microservices sees lower amounts of traffic the recommended pattern was the one that implemented the maximum amount access control checks. In the case for the environment where the research were performed low amounts of traffic was seen and the recommended security pattern was therefore one that secured all services of the microservices.Mikrotjänster har framträtt som ett mer attraktivt alternativ än mer konventionella mjukvaruapplikationsarkitekturer såsom den monolitiska. Mikrotjänster erbjuder flera fördelar som underlättar med en helhetsförståelse för kodbasen, driftsättning, testbarhet, och skalbarhet. Då IT industrin har växt sig allt större, så är det rimligt att tech jättar inför mikrotjänstarkitekturen för att kunna utnyttja dessa fördelar. Nya mjukvarulösningar medför säkerhetsproblem, speciellt då tekniken är helt ny och inte har kartlagts ordentligt. Autentisering och auktorisering utgör grunden för applikationer som har ett flertal användare. Då mikrotjänster ej hunnit blivit utförligt täckt av undersökning, på grund av sin relativt unga ålder, så finns det ej några standardiserade designmönster för hur autentisering och auktorisering är implementerade till bästa effekt i en mikrotjänst. Detta examensarbete undersöker en existerande mikrotjänst för att säkra den genom att applicera vad som är känt som ett säkerhetsdesignmönster för autentisering och auktorisering. Olika sådana mönster testades och jämfördes baserat på prestanda i olika bakgrunder. De varierade nivåerna av säkerhet från de olika angreppssätten som säkerhetsmönstrena erbjöd användes för att identifiera en acceptabel kompromiss mellan säkerhet mot prestanda. Målet är att i slutändan så kommer detta att ge mönstren en högre giltighet när det kommer till att bli accepterade som säkerhetsdesignmönster inom området av mikrotjänstsäkerhet. Ett annat mål var att hitta den bästa kandidaten bland dessa säkerhetsmönster för den givna mikrotjänsten som användes i projektet. Resultaten visade på en korrelation mellan ökad säkerhet och längre responstider. För generella fall rekommenderas det säkerhetsmönster som implementerade intern autentisering och auktorisering men med en viss del tillit mellan tjänster. Om horisontell skalning användes visade resultaten att de normala tjänsterna var de bästa valet att lägga dessa resurser på. Fortsättningsvis visade resultaten även att för ett lägre antal användare så var den negativa effekten på prestandan nästan likvärdig mellan de olika mönstren. Detta innebar att det specifika fallet då mikrotjänster ser en lägre mängd trafik så är det rekommenderade säkerhetsmönstret det som implementerad flest åtkomstkontroller. I fallet för den miljö där undersökningen tog plats förekom det en lägre mängd trafik och därför rekommenderades det säkerhetsmönster som säkrade alla tjänster närvarande i mikrotjänsten.
33
Miles, Shaun Graeme. "An investigation of issues of privacy, anonymity and multi-factor authentication in an open environment." Thesis, Rhodes University, 2012. http://hdl.handle.net/10962/d1006653.
Full textAbstract:
This thesis performs an investigation into issues concerning the broad area ofIdentity and Access Management, with a focus on open environments. Through literature research the issues of privacy, anonymity and access control are identified. The issue of privacy is an inherent problem due to the nature of the digital network environment. Information can be duplicated and modified regardless of the wishes and intentions ofthe owner of that information unless proper measures are taken to secure the environment. Once information is published or divulged on the network, there is very little way of controlling the subsequent usage of that information. To address this issue a model for privacy is presented that follows the user centric paradigm of meta-identity. The lack of anonymity, where security measures can be thwarted through the observation of the environment, is a concern for users and systems. By an attacker observing the communication channel and monitoring the interactions between users and systems over a long enough period of time, it is possible to infer knowledge about the users and systems. This knowledge is used to build an identity profile of potential victims to be used in subsequent attacks. To address the problem, mechanisms for providing an acceptable level of anonymity while maintaining adequate accountability (from a legal standpoint) are explored. In terms of access control, the inherent weakness of single factor authentication mechanisms is discussed. The typical mechanism is the user-name and password pair, which provides a single point of failure. By increasing the factors used in authentication, the amount of work required to compromise the system increases non-linearly. Within an open network, several aspects hinder wide scale adoption and use of multi-factor authentication schemes, such as token management and the impact on usability. The framework is developed from a Utopian point of view, with the aim of being applicable to many situations as opposed to a single specific domain. The framework incorporates multi-factor authentication over multiple paths using mobile phones and GSM networks, and explores the usefulness of such an approach. The models are in tum analysed, providing a discussion into the assumptions made and the problems faced by each model.Adobe Acrobat Pro 9.5.1
Adobe Acrobat 9.51 Paper Capture Plug-in
34
Bharath, Tati. "A framework to implement delegation in offline PACS : A strategy to restrict user’s path." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-127851.
Full textAbstract:
Physical access control systems (PACS) deal with the security of the availability of resources. They work as an alternative to traditional manual security access control. Access control has two variants, the logical which deals with computer environments and the physical which deals with the physical entry into a property or warehouses. However, offline physical access control systems cannot enforce the user’s path making it unsuitable for use in classified areas, such as places where the public is restricted. Therefore, offline PACS need a framework that can delegate the authority to enforce the user’s path. This is satisfactorily met in the presented research with a new design of offline PACS that has the capability to implement delegation. This framework allows the locks to dynamically write and read access policies onto and from a smart card. It works by means of a construct called “Path Array” and communication among different entities occurs via a chain of trust formed with the use of pre-shared keys.
35
Luo, Ying. "Efficient Anonymous Biometric Matching in Privacy-Aware Environments." UKnowledge, 2014. http://uknowledge.uky.edu/ece_etds/46.
Full textAbstract:
Video surveillance is an important tool used in security and environmental monitoring, however, the widespread deployment of surveillance cameras has raised serious privacy concerns. Many privacy-enhancing schemes have been recently proposed to automatically redact images of selected individuals in the surveillance video for protection. To identify these individuals for protection, the most reliable approach is to use biometric signals as they are immutable and highly discriminative. If misused, these characteristics of biometrics can seriously defeat the goal of privacy protection. In this dissertation, an Anonymous Biometric Access Control (ABAC) procedure is proposed based on biometric signals for privacy-aware video surveillance. The ABAC procedure uses Secure Multi-party Computational (SMC) based protocols to verify membership of an incoming individual without knowing his/her true identity. To make SMC-based protocols scalable to large biometric databases, I introduce the k-Anonymous Quantization (kAQ) framework to provide an effective and secure tradeoff of privacy and complexity. kAQ limits systems knowledge of the incoming individual to k maximally dissimilar candidates in the database, where k is a design parameter that controls the amount of complexity-privacy tradeoff. The relationship between biometric similarity and privacy is experimentally validated using a twin iris database. The effectiveness of the entire system is demonstrated based on a public iris biometric database.
To provide the protected subjects with full access to their privacy information in video surveillance system, I develop a novel privacy information management system that allows subjects to access their information via the same biometric signals used for ABAC. The system is composed of two encrypted-domain protocols: the privacy information encryption protocol encrypts the original video records using the iris pattern acquired during ABAC procedure; the privacy information retrieval protocol allows the video records to be anonymously retrieved through a GC-based iris pattern matching process. Experimental results on a public iris biometric database demonstrate the validity of my framework.
36
Li, Jun. "Towards a localisation of trust framework for pervasive environments." Thesis, University of Hertfordshire, 2008. http://hdl.handle.net/2299/2612.
Full textAbstract:
Pervasive computing envisions an environment in which we are surrounded by many embedded computer devices. The existence of those networked devices provides us with a mobile, spontaneous and dynamic way to access various resources provided by different (security policy) domains. In recent years, we have witnessed the evolutionary development of numerous multiple domain applications. One of the richest examples is pervasive environments. Typi- cally, the conventional approach to secure access over multiple domains is to implement a unique trusted infrastructure, extending local identity or capa- bility based security systems and combining them with cross-domain authen- tication mechanisms. However, this does not adequately meet the security requirements of communicating with unknown players in pervasive environ- ments. Moreover, it is infeasible to define a global trust infrastructure and a set of assumptions that every player will trust in the multiple domain context. A powerful design technique to address those new security challenges posed by pervasive environments is to understand them from a domain perspective. This thesis presents Localisation of Trust (LoT), an architectural frame- work designed to address the security need of how to talk to correct strangers in pervasive environments. Based on the localising trust security principle, LoT provides a generic platform for building access control over multiple do- mains from two ends: authentication and authorisation. Firstly, LoT proposes a two-channel authentication protocol to replace traditional (strong) identity- based authentication protocols by exploring desirable contextual information for different pervasive applications. Then, delegation and localised authenti- cation are deployed to achieve authorisation in pervasive environments. The heart of this different semantic is to let the right domain get involved with its local players’ interactions by helping them to convert a “token” to a usable 2 access capability, whilst keeping revocation in mind. This is done by introduc- ing a domain-oriented Encryption-Based Access Control method, using ideas borrowed for Identity-based Encryption. The second part of this thesis describes several specific mechanisms and protocols including a Dual Capabilities Model to achieve the required anti- properties for LoT. Although novel, they are intended primarily as an existence proof rather than being claimed to be ideal. Depending upon the precise application and context, other mechanisms may be better. Most importantly, the architecture-focused LoT provides such a flexibility by introducing multiple domains as a primary concern but leaving untouched the security protocols underlying each single domain and system implementation. Finally, a single domain scenario, guest access, is examined with the light of LoT. The purpose of doing so is to enhance the understanding of domain and other concepts described in LoT and demonstrate the effectiveness and efficiency of LoT for the scenarios chosen.
37
Bouazzouni, Mohamed Amine. "Processus sécurisés de dématérialisation de cartes sans contact." Phd thesis, Toulouse, INPT, 2017. http://oatao.univ-toulouse.fr/19488/1/BOUAZZOUNI_MohamedAmine.pdf.
Full textAbstract:
Au fil des années, la technologie sans contact NFC s'est imposée dans notre quotidien au travers des différents services proposés. Les cas d'utilisation sont nombreux allant des cartes de fidélité, des cartes de transport, des cartes de paiement sans contact jusqu'aux cartes de contrôle d'accès. Cependant, les premières générations des cartes NFC ont une sécurité minimale reposant sur l'hypothèse de leur non-clonabilité. De multiples vulnérabilités ont été découvertes et leur exploitation a permis des copies frauduleuses. Afin de remédier à ces vulnérabilités, une nouvelle génération de cartes à la sécurité augmentée a vu le jour. Ces cartes permettent une authentification avec un lecteur basée sur des algorithmes de chiffrements symétriques tels qu'AES, DES, et 3DES. Elles sont plus robustes que la première génération mais ont subi des également une attaque en reverse-engineering. Pour garantir et améliorer le niveau de sécurité du système de contrôle d'accès, nous proposons dans le cadre de l'opération neOCampus, la dématérialisation sécurisée de la carte sans contact sur un smartphone muni de la technologie NFC. Cette dématérialisation nous permet d'exploiter la puissance de calcul et la capacité de stockage du smartphone afin de déployer des algorithmes d'authentification plus robustes. Cependant, l'OS du smartphone ne peut être considéré comme un environnement de confiance. Afin de répondre à la problématique du stockage et du traitement sécurisés sur un smartphone, plusieurs solutions ont été proposées : les Secure Elements (SE), les Trusted Platform Module (TPM), les Trusted Execution Environment (TEE) et la virtualisation. Afin de stocker et de traiter de manière sécurisée les données d'authentification, le TEE apparait comme la solution idéale avec le meilleur compromis sécurité/performances. Cependant, de nombreux smartphones n'embarquent pas encore de TEE. Pour remédier à cette contrainte, nous proposons une architecture basée sur l'utilisation de TEEs déportés sur le Cloud. Le smartphone peut le contacter via une liaison Wi-Fi ou 4G. Pour se faire, un protocole d'authentification basé sur IBAKE est proposé. En plus de ce scénario nominal, deux autres scenarii complémentaires ont été proposés permettant d'accompagner le développement et la démocratisation des TEE non seulement dans le monde des smartphones mais aussi sur des dispositifs peu onéreux comme le Raspberry Pi 3. Ces architectures déploient le même algorithme d'authentification que le scénario nominal. Nous proposons aussi une architecture hors ligne permettant à un utilisateur de s'authentifier à l'aide d'un jeton de connexion en cas d'absence de réseaux sans fil. Cette solution permet de relâcher la contrainte sur la connectivité du smartphone à son Cloud. Nous procédons à une évaluation de l'architecture de dématérialisation et de l'algorithme d'authentification en terme de performances et de sécurité. Les opérations cryptographiques du protocole d'authentification sont les plus coûteuses. Nous avons alors procédé à leur évaluation en nous intéressant en particulier aux opérations de chiffrement IBE et à la génération de challenges ECC. Nos implémentations ont été évaluées pour l'infrastructure Cloud et l'environnement mobile. Nous avons ensuite procédé à une validation du protocole d'authentification sur les trois architectures sélectionnées à l'aide de l'outil Scyther. Nous avons montré, que pour les trois scenarii, la clé de session négociée via le protocole d'authentification restait secrète durant tout le protocole. Cette caractéristique nous garantit que les données d'authentification chiffrées avec cette clé resteront secrètes et que la phase d'identification de la personne est protégée tout en préservant l'ergonomie du système existant.
38
Foltýn, Petr. "Návrh a realizace jednotek modulárního přístupového systému." Master's thesis, Vysoké učení technické v Brně. Fakulta strojního inženýrství, 2010. http://www.nusl.cz/ntk/nusl-229208.
Full text
39
Yu, Ping. "Direct Online/Offline Digital Signature Schemes." Thesis, University of North Texas, 2008. https://digital.library.unt.edu/ark:/67531/metadc9717/.
Full textAbstract:
Online/offline signature schemes are useful in many situations, and two such scenarios are considered in this dissertation: bursty server authentication and embedded device authentication. In this dissertation, new techniques for online/offline signing are introduced, those are applied in a variety of ways for creating online/offline signature schemes, and five different online/offline signature schemes that are proved secure under a variety of models and assumptions are proposed. Two of the proposed five schemes have the best offline or best online performance of any currently known technique, and are particularly well-suited for the scenarios that are considered in this dissertation. To determine if the proposed schemes provide the expected practical improvements, a series of experiments were conducted comparing the proposed schemes with each other and with other state-of-the-art schemes in this area, both on a desktop class computer, and under AVR Studio, a simulation platform for an 8-bit processor that is popular for embedded systems. Under AVR Studio, the proposed SGE scheme using a typical key size for the embedded device authentication scenario, can complete the offline phase in about 24 seconds and then produce a signature (the online phase) in 15 milliseconds, which is the best offline performance of any known signature scheme that has been proven secure in the standard model. In the tests on a desktop class computer, the proposed SGS scheme, which has the best online performance and is designed for the bursty server authentication scenario, generated 469,109 signatures per second, and the Schnorr scheme (the next best scheme in terms of online performance) generated only 223,548 signatures. The experimental results demonstrate that the SGE and SGS schemes are the most efficient techniques for embedded device authentication and bursty server authentication, respectively.
40
Butun, Ismail. "Prevention and Detection of Intrusions in Wireless Sensor Networks." Scholar Commons, 2013. http://scholarcommons.usf.edu/etd/4449.
Full textAbstract:
Wireless Sensor Networks (WSNs) continue to grow as one of the most exciting and challenging research areas of engineering. They are characterized by severely constrained computational and energy
resources and also restricted by the ad-hoc network operational
environment. They pose unique challenges, due to limited power
supplies, low transmission bandwidth, small memory sizes and limited energy. Therefore, security techniques used in traditional networks cannot be directly adopted. So, new ideas and approaches are needed, in order to increase the overall security of the network. Security applications in such resource constrained WSNs with minimum overhead provides significant challenges, and is the main focus of this dissertation.
There is no "one size fits all" solution in defending WSNs against intrusions and attacks. Therefore, intrusions and attacks against WSNs should be carefully examined to reveal specific vulnerabilities associated with them, before beginning the design of any kind of intrusion prevention and detection systems. By following this rationale, the dissertation starts with providing information regarding the WSNs, types of attacks towards WSNs, and the methods on how to prevent and detect them. Then, in order to secure WSNs, a security provisioning plan is provided.
In general, the following processes may be involved in securing WSNs: Intrusion Prevention, Intrusion Detection, and Intrusion
Mitigation. This dissertation presents solutions (algorithms and
schemes) to the first two lines of defenses of the security
provisioning plan, namely, Intrusion Prevention and Intrusion
Detection.
As a first line of defense in securing WSNs, this dissertation
presents our proposed algorithm ("Two-Level User Authentication" scheme) as an Intrusion Prevention System (IPS) for WSNs. The algorithm uses two-level authentication between a sensor node and a user. It is designed for heterogeneous WSNs, meaning that
the network consists of two components: regular nodes and more
powerful cluster heads. The proposed scheme is evaluated both
analytically and also in a simulation environment, by comparing it
to the current state-of-the-art schemes in the literature.
A comprehensive and systematic survey of the state-of-the-art in
Intrusion Detection Systems (IDSs) that are proposed for Mobile
Ad-Hoc Networks (MANETs) and WSNs is presented. Firstly, detailed
information about IDSs is provided. This is followed by the analysis
and comparison of each scheme along with their advantages and
disadvantages from the perspective of security. Finally, guidelines
on IDSs that are potentially applicable to WSNs are provided. Overall, this work would be very helpful to the researchers in developing their own IDSs for their WSNs.
Clustering (of the nodes) is very important for WSNs not only in
data aggregation, but also in increasing the overall performance of
the network, especially in terms of total life-time. Besides, with the help of clustering, complex intrusion prevention and detection algorithms can be implemented. Therefore, background on the
clustering algorithms is provided and then a clustering algorithm
for WSNs is proposed, that is both power and connectivity aware. The proposed algorithm provides higher energy efficiency and increases the life-time of the network. In evaluating the proposed clustering algorithm (in a simulation environment by comparing its' performance to the previously proposed algorithm, namely Kachirski et al.'s algorithm), it is demonstrated that the proposed algorithm
improves energy efficiency in WSNs.
Finally, an IDS framework based on multi-level clustering for
hierarchical WSNs is proposed. It is based upon (the nodes use our
proposed clustering algorithm while forming their clusters) the
clustering algorithm that is proposed in this dissertation. The
framework provides two types of intrusion detection approaches,
namely "Downwards-IDS (D-IDS)" to detect the abnormal behavior (intrusion) of the subordinate (member) nodes and "Upwards-IDS (U-IDS)" to detect the abnormal behavior of the cluster heads. By using analytical calculations, the optimum parameters for the D-IDS (number of maximum hops) and U-IDS (monitoring group size) of the framework are evaluated and presented.
Overall, this dissertation research contributes to the first two lines of defenses towards the security of WSNs, namely, IPS and IDS.
Furthermore, the final contribution of this dissertation is towards
the topology formation of the WSNs (especially for the hierarchical
WSNs), namely, clustering; which would be very useful in implementation of the IPS and IDS systems that are presented in this dissertation.
41
He, Yijun, and 何毅俊. "Protecting security in cloud and distributed environments." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2012. http://hub.hku.hk/bib/B49617631.
Full textAbstract:
Encryption helps to ensure that information within a session is not compromised. Authentication and access control measures ensure legitimate and appropriate access to information, and prevent inappropriate access to such resources. While encryption, authentication and access control each has its own responsibility in securing a communication session, a combination of these three mechanisms can provide much better protection for information.
This thesis addresses encryption, authentication and access control related problems in cloud and distributed environments, since these problems are very common in modern organization environment. The first one is a User-friendly Location-free Encryption System for Mobile Users (UFLE). It is an encryption and authentication system which provides maximum security to sensitive data in distributed environment: corporate, home and outdoors scenarios, but requires minimum user effort (i.e. no biometric entry, or possession of cryptographic tokens) to access the data. It makes users securely and easily access data any time and any place, as well as avoids data breach due to stolen/lost laptops and USB flash. The multi-factor authentication protocol provided in this scheme is also applicable to cloud storage.
The second one is a Simple Privacy-Preserving Identity-Management for Cloud Environment (SPICE). It is the first digital identity management system that can satisfy “unlinkability”and “delegatable authentication” in addition to other desirable properties in cloud environment. Unlinkability ensures that none of the cloud service providers (CSPs), even if they collude, can link the transactions of the same user. On the other hand, delegatable authentication is unique to the cloud platform, in which several CSPs may join together to provide a packaged service, with one of them being the source provider which interacts with the clients and performs authentication, while the others are receiving CSPs which will be transparent to the clients. The authentication should be delegatable such that the receiving CSP can authenticate a user without a direct communication with either the user or the registrar, and without fully trusting the source CSP.
The third one addresses re-encryption based access control issue in cloud and distributed storage. We propose the first non-transferable proxy re-encryption scheme [16] which successfully achieves the non-transferable property. Proxy re-encryption allows a third-party (the proxy) to re-encrypt a ciphertext which has been encrypted for one party without seeing the underlying plaintext so that it can be decrypted by another. A proxy re-encryption scheme is said to be non-transferable if the proxy and a set of colluding delegatees cannot re-delegate decryption rights to other parties. The scheme can be utilized for a content owner to delegate content decryption rights to users in the untrusted cloud storage. The advantages of using such scheme are: decryption keys are managed by the content owner, and plaintext is always hidden from cloud provider.published_or_final_version
Computer Science
Doctoral
Doctor of Philosophy
42
Risterucci, Gabriel. "Mécanismes et outils pour sécurisation de systèmes à accès distants : application aux systèmes de gestion électronique de documents." Thesis, Aix-Marseille, 2016. http://www.theses.fr/2016AIXM4010/document.
Full textAbstract:
Cette thèse a pour objet l'amélioration de la sécurité de systèmes à accès distant par l'utilisation d'outils cryptographiques. Elle s'applique en particulier aux applications de gestion de documents numériques pour leurs problématiques de communication, d'authentification et de gestion de droits. Contrairement aux approches classiques consistant à utiliser des moyens de protections ponctuels, nous proposons ici un ensemble d'outils conçu pour collaborer afin de renforcer la sécurité du système. La sécurisation des communications est réalisée grâce à la conception d'un protocole de communications sécurisée adapté aux applications distribuées. Les problématiques d'authentification ont donné lieu à l'élaboration de solutions permettant d'apporter un support cryptographique pour toutes modalités d'authentification. La gestion des droits fait l'objet d'un développement spécifique permettant d'associer des droits à des applications cryptographiques. Un point clé de ces réflexions est l'importance de l'accessibilité de ces outils de sécurité pour les utilisateurs du système. Cela a influé sur les propositions pour qu'elles perturbent le moins possible l'expérience utilisateur. Le résultat est l'intégration en un système global de différents outils et mécanismes apportant une sécurité complète à un système de gestion de documents numériques. Cette sécurité est basée sur des algorithmes cryptographiques afin de disposer de propriétés de sécurité prouvables et vérifiables. Comme support de ces mécanismes, une plate-forme de sécurité logicielle a été conçu pour fournir les outils cryptographiques de façon portableThis thesis' goal is the improvement of the security of remotely accessed systems with the use of cryptographic tools. Specifically it is applied to digital documents management software that raise issues in three fields~: communication, authentication and rights management. Unlike common approaches that involve the use of individual protections for these three fields, we offer a set of tools made to work together to improve the system's security. Securing communication is done thanks to a new secure communication protocol designed for distributed applications. Authentication issues led to the development of two tailored solutions providing cryptographic support to the application for any authentication method. Rights management is handled through new associations between a given access right and specific cryptographic applications. A key element of those solutions is the emphasis put on the usability of these secure tools. It swayed the development of our proposals toward more transparent solutions that would not disturb the user experience. As a result, we obtained a secure system made of these tools and mechanisms that work together to provide full and transparent security for a digital documents management software. This security is fully based on cryptographic algorithms to provide provable and verifiable security properties. As a supporting layer for these mechanisms, a secure software library was designed to provide all the required tools for cryptographic uses in a portable way
43
Xu, Cheng. "Authenticated query processing in the cloud." HKBU Institutional Repository, 2019. https://repository.hkbu.edu.hk/etd_oa/620.
Full textAbstract:
With recent advances in data-as-a-service (DaaS) and cloud computing, outsourcing data to the cloud has become a common practice. In a typical scenario, the data owner (DO) outsources the data and delegates the query processing service to a service provider (SP). However, as the SP is often an untrusted third party, the integrity of the query results cannot be guaranteed and is thus imperative to be authenticated. To tackle this issue, a typical approach is letting the SP provide a cryptographic proof, which can be used to verify the soundness and completeness of the query results by the clients. Despite extensive research on authenticated query processing for outsourced databases, existing techniques have only considered limited query types. They fail to address a variety of needs demanded by enterprise customers such as supporting aggregate queries over set-valued data, enforcing fine-grained access control, and using distributed computing paradigms. In this dissertation, we take the first step to comprehensively investigate the authenticated query processing in the cloud that fulfills the aforementioned requirements. Security analysis and performance evaluation show that the proposed solutions and techniques are robust and efficient under a wide range of system settings.
44
Jedlička, Zdeněk. "Přístupový systém založený na protokolu ACP." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2012. http://www.nusl.cz/ntk/nusl-219429.
Full textAbstract:
Work is focused on the possibility of implementation of ACP into applications for mobile devices using the Android operating system ogether with the implementation of this Protocol in the hardware device. Communication is based on standard TCP / IP and UDP protocol.
45
Vale, JoÃo Carlos Sousa do. "MYGSI-uma proposta de seguranÃa para grades peer-to-peer." Universidade Federal do CearÃ, 2006. http://www.teses.ufc.br/tde_busca/arquivo.php?codArquivo=2072.
Full textAbstract:
nÃo hÃMyGSI à uma proposta de arquitetura de seguranÃa para ambientes de grades peer-to-peer. Utilizando mecanismos de autenticaÃÃo, controle de acesso e delegaÃÃo de direitos de acesso, MyGSI permite a troca de informaÃÃes e o compartilhamento de recursos de forma segura atravÃs de trÃs mÃdulos: MyAuth, MyAC e MyDel. MyAuth à o mÃdulo responsÃvel pela autenticaÃÃo utilizando a infra-estrutura de chaves pÃblicas. MyAC à o mÃdulo responsÃvel pelo controle de acesso e permite o gerenciamento descentralizado de polÃticas de controle de acesso. MyDel à o mÃdulo responsÃvel pelo processo de delegaÃÃo de direitos de acesso atravÃs de correntes de certificados. MyGSI foi desenvolvido na linguagem JAVA e integrado na grade OurGrid. O processo de integraÃÃo de MyGSI com o OurGrid, alguns cenÃrios de uso e os resultados desta integraÃÃo tambÃm sÃo apresentados nesta dissertaÃÃo.
MyGSI is a proposal of security architecture for peer-to-peer grid environments. MyGSI uses authentication mechanisms, access control and delegation of access rights. MyGSI allows the exchange of information in secure mode, and is composed of three modules: MyAuth, MyAC and MyDel. MyAuth uses public key infrastructure to deal with authentication. MyAC deals with access control, allowing a decentralized access control policies management. MyDel deals with the delegation of access rights implemented through certified chains. MyGSI was developed in JAVA and was integrated to OurGrid successfully. Some examples and results of this integration are also presented
46
Ribeiro, Matheus Antônio Corrêa. "Gerenciamento e autenticação de identidades digitais usando feições faciais." reponame:Biblioteca Digital de Teses e Dissertações da UFRGS, 2008. http://hdl.handle.net/10183/15740.
Full textAbstract:
Em nossa vida diária, são utilizadas identidades digitais (IDDs) para acessar contas de e-mail, bancos e lojas virtuais, locais restritos, computadores compartilhados, e outros. Garantir que apenas usuários autorizados tenham o acesso permitido é um aspecto fundamental no desenvolvimento destas aplicações. Atualmente, os métodos de controle de acesso simples como senhas ou números de identificação pessoal não devem ser considerados suficientemente seguros, já que um impostor pode conseguir estas informações sem o conhecimento do usuário. Ainda, no caso de utilização de dispositivos físicos como cartões de identificação, estes podem ser roubados ou forjados. Para tornar estes sistemas mais confiáveis, técnicas de autenticação de identidades utilizando múltiplas verificações são propostas. A utilização de características biométricas surge como a alternativa mais confiável para tratar este problema, pois são, teoricamente, únicas para cada pessoa. Contudo, algumas características biométricas como a aparência facial podem variar com o tempo, implicando em um grande desafio para os sistemas de reconhecimento facial. Neste trabalho é combinado o acesso tradicional por senha com a análise da face para realizar a autenticação. Um método de aprendizagem supervisionada é apresentado e sua adaptação é baseada na melhora contínua dos modelos faciais, que são representados por misturas de gaussianas. Os resultados experimentais, obtidos sobre um conjunto de teste reduzido, são encorajadores, com 98% de identificação correta dos usuários e custo computacional relativamente baixo. Ainda, a comparação com um método apresentado na literatura indicou vantagens do método proposto quando usado como um pré-selecionador de faces.In our daily life, we use digital identities (DIDs) to access e-mails, e-banks, e-shops, physical environments, shared computers, and so on. Guarantee that only authorized users are granted access is an important aspect in the development of such applications. Nowadays, the simple access control methods like passwords or personal identification numbers can not be considered secure enough, because an impostor can obtain and use these information without user knowledge. Also, physical devices like ID cards can be stolen. To make these systems more reliable, multimodal DID authentication techniques combining different verification steps are proposed. Biometric features appears as one of the most reliable alternatives to deal with this problem because, theoretically, they are unique for each person. Nevertheless, some biometric features like face appearances may change in time, posing a serious challenge for a face recognition system. In this thesis work, we use the traditional password access combined with human face analysis to perform the authentication task. An intuitive supervised appearance learning method is presented, and its adaptation is based on continuously improving face models represented using the Gaussian mixture modeling approach. The experimental results over a reduced test set show encouraging results, with 98% of the users correctly identified, with a relatively small computational effort. Still, the comparison with a method presented in the literature indicated advantages of the proposed method when used as a pre-selector of faces.
47
Fiorese, Mauricio. "Uma Proposta de autenticação de usuários para ensino a distância." reponame:Biblioteca Digital de Teses e Dissertações da UFRGS, 2000. http://hdl.handle.net/10183/80127.
Full textAbstract:
Este trabalho investiga diferentes estratégias e técnicas de autenticação de usuários visando determinar quais podem ser integradas em um ambiente de educação a distância. Diversas soluções de autenticação existentes no mercado foram analisadas para se determinar as mais adequadas. Buscou-se as soluções consideradas factíveis de utilização, seja pelo custo ou quantidade de equipamentos extras envolvidos, seja pela simplicidade operacional ou pelo grau de certeza das medidas efetuadas. A partir desta análise foi delineado um modelo de autenticação que integra várias técnicas de autenticação a fim de chegar a um nível de segurança maior que senhas, utilizadas na maioria dos sistemas de educação a distância. 0 sistema funciona como um proxy, cuja função é controlar o acesso a páginas Web através da combinação de senhas, perguntas randômicas, dispositivos biométricos e checagem randômica, ao mesmo tempo que gera logs da atividade do aluno no curso. Estes logs conterão informações como dia e hora do acesso, tempo dispendido em cada página, endereço IP da máquina do aluno, entre outras. Estas informações podem ser utilizadas tanto para avaliar o aluno, como para gerar seu perfil estatístico, que servirá para gerar alertas na medida em que os dados do perfil sofrerem mudanças acima dos limites estabelecidos, durante a atividade do aluno. Um protótipo do sistema foi implementado para validar a solução delineada ao longo do trabalho. A integração dos métodos de autenticação, que identificam o aluno e a máquina em que ele está trabalhando, com as rotinas de avaliação do procedimento de educação a distância, foi um dos principais resultados alcançados.This work investigates different strategies and techniques of user authentication in order to determine which ones may be integrated in a distance learning environment. Several authentication solutions available on the market are analyzed in order to find the most appropriate. The criteria used to determine the best solutions involve cost or amount of equipments involved, operational simplicity, and degree of confidence or results obtained. Based on this analysis, an authentication model that integrates several authentication techniques is delineated in order to obtain greater security than those used in most distance learning systems, based only on passwords. This system works like a proxy whose function is to control access to Web pages through the combination of passwords, random queries, biometric devices and random checks, at the same time that it generates logs of student's activity during a course. These logs contain information about day and hour of access, time spent on each page, IP address of the student's machine and so on. This information can be used both to evaluate the student and to generate his/her statistical profile. This profile is used to give an alarm when the data of the profile undergo changes above the established limits, during the student's activity. A prototype of the system has been implemented to validate the solution designed. The integration of the authentication methods, which identifies both the student and the machine where he/she is working, with the evaluation routines of the distance learning procedure, is one of the main reached results.
48
Petrauskienė, Rasa. "Prieigos prie bevielio tinklo resursų valdymas panaudojant vietos informaciją." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2011. http://vddb.laba.lt/obj/LT-eLABa-0001:E.02~2011~D_20110901_140213-99282.
Full textAbstract:
Tobulėjant mobilioms technologijoms vietos informacija tapo svarbi prieigos valdymui. Šiame darbe analizuojamos vietos informacijos derinimo su autentifikacijos ir prieigos valdymo mechanizmais galimybės. Darbe išskirti vietos informacijos įvedimo į autentifikacijos, prieigos valdymo ir atskaitomybės procesus privalumai. Pristatomas vietos informacija paremtas prieigos prie tinklo resursų valdymo modelis, kuris leidžia padidinti teisingo autentifikavimo tikimybę bei išplėsti prieigos valdymo galimybes. Suprojektuota prieigos prie bevielio tinklo valdymo sistema, pritaikyta veikti kelių aukštų pastate. Modelis yra suderinamas su OGC (Open GeoSpatial Consortium) ir Geo-RBAC (RBAC modelio išplėtimu), į jį įtraukti kitų tipų vietos informacija pagrįsti požymiai. Darbe pristatomi prieigos valdymo išplėtimai: periodiškumo algoritmas ir erdvinių požymių įvertinimo algoritmas, naudojantis susiejimo funkcijas ir įvertinantis vietos nustatymo patikimumą. Pasiūlyto prieigos valdymo modelio veikimas įvertinamas eksperimentais, nurodomi jo galimi pažeidžiamumai.Location-based Access Control LBAC techniques allow taking users’ physical location into account when determining their access privileges. The analysis of possibilities of integrating location information into access control and authentication is provided. I show the advantages of using location information for authentication and access control. I present location-based access control model that can increase the probability of correct authentication. I design wireless LAN location-based access control system that is used in building of several floors. The model is compliant with OGC (Open GeoSpatial Consortium) and Geo-RBAC (the extent of RBAC model); it integrates other types of location-based features. I describe the periodicity algorithm of location-based access control and design the policy enforcement algorithm that uses location mapping functions and the evaluation of confidence. The model is evaluated by testing the speed of the system and computer resources used by the system. The vulnerabilities of location-based access control are discussed in the context of sniffing, highjacking, DoS and warmhole attacks.
49
Villar, Melissa Vieira Fernandes. "Modelo de autenticaÃÃo e autorizaÃÃo baseado em certificados de atributos para controle de acesso de aplicaÃÃes em ambiente distribuÃdo utilizando redes de petri coloridas." Universidade Federal do CearÃ, 2007. http://www.teses.ufc.br/tde_busca/arquivo.php?codArquivo=2047.
Full textAbstract:
Devido Ãs crescentes ameaÃas inerentes aos sistemas de informaÃÃo, o uso de mecanismos de autenticaÃÃo e autorizaÃÃo baseados em identificador de usuÃrio e senha nÃo à mais suficiente para garantir a seguranÃa das informaÃÃes. Este trabalho propÃe um novo modelo de autenticaÃÃo e autorizaÃÃo para controle de acesso de aplicaÃÃes distribuÃdas, baseado em resumos criptogrÃficos e certificados de atributos. Os resumos criptogrÃficos sÃo utilizados no processo de autenticaÃÃo da aplicaÃÃo, enquanto os certificados de atributos especificam privilÃgios e outras informaÃÃes de autorizaÃÃo associadas ao seu proprietÃrio. Os certificados de atributos sÃo gerenciados pela infra-estrutura de gerenciamento de privilÃgios (IGP). A arquitetura e o funcionamento do modelo bem como os processos de geraÃÃo do certificado de atributos, autenticaÃÃo e autorizaÃÃo da aplicaÃÃo sÃo descritos. O modelo proposto foi especificado em Redes de Petri Coloridas e validado por meio de simulaÃÃes.Due to increasing threats inherent to the information systems, the use of authentication and authorization mechanisms based in login and password does not enough to assure the information security. This work proposes a new model of authentication and authorization for distributed applications, based in hash and attributes certificates. Hash is used in the application authentication process, while certificates of attributes specify privileges and other authorization information. Its use is managed by the privilege management infrastructure (PMI). In this work, we describe the architecture and the functioning of the model, as well the processes of the attributes certificates generation, authentication and authorization of the application. The proposed model was specified in Coloured Petri Nets and validated by simulation.
50
Malík, Ondrej. "Kryptografie a ochrana soukromí." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2021. http://www.nusl.cz/ntk/nusl-442402.
Full textAbstract:
The main goal of this diploma thesis was to create web applications for issuer, verifier and revocation authority of revocable keyed-verification anonymous credentials system. Applications created in this thesis provide functions for all tasks, that are performed by each entity. Using these applications a global management of RKVAC system is possible. Authentication module created in verifier’s app is universaly usable for access control to any web service. Both issuer’s and revocation authority’s app are compatible with whole RKVAC system and are therefor applicable as central elements of systems.