Tesis sobre el tema "Sécurité Internet"
Crea una cita precisa en los estilos APA, MLA, Chicago, Harvard y otros
Consulte los 50 mejores tesis para su investigación sobre el tema "Sécurité Internet".
Junto a cada fuente en la lista de referencias hay un botón "Agregar a la bibliografía". Pulsa este botón, y generaremos automáticamente la referencia bibliográfica para la obra elegida en el estilo de cita que necesites: APA, MLA, Harvard, Vancouver, Chicago, etc.
También puede descargar el texto completo de la publicación académica en formato pdf y leer en línea su resumen siempre que esté disponible en los metadatos.
Explore tesis sobre una amplia variedad de disciplinas y organice su bibliografía correctamente.
Jacquin, Ludovic. "Compromis performance/sécurité des passerelles très haut débit pour Internet". Phd thesis, Université de Grenoble, 2013. http://tel.archives-ouvertes.fr/tel-00911075.
Texto completoAissaoui, Mehrez Hassane. "Sécurité pour les réseaux du futur : gestion sécurisée des identités". Thesis, Paris 6, 2015. http://www.theses.fr/2015PA066606.
Texto completoToday, the Internet is changing radically our habits, especially with the massive influx of the nomadic techniques, the Internet of objects, the growing use of grid computing, wireless networks and the emergence of new approaches in recent years. In particular, the virtualization of the computing infrastructures, which allowed defining a new model called Cloud Computing, introducing an enough frank breakdown with the traditional models, can be perceived as a preparatory stage towards the Internet of future.The implementation of these approaches allows, in a different way : mutualization and organization of the computer system. It allows to dematerialize the physical infrastructures and to deport applications on distant containers. Therefore, the global architecture of Internet should be evolved. It will rely strongly on these new approaches and in particular, Cloud Computing and virtualization. However, no system is infallible especially if resources are distributed and mutualized. They raise a number of problems and involve directly security issues, which remain one of the main barriers to the adoption of these technologies.Like any new technology, Cloud Computing and virtualization create new risks, which come to graft to traditional threats of the outsourcing management of the privilege separation, the identity and accesses management, the robustness of the virtualization software, the virtual machine isolation, the personal data protection, reversibility, privacy... The traditional Internet architecture cannot provide the adequate solutions to the challenges raised by these new approaches: mobility, flexibility, security requirements, reliability and robustness. Thus, a research project (SecFuNet : Security For Future Networks) was validated by the European Commission, to provide some answers, to make a state of the art of these security mechanisms and a comprehensive study of orchestration and integration techniques based on protection components within overall security architecture
Aissaoui, Mehrez Hassane. "Sécurité pour les réseaux du futur : gestion sécurisée des identités". Electronic Thesis or Diss., Paris 6, 2015. http://www.theses.fr/2015PA066606.
Texto completoToday, the Internet is changing radically our habits, especially with the massive influx of the nomadic techniques, the Internet of objects, the growing use of grid computing, wireless networks and the emergence of new approaches in recent years. In particular, the virtualization of the computing infrastructures, which allowed defining a new model called Cloud Computing, introducing an enough frank breakdown with the traditional models, can be perceived as a preparatory stage towards the Internet of future.The implementation of these approaches allows, in a different way : mutualization and organization of the computer system. It allows to dematerialize the physical infrastructures and to deport applications on distant containers. Therefore, the global architecture of Internet should be evolved. It will rely strongly on these new approaches and in particular, Cloud Computing and virtualization. However, no system is infallible especially if resources are distributed and mutualized. They raise a number of problems and involve directly security issues, which remain one of the main barriers to the adoption of these technologies.Like any new technology, Cloud Computing and virtualization create new risks, which come to graft to traditional threats of the outsourcing management of the privilege separation, the identity and accesses management, the robustness of the virtualization software, the virtual machine isolation, the personal data protection, reversibility, privacy... The traditional Internet architecture cannot provide the adequate solutions to the challenges raised by these new approaches: mobility, flexibility, security requirements, reliability and robustness. Thus, a research project (SecFuNet : Security For Future Networks) was validated by the European Commission, to provide some answers, to make a state of the art of these security mechanisms and a comprehensive study of orchestration and integration techniques based on protection components within overall security architecture
Mouelhi, Tejeddine. "Modélisation et test de mécanismes de sécurité dans des applications internet". Phd thesis, Institut National des Télécommunications, 2010. http://tel.archives-ouvertes.fr/tel-00544431.
Texto completoClaeys, Timothy. "Sécurité pour l'internet des objets : une approche des bas en haut pour un internet des objets sécurisé et normalisé". Thesis, Université Grenoble Alpes (ComUE), 2019. http://www.theses.fr/2019GREAM062.
Texto completoThe rapid expansion of the IoT has unleashed a tidal wave of cheap Internet-connected hardware. Formany of these products, security was merely an afterthought. Due to their advanced sensing and actuatingfunctionalities, poorly-secured IoT devices endanger the privacy and safety of their users.While the IoT contains hardware with varying capabilities, in this work, we primarily focus on the constrainedIoT. The restrictions on energy, computational power, and memory limit not only the processingcapabilities of the devices but also their capacity to protect their data and users from attacks. To secure theIoT, we need several building blocks. We structure them in a bottom-up fashion where each block providessecurity services to the next one.The first cornerstone of the secure IoT relies on hardware-enforced mechanisms. Various security features,such as secure boot, remote attestation, and over-the-air updates, rely heavily on its support. Sincehardware security is often expensive and cannot be applied to legacy systems, we alternatively discusssoftware-only attestation. It provides a trust anchor to remote systems that lack hardware support. In thesetting of remote attestation, device identification is paramount. Hence, we dedicated a part of this work tothe study of physical device identifiers and their reliability.The IoT hardware also frequently provides support for the second building block: cryptography. Itis used abundantly by all the other security mechanisms, and recently much research has focussed onlightweight cryptographic algorithms. We studied the performance of the recent lightweight cryptographicalgorithms on constrained hardware.A third core element for the security of the IoT is the capacity of its networking stack to protect the communications.We demonstrate that several optimization techniques expose vulnerabilities. For example,we show how to set up a covert channel by exploiting the tolerance of the Bluetooth LE protocol towardsthe naturally occurring clock drift. It is also possible to mount a denial-of-service attack that leverages theexpensive network join phase. As a defense, we designed an algorithm that almost completely alleviates theoverhead of network joining.The last building block we consider is security architectures for the IoT. They guide the secure integrationof the IoT with the traditional Internet. We studied the IETF proposal concerning the constrainedauthentication and authorization framework, and we propose two adaptations that aim to improve its security.Finally, the deployment of the IETF architecture heavily depends on the security of the underlying communicationprotocols. In the future, the IoT will mainly use the object security paradigm to secure datain flight. However, until these protocols are widely supported, many IoT products will rely on traditionalsecurity protocols, i.e., TLS and DTLS. For this reason, we conducted a performance study of the most criticalpart of the protocols: the handshake phase. We conclude that while the DTLS handshake uses fewerpackets to establish the shared secret, TLS outperforms DTLS in lossy networks
Saleh, Hayder. "Une architecture novatrice de sécurité à base de carte à puce Internet". Versailles-St Quentin en Yvelines, 2002. http://www.theses.fr/2002VERSA009.
Texto completoBachy, Yann. "Sécurité des équipements grand public connectés à Internet : évaluation des liens de communication". Thesis, Toulouse, INSA, 2015. http://www.theses.fr/2015ISAT0014/document.
Texto completoToday, equipment embedding software and an Internet connection are more and more numerous and various. With the emergence of “the internet of things” and the trend to interconnect everything, many equipment used in our every day life are now connected to the internet: Smart-Tvs, DVD players, alarm and home automation systems, and even health assistance home devices, for example. Unfortunately, these technological evolutions also introduce new security threats. The massive use of internet facilitates the propagation of malware, capable of targeting any computer device, and more specifically any internet connected device. Although several methods allowing security analysis of industrial systems exist, their application to home devices is still limited. The existence and the criticality of potential vulnerabilities in these devices are not well-known, because they have not been thoroughly studied. This is precisely the objective of this thesis, which presents a method allowing to carry out a vulnerability analysis of internet connected home devices. This method is composed of two main phases: a risk analysis phasefollowed by an experimental phase. The security analysis of any type of equipement, requires a good knowledge ofits environment. In order to guide the evaluator in this task, we propose, as a first step, to rely on existing risk analysis methods. These methods are now mature, and allow the evaluator to obtain a global view of the risks incurred by the usage of anequipment. Then, during the second step of our method, the evaluator concentrates on the most important risks in order to demonstrate the technical feasibility of the scenarios leading to the considered risks, by carrying out several experiments.Considering the large amount and the diversity of I/Os on connected devices, it is important to focus on specifically rich attack scenarios, possibly depending on a simple local vulnerability. For this second step, an experimental method is proposedin order to study these attack scenarios, which, moreover, target equipement whose specifications are not necessarily available.In order to illustrate the entire method, this thesis presents two case studies: Integrated Access Devices and Smart-Tvs. These studies are carried out on a panel of devices from major internet service providers and TV manufacturers, allowing us to compare several devices available on the market. The vulnerabilities pointed out, mainly concern the communication means (local loop for the IAD, DVB-T interface for the smart-TVs) connecting these devices to their service providers (ISP for the IAD, TV and VoD for the smart-TVs). These communication links are usually considered safe, and have been, to our knowledge, seldom explored. Thisthesis thereby contributes to the security analysis of these particular communication means for connected devices and points out some original attack paths. Finally, this thesis ends by presenting different existing security mechanisms that can be used to avoid exploitation of the identified weaknesses
Vu, Van-Hoan. "Infrastructure de gestion de la confiance sur internet". Phd thesis, Ecole Nationale Supérieure des Mines de Saint-Etienne, 2010. http://tel.archives-ouvertes.fr/tel-00611839.
Texto completoGuillet, Thomas. "Sécurité de la téléphonie sur IP". Phd thesis, Télécom ParisTech, 2010. http://pastel.archives-ouvertes.fr/pastel-00559130.
Texto completoGuillet, Thomas. "Sécurité de la téléphonie sur IP". Phd thesis, Paris, Télécom ParisTech, 2010. https://pastel.hal.science/pastel-00559130.
Texto completoThis work focuses on the security of telephony networks deployed in the Internet. Without any doubt after the Web and messaging application, this service will impose IP (Internet Protocol) infrastructures like the standard for all types of information or media. Initially, we look for opportunities to strengthen the security of SIP (Session Initiation Protocol) IETF protocol currently massively adopted in the telephony infrastructure. We propose and validate innovative solutions to strengthen existing mechanisms in a completely transparent way for infrastructures. We choose to focus on authentication, because it is the first mechanism encountered by users or systems. The solutions presented below propose new security properties by defining a semantic field called "opaque". In a second step, we are interested in security solutions for end-to-end calls. Analysis of application solutions as “Future Narrow Band Digital Terminal” and “Simple Secure Voice over IP protocol“ allows us to formalize the specification of an architecture to protect conversations whatever the specificities and heterogeneity of networks ToIP are. Finally, the conclusion takes over and takes positions on the various contributions to this work in the context of IP telephony. Our will to be interoperable with the underlying or independent infrastructure can be considered as a value added service
Luo, Zhengqin. "Sémantique et sécurité des applications Web". Nice, 2011. http://www.theses.fr/2011NICE4058.
Texto completoIn this work we study the formal semantics and security problems of Web applications. The thesis is divided into three parts. The first part proposes a small-step operational semantics for a multitier programing language HOP, which can be used to globally reasoning about Web applications. The semantics covers a core of the HOP language, including dynamic generations of client code, and interactions between servers and clients. The second part studies a new technique to automatically prevent code injection attacks, based on multitier compilation. We add a new phase in the compiler to compare the intended and the actual syntax structure of the output. The validity of our technique is proved correct in the operational semantics of HOP. The last part of the thesis studies Mashic, a source-to-source compiler of JavaScript to isolate untrusted script by ifram sandbox and postmessage in HTML5. The compiler is proved correct in a formal semantics of JavaScript
Zeng, Xuan. "Vers une mobilité transparente dans le réseau ICN : connectivité, sécurité, et fiabilité". Thesis, Sorbonne université, 2018. http://www.theses.fr/2018SORUS046/document.
Texto completoWith the proliferation of mobile devices, mobility becomes a requirement and a compelling feature for 5G. However, despite tremendous efforts in the last 2 decades to enable mobility in IP network, the solutions are mostly anchor-based and inefficient. In this context, Information-Centric networking (ICN) is proposed. While ICN has some native support of mobility, other architectural challenges remain unsolved to achieve seamless mobility. The thesis explores 3 main challenges of such and contributes novel solutions. First, to solve producer mobility, MapMe, a micro mobility management protocol supporting latency sensitive traffic is proposed. MAP-Me is anchorless and preserves key ICN benefits. Simulation results show that MAP-Me outperforms existing work in user performance while retaining low network overheads in various network conditions. Second, we investigate security in producer mobility. We focus on prefix hijacking attack, which is a basis of several attacks. To prevent prefix hijacking, we propose a light-weight and distributed prefix attestation protocol based on hash-chaining. First results show significant improvement in verification overhead. It is resistant to replay-based prefix hijacking. Finally, additional transport-layer mechanisms are needed in mobile ICN. To this aim, we investigate alleviating the adverse effect of wireless/mobility loss on congestion control. We propose WLDR and MLDR for in-network loss detection and recovery to facilitate congestion control. Simulation results show a significant reduction in flow completion time (up to 20%)
Zeng, Xuan. "Vers une mobilité transparente dans le réseau ICN : connectivité, sécurité, et fiabilité". Electronic Thesis or Diss., Sorbonne université, 2018. http://www.theses.fr/2018SORUS046.
Texto completoWith the proliferation of mobile devices, mobility becomes a requirement and a compelling feature for 5G. However, despite tremendous efforts in the last 2 decades to enable mobility in IP network, the solutions are mostly anchor-based and inefficient. In this context, Information-Centric networking (ICN) is proposed. While ICN has some native support of mobility, other architectural challenges remain unsolved to achieve seamless mobility. The thesis explores 3 main challenges of such and contributes novel solutions. First, to solve producer mobility, MapMe, a micro mobility management protocol supporting latency sensitive traffic is proposed. MAP-Me is anchorless and preserves key ICN benefits. Simulation results show that MAP-Me outperforms existing work in user performance while retaining low network overheads in various network conditions. Second, we investigate security in producer mobility. We focus on prefix hijacking attack, which is a basis of several attacks. To prevent prefix hijacking, we propose a light-weight and distributed prefix attestation protocol based on hash-chaining. First results show significant improvement in verification overhead. It is resistant to replay-based prefix hijacking. Finally, additional transport-layer mechanisms are needed in mobile ICN. To this aim, we investigate alleviating the adverse effect of wireless/mobility loss on congestion control. We propose WLDR and MLDR for in-network loss detection and recovery to facilitate congestion control. Simulation results show a significant reduction in flow completion time (up to 20%)
Alata, Eric. "Observation, caractérisation et modélisation de processus d'attaques sur Internet". Phd thesis, INSA de Toulouse, 2007. http://tel.archives-ouvertes.fr/tel-00280126.
Texto completoPittoli, Philippe. "Influence d'une architecture de type maître-esclave dans les problématiques de sécurité de l'Internet des objets". Thesis, Strasbourg, 2019. http://www.theses.fr/2019STRAD006/document.
Texto completoThe Internet of things is a network design where "things" are connected to the Internet, such as thermometers or lights. These objects are constrained in memory, computational capacity and communication (packet size, shared medium). The thesis is focused on issues around those constraints. A client willing to send a request to an object may either establish a direct connection to the object (end-to-end architecture) or establish a connection to the network gateway, which is not constrained in memory or computation capabilities, and will be used as a broker between clients and objects (master-slave architecture). This purpose of the thesis is to understand and to spotlight the differences between those two kinds of architectures and to determine their viability in an IoT context
Challal, Yacine. "Sécurité dans les communications de groupe". Compiègne, 2005. http://www.theses.fr/2005COMP1561.
Texto completoThe advantages of IP multicast in multi-party communications, such as saving bandwidth, simplicity and efficiency, are very interesting for new services combining voire, video and text over Internet. This urges the effective large scale deployment of multicasting to satisfy the increasing demand for multicasting from both Internet Service Providers (ISPs) and Content Distributors. Unfortunately, the strengths of IP multicast are also its security weaknesses. Indeed, the open and anonymous membership and the distributed nature of multicasting are serious threats to the security of this communication mode!. Much effort has been conducted to address the many issues relating to securing multicast data transmission, such as: access control, confidentiality, authentication and watermarking. Ln this thesis we deal with the two keystone security issues of any secure multicast architecture: data origin authentication and confidentiality. For each theme, we present a detailed analysis of the problem while highlighting special features and issues inherent to the multicast nature. Then, we review existing solutions in the literature and analyze their advantages and shortcomings. Finally, we provide our own original proposaIs, depicting their advantages over the previous solutions
Pillot, Guillaume. "Anonymat et vie privée sur internet". Master's thesis, Université Laval, 2018. http://hdl.handle.net/20.500.11794/32469.
Texto completoSince the beginning of this century, the explosion of the internet has had an important social and economic impact. Today, the number of internet users has approached four billion and it has become a part of our daily lives. More and more information circulates on the internet and since Edward Snowden's global surveillance disclosure in 2013, the public is now aware about the necessity to protect their private lives. In a rst time, this thesis introduces anonymity and privacy general concepts'. Then, the following popular anonymous networks are studied: JAP, Mixmaster, TOR and I2P. We will see that the best protection for these network is their size. [1] has elaborates a payment system for remunerates the TOR relays in order to encourage Internet users to participate in the anonymous network. We will see how adapt this system on the I2P anonymous network.
Oualha, Nouha. "Sécurité et coopération pour le stockage de donnéees pair-à-pair". Paris, ENST, 2009. http://www.theses.fr/2009ENST0028.
Texto completoSelf-organizing algorithms and protocols have recently received a lot of interest in mobile ad-hoc networks as well as in peer-to-peer (P2P) systems, as illustrated by file sharing or VoIP. P2P storage, whereby peers collectively leverage their storage resources towards ensuring the reliability and availability of user data, is an emerging field of application. P2P storage however brings up far-reaching security issues that have to be dealt with, in particular with respect to peer selfishness, as illustrated by free-riding attacks. The continuous observation of the behavior of peers and monitoring of the storage process is an important requirement to secure a storage system against such attacks. Detecting peer misbehavior requires appropriate primitives like proof of data possession, a form of proof of knowledge whereby the holder interactively tries to convince the verifier that it possesses some data without actually retrieving them or copying them at the verifier. We propose and review several proof of data possession protocols. We in particular study how data verification and maintenance can be handed over to volunteers to accommodate peer churn. We then propose two mechanisms, one based on reputation and the other on remuneration, for enforcing cooperation by means of such data possession verification protocols, as periodically delivered by storage peers. We assess the effectiveness of such incentives with game theoretical techniques. We in particular discuss the use of non-cooperative one-stage and repeated Bayesian games as well as that of evolutionary games
Howard, Michael. "Étude pour la conceptualisation et la mise en place d'outils géomatiques Internet ouverts en sécurité civile". Mémoire, Université de Sherbrooke, 2009. http://savoirs.usherbrooke.ca/handle/11143/2616.
Texto completoKellil, Mounir. "Sécurité Multicast dans les environnements IP Mobile". Compiègne, 2005. http://www.theses.fr/2005COMP1579.
Texto completoThe present work addresses the multicast security problem in mobile IP environments. The goal behind such an interest is to efficiently secure future generations of Internet group communications (e. G. Pay-per-view applications, videoconferences, etc), where users can securely communicate together using IP multicasting while seamlessly moving from a network to another. The multicast security problem is challenging and some related topics are still largely open. Moreover, the mobile environments complicate the multicast security problem. Specifically, the mobile environments inherit the security problems of the stationary case, and raise performance and interoperability issues that should be taken into account
Challal, Yacine. "Sécurité de l'Internet des Objets : vers une approche cognitive et systémique". Habilitation à diriger des recherches, Université de Technologie de Compiègne, 2012. http://tel.archives-ouvertes.fr/tel-00866052.
Texto completoVarin, Annie. "Risques technologiques et sécurité sur Internet : production d'un outil pour favoriser la prévention et fournir des pistes de solution". Mémoire, Université de Sherbrooke, 2011. http://savoirs.usherbrooke.ca/handle/11143/2674.
Texto completoFarraposo, Silvia. "Contributions on detection and classification of internet traffic anomalies". Phd thesis, Université Paul Sabatier - Toulouse III, 2009. http://tel.archives-ouvertes.fr/tel-00400506.
Texto completoLiege, Cédric. "Conception et mise en place d'outils de traitement de l'information scientifique dans le cadre d'une veille sécurité alimentaire". Aix-Marseille 3, 2003. http://www.theses.fr/2003AIX30010.
Texto completoIn a food safety watch process, the target of the works is to optimize the different steps of the scientific database and Internet information processing. The analysis of the various risks allows to see that works must relate to the potential risks generate a large quantity of information because of scientific incertainty around these risks. The data processing of the scientific database is carried out by using a bibliometric study relating to a potential risk. The objective is to help the experts to structure their knowledge. The exploitation of Internet information is carried out by the conception and implementation of a search directory whose objective is to share search results on Internet
Vallois, Valentin. "Securing industrial internet of things architectures through Blockchain". Electronic Thesis or Diss., Université Paris Cité, 2022. http://www.theses.fr/2022UNIP7335.
Texto completoIt's been ten years since blockchain technology was created. This amalgam of cryptography and peer-to-peer application brings many innovations and securities services beyond financial services to regular information systems and offers new use cases for distributed applications in industrial context. Meanwhile, IoT became prominent in the industry as the future industrial revolution, bringing new applications but paving the way for security vulnerabilities. During this thesis, we explored the main issues facing the Internet of Things. We studied how IIoT platform providers address these challenges by comparing the measures they have implemented with the ITU recommendations using the Analytic Hierarchical Process (AHP). This study allowed us to identify areas of improvement and use cases for the blockchain. Identity management is a recurring problem in the IIoT literature, and we propose an identity management approach for distributed systems assisted by blockchain to guarantee the uniqueness of identities and the integrity of the directory. From this work, we have developed a blockchain-secured firmware update distribution and validation system using the machine learning algorithm Locality Sensitive Hashing (LSH)
Tizraoui, Adel. "Un nouveau modèle de sécurité pour les applications Internet Application à la téléphonie sur IP SIM IP". Paris 6, 2003. http://www.theses.fr/2003PA066321.
Texto completoKhalil, Ahmad. "Gestion autonome de la qualité de service et de la sécurité dans un environnement Internet des objets". Thesis, Bourgogne Franche-Comté, 2019. http://www.theses.fr/2019UBFCK068.
Texto completoNowadays, the Internet of Things (IoT) is becoming important in our daily lives thanks to technological advances. This paradigm aims to improve the quality of human life through automating several tasks. In this context, service level guarantee within IoT environments is a major challenge while considering a massive deployment of IoT applications and services as well as extending their usage to different domains. The IoT service level can be characterized in two parts: Quality of Service (QoS) and security. Moreover, this service level must be managed in an autonomic manner within the IoT environment given the heterogeneity and the size of its infrastructure making it difficult, even impossible, their management in a manual manner by the administrators. In this thesis, we propose a QoS based channel access control mechanism, called QBAIoT (QoS Based Access for IoT environments), to ensure a differentiated processing of existing traffics in the IoT environment. The differentiated processing allows satisfying the requirements of each traffic according to different QoS parameters (i.e., delay, jitter, packet delivery ratio, etc.). Then, QBAIoT is improved and upgraded to integrate self-management capabilities thanks to two important functions of the closed control loop: self-configuration and self-optimization. In addition, to offer a better QoS within the IoT environment, it is necessary to optimize the energy consumption of resources’ constrained components. Thus, we propose an adaptation of QBAIoT allowing to reduce its energy consumption in an autonomic manner while respecting the data accuracy. Our contribution concerning the second part of service level guarantee within an IoT environment, which is security, consists is a mechanism enabling IoT objects access control to IoT gateways, called IoT-MAAC (IoT Multiple Attribute Access Control). This mechanism takes into account different parameters that are specific to IoT environments (i.e., IoT object trust, IoT object identifier, IoT object fingerprint, etc.). Finally, the decision making process regarding IoT object access control is autonomously managed by IoT gateways and aims to meet the requirements of IoT environment in terms of trust
Roudiere, Gilles. "Détection d'attaques sur les équipements d'accès à Internet". Thesis, Toulouse, INSA, 2018. http://www.theses.fr/2018ISAT0017/document.
Texto completoNetwork anomalies, and specifically distributed denial of services attacks, are still an important threat to the Internet stakeholders. Detecting such anomalies requires dedicated tools, not only able to perform an accurate detection but also to meet the several constraints due to an industrial operation. Such constraints include, amongst others, the ability to run autonomously or to operate on sampled traffic. Unlike supervised or signature-based approaches, unsupervised detection do not require any kind of knowledge database on the monitored traffic. Such approaches rely on an autonomous characterization of the traffic in production. They require the intervention of the network administrator a posteriori, when it detects a deviation from the usual shape of the traffic. The main problem with unsupervised detection relies on the fact that building such characterization is complex, which might require significant amounts of computing resources. This requirement might be deterrent, especially when the detection should run on network devices that already have a significant workload. As a consequence, we propose a new unsupervised detection algorithm that aims at reducing the computing power required to run the detection. Its detection focuses on distributed denial of service attacks. Its processing is based upon the creation, at a regular interval, of traffic snapshots, which helps the diagnosis of detected anomalies. We evaluate the performances of the detector over two datasets to check its ability to accurately detect anomalies and to operate, in real time, with limited computing power resources. We also evaluate its performances over sampled traffic. The results we obtained are compared with those obtained with FastNetMon and UNADA
Owezarski, Philippe. "Contribution de la métrologie internet à l'ingénierie des réseaux". Habilitation à diriger des recherches, Université Paul Sabatier - Toulouse III, 2006. http://tel.archives-ouvertes.fr/tel-00127757.
Texto completoCarvallo, Pamela. "Sécurité dans le cloud : framework de détection de menaces internes basé sur l'analyse d'anomalies". Thesis, Université Paris-Saclay (ComUE), 2018. http://www.theses.fr/2018SACLL008/document.
Texto completoCloud Computing (CC) opens new possibilities for more flexible and efficient services for Cloud Service Clients (CSCs). However, one of the main issues while migrating to the cloud is that what once was a private domain for CSCs, now is handled by a third-party, hence subject to their security policies. Therefore, CSCs' confidentiality, integrity, and availability (CIA) should be ensured. In spite of the existence of protection mechanisms, such as encryption, the monitoring of the CIA properties becomes necessary. Additionally, new threats emerge every day, requiring more efficient detection techniques. The work presented in this document goes beyond the state of the art by treating the malicious insider threat, one of the least studied threats in CC. This is mainly due to the organizational and legal barriers from the industry, and therefore the lack of appropriate datasets for detecting it. We tackle this matter by addressing two challenges.First, the derivation of an extensible methodology for modeling the behavior of a user in a company. This abstraction of an employee includes intra psychological factors, contextual information and is based on a role-based approach. The behaviors follow a probabilistic procedure, where the malevolent motivations are considered to occur with a given probability in time.The main contribution, a design and implementation of an anomaly-based detection framework for the aforementioned threat. This implementation enriches itself by comparing two different observation points: a profile-based view from the local network of the company, and a cloud-end view that analyses data from the services with whom the clients interact. This allows the learning process of anomalies to benefit from two perspectives: (1) the study of both real and simulated traffic with respect to the cloud service's interaction, in favor of the characterization of anomalies; and (2) the analysis of the cloud service in order to aggregate data statistics that support the overall behavior characterization.The design of this framework empirically shows to detect a broader set of anomalies of the company's interaction with the cloud. This is possible due to the replicable and extensible nature of the mentioned insider model. Also, the proposed detection model takes advantage of the autonomic nature of a clustering machine learning technique, following an unsupervised, adaptive algorithm capable of characterizing the evolving behaviors of the users towards cloud assets. The solution efficiently tackles the detection of anomalies by showing high levels of clustering performance, while keeping a low False Positive Rate (FPR), ensuring the detection performance for threat scenarios where the threat comes from inside the enterprise
Fayad, Achraf. "Protocole d’authentification sécurisé pour les objets connectés". Electronic Thesis or Diss., Institut polytechnique de Paris, 2020. http://www.theses.fr/2020IPPAT051.
Texto completoThe interconnection of private resources on public infrastructure, user mobility and the emergence of new technologies (vehicular networks, sensor networks, Internet of things, etc.) have added new requirements in terms of security on the server side as well as the client side. Examples include the processing time, mutual authentication, client participation in the choice of security settings and protection against traffic analysis. Internet of Things (IoT) is in widespread use and its applications cover many aspects of today's life, which results in a huge and continuously increasing number of objects distributed everywhere.Security is no doubt the element that will improve and strengthen the acceptability of IoT, especially that this large scale deployment of IoT systems will attract the appetite of the attackers. The current cyber-attacks that are operational on traditional networks will be projected towards the Internet of Things. Security is so critical in this context given the underlying stakes; in particular, authentication has a critical importance given the impact of the presence of malicious node within the IoT systems and the harm they can cause to the overall system. The research works in this thesis aim to advance the literature on IoT authentication by proposing three authentication schemes that satisfy the needs of IoT systems in terms of security and performance, while taking into consideration the practical deployment-related concerns. One-Time Password (OTP) is an authentication scheme that represents a promising solution for IoT and smart cities environments. This research work extends the OTP principle and propose a new approach to generate OTP based on Elliptic Curve Cryptography (ECC) and Isogeny to guarantee the security of such protocol. The performance results obtained demonstrate the efficiency and effectiveness of our approach in terms of security and performance.We also rely on blockchains in order to propose two authentication solutions: first, a simple and lightweight blockchain-based authentication scheme for IoT systems based on Ethereum, and second, an adaptive blockchain-based authentication and authorization approach for IoT use cases. We provided a real implementation of our proposed solutions. The extensive evaluation provided, clearly shows the ability of our schemes to meet the different security requirements with a lightweight cost in terms of performance
Vastel, Antoine. "Traçage versus sécurité : explorer les deux facettes des empreintes de navigateurs". Thesis, Lille 1, 2019. http://www.theses.fr/2019LIL1I097.
Texto completoNowadays, a wide range of devices can browse the web, ranging from smartphones, desktop computers, to connected TVs. To increase their browsing experience, users also customize settings in their browser, such as displaying the bookmark bar or their preferred languages. Customization and the diversity of devices are at the root of browser fingerprinting. Indeed, to manage this diversity, websites can access attributes about the device using JavaScript APIs, without asking for user consent. The combination of such attributes is called a browser fingerprint and has been shown to be highly unique, making of fingerprinting a suitable tracking technique. Its stateless nature makes it also suitable for enhancing authentication or detecting bots. In this thesis, I report three contributions to the browser fingerprinting field:1. I collect 122K fingerprints from 2,346 browsers and study their stability over more than 2 years. I show that, despite frequent changes in the fingerprints, a significant fraction of browsers can be tracked over a long period of time;2. I design a test suite to evaluate fingerprinting countermeasures. I apply our test suite to 7 countermeasures, some of them claiming to generate consistent fingerprints, and show that all of them can be identified, which can make their users more identifiable;3. I explore the use of browser fingerprinting for crawler detection. I measure its use in the wild, as well as the main detection techniques. Since fingerprints are collected on the client-side, I also evaluate its resilience against an adversarial crawler developer that tries to modify its crawler fingerprints to bypass security checks
Kouicem, Djamel Eddine. "Sécurité de l’Internet des objets pour les systèmes de systèmes". Thesis, Compiègne, 2019. http://www.theses.fr/2019COMP2518.
Texto completoThe Internet of things (IoT) is a new technology that aims to connect billions of physical devices to the Internet. The components of IoT communicate and collaborate between each other in distributed and dynamic environments, which are facing several security challenges. In addition, the huge number of connected objects and the limitation of their resources make the security in IoT very difficult to achieve. In this thesis, we focus on the application of lightweight cryptographic approaches and blockchain technology to address security problems in IoT, namely : authentication and trust management. First, we were interested on some kind of IoT applications where we need to control remotely the execution of smart actuators using IoT devices. To solve this problem, we proposed an efficient and fine-grained access controlsolution, based on the Attribute Based Encryption (ABE) mechanism and oneway hash chains. Using formal security tools, we demonstrated the security of our scheme against malicious attacks. Second, we tackled the problem of authentication in IoT based fog computing environments. Existing authentication techniques do not consider latency constraints introduced in the context of fog computing architecture. In addition, some of them do not provide mutual authentication between devices and fog servers. To overcome these challenges, we proposed a novel, efficient and lightweight mutual authentication scheme based on blockchain technologyand secret sharing technique. We demonstrated the efficiency of our authentication scheme through extensive simulations. The third problem treated in this work is the trust management in IoT. Existing trust management protocols do not meet the new requirements introduced in IoT such as heterogeneity, mobility and scalability. To address these challenges, we proposed a new scalable trust management protocol based on consortium blockchain technology and fog computing paradigm, with mobility support. Our solution allows IoT devices to accurately assess and share trust recommendations about other devices in a scalable way without referring to any pre-trusted entity. We confirmed the efficiency of our proposal through theoretical analysis and extensive simulations. Finally, we showed that our protocol outperforms existing solutions especially in terms of scalability, mobility support, communication and computation
Abghour, Noreddine. "Schéma d'autorisation pour applications réparties sur Internet". Toulouse, INPT, 2004. http://www.theses.fr/2004INPT014H.
Texto completoOuld, yahia Youcef. "Proposition d’un modèle de sécurité pour la protection de données personnelles dans les systèmes basés sur l’internet des objets". Electronic Thesis or Diss., Paris, CNAM, 2019. http://www.theses.fr/2019CNAM1242.
Texto completoInternet of Things (IoT) and IT service outsourcing technologies have led to the emergence of new threats to users' privacy. However, the implementation of traditional security measures on IoT equipment is a first challenge due to capacity limitations. On the other hand, the offloading of data processing and storage poses the problem of trust in service providers.In this context, we have proposed an encryption solution that provides owner-centric data protection adapted to the constraining environment of IoT. This model is based on attribute-based encryption with secure offloading capability and Blockchain technology. Then, in response to the issue of trust and service selection, we explored the possibilities offered by artificial intelligence tools. To do this, we proposed a collaborative filtering model based on Kohonen maps and efficient solution to detect the untrusted users
Saidane, Ayda. "Conception et réalisation d'une architecture tolérant les intrusions pour des serveurs internet". Phd thesis, INSA de Toulouse, 2005. http://tel.archives-ouvertes.fr/tel-00009600.
Texto completoFriot, Nicolas. "Itérations chaotiques pour la sécurité de l'information dissimulée". Thesis, Besançon, 2014. http://www.theses.fr/2014BESA2035/document.
Texto completoDiscrete dynamical systems by chaotic or asynchronous iterations have proved to be highly interesting toolsin the field of computer security, thanks to their unpredictible behavior obtained under some conditions. Moreprecisely, these chaotic iterations possess the property of topological chaos and can be programmed in anefficient way. In the state of the art, they have turned out to be really interesting to use notably through digitalwatermarking schemes. However, despite their multiple advantages, these existing algorithms have revealedsome limitations. So, these PhD thesis aims at removing these constraints, proposing new processes whichcan be applied both in the field of digital watermarking and of steganography. We have studied these newschemes on two aspects: the topological security and the security based on a probabilistic approach. Theanalysis of their respective security level has allowed to achieve a comparison with the other existing processessuch as, for example, the spread spectrum. Application tests have also been conducted to steganalyse and toevaluate the robustness of the algorithms studied in this PhD thesis. Thanks to the obtained results, it has beenpossible to determine the best adequation of each processes with targeted application fields as, for example,the anonymity on the Internet, the contribution to the development of the semantic web, or their use for theprotection of digital documents. In parallel to these scientific research works, several valorization perspectiveshave been proposed, aiming at creating a company of innovative technology
Lobe, kome Ivan Marco. "Identity and consent in the internet of persons, things and services". Thesis, Ecole nationale supérieure Mines-Télécom Atlantique Bretagne Pays de la Loire, 2019. http://www.theses.fr/2019IMTA0131/document.
Texto completoThe constant efforts of miniaturization of computing machines is transforming our relationships with machines and their role in society. The number of tiny computers remotely controlled is skyrocketing and those connected things are now more and more asked to do things on human behalf. The trend consists in making room for these specific machines into the Internet, in other words, building communication protocols adapted to their limited resources. This trend is commonly known as the Internet of Things (IoT) which consist of appliances and mechanisms different from those meant to be used exclusively by humans, the Internet of Persons (IoP). This conceptual separation being adopted, how would a Person exchange information with Things ?Sorts of brokers can help bridging that gap. The networking of those brokers led to the concept of Internetof Services (IoS). Persons and Things are connected through Services. This global networking is called the Internet of Persons Things and Services (IoPTS). Our work is on the edge of these 3 Internet areas and our contributions are two fold. In the first hand, we tackle the secure biding of devices’ and persons’ identities while preserving the Integrity, Anonymity and Confidentiality security properties. On the other hand, we address the problem of the secrecy of data on constrained Internet-connected devices. Other mechanisms must be created in order to seamlessly bind these conceptual areas of IoP, IoT andIoS. In this quest for a better integration of Internet connected-devices into the Internet of Persons, our work contributes to the definition of protocols on application and network layers, with IoT concerns and security at heart
Dacier, Marc. "Vers une évaluation quantitative de la sécurité informatique". Phd thesis, Institut National Polytechnique de Toulouse - INPT, 1994. http://tel.archives-ouvertes.fr/tel-00012022.
Texto completoLes modèles formels développés pour l'étude de la sécurité informatique, n'offrent pas le cadre mathématique désiré. L'auteur montre qu'ils adoptent une hypothèse de pire cas sur le comportement des utilisateurs, incompatible avec une modélisation réaliste. Après avoir montré, sur la base du modèle take-grant, comment s'affranchir de cette hypothèse, l'auteur définit un nouveau modèle, le graphe des privilèges, plus efficace pour gérer certains problèmes de protection. Il illustre son utilisation dans le cadre des systèmes Unix.
Enfin, l'auteur propose d'évaluer la sécurité en calculant le temps et l'effort nécessaires à un intrus pour violer les objectifs de protection. Il montre comment définir un cadre mathématique apte à représenter le système pour obtenir de telles mesures. Pour cela, le graphe des privilèges est transformé en un réseau de Petri stochastique et son graphe des marquages est dérivé. Les mesures sont calculées sur cette dernière structure et leurs propriétés mathématiques sont démontrées. L'auteur illustre l'utilité du modèle par quelques résultats issus d'un prototype développé afin d'étudier la sécurité opérationnelle d'un système Unix.
Ould, yahia Youcef. "Proposition d’un modèle de sécurité pour la protection de données personnelles dans les systèmes basés sur l’internet des objets". Thesis, Paris, CNAM, 2019. http://www.theses.fr/2019CNAM1242/document.
Texto completoInternet of Things (IoT) and IT service outsourcing technologies have led to the emergence of new threats to users' privacy. However, the implementation of traditional security measures on IoT equipment is a first challenge due to capacity limitations. On the other hand, the offloading of data processing and storage poses the problem of trust in service providers.In this context, we have proposed an encryption solution that provides owner-centric data protection adapted to the constraining environment of IoT. This model is based on attribute-based encryption with secure offloading capability and Blockchain technology. Then, in response to the issue of trust and service selection, we explored the possibilities offered by artificial intelligence tools. To do this, we proposed a collaborative filtering model based on Kohonen maps and efficient solution to detect the untrusted users
Mtita, Collins. "Lightweight serverless protocols for the internet of things". Thesis, Evry, Institut national des télécommunications, 2016. http://www.theses.fr/2016TELE0010/document.
Texto completoThis thesis addresses the security and privacy challenges relevant to the resource constrained devices in the era of pervasive computing. Pervasive computing, a term coined by Schechter to describe the idea of computing services available anytime, anywhere and on demand, is characterized by seamless interactions between heterogeneous players in the Internet. This phenomenon allows intelligent chips, sensors or microcontrollers to be embedded into everyday objects to enable them generate, communicate and share information. Pervasive computing accelerates technological evolution by integrating small and resource constrained devices to the Internet arena, eventually opening doors to new services requiring seamless interactions and integrations with the existing technologies, infrastructures and services. The nature of the information generated, stored and shared by resource constrained devices may require proper security and privacy guarantees. Towards that end, the classical security solutions are not ideal candidates to solve the security and privacy challenges in pervasive systems for two reasons. First, classical security protocols require a lot of resources from the host devices while most of the pervasive devices have very strict resource constraints. Second, most classical security solutions work in a connected mode, which requires constant communication between devices and centralized servers for authentication and authorization purposes. However, pervasive devices may be working in isolated areas with intermittent network coverage and connectivity. Thus, it is ideal to come up with alternative solutions suitable for heterogeneous pervasive devices to smoothly interact, authenticate and securely share information. One of the suitable alternative solutions is the serverless protocols. The term “serverless protocol” refers to the mechanism of enabling centrally controlled devices to autonomously authenticate one another, or other heterogeneous devices, without an active participation of the centralized authentication or authorization servers. Serverless protocols prioritize on securing proximity communication between heterogeneous devices while optimizing on the little resources available. In this thesis, we tackle the challenges of pervasive systems by proposing lightweight and efficient serverless protocols for authenticating heterogeneous pervasive devices during proximity communication. Our proposed protocols derive their originality from the fact that they do not require the communicating parties to have prior relationships with each other, nor to have any previously shared authentication information with each other. Moreover, our proposed solutions incorporate context information to enforce automatic parameter expiry. This property is not supported by most of the earlier versions of the serverless protocol schemes, hence making them vulnerable to different attacks. Three novel contributions are proposed in this thesis. First, we propose a serverless lightweight mutual authentication protocol for heterogeneous devices. The first contribution includes a formal validation using the AVISPA tool. Second, we propose two complementing protocols using RFID (Radio-Frequency Identification) as a core technology. The first protocol performs mass authentication between an RFID reader and a group of tags and the second protocol performs a secure search for a target tag among a group of tags. The second contribution includes two formal validations; one is done using the AVISPA tool and the other is done using the CryptoVerif tool. After a thorough study of serverless protocols, we propose our third contribution, a concise guide on how to develop secure and efficient serverless protocols relevant to the pervasive systems
Ben, Dhia Imen. "Gestion des grandes masses de données dans les graphes réels". Thesis, Paris, ENST, 2013. http://www.theses.fr/2013ENST0087/document.
Texto completoIn the last few years, we have been witnessing a rapid growth of networks in a wide range of applications such as social networking, bio-informatics, semantic web, road maps, etc. Most of these networks can be naturally modeled as large graphs. Managing, analyzing, and querying such data has become a very important issue, and, has inspired extensive interest within the database community. In this thesis, we address the problem of efficiently answering distance queries in very large graphs. We propose EUQLID, an efficient algorithm to answer distance queries on very large directed graphs. This algorithm exploits some interesting properties that real-world graphs exhibit. It is based on an efficient variant of the seminal 2-hop algorithm. We conducted an extensive set of experiments against state-of-the-art algorithms which show that our approach outperforms existing approaches and that distance queries can be processed within hundreds of milliseconds on very large real-world directed graphs. We also propose an access control model for social networks which can make use of EUQLID to scale on very large graphs. This model allows users to specify fine-grained privacy policies based on their relations with other users in the network. We describe and demonstrate Primates as a prototype which enforces the proposed access control model and allows users to specify their privacy preferences via a graphical user-friendly interface
Aoun, Cédric. "Plan de signalisation Internet pour l'interfonctionnement entre NAT et Firewall". Phd thesis, Télécom ParisTech, 2005. http://pastel.archives-ouvertes.fr/pastel-00001634.
Texto completoJallouli, Ons. "Chaos-based security under real-time and energy constraints for the Internet of Things". Thesis, Nantes, 2017. http://www.theses.fr/2017NANT4035/document.
Texto completoNowadays, due to the rapid growth of Internet of Things (IoT) towards technologies, the protection of transmitted data becomes an important challenge. The devices of the IoT are very constrained resource in terms of computing capabilities, energy and memory capacities. Thus, the design of secure, efficient and lightweight crypto-systems becomes more and more crucial. In this thesis, we have studied the problem of chaos based data security under real-time and energy constraints. First, we have designed and implemented three pseudo-chaotic number generators (PCNGs). These PCNGs use a weak coupling matrix or a high diffusion binary coupling matrix between chaotic maps and a chaotic multiplexing technique. Then, we have realized three stream ciphers based on the proposed PCNGs. Security performance of the proposed stream ciphers were analysed and several cryptanalytic and statistical tests were applied. Experimental results highlight robustness as well as efficiency in terms of computation time. The performance obtained in computational complexity indicates their use in real-time applications. Then, we integrated these chaotic stream ciphers within the real-time operating system Xenomai. Finally, we have measured the energy and power consumption of the three proposed chaotic systems, and the average computing performance. The obtained results show that the proposed stream ciphers can be used in practical IoT applications
Jazmati, Ola. "La sécurité de la formation du contrat de vente conclu sur internet : étude comparée en droit français, égyptien et syrien". Thesis, Rennes 1, 2019. http://www.theses.fr/2019REN1G002.
Texto completoThe dematerialization of the sales contract gives rise to problems of confidence. This has a negative impact on the evolution of e-commerce. International legislation as well as French, Egyptian and Syrian legislation take into account the importance of trust in the digital economy. They adapt their laws to ensure the security of the contract of dematerialized sales. They do not take only measures when forming the sales contract, but they adopt also measures to ensure the probative security of this type of contract. Syrian and Egyptian laws consider only the specificity of the contract of electronic sales in terms of consumption. The peculiarity of e-commerce, however, has been dealt with by Egyptian doctrine, drawing inspiration from French civil law. The French legislator imposes measures during the formation of the contract that are stricter in terms of consumption. In this study, we considered the legal rules relating to the formation of the contract of electronic sales in order to evaluate the measures taken by the legislations which aim to reinforce the confidence in the electronic sales contract. We also analyzed the e-discovery rules for electronic modes of proof to determine whether these rules are effective with regard to the probative security of the contract
Migdal, Denis. "Contributions to keystroke dynamics for privacy and security on the Internet". Thesis, Normandie, 2019. http://www.theses.fr/2019NORMC253.
Texto completoInteractions on the Internet require trust between each involved party. Internet entities assume, at the same time, several roles, each having their own interests and motivations; leading to conflicts that must be addressed to enable security and trust. In this thesis, we use, and focus on, Keystroke Dynamics (the way a user type on its keyboard) in an attempt to solve some of these conflicts.Keystroke Dynamics is a a costless and transparent biometric modality as it does not require neither additional sensors nor additional actions from the user. Unfortunately, Keystroke Dynamics also enables users profiling (s.a. identification, gender, age), against their knowledge and consent.In order to protect users privacy, we propose to anonymize Keystroke Dynamics. Still, such information can be legitimately needed by services in order to straighten user authentication. We then propose a Personal Identity Code Respecting Privacy, enabling biometric users authentication without threatening users privacy.We also propose a Social Proof of Identity enabling to verify claimed identities while respecting user privacy, as well as ensuring users past behaviors through a system of accountability. Generation of synthetic Keystroke Dynamics is also considered to augment existent Keystroke Dynamics datasets, and, in the end, enabling sharing of Keystroke Dynamics datasets without exposing biometric information of real users
Montoya, Maxime. "Sécurité adaptative et énergétiquement efficace dans l’Internet des Objets". Thesis, Lyon, 2019. http://www.theses.fr/2019LYSEM032.
Texto completoThe goal of this work is to propose new methods that provide both a high security and a high energy efficiency for integrated circuits for the IoT.On the one side, we study the security of a mechanism dedicated to energy management. Wake-up radios trigger the wake-up of integrated circuits upon receipt of specific wake-up tokens, but they are vulnerable to denial-of-sleep attacks, during which an attacker replays such a token indefinitely to wake-up a circuit and deplete its battery. We propose a new method to generate unpredictable wake-up tokens at each wake-up, which efficiently prevents these attacks at the cost of a negligible energy overhead.On the other side, we improve on the energy efficiency of hardware countermeasures against fault and side-channel attacks, with two different approaches. First, we present a new combined countermeasure, which increases by four times the power consumption compared to an unprotected implementation, introduces no performance overhead, and requires less than 8 bits of randomness. Therefore, it has a lower energy overhead than existing combined protections. It consists in an algorithm-level power balancing that inherently detects faults. Then, we propose an adaptive implementation of hardware countermeasures, which consists in applying or removing these countermeasures on demand, during the execution of the protected algorithm, in order to tune the security level and the energy consumption. A security evaluation of all the proposed countermeasures indicates that they provide an efficient protection against existing hardware attacks
Duflos, Sandrine Viviane Julie. "Sosma : une architecture pour la gestion de la sécurité des applications multimédias réparties". Paris 6, 2005. http://www.theses.fr/2005PA066587.
Texto completoMtita, Collins. "Lightweight serverless protocols for the internet of things". Electronic Thesis or Diss., Evry, Institut national des télécommunications, 2016. http://www.theses.fr/2016TELE0010.
Texto completoThis thesis addresses the security and privacy challenges relevant to the resource constrained devices in the era of pervasive computing. Pervasive computing, a term coined by Schechter to describe the idea of computing services available anytime, anywhere and on demand, is characterized by seamless interactions between heterogeneous players in the Internet. This phenomenon allows intelligent chips, sensors or microcontrollers to be embedded into everyday objects to enable them generate, communicate and share information. Pervasive computing accelerates technological evolution by integrating small and resource constrained devices to the Internet arena, eventually opening doors to new services requiring seamless interactions and integrations with the existing technologies, infrastructures and services. The nature of the information generated, stored and shared by resource constrained devices may require proper security and privacy guarantees. Towards that end, the classical security solutions are not ideal candidates to solve the security and privacy challenges in pervasive systems for two reasons. First, classical security protocols require a lot of resources from the host devices while most of the pervasive devices have very strict resource constraints. Second, most classical security solutions work in a connected mode, which requires constant communication between devices and centralized servers for authentication and authorization purposes. However, pervasive devices may be working in isolated areas with intermittent network coverage and connectivity. Thus, it is ideal to come up with alternative solutions suitable for heterogeneous pervasive devices to smoothly interact, authenticate and securely share information. One of the suitable alternative solutions is the serverless protocols. The term “serverless protocol” refers to the mechanism of enabling centrally controlled devices to autonomously authenticate one another, or other heterogeneous devices, without an active participation of the centralized authentication or authorization servers. Serverless protocols prioritize on securing proximity communication between heterogeneous devices while optimizing on the little resources available. In this thesis, we tackle the challenges of pervasive systems by proposing lightweight and efficient serverless protocols for authenticating heterogeneous pervasive devices during proximity communication. Our proposed protocols derive their originality from the fact that they do not require the communicating parties to have prior relationships with each other, nor to have any previously shared authentication information with each other. Moreover, our proposed solutions incorporate context information to enforce automatic parameter expiry. This property is not supported by most of the earlier versions of the serverless protocol schemes, hence making them vulnerable to different attacks. Three novel contributions are proposed in this thesis. First, we propose a serverless lightweight mutual authentication protocol for heterogeneous devices. The first contribution includes a formal validation using the AVISPA tool. Second, we propose two complementing protocols using RFID (Radio-Frequency Identification) as a core technology. The first protocol performs mass authentication between an RFID reader and a group of tags and the second protocol performs a secure search for a target tag among a group of tags. The second contribution includes two formal validations; one is done using the AVISPA tool and the other is done using the CryptoVerif tool. After a thorough study of serverless protocols, we propose our third contribution, a concise guide on how to develop secure and efficient serverless protocols relevant to the pervasive systems
Mayzaud, Anthéa. "Monitoring and Security for the RPL-based Internet of Things". Thesis, Université de Lorraine, 2016. http://www.theses.fr/2016LORR0207/document.
Texto completoThe growing interest for the Internet of Things (IoT) has resulted in the large scale deployment of Low power and Lossy Networks (LLN). These networks are strongly constrained in terms of resources and communicate using unstable links. In this context, existing routing protocols for traditional networks do not cope with all these constraints. The IETF has proposed a new routing protocol called RPL based on IPv6 and specifically designed for these environments. The RPL protocol is however exposed to a large variety of attacks. The deployment of security mechanisms may also be quite expensive for the nodes. Therefore, LLN networks present new challenges in terms of monitoring and security. In this thesis we propose to investigate a security-oriented monitoring approach for addressing the trade-off between security and cost in the IoT. In a first stage, we assess security threats faced by these networks by identifying and classifying attacks through a dedicated taxonomy. We also quantify the consequences of two major attacks called DAG inconsistency attacks and version number attacks causing over-consumption of node resources. We then focus our work on security solutions for RPL-based IoT. We propose a local strategy for addressing DAG inconsistency attacks. In order to detect complex attacks such as version number attacks and to complement our node-level approach, we design a security-oriented distributed monitoring architecture for RPL networks. This solution allows us to preserve constrained nodes energy by performing monitoring and detection activities on dedicated nodes. We quantify the performance and the cost of this architecture and the deployed detection modules