Дисертації з теми "Security of information and communication systems"
Щоб переглянути інші типи публікацій з цієї теми, перейдіть за посиланням: Security of information and communication systems.
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-50 дисертацій для дослідження на тему "Security of information and communication systems".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте дисертації для різних дисциплін та оформлюйте правильно вашу бібліографію.
1
Sarkar, Md Zahurul Islam. "Information-theoretic security in wireless communication systems." Thesis, Queen's University Belfast, 2012. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.579767.
Повний текст джерелаАнотація:
The security in wireless communication networks is an important issue due to the mobility of users and network components, and the fact that the wireless medium is susceptible to eavesdropping and fraud. Motivated by the importance of security in the wireless communication networks, we study the secrecy capacity and secure outage performance of wireless channels in the presence of single as well as multiple eavesdroppers. At first, we study the effect of fading on the secrecy capacity and see, how we can achieve high data rates with reliability in spite of harsh wireless channel subject to the fading. Then, we study the effect of correlation on the secrecy capacity and quantify the loss of secrecy capacity of fading channels due to correlation. Since, the diversity is traditionally exploited to combat the fading in wireless systems. Therefore; secondly, we study the effect of channel diversity on the secrecy capacity of fading channels. This study is also useful to see, how we can overcome the loss of secrecy capacity due to correlation and obtain the target secrecy rate by improving the capacity of main channel exploiting diversity combining. We also investigate the effect of spatial multiplexing on the secrecy capacity and secure outage performance of keyhole multiple-input multiple-output (MIMO) channel. In addition, an achievable secrecy capacity region is developed using secret dirty-paper coding (SDPC) scheme to study the effect of transmit diversity on the secrecy capacity. Since, the group-oriented applications often require same data to be conveyed to multiple users simultaneously, and the traditional multicasting does not provide a secure framework for authentication and privacy for multicast sessions, the lack of which is currently preventing the large-scale deployment of group-oriented applications. Therefore, finally we study secure wireless multicasting and investigate the effect of fading and channel diversity on the secrecy multicast capacity.
2
Ge, Renwei. "Information security in mobile ad hoc networks." Access to citation, abstract and download form provided by ProQuest Information and Learning Company; downloadable PDF file 1.57 Mb., 158 p, 2006. http://wwwlib.umi.com/dissertations/fullcit?3220810.
Повний текст джерела
3
Campbell, Joshua Michael. "How Information and Communication Security Technologies Affect State Power." Malone University Undergraduate Honors Program / OhioLINK, 2016. http://rave.ohiolink.edu/etdc/view?acc_num=ma1462540876.
Повний текст джерела
4
Goméz, Villanueva Daniel. "Secure E-mail System for Cloud Portals : Master Thesis in Information and Communication Systems Security." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-108080.
Повний текст джерелаАнотація:
Email is a well established technology used worldwide for enterprise and private communication through the Internet. It allows people to communicate using text, but also other information formats used either as HTML or attached files. The communication is performed without the need of synchronized endpoints, based on the use of email servers that take care of storing and forwarding email letters. All these properties and much more standardized ones do not include security, which makes the choice of service provider hard when the letters sent in the email system include sensitive information. In the last few years there has been a big interest and growth in the area of cloud computing. Placing resources (computers, applications, information) out of local environments, thanks to the high speed connections in the Internet, provides countless possibilities. Actually, even email systems can be deployed in cloud computing environments, including all the email services (interface, client, and server) or a part of them. From a security point of view, the use of cloud computing leads to many threats generated by external parties and even the cloud providers. Because of these reasons, this work intends to present an innovative approach to security in a cloud environment, focusing on the security of an email system. The purpose is to find a solution for an email system deployable in a cloud environment, with all the functionality deployed on a external machine. This email system must be completely protected, minimizing the actions taken by the user, which should just connect to a portal through a web browser. Along this report there are details about the foundations, progress and findings of the research that has been carried out. The main objectives involve: researching on the concepts and state of the art of cloud computing, email systems and security; presenting a cloud computing architecture that will take care of the general aspects of security; designing an email system for that architecture that contains mechanisms protecting it from the possible security threats; and finally, implementing a simplified version of the design to test and prove the feasibility of it. After all the mentioned activities, the findings are commented, mentioning the applicability of research results to the current situation. Obviously, there is place for more research in depth of several topics related to cloud computing and email, that is why some of them are suggested.
5
Koller, Thomas [Verfasser]. "Communication Security for Distributed Mixed-Criticality Systems / Thomas Koller." Aachen : Shaker, 2018. http://d-nb.info/1149615877/34.
Повний текст джерела
6
Mahmood, Ashrafullah Khalid. "Information Security Management of Healthcare System." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-4353.
Повний текст джерелаАнотація:
Information security has significant role in Healthcare organizations. The Electronic Health Record (EHR) with patient’s information is considered as very sensitive in Healthcare organization. Sensitive information of patients in healthcare has to be managed such that it is safe and secure from unauthorized access. The high-level quality care to patients is possible if healthcare management system is able to provide right information in right time to right place. Availability and accessibility are significant aspects of information security, where applicable information needs to be available and accessible for user within the healthcare organization as well as across organizational borders. At the same time, it is essentials to protect the patient security from unauthorized access and maintain the appropriate level in health care regarding information security. The aim of this thesis is to explore current management of information security in terms of Electronic Health Records (EHR) and how these are protected from possible security threats and risks in healthcare, when the sensitive information has to be communicated among different actors in healthcare as well as across borders. The Blekinge health care system was investigated through case study with conduction of several interviews to discover possible issues, concerning security threats to management of healthcare. The theoretical work was the framework and support for possible solutions of identified security risks and threats in Blekinge healthcare. At the end after mapping, the whole process possible guidelines and suggestions were recommended for healthcare in order to prevent the sensitive information from unauthorized access and maintain information security. The management of technical and administrative bodies was explored for security problems. It has main role to healthcare and in general, whole business is the responsibility of this management to manage the sensitive information of patients. Consequently, Blekinge healthcare was investigated for possible issues and some possible guidelines and suggestions in order to improve the current information security with prevention of necessary risks to healthcare sensitive information.muqadas@gmail.com
7
Nilsson, Håkan. "Reliable Communication of Time- and Security-Sensitive Information over a Single Combat Vehicle Network." Thesis, Linköpings universitet, Kommunikationssystem, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-162444.
Повний текст джерелаАнотація:
A common trend, in general as well as in the field of combat vehicles, is the rapidly increasing demand for data network capacity and even more in transferred data. To handle this increased demand, different countries with their armed forces and equipment manufacturers evaluate methods to increase the data transmission capacity in combat vehicles. The different types of transmitted data are of different criticality and have different security demands. An easy solution to this is to have separated networks for each type of traffic, but that is quite expensive and uses a lot of hardware. This thesis focuses on a different solution, with a shared network for all types of data transmissions. This is done by evaluating different types of data networks and add-on protocols and then testing the networks practically with varying transmission rates. In the thesis, all the practical testing is done with data networks according to the Ethernet standard, which is the standard evaluated with a throughput that is high enough for the use case. Ethernet as a standard is not suitable for critical data traffic and therefore add-on protocols for Ethernet to optimize the system for critical data traffic are tested. With these optimizations made, Ethernet can be considered more suitable for critical traffic, but this depends entirely on the system requirements.
8
Nguyen, Huy Manh. "MABIC: Mobile Application Builder for Interactive Communication." TopSCHOLAR®, 2016. http://digitalcommons.wku.edu/theses/1747.
Повний текст джерелаАнотація:
Nowadays, the web services and mobile technology advance to a whole new level. These technologies make the modern communication faster and more convenient than the traditional way. People can also easily share data, picture, image and video instantly. It also saves time and money. For example: sending an email or text message is cheaper and faster than a letter. Interactive communication allows the instant exchange of feedback and enables two-way communication between people and people, or people and computer. It increases the engagement of sender and receiver in communication.
Although many systems such as REDCap and Taverna are built for improving the interactive communication between the servers and clients, there are still common drawbacks existing in these systems. These systems lack the support of the branching logic and two-way communication. They also require administrator’s programming skills to function the system adequately. These issues are the motivation of the project. The goal is to build a framework to speed up the prototype development of mobile application. The MABIC support the complex workflow by providing conditional logic, instantaneous interactivity between the administrators and participants and the mobility. These supported features of MABIC improve the interaction because it engages the participants to communicate more with the system. MABIC system provides the mobile electronic communication via sending a text message or pushing a notification to mobile’s device. Moreover, MABIC application also supports multiple mobile platforms. It helps to reduce the time and cost of development. In this thesis, the overview of MABIC system, its implementation, and related application is described.
9
Albehadili, Abdulsahib. "Link-signature in Physical Layer Security and Its Applications for PHY-key Generation, PHY-authentication, and Discriminatory Channel Estimation." University of Toledo / OhioLINK, 2020. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1588784882183339.
Повний текст джерела
10
Chinnam, S. "MULTI-WAY COMMUNICATION SYSTEM." CSUSB ScholarWorks, 2017. https://scholarworks.lib.csusb.edu/etd/443.
Повний текст джерелаАнотація:
Videoconferencing is increasingly becoming a trend worldwide in applications where clients need to access lectures, meeting proceedings, communicating with family and friends etc. It provides a platform enabling the visual, audio and video communication between clients. The aim of this project is to utilize the open source Java software to build a desktop application enabling communication between clients.
When a user needs to transfer a secured file, it’s unsafe to send it using social networking sites because of lack of security. So, with the “Multi-Way Communication System” (MWCS) we resolve some security issues. The MWCS is a highly secure way for file transfer, text and video conferencing.
11
Bloch, Matthieu. "Physical-layer security." Diss., Atlanta, Ga. : Georgia Institute of Technology, 2008. http://hdl.handle.net/1853/24658.
Повний текст джерелаАнотація:
Thesis (Ph.D.)--Electrical and Computer Engineering, Georgia Institute of Technology, 2008.Committee Chair: McLaughlin, Steven; Committee Member: Barros, Joao; Committee Member: Bellissard, Jean; Committee Member: Fekri, Faramarz; Committee Member: Lanterman, Aaron
12
Uzunay, Yusuf. "Design And Implementation Of An Unauthorized Internet Access Blocking System Validating The Source Information In Internet Access Logs." Master's thesis, METU, 2006. http://etd.lib.metu.edu.tr/upload/12607628/index.pdf.
Повний текст джерелаАнотація:
Internet Access logs in a local area network are the most prominent records when the source of an Internet event is traced back. Especially in a case where an illegal activity having originated from your local area network is of concern, it is highly desirable to provide healthy records to the court including the source user and machine identity of the log record in question. To establish the validity of user and machine identity in the log records is known as source authentication.
In our study, after the problem of source authentication in each layer is discussed in detail, we argue that the only way to establish a secure source authentication is to
implement a system model that unifies low level and upper level defense mechanisms. Hence, in this thesis we propose an Unauthorized Internet Access Blocking System validating the Source Information in Internet Access Logs. The first version of our proposed system, UNIDES, is a proxy based system incorporating advanced switches and mostly deals with the low level source authentication problems. In the second version, we extend our system with SIACS which is an Internet access control system that deals with the user level source authentication problems. By supplementing the classical username-password authentication mechanism with SSL client authentication, SIACS integrates a robust user level authentication scheme into the proposed solution.
13
Fischmann, Matthias. "Data confidentiality and reputation schemes in distributed information systems." Doctoral thesis, Humboldt-Universität zu Berlin, Wirtschaftswissenschaftliche Fakultät, 2008. http://dx.doi.org/10.18452/15811.
Повний текст джерелаАнотація:
Diese Arbeit betrachtet zwei anspruchsvolle Probleme aus dem Bereich Computer- und Kommunikationssicherheit und Vertrauen. Beim Datenbank-Serviceprovider-Problem moechte ein Anwender seine Datenbank an einen Datenbank-Serviceprovider (DSP) uebergeben, damit dieser sie betreiben und ihm zur Verfuegung stellen kann. Er vertraut diesem DSP, und damit auch vertraglichen Abmachungen, nur bedingt und muss die Vertraulichkeit seiner Daten durch technische Massnahmen sicherstellen. Das zweite Problem ist das Verbreiten verlaesslicher Reputationsinformation ueber eine (moeglicherweise sehr grosse) Anzahl von Netzwerk-Knoten in einer Peer-to-Peer-Umgebung (P2P). Beide Probleme straeuben sich hartnaeckig gegen einfache Loesungen. Im Gegensatz zu traditionellen Sicherheitsproblemen in der Informatik hat der Gegner in beiden ein hohes Mass an Kontrolle ueber die Situation. Der nicht ausreichend vertrauenswuerdige DSP muss in der Lage sein, die Daten seines Kunden zu verarbeiten, ohne etwas ueber sie zu lernen, was intuitiv wie ein Widerspruch erscheint. In P2P-Anwendungen ist es wuenschenswert, dass Knoten anonym beitreten und jederzeit wieder austreten koennen, aber diese Anonymitaet erleichtert es, falsche Reputationsinformation zu verbreiten. Ein Knoten, der erstmalig in ein P2P-Netzwerk eintritt, muss den behaupteten Beobachtungen anderer Knoten vertrauen. Die Resultate dieser Arbeit sind keine Idealloesungen, und dennoch aufschlussreich in mehrerlei Hinsicht: Es werden gelockerte, aber immer noch nuetzliche Sicherheitsbegriffe fuer das DSP-Problem vorgeschlagen; es werden theoretische Grenzen des DSP-Loesungsraums gezogen; und die Auswirkung feindseligen Verhaltens in P2P-Reputationssystemen wird durch heuristische Methoden reduziert. Ein Nebeneffekt unserer Arbeit ist ein speziell fuer Reputationssysteme in P2P-Netzwerken geeignetes Simulations-Tool, das zum Vergleich und zum Fine-Tuning bestehender und zukuenftiger Forschungsarbeiten genutzt werden kann.In this thesis we discuss two demanding problems from the field of computer and communication security that involve trust. The first is known as the database service provider problem: A database owner wants a database service provider (DSP) to host her database. She only trusts this DSP to a limited extent, so she does not want to rely solely on contractual solutions. It is therefore necessary to enforce confidentiality of her data by technical means. The second problem concerns a (potentially very large) number of network nodes in a peer-to-peer (P2P) environment. Both problems are notoriously hard because, other than in traditional computer security problems, the adversary has a lot of control over the situation. The untrusted DSP needs to be able to process the data without learning anything about it, which seems to be a contradiction. In P2P applications it is desirable that nodes can join anonymously, but anonymity makes it easy to spread false reputation information. A node that enters a P2P application network for the first time needs to trust the claimed observations of other nodes, independent of the rate of malicious behaviour. Our findings are not perfect solutions, but nevertheless instructive in several ways: We propose relaxed, but still practically useful, notions of security for the DSP problem; we identify theoretical limitations of the DSP solution space; and we gradually reduce the impact of adversarial behaviour in P2P reputation systems using heuristic methods. As a side effect of our work, we present a special-purpose framework for simulation of P2P reputation systems that can be used to compare and fine-tune previous and upcoming work.
14
Gülgün, Ziya. "Physical Layer Security Issues in Massive MIMO and GNSS." Licentiate thesis, Linköpings universitet, Kommunikationssystem, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-172558.
Повний текст джерелаАнотація:
Wireless communication technology has evolved rapidly during the last 20 years. Nowadays, there are huge networks providing communication infrastructures to not only people but also to machines, such as unmanned air and ground vehicles, cars, household appliances and so on. There is no doubt that new wireless communication technologies must be developed, that support the data traffic in these emerging, large networks. While developing these technologies, it is also important to investigate the vulnerability of these technologies to different malicious attacks. In particular, spoofing and jamming attacks should be investigated and new countermeasure techniques should be developed. In this context, spoofing refers to the situation in which a receiver identifies falsified signals, that are transmitted by the spoofers, as legitimate or trustable signals. Jamming, on the other hand, refers to the transmission of radio signals that disrupt communications by decreasing the signal-to-interference-and-noise ratio (SINR) on the receiver side. In this thesis, we analyze the effects of spoofing and jamming both on global navigation satellite system (GNSS) and on massive multiple-input multiple-output (MIMO) communications. GNSS is everywhere and used to provide location information. Massive MIMO is one of the cornerstone technologies in 5G. We also propose countermeasure techniques to the studied spoofing and jamming attacks. More specifically, in paper A we analyze the effects of distributed jammers on massive MIMO and answer the following questions: Is massive MIMO more robust to distributed jammers compared with previous generation’s cellular networks? Which jamming attack strategies are the best from the jammer’s perspective, and can the jamming power be spread over space to achieve more harmful attacks? In paper B, we propose a detector for GNSS receivers that is able to detect multiple spoofers without having any prior information about the attack strategy or the number of spoofers in the environment.
15
Tshinu, Mukenge Simon. "A functional-interpretive approach to information systems security e competencies development in the higher education institution: a comparativ e case of four South African higher education institutions." Thesis, University of the Western Cape, 2016. http://hdl.handle.net/11394/4920.
Повний текст джерелаАнотація:
Philosophiae Doctor - PhDThe research reported in this thesis examines the approaches of four (4) HEIs in the Western Cape Province in South Africa to institutional development of IS security ecompetencies across their full staff compliments. It used a mixed research methodology and multiple case study research design in which four Higher Education Institutions (HEIs) participated. A total of 26 in-depth interviews were conducted and 385 questionnaires were completed. The research found that these HEIs do not formally develop the IS security e-competencies of their IS resources end users. Because end users handle critical information and research projects of importance not only to the HEIs, but also to the country, this situation creates a potential risk to their IS resources. In other words, the HEIs that participated in this research rely more on the ICT security technology itself to protect their IS resources than on the human side of ICT security. This is in direct contrast to the established literature which clearly points out that it is the internal end users that pose the most threats to IS security resources and these threats are more dangerous than the external threats.
16
Papakonstantinou, Maria. "e-Prescriptions : Privacy concerns and security risks in Greece’s e-Health care system." Thesis, Linnéuniversitetet, Institutionen för informatik (IK), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-67143.
Повний текст джерелаАнотація:
The present thesis presents an informed by ethnography research that seeks to explore the privacy concerns and security risks that individuals perceive with regards to the electronic system of handling digital prescriptions. The research takes place in Athens, Greece and the participants are professionals who use daily the e-prescription platform and citizens whose data is being gathered and accessed. The paradiagm within which the research is unfolded is the interpretive one and a methodology of flexible design is followed. Thematic analysis of concepts produced by the data gathered is followed in order to offer an understanding of the concerns that the participants perceive. The methods that were used were interviews with professionals, focus groups with groups of citizens, individual interviews with citizens, observations and thinking aloud in pharmacies. The aim of the thesis is to illuminate those concerns with the aspiration that it be used as a basis for further research on the important issue of privacy of sensitive, medical data and suggest ways that could help ameliorate the identified concerns.
17
Drake, Paul David. "Communicative action in information security systems : an application of social theory in a technical domain." Thesis, University of Hull, 2005. http://hydra.hull.ac.uk/resources/hull:5623.
Повний текст джерелаАнотація:
This thesis is about grounding an increasingly common practice in an established theory where no explicit theory currently exists. The common practice that is the subject of this study is information security. It is commonly held that information security means maintaining the confidentiality, integrity (accuracy) and availability of information. It seems that a whole industry has built up with tools, techniques and consultants to help organisations achieve a successful information security practice. There is even a British Standard containing around 130 controls, and a management system to guide organisations and practitioners. In the absence of many alternatives this British Standard has grown into something of a requirement for organisations who are concerned about the security of their information. The British Standard was developed almost entirely through the collaboration of some powerful blue-chip organisations. These organisations compared their practices and found some key areas of commonality. These common areas became the foundation of many information security practices today. Although there has been considerable evolutionary change the fundamentals, and not least the principles of confidentiality, integrity and availability, remain largely the same. It is argued in this thesis that the absence of a theoretical grounding has left the domain as weak and unable to cope with the rapidly developing area of information security. It is also argued that there was far too little consideration of human issues when the standard was devised and that situation has worsened recently with greater reliance on information security driven by more threats of increasing complexity, and more restrictive controls being implemented to counteract those threats. This thesis aims to pull human issues into the domain of information security: a domain which is currently dominated by non-social and practical paradigms. The key contribution of this thesis is therefore to provide a new model around which information security practices can be evaluated. This new model has a strong and established theoretical basis. The theory selected to underpin the new model is in the broad domain of critical social theory.
18
Mohialdeen, Haneen, та Johannes Draaijer. "Security Culture in Sweden with Focus on Digital Certificate Culture in Organizations". Thesis, Linnéuniversitetet, Institutionen för datavetenskap och medieteknik (DM), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-97573.
Повний текст джерелаАнотація:
Digital certificates lie at the heart of security where effective security culture enables digital certificates to be widely and properly deployed in organizations. Digital certificates provide a way to secure websites and bank transactions, digitally sign documents and emails, enable secure access to remote locations on the internet through VPNs by providing a means for authentication, authorization, confidentiality, integrity, and non-repudiation. In this thesis, the barriers to an effective digital certificate security culture and the possibilities of misuse or misconception of certificates on both client and server side are investigated by first testing 49 scenarios for misuse and three for misconceptions in the network laboratory in Linnaeus University and, then by conducting a survey designed based on the eight dimensions of the Security Culture Framework. Possibilities for misuse were discovered and described in a Functional Scope Model and the most common barriers were found to be lack of funding and awareness regarding digital certificates within organizations. Overall, it was found that there is high usage, willingness and motivation in regards to certificates in organizations in Sweden but the quality of the digital certificate security culture needs to be improved.
19
Michel, Hannes, and Emil Christensson. "Framework For Enabling Structured Communication of Security Vulnerabilities in the Production Domain in Industry 4.0." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-85475.
Повний текст джерелаАнотація:
As industries are increasingly adapting to new technological trends for data collection and production efficiency, they are fulfilling the description of being part of the industry 4.0 (I4.0) paradigm. This swift development has led to unforeseen consequences concerning managerial and strategic aspects of security. In addition, threats and sophisticated attacks have increased, emphasizing a greater demand for information security management in the industrial setting. For smaller industrial manufacturers, information security management is not always available due the cost of resources, placing them in a challenging position. In addition, I4.0 introduces the area of OT/IT (Operational Technology and Information Technology) convergence, which is often heavily complex, creating the need for cross-competence. Furthermore, consequences from cyber attacks in the production domain can be catastrophic as they may endanger the safety and health of personnel. Thus, smaller manufacturing industries need to utilize existing resources to enable the prerequisites of managing security issues that may come with I4.0. Structuring and effectivizing the communication of security issues is needed to ensure that suitable competence can address security issues in a timely manner. The aspects of communication and competence are not addressed by current security standards and frameworks in the industrial context, nor are they equally applicable for smaller industrial organizations. This study aims to contribute to the research field of information security in I4.0 by investigating how security vulnerabilities should be communicated at a smaller manufacturing industry that does not have an information security management system. The framework is based on a traditional incident response information flow and was designed at a Swedish manufacturing industry through the narrative of OT or production personnel.
20
Negahban, Arash. "Does Device Matter? Understanding How User, Device, and Usage Characteristics Influence Risky IT Behaviors of Individuals." Thesis, University of North Texas, 2015. https://digital.library.unt.edu/ark:/67531/metadc804895/.
Повний текст джерелаАнотація:
Over the past few years, there has been a skyrocketing growth in the use of mobile devices. Mobile devices are ushering in a new era of multi-platform media and a new paradigm of “being-always-connected”. The proliferation of mobile devices, the dramatic growth of cloud computing services, the availability of high-speed mobile internet, and the increase in the functionalities and network connectivity of mobile devices, have led to creation of a phenomenon called BYOD (Bring Your Own Device), which allows employees to connect their personal devices to corporate networks. BYOD is identified as one of the top ten technology trends in 2014 that can multiply the size of mobile workforce in organizations. However, it can also serve as a vehicle that transfers cyber security threats associated with personal mobile devices to the organizations. As BYOD opens the floodgates of various device types and platforms into organizations, identifying different sources of cyber security threats becomes indispensable. So far, there are no studies that investigated how user, device and usage characteristics affect individuals’ protective and risky IT behaviors. The goal of this dissertation is to expand the current literature in IS security by accounting for the roles of user, device, and usage characteristics in protective and risky IT behaviors of individuals. In this study, we extend the protection motivation theory by conceptualizing and measuring the risky IT behaviors of individuals and investigating how user, device, and usage characteristics along with the traditional protection motivation factors, influence individuals’ protective and risky IT behaviors. We collected data using an online survey. The results of our study show that individuals tend to engage in different levels of protective and risky IT behaviors on different types of devices. We also found that certain individual characteristics as well as the variety of applications that individuals use on their computing devices, influence their protective and risky IT behaviors.
21
Lindström, Oskar, and August Magnusson. "Säkerhetsmedvetenhet och integration av IoT : En kvantitativ studie på konsumenters säkerhetsmedvetenhet och syn på integration av IoT." Thesis, Linnéuniversitetet, Institutionen för informatik (IK), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-104554.
Повний текст джерелаАнотація:
Internetuppkopplade apparater blir allt vanligare att se i våra hem. Samlingsordet för dessa enheter är Internet of Things (IOT). Med införande av IoT i våra hem skapas fler accesspunkter till internet, vilket även skapar en större attackyta. I kombinationmed den ständigt växande cyberkriminalliteten och införandet av IoT i våra hem ökar risken för att utsättas för en attack. Tidigare forskning inom området gällande konsumenters informationssäkerhetsmedvetenhet visar att konsumenterna har låg medvetenhet och bristande kunskaper för de hot som tillkommer vid integrationen av en IoT-enhet ihemmet. Det finns även tidigare forskning som undersökt vilka faktorer som påverkar individernas inställning till att anta ny teknologi. Mycket av den tidigare forskningen inom området har fokuserat på de tekniska aspekterna och fokuset har inte varit på konsumenternas informationssäkerhetsmedvetenhet och deras inställning till den ökande integrationen av IoT. Den här studien syftade till att undersöka svenska konsumenters informationssäkerhetsmedvetenhet och deras inställning till den ökande integrationen av IoT. Studien avsåg att undersöka hur medvetna konsumenterna är för de informationssäkerhetsrisker som tillkommer vid integreringen av IoT i hemmet i kombination med att undersöka deras syn på den ökade integrationen av IoT ivardagen. Studien har fokuserat på två olika enheter. Dessa enheter genererar data via ljudupptagning samt videoinspelning. En kvantitativ metod med en enkätundersökning tillämpades för att se ifall den låga kunskapen hos respondenter fanns, men även för att lättare nå ut till fler respondenter. För att förstå konsumenternas beteende utformades enkätfrågorna utifrån den allmänt tillämpade beteendemodellen Theory of planned behavior (TPB). Studien fann att majoriteten av respondenterna hade en låg medvetenhet för de risker som tillkommer med integreringen av IoT-enheter, samt låga kunskap för de säkerhetsåtgärder som går att implementera. Trots den låga medvetenheten för riskerna visade det sig att respondenterna hade en mycket positiv inställning till den ökade integrationen av IoT och att de funderar på att införskaffa fler IoT-enheter.Internet-connected devices are becoming more common to see in our homes. The collective word for these devices is Internet of Things (IoT). With the introduction of IoT in our homes, more access points to the internet are created, which also creates alarger attack area. Combined with the ever-growing cybercrime and the introduction of IoT in our homes, the risk of being attacked increases. Previous research in the field of consumer information security awareness shows that consumers have low awareness, and lack of knowledge about the threats posed by the integration of an IoT device in the home. Previous research has examined the factors that influence individuals attitudes towards adopting new technology. Much of the previous research in the field has focused on the technical aspects and the focus has not been on consumers information security awareness and their attitude to the increasing integration of IoT. This study aimed to examine Swedish consumers' information security awareness and their attitude towards the increasing integration of IoT. The study aimed to examine how aware consumers are of the information security risks that arise from the integration of IoT in the home in combination with examining their stand on the increased integration of IoT in their everyday life. The study has focused on two specific IoT-devices. These devices generate data via audio recording and video recording. A quantitative method with a survey was applied to examine how aware the consumers where of the information security risks, but also to be able to include more respondents in the study. To understand consumer behavior, the questionnaires were designed based on the generally applied behavioral model Theory of plannedbehavior (TPB).The study found that the majority of respondents had a low awareness of the risks involved with the integration of IoT devices, as well as low knowledge of the security measures that can be implemented. Despite the low awareness of the risks, it turnedout that the respondents had a very positive attitude towards the increased integrationof IoT, and that they also are considering acquiring more IoT devices.
22
DiGiusto, Dennis Michael. "A protection motivation theory approach to home wireless network security in New Zealand establishing if groups of concerned wireless network users exist and exploring characteristics of behavioral intention : submitted to the School of Information Management, Victoria University of Wellington in partial fulfilment of the requirements for the degree of Master of Information Management /." ResearchArchive@Victoria e-Thesis, 2008. http://hdl.handle.net/10063/1148.
Повний текст джерела
23
Wolf, Anne. "Robust Optimization of Private Communication in Multi-Antenna Systems." Doctoral thesis, Saechsische Landesbibliothek- Staats- und Universitaetsbibliothek Dresden, 2016. http://nbn-resolving.de/urn:nbn:de:bsz:14-qucosa-203827.
Повний текст джерелаАнотація:
The thesis focuses on the privacy of communication that can be ensured by means of the physical layer, i.e., by appropriately chosen coding and resource allocation schemes. The fundamentals of physical-layer security have been already formulated in the 1970s by Wyner (1975), Csiszár and Körner (1978). But only nowadays we have the technical progress such that these ideas can find their way in current and future communication systems, which has driven the growing interest in this area of research in the last years. We analyze two physical-layer approaches that can ensure the secret transmission of private information in wireless systems in presence of an eavesdropper. One is the direct transmission of the information to the intended receiver, where the transmitter has to simultaneously ensure the reliability and the secrecy of the information. The other is a two-phase approach, where two legitimated users first agree on a common and secret key, which they use afterwards to encrypt the information before it is transmitted. In this case, the secrecy and the reliability of the transmission are managed separately in the two phases. The secrecy of the transmitted messages mainly depends on reliable information or reasonable and justifiable assumptions about the channel to the potential eavesdropper. Perfect state information about the channel to a passive eavesdropper is not a rational assumption. Thus, we introduce a deterministic model for the uncertainty about this channel, which yields a set of possible eavesdropper channels. We consider the optimization of worst-case rates in systems with multi-antenna Gaussian channels for both approaches. We study which transmit strategy can yield a maximum rate if we assume that the eavesdropper can always observe the corresponding worst-case channel that reduces the achievable rate for the secret transmission to a minimum. For both approaches, we show that the resulting max-min problem over the matrices that describe the multi-antenna system can be reduced to an equivalent problem over the eigenvalues of these matrices. We characterize the optimal resource allocation under a sum power constraint over all antennas and derive waterfilling solutions for the corresponding worst-case channel to the eavesdropper for a constraint on the sum of all channel gains. We show that all rates converge to finite limits for high signal-to-noise ratios (SNR), if we do not restrict the number of antennas for the eavesdropper. These limits are characterized by the quotients of the eigenvalues resulting from the Gramian matrices of both channels. For the low-SNR regime, we observe a rate increase that depends only on the differences of these eigenvalues for the direct-transmission approach. For the key generation approach, there exists no dependence from the eavesdropper channel in this regime. The comparison of both approaches shows that the superiority of an approach over the other mainly depends on the SNR and the quality of the eavesdropper channel. The direct-transmission approach is advantageous for low SNR and comparably bad eavesdropper channels, whereas the key generation approach benefits more from high SNR and comparably good eavesdropper channels. All results are discussed in combination with numerous illustrationsDer Fokus dieser Arbeit liegt auf der Abhörsicherheit der Datenübertragung, die auf der Übertragungsschicht, also durch geeignete Codierung und Ressourcenverteilung, erreicht werden kann. Die Grundlagen der Sicherheit auf der Übertragungsschicht wurden bereits in den 1970er Jahren von Wyner (1975), Csiszár und Körner (1978) formuliert. Jedoch ermöglicht erst der heutige technische Fortschritt, dass diese Ideen in zukünftigen Kommunikationssystemen Einzug finden können. Dies hat in den letzten Jahren zu einem gestiegenen Interesse an diesem Forschungsgebiet geführt. In der Arbeit werden zwei Ansätze zur abhörsicheren Datenübertragung in Funksystemen analysiert. Dies ist zum einen die direkte Übertragung der Information zum gewünschten Empfänger, wobei der Sender gleichzeitig die Zuverlässigkeit und die Abhörsicherheit der Übertragung sicherstellen muss. Zum anderen wird ein zweistufiger Ansatz betrachtet: Die beiden Kommunikationspartner handeln zunächst einen gemeinsamen sicheren Schlüssel aus, der anschließend zur Verschlüsselung der Datenübertragung verwendet wird. Bei diesem Ansatz werden die Abhörsicherheit und die Zuverlässigkeit der Information getrennt voneinander realisiert. Die Sicherheit der Nachrichten hängt maßgeblich davon ab, inwieweit zuverlässige Informationen oder verlässliche Annahmen über den Funkkanal zum Abhörer verfügbar sind. Die Annahme perfekter Kanalkenntnis ist für einen passiven Abhörer jedoch kaum zu rechtfertigen. Daher wird hier ein deterministisches Modell für die Unsicherheit über den Kanal zum Abhörer eingeführt, was zu einer Menge möglicher Abhörkanäle führt. Die Optimierung der sogenannten Worst-Case-Rate in einem Mehrantennensystem mit Gaußschem Rauschen wird für beide Ansätze betrachtet. Es wird analysiert, mit welcher Sendestrategie die maximale Rate erreicht werden kann, wenn gleichzeitig angenommen wird, dass der Abhörer den zugehörigen Worst-Case-Kanal besitzt, welcher die Rate der abhörsicheren Kommunikation jeweils auf ein Minimum reduziert. Für beide Ansätze wird gezeigt, dass aus dem resultierenden Max-Min-Problem über die Matrizen des Mehrantennensystems ein äquivalentes Problem über die Eigenwerte der Matrizen abgeleitet werden kann. Die optimale Ressourcenverteilung für eine Summenleistungsbeschränkung über alle Sendeantennen wird charakterisiert. Für den jeweiligen Worst-Case-Kanal zum Abhörer, dessen Kanalgewinne einer Summenbeschränkung unterliegen, werden Waterfilling-Lösungen hergeleitet. Es wird gezeigt, dass für hohen Signal-Rausch-Abstand (engl. signal-to-noise ratio, SNR) alle Raten gegen endliche Grenzwerte konvergieren, wenn die Antennenzahl des Abhörers nicht beschränkt ist. Die Grenzwerte werden durch die Quotienten der Eigenwerte der Gram-Matrizen beider Kanäle bestimmt. Für den Ratenanstieg der direkten Übertragung ist bei niedrigem SNR nur die Differenz dieser Eigenwerte maßgeblich, wohingegen für den Verschlüsselungsansatz in dem Fall keine Abhängigkeit vom Kanal des Abhörers besteht. Ein Vergleich zeigt, dass das aktuelle SNR und die Qualität des Abhörkanals den einen oder anderen Ansatz begünstigen. Die direkte Übertragung ist bei niedrigem SNR und verhältnismäßig schlechten Abhörkanälen überlegen, wohingegen der Verschlüsselungsansatz von hohem SNR und vergleichsweise guten Abhörkanälen profitiert. Die Ergebnisse der Arbeit werden umfassend diskutiert und illustriert
24
Bankole, Bamidele Adetokunbo. "Distinguishing Leadership of Information Assurance Teams." ScholarWorks, 2015. https://scholarworks.waldenu.edu/dissertations/1187.
Повний текст джерелаАнотація:
Information assurance (IA) projects are essential components of the information technology industry and often fail due to budget overruns, missed deadlines, and lack of performance by the project teams. The purpose of this phenomenological study was to explore the strategies necessary to improve IA project team performance. Lewin's situational leadership theory was used as the conceptual framework for this study. Interviews were conducted with 20 IA professionals located in the Washington, DC Metropolitan area. The data were transcribed, coded, and clustered for the identification of common patterns based on the Moustakas' modified van Kaam analysis. The major themes that emerged from the interview data included the importance of: communication and teamwork, technical knowledge, training, hiring of skilled resources, and balanced project teams. An organization-wide internal training program emerged as an overarching best practice to improve the leadership strategies within the IA sector. The study results may help improve project success and grow the IA industry by creating more jobs.
25
Tewolde, Vincent. "Comparison of authentication options forMQTT communication in an IoT basedsmart grid solution." Thesis, Blekinge Tekniska Högskola, Institutionen för datavetenskap, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-18276.
Повний текст джерелаАнотація:
Background. Smart grid is a new technology that focuses on utilising renewable energyalongside the current infrastructure. It aims to contribute to a sustainable future by implementingIoT devices in the electrical grid to adjust electricity flow and increase energyefficiency. By combining the current infrastructure with information technology manysecurity questions arise. This paper focuses on the authentication of the IoT devicesconnected with the MQTT protocol.Objectives. The study aims to discover a preferable MQTT authentication methodadapted for Techinova’s infrastructure with their requirements in consideration.Methods. A literature review was performed to obtain fundamental authenticationmethods and to distinguish different security approaches. Experiments were executed ina test environment to gather detailed information to gain a deeper understanding anddiscover security vulnerabilities.Results. The results derive from three experiments comparing the selected authenticationoptions security flaws.Conclusions. The results suggests that implementing TLS contributes to a secure authenticationand communication between the IoT devices and the broker without delayingthe transmission. However, further research could obtain other relevant data eventuatingin different results.
26
Zhang, Yang. "An empirical study on the relationship between identity-checking steps and perceived trustworthiness in online banking system use : submitted in partial fulfilment of the requirements for the Degree of Master of Information Sciences in Information Technology." Massey University, 2009. http://hdl.handle.net/10179/982.
Повний текст джерелаАнотація:
Online banking systems have become more common and widely used in daily life, bringing huge changes in modern banking transaction activities and giving us a greater opportunity to access the banking system anytime and anywhere. At the same time, however, one of the key challenges that still remain is to fully resolve the security concerns associated with the online banking system. Many clients feel that online banking is not secure enough, and to increase its security levels, many banks simply add more identity-checking steps or put on more security measures to some extent to give users the impression of a secure online banking system. However, this is easier to be said than done, because we believe that more identity-checking steps could compromise the usability of the online banking system, which is an inevitable feature in design of usable and useful online banking systems. Banks can simply enhance their security level with more sophisticated technologies, but this does not seem to guarantee the online banking system is in line with its key usability concern. Therefore, the research question raised in this thesis is to establish the relationships between usability, security and trustworthiness in the online banking system. To demonstrate these relationships, three experiments were carried out using the simulation of an online banking logon procedure to provide a similar online banking experience. Post questionnaires were used to measure the three concepts, i.e. usability, security and trustworthiness. The resulting analyses revealed that simply adding more identity-checking steps in the online banking system did not improve the customers? perceived security and trustworthiness, nor the biometric security technique (i.e., fingerprints) did enhance the subjective ratings on the perceived security and trustworthiness. This showed that the systems designer needs to be aware that the customer?s perception of the online banking system is not the same as that conceived from a technical standpoint.
27
Pimenta, Alexandre Manuel Santareno. "O comportamento dos utilizadores na segurança dos sistemas de informação nas organizações: um risco ou uma protecção?" Master's thesis, Universidade de Évora, 2012. http://hdl.handle.net/10174/15221.
Повний текст джерелаАнотація:
Numa sociedade cada vez mais global e em constante mutação, onde as organizações necessitam de ter sempre disponível a informação necessária e útil para desenvolver, de uma forma rápida e eficaz, as suas actividades no dia-a-dia, garantir a segurança da informação é um factor do qual depende a sua continuidade e sucesso. O presente trabalho tem como objectivo saber em que medida os comportamentos e as atitudes dos utilizadores constituem um risco ou uma protecção para a segurança dos Sistemas de Informação nas organizações. Para alcançar este objectivo será efectuada uma revisão bibliográfica baseada em fontes secundárias. Numa segunda fase será elaborado um questionário com base nos procedimentos de segurança identificados na revisão da literatura a aplicar aos utilizadores de Sistemas de Informação e Tecnologias de Informação, e posteriormente analisados os resultados e retiradas as conclusões.
A principal conclusão deste estudo revela que os utilizadores, de forma geral, são uma protecção para a segurança dos Sistemas de Informação nas organizações. Existem, no entanto, alguns procedimentos que necessitam de ser melhorados pelos utilizadores, para evitar que o seu comportamento seja considerado de risco; ABSTRACT: In an ever changing and more and more globalized society, in which the organizations need to always have the necessary and useful information available in order to develop, in a fast and accurate way, their daily activities, to ensure the safety of information is a factor on which their continuity and success depend. The goal of the present work is to know to which extent the users’ behaviours and attitudes are a risk or a protection for the Information systems’ security inside the organizations. In order to reach this goal, a bibliographic revision based on secondary sources will be done. Secondly, a questionnaire will be elaborated based on the safety procedures identified in the literature revision and applied to the Information Systems’ users. The results and the conclusions will then be analysed and thought over.
The results of this study show that, in general, users are a protection for the security of the Information Systems inside the organizations. However, there are some procedures that the users have to improve, to avoid what may be considered a risky behaviour.
28
Jin, Xinyu. "Trajectory Privacy Preservation in Mobile Wireless Sensor Networks." FIU Digital Commons, 2013. http://digitalcommons.fiu.edu/etd/983.
Повний текст джерелаАнотація:
In recent years, there has been an enormous growth of location-aware devices, such as GPS embedded cell phones, mobile sensors and radio-frequency identification tags. The age of combining sensing, processing and communication in one device, gives rise to a vast number of applications leading to endless possibilities and a realization of mobile Wireless Sensor Network (mWSN) applications. As computing, sensing and communication become more ubiquitous, trajectory privacy becomes a critical piece of information and an important factor for commercial success. While on the move, sensor nodes continuously transmit data streams of sensed values and spatiotemporal information, known as ``trajectory information". If adversaries can intercept this information, they can monitor the trajectory path and capture the location of the source node.
This research stems from the recognition that the wide applicability of mWSNs will remain elusive unless a trajectory privacy preservation mechanism is developed. The outcome seeks to lay a firm foundation in the field of trajectory privacy preservation in mWSNs against external and internal trajectory privacy attacks. First, to prevent external attacks, we particularly investigated a context-based trajectory privacy-aware routing protocol to prevent the eavesdropping attack. Traditional shortest-path oriented routing algorithms give adversaries the possibility to locate the target node in a certain area. We designed the novel privacy-aware routing phase and utilized the trajectory dissimilarity between mobile nodes to mislead adversaries about the location where the message started its journey. Second, to detect internal attacks, we developed a software-based attestation solution to detect compromised nodes. We created the dynamic attestation node chain among neighboring nodes to examine the memory checksum of suspicious nodes. The computation time for memory traversal had been improved compared to the previous work. Finally, we revisited the trust issue in trajectory privacy preservation mechanism designs. We used Bayesian game theory to model and analyze cooperative, selfish and malicious nodes' behaviors in trajectory privacy preservation activities.
29
Brand, Johanna Catherina. "The governance of significant enterprise mobility security risks." Thesis, Stellenbosch : Stellenbosch University, 2013. http://hdl.handle.net/10019.1/85853.
Повний текст джерелаАнотація:
Thesis (MComm)--Stellenbosch University, 2013.ENGLISH ABSTRACT: Enterprise mobility is emerging as a megatrend in the business world. Numerous risks originate from using mobile devices for business-related tasks and most of these risks pose a significant security threat to organisations’ information. Organisations should therefore apply due care during the process of governing the significant enterprise mobility security risks to ensure an effective process to mitigate the impact of these risks. Information technology (IT) governance frameworks, -models and -standards can provide guidance during this governance process to address enterprise mobility security risks on a strategic level. Due to the existence of the IT gap these risks are not effectively governed on an operational level as the IT governance frameworks, -models and -standards do not provide enough practical guidance to govern these risks on a technical, operational level. This study provides organisations with practical, implementable guidance to apply during the process of governing these risks in order to address enterprise mobility security risks in an effective manner on both a strategic and an operational level. The guidance given to organisations by the IT governance frameworks, -models and -standards can, however, lead to the governance process being inefficient and costly. This study therefore provides an efficient and cost-effective solution, in the form of a short list of best practices, for the governance of enterprise mobility security risks on both a strategic and an operational level.
AFRIKAANSE OPSOMMING: Ondernemingsmobiliteit kom deesdae as ‘n megatendens in die besigheidswêreld te voorskyn. Talle risiko's ontstaan as gevolg van die gebruik van mobiele toestelle vir sake-verwante take en meeste van hierdie risiko's hou 'n beduidende sekuriteitsbedreiging vir organisasies se inligting in. Organisasies moet dus tydens die risikobestuursproses van wesenlike mobiliteit sekuriteitsrisiko’s die nodige sorg toepas om ‘n doeltreffende proses te verseker ten einde die impak van hierdie risiko’s te beperk. Informasie tegnologie (IT)- risikobestuurraamwerke, -modelle en -standaarde kan op ‘n strategiese vlak leiding gee tydens die risikobestuursproses waarin mobiliteit sekuriteitsrisiko’s aangespreek word. As gevolg van die IT-gaping wat bestaan, word hierdie risiko’s nie effektief op ‘n operasionele vlak bestuur nie aangesien die ITrisikobestuurraamwerke, -modelle en -standaarde nie die nodige praktiese leiding gee om hierdie risiko’s op ‘n tegniese, operasionele vlak te bestuur nie. Om te verseker dat organisasies mobiliteit sekuriteitsrisiko’s op ‘n effektiewe manier op beide ‘n strategiese en operasionele vlak bestuur, verskaf hierdie studie praktiese, implementeerbare leiding aan organisasies wat tydens die bestuursproses van hierdie risiko’s toegepas kan word. Die leiding aan organisasies, soos verskaf in die IT-risikobestuurraamwerke, - modelle en -standaarde, kan egter tot’n ondoeltreffende en duur risikobestuursproses lei. Hierdie studie bied dus 'n doeltreffende, koste-effektiewe oplossing, in die vorm van 'n kort lys van beste praktyke, vir die bestuur van die mobiliteit sekuriteitsrisiko’s op beide 'n strategiese en 'n operasionele vlak.
30
Mago, Shamiso. "The impact of information and communication technologies (ICTs) on rural livelihoods: the case of smallholder farming in Zimbabwe." Thesis, University of Fort Hare, 2012. http://hdl.handle.net/10353/d1007185.
Повний текст джерелаАнотація:
This study seeks to determine the impact of Information and Communication Technologies (ICTs) on livelihoods of smallholder farmers in Zimbabwe. The study was motivated by the fact that benefits of ICT development still need to be known among rural smallholder farmers in Zimbabwe. ICTs have been upheld as catalysts for the promotion of rural livelihoods the world over. The question that remains is whether ICTs in Zimbabwe promote livelihoods of smallholder farmers. Although the Government formulated the ICT policy in 2005, the benefits still need to be known among rural smallholder farmers in Zimbabwe. The challenges faced by smallholder farmers include limited access to ICTs, high costs in ICT services and lack of ICT infrastructural development in the country. The challenges hindered ICT benefits that are expected to accrue to smallholder farmers. This study is significant in the view that most studies on ICT have focused on the general roles of ICT on rural development without giving particular attention to smallholder farming that has a potential of reducing poverty and promoting food security. For a theoretical lens, the Sustainable Livelihood Approach was used with special attention to Chapman et al (2001)’s information wheel. Regarding methodological issues, the study followed a qualitative research methodology guided by a secondary analysis research design. Data were collected from published reports of government, reports from the Ministry of ICT, internet, journals, newspapers and periodicals. The study established that ICTs promote livelihoods of smallholder farmers through the dissemination of vital information for improvement of agricultural productivity. From the research findings, the study proposes four main recommendations. Firstly, strengthening of ICT policy for effective smallholder farmers. Secondly, the government to organise ICT awareness campaigns directed towards rural people especially smallholder farmers. Thirdly, up scaling ICT Infrastructural development .Finally, a large-scale ICTs and livelihoods research must be commissioned in the country.
31
Boström, Andersson Jesper, and Jonas Nygren. "Security Theater i digitala applikationer : En illusion för att förstärka känslan av säkerhet." Thesis, Högskolan Kristianstad, Fakulteten för ekonomi, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:hkr:diva-18768.
Повний текст джерелаАнотація:
Datorkraft och hastighet har på senare år ökat exponentiellt, men våra förväntningar och mentala modeller om vad datorsystem är kapabla till har inte följt med. I fall där människor inte tror på att systemet kan utföra de uppgifter som begärs så snabbt som de gör kan artificiell väntan appliceras för att förväntningarna ska komma närmare verkligheten. Syftet med denna studie är att undersöka ifall security theater fungerar i kontexten av bankapplikationer och vad som händer med användarens förtroende ifall illusionen av säkerhet brister. Genom denna undersökning har vi fått fram att security theater är ett fenomen som fungerar och tillför ett värde för användaren. Dock ska kontexten ifråga utvärderas noggrant, då security theater i fel kontext kan ses som ett störande moment. Vi kom fram till att majoriteten av testpersoner inte påverkas negativt, och istället ser security theater som ett värde även efter illusionen genomskådats.Computer power and speed have increased exponentially in recent years, but our expectations and mental models of what computer systems are capable of have not kept up. In cases where people do not believe that the system can perform the requested task as quickly as they do, an artificial wait can be applied to closer match the reality. The purpose of this study is to investigate whether security theater works in the context of banking applications and what happens with the users trust if the illusion of security fails. Through this paper we have found that security theater is a phenomenon that works and adds value to the user. However, the context in question must be carefully evaluated, as security theater in the wrong context can be seen as a disturbing element. We came to the conclusion that the majority of our test subjects are not negatively affected, and instead sees the value in security theater even after the illusion have been revealed.
32
Weber, Lyle. "Addressing the incremental risks associated with adopting a Bring Your Own Device program by using the COBIT 5 framework to identify keycontrols." Thesis, Stellenbosch : Stellenbosch University, 2014. http://hdl.handle.net/10019.1/86694.
Повний текст джерелаАнотація:
Thesis (MComm)--Stellenbosch University, 2014.ENGLISH ABSTRACT: Bring Your Own Device (BYOD) is a technological trend which individuals of all ages are embracing. BYOD involves an employee of an organisation using their own mobile devices to access their organisations network. Several incremental risks will arise as a result of adoption of a BYOD program by an organisation. The research aims to assist organisations to identify what incremental risks they could potentially encounter if they adopt a BYOD program and how they can use a framework like COBIT 5 in order to reduce the incremental risks to an acceptable level. By means of an extensive literature review the study revealed 50 incremental risks which arise as a result of the adoption of a BYOD program. COBIT 5 was identified as the most appropriate framework which could be used to map the incremental risks against. Possible safeguards were identified from the mapping process which would reduce the incremental risks to an acceptable level. It was identified that 13 of the 37 COBIT 5 processes were applicable for the study.
33
Kukuruzovic, Naida. "Security Management : Fulfillment of the Government Requirements for a component assurance process." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-189983.
Повний текст джерелаАнотація:
Protecting organization’s assets from various security threats is a necessity for every organization. Efficient security management is vital to effectively protect the organization’s assets. However, the process of implementing efficient security management is complex and needs to address many requirements. The problem that this master’s thesis project addressed was to propose a component assurance process for the Swedish Armed Forces. This process has to be followed in order for a solution or product to be approved at a specific component assurance level. This problem was solved by first performing market research regarding security management. Various security management approaches were examined and the top security management solutions were selected. These solutions were then compared with the assurance requirements stated in Swedish Armed Forces’ KSF v3.1 (Swedish: “Krav på IT-säkerhetsförmågor hos IT-system”, English: Requirements for IT security capabilities of IT systems). This documentation lists the requirements for information technology (IT) security capabilities of IT systems. The solution that satisfied the most of these requirements was selected and modified in order to satisfy the full set of requirements. Finally, a component assurance process is proposed. This process may be used to decide which solutions or products can be used, along with the manner in which each solution or product should be used. The impact of having a component assurance process is that all the solutions and products are approved to a specific component assurance level exclusively based on this process. The ability to include such requirements in the acquisition of any product or service provides the Swedish Armed Forces with assurance that all products or services are approved to specific assurance levels in the same manner and hence provides the Swedish society with assurance that procedures within the Swedish Armed Forces are documented and protect the interests of the country and its citizens.För varje organisation är det nödvändigt att skydda information från olika säkerhetshot. Att ha en effektiv säkerhetshantering är avgörande för att kunna skydda informationen. Denna process är komplex och många krav måste tillfredsställas. Problemet som detta examensarbete avser att lösa handlar om hur införandet av en assuransprocess kommer påverka Försvarsmakten. Denna process måste följas för att en lösning eller produkt ska godkännas till en specifik komponents säkerhetsnivå. Frågeställningen besvaras i första hand av en marknadsundersökning om säkerhetshantering. Olika säkerhetshanteringsstrategier undersöktes och de bästa säkerhetslösningar valdes. Lösningarna jämfördes därefter med de assuranskrav som anges i Försvarsmaktens KSF V3.1 (Krav på IT säkerhetsförmågor hos IT – system) som är den dokumentation som anger kraven för IT säkerhetsfunktioner i ett IT system. Lösningen som uppfyllde de flesta kraven valdes och modifierades för att uppfylla samtliga kraven. Slutligen rekommenderades en komponent assuransprocess, vilken skulle kunna användas för att avgöra vilken lösning eller produkt som skulle kunna användas samt på vilket sätt det skulle kunna användas. Möjligheten att införa sådana krav i förvärvet av vilken produkt eller tjänst det än gäller förser Försvarsmakten med garantier för att alla produkter eller tjänster är godkända enligt särskilda säkringsnivåer på samma sätt och därmed försäkras det svenska samhället att förfaranden inom svenska väpnade krafter dokumenteras samt skyddar landet och dess medborgare.
Säkerhetshantering, informationssäkerhet, autentisering, auktorisering, styrning, riskhantering, följsamhet, användaradministration
34
Collins, Helen Loretta. "An Exploration of Wireless Networking and the Management of Associated Security Risk." ScholarWorks, 2015. https://scholarworks.waldenu.edu/dissertations/1843.
Повний текст джерелаАнотація:
The rapid expansion of wireless information technology (IT) coupled with a dramatic increase in security breaches forces organizations to develop comprehensive strategies for managing security risks. The problem addressed was the identification of security risk management practices and human errors of IT administrators, putting the organization at risk for external security intrusion. The purpose of this non-experimental quantitative study was to investigate and determine the security risk assessment practices used by IT administrators to protect the confidentiality and integrity of the organization's information. The research questions focused on whether the security risk management practices of IT administrators met or exceeded the minimally accepted practices and standards for wireless networking. The security risk assessment and management model established the theoretical framework. The sample was 114 participants from small to medium IT organizations comprised of security engineers, managers, and end users. Data collection was via an online survey. Data analysis included both descriptive and inferential statistical methods. The results revealed that greater than 80% of participants conducted appropriate risk management and review assessments. This study underscored the need for a more comprehensive approach to managing IT security risks. IT managers can use the outcome of this study as a benchmark for evaluating their current risk assessment procedures. Experiencing security breaches in organizations may be inevitable. However, when organizations and industry leaders can greatly reduce the cost of a data breach by developing effective risk management plans that lead to better security outcomes, positive social change can be realized.
35
Chinpanich, Vorapong. "Helpdesk Support Alert System." CSUSB ScholarWorks, 2004. https://scholarworks.lib.csusb.edu/etd-project/2674.
Повний текст джерелаАнотація:
The goal of this project was to implement the Helpdesk Support Alert System in the Data Center Services (DCS) of California State University, San Bernardino's (CSUSB's) Information Resource and Technology Division (IRT). DCS is responsible for ensuring uninterrupted operation of all CSUSB administrative computing systems. These responsibilities include user support, system maintenance, and system security. The DCS helpdesk cannot be staffed 24 hours a day; this application is designed to alert DCS technicians of emergencies when they are away from the helpdesk. The Helpdesk Support Alert System sends out an automated emergency alert in the form of a short text message to technicians' mobile phones. Technicians respond back to their main office by using the Wireless Application Protocol (WAP) capability of their mobile phones.
36
Mozayani, John. "Internet of Things : The Potential Influence of Enterprise Buyers on the Security of IoT." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-254890.
Повний текст джерелаАнотація:
While IoT safety and security incidents continue to increase in frequency, scope and severity, there remains a gap in how the issue will be addressed. While the debate continues within academia, industry standards bodies, government and industry media, new entrants continue to rapidly enter the market with cheaper more powerful products with little incentive to address information security issues. In a free market economy, the supply and the demand would determine the product and services and the associated prices without intervention. Manufacturers are free to innovate, consumers drive choice and competition brings these opposing forces to an equilibrium of market price. But how does this economic system factor in the risk of an event that neither party may ever consider and, yet, it may impact not only impact those involved, but has the potential to have catastrophic harm to others? The downside, the system does not consider “external factors”, i.e. a compromise to accommodate what consumers need. Economists often urge governments to adopt policies that "internalize" an externality, so that costs and benefits will affect mainly parties who choose to incur them. Such an intervention, however, often comes with many challenges and consequences. Even with the added urgency of growing risk to human safety, regulatory intervention takes time. Likewise, a self-regulating market would undoubtedly also take a significant amount of time to take the necessary actions to address such an externality, even if incentivized. While it continues to be all too easy to defer the blame and risk on consumer, like the industrial revolution, this industry must overcome its own safety challenges like the auto, transportation or energy industries before it. While, consumers must inevitably take some reasonable measures to protect their interests, clearly the accountability must reside elsewhere. There is a potentially increasingly significant influential subset of consumers in the IoT ecosystem, the Enterprise Buyer, specifically marketing and technology executives, who champion consumer needs within their organization’s broader products and services that incorporate IoT. In this thesis, we aim to investigate the following issue: What are the attitudes and potential role for Enterprise Buyers in influencing negative externalities, i.e. IoT security in the IoT market, specifically from the perspective of marketing and technology executives? We believe that this group is uniquely positioned to understand a consumer first mindset and how to articulate value in otherwise negatively perceived field of information security by examining context, business/technical challenges and opportunities and reveal awareness, attitude and accountability. The results of our survey show the majority of marketing and technology executives who responded believe information security awareness is increasingly an executive accountability and priority and Enterprise Buyers hold a highly influential position in their ability to influence the IoT market and its security development and maturation.Medan IoT- säkerhetsincidenter fortsätter att öka i frekvens, omfattning och svårighetsgrad, finns det fortfarande ett gap i hur problemet ska hanteras. Samtidigt som debatten fortsätter inom akademin, branschstandardorganen, myndigheter i regeringen och industrin fortsätter nya aktörer att snabbt komma in på marknaden med billigare, kraftfullare produkter med få incitament att ta itu med informationssäkerhetsfrågor. I en öppen marknadsekonomi skulle utbud och efterfrågan avgöra produkt och tjänster och tillhörande priser utan intervention. Tillverkare kan obehindrat driva innovation, konsumenterna driver urval och konkurrens ger dessa motstridiga krafter jämvikt genom marknadspriset. Men hur påverkar detta ekonomiska system risken för en händelse som ingen av parterna någonsin kan överväga och som ändå kan påverka inte bara de inblandade som berörs utan även har potential att få katastrofala skador på andra? Nersidan är att systemet inte beaktar "yttre faktorer", det vill säga gör en kompromiss för att leverera vad konsumenterna behöver. Ekonomer uppmanar ofta regeringar att anta policies som "internaliserar" något externt, så att kostnader och fördelar kommer att påverka främst parter som väljer att ådra sig dem. Ett sådant ingrepp kommer emellertid ofta med många utmaningar och konsekvenser. Trots att förhöjda hot mot människors säkerhet ökar angelägenheten tar uppdatering av regelverken tid. På samma sätt skulle en självreglerande marknad utan tvivel också ta väldigt mycket tid på sig för att vidta nödvändiga åtgärder för att hantera en sådan extern faktor, även om det fanns incitament för att göra det. Medan det fortsätter att vara alltför lätt att överlåta ansvaret och risken till konsumenten, såsom under den industriella revolutionen, måste denna industri övervinna sina egna säkerhetsutmaningar såsom bil-, transport- eller energibranschen gjort före den. Samtidigt som konsumenter oundvikligen behöver vidta rimliga åtgärder för att skydda sina intressen, måste yttersta ansvaret ligga någon annanstans. Det finns en potentiellt allt större inflytelserik delmängd av konsumenter i IoT-ekosystemet; företagsköpare, specifikt ledare inom marknadsföring och teknologi, som driver konsumentbehov inom sin organisations bredare produkter och tjänster som innehåller IoT. I denna avhandling strävar vi efter att undersöka följande problem: Vad är företagsköparnas attityder och möjliga roll för att påverka negativa externa effekter, det vill säga IoT-säkerhet på IoT-marknaden, särskilt ur marknadsförings- och teknikledarens perspektiv? Vi tror att denna grupp är unik positionerad för att förstå en konsumenternas första tankegång och hur man kan uttrycka värdet i ett annars negativt uppfattat område för informationssäkerhet genom att undersöka kontext, affärs- / tekniska utmaningar och möjligheter och avslöja medvetenhet, attityd och ansvar. Resultaten av vår undersökning visar de flesta marknadsförings- och teknikchefer som svarade tror att informationssäkerhet blir del av ledningens ansvar och prioriteringar och att företagsköpare har en mycket inflytelserik position i deras förmåga att påverka IoT- marknaden och dess säkerhetsutveckling och mognad.
37
Wei, Longfei. "Game-Theoretic and Machine-Learning Techniques for Cyber-Physical Security and Resilience in Smart Grid." FIU Digital Commons, 2018. https://digitalcommons.fiu.edu/etd/3850.
Повний текст джерелаАнотація:
The smart grid is the next-generation electrical infrastructure utilizing Information and Communication Technologies (ICTs), whose architecture is evolving from a utility-centric structure to a distributed Cyber-Physical System (CPS) integrated with a large-scale of renewable energy resources. However, meeting reliability objectives in the smart grid becomes increasingly challenging owing to the high penetration of renewable resources and changing weather conditions. Moreover, the cyber-physical attack targeted at the smart grid has become a major threat because millions of electronic devices interconnected via communication networks expose unprecedented vulnerabilities, thereby increasing the potential attack surface. This dissertation is aimed at developing novel game-theoretic and machine-learning techniques for addressing the reliability and security issues residing at multiple layers of the smart grid, including power distribution system reliability forecasting, risk assessment of cyber-physical attacks targeted at the grid, and cyber attack detection in the Advanced Metering Infrastructure (AMI) and renewable resources.
This dissertation first comprehensively investigates the combined effect of various weather parameters on the reliability performance of the smart grid, and proposes a multilayer perceptron (MLP)-based framework to forecast the daily number of power interruptions in the distribution system using time series of common weather data. Regarding evaluating the risk of cyber-physical attacks faced by the smart grid, a stochastic budget allocation game is proposed to analyze the strategic interactions between a malicious attacker and the grid defender. A reinforcement learning algorithm is developed to enable the two players to reach a game equilibrium, where the optimal budget allocation strategies of the two players, in terms of attacking/protecting the critical elements of the grid, can be obtained. In addition, the risk of the cyber-physical attack can be derived based on the successful attack probability to various grid elements.
Furthermore, this dissertation develops a multimodal data-driven framework for the cyber attack detection in the power distribution system integrated with renewable resources. This approach introduces the spare feature learning into an ensemble classifier for improving the detection efficiency, and implements the spatiotemporal correlation analysis for differentiating the attacked renewable energy measurements from fault scenarios. Numerical results based on the IEEE 34-bus system show that the proposed framework achieves the most accurate detection of cyber attacks reported in the literature. To address the electricity theft in the AMI, a Distributed Intelligent Framework for Electricity Theft Detection (DIFETD) is proposed, which is equipped with Benford’s analysis for initial diagnostics on large smart meter data. A Stackelberg game between utility and multiple electricity thieves is then formulated to model the electricity theft actions. Finally, a Likelihood Ratio Test (LRT) is utilized to detect potentially fraudulent meters.
38
Kero, Chanelle. "A Literature Review of Connected and Automated Vehicles : Attack Vectors Due to Level of Automation." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-80322.
Повний текст джерелаАнотація:
The manufacturing of connected and automated vehicles (CAVs) is happening and they are aiming at providing an efficient, safe, and seamless driving experience. This is done by offering automated driving together with wireless communication to and from various objects in the surrounding environment. How automated the vehicle is can be classified from level 0 (no automation at all) to level 5 (fully automated). There is many potential attack vectors of CAVs for attackers to take advantage of and these attack vectors may change depending on what level of automation the vehicle have. There are some known vulnerabilities of CAVs where the security has been breached, but what is seemed to be lacking in the academia in the field of CAVs is a place where the majority of information regarding known attack vectors and cyber-attacks on those is collected. In addition to this the attack vectors may be analyzed for each level of automation the vehicles may have. This research is a systematic literature review (SLR) with three stages (planning, conducting, and report) based on literature review methodology presented by Kitchenham (2004). These stages aim at planning the review, finding articles, extracting information from the found articles, and finally analyzing the result of them. The literature review resulted in information regarding identified cyberattacks and attack vectors the attackers may use as a path to exploit vulnerabilities of a CAV. In total 24 types of attack vectors were identified. Some attack vectors like vehicle communication types, vehicle applications, CAN bus protocol, and broadcasted messages were highlighted the most by the authors. When the attack vectors were analyzed together with the standard of ‘Levels of Driving Automation’ it became clear that there are more vulnerabilities to consider the higher level of automation the vehicle have. The contributions of this research are hence (1) a broad summary of attack vectors of CAVs and (2) a summary of these attack vectors for every level of driving automation. This had not been done before and was found to be lacking in the academia.
39
Chehade, Samer. "Designing a Customisable Communication System for Situation Awareness in Rescue Operations." Thesis, Troyes, 2021. http://www.theses.fr/2021TROY0007.
Повний текст джерелаАнотація:
Cette thèse porte sur le problème d'awareness et des communications dans les opérations de secours. Nous cherchons à concevoir et à mettre en œuvre un système visant à simplifier les communications dans ces opérations en se basant sur des techniques de représentation sémantique et une personnalisation des usages. Pour être utilisé par les unités opérationnelles, il est essentiel de concevoir un tel système de manière à répondre à leurs besoins. De plus, afin de garantir la confidentialité des informations, il est essentiel d'intégrer des techniques de sécurité. Pour aborder ces aspects, nous proposons une approche pour concevoir les interfaces et les spécifications du système. Cette approche consiste en une méthodologie basée sur cinq étapes. Tout d'abord, nous modélisons les interactions entre les différentes parties sur la base de pratiques opérationnelles. Deuxièmement, nous formalisons ces interactions et connaissances à travers une ontologie d'application. Cette ontologie intègre des concepts liés au domaine du secours, à la conception de systèmes et à la sécurité de l'information. Ensuite, nous présentons une plate-forme pour concevoir le système. Basée sur l'ontologie développée, cette plateforme permettra aux utilisateurs finaux du système de définir leurs spécifications et de concevoir leurs interfaces de manière personnalisée. De plus, nous proposons une politique de contrôle d'accès basée sur l'ontologie proposée. Finalement, nous présentons un cas d’usage de la plateforme proposéeThis thesis deals with the problem of awareness and communications in rescue operations. We look forward to designing and implementing a communication system aiming to simplify information sharing in rescue operations based on semantic representation techniques and a customisation of uses. In order to be used by operational units, it is essential to design such a system in a way that meets their practical needs. Moreover, in order to guarantee the privacy of information, it is essential to integrate security techniques in the proposed system. In this consequence, we propose in this thesis a novel approach for defining and designing the system’s interfaces and specifications. This approach consists of a five-step methodology. First, we analyse and model communications and interactions between different stakeholders based on practical operations. Secondly, we formalise those interactions and knowledge through an application ontology. This ontology integrates concepts related to the rescue domain, to the design of systems and to information security. Afterwards, we present ontology-based platform for designing the system. Based on the developed ontology, this platform will allow the end-users of the system to define its specifications and design its interfaces in a customised way. Moreover, we propose an access control and rights management policy based on the proposed ontology. Eventually, we present a use case scenario of the proposed platform
40
Guerreiro, André Saito 1986. "Capacidade de sigilo e indisponibilidade de sigilo em sistemas MIMOME." [s.n.], 2014. http://repositorio.unicamp.br/jspui/handle/REPOSIP/259132.
Повний текст джерелаАнотація:
Orientador: Gustavo FraidenraichDissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação
Made available in DSpace on 2018-08-25T15:23:35Z (GMT). No. of bitstreams: 1 Guerreiro_AndreSaito_M.pdf: 2368603 bytes, checksum: 297e17dce61316c0a4184fc3db28066c (MD5) Previous issue date: 2014
Resumo: Neste trabalho, considera-se a transmissão de mensagem confidencial em um canal sem fio em que transmissor, receptor e escuta possuem múltiplas antenas. O trabalho divide-se em duas partes. Na primeira parte analisamos a capacidade de sigilo ergódica e a probabilidade de indisponibilidade de sigilo para os cenários em que o canal é ergódico e não ergódico respectivamente, ambos na presença de desvanecimento estacionário com distribuição Rayleigh e considerando conhecimento do estado do canal (CSI) no receptor e na escuta. No cenário ergódico, deriva-se uma nova expressão fechada para a capacidade ergódica de sistemas em que há conhecimento do estado do canal no transmissor (CSIT) do canal principal e do canal de escuta, no qual permite-se que matriz covariância varie no tempo. Também deriva-se um limite inferior para capacidade de sigilo com CSIT, no qual a matriz covariância é fixa no período de transmissão. A primeira expressão é restrita ao limite da alta relação sinal ruído (SNR), n_t antenas no transmissor, n_r antenas no receptor (n_r > n_t) e n_e=n_t antenas na escuta (arranjo n_t x n_r x n_t). A segunda expressão é restrita ao arranjo de antenas n_t x n_t x n_t e potência do ruído do canal principal e do canal de escuta iguais. No cenário não ergódico, deriva-se uma nova expressão fechada para a probabilidade de indisponibilidade de sigilo no limite da alta SNR, em um arranjo de antenas 2 nr x 2 com n_r > 2. Também calcula-se um limite superior para a probabilidade de indisponibilidade de sigilo para outros arranjos de antena. Na segunda parte, considera-se uma escuta ativa que é capaz de atacar de forma inteligente o processo de estimação de canal. Focando em sistemas de transmissão baseados na decomposição generalizada em valores singulares (GSVD), diferentes técnicas de ataque são propostas e simulações computacionais são utilizadas para avaliar a eficiência de cada uma delas
Abstract: In this thesis, we consider the transmission of confidential information over a multiple-input multiple-output multiple-eavesdropper (MIMOME) wireless channel. The content is largely divided in two. In the first part we analyse the ergodic secrecy capacity and the secrecy outage probability in the ergodic and non-ergodic scenario respectively, both with stationary Rayleigh distributed fading channels and channel state information (CSI) at the receiver and eavesdropper. For the ergodic scenario we derive a new closed-form expression for the ergodic secrecy capacity with channel state information at the transmitter (CSIT) of the main and the eavesdropper channels, allowing the covariance matrix to be time-varying. A lower bound for the ergodic capacity with CSIT, in which the covariance matrix is fixed for the entire transmission period is also derived. The first expression is restricted to the high-SNR limit, with n_t transmit antennas, n_r receive antennas (n_r >= n_t) and n_e=n_t eavesdropper antennas (n_t x n_r x n_t setup). The second expression is restricted to the n_t x n_t x n_t antenna setup and equal noise power at both channels. For the non-ergodic scenario, we derive a new closed-form expression for the secrecy outage probability in the high-SNR limit, in a 2x n_r x 2 setup with n_r \ge 2. We also calculate an upper-bound for the secrecy outage probability in other antenna setups. In the second part we consider an eavesdropper which is able to attack the channel sounding process through intelligent jamming. We focus on transmission systems based on generalized singular value decomposition (GSVD). We propose and analyze, through computer simulations, the efficiency of several attack techniques that intend to disrupt the secret communication between legitimate users
Mestrado
Telecomunicações e Telemática
Mestre em Engenharia Elétrica
41
Caronni, Germano. "Dynamic security in communication systems /." [S.l.] : [s.n.], 1999. http://e-collection.ethbib.ethz.ch/show?type=diss&nr=13156.
Повний текст джерела
42
Крапивний, Іван Васильович, Иван Васильевич Крапивный, Ivan Vasylovych Krapyvnyi, Віталій Анатолійович Омельяненко, Виталий Анатольевич Омельяненко, Vitalii Anatoliiovych Omelianenko, and V. O. Varakin. "Information security economic systems in national security country." Thesis, Sumy State University, 2015. http://essuir.sumdu.edu.ua/handle/123456789/43592.
Повний текст джерелаАнотація:
In today's world, information security becomes vital for ensuring the interests of man, society and the state and the most important, part of the whole system of national security.
Doctrine considers all the work in the field of information based on the Concept of National Security of Ukraine. The doctrine identifies four main components of Ukraine's national interests in the information sphere.
43
Sepasian, Mojtaba. "Multibiometric security in wireless communication systems." Thesis, Brunel University, 2010. http://bura.brunel.ac.uk/handle/2438/5081.
Повний текст джерелаАнотація:
This thesis has aimed to explore an application of Multibiometrics to secured wireless communications. The medium of study for this purpose included Wi-Fi, 3G, and WiMAX, over which simulations and experimental studies were carried out to assess the performance. In specific, restriction of access to authorized users only is provided by a technique referred to hereafter as multibiometric cryptosystem. In brief, the system is built upon a complete challenge/response methodology in order to obtain a high level of security on the basis of user identification by fingerprint and further confirmation by verification of the user through text-dependent speaker recognition. First is the enrolment phase by which the database of watermarked fingerprints with memorable texts along with the voice features, based on the same texts, is created by sending them to the server through wireless channel. Later is the verification stage at which claimed users, ones who claim are genuine, are verified against the database, and it consists of five steps. Initially faced by the identification level, one is asked to first present one’s fingerprint and a memorable word, former is watermarked into latter, in order for system to authenticate the fingerprint and verify the validity of it by retrieving the challenge for accepted user. The following three steps then involve speaker recognition including the user responding to the challenge by text-dependent voice, server authenticating the response, and finally server accepting/rejecting the user. In order to implement fingerprint watermarking, i.e. incorporating the memorable word as a watermark message into the fingerprint image, an algorithm of five steps has been developed. The first three novel steps having to do with the fingerprint image enhancement (CLAHE with 'Clip Limit', standard deviation analysis and sliding neighborhood) have been followed with further two steps for embedding, and extracting the watermark into the enhanced fingerprint image utilising Discrete Wavelet Transform (DWT). In the speaker recognition stage, the limitations of this technique in wireless communication have been addressed by sending voice feature (cepstral coefficients) instead of raw sample. This scheme is to reap the advantages of reducing the transmission time and dependency of the data on communication channel, together with no loss of packet. Finally, the obtained results have verified the claims.
44
Krejčí, Petr. "Informační portál pro studenty." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2018. http://www.nusl.cz/ntk/nusl-385992.
Повний текст джерелаАнотація:
This work contains students' communication analysis, the design of new information system for students and its implementation. New system integrates the social network Facebook, the Google Docs and the Google Calendar. The result of this master's thesis is working system written in Java language. The system is based on the students' communication analysis and the requirements of the Students' Union.
45
Raheem, Muhammad. "Mitigation of inter-domain Policy Violations at Internet eXchange Points." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-247908.
Повний текст джерелаАнотація:
Economic incentives and the need to efficiently deliver Internet have led to the growth of Internet eXchange Points (IXPs), i.e., the interconnection networks through which a multitude of possibly competing network entities connect to each other with the goal of exchanging traffic. At IXPs, the exchange of traffic between two or more member networks is dictated by the Border gateway Protocol (BGP), i.e., the inter-domain routing protocol used by network operators to exchange reachability information about IP prefix destinations. There is a common “honest-closed-world” assumption at IXPs that two IXP members exchange data traffic only if they have exchanged the corresponding reachability information via BGP. This state of affairs severely hinders security as any IXP member can send traffic to another member without having received a route from that member. Filtering traffic according to BGP routes would solve the problem. However, IXP members can install filters but the number of filtering rules required at a large IXP can easily exceed the capacity of the network devices. In addition, an IXP cannot filter this type of traffic as the exchanged BGP routes between two members are not visible to the IXP itself. In this thesis, we evaluated the design space between reactive and proactive approaches for guaranteeing consistency between the BGP control-plane and the data-plane. In a reactive approach, an IXP member operator monitors, collects, and analyzes the incoming traffic to detect if any illegitimate traffic exists whereas, in a proactive approach, an operator configures its network devices to filter any illegitimate traffic without the need to perform any monitoring. We focused on proactive approaches because of the increased security of the IXP network and its inherent simplified network management. We designed and implemented a solution to this problem by leveraging the emerging Software Defined Networking (SDN) paradigm, which enables the programmability of the forwarding tables by separating the controland dataplanes. Our approach only installs rules in the data-plane that allow legitimate traffic to be forwarded, dropping anything else. As hardware switches have high performance but low memory space, we decided to make also use of software switches. A “heavy-hitter” module detects the forwarding rules carrying most of the traffic and installs them into the hardware switch. The remaining forwarding rules are installed into the software switches.We evaluated the prototype in an emulated testbed using the Mininet virtualnetwork environment. We analyzed the security of our system with the help of static verification tests, which confirmed compliance with security policies. The results reveal that with even just 10% of the rules installed in the hardware switch, the hardware switch directly filter 95% of the traffic volume with nonuniform Internet-like traffic distribution workloads. We also evaluated the latency and throughput overheads of the system, though the results are limited by the accuracy of the emulated environment. The scalability experiments show that, with 10K forwarding rules, the system takes around 40 seconds to install and update the data plane. This is due to inherent slowness of emulated environment and limitations of the POX controller, which is coded in Python.Ekonomiska incitament och behovet av att effektivt leverera Internet har lett till tillväxten av Internet eXchange Points (IXP), dvs de sammankopplingsnät genom vilka en mängd möjligen konkurrerande nätverksenheter förbinder varandra med målet att utbyta trafik. Vid IXPs dikteras utbytet av trafik mellan två eller flera medlemsnät av gränsgatewayprotokollet (BGP), dvs det inter-domänroutingprotokollet som används av nätoperatörer för att utbyta tillgänglighetsinformation om IP-prefixdestinationer. Det finns ett gemensamt antagande om "honest-closed-world" vid IXP, att två IXP-medlemmar endast utbyter datatrafik om de har bytt ut motsvarande tillgänglighetsinformation via BGP. Detta tillstånd försvårar allvarligt säkerheten eftersom varje IXP-medlem kan skicka trafik till en annan medlem utan att ha mottagit en rutt från den medlemmen. Filtrering av trafik enligt BGP-vägar skulle lösa problemet. IXPmedlemmar kan dock installera filter men antalet filtreringsregler som krävs vid en stor IXP kan enkelt överskrida nätverksenheternas kapacitet. Dessutom kan en IXP inte filtrera denna typ av trafik eftersom de utbytta BGP-vägarna mellan två medlemmar inte är synliga för IXP-enheten själv.I denna avhandling utvärderade vi utrymmet mellan reaktiva och proaktiva metoder för att garantera överensstämmelse mellan BGP-kontrollplanet och dataplanet. I ett reaktivt tillvägagångssätt övervakar, samlar och analyserar en inkommande trafik en IXP-medlem för att upptäcka om någon obehörig trafik finns, medan en operatör konfigurerar sina nätverksenheter för att filtrera någon obehörig trafik utan att behöva övervaka . Vi fokuserade på proaktiva tillvägagångssätt på grund av den ökade säkerheten för IXP-nätverket och dess inneboende förenklad nätverkshantering. Vi konstruerade och genomförde en lösning på detta problem genom att utnyttja det nya SDN-paradigmet (Software Defined Networking), vilket möjliggör programmerbarheten hos vidarebefordringsborden genom att separera kontrolloch dataplanerna. Vårt tillvägagångssätt installerar bara regler i dataplanet som tillåter legitim trafik att vidarebefordras, släppa allt annat. Eftersom hårdvaruomkopplare har hög prestanda men lågt minne, bestämde vi oss för att även använda programvaruomkopplare. En "heavy-hitter" -modul detekterar vidarebefordringsreglerna som transporterar större delen av trafiken och installerar dem i hårdvaruomkopplaren. De återstående spolningsreglerna installeras i programvaruomkopplarna.Vi utvärderade prototypen i en emulerad testbädd med hjälp av virtuella nätverksmiljö Mininet. Vi analyserade säkerheten för vårt system med hjälp av statiska verifieringsprov, vilket bekräftade överensstämmelse med säkerhetspolicyerna. Resultaten visar att med bara 10% av de regler som installerats i hårdvaruomkopplaren filtrerar hårdvaruomkopplaren direkt 95% av trafikvolymen med ojämn Internetliknande trafikfördelningsarbete. Vi utvärderade också latensoch genomströmningsomkostnaderna för systemet, även om resultaten begränsas av noggrannheten hos den emulerade miljön. Skalbarhetsexperimenten visar att med 10K-vidarebefordringsregler tar systemet cirka 40 sekunder för att installera och uppdatera dataplanet. Detta beror på inneboende långsamma emulerade miljöer och begränsningar av POX-kontrollern, som kodas i Python.
46
Oscarson, Per. "Actual and Perceived Information Systems Security." Doctoral thesis, Linköping : Department of Management and Engineering, Linköping University, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-10215.
Повний текст джерела
47
Helms, J. (Janne). "Information systems security management:a literature review." Master's thesis, University of Oulu, 2019. http://jultika.oulu.fi/Record/nbnfioulu-201906212604.
Повний текст джерелаАнотація:
Abstract. Information security has begun to receive an increasing amount of intention. The importance of information security has started to be recognized among organizations and the work to comply with the increased requirements has been started. One essential method of managing information security is an information security policy, that is created and managed to suit the needs of each organization.
Managing information security policies can be viewed a tedious task and thus easily dismissed or done quickly. There are several aspects to cover and components to manage, including technical aspects and the human factors. The purpose of this thesis is to provide an insight to the managerial aspect of information security and the policies through a literary review.
This thesis is not intended to be a guide on how to create an information security policy. It rather is providing a view of the studies concerning information security management and, in some instances, how information security is managed in some organizations. The results of this thesis can be used in creating a list of aspects that are valuable in managing information security and policy creation.
48
Guo, Mingming. "User-Centric Privacy Preservation in Mobile and Location-Aware Applications." FIU Digital Commons, 2018. https://digitalcommons.fiu.edu/etd/3674.
Повний текст джерелаАнотація:
The mobile and wireless community has brought a significant growth of location-aware devices including smart phones, connected vehicles and IoT devices. The combination of location-aware sensing, data processing and wireless communication in these devices leads to the rapid development of mobile and location-aware applications. Meanwhile, user privacy is becoming an indispensable concern. These mobile and location-aware applications, which collect data from mobile sensors carried by users or vehicles, return valuable data collection services (e.g., health condition monitoring, traffic monitoring, and natural disaster forecasting) in real time. The sequential spatial-temporal data queries sent by users provide their location trajectory information. The location trajectory information not only contains users’ movement patterns, but also reveals sensitive attributes such as users’ personal habits, preferences, as well as home and work addresses. By exploring this type of information, the attackers can extract and sell user profile data, decrease subscribed data services, and even jeopardize personal safety.
This research spans from the realization that user privacy is lost along with the popular usage of emerging location-aware applications. The outcome seeks to relive user location and trajectory privacy problems. First, we develop a pseudonym-based anonymity zone generation scheme against a strong adversary model in continuous location-based services. Based on a geometric transformation algorithm, this scheme generates distributed anonymity zones with personalized privacy parameters to conceal users’ real location trajectories. Second, based on the historical query data analysis, we introduce a query-feature-based probabilistic inference attack, and propose query-aware randomized algorithms to preserve user privacy by distorting the probabilistic inference conducted by attackers. Finally, we develop a privacy-aware mobile sensing mechanism to help vehicular users reduce the number of queries to be sent to the adversarial servers. In this mechanism, mobile vehicular users can selectively query nearby nodes in a peer-to-peer way for privacy protection in vehicular networks.
49
Suárez, Touceda Diego. "Security in peer-to-peer communication systems." Doctoral thesis, Universitat Politècnica de Catalunya, 2011. http://hdl.handle.net/10803/110547.
Повний текст джерелаАнотація:
P2PSIP (Peer-to-Peer Session Initiation Protocol) is a protocol developed by the IETF (Internet Engineering Task Force) for the establishment, completion and modi¿cation of communication sessions that emerges as a complement to SIP (Session Initiation Protocol) in environments where the original SIP protocol may fail for technical, ¿nancial, security, or social reasons. In order to do so, P2PSIP systems replace all the architecture of servers of the original SIP systems used for the registration and location of users, by a structured P2P network that distributes these functions among all the user agents that are part of the system. This new architecture, as with any emerging system, presents a completely new security problematic which analysis, subject of this thesis, is of crucial importance for its secure development and future standardization.
Starting with a study of the state of the art in network security and continuing with more speci¿c systems such as SIP and P2P, we identify the most important security services within the architecture of a P2PSIP communication system: access control, bootstrap, routing, storage and communication. Once the security services have been identi¿ed, we conduct an analysis of the attacks that can a¿ect each of them, as well as a study of the existing countermeasures that can be used to prevent or mitigate these attacks. Based on the presented attacks and the weaknesses found in the existing measures to prevent them, we design speci¿c solutions to improve the security of P2PSIP communication systems. To this end, we focus on the service that stands as the cornerstone of P2PSIP communication systems¿ security: access control. Among the new designed solutions stand out: a certi¿cation model based on the segregation of the identity of users and nodes, a model for secure access control for on-the-¿y P2PSIP systems
and an authorization framework for P2PSIP systems built on the recently published Internet Attribute Certi¿cate Pro¿le for Authorization.
Finally, based on the existing measures and the new solutions designed, we de¿ne a set of security recommendations that should be considered for the design, implementation and maintenance of P2PSIP communication systems.
50
Komninos, Nikolaos. "Universal security architecture for future communication systems." Thesis, Lancaster University, 2003. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.413848.
Повний текст джерела