Refine
Document Type
- Bachelor Thesis (3)
- Conference Proceeding (3)
- Master's Thesis (2)
- Article (reviewed) (1)
Conference Type
- Konferenzartikel (3)
Keywords
- Security (9) (remove)
Institute
- Fakultät Medien und Informationswesen (M+I) (bis 21.04.2021) (4)
- Fakultät Elektrotechnik, Medizintechnik und Informatik (EMI) (ab 04/2019) (3)
- ivESK - Institut für verlässliche Embedded Systems und Kommunikationselektronik (3)
- Fakultät Elektrotechnik und Informationstechnik (E+I) (bis 03/2019) (1)
- Fakultät Medien (M) (ab 22.04.2021) (1)
Open Access
- Open Access (4)
- Closed (3)
- Closed Access (2)
- Diamond (1)
Physical unclonable functions (PUFs) are increasingly generating attention in the field of hardware-based security for the Internet of Things (IoT). A PUF, as its name implies, is a physical element with a special and unique inherent characteristic and can act as the security anchor for authentication and cryptographic applications. Keeping in mind that the PUF outputs are prone to change in the presence of noise and environmental variations, it is critical to derive reliable keys from the PUF and to use the maximum entropy at the same time. In this work, the PUF output positioning (POP) method is proposed, which is a novel method for grouping the PUF outputs in order to maximize the extracted entropy. To achieve this, an offset data is introduced as helper data, which is used to relax the constraints considered for the grouping of PUF outputs, and deriving more entropy, while reducing the secret key error bits. To implement the method, the key enrollment and key generation algorithms are presented. Based on a theoretical analysis of the achieved entropy, it is proven that POP can maximize the achieved entropy, while respecting the constraints induced to guarantee the reliability of the secret key. Moreover, a detailed security analysis is presented, which shows the resilience of the method against cyber-security attacks. The findings of this work are evaluated by applying the method on a hybrid printed PUF, where it can be practically shown that the proposed method outperforms other existing group-based PUF key generation methods.
Linux and Linux-based operating systems have been gaining more popularity among the general users and among developers. Many big enterprises and large companies are using Linux for servers that host their websites, some even require their developers to have knowledge about Linux OS. Even in embedded systems one can find many Linux-based OS that run them. With its increasing popularity, one can deduce the need to secure such a system that many personnel rely on, be it to protect the data that it stores or to protect the integrity of the system itself, or even to protect the availability of the services it offers. Many researchers and Linux enthusiasts have been coming up with various ways to secure Linux OS, however new vulnerabilities and new bugs are always found, by malicious attackers, with every update or change, which calls for the need of more ways to secure these systems.
This Thesis explores the possibility and feasibility of another way to secure Linux OS, specifically securing the terminal of such OS, by altering the commands of the terminal, getting in the way of attackers that have gained terminal access and delaying, giving more time for the response teams and for forensics to stop the attack, minimize the damage, restore operations, and to identify collect and store evidence of the cyber-attack. This research will discuss the advantages and disadvantages of various security measures and compare and contrast with the method suggested in this research.
This research is significant because it paints a better picture of what the state of the art of Linux and Linux-based operating systems security looks like, and it addresses the concerns of security enthusiasts, while exploring new uncharted area of security that have been looked at as a not so significant part of protecting the OSes out of concern of the various limitations and problems it entails. This research will address these concerns while exploring few ways to solve them, as well as addressing the ideal areas and situations in which the proposed method can be used, and when would such method be more of a burden than help if used.
As industrial networks continue to expand and connect more devices and users, they face growing security challenges such as unauthorized access and data breaches. This paper delves into the crucial role of security and trust in industrial networks and how trust management systems (TMS) can mitigate malicious access to these networks.The TMS presented in this paper leverages distributed ledger technology (blockchain) to evaluate the trustworthiness of blockchain nodes, including devices and users, and make access decisions accordingly. While this approach is applicable to blockchain, it can also be extended to other areas. This approach can help prevent malicious actors from penetrating industrial networks and causing harm. The paper also presents the results of a simulation to demonstrate the behavior of the TMS and provide insights into its effectiveness.
The importance of machine learning has been increasing dramatically for years. From assistance systems to production optimisation to support the health sector, almost every area of daily life and industry comes into contact with machine learning. Besides all the benefits that ML brings, the lack of transparency and the difficulty in creating traceability pose major risks. While there are solutions that make the training of machine learning models more transparent, traceability is still a major challenge. Ensuring the identity of a model is another challenge. Unnoticed modification of a model is also a danger when using ML. One solution is to create an ML birth certificate and an ML family tree secured by blockchain technology. Important information about training and changes to the model through retraining can be stored in a blockchain and accessed by any user to create more security and traceability about an ML model.
Webassembly is a new technology to create application in a new way. Webassembly is being developed since 2017 by the worldwide web consortium (w3c). The primary task of webassembly is to improve web applications.
Today, more and more applications are being created as web applications. Web applications have some advantages - they are platform independent and even mobile platforms can run them, and no installation is needed apart from a modern web browser.
Currently, web applications are being developed in JavaScript (JS), hypertext mark-up language 5 (HTML 5), and cascading style sheets (CSS).
These technologies are not made for huge web applications, but they should not be replaced by webassembly; rather, webassembly is an extension to the currently existing technology.
The purpose of webassembly is to fix or improve the problems in web application development.
This master’s thesis reviews all of the aspects and checks whether the promises of webassembly are kept and where problems still exist.
Wie in allen Management-Prozessen braucht man auch bei der Umsetzung von Maßnahmen in Verbindung mit der IT-Sicherheit die Möglichkeit, Entscheidungen möglichst gut fundiert treffen und im Nachgang auch hinsichtlich der Wirksamkeit bewerten zu können.
IT-Sicherheit ist mit - zum Teil sehr hohen - Kosten verbunden. Diese Kosten müssen zum einen wirtschaftlich unter Kosten/Nutzen-Gesichtspunkten zu rechtfertigen sein, zum anderen ist sicherzustellen, dass die Investitionen, die zur IT-Sicherheit getätigt werden, eine möglichst große Wirkung zeigen.
In fast allen Management-Bereichen werden heute Kennzahlen erhoben, die in komprimierter Form Sachverhalte widerspiegeln, die die Entscheidungsträger schnell und objektiv wahrnehmen müssen, um zu richtigen und langfristig wirtschaftlich richtigen Entscheidungen zu kommen. Betriebswirtschaftliche Kennzahlen sind heute fester Bestandteil in allen Management-Ebenen.
Diese Arbeit soll zeigen, auf welche Normen und Standards ein Informationssicherheits-Verantwortlicher, der die umgesetzten Maßnahmen bewerten und das Ergebnis dem Management berichten können möchte, zurückgreifen kann. Darauf aufbauend werden exemplarisch einige Kennzahlen gebildet. Der Schwerpunkt liegt hierbei eher auf technischen als organisatorischen Merkmalen, da die Bildung von organisatorischen Kennzahlen in der Literatur bereits recht gut beschrieben ist.
Die Normen und Standards folgen alle einem ähnlichen Vorgehen bei der Planung und Implementierung eines Kennzahlensystems zur IT-Sicherheit. Gerade technische Kennzahlen haben einen sehr engen Zusammenhang mit klassischen Systementwicklungen. Daher wird erläutert, wie zielgerichtet im Sinne eines Leitfadens vorgegangen werden kann, um ein Kennzahlensystem zu entwickeln, das eine Bewertung der Wirksamkeit von Maßnahmen auch wirklich zulässt.
Android is the most popular mobile operating system. Its omnipresence leads to the fact that it is also the most popular target amongst malware developers and other computer criminals. Hence, this thesis shows the security-relevant structures of Android’s system and application architecture. Furthermore, it provides laboratory exercises on various security-related issues to understand them not only theoretically but also deal with them in a practical way. In order to provide infrastructure-independent education, the exercises are based on Android Virtual Devices (AVDs).
The overview of public key infrastructure based security approaches for vehicular communications
(2015)
Modern transport infrastructure becomes a full member of globally connected network. Leading vehicle manufacturers have already triggered development process, output of which will open a new horizon of possibilities for consumers and developers by providing a new communication entity - a car, thus enabling Car2X communications. Nevertheless some of available systems already provide certain possibilities for vehicles to communicate, most of them are considered not sufficiently secured. During last 15 years a number of big research projects funded by European Union and USA governments were started and concluded after which a set of standards were published prescribing a common architecture for Car2X and vehicles onboard communications. This work concentrates on combining inner and outer vehicular communications together with a use of Public Key Infrastructure (PKI).
In dieser Arbeit werden die Bedrohungen für ein lokales IPv6 Netzwerk, mit besonderem Hinblick auf das neu eingeführte Neighbor Discovery Protocol (NDP), analysiert. Dabei wird der Frage nachgegangen, wie ein IPv6 Netz gegen lokale Angriffe geschützt werden kann. Zunächst werden mögliche Angriffe auf das Netzwerk beschrieben. Gegen die dann jeweils Maßnahmen vorgestellt werden. Die Funktionsweise der Maßnahmen wird erläutert und die mit Einführung sowie Betrieb verbundenen Kosten und Nutzen eingeordnet. Darauf basierend wird eine Bewertung der Maßnahmen durchgeführt, um konkrete Handlungsempfehlungen zum sicheren Betrieb von IPv6 Netzen in der Praxis zu geben. In der Bewertung wird deutlich, dass ein Großteil der Maßnahmen noch nicht ausgereift oder nur bedingt praktisch anwendbar erscheint. Reaktive Maßnahmen wie NDPMon eignen sich dabei nach Ergebnissen der Analyse am besten zur Absicherung von NDP Verkehr. Um die Integration von NDPMon durch eine einheitliche Plattform zu erleichern, wird ein Einsatzbeispiel auf Basis des ARM-Einplatinencomputer Raspberry Pi beschrieben. Abgeschlossen wird die Arbeit mit einem Fazit zur lokalen Absicherung von IPv6 Netzwerken und den damit verbundenen Herausforderungen, sowie einem kurzen Ausblick auf zukünftige Entwicklungen im Bezug auf Schutzmaßnahmen.