6,351 research outputs found
Remote booting in a hostile world: to whom am I speaking? [Computer security]
âThis material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder." âCopyright IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.âToday's networked computer systems are very vulnerable to attack: terminal software, like that used by the X Window System, is frequently passed across a network, and a trojan horse can easily be inserted while it is in transit. Many other software products, including operating systems, load parts of themselves from a server across a network. Although users may be confident that their workstation is physically secure, some part of the network to which they are attached almost certainly is not secure. Most proposals that recommend cryptographic means to protect remotely loaded software also eliminate the advantages of remote loading-for example, ease of reconfiguration, upgrade distribution, and maintenance. For this reason, they have largely been abandoned before finding their way into commercial products. The article shows that, contrary to intuition, it is no more difficult to protect a workstation that loads its software across an insecure network than to protect a stand-alone workstation. In contrast to prevailing practice, the authors make essential use of a collision-rich hash function to ensure that an exhaustive off-line search by the opponent will produce not one, but many candidate pass words. This strategy forces the opponent into an open, on-line guessing attack and offers the user a defensive strategy unavailable in the case of an off-line attack.Peer reviewe
File Synchronization Systems Survey
Several solutions exist for file storage, sharing, and synchronization. Many
of them involve a central server, or a collection of servers, that either store
the files, or act as a gateway for them to be shared. Some systems take a
decentralized approach, wherein interconnected users form a peer-to-peer (P2P)
network, and partake in the sharing process: they share the files they possess
with others, and can obtain the files owned by other peers. In this paper, we
survey various technologies, both cloud-based and P2P-based, that users use to
synchronize their files across the network, and discuss their strengths and
weaknesses.Comment: The Sixth International Conference on Computer Science, Engineering &
Applications (ICCSEA 2016
Infrastructureless wallet backed up with P2P technology
Con el aumento de la popularidad de la nube, en los Ășltimos años se han desarrollado muchas nuevas aplicaciones. Un ejemplo son los almacenes de datos, que se utilizan para almacenar de forma segura los archivos mĂĄs preciosos de los usuarios en servidores basados en la nube. El uso de este tipo de aplicaciones requiere un alto grado de confianza por parte del usuario, ya que si existe alguna vulnerabilidad los archivos se podrĂan filtrar o si el servicio no estĂĄ disponible es posible que los usuarios no puedan acceder en los archivos. Este proyecto propone una alternativa al uso de servidores centralizados mediante redes P2P. Las redes P2P consisten en un grupo de ordenadores que comparten recursos entre sĂ con los mismos permisos y responsabilidades. Mediante este tipo de redes, por ejemplo BitTorrent, los usuarios pueden acceder a estos recursos desde un dispositivo remoto sin necesidad de almacenarlos en servidores remotos, ofreciendo una alternativa a otras soluciones basadas en la nube.Amb l'augment de la popularitat del nĂșvol, en els darrers anys s'han desenvolupat moltes aplicacions noves. Un exemple sĂłn els magatzems de dades, que s'utilitzen per emmagatzemar de manera segura els fitxers mĂ©s preciosos dels usuaris en servidors basats en el nĂșvol. L'Ășs d'aquest tipus d'aplicacions requereix un alt grau de confiança per part de l'usuari, ja que si hi ha alguna vulnerabilitat els fitxers es podrien filtrar o si el servei no estĂ disponible Ă©s possible que els usuaris no puguin accedir als fitxers. Aquest projecte proposa una alternativa a l'Ășs de servidors centralitzats mitjançant xarxes P2P. Les xarxes P2P consisteixen en un grup d'ordinadors que comparteixen recursos entre ells amb els mateixos permisos i responsabilitats. Mitjançant aquest tipus de xarxes, per exemple BitTorrent, els usuaris poden accedir a aquests recursos des d'un dispositiu remot sense necessitat d'emmagatzemar-los en servidors remots, oferint una alternativa a altres solucions basades en el nĂșvolWith the rise in popularity of the cloud, many new applications have been developed in recent years. An example are data vaults, used to securely store user's most precious files in cloud-based servers. The use of this type of applications requires a high degree of trust from the user, because if there is any vulnerability the files containing highly sensitive information could be leaked or if the service is unavailable users may not be able to access the files. This project proposes an alternative to using central servers by using P2P networks. P2P networks consist on a group of computers that share resources among them with the same permissions and responsibilities. By using this type of networks, BitTorrent for example, users are still able to access these resources from a remote device without the need to store them in remote servers, offering an alternative to other cloud-based solutions
Mobile FTP Client: An Android Application
This project sets out to design and implement a mobile FTP client application for Android OS that accompanies a home media server using the Nas4Free operating system. The application utilizes Apache Commonsâ .net Java library to perform three functions: connect remotely to an FTP server, browse through directory listings, and download single files or entire directories to the Android device. This senior project encompasses multiple concepts including the configuration of a network to allow external access to a server behind a firewall, understanding of SSL/TLS security including private key encryption and self-signed certificates, the FTP protocol and its associated commands, and centers on Android development and the creation of an Android application. This application is for personal use only, and will not be released on the Google Play Store
Addressing telecommuting in cyber security guidelines
Cyber security threats are becoming more common than before. New phenomena in society
include new cyber security threats which organisations and society should prepare for. One of
these phenomena is telecommuting. Telecommuting has its roots already in the 1970s, but it has
become increasingly popular during the last years. Especially the pandemic caused by Covid-19
has changed the way of working drastically. Pandemic and the social distancing forced many
organisations to have their employees working from home. Information technology has abled
telecommuting, but it has also brought some problems such as security issues. Cyber security
threats have increased and become more diverse during the mass telecommuting caused by Covid-19. Telecommuting has some special features that can increase cyber security threats and risks.
In this research the following cyber security threats relating to telecommuting were identified to
be most relevant: cyber attacks, social engineering, unauthorized access and physical security.
Previous literature has identified that there exist cyber security threats in telecommuting, but it
has remained unclear how organisations manage and mitigate these in practice. Many of the
identified threats relate to employeesâ unwanted behaviour. Employees are unaware of the threats
facing the organisation in telecommuting. Some employees have not been provided with proper
guidelines and instruction on secure way of working. Information security policies and guidelines
are important for maintaining cyber security in organisations. Policies can be even seen as the
basis for organisationâs cyber security. This research studied which guidelines could be applicable
in a telecommuting environment in order to mitigate the common cyber security threats. Most
prominent cyber security guidelines for telecommuting identified in this research were guidelines
for personal and mobile devices, guidelines for social engineering, guidelines for physical
security, network guidelines, password guidelines and guidelines for online meetings.
Case study of multiple cases was used as a method for this study. The cases are seven Finnish
universities. The empirical data consists of cyber security and telecommuting guidelines from the
universities. These guidelines were analysed by reflecting to the theoretical framework. The
analysis showed that especially guidelines for physical security and online meetings were lacking.
The presence of outsiders in the telecommuting environment was addressed poorly. Outsiders are
a threat both to physical and online meeting security as outsiders may see or hear confidential
things. In addition, guidelines were not addressing data labelling and information release. Threats
specific to Covid-19 were also addressed poorly even though cyber criminals have exploited the
pandemic. Guidelines seemed to be otherwise comprehensive. Threats that were addressed poorly
have been especially relevant during the pandemic which suggests that organisationsâ guidelines
are not quite up to date even though otherwise applicable. Organisations should review and update
their guidelines periodically and if a major change occurs in the operation environment.Kyberturvallisuusuhat ovat yleistymÀssÀ. Uudet ilmiöt tuovat mukanaan uusia
kyberturvallisuusuhkia, joihin organisaatioiden ja yhteiskunnan tulee varautua. Yksi nÀistÀ
ilmiöistÀ on etÀtyö. EtÀtyön juuret ovat jo 1970-luvulla, mutta sen suosio on kasvanut viime
vuosina. Erityisesti Covid-19 ja sen aiheuttama pandemia ovat muuttaneet työn toimintatapoja
radikaalisti, sillÀ pandemia pakotti monet työntekijÀt etÀtyöhön. Tietotekniikka on mahdollistanut
etÀtyön, mutta se on tuonut myös ongelmia liittyen kyberturvaan. Kyberturvallisuusuhat ovat
lisÀÀntyneet ja monipuolistuneet pandemian aiheuttaman laajalle levinneen etÀtyön myötÀ.
EtÀtyössÀ on joitain erityispiirteitÀ, jotka voivat lisÀtÀ kyberturvallisuusuhkia ja -riskejÀ
perinteiseen työntekoon verraten. TÀssÀ tutkimuksessa tÀrkeimmiksi etÀtyöhön liittyviksi
kyberuhiksi tunnistettiin kyberhyökkÀykset, sosiaalinen manipulointi, valtuuttamaton pÀÀsy ja
huono fyysinen turvallisuus.
Aikaisemmassa kirjallisuudessa on havaittu, ettÀ etÀtyöhön liittyy kyberturvallisuusuhkia, mutta
on jÀÀnyt epÀselvÀksi, miten organisaatiot hallitsevat ja vÀhentÀvÀt niitÀ kÀytÀnnössÀ. Monet
tunnistetuista uhista liittyvÀt työntekijöiden ei-toivottuun kÀyttÀytymiseen. TyöntekijÀt eivÀt
vÀlttÀmÀttÀ ole tietoisia etÀtyön uhista organisaatiolle. Osalle työntekijöistÀ ei ole myöskÀÀn
annettu asianmukaisia ohjeita kyberturvallisista työskentelytavoista. Tietoturvapolitiikat ja -
ohjeet ovat tÀrkeitÀ organisaatioiden kyberturvallisuuden yllÀpitÀmisessÀ. Politiikkoja voidaan
pitÀÀ jopa organisaation kyberturvallisuuden perustana. TÀssÀ tutkimuksessa selvitettiin,
minkÀlaisia ohjeita tarvitaan etÀtyössÀ yleisten kyberturvallisuusuhkien lieventÀmiseksi. TÀssÀ
tutkimuksessa tunnistetut kyberturvallisuusohjeet etÀtyöhön liittyivÀt henkilökohtaisten ja
mobiililaitteiden kÀyttöön, sosiaaliseen manipulointiin, fyysiseen turvallisuuteen, turvattomiin
verkkoihin, salasanoihin ja online-kokouksiin.
Tutkimusmetodina tÀssÀ tutkimuksessa kÀytettiin usean tapauksen tapaustutkimusta. Tapauksina
toimivat seitsemÀn suomalaista yliopistoa. Empiirinen data koostuu Suomessa toimivien
yliopistojen kyberturvallisuus- ja etÀtyöohjeista. NÀmÀ ohjeet analysoitiin teoreettiseen
viitekehyksen avulla ja siihen viitaten. Analyysi osoitti, ettÀ erityisesti fyysistÀ turvallisuutta ja
online-kokouksia koskevat ohjeet ovat puutteellisia. Ulkopuolisten lÀsnÀolo etÀtyöympÀristössÀ
on huomioitu huonosti. Ulkopuoliset ovat uhka sekÀ fyysiselle ettÀ online-kokousten
turvallisuudelle, koska ulkopuoliset voivat nÀhdÀ tai kuulla luottamuksellisia asioita. LisÀksi
datan merkitsemiseen ja tiedon jakamiseen liittyvÀt ohjeet puuttuivat. Covid-19 oli myös
huomioitu huonosti, vaikka pandemian aikana on ollut useita kyberhyökkÀyksiÀ, jotka ovat
hyödyntÀneet Covid-19 tuomaa epÀvarmuutta. Yliopistojen ohjeet nÀyttivÀt muuten olevan
kattavat. Huonosti huomioon otetut ohjeet ovat sellaisia, jotka ovat olleet esillÀ etenkin
pandemian aikana. Vaikuttaa siltÀ, ettÀ organisaatioiden ohjeet eivÀt ole tÀysin ajan tasalla, vaikka
ne muuten olisivat tarkoituksenmukaiset. Organisaatioiden tuleekin tarkistaa ja pÀivittÀÀ ohjeitaan
sÀÀnnöllisesti ja aina, jos toimintaympÀristössÀ tapahtuu suuria muutoksia
The Clarens Web Service Framework for Distributed Scientific Analysis in Grid Projects
Large scientific collaborations are moving towards service oriented architecutres for implementation and deployment of globally distributed systems. Clarens is a high performance, easy to deploy Web Service framework that supports the construction of such globally distributed systems. This paper discusses some of the core functionality of Clarens that the authors believe is important for building distributed systems based on Web Services that support scientific analysis
- âŠ