Elaboration d'un modèle d'identité numérique adapté à la convergence

L évolution des réseaux informatiques, et notamment d Internet, s ancre dans l émergence de paradigmes prépondérants tels que la mobilité et les réseaux sociaux. Cette évolution amène à considérer une réorganisation de la gestion des données circulant au cœur des réseaux. L accès à des services offrant de la vidéo ou de la voix à la demande depuis des appareils aussi bien fixes que mobiles, tels que les Smartphones, ou encore la perméabilité des informations fournies à des réseaux sociaux conduisent à s interroger sur la notion d identité numérique et, de manière sous-jacente, à reconsidérer les concepts de sécurité et de confiance. La contribution réalisée dans ce travail de thèse consiste, dans une première partie, à analyser les différents modèles d identité numérique existants ainsi que les architectures de fédération d identité, mais également les protocoles déployés pour l authentification et les problèmes de confiance engendrés par l absence d élément sécurisé tel qu une carte à puce. Dans une deuxième partie, nous proposons, en réponse aux éléments dégagés dans la partie précédente, un modèle d identité fortement attaché au protocole d authentification TLS embarqué dans un composant sécurisé, permettant ainsi de fournir les avantages sécuritaires exigibles au cœur des réseaux actuels tout en s insérant naturellement dans les différents terminaux, qu ils soient fixes ou mobiles. Enfin, dans une dernière partie, nous expliciterons plusieurs applications concrètes, testées et validées, de ce modèle d identité, afin d en souligner la pertinence dans des cadres d utilisation pratique extrêmement variés.IT networks evolution, chiefly Internet, roots within the emergence of preeminent paradigms such as mobility and social networks. This development naturally triggers the impulse to reorganize the control of data spreading throughout the whole network. Taking into account access to services such as video or voice on demand coming from terminals which can be fixed or mobile such as smartphones, or also permeability of sensitive information provided to social networks, these factors compel a necessary interrogation about digital identity as a concept. It also intrinsically raises a full-fledged reconsideration of security and trust concepts. The contribution of this thesis project is in line, in a first part, with the analysis of the existing manifold digital identity frameworks as well as the study of current authentication protocols and trust issues raised by the lack of trusted environment such as smartcards. In a second part, as an answer to the concerns suggested in the first part, we will advocate an identity framework strongly bounded to the TLS authentication protocol which needs to be embedded in a secure component, thus providing the mandatory security assets for today s networks while naturally fitting with a varied scope of terminals, be it fixed or mobile. In a last part, we will finally exhibit a few practical applications of this identity framework, which have been thoroughly tested and validated, this, in order to emphasize its relevance throughout multifarious use cases.PARIS-Télécom ParisTech (751132302) / SudocSudocFranceF

Effect of Pediatric Ear Infections on Postural Stability

Ear infections in children often cause abnormal postural stability during the acute phase of the ear infection. However, the long-term effects of recurrent ear infections on postural stability have not been investigated. Postural stability is the foundation of many motor skills in early child development. Therefore, it is important to evaluate and treat postural instability problems in early childhood. The purpose of this study was to examine the effect of multiple ear infections on pediatric postural stability and visual over-reliance and to determine if computerized and non-computerized measurement tools could identify lasting postural instability in children with multiple ear infections and/or tympanostomy tubes prior to age five. Forty children aged 10-12 years were divided into two groups (18 participants with history of tympanostomy tubes and/or 3 or more ear infections prior to age five and 22 participants without history of tympanostomy tubes and/or 0-2 ear infections prior to age five). Computerized and non-computerized postural stability was measured for all participants. Postural stability was significantly worse in participants with history of tympanostomy tubes and/or 3 or more ear infections had decreased postural stability scores. In Conclusion results suggest that children ages 10-12 with history of tympanostomy tubes and/or 3 or more ear infections prior to age five have decreased postural stability. Both postural stability measures detected lasting effects of postural instability in children ages 10-12

Segurança de Redes em Sistemas de Experimentação Remota

O crescimento dos sistemas de informação e a sua utilização massiva criou uma nova realidade no acesso a experiências remotas que se encontram geograficamente distribuídas. Nestes últimos tempos, a temática dos laboratórios remotos apareceu nos mais diversos campos como o do ensino ou o de sistemas industriais de controlo e monitorização. Como o acesso aos laboratórios é efectuado através de um meio permissivo como é o caso da Internet, a informação pode estar à mercê de qualquer atacante. Assim, é necessário garantir a segurança do acesso, de forma a criar condições para que não se verifique a adulteração dos valores obtidos, bem como a existência de acessos não permitidos. Os mecanismos de segurança adoptados devem ter em consideração a necessidade de autenticação e autorização, sendo estes pontos críticos no que respeita à segurança, pois estes laboratórios podem estar a controlar equipamentos sensíveis e dispendiosos, podendo até eventualmente comprometer em certos casos o controlo e a monotorização de sistemas industriais. Este trabalho teve como objectivo a análise da segurança em redes, tendo sido realizado um estudo sobre os vários conceitos e mecanismos de segurança necessários para garantir a segurança nas comunicações entre laboratórios remotos. Dele resultam as três soluções apresentadas de comunicação segura para laboratórios remotos distribuídos geograficamente, recorrendo às tecnologias IPSec, OpenVPN e PPTP. De forma a minimizar custos, toda a implementação foi assente em software de código aberto e na utilização de um computador de baixo custo. No que respeita à criação das VPNs, estas foram configuradas de modo a permitir obter os resultados pretendidos na criação de uma ligação segura para laboratórios remotos. O pfSense mostrou-se a escolha acertada visto que suporta nativamente quaisquer das tecnologias que foram estudadas e implementadas, sem necessidade de usar recursos físicos muito caros, permitindo o uso de tecnologias de código aberto sem comprometer a segurança no funcionamento das soluções que suportam a segurança nas comunicações dos laboratórios remotos.The increased use of information systems enabled the easy access to geographically distributed laboratories. Recently, the use of remote laboratories is being mentioned in such distinct areas as training institutions or industrial systems control and monitoring. Since access to remote laboratories is done using a permissive environment such as the Internet, information exchange can be at the mercy of any attacker. Thus, it is necessary to ensure that security mechanisms are in place to avoid data corruption or unauthorized accesses to the remote laboratories. They should take into account the need for authentication and authorization, which are critical with respect to safety, because these laboratories may enable the access and control of expensive equipment, and the monitoring and control of industrial systems, whose security may not be compromised. The aim of this study is to analyze various network security mechanisms able to ensure safe and reliable data transfer among remote laboratories as well as secure access control. Three solutions making use of IPSec, PPTP and OpenVpn are discussed. To minimize costs, the entire implementation was based on open source software and the use of a low-cost computer. In the case of VPNs, they are configured to obtain a secure connection to remote laboratories. The conclusion is that pfSense is the right choice since it natively supports the totality of the technologies studied and implemented without the need of very expensive physical resources, and enabling the use of open source technologies without compromising the secure access to remote laboratories

Gestion de la sécurité des réseaux à l'aide d'un service innovant de Cloud Based Firewall

Cloud computing has evolved over the last decade from a simple storage service for more complex services, offering the software as a service (SaaS) platforms as a service (PaaS) and most recently the security as a service (SECaaS). In our work, we started with the simple idea to use the resources offered by the Cloud with a low financial cost to propose new architectures of security service. The security of virtual environments is a major issue for the deployment of the use of the Cloud. Unfortunately, these environments are composed of a set of already existing technologies used in a new way, many security solutions are only traditional reconditioned solutions to solve the Cloud and virtual networks security issues. The work done in this thesis is a response to the resource limitations of physical security devices such as firewalls and propose new security architectures consist of management of network security in the cloud-based services following Security as a Service model and propose novel architectures for managing these services. We took the initiative to propose a completely Cloud-Based architecture. The latter allows a cloud provider to provide firewalling service to its customers. It asks them to subscribe to the offer by guaranteeing treatment (analysis) with a capacity of bandwidth traffic with functional filtering rules and other proposed by the subscriber. The results demonstrated the ability of our architecture to manage and cope with network DDoS attacks and to increase analytical capacity by distributing traffic over multiple virtualLe Cloud Computing a évolué au cours de la dernière décennie, passant d’un simple service de stockage à des services plus complexes, en proposant le software comme service (SaaS), les plateformes comme service(PaaS) et très récemment la sécurité comme service (SECaaS).Dans notre travail, nous sommes partis de l'idée simple d'utiliser les ressources offertes par le Cloud avec un faible coût financier pour proposer des nouvelles architectures de service de sécurité.La sécurité des environnements virtuels est un sujet majeur pour le déploiement de l’usage du Cloud. Malheureusement, comme ces environnements sont composés d’un ensemble de technologies déjà existantes, utilisées d'une manière nouvelle, de nombreuses solutions sécuritaires ne sont que des solutions traditionnelles reconditionnées à la problématique Cloud et réseaux virtuels.Le travail effectué dans le cadre de cette thèse vient répondre à la limitation de ressources des équipements physiques de sécurité comme les Firewalls et a pour objectif de proposer de nouveaux services de sécurité composés d’architectures de gestion de la sécurité des réseaux dans le Cloud basé sur le modèle Security as a Service, ainsi que des architectures de management de ces services.Nous avons pris l’initiative de proposer une architecture totalement Cloud-Based. Cette dernière, permet à un Cloud provider de proposer un service de Firewalling à ses clients. Celui-ci leur demande de s’abonner à l’offre en leur garantissant le traitement (analyse) d’une capacité de bande-passante de trafic avec des règles de filtrages fonctionnelles et d’autres proposées par l’abonné.Les résultats obtenus ont démontré les aptitudes de nos architectures à gérer et à faire face à des attaques réseaux de type DDoS et à augmenter la capacité d’analyse en distribuant le trafic sur plusieurs pare-feu virtuels

Tanker Familiarization : Course material for Aboa Mare

The aim with this thesis is to provide Aboa Mare with an updated material to their tanker familiarization course. Furthermore my aim is to provide new future deckhands joining a tanker with essential need to know information that will help them perform their duties on board a tanker. The course material should meet the requirements established by both the STCW and the IMO. The tanker familiarization material is based on STCW, chapter V which states the mandatory minimum requirements for the training and qualification for masters, officers and ratings on oil tankers. Furthermore the IMO has developed a series of model courses for maritime training institutes worldwide which provides the institutes with detailed information such as course timetables, learning objectives, course framework, a course outline, guidance notes for the instructor and a summary of how students should be evaluated. After participating the IMO Model course 1.01, tanker familiarization the candidate should be able to show basic knowledge and understanding in safe cargo operations on board oil tankers, precautions to prevent hazards, apply occupational health and safety precautions and measures, carrying out fire-fighting operations, know how to respond to emergencies and take precautions to prevent pollution of the environment. This thesis is based on a literature researchMålsättningen med detta examensarbete är att förse Aboa Mare med ett nytt uppdaterat kursmaterial till den grundläggande tankerkursen. Syftet är också att förse framtida lättmatroser med viktig information som skulle kunna hjälpa dem att genomföra sina arbetsuppgifter ombord en tanker. Kursmaterialet skall motsvara de krav som ställs av STCW och IMO. Den grundläggande tank-kursen är baserad på STCW, kapitel V som beskriver de obligatoriska minimumkrav vad som gäller upplärning och kvalifikation av befälhavare, styrmän och manskap ombord en tanker. Dessutom har IMO lanserat ett antal olika modell-kurser åt maritima skolor runtom i världen vars syfte är att förse skolorna med detaljerad information gällande tidtabeller, syfte, kursens uppbyggnad, vägledning för instruktören samt ett sammandrag över hur kandidaten skall bli evaluerad. Efter att ha deltagit i den grundläggande tank-kursen skall kandidaten kunna förevisa kunskap och kännedom i lastning, lossning, förebyggande säkerhetshetsåtgärder ombord en tanker, yrkesrelaterade hälsorisker ombord, brandbekämpning, säkerhetsåtgärder vid kritiska situationer och nödlägen ombord samt kunna vidta säkerhetsåtgärder för att förhindra nedsmutsning av miljön