Massey Documents by Type

Permanent URI for this communityhttps://mro.massey.ac.nz/handle/10179/294

Browse

Subject: search.filters.subject.Security measures

Search Results

Now showing 1 - 9 of 9
  • Thumbnail Image
    Item
    Blockchain for secured IoT and D2D applications over 5G cellular networks : a thesis by publications presented in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer and Electronics Engineering, Massey University, Albany, New Zealand
    (Massey University, 2021) Honar Pajooh, Houshyar
    The Internet of things (IoT) is in continuous development with ever-growing popularity. It brings significant benefits through enabling humans and the physical world to interact using various technologies from small sensors to cloud computing. IoT devices and networks are appealing targets of various cyber attacks and can be hampered by malicious intervening attackers if the IoT is not appropriately protected. However, IoT security and privacy remain a major challenge due to characteristics of the IoT, such as heterogeneity, scalability, nature of the data, and operation in open environments. Moreover, many existing cloud-based solutions for IoT security rely on central remote servers over vulnerable Internet connections. The decentralized and distributed nature of blockchain technology has attracted significant attention as a suitable solution to tackle the security and privacy concerns of the IoT and device-to-device (D2D) communication. This thesis explores the possible adoption of blockchain technology to address the security and privacy challenges of the IoT under the 5G cellular system. This thesis makes four novel contributions. First, a Multi-layer Blockchain Security (MBS) model is proposed to protect IoT networks while simplifying the implementation of blockchain technology. The concept of clustering is utilized to facilitate multi-layer architecture deployment and increase scalability. The K-unknown clusters are formed within the IoT network by applying a hybrid Evolutionary Computation Algorithm using Simulated Annealing (SA) and Genetic Algorithms (GA) to structure the overlay nodes. The open-source Hyperledger Fabric (HLF) Blockchain platform is deployed for the proposed model development. Base stations adopt a global blockchain approach to communicate with each other securely. The quantitative arguments demonstrate that the proposed clustering algorithm performs well when compared to the earlier reported methods. The proposed lightweight blockchain model is also better suited to balance network latency and throughput compared to a traditional global blockchain. Next, a model is proposed to integrate IoT systems and blockchain by implementing the permissioned blockchain Hyperledger Fabric. The security of the edge computing devices is provided by employing a local authentication process. A lightweight mutual authentication and authorization solution is proposed to ensure the security of tiny IoT devices within the ecosystem. In addition, the proposed model provides traceability for the data generated by the IoT devices. The performance of the proposed model is validated with practical implementation by measuring performance metrics such as transaction throughput and latency, resource consumption, and network use. The results indicate that the proposed platform with the HLF implementation is promising for the security of resource-constrained IoT devices and is scalable for deployment in various IoT scenarios. Despite the increasing development of blockchain platforms, there is still no comprehensive method for adopting blockchain technology on IoT systems due to the blockchain's limited capability to process substantial transaction requests from a massive number of IoT devices. The Fabric comprises various components such as smart contracts, peers, endorsers, validators, committers, and Orderers. A comprehensive empirical model is proposed that measures HLF's performance and identifies potential performance bottlenecks to better meet blockchain-based IoT applications' requirements. The implementation of HLF on distributed large-scale IoT systems is proposed. The performance of the HLF is evaluated in terms of throughput, latency, network sizes, scalability, and the number of peers serviceable by the platform. The experimental results demonstrate that the proposed framework can provide a detailed and real-time performance evaluation of blockchain systems for large-scale IoT applications. The diversity and the sheer increase in the number of connected IoT devices have brought significant concerns about storing and protecting the large IoT data volume. Dependencies of the centralized server solution impose significant trust issues and make it vulnerable to security risks. A layer-based distributed data storage design and implementation of a blockchain-enabled large-scale IoT system is proposed to mitigate these challenges by using the HLF platform for distributed ledger solutions. The need for a centralized server and third-party auditor is eliminated by leveraging HLF peers who perform transaction verification and records audits in a big data system with the help of blockchain technology. The HLF blockchain facilitates storing the lightweight verification tags on the blockchain ledger. In contrast, the actual metadata is stored in the off-chain big data system to reduce the communication overheads and enhance data integrity. Finally, experiments are conducted to evaluate the performance of the proposed scheme in terms of throughput, latency, communication, and computation costs. The results indicate the feasibility of the proposed solution to retrieve and store the provenance of large-scale IoT data within the big data ecosystem using the HLF blockchain.
  • Thumbnail Image
    Item
    Novel lightweight ciphertext-policy attribute-based encryption for IoT applications : a thesis presented in partial fulfilment of the requirements for the degree of Master of Information Science at Massey University, Auckland, New Zealand
    (Massey University, 2018) Li, Ping
    As more sensitive data are frequently shared over the Internet of Things (IoT) network, the confidentiality and security of IoT should be given special consideration. In addition, the property of the resources-constraint nodes raises a rigid lightweight requirement for IoT security system. Currently, the Attribute-Based Encryption (ABE) for fine-grained access control is the state-of-the-art technique to enable the secure data transmission and storage in the distributed case such as IoT. However, most existing ABE schemes are based on expensive bilinear pairing with linear size keys and ciphertexts. This results in the increase of the memory and computational requirement on the devices, which is not suitable for the resource-limited IoT applications. Leveraging on the advantages offered by the Ciphertext-Policy ABE (CP-ABE), this thesis proposes two constructions of lightweight no-paring cryptosystems based on Rivest–Shamir–Adleman (RSA). One realized work is a construction of AND-gate CP-ABE to achieve both constant-size keys and ciphertexts. The result of the evaluation shows that it reduces the storage and computational overhead. The other construction supports an expressive monotone tree access structure to implement the complex access control as a more generic system. Both have respective advantages in different contexts and are provably secure to guarantee the sharing of data, as well as more applicable and efficient than the previous scheme. In this thesis, practical issues are also described about implementations and evaluations of both proposals.
  • Thumbnail Image
    Item
    Effective security analysis for combinations of MTD techniques on cloud computing : a thesis submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy (Ph.D.) in Computer Science, Massey University
    (Massey University, 2019) Alavizadeh, Hooman
    Moving Target Defense (MTD) is an emerging security mechanism that can introduce a dynamic defensive layer for a given system by changing the attack surface. MTD techniques are useful to address security issues in cloud computing. MTD techniques are classified into three main categories: Shuffle, Diversity, and Redundancy. Shuffle MTD techniques can rearrange the system's components (e.g., IP mutation). They confuse the attackers by hardening the reconnaissance process and wasting the information collected by the attackers. Diversity MTD techniques change the variants of a system's component (e.g., operating systems), which makes an attack more difficult and costly because the attackers encounter a new set of vulnerabilities. Redundancy MTD techniques increase the system components' replicas. They can be used to increase system dependability (e.g., reliability or availability) by providing redundant ways of providing the same services when some system components are compromised. Since deploying each MTD technique may affect the others and also have different effects on the system (e.g., one can enhance the security and another can provide service's availability), it is important to combine MTD techniques in such a way that they can support each other directly or indirectly. This research first conducts an extensive survey of MTD literature to realize and summarize the key limitations of the current MTD studies. We reveal that (i) there is a lack of investigation on the combination of MTD techniques, (ii) relatively less effort has been made to evaluate the effectiveness of MTD techniques using security analysis, and (iii) there is a shortcoming in the validation of MTD techniques on more realistic cloud testbeds. We focus on the theoretical aspects of combining MTD techniques and provide formalization to combine MTD techniques in order to address those limitations. First, we achieve this by combining Shuffle and Redundancy to find a trade-off between System Risk and Reliability. Then, we provide a formal mathematical definition to combine Shuffle and Diversity to increase security while narrowing the scope for potential attacks. We evaluate the effectiveness of the proposed combined techniques using Graphical Security Models (GSMs) and incorporating various security metrics. We extend the combination of MTD techniques by including Redundancy besides Shuffle and Diversity. We perform an in-depth analysis on combining those MTD techniques to find out a trade-off between security alongside the reliability of the cloud. We show that if those MTD techniques are combined properly, it not only improves the cloud's security posture but also it increases the reliability of the cloud. Moreover, we study the economic metrics to show how MTD techniques can be deployed in a cost effective way. We also propose an Optimal Diversity Assignment Problem (O-DAP) to find the optimal solution for deploying Diversity over cloud. Finally, we design and develop an automated cloud security framework to evaluate the cloud security posture and adapt MTD techniques on the real cloud platform. We demonstrate the feasibility, adaptability, and usability of implementing MTD techniques on UniteCloud which is a real private cloud platform.
  • Thumbnail Image
    Item
    Security in information systems :the identification of risks in selected electronic banking applications : a thesis presented in partial fulfilment of the requirements for the degree of Master of Business Studies in Information Systems at Massey University
    (Massey University, 1988) Kemp, Elizabeth Angela
    This thesis considers the security threats associated with the introduction of electronic banking. In electronic banking services the paper based instructions for the movement of money are replaced by the electronic transmission of data. Since electronic banking relies heavily on advanced information technology (the use of computers and communications), security is a matter of grave concern. This thesis identifies the principle risks to security in five electronic applications : Automated Teller Machines (ATMs), Electronic Funds Transfer, Point-of-Sale (EFTPOS), credit cards, home banking and wire transfers. Both the information technology used and the applications are described. The major threats to each element of the computer system, hardware, software, data, communications and the environment are identified and related to the appropriate service. Five major risk categories are described: disaster, accident, error, computer abuse and sabotage. These headings are used as the starting point for the analysis of risks to each component of the system.
  • Thumbnail Image
    Item
    Bio-mirrors and networking security : for the partial fulfilment of Masters of Information Sciences, Information Systems major, 2006
    (Massey University, 2006) Mubayiwa, Douglas
    Bioinformatics databanks have been the source of data to bioscience researchers over the years. They need this information especially in the analysis of raw data. When this data is needed, it has to be readily available. This thesis seeks to address the current problems of unavailable data at a critical time. Continued retrieval of data from far away sites is expensive in both time and network resources. Care must also be taken to secure this data otherwise by the time it reaches the researcher, it will be useless. In response to this problem being addressed, this thesis describes a way to move data securely so that the necessary data is stored nearest to whoever requires it. A proposed initial prototype has been implemented with capacity to grow. The overall architecture of the system, the prototype and other related issues are also discussed in this thesis.
  • Thumbnail Image
    Item
    In-flight aggression : a cabin crew and passenger perspective : a thesis submitted in partial fulfilment of the requirements for the degree of Masters of Aviation at Massey University
    (Massey University, 2005) Li, Bao Qing
    In-flight aggression is the term used to describe aggressive behaviour during flights. The dangers such behaviour pose are evident when the lives of passengers and cabin crew are threatened. In the worst case scenario, passenger/s will barged into the cockpit and interfere with flight controls, causing the aircraft to crash while losing all lives onboard. This study investigates the magnitude of in-flight aggression and some of the triggers that lead passengers to it. It also examines the effectiveness of some measures and the environment which in-flight aggression manifest. The results showed that cabin crew were exposed to the serious dangers of in-flight aggression 6 times more than an average passenger. After September 11th, passengers became more aware of the dangers of in-flight aggression and were more willing to assist cabin crew should the need arise. Alcohol was found to be the top trigger of in-flight aggression and cabin crew intervention of such behaviour is most effective compared to other measures such as flight crew, other passengers, legislation, etc. Some aspects of airline policies and procedures related to the management of in-flight aggression require attention. Pre-flight and in-flight procedures and policies were only moderately effective and experienced cabin crew found them disappointing. Airlines encourages their crew to report incidents and have high safety standards which they expect cabin crew to adhere to strictly, failing which cabin crew are likely to face disciplinary actions. However the cabin crew were seldom informed about outcome of incidents and lessons drawn from incidents seldom led to policy or procedural improvements. Cabin crew believed that both physical and psychological passenger management techniques should be incorporated in training and many would like to be trained in self-defence although many airlines do not provide such training. There is some evidence that profiles of passenger and cabin crew can be used to predict a potential perpetrator and the effectiveness of a cabin crew managing an incident. Based on the finding, several recommendations were made to better manage in-flight aggression.
  • Thumbnail Image
    Item
    Maximising the effectiveness of threat responses using data mining : a piracy case study : this thesis presented in partial fulfillment of the requirements for the degree of Master of Information Sciences in Information Technology, School of Engineering and Advanced Technology at Massey University, Albany, Auckland, New Zealand
    (Massey University, 2015) Lee, Seung Jun
    Companies with limited budgets must decide how best to defend against threats. This thesis presents and develops a robust approach to grouping together threats which present the highest (and lowest) risk, using film piracy as a case study. Techniques like cluster analysis can be used effectively to group together sites based on a wide range of attributes, such as income earned per day and estimated worth. The attributes of high earning and low earning websites could also give some useful insight into policy options which might be effective in reducing earnings by pirate websites. For instance, are all low value sites based in a country with effective internet controls? One of the practical data mining techniques such as a decision tree or classification tree could help rightsholders to interpret these attributes. The purpose of analysing the data in this thesis was to answer three main research questions in this thesis. It was found that, as predicted, there were two natural clusters of the most complained about sites (high income and low income). This means that rightsholders should focus their efforts and resources on only high income sites, and ignore the others. It was also found that the main significant factors or key critical variables for separating high-income vs low-income rogue websites included daily page-views, number of internal and external links, social media shares (i.e. social network engagement) and element of the page structure, including HTML page and JavaScript sizes. Further research should investigate why these factors were important in driving website revenue higher. For instance, why is high revenue associated with smaller HTML pages and less JavaScript? Is it because the pages are simply faster to load? A similar pattern is observed with the number of links. These results could form a study looking into what attributes make e-commerce successful more broadly. It is important to note that this was a preliminary study only looking at the Top 20 rogue websites basically suggested by Google Transparency Report (2015). Whilst these account for the majority of complaints, a different picture may emerge if we analysed more sites, and/or selected them based on different sets of criteria, such the time period, geographic location, content category (software versus movies, for example), and so on. Future research should also extend the clustering technique to other security domains.
  • Thumbnail Image
    Item
    AutoURL : automatic URL tracking to identify rogue advertising : this thesis is submitted in fulfillment of the requirements for the degree of Master of Information Sciences in Software Engineering, School of Engineering and Advanced Technology (S.E.A.T.) at Massey University, Albany, New Zealand
    (Massey University, 2015) Ourahman, Mohammad Rashid
    Maintaining Cyber Security has been one of the biggest challenges of a modern era which has seen the extensive emergence of internet advertisers, and in which some promote their malicious contents through rogue websites. Internet rogue advertisers penetrate through cybercrime in various forms of advertisement banners which are displayed within any parts of a website. Tracking these rogue advertisers is important to the Cyber Security cause, where in an ideal scenario individuals are exposed to correct information as is their basic right, along with their reaction toward the sensitivity of any content. In the past manual tracking has been the commonest method of checking but in some cases manual tracking could fail, other than time parameters the accuracy is also questionable, the solution to this the concept of Automatic URL Tracking. This thesis represents an analytical method of Automatic URL Tracking, according to this approach, where various pages are checked for advertising banners, these are clicked until the final URL or its destination is reached. To achieve various concrete results a significant work has been done to develop an Automatic URL Tracking Software which is run when connected through internet while holding the reported URLs databases where each of these are tracked to its final destination. The Automatic URL Tracking Software was run for the total of 2500 URL samples, upon manually tracking these URLs the two processes showed 87.7 % agreement which can be reliable result considering the presence of various blocking techniques adopted by hosting sites and site developers but there are chances for further development where the application is enhanced specifically to overcome these obstacles. Automatic URL Tracking overcomes the difficulties and challenges of manual tracking, allowing larger data volumes to be tested, identified and verified, but having said that it also comes with the challenges of rapidly changing internet technologies, in which more comprehensive strategies need to be built to overcome this challenge.
  • Thumbnail Image
    Item
    What effect has the tragedy that occurred on September 11th 2001 had on international security measures at the United Nations? : a thesis presented in partial fulfillment of the requirements for the Master of Aviation Management at Massey University, Albany, Palmerston North, New Zealand
    (Massey University, 2006) Gilbert, Catherine
    The tragedy of 11th September 2001 (9/11), took place on United States soil, and deeply affected the psyche of American people. Many other countries and organisations based within those countries, suddenly felt much more vulnerable from terrorist attacks. One such organisation was the United Nations (UN). Furthermore, in August 2003, the UN suffered its own major security disaster, "Some officials called it the UN's own version of 9/11" (D. Pitt, 2004); with the bombing of its Baghdad office in Iraq and loss of twenty two UN staff members' lives. For the UN, with offices all around the world, ensuring that its buildings are secure and its staff members are safe is a complicated business as it is usually reliant on the Host Government to assist with the security and safety of its staff, which can create complications in war torn and beleaguered countries. The UN therefore has the difficult task of ensuring security needs are being achieved in its locations worldwide; whilst still achieving the following efforts in those locations: "to prevent violent conflict, resolve conflicts that have erupted, protect civilians and deliver humanitarian assistance, keep the peace when combatants have reached a truce, and build lasting peace in the aftermath of war,,. (Kofi Annan, UN SecretaryGeneral, 2004). This thesis therefore seeks to explore the ongoing effects that the 9/11 tragedy has had on international security measures in the UN. It will explore internal (to the UN) and external documents, newspaper articles, books, web articles and other material to present a comprehensive document on these measures. This thesis will also discuss the issues that have hampered the UWs endeavors to counter terrorism through a number of UN conventions, which address specific factions and acts, but with no international agreed definition of terrorism.