Filtreler

2004 - 200942010 - 20191
Filtreleri Sıfırla

Ayarlar

Bölüm: Işık Üniversitesi, Fen Bilimleri Enstitüsü, Bilgisayar Mühendisliği Yüksek Lisans Programı × Konu: Güvenlik ×

Arama Sonuçları

Listeleniyor 1 - 5 / 5
  • Küçük Resim
    Yayın
    Security analysis of coap and dtls protocols for internet of things applications
    (Işık Üniversitesi, 2019-08-26) Gürkan, Ali Tunca; Tüysüz Erman, Ayşegül; Işık Üniversitesi, Fen Bilimleri Enstitüsü, Bilgisayar Mühendisliği Yüksek Lisans Programı
    Internet of Things is a very fast growing area. Its requirements and related technologies are changing from day to day. In Internet of Things, devices can communicate with each other with different messaging protocols. The latest messaging protocols are well developed, but they are too heavy to be run on devices developed with old technology. Therefore, these devices have to be operated with old-fashioned protocols. This makes devices vulnerable to security risks. CoAP is a newly developed messaging protocol for constrained devices used in Internet of Things applications. The protocol is a variant of HTTP, so it has similar speci cations. CoAP does not have an embedded security mechanism. Therefore, another protocol called DTLS is used on top of it to provide security. DTLS has powerful functions like handshaking and session processes; however, it is weak against DoS attacks. In this study, we develop a security extension for Internet of Things devices using CoAP with DTLS for secure messaging. DTLS applies handshaking process for every received request. The handshaking process is the most time and resource consuming part of the communication. We propose a security extension to prevent unnecessary messaging during handshaking process of an attacker device that sends a lot of unauthenticated requests. When a client sends requests to a server that has the proposed security extension, the server counts unsuccessful handshaking processes for each client. If the count passes a limit of suspicious requests, the security extension on server adds the client's IP address into a banned IPs list. Until the expiration time, the server does not accept any request from the banned IP address. Our proposed security extension is tested in different scenarios to examine the effects on the network. The results of the experiments show that the enhanced security extension decreases delays on the network and it is helpful for communication between authenticated devices.
  • Küçük Resim
    Yayın
    Ipwall design and implementation of a gateway frewall on linux
    (Işık Üniversitesi, 2004) Durak, Erdem; Yarman, Bekir Sıddık Binboğa; Işık Üniversitesi, Fen Bilimleri Enstitüsü, Bilgisayar Mühendisliği Yüksek Lisans Programı
    The aim of the this project is to develop a firewall which will have functionailities in a regular firewall also will have the missing functions like configuring firewall from any platform and any location via internet or local network. In the beginning of this project information is collected about firewalls and firewalls were examined that work on Windows and Linux operating systems in order to see the differences. On linux operating system source kernel allowed us to implement packet filtering firewall. IPWALL is a firewall which can be used as a gateway firewall also it can be used to secure a local area network. IPWALL key features are stablity, web-based interface which allows configuring firewall form any operating system; it is highly configurable and easy maintainable Linux Firewall. IPWALL communicates with kernel to check and manage network security with packet filtering. By web-based interface IPWALL provides easy and advanced configurable options for novice and expert users. The aim is to continue our improvements on IPWALL as gateway firewall and IPCUBE as personel firewall an share our knowledge of this project in open source community.
  • Küçük Resim
    Yayın
    Performance and security issues in e-payment systems: pay on-line case
    (Işık Üniversitesi, 2006-06) Karahasan, Orhan; Kuru, Selahattin; Işık Üniversitesi, Fen Bilimleri Enstitüsü, Bilgisayar Mühendisliği Yüksek Lisans Programı
    In this thesis, we report an experience on Performance and Security issues in E-Payment systems. We develop an E-Payment system which covers all introduced performance and security measures written in this thesis. We also compare different types of means that can be used in E-Payment systems. We mentioned different types of network architectures, and their benefits and drawbacks for E-Payment systems. An example e-payment system called Pay ON-LINE is developed with the proposed security and performance architectures. This system is in use in Şile campus of Isik University.
  • Küçük Resim
    Yayın
    Ipcube personal firewall on linux
    (Işık Üniversitesi, 2004-06) Pamukçu, Örge Anıl; Koç, Çetin Kaya; Işık Üniversitesi, Fen Bilimleri Enstitüsü, Bilgisayar Mühendisliği Yüksek Lisans Programı
    The aim of this project is to developing a personal firewall which will have functionalities in a regular firewall also will have the missing functions like configuring firewall from any platform and any location via internet or local network. There is no many user-friendly personal firewalls works on Linux operating system. In the beginning of this study differences and common properties of firewalls examined. IPCUBE is designed and developed to collect good features of firewalls on a personal firewall. It provides stable, secure open sourced, web- based, highly configurable and easy maintained Linux Firewall. IPCUBE is designed on Iptable future of Linux. It uses Iptable commands to check and manage network with packet filtering concept. Its web-based console provides easy and highly configurable options to the non-technic users. All of the TPCUBE's functionalities can be managed on this web-based console. The aim is to continue our improvements on IPWALL as gateway firewall and IPCUBE as personal firewall and share our knowledge of this project in open source community.
  • Küçük Resim
    Yayın
    Risk scalable and modular security architectures
    (Işık Üniversitesi, 2005-04) Kunter, Ünal; Koç, Çetin Kaya; Işık Üniversitesi, Fen Bilimleri Enstitüsü, Bilgisayar Mühendisliği Yüksek Lisans Programı
    Network security is ensuring the availability, the integrity and the confidentiality in the business activities. Network security is not only limiting acess to the resources; İt is mainly structring the acess to the match the business needs and ensure the availability of the resources. To demonstrate these principals, the deployment of a secure environment for different enterprises level companies will be examined. In this thesis, the acess requirement and restriction for the different group of security infrastructeres will be examined. The business operation will be detailed as well as the priority of the resources in terms of business interest in order to design a network that match the business model. An overview of the security layers will be shown. The intent is to demonstrate that no designs are perfect and may not resist to some type of attacks. In order to optimize the cost on security, the assets under risk should be taken into consideration. The case studies mentioned in the thesis vary from simple ones to more complicated ones. That is strongly related to what you store in databases. In all the cases it is considered that database is the core business and should be protected. Both inward and outward traffic should be under control in order to by-pass the attacks. There is never perfect security, but increasing the security for a small amount will result a bigger prevention against attacks