MSc.ISS Theses and Dissertations (2018)
Permanent URI for this collection
Browse
Browsing MSc.ISS Theses and Dissertations (2018) by Title
Now showing 1 - 9 of 9
Results Per Page
Sort Options
- ItemA Collaborative tool to prevent fraudulent usage of financial cards(Strathmore University, 2018) Gitau, Wilson NdungiTechnology usage has advanced a great deal in banking and telecommunication sectors. With the continuous improving infrastructures in information technology, new technological dimensions have been opened up to ease processes in these sectors, for example people do not travel to pass communication, to shop and in banking people do not necessarily walk in to the banks to facilitate their financial transactions. Despite this advancement there are dire consequences of possible fraud or crime when we lose our banking identity documents and financial cards. Compromised, lost and stolen credit cards, debit cards, SIM cards, identity cards can be used in crimes. Due to vast adoption of this technology it has increased the surface of this kinds of crime, thereby causing financial loses and posing a challenge when tracking and preventing fraudulent events of the compromised financial cards. This study proposes and implements a system that: prevents fraudulent usage of compromised and lost financial identity items. These items include credit cards, debit cards, and SIM cards. The system will work towards assisting the authorities in investigating crime caused by financial cards. The system provides a blacklist API to the card industry, banking, merchant’s systems and individuals to back-list lost financial identity cards, an alert interfaces that reports usage of blacklist financial cards and a comprehensive reporting tool that helps in investigation of the crime. Agile methodology was adopted as the software methodology for the solution development. A prototype was developed to test the proposed solution. The system was populated with the relevant sample data for evaluation and validation.
- ItemDesign and implementation of a private certificate authority: a case study of Telkom Kenya limited(Strathmore University, 2018) Moraa, Deborah RiobaPublic Key Infrastructure (PKI) provides confidentiality and integrity to an enterprise and its customers. Applications accessed through corporate network needs to be protected when in transit and hence the need for a Certificate Authority (CA). Most enterprises currently purchase digital certificates from other Certificate Authorities, for instance Comodo, Symantec, Digicert, Thwate, GoDadddy, etc. Others purchase through third parties for instance Cloud Productivity Solutions in Kenya who then get their digital certificates from GeoTrust. These certificates are used to guarantee secure communication when accessing services on servers within an organization. The main challenge of buying of the certificates is the high purchase cost of single or Subject Alternative Name (SAN) certificates. By having their own Certificate Authority, digital certificates would cost less and give an enterprise the means to control large numbers of Digital Certificates for SSL, authentication, document signing, S/MIME (Secure/Multipurpose Internet Mail Extensions) and other usages of digital signatures. This implies that costs would be reduced by generation of enterprise-owned digital certificates instead of purchasing them. By understanding the current infrastructure in place, a CA was created for generation distribution and revocation of SSL certificates. This would replace purchasing of certificates signed by other public Certificate Authorities. This dissertation sought to design, develop and implement a comprehensive CA as per the X.509 standard for the purpose of generation of certificates for internal use for corporates and selling of the same to generate revenue so as to cut on costs incurred on purchase of digital certificates. Also a proof of concept of a private CA was used to validate the certificate authority with security of the Certificate Authority being considered.
- ItemDigital content security: video streaming digital rights management system(Strathmore University, 2018) Owenda, Benjamin OdonyaThe usability and applicability of digital videos, especially through the Internet, offers great opportunities for Kenyan content creators to further their careers as the platform enables them to share ideas which contributes to knowledge in the field which in turn generates wealth in the industry as new and efficient ways of creating the content are discovered making the production and distribution process cost effective. The Internet is however proving to be a double-edged sword as there have been multiple reports and incidences of copyright infringement within the country. This can be largely attributed to the fact that the platforms available to the average user provide a convenient environment for them to make several copies of the protected media file and distribute them as they wish: which facilitates misuse, piracy and plagiarism. The purpose of this project was to mitigate the unlawful replication and dissemination on an enormous scale of digital videos that are owned by practitioners in the education industry and presented to end users over the Internet. This followed a move by the players in the industry to convert their content into a digital format to meet the demand for online classes. Popular avenues that have been used to acquire copies of the digital streams include by use of standalone file grabbing software such as Internet Download Manager or browser plugins such as DownThemAll. These software implementations are extremely simple to use and allow users to create local copies of the streams through a single click of a button. They therefore present a threat to an entire ecosystem as content creators are heavily dependent on revenues generated from their material. This study seeks to develop a solution in the form of a Digital Rights Management (DRM) system that can be used to secure video streams and, in the process, preserve their economic value. A DRM system secures and implements the rights associated with the use of digital content by use of a set of access control technologies, which ensures that the videos are consumed as intended, and no illegal duplicates are created. Rapid Application Software Development Methodology were leveraged to accomplish the objectives
- ItemDistributed fuzzing for software vulnerability discovery(Strathmore University, 2018) Maalim, Farhiya OsmanInformation Security is concerned with effectively protecting the confidentiality, integrity and availability of data. Software bugs/defects threaten these three elements of information security. By failing to identify and focus upon the root causes of risks such as software vulnerabilities, there is a danger that the response to Information Security compromises become solely reactive. Fuzzing is a software testing technique that is used to discover software vulnerabilities. The project undertaken is a Distributed Fuzzer that runs on multiple computing environments in the cloud. The advantage of distributed fuzzing compared to regular fuzzing is the ability to run multiple test cases concurrently thus increasing the efficiency of fuzzing. The aim of this project is to improve fuzzing in order to increase the efficiency of discovering vulnerabilities and software defects. This will ultimately increase the security of a software/application. The research study was accomplished by using Ansible as a system orchestration tool to run AFL Fuzzers on multiple computing environments in the cloud. The results were collected and presented in this study.
- ItemInvestigating keystroke dynamics as a two-factor biometric security(Strathmore University, 2018) Njogholo, Brian MwandauKeystroke dynamics is the study of how people can be distinguished based on their typing rhythms. This proposal aims at investigating user authentication approaches and how keystroke dynamics can be used to enhance user authentication and access control. With more users embracing technologies and using applications without necessarily understanding the security repercussions, a further protection mechanism needs to be employed. It emphasizes on the need of an additional layer of security, through keystroke dynamics, on top of the traditional username-password combination to enhance security during authentication. It also proposes the use of a machine learning classifier for possible application in keystroke dynamics to verify and validate the legitimacy of a user during authentication.
- ItemOpen source intelligence gathering for hate speech in Kenya(Strathmore University, 2018) Adhi, Banchale GufuThe Internet has been celebrated for its ability to erode barriers between nations. Social media is a powerful medium that can unite, inform, and move people. One post can start a chain of events that changes the world. It gives users fast access to and sharing of information and facilitates ease of communication. However, the Internet allows for a lot of negativity as well. There has been an increase in hate speech activities on social media in the Kenyan cyber space. The National Cohesion and Integration Commission (NCIC) was established to facilitate and promote equality of opportunity, good relations, harmony and peaceful co-existence between persons of the different ethnic and racial communities of Kenya, and to advise the Government on all aspects thereof (Act No, 12, 2008). In particular, the NCIC Act of 2008 is mandated to curb hate speech. This research studied existing hate speech detection tools in use by NCIC, then identified gaps and challenges faced. A technical solution (tool for analyzing hate speech) was proposed that can be implemented by the NCIC and the government to respond to hate-speech cases perpetrated through social media platforms. The developed tool tracked challenges and gaps in the existing tools currently in use by NCIC for hate speech monitoring, detection and analysis. Due to the differences in Application Programming Interface (API) implementation on the variety of social media platforms used in Kenya, the scope of this research is limited to Twitter. This research employed the use of predictive analytics for text classification using Naïve Bayes. A tool that uses the predictive model in assistance to detection of hate-speech online was developed to conceptualize the solutions discussed in this research.
- ItemA Platform for analyzing log files using temporal logic approach: a test case with web server logs(Strathmore University, 2018) Muema, Peris NdululuWeb logs are a set of recorded events between clients and web servers. Information provided by these events is valuable to computer system administrators, digital forensic investigators and system security personnel during digital investigations. It is important for these entities to understand when certain system events were initiated and by whom. To achieve this, it is fundamental to gather related evidence to the crime from log files. These forensic procedures however pose a major challenge due to large sizes of the web log files, difficulty in understanding and correlating to attack patterns associated to digital crimes. The connections of events that are remotely positioned in the large log files require extensive computational manpower. This dissertation proposes the design, implementation and evaluation of a web log analysis system based on temporal logic and reconstruction. The case study will be on web server misuse. Temporal Logic operators represent system changes over time. The reconstruction of records in web server log files as streams will enable the implementation of temporal logic on the streaming data. The web server attack patterns established will be described by a special subset of temporal logic known as MSFOMTL (Many Sorted First Order Metric Temporal Logic). The attack patterns will be written in a special EPL (Event Processing Language) as queries and be parsed through Esper, a Complex Event Processing (CEP) engine. To ensure the proposed system increases the quality of log analysis process, log analysis will be performed based on a time window mechanism on sorted log files.
- ItemSecure plugin for automated software updates using Public Key Infrastructure for embedded systems(Strathmore University, 2018) Mbuvi, Victor MalombeEmbedded systems are the driving force for technological development in many domains such as automotive, healthcare, and industrial control in the emerging post-PC era. As more and more computational and networked devices are integrated into all aspects of our lives in a pervasive and invisible way, security becomes critical for the dependability of all smart or intelligent systems built upon these embedded systems. Most embedded device software is not updated after deployment. This is because chip manufacturers and system manufacturers (usually original device manufacturers) do not have any incentive, expertise, or even ability to patch the software once it is shipped. This leaves IoT developers to improvise their own ways of delivering software updates for embedded devices. These techniques do not have security in their design, and hence malicious updates from unauthorised sources may change the software leading to mass compromise. This research reviewed previous work done using the Public Key Infrastructure in securing software updates in legacy systems and led to the development of a secure software updates plugin for embedded devices. The prototype applies Experimental Research Design and Agile Development Methodology, for building of an evaluation platform. It provides opportunities to assess the dissertation progress and direction throughout the development lifecycle. This is achieved through iterations, coming up with a potentially stable product finally.
- ItemSecuring a "Bring Your Own Application" cloud environment using digital forensics(Strathmore University, 2018) Litunya, Duncan Oyando AkhonyaThe use of cloud applications introduces new challenges to information systems Security. The idea of applications accessible from multiple devices and hosted or provided by third party organizations brings new complications to IT security. In situations where organizations are embracing Bring Your Own Applications (BYOA) and where they allow use of free to public cloud applications within their networks, it is important for IT Security experts to consider how to secure their BYOA environments and also monitor how these applications are used and the flow of information. The aim of this research is to develop a digital forensics based solution for securing BYOA cloud environment. This solution can be used to improve security in an organisation implementing BYOA. The research focuses on free to public cloud applications, whereby security challenges are identified and security measures proposed. The security measures are enforced through the development of a customized solution. The solution has been developed using rapid application development (RAD) system development methodology. Using Geany editor and Python programming language, the prototype developed relies on digital forensics artefacts to gather information about the usage of BYOAs. The solution captures digital forensics artefacts and stores them into a database as logs of the activity on Google Drive application. The solution demonstrates how digital forensics artefacts can be used to enhance security in a BYOA environment.