MSc.ISS Theses and Dissertations (2022)
Permanent URI for this collection
Browse
Recent Submissions
- ItemA Framework to secure data transmission in wearable heart-rate monitors using Elliptic Curve Cryptography (ECC)(Strathmore University, 2022) Onyango, Oscar OmondiThe wearable technology refers to biological sensors which are conveniently attached to the patient’s body to collect data about their heart rates, body temperature, oxygen levels, and physical activities. They mostly include smart watches. Unfortunately, maintaining data security in terms of integrity, confidentiality, and authenticity of the data during transfer in these wearables is becoming a challenge. Since cyber-criminals are always looking for new avenues to exploit, particularly in a sensitive field like healthcare, wearables can become their next big targets. This study designs and implements an application-based security framework that uses Elliptic Curve Cryptography (ECC) to secure patient data during transmission from wearable heart-rate monitors. The study used integrative and methodological reviews to understand wearable technology by considering the technologies that support patient data sharing, techniques used to abstract data to enhance security during data transmission in wearable devices, and suitable public key encryption algorithms that can be implemented to ensure data security. It then proceeds to apply the Elliptic-Curve Cryptography (ECC) to develop the encryption application-based framework. The results showed that Wi-Fi, Bluetooth, Global Positioning System (GPS), and Cellular Communication are the primary technologies supporting the wearables' data sharing. Data abstraction in wearables is achieved through differences in data models, data names, and counters. ECC was suitable for the implementation because it has smaller keys and can be computed substantially faster. The system’s provision of authentication, confidentiality, and integrity was tested and validated through user tests. It was noted that data in the wearable devices regarding the heart-rate measurement were saved in an encrypted format using the user-generated cryptographic keys. Thus, an unauthorized person could not have access to the data. The passwords, keys, and usernames the user-created were stored using the SHA-hash algorithm in the server. The encrypted were uploaded to the server and could only be viewed or modified after decryption to ensure integrity.
- ItemA Prototype for predicting network intrusions using Bayesian based networks(Strathmore University, 2022) Kirui, Pamela ChemutaiAs technology advances, networks get more sophisticated. As a result, the attack surface for hackers has continued to expand leading to rapid increase in insecurity; therefore, there is need for a line of defence that is reactive and predictive. Traditional protection techniques such as data encryption, user authentication and avoiding programming errors are in existence and act as the first line of defence for computer security however, these techniques are not sufficient to protect against malicious code and insider attacks. Attacks such as programming errors are unavoidable due to the complexity of the system and application software that is rapidly evolving and consequently leaves behind some weaknesses that could be exploited. Research on Intrusion Detection Systems (IDS) has been considered a critical research area to bridge this gap .The challenge with network-based detection is the ability to scheme the behaviour of normal and abnormal traffic. This calls for a reliable system that can learn the structure of network data and differentiate between normal and abnormal. Since there are many applications using different internet protocols an IDS finds it difficult to detect all kinds of attacks efficiently. It suffers from the difficulty of building robust schemes that result in increasing false alarm rates caused by weak feature selection, inefficient classifier generation and data noise generated from imbalanced data. Due to this, predictive Machine language (ML) algorithms have been proposed since they are capable of solving such problems. Various ML methods have previously been employed in areas of network intrusion detections however; Bayesian based Network has been considered a better approach due to its significant features. In this study, experiments were carried out using KDD99 data set. The first experiment was conducted using Weka, a Machine Learning tool and the second experiment was conducted using Python language. First, the data went through pre-processing where most relevant features were selected from the entire data set before classification and thereafter issues of data noise such as class imbalance were removed. Naive Bayes, a Bayesian based Network was used as a classifier to train and test the data in Weka. Secondly, Python language was used to train and test the classifier. In both experiments, training and testing ratios were 0.67 and 0.33 respectively. The algorithm obtained accuracy of 92% using Weka tool and of 90% using Python (JupyterLab).
- ItemA System for reporting online child abuse and offenders(Strathmore University, 2022) Maingi, Eunice M.Online Child Abuse is a major public health concern that requires the combined efforts of all citizens to combat. The government, through legislation and the judiciary have the responsibility of setting up structures to protect children and stop online abuse, for instance, by curbing the production and distribution of Online Child Sexual Abuse Content. Those involved in the perpetration of these crimes should be appropriately prosecuted. In addition, measures should be set up to make reporting easy for the victims or anyone interested in giving a tip to the law enforcers. As knowledge is the first line of defence, a platform where citizens can access information on the variety of online child offenses prevalent in the country, legal implications of committing such offenses and prosecuted offenders is required. This information would inform and forewarn citizens. Kenya does not have such a system in place and relies on international databases for intelligence on harmful online activities directed to children in Kenya. This project sought to tackle this lack of easily accessible information and reporting channels for online child abuse, especially online child sexual abuse, in Kenya. The general objective was to develop a national online system for reporting online child abuse and maintain a record of these abuses. This was achieved by obtaining an understanding of how online child abuse is currently dealt with in Kenya, highlighting and understanding any weaknesses noted. A review of online crime reporting systems in other countries was done to use them as benchmarks for the development of a reporting system for online child abuse in Kenya. A system to report online child abuse and maintain a record of these abuses was designed, developed, tested, and validated for adequacy in addressing the problem of reporting and maintaining a record of online child abuse. Agile software development methodology was used to design, develop, and test the system. Agile development methodology focuses on the system features, while maintaining rapid iterations. As part of data collection, interviews were conducted. Respondents were obtained from child centric institutions and potential system users drawn from among the students, staff, and parents of Strathmore University. The System validation was done by creating some Law Enforcement agency users at different roles to confirm the systems effectiveness in receiving reports of Online Child Abuse and providing useful information and material for investigations.