Arama Sonuçları
Listeleniyor 1 - 7 / 7
Yayın Security analysis of coap and dtls protocols for internet of things applications(Işık Üniversitesi, 2019-08-26) Gürkan, Ali Tunca; Tüysüz Erman, Ayşegül; Işık Üniversitesi, Fen Bilimleri Enstitüsü, Bilgisayar Mühendisliği Yüksek Lisans ProgramıInternet of Things is a very fast growing area. Its requirements and related technologies are changing from day to day. In Internet of Things, devices can communicate with each other with different messaging protocols. The latest messaging protocols are well developed, but they are too heavy to be run on devices developed with old technology. Therefore, these devices have to be operated with old-fashioned protocols. This makes devices vulnerable to security risks. CoAP is a newly developed messaging protocol for constrained devices used in Internet of Things applications. The protocol is a variant of HTTP, so it has similar speci cations. CoAP does not have an embedded security mechanism. Therefore, another protocol called DTLS is used on top of it to provide security. DTLS has powerful functions like handshaking and session processes; however, it is weak against DoS attacks. In this study, we develop a security extension for Internet of Things devices using CoAP with DTLS for secure messaging. DTLS applies handshaking process for every received request. The handshaking process is the most time and resource consuming part of the communication. We propose a security extension to prevent unnecessary messaging during handshaking process of an attacker device that sends a lot of unauthenticated requests. When a client sends requests to a server that has the proposed security extension, the server counts unsuccessful handshaking processes for each client. If the count passes a limit of suspicious requests, the security extension on server adds the client's IP address into a banned IPs list. Until the expiration time, the server does not accept any request from the banned IP address. Our proposed security extension is tested in different scenarios to examine the effects on the network. The results of the experiments show that the enhanced security extension decreases delays on the network and it is helpful for communication between authenticated devices.Yayın Performance and security issues in e-payment systems: pay on-line case(Işık Üniversitesi, 2006-06) Karahasan, Orhan; Kuru, Selahattin; Işık Üniversitesi, Fen Bilimleri Enstitüsü, Bilgisayar Mühendisliği Yüksek Lisans ProgramıIn this thesis, we report an experience on Performance and Security issues in E-Payment systems. We develop an E-Payment system which covers all introduced performance and security measures written in this thesis. We also compare different types of means that can be used in E-Payment systems. We mentioned different types of network architectures, and their benefits and drawbacks for E-Payment systems. An example e-payment system called Pay ON-LINE is developed with the proposed security and performance architectures. This system is in use in Şile campus of Isik University.Yayın Ontological insecurity, anxiety, and hubris: an affective account of Turkey-KRG relations(International Relations Council of Turkey, 2022-03-10) Kayhan Pusane, Özlem; Ilgıt, AslıGiven Iraqi Kurds’ special place in Turkey’s ‘biographical narrative’, Turkey-Iraqi Kurdish Regional Government (KRG) relations are not simply strategic or economic but also highly affectively charged. These relations involve emotional encounters filled with anxiety, pride, anger, and disappointment that generate concerns for not only Turkey’s physical security but also its ontological security. This paper traces the emotional context of Turkey-KRG relationship. It suggests that a combination of Turkey’s deep-rooted ‘anxiety’ and ‘hubris’ toward the Iraqi Kurds prevented the emergence of a close partnership between these two actors and fostered merely a ‘fragile rapprochement’ since 2008.Yayın Dilemma between security and privacy on the internet(Işık Üniversitesi, 2005-07-31) Ayduran, Güven; Akçakaya, Ergül; Yarman, Bekir Sıddık Binboğa; Işık Üniversitesi, Fen Bilimleri Enstitüsü, Enformasyon Teknolojileri Yüksek Lisans ProgramıIn this thesis, the following issues are discussed. Even in today society, it is hard to talk about security and privacy. And no one can imagine what will be structure of tomorrow society. We study what are the internet security systems and government security projects. Even we discuss that these systems effect to human rights and privacy. We define importance of cryptography and discuss relation with human rights. We examine internet privacy laws. We also study about George Orwell's book '1984' and consider similarity between novel and real life. We give information about intellectual property and its rights on the internet. We show that intellectual property rights are not enough to protect all properties and these rules are valid for some economic environments. We also discuss issue in instead of knowledge society, creates ignorance society. All these discussed and studied issues show big dilemma to us between security and privacy. The dilemma goes to a result that there is no security in today's society. Keywords: Security, privacy, internet security, internet privacy rights, cryptography, Orwell, intellectual property rights, knowledge society, ignorance society, internet and dilemma.Yayın Uncertainty as a Swiss army knife: new adversarial attack and defense ideas based on epistemic uncertainty(Springer, 2022-04-02) Tuna, Ömer Faruk; Çatak, Ferhat Özgür; Eskil, Mustafa TanerAlthough state-of-the-art deep neural network models are known to be robust to random perturbations, it was verified that these architectures are indeed quite vulnerable to deliberately crafted perturbations, albeit being quasi-imperceptible. These vulnerabilities make it challenging to deploy deep neural network models in the areas where security is a critical concern. In recent years, many research studies have been conducted to develop new attack methods and come up with new defense techniques that enable more robust and reliable models. In this study, we use the quantified epistemic uncertainty obtained from the model's final probability outputs, along with the model's own loss function, to generate more effective adversarial samples. And we propose a novel defense approach against attacks like Deepfool which result in adversarial samples located near the model's decision boundary. We have verified the effectiveness of our attack method on MNIST (Digit), MNIST (Fashion) and CIFAR-10 datasets. In our experiments, we showed that our proposed uncertainty-based reversal method achieved a worst case success rate of around 95% without compromising clean accuracy.Yayın Parola karma algoritmalarının derinlemesine karşılaştırması: kriptografik güvenlik, performans etkinliği, regülasyon uyumluluğu ve anahtar türetim stratejilerinde gelecek eğilimler(Işık Üniversitesi, Lisansüstü Eğitim Enstitüsü, 2025-06-30) Ulutaş, Erdem; Çeliktaş, Barış; Işık Üniversitesi, Lisansüstü Eğitim Enstitüsü, Siber Güvenlik Yüksek Lisans Programı; Işık University, School of Graduate Studies, Master’s Program in CybersecurityParola karma ve anahtar türetme fonksiyonlarının uygulanması, kullanıcı kimlik bilgilerinin kaba kuvvet saldırılarına ve yetkisiz erişime karşı korunmasını amaçlayan kimlik doğrulama ve kriptografik güvenlik şemalarının temelini oluşturmaktadır. PBKDF2, bcrypt ve scrypt gibi parola karma algoritmaları günümüzde oldukça popüler olmasına rağmen modern donanımdaki gelişmeler, paralel işlem yetenekleri ve gelişmiş kriptoanalitik saldırılar karşısında yetersiz kalmaktadır. Bu eksiklikleri gidermek amacıyla, 2013 yılında parola karma yarışması başlatılmış ve parola karma için 22 aday fonksiyonel değerlendirmeye alınmıştır. Yapılan kapsamlı incelemeler sonucunda, güvenlik, hız, bellek dostu olma, esneklik ve verimlilik kriterlerine dayanarak 9 finalist belirlenmiştir. Bu çalışma, parola karma yarışması finalistleri olan Argon, battcrypt, Catena, Lyra2, MAKWA, Parallel, POMELO, Pufferfish ve yescrypt üzerine yapılan derleme ve performans değerlendirme çalışmalarını ele almaktadır. Finalistler mimari açıdan değerlendirilmiş, güvenlik özellikleri, bellek kullanım dayanıklılığı, performans açısından avantaj ve dezavantajları ayrıca pratik kullanımları incelenmiştir. Bu yeni fonksiyonların geleneksel parola karma algoritmaları ile kıyaslanarak eksiklikleri ve avantajları ortaya konmuştur. Parola karma algoritmalarının kuantum sonrası dayanıklılığı ele alınarak, bu fonksiyonların kuantum saldırılarına karşı dayanıklılığı ve ek bir güvenlik önlemi olarak kullanılan "peppering" tekniğinin rolü araştırılmıştır. Ayrıca parola karma yarışması finalistlerinin NIST SP 800-63B, OWASP ASVS, PCI DSS, GDPR, KVKK ve ISO/IEC 27001 gibi küresel standartlar ve regülasyonlarla olan uyumluluklarını kapsamlı bir şekilde haritalandırılarak, regülasyonlara uyumlu olması gereken organizasyonlarda güvenli dağıtım için pratik uygunlukları değerlendirilmiştir. Son olarak, web kimlik doğrulaması, anahtar türetme fonksiyonları ve gömülü platformlar için bu fonksiyonların kullanımına yönelik öneriler sunulmuştur. Bu çalışmanın amacı, en güncel parola karma ve anahtar türetme fonksiyonları hakkında bilgi sahibi olması gereken araştırmacılar, geliştiriciler ve güvenlik mühendisleri için bir referans kaynağı olmaktır.Yayın Evaluation of password hashing competition finalists: performance, security, compliance mapping, and post-quantum readiness(Karyay Karadeniz Yayımcılık Ve Organizasyon Ticaret Limited Şirketi, 2025-11-15) Ulutaş, Erdem; Çeliktaş, BarışPassword hashes and key derivation functions (KDFs) are central to authentication and cryptographic security schemes crafted to defend user credentials from brute-force attacks and unauthorized access. Password hashing algorithms, for example PBKDF2, bcrypt, or scrypt, are very popular today, but are lacking in the face of modern hardware acceleration, parallel processing, and advanced cryptanalytic attacks. To contest these shortcomings, the Password Hashing Competition (PHC) was started in 2013 and had 22 candidates for functions for hashing passwords. After thorough evaluation, 9 finalists were selected based on how secure, fast, memory-friendly, flexible, and efficient these functions were. This study evaluates the nine PHC finalists—Argon2, battcrypt, Catena, Lyra2, MAKWA, Parallel, POMELO, Pufferfish, and yescrypt—through survey findings and performance benchmarks. We have evaluated these functions from an architectural standpoint and studied their security features, memory hardness, performance tradeoff, and practical usage. We also compare these finalists with traditional password hashing functions to highlight their advantages and limitations. We also investigate the post-quantum assumption for password hashing – the effectiveness of these functions against quantum assaults, their position in a new cryptography set, and the role of peppering as an additional security measure. In addition, we perform a comprehensive compliance mapping of the PHC finalists against major global standards and regulations such as NIST SP 800-63B, OWASP ASVS, PCI DSS, GDPR, KVKK, and ISO/IEC 27001, highlighting their practical suitability for secure deployment in regulated environments. Finally, we provide usage recommendations for these functions for web authentication, KDFs, and embedded platforms. This paper serves as a reference for researchers, developers, and security engineers, while also introducing a complianceaware, post-quantum-ready framework that bridges cryptographic design with regulatory and deployment needs.
