5 results
Search Results
Now showing 1 - 5 of 5
Item Open Access IOT security based on node-red for secure room monitoring(Mahidol University. Mahidol University Library and Knowledge Center, 2022) Tawatchai Chaipimansri; Thitinan Tantidham; Assadarat Khurat; Dolvara GunatilakaNowadays, the emergence of Internet of Things (IoT) for a secure room monitoring system with an external cloud server for a user notification on the Internet has been a significant role and data security concern. This research project is to develop a secure room monitoring system in such a server room compositing components as follows. (1) A Node-RED Edge System (NRES) equipped with Raspberry Pi (RPi) and a set of environmental sensors such as Pi camera, PIR, and DHT22 is an edge monitoring system. (2) Digital Ocean Cloud Server (DOCS) as a web portal interface service for receiving encrypted notification messages via Rivest–Shamir–Adleman (RSA) from the NRES and forwarding the messages to the system users. (3) Pinata is an InterPlanetary File System (IPFS) for sharing camera image files from an NRES to users. (4) LINE System is for displaying a notification message from DOCS when an unauthorized NRES is detected besides an anomaly environmental status. And (5) Email is used for users to access more notification descriptions. Security mechanisms in this research are deployed as follows. Besides strong authentication, authorization, and account access of each NRES member, the MAC address from each NRES member recorded on the DOCS is used for the verification to protect any rouge Node-RED system. Each MQTT payload between Node-RED system is encrypted by using RSA to mitigate a man-in-the-middle attack. Furthermore, the NRES sends an encrypted Pinata’s CID URL for a sharing camera image file to the user’s email. The DOCS provides the web UI for authenticating users in order to copy and paste the encrypted CID URL obtained from the email. Finally, LINE is applied to notify users of an anomaly event and to forward more event descriptions to user’s email address as multi-factor authentication. Implication of the Thematic Paper: According to the implementations and results of the study, suggestions for further research are as follows. 1. The payload encryption in Node-RED is considered Node-to-Node encryption rather than End-to-End encryption because the message will be decrypted by Node-RED before sending to clients. As a result, additional notification systems such as message forwarding to user’s email address can be implemented to enhance the security and privacy of data. 2. Since the connection speed of Cloud services is intermittent, the performance evaluation should be done in multiple sessions, for instance, once in the morning and the other in the evening.Item Open Access An automatic web server auditing tool based on CIS benchmark(Mahidol University. Mahidol University Library and Knowledge Center, 2022) Wasutum Kethom; Assadarat Khurat; Ittipon Rassameeroj; Dolvara Gunatilakabenchmark. Also, this tool generates two types of reports for the auditor: a summary report and a detailed report so that the auditor can get more information about the audit result. Besides, remediations based on CIS benchmark is also provided in the detail... generates two types of reports for the auditor: a summary report and a detailed report so that the auditor can get more information about the audit result. Besides, remediations based on CIS benchmark is also provided in the detail report.Item Open Access Shiro : a centralized system for detecting attacks from windows event logs(Mahidol University, 2021) Vatcharanun Moonkhaen; Vasaka Visoottiviseth; Damras Wongsawang; Thitinan TantidhamMany organizations or companies have experienced the damages of cyberattacks leveraging the MS Windows products' vulnerabilities, especially as numerous personal computers worldwide are still running the older Windows 7 version without installing... the detection signatures of each CVE from the specific Event logs and their details, so once SHIRO identifies the attack signatures in the records, it identifies the attack type and alerts the administrator. Our experiments, based on both the datasetsItem Open Access A comprehensive framework for migrating to zero trust architecture(Mahidol University. Mahidol University Library and Knowledge Center, 2023) Pacharee Phiayura; Songpon Teerakanok; Vasaka Visoottiviseththe desired security state before deploying ZTA. Later, the organization implemented ZT components and migrated users to ZTA. Finally, the organization monitored and optimized the security performance of ZTA. Thus, based on the meta-analysis results, aItem Metadata only Forensic analysis of M-Banking Apps on Android Platforms(Mahidol University. Mahidol University Library and Knowledge Center, 2016) Rajchada ChanaJitt; Wantanee Viriyasitavat; Choo, Raymondare one of the top app categories that are gaining popularity. Based on a study of mobile money trends in 2015, approximately 69% of mobile users from 15 countries carried out their banking activities via mobile devices. Even though most