WorldWideScience

Sample records for based security model

  1. Model-based security testing

    OpenAIRE

    Schieferdecker, Ina; Großmann, Jürgen; Schneider, Martin

    2012-01-01

    Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security...

  2. Model-Based Security Testing

    Directory of Open Access Journals (Sweden)

    Ina Schieferdecker

    2012-02-01

    Full Text Available Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.

  3. Reputation based security model for android applications

    OpenAIRE

    Tesfay, Welderufael Berhane; Booth, Todd; Andersson, Karl

    2012-01-01

    The market for smart phones has been booming in the past few years. There are now over 400,000 applications on the Android market. Over 10 billion Android applications have been downloaded from the Android market. Due to the Android popularity, there are now a large number of malicious vendors targeting the platform. Many honest end users are being successfully hacked on a regular basis. In this work, a cloud based reputation security model has been proposed as a solution which greatly mitiga...

  4. Model-based security engineering for the internet of things

    OpenAIRE

    NEISSE RICARDO; STERI GARY; NAI FOVINO Igor; BALDINI Gianmarco; VAN HOESEL Lodewijk

    2015-01-01

    We propose in this chapter a Model-based Security Toolkit (SecKit) and methodology to address the control and protection of user data in the deployment of the Internet of Things (IoT). This toolkit takes a more general approach for security engineering including risk analysis, establishment of aspect-specific trust relationships, and enforceable security policies. We describe the integrated metamodels used in the toolkit and the accompanying security engineering methodology for IoT systems...

  5. A model based security testing method for protocol implementation.

    Science.gov (United States)

    Fu, Yu Long; Xin, Xiao Long

    2014-01-01

    The security of protocol implementation is important and hard to be verified. Since the penetration testing is usually based on the experience of the security tester and the specific protocol specifications, a formal and automatic verification method is always required. In this paper, we propose an extended model of IOLTS to describe the legal roles and intruders of security protocol implementations, and then combine them together to generate the suitable test cases to verify the security of protocol implementation.

  6. European Climate - Energy Security Nexus. A model based scenario analysis

    International Nuclear Information System (INIS)

    Criqui, Patrick; Mima, Silvana

    2011-01-01

    In this research, we have provided an overview of the climate-security nexus in the European sector through a model based scenario analysis with POLES model. The analysis underline that under stringent climate policies, Europe take advantage of a double dividend in its capacity to develop a new cleaner energy model and in lower vulnerability to potential shocks on the international energy markets. (authors)

  7. Dynamic model based on Bayesian method for energy security assessment

    International Nuclear Information System (INIS)

    Augutis, Juozas; Krikštolaitis, Ričardas; Pečiulytė, Sigita; Žutautaitė, Inga

    2015-01-01

    Highlights: • Methodology for dynamic indicator model construction and forecasting of indicators. • Application of dynamic indicator model for energy system development scenarios. • Expert judgement involvement using Bayesian method. - Abstract: The methodology for the dynamic indicator model construction and forecasting of indicators for the assessment of energy security level is presented in this article. An indicator is a special index, which provides numerical values to important factors for the investigated area. In real life, models of different processes take into account various factors that are time-dependent and dependent on each other. Thus, it is advisable to construct a dynamic model in order to describe these dependences. The energy security indicators are used as factors in the dynamic model. Usually, the values of indicators are obtained from statistical data. The developed dynamic model enables to forecast indicators’ variation taking into account changes in system configuration. The energy system development is usually based on a new object construction. Since the parameters of changes of the new system are not exactly known, information about their influences on indicators could not be involved in the model by deterministic methods. Thus, dynamic indicators’ model based on historical data is adjusted by probabilistic model with the influence of new factors on indicators using the Bayesian method

  8. MODEL-BASED SECURITY ENGINEERING OF SOA SYSTEM USING SECURITY INTENT DSL

    OpenAIRE

    Muhammad Qaiser Saleem; Jafreezal Jaafar; Mohd Fadzil Hassan

    2011-01-01

    Currently most of the enterprises are using SOA and web services technologies to build their web information system. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of development and left onto developer. Properly configuring security requirements in SOA applications is...

  9. Modeling and Security Threat Assessments of Data Processed in Cloud Based Information Systems

    Directory of Open Access Journals (Sweden)

    Darya Sergeevna Simonenkova

    2016-03-01

    Full Text Available The subject of the research is modeling and security threat assessments of data processed in cloud based information systems (CBIS. This method allow to determine the current security threats of CBIS, state of the system in which vulnerabilities exists, level of possible violators, security properties and to generate recommendations for neutralizing security threats of CBIS.

  10. Agent-Based Modelling for Security Risk Assessment

    NARCIS (Netherlands)

    Janssen, S.A.M.; Sharpans'kykh, Alexei; Bajo, J.; Vale, Z.; Hallenborg, K.; Rocha, A.P.; Mathieu, P.; Pawlewski, P.; Del Val, E.; Novais, P.; Lopes, F.; Duque Méndez, N.D.; Julián, V.; Holmgren, J.

    2017-01-01

    Security Risk Assessment is commonly performed by using traditional methods based on linear probabilistic tools and informal expert judgements. These methods lack the capability to take the inherent dynamic and intelligent nature of attackers into account. To partially address the limitations,

  11. A security modeling approach for web-service-based business processes

    DEFF Research Database (Denmark)

    Jensen, Meiko; Feja, Sven

    2009-01-01

    a transformation that automatically derives WS-SecurityPolicy-conformant security policies from the process model, which in conjunction with the generated WS-BPEL processes and WSDL documents provides the ability to deploy and run the complete security-enhanced process based on Web Service technology.......The rising need for security in SOA applications requires better support for management of non-functional properties in web-based business processes. Here, the model-driven approach may provide valuable benefits in terms of maintainability and deployment. Apart from modeling the pure functionality...... of a process, the consideration of security properties at the level of a process model is a promising approach. In this work-in-progress paper we present an extension to the ARIS SOA Architect that is capable of modeling security requirements as a separate security model view. Further we provide...

  12. Modelling security properties in a grid-based operating system with anti-goals

    OpenAIRE

    Arenas, A.; Aziz, Benjamin; Bicarregui, J.; Matthews, B.; Yang, E.

    2008-01-01

    In this paper, we discuss the use of formal requirements-engineering techniques in capturing security requirements for a Grid-based operating system. We use KAOS goal model to represent two security goals for Grid systems, namely authorisation and single-sign on authentication. We apply goal-refinement to derive security requirements for these two security goals and we develop a model of antigoals and show how system vulnerabilities and threats to the security goals can arise from such anti-m...

  13. Security extension for the Canetti-Krawczyk model in identity-based systems

    Institute of Scientific and Technical Information of China (English)

    LI Xinghua; MA Jianfeng; SangJae Moon

    2005-01-01

    The Canetti-Krawczyk (CK) model is a formalism for the analysis of keyexchange protocols, which can guarantee many security properties for the protocols proved secure by this model. But we find this model lacks the ability to guarantee key generation center (KGC) forward secrecy, which is an important security property for key-agreement protocols based on Identity. The essential reason leading to this weakness is that it does not fully consider the attacker's capabilities. In this paper, the CK model is accordingly extended with a new additional attacker's capability of the KGC corruption in Identity-based systems, which enables it to support KGC forward secrecy.

  14. Model-based security analysis of the German health card architecture.

    Science.gov (United States)

    Jürjens, J; Rumm, R

    2008-01-01

    Health-care information systems are particularly security-critical. In order to make these applications secure, the security analysis has to be an integral part of the system design and IT management process for such systems. This work presents the experiences and results from the security analysis of the system architecture of the German Health Card, by making use of an approach to model-based security engineering that is based on the UML extension UMLsec. The focus lies on the security mechanisms and security policies of the smart-card-based architecture which were analyzed using the UMLsec method and tools. Main results of the paper include a report on the employment of the UMLsec method in an industrial health information systems context as well as indications of its benefits and limitations. In particular, two potential security weaknesses were detected and countermeasures discussed. The results indicate that it can be feasible to apply a model-based security analysis using UMLsec to an industrial health information system like the German Health Card architecture, and that doing so can have concrete benefits (such as discovering potential weaknesses, and an increased confidence that no further vulnerabilities of the kind that were considered are present).

  15. Enterprise Architecture-Based Risk and Security Modelling and Analysis

    NARCIS (Netherlands)

    Jonkers, Henk; Quartel, Dick; Kordy, Barbara; Ekstedt, Mathias; Seong Kim, Deng

    2016-01-01

    The growing complexity of organizations and the increasing number of sophisticated cyber attacks asks for a systematic and integral approach to Enterprise Risk and Security Management (ERSM). As enterprise architecture offers the necessary integral perspective, including the business and IT aspects

  16. A Secure Network Coding-based Data Gathering Model and Its Protocol in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Qian Xiao

    2012-09-01

    Full Text Available To provide security for data gathering based on network coding in wireless sensor networks (WSNs, a secure network coding-based data gathering model is proposed, and a data-privacy preserving and pollution preventing (DPPaamp;PP protocol using network coding is designed. DPPaamp;PP makes use of a new proposed pollution symbol selection and pollution (PSSP scheme based on a new obfuscation idea to pollute existing symbols. Analyses of DPPaamp;PP show that it not only requires low overhead on computation and communication, but also provides high security on resisting brute-force attacks.

  17. Security Process Capability Model Based on ISO/IEC 15504 Conformant Enterprise SPICE

    Directory of Open Access Journals (Sweden)

    Mitasiunas Antanas

    2014-07-01

    Full Text Available In the context of modern information systems, security has become one of the most critical quality attributes. The purpose of this paper is to address the problem of quality of information security. An approach to solve this problem is based on the main assumption that security is a process oriented activity. According to this approach, product quality can be achieved by means of process quality - process capability. Introduced in the paper, SPICE conformant information security process capability model is based on process capability modeling elaborated by world-wide software engineering community during the last 25 years, namely ISO/IEC 15504 that defines the capability dimension and the requirements for process definition and domain independent integrated model for enterprise-wide assessment and Enterprise SPICE improvement

  18. Model Based Cyber Security Analysis for Research Reactor Protection System

    International Nuclear Information System (INIS)

    Sho, Jinsoo; Rahman, Khalil Ur; Heo, Gyunyoung; Son, Hanseong

    2013-01-01

    The study on the qualitative risk due to cyber-attacks into research reactors was performed using bayesian Network (BN). This was motivated to solve the issues of cyber security raised due to digitalization of instrumentation and control (I and C) system. As a demonstrative example, we chose the reactor protection system (RPS) of research reactors. Two scenarios of cyber-attacks on RPS were analyzed to develop mitigation measures against vulnerabilities. The one is the 'insertion of reactor trip' and the other is the 'scram halt'. The six mitigation measures are developed for five vulnerability for these scenarios by getting the risk information from BN

  19. An Elliptic Curve Based Schnorr Cloud Security Model in Distributed Environment

    Directory of Open Access Journals (Sweden)

    Vinothkumar Muthurajan

    2016-01-01

    Full Text Available Cloud computing requires the security upgrade in data transmission approaches. In general, key-based encryption/decryption (symmetric and asymmetric mechanisms ensure the secure data transfer between the devices. The symmetric key mechanisms (pseudorandom function provide minimum protection level compared to asymmetric key (RSA, AES, and ECC schemes. The presence of expired content and the irrelevant resources cause unauthorized data access adversely. This paper investigates how the integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme. This paper proposes a virtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA to remove the expired content. The HCSA-based auditing improves the malicious activity prediction during the data transfer. The duplication in the cloud server degrades the performance of EC-Schnorr based encryption schemes. This paper utilizes the blooming filter concept to avoid the cloud server duplication. The combination of EC-Schnorr and blooming filter efficiently improves the security performance. The comparative analysis between proposed HCSA and the existing Distributed Hash Table (DHT regarding execution time, computational overhead, and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security model creation.

  20. An Elliptic Curve Based Schnorr Cloud Security Model in Distributed Environment.

    Science.gov (United States)

    Muthurajan, Vinothkumar; Narayanasamy, Balaji

    2016-01-01

    Cloud computing requires the security upgrade in data transmission approaches. In general, key-based encryption/decryption (symmetric and asymmetric) mechanisms ensure the secure data transfer between the devices. The symmetric key mechanisms (pseudorandom function) provide minimum protection level compared to asymmetric key (RSA, AES, and ECC) schemes. The presence of expired content and the irrelevant resources cause unauthorized data access adversely. This paper investigates how the integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme. This paper proposes a virtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA) to remove the expired content. The HCSA-based auditing improves the malicious activity prediction during the data transfer. The duplication in the cloud server degrades the performance of EC-Schnorr based encryption schemes. This paper utilizes the blooming filter concept to avoid the cloud server duplication. The combination of EC-Schnorr and blooming filter efficiently improves the security performance. The comparative analysis between proposed HCSA and the existing Distributed Hash Table (DHT) regarding execution time, computational overhead, and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security model creation.

  1. Model Based Cyber Security Analysis for Research Reactor Protection System

    Energy Technology Data Exchange (ETDEWEB)

    Sho, Jinsoo; Rahman, Khalil Ur; Heo, Gyunyoung [Kyung Hee Univ., Yongin (Korea, Republic of); Son, Hanseong [Joongbu Univ., Geumsan (Korea, Republic of)

    2013-07-01

    The study on the qualitative risk due to cyber-attacks into research reactors was performed using bayesian Network (BN). This was motivated to solve the issues of cyber security raised due to digitalization of instrumentation and control (I and C) system. As a demonstrative example, we chose the reactor protection system (RPS) of research reactors. Two scenarios of cyber-attacks on RPS were analyzed to develop mitigation measures against vulnerabilities. The one is the 'insertion of reactor trip' and the other is the 'scram halt'. The six mitigation measures are developed for five vulnerability for these scenarios by getting the risk information from BN.

  2. Security analysis of chaotic communication systems based on Volterra-Wiener-Korenberg model

    International Nuclear Information System (INIS)

    Lei Min; Meng Guang; Feng Zhengjin

    2006-01-01

    Pseudo-randomicity is an important cryptological characteristic for proof of encryption algorithms. This paper proposes a nonlinear detecting method based on Volterra-Wiener-Korenberg model and suggests an autocorrelation function to analyze the pseudo-randomicity of chaotic secure systems under different sampling interval. The results show that: (1) the increase of the order of the chaotic transmitter will not necessarily result in a high degree of security; (2) chaotic secure systems have higher and stronger pseudo-randomicity at sparse sampling interval due to the similarity of chaotic time series to the noise; (3) Volterra-Wiener-Korenberg method can also give a further appropriate sparse sampling interval for improving the security of chaotic secure communication systems. For unmasking chaotic communication systems, the Volterra-Wiener-Korenberg technique can be applied to analyze the chaotic time series with surrogate data

  3. Evaluation of Water Resource Security Based on an MIV-BP Model in a Karst Area

    Directory of Open Access Journals (Sweden)

    Liying Liu

    2018-06-01

    Full Text Available Evaluation of water resource security deserves particular attention in water resource planning and management. A typical karst area in Guizhou Province, China, was used as the research area in this paper. First, based on data from Guizhou Province for the past 10 years, the mean impact value–back propagation (MIV-BP model was used to analyze the factors influencing water resource security in the karst area. Second, 18 indices involving five aspects, water environment subsystem, social subsystem, economic subsystem, ecological subsystem, and human subsystem, were selected to establish an evaluation index of water resource security. Finally, a BP artificial neural network model was constructed to evaluate the water resource security of Guizhou Province from 2005 to 2014. The results show that water resource security in Guizhou, which was at a moderate warning level from 2005 to 2009 and a critical safety level from 2010 to 2014, has generally improved. Groundwater supply ratio, industrial water utilization rate, water use efficiency, per capita grain production, and water yield modulus were the obstacles to water resource security. Driving factors were comprehensive utilization rate of industrial solid waste, qualifying rate of industrial wastewater, above moderate rocky desertification area ratio, water requirement per unit gross domestic product (GDP, and degree of development and utilization of groundwater. Our results provide useful suggestions on the management of water resource security in Guizhou Province and a valuable reference for water resource research.

  4. A Trust-Based Model for Security Cooperating in Vehicular Cloud Computing

    Directory of Open Access Journals (Sweden)

    Zhipeng Tang

    2016-01-01

    Full Text Available VCC is a computing paradigm which consists of vehicles cooperating with each other to realize a lot of practical applications, such as delivering packages. Security cooperation is a fundamental research topic in Vehicular Cloud Computing (VCC. Because of the existence of malicious vehicles, the security cooperation has become a challenging issue in VCC. In this paper, a trust-based model for security cooperating, named DBTEC, is proposed to promote vehicles’ security cooperation in VCC. DBTEC combines the indirect trust estimation in Public board and the direct trust estimation in Private board to compute the trust value of vehicles when choosing cooperative partners; a trustworthy cooperation path generating scheme is proposed to ensure the safety of cooperation and increase the cooperation completion rates in VCC. Extensive experiments show that our scheme improves the overall cooperation completion rates by 6~7%.

  5. A Formal Model of Trust Chain based on Multi-level Security Policy

    OpenAIRE

    Kong Xiangying

    2013-01-01

    Trust chain is the core technology of trusted computing. A formal model of trust chain based on finite state automata theory is proposed. We use communicating sequential processes to describe the system state transition in trust chain and by combining with multi-level security strategy give the definition of trust system and trust decision theorem of trust chain transfer which is proved meantime. Finally, a prototype system is given to show the efficiency of the model.

  6. Information risk and security modeling

    Science.gov (United States)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  7. Generating WS-SecurityPolicy documents via security model transformation

    DEFF Research Database (Denmark)

    Jensen, Meiko

    2009-01-01

    When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriat...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development.......When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...

  8. Constructing RBAC based security model in u-healthcare service platform.

    Science.gov (United States)

    Shin, Moon Sun; Jeon, Heung Seok; Ju, Yong Wan; Lee, Bum Ju; Jeong, Seon-Phil

    2015-01-01

    In today's era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation's healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP) applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR), recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices.

  9. Constructing RBAC Based Security Model in u-Healthcare Service Platform

    Directory of Open Access Journals (Sweden)

    Moon Sun Shin

    2015-01-01

    Full Text Available In today’s era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation’s healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR, recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices.

  10. Constructing RBAC Based Security Model in u-Healthcare Service Platform

    Science.gov (United States)

    Shin, Moon Sun; Jeon, Heung Seok; Ju, Yong Wan; Lee, Bum Ju; Jeong, Seon-Phil

    2015-01-01

    In today's era of aging society, people want to handle personal health care by themselves in everyday life. In particular, the evolution of medical and IT convergence technology and mobile smart devices has made it possible for people to gather information on their health status anytime and anywhere easily using biometric information acquisition devices. Healthcare information systems can contribute to the improvement of the nation's healthcare quality and the reduction of related cost. However, there are no perfect security models or mechanisms for healthcare service applications, and privacy information can therefore be leaked. In this paper, we examine security requirements related to privacy protection in u-healthcare service and propose an extended RBAC based security model. We propose and design u-healthcare service integration platform (u-HCSIP) applying RBAC security model. The proposed u-HCSIP performs four main functions: storing and exchanging personal health records (PHR), recommending meals and exercise, buying/selling private health information or experience, and managing personal health data using smart devices. PMID:25695104

  11. A network security situation prediction model based on wavelet neural network with optimized parameters

    Directory of Open Access Journals (Sweden)

    Haibo Zhang

    2016-08-01

    Full Text Available The security incidents ion networks are sudden and uncertain, it is very hard to precisely predict the network security situation by traditional methods. In order to improve the prediction accuracy of the network security situation, we build a network security situation prediction model based on Wavelet Neural Network (WNN with optimized parameters by the Improved Niche Genetic Algorithm (INGA. The proposed model adopts WNN which has strong nonlinear ability and fault-tolerance performance. Also, the parameters for WNN are optimized through the adaptive genetic algorithm (GA so that WNN searches more effectively. Considering the problem that the adaptive GA converges slowly and easily turns to the premature problem, we introduce a novel niche technology with a dynamic fuzzy clustering and elimination mechanism to solve the premature convergence of the GA. Our final simulation results show that the proposed INGA-WNN prediction model is more reliable and effective, and it achieves faster convergence-speed and higher prediction accuracy than the Genetic Algorithm-Wavelet Neural Network (GA-WNN, Genetic Algorithm-Back Propagation Neural Network (GA-BPNN and WNN.

  12. Campus network security model study

    Science.gov (United States)

    Zhang, Yong-ku; Song, Li-ren

    2011-12-01

    Campus network security is growing importance, Design a very effective defense hacker attacks, viruses, data theft, and internal defense system, is the focus of the study in this paper. This paper compared the firewall; IDS based on the integrated, then design of a campus network security model, and detail the specific implementation principle.

  13. Process Models for Security Architectures

    Directory of Open Access Journals (Sweden)

    Floarea NASTASE

    2006-01-01

    Full Text Available This paper presents a model for an integrated security system, which can be implemented in any organization. It is based on security-specific standards and taxonomies as ISO 7498-2 and Common Criteria. The functionalities are derived from the classes proposed in the Common Criteria document. In the paper we present the process model for each functionality and also we focus on the specific components.

  14. Agent-Based Model of Information Security System: Architecture and Formal Framework for Coordinated Intelligent Agents Behavior Specification

    National Research Council Canada - National Science Library

    Gorodetski, Vladimir

    2001-01-01

    The contractor will research and further develop the technology supporting an agent-based architecture for an information security system and a formal framework to specify a model of distributed knowledge...

  15. Towards second-generation smart card-based authentication in health information systems: the secure server model.

    Science.gov (United States)

    Hallberg, J; Hallberg, N; Timpka, T

    2001-01-01

    Conventional smart card-based authentication systems used in health care alleviate some of the security issues in user and system authentication. Existing models still do not cover all security aspects. To enable new protective measures to be developed, an extended model of the authentication process is presented. This model includes a new entity referred to as secure server. Assuming a secure server, a method where the smart card is aware of the status of the terminal integrity verification becomes feasible. The card can then act upon this knowledge and restrict the exposure of sensitive information to the terminal as required in order to minimize the risks. The secure server model can be used to illuminate the weaknesses of current approaches and the need for extensions which alleviate the resulting risks.

  16. Vague Sets Security Measure for Steganographic System Based on High-Order Markov Model

    Directory of Open Access Journals (Sweden)

    Chun-Juan Ouyang

    2017-01-01

    Full Text Available Security measure is of great importance in both steganography and steganalysis. Considering that statistical feature perturbations caused by steganography in an image are always nondeterministic and that an image is considered nonstationary, in this paper, the steganography is regarded as a fuzzy process. Here a steganographic security measure is proposed. This security measure evaluates the similarity between two vague sets of cover images and stego images in terms of n-order Markov chain to capture the interpixel correlation. The new security measure has proven to have the properties of boundedness, commutativity, and unity. Furthermore, the security measures of zero order, first order, second order, third order, and so forth are obtained by adjusting the order value of n-order Markov chain. Experimental results indicate that the larger n is, the better the measuring ability of the proposed security measure will be. The proposed security measure is more sensitive than other security measures defined under a deterministic distribution model, when the embedding is low. It is expected to provide a helpful guidance for designing secure steganographic algorithms or reliable steganalytic methods.

  17. Quantum secure communication models comparison

    Directory of Open Access Journals (Sweden)

    Georgi Petrov Bebrov

    2017-12-01

    Full Text Available The paper concerns the quantum cryptography, more specifically, the quantum secure communication type of schemes. The main focus here is on making a comparison between the distinct secure quantum communication models – quantum secure direct communication and deterministic secure quantum communication, in terms of three parameters: resource efficiency, eavesdropping check efficiency, and security (degree of preserving the confidentiality.

  18. Security Management Model in Cloud Computing Environment

    OpenAIRE

    Ahmadpanah, Seyed Hossein

    2016-01-01

    In the cloud computing environment, cloud virtual machine (VM) will be more and more the number of virtual machine security and management faced giant Challenge. In order to address security issues cloud computing virtualization environment, this paper presents a virtual machine based on efficient and dynamic deployment VM security management model state migration and scheduling, study of which virtual machine security architecture, based on AHP (Analytic Hierarchy Process) virtual machine de...

  19. Information Security Maturity Model

    OpenAIRE

    Information Security Maturity Model

    2011-01-01

    To ensure security, it is important to build-in security in both the planning and the design phases andadapt a security architecture which makes sure that regular and security related tasks, are deployedcorrectly. Security requirements must be linked to the business goals. We identified four domains thataffect security at an organization namely, organization governance, organizational culture, thearchitecture of the systems, and service management. In order to identify and explore the strengt...

  20. A threat-vulnerability based risk analysis model for cyber physical system security

    CSIR Research Space (South Africa)

    Ledwaba, Lehlogonolo

    2017-01-01

    Full Text Available model. An analysis of the Natanz system shows that, with an actual case security-risk score at Mitigation level 5, the infested facilities barely avoided a situation worse than the one which occurred. The paper concludes with a discussion on the need...

  1. Social impact theory based modeling for security analysis in the nuclear fuel cycle

    Energy Technology Data Exchange (ETDEWEB)

    Woo, Tae Ho [Systemix Global Co. Ltd., Seoul (Korea, Republic of)

    2015-03-15

    The nuclear fuel cycle is investigated for the perspective of the nuclear non-proliferation. The random number generation of the Monte-Carlo method is utilized for the analysis. Five cases are quantified by the random number generations. These values are summed by the described equations. The higher values are shown in 52{sup nd} and 73{sup rd} months. This way could be a useful obligation in the license of the plant construction. The security of the nuclear fuel cycle incorporated with nuclear power plants (NPPs) is investigated using social impact theory. The dynamic quantification of the theory shows the non-secured time for act of terrorism which is considered for the non-secured condition against the risk of theft in nuclear material. For a realistic consideration, the meta-theoretical framework for modeling is performed for situations where beliefs, attributes or behaviors of an individual are influenced by those of others.

  2. Social impact theory based modeling for security analysis in the nuclear fuel cycle

    International Nuclear Information System (INIS)

    Woo, Tae Ho

    2015-01-01

    The nuclear fuel cycle is investigated for the perspective of the nuclear non-proliferation. The random number generation of the Monte-Carlo method is utilized for the analysis. Five cases are quantified by the random number generations. These values are summed by the described equations. The higher values are shown in 52 nd and 73 rd months. This way could be a useful obligation in the license of the plant construction. The security of the nuclear fuel cycle incorporated with nuclear power plants (NPPs) is investigated using social impact theory. The dynamic quantification of the theory shows the non-secured time for act of terrorism which is considered for the non-secured condition against the risk of theft in nuclear material. For a realistic consideration, the meta-theoretical framework for modeling is performed for situations where beliefs, attributes or behaviors of an individual are influenced by those of others.

  3. Knowledge-based computer security advisor

    International Nuclear Information System (INIS)

    Hunteman, W.J.; Squire, M.B.

    1991-01-01

    The rapid expansion of computer security information and technology has included little support to help the security officer identify the safeguards needed to comply with a policy and to secure a computing system. This paper reports that Los Alamos is developing a knowledge-based computer security system to provide expert knowledge to the security officer. This system includes a model for expressing the complex requirements in computer security policy statements. The model is part of an expert system that allows a security officer to describe a computer system and then determine compliance with the policy. The model contains a generic representation that contains network relationships among the policy concepts to support inferencing based on information represented in the generic policy description

  4. Security-Based Mechanism for Proactive Routing Schema Using Game Theory Model

    Directory of Open Access Journals (Sweden)

    Hicham Amraoui

    2016-01-01

    Full Text Available Game theory may offer a useful mechanism to address many problems in mobile ad hoc networks (MANETs. One of the key concepts in the research field of such networks with Optimized Link State Routing Protocol (OLSR is the security problem. Relying on applying game theory to study this problem, we consider two strategies during this suggested model: cooperate and not-cooperate. However, in such networks, it is not easy to identify different actions of players. In this paper, we have essentially been inspired from recent advances provided in game theory to propose a new model for security in MANETs. Our proposal presents a powerful tool with a large number of players where interactions are played multiple times. Moreover, each node keeps a cooperation rate (CR record of other nodes to cope with the behaviors and mitigate aggregate effect of other malicious devices. Additionally, our suggested security mechanism does not only take into consideration security requirements, but also take into account system resources and network performances. The simulation results using Network Simulator 3 are presented to illustrate the effectiveness of the proposal.

  5. An Analysis of Cloud Model-Based Security for Computing Secure Cloud Bursting and Aggregation in Real Environment

    OpenAIRE

    Pritesh Jain; Vaishali Chourey; Dheeraj Rane

    2011-01-01

    Cloud Computing has emerged as a major information and communications technology trend and has been proved as a key technology for market development and analysis for the users of several field. The practice of computing across two or more data centers separated by the Internet is growing in popularity due to an explosion in scalable computing demands. However, one of the major challenges that faces the cloud computing is how to secure and protect the data and processes the data of the user. ...

  6. Modeling and Simulation of a Novel Relay Node Based Secure Routing Protocol Using Multiple Mobile Sink for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Madhumathy Perumal

    2015-01-01

    Full Text Available Data gathering and optimal path selection for wireless sensor networks (WSN using existing protocols result in collision. Increase in collision further increases the possibility of packet drop. Thus there is a necessity to eliminate collision during data aggregation. Increasing the efficiency is the need of the hour with maximum security. This paper is an effort to come up with a reliable and energy efficient WSN routing and secure protocol with minimum delay. This technique is named as relay node based secure routing protocol for multiple mobile sink (RSRPMS. This protocol finds the rendezvous point for optimal transmission of data using a “splitting tree” technique in tree-shaped network topology and then to determine all the subsequent positions of a sink the “Biased Random Walk” model is used. In case of an event, the sink gathers the data from all sources, when they are in the sensing range of rendezvous point. Otherwise relay node is selected from its neighbor to transfer packets from rendezvous point to sink. A symmetric key cryptography is used for secure transmission. The proposed relay node based secure routing protocol for multiple mobile sink (RSRPMS is experimented and simulation results are compared with Intelligent Agent-Based Routing (IAR protocol to prove that there is increase in the network lifetime compared with other routing protocols.

  7. Information Technology Security Professionals' Knowledge and Use Intention Based on UTAUT Model

    Science.gov (United States)

    Kassa, Woldeloul

    2016-01-01

    Information technology (IT) security threats and vulnerabilities have become a major concern for organizations in the United States. However, there has been little research on assessing the effect of IT security professionals' knowledge on the use of IT security controls. This study examined the unified theory of acceptance and use of technology…

  8. Supporting reputation based trust management enhancing security layer for cloud service models

    Science.gov (United States)

    Karthiga, R.; Vanitha, M.; Sumaiya Thaseen, I.; Mangaiyarkarasi, R.

    2017-11-01

    In the existing system trust between cloud providers and consumers is inadequate to establish the service level agreement though the consumer’s response is good cause to assess the overall reliability of cloud services. Investigators recognized the significance of trust can be managed and security can be provided based on feedback collected from participant. In this work a face recognition system that helps to identify the user effectively. So we use an image comparison algorithm where the user face is captured during registration time and get stored in database. With that original image we compare it with the sample image that is already stored in database. If both the image get matched then the users are identified effectively. When the confidential data are subcontracted to the cloud, data holders will become worried about the confidentiality of their data in the cloud. Encrypting the data before subcontracting has been regarded as the important resources of keeping user data privacy beside the cloud server. So in order to keep the data secure we use an AES algorithm. Symmetric-key algorithms practice a shared key concept, keeping data secret requires keeping this key secret. So only the user with private key can decrypt data.

  9. Security of statistical data bases: invasion of privacy through attribute correlational modeling

    Energy Technology Data Exchange (ETDEWEB)

    Palley, M.A.

    1985-01-01

    This study develops, defines, and applies a statistical technique for the compromise of confidential information in a statistical data base. Attribute Correlational Modeling (ACM) recognizes that the information contained in a statistical data base represents real world statistical phenomena. As such, ACM assumes correlational behavior among the database attributes. ACM proceeds to compromise confidential information through creation of a regression model, where the confidential attribute is treated as the dependent variable. The typical statistical data base may preclude the direct application of regression. In this scenario, the research introduces the notion of a synthetic data base, created through legitimate queries of the actual data base, and through proportional random variation of responses to these queries. The synthetic data base is constructed to resemble the actual data base as closely as possible in a statistical sense. ACM then applies regression analysis to the synthetic data base, and utilizes the derived model to estimate confidential information in the actual database.

  10. Network model of security system

    Directory of Open Access Journals (Sweden)

    Adamczyk Piotr

    2016-01-01

    Full Text Available The article presents the concept of building a network security model and its application in the process of risk analysis. It indicates the possibility of a new definition of the role of the network models in the safety analysis. Special attention was paid to the development of the use of an algorithm describing the process of identifying the assets, vulnerability and threats in a given context. The aim of the article is to present how this algorithm reduced the complexity of the problem by eliminating from the base model these components that have no links with others component and as a result and it was possible to build a real network model corresponding to reality.

  11. Threat modeling designing for security

    CERN Document Server

    Shostack, Adam

    2014-01-01

    Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. Systems secur

  12. Cost-effectiveness of Security Measures: A model-based Framework

    NARCIS (Netherlands)

    Pieters, Wolter; Probst, Christian W.; Lukszo, Zofia; Montoya, L.; Tsiakis, Theodosios; Kargidis, Theodorus; Katsaros, Panagiotis

    Recently, cyber security has become an important topic on the agenda of many organisations. It is already widely acknowledged that attacks do happen, and decision makers face the problem of how to respond. As it is almost impossible to secure a complex system completely, it is important to have an

  13. Cost-effectiveness of Security Measures: A model-based Framework

    DEFF Research Database (Denmark)

    Pieters, Wolter; Probst, Christian W.; Lukszo, Zofia

    2014-01-01

    Recently, cyber security has become an important topic on the agenda of many organisations. It is already widely acknowledged that attacks do happen, and decision makers face the problem of how to respond. As it is almost impossible to secure a complex system completely, it is important to have...... an adequate estimate of the effectiveness of security measures when making investment decisions. Risk concepts are known in principle, but estimating the effectiveness of countermeasure proves to be difficult and cannot be achieved by qualitative approaches only. In this chapter, the authors consider...... the question of how to guarantee cost-effectiveness of security measures. They investigate the possibility of using existing frameworks and tools, the challenges in a security context as opposed to a safety context, and directions for future research....

  14. On Protocol Security in the Cryptographic Model

    DEFF Research Database (Denmark)

    Nielsen, Jesper Buus

    you as possible. This is the general problem of secure multiparty computation. The usual way of formalizing the problem is to say that a number of parties who do not trust each other wish to compute some function of their local inputs, while keeping their inputs as secret as possible and guaranteeing...... the channels by which they communicate. A general solution to the secure multiparty computation problem is a compiler which given any feasible function describes an efficient protocol which allows the parties to compute the function securely on their local inputs over an open network. Over the past twenty...... years the secure multiparty computation problem has been the subject of a large body of research, both research into the models of multiparty computation and research aimed at realizing general secure multiparty computation. The main approach to realizing secure multiparty computation has been based...

  15. Modelling security and trust with Secure Tropos

    NARCIS (Netherlands)

    Giorgini, P.; Mouratidis, H.; Zannone, N.; Mouratidis, H.; Giorgini, P.

    2006-01-01

    Although the concepts of security and trust play an important issue in the development of information systems, they have been mainly neglected by software engineering methodologies. In this chapter we present an approach that considers security and trust throughout the software development process.

  16. Analysis of rice policy based on presidential instruction on household food security: simultaneous equation model

    Science.gov (United States)

    Sembiring, S. A.

    2018-02-01

    The objective of this research is to analyze the impacts of rice policy on the household food security. The research used cross section data, were collected from 74 respondent as determined by purposive sampling in Sei Rejo villages, the Sub District of Sei Rampah, Serdang Bedagai District in the Province of North Sumatera. Rice policy model specification uses the simultaneous equations consisting of 6 structural equations and 6 identity equations which was estimated using Two Stages Least Squares (2SLS) method. The results show that the effectiveness of government purchase price of dried harvest paddy gave a positive impact on paddy planted area and lead to an increase paddy production and an increase of the rice production gave a positive impact on household rice availability and household rice surplus, and the increase of household rice surplus gave the quantity of Raskin decrease, whereas the increase of fertilizers gave a negative impact on paddy planted area and lead to decrease paddy production and to decrease in rice production was followed by an decrease in household rice availability and household rice surplus, and the decrease of household rice surplus gave the quantity of Raskin increase.

  17. Near field communication (NFC) model for arduino uno based security systems office system

    Science.gov (United States)

    Chairunnas, A.; Abdurrasyid, I.

    2018-03-01

    Currently, many offices or companies that start growing rapidly in a company or office should have a very limited room to enter only people entitled to enter the room and use the facilities contained in it, for example, Files in it must have many files and documents very important because to reduce the abuse of files and irresponsible person. Because it will be made room door security system by using Near Field Communication on android smartphone. Software used is Arduino IDE. The tools used in this system are Arduino Uno R3, NFC shield, pear sensor, bell, led, servo, 16 × 2 LCD, and Near Field Communication (NFC) in android smartphone. This system runs based on 2 inputs of a new technology that is Near Field Communication (NFC) in android smartphone. And also use pear sensor to detect unauthorized person entering the room. If the correct password is entered then the door will open and the pear sensor will light off if wrong then the bell will light up.

  18. Analyzing Cyber Security Threats on Cyber-Physical Systems Using Model-Based Systems Engineering

    Science.gov (United States)

    Kerzhner, Aleksandr; Pomerantz, Marc; Tan, Kymie; Campuzano, Brian; Dinkel, Kevin; Pecharich, Jeremy; Nguyen, Viet; Steele, Robert; Johnson, Bryan

    2015-01-01

    The spectre of cyber attacks on aerospace systems can no longer be ignored given that many of the components and vulnerabilities that have been successfully exploited by the adversary on other infrastructures are the same as those deployed and used within the aerospace environment. An important consideration with respect to the mission/safety critical infrastructure supporting space operations is that an appropriate defensive response to an attack invariably involves the need for high precision and accuracy, because an incorrect response can trigger unacceptable losses involving lives and/or significant financial damage. A highly precise defensive response, considering the typical complexity of aerospace environments, requires a detailed and well-founded understanding of the underlying system where the goal of the defensive response is to preserve critical mission objectives in the presence of adversarial activity. In this paper, a structured approach for modeling aerospace systems is described. The approach includes physical elements, network topology, software applications, system functions, and usage scenarios. We leverage Model-Based Systems Engineering methodology by utilizing the Object Management Group's Systems Modeling Language to represent the system being analyzed and also utilize model transformations to change relevant aspects of the model into specialized analyses. A novel visualization approach is utilized to visualize the entire model as a three-dimensional graph, allowing easier interaction with subject matter experts. The model provides a unifying structure for analyzing the impact of a particular attack or a particular type of attack. Two different example analysis types are demonstrated in this paper: a graph-based propagation analysis based on edge labels, and a graph-based propagation analysis based on node labels.

  19. Intelligent Model for Video Survillance Security System

    Directory of Open Access Journals (Sweden)

    J. Vidhya

    2013-12-01

    Full Text Available Video surveillance system senses and trails out all the threatening issues in the real time environment. It prevents from security threats with the help of visual devices which gather the information related to videos like CCTV’S and IP (Internet Protocol cameras. Video surveillance system has become a key for addressing problems in the public security. They are mostly deployed on the IP based network. So, all the possible security threats exist in the IP based application might also be the threats available for the reliable application which is available for video surveillance. In result, it may increase cybercrime, illegal video access, mishandling videos and so on. Hence, in this paper an intelligent model is used to propose security for video surveillance system which ensures safety and it provides secured access on video.

  20. Attribute-Based Signcryption: Signer Privacy, Strong Unforgeability and IND-CCA Security in Adaptive-Predicates Model (Extended Version

    Directory of Open Access Journals (Sweden)

    Tapas Pandit

    2016-08-01

    Full Text Available Attribute-Based Signcryption (ABSC is a natural extension of Attribute-Based Encryption (ABE and Attribute-Based Signature (ABS, where one can have the message confidentiality and authenticity together. Since the signer privacy is captured in security of ABS, it is quite natural to expect that the signer privacy will also be preserved in ABSC. In this paper, first we propose an ABSC scheme which is weak existential unforgeable and IND-CCA secure in adaptive-predicates models and, achieves signer privacy. Then, by applying strongly unforgeable one-time signature (OTS, the above scheme is lifted to an ABSC scheme to attain strong existential unforgeability in adaptive-predicates model. Both the ABSC schemes are constructed on common setup, i.e the public parameters and key are same for both the encryption and signature modules. Our first construction is in the flavor of CtE&S paradigm, except one extra component that will be computed using both signature components and ciphertext components. The second proposed construction follows a new paradigm (extension of CtE&S , we call it “Commit then Encrypt and Sign then Sign” (CtE&S . The last signature is generated using a strong OTS scheme. Since, the non-repudiation is achieved by CtE&S paradigm, our systems also achieve the same.

  1. Validity of information security policy models

    Directory of Open Access Journals (Sweden)

    Joshua Onome Imoniana

    Full Text Available Validity is concerned with establishing evidence for the use of a method to be used with a particular set of population. Thus, when we address the issue of application of security policy models, we are concerned with the implementation of a certain policy, taking into consideration the standards required, through attribution of scores to every item in the research instrument. En today's globalized economic scenarios, the implementation of information security policy, in an information technology environment, is a condition sine qua non for the strategic management process of any organization. Regarding this topic, various studies present evidences that, the responsibility for maintaining a policy rests primarily with the Chief Security Officer. The Chief Security Officer, in doing so, strives to enhance the updating of technologies, in order to meet all-inclusive business continuity planning policies. Therefore, for such policy to be effective, it has to be entirely embraced by the Chief Executive Officer. This study was developed with the purpose of validating specific theoretical models, whose designs were based on literature review, by sampling 10 of the Automobile Industries located in the ABC region of Metropolitan São Paulo City. This sampling was based on the representativeness of such industries, particularly with regards to each one's implementation of information technology in the region. The current study concludes, presenting evidence of the discriminating validity of four key dimensions of the security policy, being such: the Physical Security, the Logical Access Security, the Administrative Security, and the Legal & Environmental Security. On analyzing the Alpha of Crombach structure of these security items, results not only attest that the capacity of those industries to implement security policies is indisputable, but also, the items involved, homogeneously correlate to each other.

  2. How to capture, model, and verify the knowledge of legal, security, and privacy experts: A pattern-based approach

    NARCIS (Netherlands)

    Compagna, L.; El Khoury, P.; Massacci, F.; Thomas, R.; Zannone, N.

    2007-01-01

    Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose the adoption of the implementation of minimal precautionary security measures. Several frameworks have been proposed to deal with thii issue. For instance, purpose-based access control is

  3. Secure base stations

    NARCIS (Netherlands)

    Bosch, Peter; Brusilovsky, Alec; McLellan, Rae; Mullender, Sape J.; Polakos, Paul

    2009-01-01

    With the introduction of the third generation (3G) Universal Mobile Telecommunications System (UMTS) base station router (BSR) and fourth generation (4G) base stations, such as the 3rd Generation Partnership Project (3GPP) Long Term Evolution (LTE) Evolved Node B (eNB), it has become important to

  4. Proposing a Holistic Model for Formulating the Security Requirements of e-learning based on Stakeholders’ Point of Veiw

    Directory of Open Access Journals (Sweden)

    Abouzar Arabsorkhi Mishabi

    2016-03-01

    Full Text Available Development of e-learning applications and services in the context of information and communication networks –beside qualitative and quantitative improvement in the scope and range of services they provide – has increased veriety of threats which are emerged from these networks and telecommunications infrastructure. This kind of issue have mad the effective and accurate analysing of security issues nessesary to managers and decision makers. Accordingly, in this study, using findings of other studies in the field of e-learning security, using methasyntesis, attempted to define a holistic model for classification and organization of security requirements. A structure that defines the origin of security requirements of e-learning and rolplays as a reference for formulating security requirements for this area.

  5. Evidence-Based Model of Integration of Regions for Ensuring Economic Security and Sustainable Development of the Russian Federation

    Directory of Open Access Journals (Sweden)

    Olga O. Smirnova

    2017-01-01

    Full Text Available Purpose: the main objective of preparation of article consists in formation of conceptual reasons for the new approach to administrative-territorial division of the Russian Federation corresponding to the relevant calls facing the country in the modern economic conditions. For achievement of this purpose in article the following research tasks are delivered and successfully solved: 1 to create new approach to administrative-territorial division of the Russian Federation on the basis of stability of her subjects; 2 to develop conceptual model of acceptance of the administrative decision on enlargement of regions by use of the modern methods of the quantitative and qualitative analysis of nature of regional development and a status of an economic security of the territory; 3 to define composition and structure of regional clusters, to give their characteristic in specific parametric space; 4 to develop recommendations about formation of administrative decisions on enlargement of regions taking into account specifics of development of the territories in a section of each cluster. Methods: by preparation of article general scientific methods of researches, such as systematization, generalization, cause-effect analysis and also receptions of the quantitative are used (hierarchical and iterative methods, statistic analysis and qualitative (methods of the spatial analysis, theory of image identification analysis. The new conceptual model based on synthesis of qualitative and quantitative methods of assessment of effectiveness of association of territories is developed for achievement of the goal of a research. According to the offered model making decision on association of the region is carried out in four steps. At the first stage justification of expediency of integration of territories is carried out and the general concept of association of regions is formed; at the second stage – holding a procedure of the cluster analysis and registration of

  6. Nuclear security assessment with Markov model approach

    International Nuclear Information System (INIS)

    Suzuki, Mitsutoshi; Terao, Norichika

    2013-01-01

    Nuclear security risk assessment with the Markov model based on random event is performed to explore evaluation methodology for physical protection in nuclear facilities. Because the security incidences are initiated by malicious and intentional acts, expert judgment and Bayes updating are used to estimate scenario and initiation likelihood, and it is assumed that the Markov model derived from stochastic process can be applied to incidence sequence. Both an unauthorized intrusion as Design Based Threat (DBT) and a stand-off attack as beyond-DBT are assumed to hypothetical facilities, and performance of physical protection and mitigation and minimization of consequence are investigated to develop the assessment methodology in a semi-quantitative manner. It is shown that cooperation between facility operator and security authority is important to respond to the beyond-DBT incidence. (author)

  7. Development of a cyber security risk model using Bayesian networks

    International Nuclear Information System (INIS)

    Shin, Jinsoo; Son, Hanseong; Khalil ur, Rahman; Heo, Gyunyoung

    2015-01-01

    Cyber security is an emerging safety issue in the nuclear industry, especially in the instrumentation and control (I and C) field. To address the cyber security issue systematically, a model that can be used for cyber security evaluation is required. In this work, a cyber security risk model based on a Bayesian network is suggested for evaluating cyber security for nuclear facilities in an integrated manner. The suggested model enables the evaluation of both the procedural and technical aspects of cyber security, which are related to compliance with regulatory guides and system architectures, respectively. The activity-quality analysis model was developed to evaluate how well people and/or organizations comply with the regulatory guidance associated with cyber security. The architecture analysis model was created to evaluate vulnerabilities and mitigation measures with respect to their effect on cyber security. The two models are integrated into a single model, which is called the cyber security risk model, so that cyber security can be evaluated from procedural and technical viewpoints at the same time. The model was applied to evaluate the cyber security risk of the reactor protection system (RPS) of a research reactor and to demonstrate its usefulness and feasibility. - Highlights: • We developed the cyber security risk model can be find the weak point of cyber security integrated two cyber analysis models by using Bayesian Network. • One is the activity-quality model signifies how people and/or organization comply with the cyber security regulatory guide. • Other is the architecture model represents the probability of cyber-attack on RPS architecture. • The cyber security risk model can provide evidence that is able to determine the key element for cyber security for RPS of a research reactor

  8. Bayesian Network Models in Cyber Security: A Systematic Review

    OpenAIRE

    Chockalingam, S.; Pieters, W.; Herdeiro Teixeira, A.M.; van Gelder, P.H.A.J.M.; Lipmaa, Helger; Mitrokotsa, Aikaterini; Matulevicius, Raimundas

    2017-01-01

    Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also instantiated by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these models is missing. In this paper, we conduct a systematic review of the scientific literature and identify 17 standard BN models in cyber security. We analyse these models based on 9 different criteri...

  9. Agent-based Security and Efficiency Estimation in Airport Terminals

    NARCIS (Netherlands)

    Janssen, S.A.M.

    We investigate the use of an Agent-based framework to identify and quantify the relationship between security and efficiency within airport terminals. In this framework, we define a novel Security Risk Assessment methodology that explicitly models attacker and defender behavior in a security

  10. Modeling and Simulation Roadmap to Enhance Electrical Energy Security of U.S. Naval Bases

    Science.gov (United States)

    2012-03-01

    power utilization factor 0.25 AMENITIES, STORES, GYMS, CLUBS, CINEMAS , ETC. Solar farm land area, km^2 1 Total number of on-base people 1472 Average...buildings," Continuing Education and Development, Inc., 2010. [Online]. Available: http://www.cedengineering.com/upload/Intro%20to%20Electric%20Power

  11. Security Theorems via Model Theory

    Directory of Open Access Journals (Sweden)

    Joshua Guttman

    2009-11-01

    Full Text Available A model-theoretic approach can establish security theorems for cryptographic protocols. Formulas expressing authentication and non-disclosure properties of protocols have a special form. They are quantified implications for all xs . (phi implies for some ys . psi. Models (interpretations for these formulas are *skeletons*, partially ordered structures consisting of a number of local protocol behaviors. *Realized* skeletons contain enough local sessions to explain all the behavior, when combined with some possible adversary behaviors. We show two results. (1 If phi is the antecedent of a security goal, then there is a skeleton A_phi such that, for every skeleton B, phi is satisfied in B iff there is a homomorphism from A_phi to B. (2 A protocol enforces for all xs . (phi implies for some ys . psi iff every realized homomorphic image of A_phi satisfies psi. Hence, to verify a security goal, one can use the Cryptographic Protocol Shapes Analyzer CPSA (TACAS, 2007 to identify minimal realized skeletons, or "shapes," that are homomorphic images of A_phi. If psi holds in each of these shapes, then the goal holds.

  12. A improved Network Security Situation Awareness Model

    Directory of Open Access Journals (Sweden)

    Li Fangwei

    2015-08-01

    Full Text Available In order to reflect the situation of network security assessment performance fully and accurately, a new network security situation awareness model based on information fusion was proposed. Network security situation is the result of fusion three aspects evaluation. In terms of attack, to improve the accuracy of evaluation, a situation assessment method of DDoS attack based on the information of data packet was proposed. In terms of vulnerability, a improved Common Vulnerability Scoring System (CVSS was raised and maked the assessment more comprehensive. In terms of node weights, the method of calculating the combined weights and optimizing the result by Sequence Quadratic Program (SQP algorithm which reduced the uncertainty of fusion was raised. To verify the validity and necessity of the method, a testing platform was built and used to test through evaluating 2000 DAPRA data sets. Experiments show that the method can improve the accuracy of evaluation results.

  13. Security of supply and retail competition in the European gas market. Some model-based insights

    International Nuclear Information System (INIS)

    Abada, Ibrahim; Massol, Olivier

    2011-04-01

    In this paper, we analyze the impact of uncertain disruptions in gas supply upon gas retailer contracting behavior and consequent price and welfare implications in a gas market characterized by long-term gas contracts using a static Cournot model. In order to most realistically describe the economical situation, our representation divides the market into two stages: the upstream market that links, by means of long-term contracts, producers in exporting countries (Russia, Algeria, etc.) to local retailers who bring gas to the consuming countries to satisfy local demands in the downstream market. Disruption costs are modeled using short-run demand functions. First we mathematically develop a general model and write the associated KKT conditions, then we propose some case studies, under iso-elasticity assumptions, for the long-short-run inverse-demand curves in order to predict qualitatively and quantitatively the impacts of supply disruptions on Western European gas trade. In the second part, we study in detail the German gas market of the 1980's to explain the supply choices of the German retailer, and we derive interesting conclusions and insights concerning the amounts and prices of natural gas brought to the market. The last part of the paper is dedicated to a study of the Bulgarian gas market, which is greatly dependent on the Russian gas supplies and hence very sensitive to interruption risks. Some interesting conclusions are derived concerning the necessity to economically regulate the market, by means of gas amounts control, if the disruption probability is high enough. (authors)

  14. Software Security and the "Building Security in Maturity" Model

    CERN Document Server

    CERN. Geneva

    2011-01-01

    Using the framework described in my book "Software Security: Building Security In" I will discuss and describe the state of the practice in software security. This talk is peppered with real data from the field, based on my work with several large companies as a Cigital consultant. As a discipline, software security has made great progress over the last decade. Of the sixty large-scale software security initiatives we are aware of, thirty-two---all household names---are currently included in the BSIMM study. Those companies among the thirty-two who graciously agreed to be identified include: Adobe, Aon, Bank of America, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, Google, Intel, Intuit, McKesson, Microsoft, Nokia, QUALCOMM, Sallie Mae, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, VMware, and Wells Fargo. The BSIMM was created by observing and analyzing real-world data from thirty-two leading software security initiatives. The BSIMM can...

  15. Secure wireless embedded systems via component-based design

    DEFF Research Database (Denmark)

    Hjorth, T.; Torbensen, R.

    2010-01-01

    This paper introduces the method secure-by-design as a way of constructing wireless embedded systems using component-based modeling frameworks. This facilitates design of secure applications through verified, reusable software. Following this method we propose a security framework with a secure c......, with full support for confidentiality, authentication, and integrity using keypairs. The approach has been demonstrated in a multi-platform home automation prototype that can remotely unlock a door using a PDA over the Internet....

  16. Functional Security Model: Managers Engineers Working Together

    Science.gov (United States)

    Guillen, Edward Paul; Quintero, Rulfo

    2008-05-01

    Information security has a wide variety of solutions including security policies, network architectures and technological applications, they are usually designed and implemented by security architects, but in its own complexity this solutions are difficult to understand by company managers and they are who finally fund the security project. The main goal of the functional security model is to achieve a solid security platform reliable and understandable in the whole company without leaving of side the rigor of the recommendations and the laws compliance in a single frame. This paper shows a general scheme of the model with the use of important standards and tries to give an integrated solution.

  17. THE MODEL FOR RISK ASSESSMENT ERP-SYSTEMS INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    V. S. Oladko

    2016-12-01

    Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.

  18. Construction of Monitoring Model and Algorithm Design on Passenger Security during Shipping Based on Improved Bayesian Network

    Science.gov (United States)

    Wang, Jiali; Zhang, Qingnian; Ji, Wenfeng

    2014-01-01

    A large number of data is needed by the computation of the objective Bayesian network, but the data is hard to get in actual computation. The calculation method of Bayesian network was improved in this paper, and the fuzzy-precise Bayesian network was obtained. Then, the fuzzy-precise Bayesian network was used to reason Bayesian network model when the data is limited. The security of passengers during shipping is affected by various factors, and it is hard to predict and control. The index system that has the impact on the passenger safety during shipping was established on basis of the multifield coupling theory in this paper. Meanwhile, the fuzzy-precise Bayesian network was applied to monitor the security of passengers in the shipping process. The model was applied to monitor the passenger safety during shipping of a shipping company in Hainan, and the effectiveness of this model was examined. This research work provides guidance for guaranteeing security of passengers during shipping. PMID:25254227

  19. Adapting an Agent-Based Model of Socio-Technical Systems to Analyze System and Security Failures

    Science.gov (United States)

    2016-05-09

    develop frameworks assisting in collaborative design[6], to built platforms for col- lecting feedback from patients for researchers in healthcare ...cyber security with simulated humans. In Proceedings of the Twenty-Third Innovative Applications of Artificial Intelligence Conference, 2011. [3] L...Conference, 2015. [6] J. D. Faus and F. Grimaldo. Infraworld, a multi-agent based framework to assist in civil infrastructure collaborative design. In

  20. Security Assessment of Web Based Distributed Applications

    Directory of Open Access Journals (Sweden)

    Catalin BOJA

    2010-01-01

    Full Text Available This paper presents an overview about the evaluation of risks and vulnerabilities in a web based distributed application by emphasizing aspects concerning the process of security assessment with regards to the audit field. In the audit process, an important activity is dedicated to the measurement of the characteristics taken into consideration for evaluation. From this point of view, the quality of the audit process depends on the quality of assessment methods and techniques. By doing a review of the fields involved in the research process, the approach wants to reflect the main concerns that address the web based distributed applications using exploratory research techniques. The results show that many are the aspects which must carefully be worked with, across a distributed system and they can be revealed by doing a depth introspective analyze upon the information flow and internal processes that are part of the system. This paper reveals the limitations of a non-existing unified security risk assessment model that could prevent such risks and vulnerabilities debated. Based on such standardize models, secure web based distributed applications can be easily audited and many vulnerabilities which can appear due to the lack of access to information can be avoided.

  1. Computer-Based Testing: Test Site Security.

    Science.gov (United States)

    Rosen, Gerald A.

    Computer-based testing places great burdens on all involved parties to ensure test security. A task analysis of test site security might identify the areas of protecting the test, protecting the data, and protecting the environment as essential issues in test security. Protecting the test involves transmission of the examinations, identifying the…

  2. [An emergy-ecological footprint model based evaluation of ecological security at the old industrial area in Northeast China: A case study of Liaoning Province.

    Science.gov (United States)

    Yang, Qing; Lu, Cheng Peng; Zhou, Feng; Geng, Yong; Jing, Hong Shuang; Ren, Wan Xia; Xue, Bing

    2016-05-01

    Based on the integrated model of emergy-ecological footprint approaches, the ecological security of Liaoning Province, a typical case for the old industrial area, was quantitatively evaluated from 2003 to 2012, followed by a scenario analysis on the development trend of the ecological secu-rity by employing the gray kinetic model. The results showed that, from 2003 to 2012, the value of emergy ecological-capacity per capita in Liaoning Province decreased from 3.13 hm 2 to 3.07 hm 2 , while the emergy-ecological footprint increased from 13.88 hm 2 to 21.96 hm 2 , which indicated that the ecological deficit existed in Liaoning Province and the situation was getting worse. The ecological pressure index increased from 4.43 to 7.16 during the studied period, and the alert level of ecological security changed from light to middle level. According to the development trend, the emergy ecological capacity per capita during 2013-2022 would correspondingly decrease from 3.04 hm 2 to 2.98 hm 2 , while the emergy ecological footprint would increase from 22.72 hm 2 to 35.87 hm 2 , the ecological pressure index would increase from 7.46 to 12.04, and the ecological deficit would keep increasing and the ecological security level would slide into slightly unsafe condition. The alert level of ecological security would turn to be middle or serious, suggesting the problems in ecological safety needed to be solved urgently.

  3. Securing the Global Airspace System Via Identity-Based Security

    Science.gov (United States)

    Ivancic, William D.

    2015-01-01

    Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

  4. [Tourism ecological security early warning of Zhangjiajie, China based on the improved TOPSIS method and the grey GM (1,1)model].

    Science.gov (United States)

    Xu, Mei; Liu, Chun la; Li, Dan; Zhong, Xiao Lin

    2017-11-01

    Tourism ecological security early warning is of great significance both to the coordination of ecological environment protection and tourism industry rapid development in tourism destination, and the sustainable and healthy development of regional social and economy. Firstly, based on the DPSIR model, the tourism ecological security early warning index system of Zhangjiajie was constructed from 5 aspects, which were driving force, pressure, state, impact and response. Then, by using the improved TOPSIS method, the tourism ecological security situation of Zhangjiajie from 2001 to 2014 was analyzed. Lastly, by using the grey GM (1,1) model, the tourism ecological security evolution trend of 2015-2020 was predicted. The results indicated that, on the whole, the close degree of Zhangjiajie's tourism ecological security showed a slightly upward trend during 2001-2014, the warning degree was the moderate warning. In terms of each subsystem, warning degree of the driving force system and the pressure system of Zhangjiajie's tourism ecological secu-rity were on the rise, which evolved from light warning to heavy warning; warning degree of the state system and the impact system had not changed so much, and had been in the moderate warning; warning degree of the response system was on the decline, which changed from huge warning to no warning during 2001-2014. According to the current development trend, the close degree of Zhangjiajie's tourism ecological security would rise further in 2015-2020, and the warning degree would turn from moderate warning into light warning, but the task of coordinating the relationship between tourism development and ecological construction and environmental protection would be still arduous.

  5. Big data-based data mining modeling for nuclear security analysis in the modified physical protection system

    International Nuclear Information System (INIS)

    Woo, Tae Ho

    2014-01-01

    In this study, the social networking-related strategies have been developed to prepare against the terror. The conventional PPS is composed of detection, delay, and response. In the systems, each stage has particular characteristics where the detection state is to find out the intrusion and unauthorized behavior by some devices, the delay stage is to slow the malicious acts by some barriers, and finally the response stage is to interrupt the actions by several kinds of methods like the arms response. It is said there are some data mining activities by the department of homeland security in the United States. The Automated Targeting System (ATS) compares several factors like traveler, cargo, and conveyance information against intelligence and other enforcement data, which is managed by U.S. Customs and Border Protection (CBP) and includes modules for inbound (ATS-N) and outbound (ATS-AT) cargo, land border crossings (ATS-L), and passengers (ATS-P). The Data Analysis and Research for Trade Transparency System (DARTTS) analyzes possible data like the trade and financial stuff, which is administered by U.S. Immigration and Customs Enforcement (ICE).The modeling has accomplished successfully the random number generation-based quantifications for nuclear security incorporated with several complex algorithms, which is one of popular strategies in the technological-social science areas. In the calculations, the data are processed in every 7.5 minutes in which this means the calculation is done as 8 times in one hour. So, the graph has 100 hours with 800 times data processing. This means that 35,673.516 graphs are available by the big data processing. That is, 1 tera byte = 1,000,000,000,000 bytes = 800 2,500,000,000 bytes So, it is needed to process 2,500,000,000 bytes more for 1 tera byte. In the similar way, 2,500,000,000 bytes are done for 8 times in 1 hour. Then, 312,500,000 bytes are done for 24 hours in 1 day. Then, 13,020,833.33 bytes are done for 365 days in 1 year

  6. Big data-based data mining modeling for nuclear security analysis in the modified physical protection system

    Energy Technology Data Exchange (ETDEWEB)

    Woo, Tae Ho [Systemix Global Co. Ltd, Seoul (Korea, Republic of)

    2014-10-15

    In this study, the social networking-related strategies have been developed to prepare against the terror. The conventional PPS is composed of detection, delay, and response. In the systems, each stage has particular characteristics where the detection state is to find out the intrusion and unauthorized behavior by some devices, the delay stage is to slow the malicious acts by some barriers, and finally the response stage is to interrupt the actions by several kinds of methods like the arms response. It is said there are some data mining activities by the department of homeland security in the United States. The Automated Targeting System (ATS) compares several factors like traveler, cargo, and conveyance information against intelligence and other enforcement data, which is managed by U.S. Customs and Border Protection (CBP) and includes modules for inbound (ATS-N) and outbound (ATS-AT) cargo, land border crossings (ATS-L), and passengers (ATS-P). The Data Analysis and Research for Trade Transparency System (DARTTS) analyzes possible data like the trade and financial stuff, which is administered by U.S. Immigration and Customs Enforcement (ICE).The modeling has accomplished successfully the random number generation-based quantifications for nuclear security incorporated with several complex algorithms, which is one of popular strategies in the technological-social science areas. In the calculations, the data are processed in every 7.5 minutes in which this means the calculation is done as 8 times in one hour. So, the graph has 100 hours with 800 times data processing. This means that 35,673.516 graphs are available by the big data processing. That is, 1 tera byte = 1,000,000,000,000 bytes = 800 2,500,000,000 bytes So, it is needed to process 2,500,000,000 bytes more for 1 tera byte. In the similar way, 2,500,000,000 bytes are done for 8 times in 1 hour. Then, 312,500,000 bytes are done for 24 hours in 1 day. Then, 13,020,833.33 bytes are done for 365 days in 1 year

  7. Exploration of the financing and management model of a children's critical disease security system in China based on the implementation of Shanghai Children Hospital Care Aid.

    Science.gov (United States)

    Zhang, Zhi-ruo; Wen, Zhao-jun; Chen, Sai-juan; Chen, Zhu

    2011-03-01

    This study is designed to serve as a reference for the establishment of health security systems for children’s critical diseases. Through analysis of the operation of Shanghai Children Hospital Care Aid (SCHCA), this study explored the financing model and management of a children’s critical disease healthcare system and analyzed the possibility of expanding this system to other areas. It is found that a premium as low as RMB 7 per capita per year under SCHCA can provide high-level security for children’s critical diseases. With the good experience in Shanghai and based on the current basic medical insurance system for urban residents and the new rural cooperative medical scheme (NRCMS), it is necessary and feasible to build a health security system for children’s critical diseases at the national level.

  8. Information Security Policy Modeling for Network Security Systems

    Directory of Open Access Journals (Sweden)

    Dmitry Sergeevich Chernyavskiy

    2014-12-01

    Full Text Available Policy management for network security systems (NSSs is one of the most topical issues of network security management. Incorrect configurations of NSSs lead to system outages and appearance of vulnerabilities. Moreover, policy management process is a time-consuming task, which includes significant amount of manual work. These factors reduce efficiency of NSSs’ utilization. The paper discusses peculiarities of policy management process and existing approaches to policy modeling, presents a model aimed to formalize policies for NSSs independently on NSSs’ platforms and select the most effective NSSs for implementation of the policies.

  9. Critically Important Object Security System Element Model

    Directory of Open Access Journals (Sweden)

    I. V. Khomyackov

    2012-03-01

    Full Text Available A stochastic model of critically important object security system element has been developed. The model includes mathematical description of the security system element properties and external influences. The state evolution of the security system element is described by the semi-Markov process with finite states number, the semi-Markov matrix and the initial semi-Markov process states probabilities distribution. External influences are set with the intensity of the Poisson thread.

  10. A model-driven approach to information security compliance

    Science.gov (United States)

    Correia, Anacleto; Gonçalves, António; Teodoro, M. Filomena

    2017-06-01

    The availability, integrity and confidentiality of information are fundamental to the long-term survival of any organization. Information security is a complex issue that must be holistically approached, combining assets that support corporate systems, in an extended network of business partners, vendors, customers and other stakeholders. This paper addresses the conception and implementation of information security systems, conform the ISO/IEC 27000 set of standards, using the model-driven approach. The process begins with the conception of a domain level model (computation independent model) based on information security vocabulary present in the ISO/IEC 27001 standard. Based on this model, after embedding in the model mandatory rules for attaining ISO/IEC 27001 conformance, a platform independent model is derived. Finally, a platform specific model serves the base for testing the compliance of information security systems with the ISO/IEC 27000 set of standards.

  11. A Secure Operational Model for Mobile Payments

    Directory of Open Access Journals (Sweden)

    Tao-Ku Chang

    2014-01-01

    Full Text Available Instead of paying by cash, check, or credit cards, customers can now also use their mobile devices to pay for a wide range of services and both digital and physical goods. However, customers’ security concerns are a major barrier to the broad adoption and use of mobile payments. In this paper we present the design of a secure operational model for mobile payments in which access control is based on a service-oriented architecture. A customer uses his/her mobile device to get authorization from a remote server and generate a two-dimensional barcode as the payment certificate. This payment certificate has a time limit and can be used once only. The system also provides the ability to remotely lock and disable the mobile payment service.

  12. A security review of proximity identification based smart cards

    CSIR Research Space (South Africa)

    Lefophane, S

    2015-03-01

    Full Text Available International Conference on Cyber warfare and Security, Mpumalanga, Kruger National Park, South Africa, 24-25 March 2015 A SECURITY REVIEW OF PROXIMITY IDENTIFICATION BASED SMART CARDS S.Lefophane, J. Van der Merwe Modelling and Digital Science: CSIR...

  13. Enforcing a security pattern in stakeholder goal models

    OpenAIRE

    Yu, Yijun; Kaiya, Haruhiko; Washizaki, Hironori; Xiong, Yingfei; Hu, Zhenjiang; Yoshioka, Nobukazu

    2008-01-01

    Patterns are useful knowledge about recurring problems and solutions. Detecting a security problem using patterns in requirements models may lead to its early solution. In order to facilitate early detection and resolution of security problems, in this paper, we formally describe a role-based access control (RBAC) as a pattern that may occur in stakeholder requirements models. We also implemented in our goal-oriented modeling tool the formally described pattern using model-driven queries and ...

  14. Security Mechanism Based on Hospital Authentication Server for Secure Application of Implantable Medical Devices

    Science.gov (United States)

    2014-01-01

    After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance. PMID:25276797

  15. Security Mechanism Based on Hospital Authentication Server for Secure Application of Implantable Medical Devices

    Directory of Open Access Journals (Sweden)

    Chang-Seop Park

    2014-01-01

    Full Text Available After two recent security attacks against implantable medical devices (IMDs have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient’s life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician’s treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance.

  16. Security mechanism based on Hospital Authentication Server for secure application of implantable medical devices.

    Science.gov (United States)

    Park, Chang-Seop

    2014-01-01

    After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance.

  17. Security model for VM in cloud

    Science.gov (United States)

    Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

    2013-03-01

    Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

  18. Mathematical Modeling Applied to Maritime Security

    OpenAIRE

    Center for Homeland Defense and Security

    2010-01-01

    Center for Homeland Defense and Security, OUT OF THE CLASSROOM Download the paper: Layered Defense: Modeling Terrorist Transfer Threat Networks and Optimizing Network Risk Reduction” Students in Ted Lewis’ Critical Infrastructure Protection course are taught how mathematic modeling can provide...

  19. Keystone Business Models for Network Security Processors

    OpenAIRE

    Arthur Low; Steven Muegge

    2013-01-01

    Network security processors are critical components of high-performance systems built for cybersecurity. Development of a network security processor requires multi-domain experience in semiconductors and complex software security applications, and multiple iterations of both software and hardware implementations. Limited by the business models in use today, such an arduous task can be undertaken only by large incumbent companies and government organizations. Neither the “fabless semiconductor...

  20. Old Dog New Tricks: Use of Point-based Crop Models in Grid-based Regional Assessment of Crop Management Technologies Impact on Future Food Security

    Science.gov (United States)

    Koo, J.; Wood, S.; Cenacchi, N.; Fisher, M.; Cox, C.

    2012-12-01

    HarvestChoice (harvestchoice.org) generates knowledge products to guide strategic investments to improve the productivity and profitability of smallholder farming systems in sub-Saharan Africa (SSA). A keynote component of the HarvestChoice analytical framework is a grid-based overlay of SSA - a cropping simulation platform powered by process-based, crop models. Calibrated around the best available representation of cropping production systems in SSA, the simulation platform engages the DSSAT Crop Systems Model with the CENTURY Soil Organic Matter model (DSSAT-CENTURY) and provides a virtual experimentation module with which to explore the impact of a range of technological, managerial and environmental metrics on future crop productivity and profitability, as well as input use. For each of 5 (or 30) arc-minute grid cells in SSA, a stack of model input underlies it: datasets that cover soil properties and fertility, historic and future climate scenarios and farmers' management practices; all compiled from analyses of existing global and regional databases and consultations with other CGIAR centers. Running a simulation model is not always straightforward, especially when certain cropping systems or management practices are not even practiced by resource-poor farmers yet (e.g., precision agriculture) or they were never included in the existing simulation framework (e.g., water harvesting). In such cases, we used DSSAT-CENTURY as a function to iteratively estimate relative responses of cropping systems to technology-driven changes in water and nutrient balances compared to zero-adoption by farmers, while adjusting model input parameters to best mimic farmers' implementation of technologies in the field. We then fed the results of the simulation into to the economic and food trade model framework, IMPACT, to assess the potential implications on future food security. The outputs of the overall simulation analyses are packaged as a web-accessible database and published

  1. Security Engine Management of Router based on Security Policy

    OpenAIRE

    Su Hyung Jo; Ki Young Kim; Sang Ho Lee

    2007-01-01

    Security management has changed from the management of security equipments and useful interface to manager. It analyzes the whole security conditions of network and preserves the network services from attacks. Secure router technology has security functions, such as intrusion detection, IPsec(IP Security) and access control, are applied to legacy router for secure networking. It controls an unauthorized router access and detects an illegal network intrusion. This paper re...

  2. Johnson(-like)-Noise-Kirchhoff-loop based secure classical communicator characteristics, for ranges of two to two thousand kilometers, via model-line

    International Nuclear Information System (INIS)

    Mingesz, Robert; Gingl, Zoltan; Kish, Laszlo B.

    2008-01-01

    A pair of Kirchhoff-loop-Johnson(-like)-Noise communicators, which is able to work over variable ranges, was designed and built. Tests have been carried out on a model-line performance characteristics were obtained for ranges beyond the ranges of any known direct quantum communication channel and they indicate unrivalled signal fidelity and security performance of the exchanged raw key bits. This simple device has single-wire secure key generation and sharing rates of 0.1, 1, 10, and 100 bit/second for corresponding copper wire diameters/ranges of 21 mm/2000 km, 7 mm/200 km, 2.3 mm/20 km, and 0.7 mm/2 km, respectively and it performs with 0.02% raw-bit error rate (99.98% fidelity). The raw-bit security of this practical system significantly outperforms raw-bit quantum security. Current injection breaking tests show zero bit eavesdropping ability without triggering the alarm signal, therefore no multiple measurements are needed to build an error statistics to detect the eavesdropping as in quantum communication. Wire resistance based breaking tests of Bergou-Scheuer-Yariv type give an upper limit of eavesdropped raw-bit ratio of 0.19% and this limit is inversely proportional to the sixth power of cable diameter. Hao's breaking method yields zero (below measurement resolution) eavesdropping information

  3. Assessment of energy security in China based on ecological network analysis: A perspective from the security of crude oil supply

    International Nuclear Information System (INIS)

    Lu, Weiwei; Su, Meirong; Zhang, Yan; Yang, Zhifeng; Chen, Bin; Liu, Gengyuan

    2014-01-01

    Energy security usually considers both the stability of energy supply and security of energy use and it is receiving increasing attention globally. Considering the strategic importance and sensitivity to international change of the crude oil supply, we decided to examine China’s energy security. An original network model was established based on ecological network analysis to holistically evaluate the security of the crude oil supply in China. Using this model, we found that the security of the crude oil supply in China generally increased from 2001 to 2010. The contribution of different compartments in the network to the overall energy security resembled a pyramid structure, with supply sources at the bottom, the consumption sector at the top, and the refining and transfer sectors in the middle. North and South America made the largest contribution to the security of the crude oil supply in China. We provide suggestions to improve the security of the crude oil supply in China based on our results and further scenario analysis. The original network model provides a new perspective for energy security assessment, which can be used as a baseline to develop other models and policy. - Highlights: • Ecological network analysis (ENA) is introduced into energy security assessment. • A model of crude oil supply network in China is established based on ENA. • A pyramid structure of the contributions of different compartments to energy security was found. • Suggestions for forming a stable network are given to improve energy security

  4. Modeling Security Aspects of Network

    Science.gov (United States)

    Schoch, Elmar

    With more and more widespread usage of computer systems and networks, dependability becomes a paramount requirement. Dependability typically denotes tolerance or protection against all kinds of failures, errors and faults. Sources of failures can basically be accidental, e.g., in case of hardware errors or software bugs, or intentional due to some kind of malicious behavior. These intentional, malicious actions are subject of security. A more complete overview on the relations between dependability and security can be found in [31]. In parallel to the increased use of technology, misuse also has grown significantly, requiring measures to deal with it.

  5. Ecological Security Pattern Analysis Based on InVEST and Least-Cost Path Model: A Case Study of Dongguan Water Village

    Directory of Open Access Journals (Sweden)

    Qian Lin

    2016-02-01

    Full Text Available The famous “world’s factory” city, Dongguan, like many other places in China, is a typical beneficiary of China’s Reform and Opening-up Policy. However, rapid urban sprawl and economic growth are at the expense of the destruction of the local environment. Therefore, it is of great importance to establish an ecological security network for sustainable development. InVEST models, effective tools to measure sensitivity and intensity of external threats to quantify habitat value, are used to calculate habitat quality of water and land. By combining structural connectivity and the Least-Cost Path model (LCP model, in which corridors are determined based on the minimum accumulative cost path between each critical point, ecological security patterns were calculated. According to the results, the northwest region of Dongguan, having a large quantity of farmlands and water and therefore many corridors and critical patches, is the most essential area in the overall security of ecological environments, which should be protected first. If developed, it should be dominated by eco-tourism and eco-agriculture. We hope that research on the ecological network, which includes critical patches and corridors formed by greenland and rivers, will lead toward better-informed proposals for local urban planning and regional sustainable development.

  6. Computational Intelligence, Cyber Security and Computational Models

    CERN Document Server

    Anitha, R; Lekshmi, R; Kumar, M; Bonato, Anthony; Graña, Manuel

    2014-01-01

    This book contains cutting-edge research material presented by researchers, engineers, developers, and practitioners from academia and industry at the International Conference on Computational Intelligence, Cyber Security and Computational Models (ICC3) organized by PSG College of Technology, Coimbatore, India during December 19–21, 2013. The materials in the book include theory and applications for design, analysis, and modeling of computational intelligence and security. The book will be useful material for students, researchers, professionals, and academicians. It will help in understanding current research trends and findings and future scope of research in computational intelligence, cyber security, and computational models.

  7. The Security Email Based on Smart Card

    Science.gov (United States)

    Lina, Zhang; Jiang, Meng Hai.

    Email has become one of the most important communication tools in modern internet society, and its security is an important issue that can't be ignored. The security requirements of Email can be summarized as confidentiality, integrity, authentication and non-repudiation. Recently many researches on IBE (identify based encrypt) have been carried out to solve these security problems. However, because of IBE's fatal flaws and great advantages of PKI (Public Key Infrastructure), PKI is found to be still irreplaceable especially in the applications based on smart card. In this paper, a construction of security Email is presented, then the design of relatively cryptography algorithms and the configuration of certificates are elaborated, and finally the security for the proposed system is discussed.

  8. Ideal Based Cyber Security Technical Metrics for Control Systems

    Energy Technology Data Exchange (ETDEWEB)

    W. F. Boyer; M. A. McQueen

    2007-10-01

    Much of the world's critical infrastructure is at risk from attack through electronic networks connected to control systems. Security metrics are important because they provide the basis for management decisions that affect the protection of the infrastructure. A cyber security technical metric is the security relevant output from an explicit mathematical model that makes use of objective measurements of a technical object. A specific set of technical security metrics are proposed for use by the operators of control systems. Our proposed metrics are based on seven security ideals associated with seven corresponding abstract dimensions of security. We have defined at least one metric for each of the seven ideals. Each metric is a measure of how nearly the associated ideal has been achieved. These seven ideals provide a useful structure for further metrics development. A case study shows how the proposed metrics can be applied to an operational control system.

  9. A Model of Social Security?

    DEFF Research Database (Denmark)

    Rom-Jensen, Byron Zachary

    2017-01-01

    of Scandinavian achievements were variable in their ideological outlook and sometimes deliberately challenged the existence and goals of New Deal policies. Moreover, this essay explores the usage of Scandinavia in New Deal social legislation by examining the policymaking rhetoric of the Social Security Act...... and its 1939 amendments. The surprising plasticity of the Scandinavian image amongst policymakers ultimately reveals the fluid nature of both New Deal-era politics and the Scandinavian images it appropriated....

  10. Model-based Impact Assessment of an Integrated Water Management Strategy on Ecosystem Services relevant to Food Security in Namibia

    Science.gov (United States)

    Luetkemeier, R.; Liehr, S.

    2012-04-01

    North-central Namibia is characterized by seasonal alterations of drought and heavy rainfall, mostly saline groundwater resources and a lack of perennial rivers. Water scarcity poses a great challenge for freshwater supply, harvest and food security against the background of high population growth and climate change. CuveWaters project aims at poverty reduction and livelihood improvement on a long term basis by introducing a multi-resource-mix as part of an integrated water resources management (IWRM) approach. Herein, creating water buffers by rainwater harvesting (RWH) and subsurface water storage as well as reuse of treated wastewater facilitates micro-scale gardening activities. This link constitutes a major component of a sustainable adaptation strategy by contributing to the conservation and improvement of basic food and freshwater resources in order to reduce drought vulnerability. This paper presents main findings of an impact assessment carried out on the effect of integrated water resources management on ecosystem services (ESS) relevant to food security within the framework of CuveWaters project. North-central Namibia is perceived as a social-ecological system characterized by a strong mutual dependence between natural environment and anthropogenic system. This fundamental reliance on natural resources highlights the key role of ESS in semi-arid environments to sustain human livelihoods. Among other services, food provision was chosen for quantification as one of the most fundamental ESS in north-central Namibia. Different nutritional values were utilized as indicators to adopt a demand-supply approach (Ecosystem Service Profile) to illustrate the ability of the ecosystem to meet people's nutritional requirements. Calculations have been conducted using both Bayesian networks to incorporate uncertainty introduced by the variability of monthly precipitation and the application of plant specific water production functions. Results show that improving the

  11. 76 FR 42395 - Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based Swap...

    Science.gov (United States)

    2011-07-18

    ... Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based Swap Participants...-11] RIN 3235-AL10 Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based...'') relating to external business conduct standards for security-based swap dealers (``SBS Dealers'') and major...

  12. Maternal secure-base scripts and children's attachment security in an adopted sample.

    Science.gov (United States)

    Veríssimo, Manuela; Salvaterra, Fernanda

    2006-09-01

    Studies of families with adopted children are of special interest to attachment theorists because they afford opportunities to probe assumptions of attachment theory with regard to the developmental timing of interactions necessary to form primary attachments and also with regard to effects of shared genes on child attachment quality. In Bowlby's model, attachment-relevant behaviors and interactions are observable from the moment of birth, but for adoptive families, these interactions cannot begin until the child enters the family, sometimes several months or even years post-partum. Furthermore, because adoptive parents and adopted children do not usually share genes by common descent, any correspondence between attachment representations of the parent and secure base behavior of the child must arise as a consequence of dyadic interaction histories. The objectives of this study were to evaluate whether the child's age at the time of adoption or at the time of attachment assessment predicted child attachment security in adoptive families and also whether the adoptive mother's internal attachment representation predicted the child's attachment security. The participants were 106 mother - child dyads selected from the 406 adoptions carried out through the Lisbon Department of Adoption Services over a period of 3 years. The Attachment Behavior Q-Set (AQS; Waters, 1995) was used to assess secure base behavior and an attachment script representation task was used to assess the maternal attachment representations. Neither child's age at the time of adoption, nor age of the child at assessment significantly predicted the AQS security score; however, scores reflecting the presence and quality of maternal secure base scripts did predict AQS security. These findings support the notion that the transmission of attachment security across generations involves mutual exchanges and learning by the child and that the exchanges leading to secure attachment need not begin at birth

  13. A Cluster- Based Secure Active Network Environment

    Institute of Scientific and Technical Information of China (English)

    CHEN Xiao-lin; ZHOU Jing-yang; DAI Han; LU Sang-lu; CHEN Gui-hai

    2005-01-01

    We introduce a cluster-based secure active network environment (CSANE) which separates the processing of IP packets from that of active packets in active routers. In this environment, the active code authorized or trusted by privileged users is executed in the secure execution environment (EE) of the active router, while others are executed in the secure EE of the nodes in the distributed shared memory (DSM) cluster. With the supports of a multi-process Java virtual machine and KeyNote, untrusted active packets are controlled to securely consume resource. The DSM consistency management makes that active packets can be parallelly processed in the DSM cluster as if they were processed one by one in ANTS (Active Network Transport System). We demonstrate that CSANE has good security and scalability, but imposing little changes on traditional routers.

  14. Keystone Business Models for Network Security Processors

    Directory of Open Access Journals (Sweden)

    Arthur Low

    2013-07-01

    Full Text Available Network security processors are critical components of high-performance systems built for cybersecurity. Development of a network security processor requires multi-domain experience in semiconductors and complex software security applications, and multiple iterations of both software and hardware implementations. Limited by the business models in use today, such an arduous task can be undertaken only by large incumbent companies and government organizations. Neither the “fabless semiconductor” models nor the silicon intellectual-property licensing (“IP-licensing” models allow small technology companies to successfully compete. This article describes an alternative approach that produces an ongoing stream of novel network security processors for niche markets through continuous innovation by both large and small companies. This approach, referred to here as the "business ecosystem model for network security processors", includes a flexible and reconfigurable technology platform, a “keystone” business model for the company that maintains the platform architecture, and an extended ecosystem of companies that both contribute and share in the value created by innovation. New opportunities for business model innovation by participating companies are made possible by the ecosystem model. This ecosystem model builds on: i the lessons learned from the experience of the first author as a senior integrated circuit architect for providers of public-key cryptography solutions and as the owner of a semiconductor startup, and ii the latest scholarly research on technology entrepreneurship, business models, platforms, and business ecosystems. This article will be of interest to all technology entrepreneurs, but it will be of particular interest to owners of small companies that provide security solutions and to specialized security professionals seeking to launch their own companies.

  15. Modeling generation expansion in the context of a security of supply mechanism based on long-term auctions. Application to the Colombian case

    International Nuclear Information System (INIS)

    Rodilla, P.; Batlle, C.; Salazar, J.; Sanchez, J.J.

    2011-01-01

    In an attempt to provide electricity generation investors with appropriate economic incentives so as to maintain quality of supply at socially optimal levels, a growing number of electricity market regulators have opted for implementing a security of supply mechanism based on long-term auctions. In this context, the ability to analyze long-term investment dynamics is a key issue not only for market agents, but also for regulators. This paper describes a model developed to serve this purpose. A general system-dynamics-inspired methodology has been designed to be able to simulate these long-term auction mechanisms in the formats presently in place. A full-scale simulation based on the Colombian system was conducted to illustrate model capabilities. (author)

  16. Modeling generation expansion in the context of a security of supply mechanism based on long-term auctions. Application to the Colombian case

    Energy Technology Data Exchange (ETDEWEB)

    Rodilla, P.; Batlle, C. [Institute for Research in Technology, University Pontificia Comillas, Sta. Cruz de Marcenado 26, 28015 Madrid (Spain); Salazar, J. [Empresas Publicas de Medellin, Carrera 58 No. 42-125 Edificio Inteligente, Medellin (Colombia); Sanchez, J.J. [Secretaria de Estado de Cambio Climatico, Ministerio de Medio Ambiente, Rural y Marino. Plaza San Juan de la Cruz, 28071 Madrid (Spain)

    2011-01-15

    In an attempt to provide electricity generation investors with appropriate economic incentives so as to maintain quality of supply at socially optimal levels, a growing number of electricity market regulators have opted for implementing a security of supply mechanism based on long-term auctions. In this context, the ability to analyze long-term investment dynamics is a key issue not only for market agents, but also for regulators. This paper describes a model developed to serve this purpose. A general system-dynamics-inspired methodology has been designed to be able to simulate these long-term auction mechanisms in the formats presently in place. A full-scale simulation based on the Colombian system was conducted to illustrate model capabilities. (author)

  17. Android based security and home automation system

    OpenAIRE

    Khan, Sadeque Reza; Dristy, Farzana Sultana

    2015-01-01

    The smart mobile terminal operator platform Android is getting popular all over the world with its wide variety of applications and enormous use in numerous spheres of our daily life. Considering the fact of increasing demand of home security and automation, an Android based control system is presented in this paper where the proposed system can maintain the security of home main entrance and also the car door lock. Another important feature of the designed system is that it can control the o...

  18. Formal Analysis of Graphical Security Models

    DEFF Research Database (Denmark)

    Aslanyan, Zaruhi

    , software components and human actors interacting with each other to form so-called socio-technical systems. The importance of socio-technical systems to modern societies requires verifying their security properties formally, while their inherent complexity makes manual analyses impracticable. Graphical...... models for security offer an unrivalled opportunity to describe socio-technical systems, for they allow to represent different aspects like human behaviour, computation and physical phenomena in an abstract yet uniform manner. Moreover, these models can be assigned a formal semantics, thereby allowing...... formal verification of their properties. Finally, their appealing graphical notations enable to communicate security concerns in an understandable way also to non-experts, often in charge of the decision making. This dissertation argues that automated techniques can be developed on graphical security...

  19. Security Attributes Based Digital Rights Management

    NARCIS (Netherlands)

    Chong, C.N.; van Buuren, R.; van Buuren, R.F.; Hartel, Pieter H.; Kleinhuis, Geert; Boavida, F.; Monteiro, E.; Orvalho, J.

    2002-01-01

    Most real-life systems delegate responsibilities to different authorities. We apply this model to a digital rights management system, to achieve flexible security. In our model a hierarchy of authorities issues certificates that are linked by cryptographic means. This linkage establishes a chain of

  20. Security Attributes Based Digital Rights Management

    NARCIS (Netherlands)

    Chong, C.N.; van Buuren, R.; Hartel, Pieter H.; Kleinhuis, Geert

    ost real-life systems delegate responsibilities to di�erent authorities. We apply this model to a dig- ital rights management system, to achieve exible security. In our model a hierarchy of authorities issues certi�cates that are linked by cryptographic means. This linkage establishes a chain of

  1. Security Issues for Intelligence Information System based on Service-Oriented Architecture

    OpenAIRE

    Ackoski, Jugoslav; Trajkovik, Vladimir; Davcev, Danco

    2011-01-01

    Security is important requirement for service-oriented architecture (SOA), because SOA considers widespread services on different location and diverse operational platforms. Main challenge for SOA Security still drifts around “clouds” and that is insufficient frameworks for security models based on consistent and convenient methods. Contemporary security architectures and security protocols are in the phase of developing. SOA based systems are characterized with differences ...

  2. Security Modeling on the Supply Chain Networks

    Directory of Open Access Journals (Sweden)

    Marn-Ling Shing

    2007-10-01

    Full Text Available In order to keep the price down, a purchaser sends out the request for quotation to a group of suppliers in a supply chain network. The purchaser will then choose a supplier with the best combination of price and quality. A potential supplier will try to collect the related information about other suppliers so he/she can offer the best bid to the purchaser. Therefore, confidentiality becomes an important consideration for the design of a supply chain network. Chen et al. have proposed the application of the Bell-LaPadula model in the design of a secured supply chain network. In the Bell-LaPadula model, a subject can be in one of different security clearances and an object can be in one of various security classifications. All the possible combinations of (Security Clearance, Classification pair in the Bell-LaPadula model can be thought as different states in the Markov Chain model. This paper extends the work done by Chen et al., provides more details on the Markov Chain model and illustrates how to use it to monitor the security state transition in the supply chain network.

  3. Security Measurement for Unknown Threats Based on Attack Preferences

    Directory of Open Access Journals (Sweden)

    Lihua Yin

    2018-01-01

    Full Text Available Security measurement matters to every stakeholder in network security. It provides security practitioners the exact security awareness. However, most of the works are not applicable to the unknown threat. What is more, existing efforts on security metric mainly focus on the ease of certain attack from a theoretical point of view, ignoring the “likelihood of exploitation.” To help administrator have a better understanding, we analyze the behavior of attackers who exploit the zero-day vulnerabilities and predict their attack timing. Based on the prediction, we propose a method of security measurement. In detail, we compute the optimal attack timing from the perspective of attacker, using a long-term game to estimate the risk of being found and then choose the optimal timing based on the risk and profit. We design a learning strategy to model the information sharing mechanism among multiattackers and use spatial structure to model the long-term process. After calculating the Nash equilibrium for each subgame, we consider the likelihood of being attacked for each node as the security metric result. The experiment results show the efficiency of our approach.

  4. AVIATION SECURITY AS AN OBJECT OF MATHEMATICAL MODELING

    Directory of Open Access Journals (Sweden)

    N. Elisov Lev

    2017-01-01

    Full Text Available The paper presents a mathematical formulation of the problem formalization of the subject area related to aviation security in civil aviation. The formalization task is determined by the modern issue of providing aviation security. Aviationsecurity in modern systems is based upon organizational standard of security control. This standard doesn’t require calcu- lating the security level. It allows solving the aviation security task without estimating the solution and evaluating the per- formance of security facilities. The issue of acceptable aviation security level stays unsolved, because its control lies in inspections that determine whether the object security facilities meet the requirements or not. The pending problem is also in whether the requirements are calculable and the evaluation is subjective.Lately, there has been determined quite a certain tendency to consider aviation security issues from the perspective of its level optimal control with the following identification, calculation and evaluation problems solving and decision mak- ing. The obtained results analysis in this direction shows that it’s strongly recommended to move to object formalization problem, which provides a mathematical modeling for aviation security control optimization.In this case, the authors assume to find the answer in the process of object formalization. Therefore aviation secu- rity is presented as some security environment condition, which defines the parameters associated with the object protec-tion system quality that depends on the use of protective equipment in conditions of counteraction to factors of external andinternal threats. It is shown that the proposed model belongs to a class of boundary value problems described by differential equations in partial derivatives. The classification of boundary value problems is presented.

  5. Econometric modelling of economic security in business operations management

    OpenAIRE

    Chagovets, L. О.; Nevezhin, V. P.; Zakharova, О. V.

    2014-01-01

    The article deals with econometric modeling of economic security. The model of evaluating transaction costs effect on the level of enterprise economic security is provided. The econometric models of evaluating economic security that are used in research are based on panel data. According to the results, the reserves for increasing the general level of economic security due to transaction costs reduction are revealed. Розглянуто питання економетричного моделювання економічної безпеки. Предс...

  6. Physical security technology base programs for physical security

    International Nuclear Information System (INIS)

    Jacobs, J.

    1986-01-01

    Sandia National Laboratories is the US Department of Energy's lead laboratory for physical security research and development (R and D). In support of this mission, Sandia has maintained for several years an R and D program in each of the following technology areas: Intrusion Detection, Entry Control, CCTV Assessment, Access Delay, Alarm Display, and Guard Equipment and Training. The purpose of the technology base programs is to maintain cognizance of the capabilities of the commercial market, identify improvements and transfer technology to industry and facilities. The output of these programs supports the development of new equipment and advanced system concepts, demonstrations of proof-of-principles and system implementation. This paper will review the status of current developments and discuss trends in new technologies which are being explored for future applications, i.e., artificial intelligence, expert systems, robotics, and more automated systems

  7. EPC: A Provably Secure Permutation Based Compression Function

    DEFF Research Database (Denmark)

    Bagheri, Nasour; Gauravaram, Praveen; Naderi, Majid

    2010-01-01

    The security of permutation-based hash functions in the ideal permutation model has been studied when the input-length of compression function is larger than the input-length of the permutation function. In this paper, we consider permutation based compression functions that have input lengths sh...

  8. Safe and Secure Services Based on NGN

    Science.gov (United States)

    Fukazawa, Tomoo; Nisase, Takemi; Kawashima, Masahisa; Hariu, Takeo; Oshima, Yoshihito

    Next Generation Network (NGN), which has been undergoing standardization as it has developed, is expected to create new services that converge the fixed and mobile networks. This paper introduces the basic requirements for NGN in terms of security and explains the standardization activities, in particular, the requirements for the security function described in Y.2701 discussed in ITU-T SG-13. In addition to the basic NGN security function, requirements for NGN authentication are also described from three aspects: security, deployability, and service. As examples of authentication implementation, three profiles-namely, fixed, nomadic, and mobile-are defined in this paper. That is, the “fixed profile” is typically for fixed-line subscribers, the “nomadic profile” basically utilizes WiFi access points, and the “mobile profile” provides ideal NGN mobility for mobile subscribers. All three of these profiles satisfy the requirements from security aspects. The three profiles are compared from the viewpoint of requirements for deployability and service. After showing that none of the three profiles can fulfill all of the requirements, we propose that multiple profiles should be used by NGN providers. As service and application examples, two promising NGN applications are proposed. The first is a strong authentication mechanism that makes Web applications more safe and secure even against password theft. It is based on NGN ID federation function. The second provides an easy peer-to-peer broadband virtual private network service aimed at safe and secure communication for personal/SOHO (small office, home office) users, based on NGN SIP (session initiation protocol) session control.

  9. Analysis of Vehicle-Based Security Operations

    Energy Technology Data Exchange (ETDEWEB)

    Carter, Jason M [ORNL; Paul, Nate R [ORNL

    2015-01-01

    Vehicle-to-vehicle (V2V) communications promises to increase roadway safety by providing each vehicle with 360 degree situational awareness of other vehicles in proximity, and by complementing onboard sensors such as radar or camera in detecting imminent crash scenarios. In the United States, approximately three hundred million automobiles could participate in a fully deployed V2V system if Dedicated Short-Range Communication (DSRC) device use becomes mandatory. The system s reliance on continuous communication, however, provides a potential means for unscrupulous persons to transmit false data in an attempt to cause crashes, create traffic congestion, or simply render the system useless. V2V communications must be highly scalable while retaining robust security and privacy preserving features to meet the intra-vehicle and vehicle-to-infrastructure communication requirements for a growing vehicle population. Oakridge National Research Laboratory is investigating a Vehicle-Based Security System (VBSS) to provide security and privacy for a fully deployed V2V and V2I system. In the VBSS an On-board Unit (OBU) generates short-term certificates and signs Basic Safety Messages (BSM) to preserve privacy and enhance security. This work outlines a potential VBSS structure and its operational concepts; it examines how a vehicle-based system might feasibly provide security and privacy, highlights remaining challenges, and explores potential mitigations to address those challenges. Certificate management alternatives that attempt to meet V2V security and privacy requirements have been examined previously by the research community including privacy-preserving group certificates, shared certificates, and functional encryption. Due to real-world operational constraints, adopting one of these approaches for VBSS V2V communication is difficult. Timely misbehavior detection and revocation are still open problems for any V2V system. We explore the alternative approaches that may be

  10. POLICE OFFICE MODEL IMPROVEMENT FOR SECURITY OF SWARM ROBOTIC SYSTEMS

    Directory of Open Access Journals (Sweden)

    I. A. Zikratov

    2014-09-01

    Full Text Available This paper focuses on aspects of information security for group of mobile robotic systems with swarm intellect. The ways for hidden attacks realization by the opposing party on swarm algorithm are discussed. We have fulfilled numerical modeling of potentially destructive information influence on the ant shortest path algorithm. We have demonstrated the consequences of attacks on the ant algorithm with different concentration in a swarm of subversive robots. Approaches are suggested for information security mechanisms in swarm robotic systems, based on the principles of centralized security management for mobile agents. We have developed the method of forming a self-organizing information security management system for robotic agents in swarm groups implementing POM (Police Office Model – a security model based on police offices, to provide information security in multi-agent systems. The method is based on the usage of police station network in the graph nodes, which have functions of identification and authentication of agents, identifying subversive robots by both their formal characteristics and their behavior in the swarm. We have suggested a list of software and hardware components for police stations, consisting of: communication channels between the robots in police office, nodes register, a database of robotic agents, a database of encryption and decryption module. We have suggested the variants of logic for the mechanism of information security in swarm systems with different temporary diagrams of data communication between police stations. We present comparative analysis of implementation of protected swarm systems depending on the functioning logic of police offices, integrated in swarm system. It is shown that the security model saves the ability to operate in noisy environments, when the duration of the interference is comparable to the time necessary for the agent to overcome the path between police stations.

  11. FS-OpenSecurity: A Taxonomic Modeling of Security Threats in SDN for Future Sustainable Computing

    Directory of Open Access Journals (Sweden)

    Yunsick Sung

    2016-09-01

    Full Text Available Software Defined Networking (SDN has brought many changes in terms of the interaction processes between systems and humans. It has become the key enabler of software defined architecture, which allows enterprises to build a highly agile Information Technology (IT infrastructure. For Future Sustainability Computing (FSC, SDN needs to deliver on many information technology commitments—more automation, simplified design, increased agility, policy-based management, and network management bond to more liberal IT workflow systems. To address the sustainability problems, SDN needs to provide greater collaboration and tighter integration with networks, servers, and security teams that will have an impact on how enterprises design, plan, deploy and manage networks. In this paper, we propose FS-OpenSecurity, which is a new and pragmatic security architecture model. It consists of two novel methodologies, Software Defined Orchestrator (SDO and SQUEAK, which offer a robust and secure architecture. The secure architecture is required for protection from diverse threats. Usually, security administrators need to handle each threat individually. However, handling threats automatically by adapting to the threat landscape is a critical demand. Therefore, the architecture must handle defensive processes automatically that are collaboratively based on intelligent external and internal information.

  12. Cyber Situation Awareness through Instance-Based Learning: Modeling the Security Analyst in a Cyber-Attack Scenario

    Science.gov (United States)

    2012-01-01

    Chocolate Avenue Hershey PA 17033 Tel: 717-533-8845 Fax: 717-533-8661 E-mail: cust@igi-global.com Web site: http://www.igi-global.com Copyright © 2011...program and obtain control on the machine (event 21st out of 25). During the course of this simple scenario, a security analyst is able to observe...G. A. (1989). Recognition-primed deci- sions. In Rouse, W. B. (Ed.), Advances in man- machine system research (Vol. 5, pp. 47–92). Greenwich, CT

  13. Language Based Security for Java and JML

    NARCIS (Netherlands)

    Warnier, M.E.

    2006-01-01

    Programs contain bugs. Finding program bugs is important, especially in situations where safety and security of a program is required. This thesis proposes a number of analysis methods for enforcing the absence of such bugs. In the first part of the thesis the Java Modeling Language (JML) is the

  14. Information Governance: A Model for Security in Medical Practice

    Directory of Open Access Journals (Sweden)

    Patricia A.H. Williams

    2007-03-01

    Full Text Available Information governance is becoming an important aspect of organisational accountability. In consideration that information is an integral asset of most organisations, the protection of this asset will increasingly rely on organisational capabilities in security.  In the medical arena this information is primarily sensitive patient-based information. Previous research has shown that application of security measures is a low priority for primary care medical practice and that awareness of the risks are seriously underestimated. Consequently, information security governance will be a key issue for medical practice in the future. Information security governance is a relatively new term and there is little existing research into how to meet governance requirements. The limited research that exists describes information security governance frameworks at a strategic level. However, since medical practice is already lagging in the implementation of appropriate security, such definition may not be practical although it is obviously desirable. This paper describes an on-going action research project undertaken in the area of medical information security, and presents a tactical approach model aimed at addressing information security governance and the protection of medical data. 

  15. Parental attachment style: examination of links with parent secure base provision and adolescent secure base use.

    Science.gov (United States)

    Jones, Jason D; Cassidy, Jude

    2014-01-01

    The secure base construct represents one of attachment theory's most important contributions to our understanding of parent-child relationships and child development. The present study represents the first examination of how parents' self-reported attachment styles relate to parental secure base provision and adolescent (mean age = 16.6 years, SE = .59) secure base use during an observed parent-adolescent interaction. Further, the present study is the first to examine how fathers', as well as mothers', attachment styles relate to observed behavior in a parent-child interaction. At the bivariate level, maternal avoidance, but not anxiety, was negatively associated with observed adolescent secure base use. In addition, path analysis revealed that maternal avoidance was indirectly related to less adolescent secure base use through mothers' self-reported hostile behavior toward their adolescents and through adolescents' less positive perceptions of their mothers. Further, paternal anxiety, but not avoidance, was indirectly related to less adolescent secure base use through fathers' self-reported hostile behavior toward their adolescents. No significant findings emerged in relation to parental secure base provision. We discuss these results in the context of attachment theory and suggest directions for future research.

  16. Secure information transfer based on computing reservoir

    Energy Technology Data Exchange (ETDEWEB)

    Szmoski, R.M.; Ferrari, F.A.S. [Department of Physics, Universidade Estadual de Ponta Grossa, 84030-900, Ponta Grossa (Brazil); Pinto, S.E. de S, E-mail: desouzapinto@pq.cnpq.br [Department of Physics, Universidade Estadual de Ponta Grossa, 84030-900, Ponta Grossa (Brazil); Baptista, M.S. [Institute for Complex Systems and Mathematical Biology, SUPA, University of Aberdeen, Aberdeen (United Kingdom); Viana, R.L. [Department of Physics, Universidade Federal do Parana, 81531-990, Curitiba, Parana (Brazil)

    2013-04-01

    There is a broad area of research to ensure that information is transmitted securely. Within this scope, chaos-based cryptography takes a prominent role due to its nonlinear properties. Using these properties, we propose a secure mechanism for transmitting data that relies on chaotic networks. We use a nonlinear on–off device to cipher the message, and the transfer entropy to retrieve it. We analyze the system capability for sending messages, and we obtain expressions for the operating time. We demonstrate the system efficiency for a wide range of parameters. We find similarities between our method and the reservoir computing.

  17. Probabilistic reasoning with graphical security models

    NARCIS (Netherlands)

    Kordy, Barbara; Pouly, Marc; Schweitzer, Patrick

    This work provides a computational framework for meaningful probabilistic evaluation of attack–defense scenarios involving dependent actions. We combine the graphical security modeling technique of attack–defense trees with probabilistic information expressed in terms of Bayesian networks. In order

  18. Modelling mobility aspects of security policies

    NARCIS (Netherlands)

    Hartel, Pieter H.; van Eck, Pascal; Etalle, Sandro; Wieringa, Roelf J.; Barthe, G.; Burdy, L.; Huisman, Marieke; Lanet, J.-L.; Muntean, T.

    Security policies are rules that constrain the behaviour of a system. Different, largely unrelated sets of rules typically govern the physical and logical worlds. However, increased hardware and software mobility forces us to consider those rules in an integrated fashion. We present SPIN models of

  19. Spent fuel reprocessing system security engineering capability maturity model

    International Nuclear Information System (INIS)

    Liu Yachun; Zou Shuliang; Yang Xiaohua; Ouyang Zigen; Dai Jianyong

    2011-01-01

    In the field of nuclear safety, traditional work places extra emphasis on risk assessment related to technical skills, production operations, accident consequences through deterministic or probabilistic analysis, and on the basis of which risk management and control are implemented. However, high quality of product does not necessarily mean good safety quality, which implies a predictable degree of uniformity and dependability suited to the specific security needs. In this paper, we make use of the system security engineering - capability maturity model (SSE-CMM) in the field of spent fuel reprocessing, establish a spent fuel reprocessing systems security engineering capability maturity model (SFR-SSE-CMM). The base practices in the model are collected from the materials of the practice of the nuclear safety engineering, which represent the best security implementation activities, reflect the regular and basic work of the implementation of the security engineering in the spent fuel reprocessing plant, the general practices reveal the management, measurement and institutional characteristics of all process activities. The basic principles that should be followed in the course of implementation of safety engineering activities are indicated from 'what' and 'how' aspects. The model provides a standardized framework and evaluation system for the safety engineering of the spent fuel reprocessing system. As a supplement to traditional methods, this new assessment technique with property of repeatability and predictability with respect to cost, procedure and quality control, can make or improve the activities of security engineering to become a serial of mature, measurable and standard activities. (author)

  20. Smart Sensing Based on DNA-Metal Interaction Enables a Label-Free and Resettable Security Model of Electrochemical Molecular Keypad Lock.

    Science.gov (United States)

    Du, Yan; Han, Xu; Wang, Chenxu; Li, Yunhui; Li, Bingling; Duan, Hongwei

    2018-01-26

    Recently, molecular keypad locks have received increasing attention. As a new subgroup of smart biosensors, they show great potential for protecting information as a molecular security data processor, rather than merely molecular recognition and quantitation. Herein, label-free electrochemically transduced Ag + and cysteine (Cys) sensors were developed. A molecular keypad lock model with reset function was successfully realized based on the balanced interaction of metal ion with its nucleic acid and chemical ligands. The correct input of "1-2-3" (i.e., "Ag + -Cys-cDNA") is the only password of such molecular keypad lock. Moreover, the resetting process of either correct or wrong input order could be easily made by Cys, buffer, and DI water treatment. Therefore, our system provides an even smarter system of molecular keypad lock, which could inhibit illegal access of unauthorized users, holding great promise in information protection at the molecular level.

  1. Impacts of Irrigation and Climate Change on Water Security: Using Stakeholder Engagement to Inform a Process-based Crop Model

    Science.gov (United States)

    Leonard, A.; Flores, A. N.; Han, B.; Som Castellano, R.; Steimke, A.

    2016-12-01

    Irrigation is an essential component for agricultural production in arid and semi-arid regions, accounting for a majority of global freshwater withdrawals used for human consumption. Since climate change affects both the spatiotemporal demand and availability of water in irrigated areas, agricultural productivity and water efficiency depend critically on how producers adapt and respond to climate change. It is necessary, therefore, to understand the coevolution and feedbacks between humans and agricultural systems. Integration of social and hydrologic processes can be achieved by active engagement with local stakeholders and applying their expertise to models of coupled human-environment systems. Here, we use a process based crop simulation model (EPIC) informed by stakeholder engagement to determine how both farm management and climate change influence regional agricultural water use and production in the Lower Boise River Basin (LBRB) of southwest Idaho. Specifically, we investigate how a shift from flood to sprinkler fed irrigation would impact a watershed's overall agricultural water use under RCP 4.5 and RCP 8.5 climate scenarios. The LBRB comprises about 3500 km2, of which 20% is dedicated to irrigated crops and another 40% to grass/pasture grazing land. Via interviews of stakeholders in the LBRB, we have determined that approximately 70% of irrigated lands in the region are flood irrigated. We model four common crops produced in the LBRB (alfalfa, corn, winter wheat, and sugarbeets) to investigate both hydrologic and agricultural impacts of irrigation and climatic drivers. Factors influencing farmers' decision to switch from flood to sprinkler irrigation include potential economic benefits, external financial incentives, and providing a buffer against future water shortages. These two irrigation practices are associated with significantly different surface water and energy budgets, and large-scale shifts in practice could substantially impact regional

  2. Reputation-based secure sensor localization in wireless sensor networks.

    Science.gov (United States)

    He, Jingsha; Xu, Jing; Zhu, Xingye; Zhang, Yuqiang; Zhang, Ting; Fu, Wanqing

    2014-01-01

    Location information of sensor nodes in wireless sensor networks (WSNs) is very important, for it makes information that is collected and reported by the sensor nodes spatially meaningful for applications. Since most current sensor localization schemes rely on location information that is provided by beacon nodes for the regular sensor nodes to locate themselves, the accuracy of localization depends on the accuracy of location information from the beacon nodes. Therefore, the security and reliability of the beacon nodes become critical in the localization of regular sensor nodes. In this paper, we propose a reputation-based security scheme for sensor localization to improve the security and the accuracy of sensor localization in hostile or untrusted environments. In our proposed scheme, the reputation of each beacon node is evaluated based on a reputation evaluation model so that regular sensor nodes can get credible location information from highly reputable beacon nodes to accomplish localization. We also perform a set of simulation experiments to demonstrate the effectiveness of the proposed reputation-based security scheme. And our simulation results show that the proposed security scheme can enhance the security and, hence, improve the accuracy of sensor localization in hostile or untrusted environments.

  3. A Layered Decision Model for Cost-Effective System Security

    Energy Technology Data Exchange (ETDEWEB)

    Wei, Huaqiang; Alves-Foss, James; Soule, Terry; Pforsich, Hugh; Zhang, Du; Frincke, Deborah A.

    2008-10-01

    System security involves decisions in at least three areas: identification of well-defined security policies, selection of cost-effective defence strategies, and implementation of real-time defence tactics. Although choices made in each of these areas affect the others, existing decision models typically handle these three decision areas in isolation. There is no comprehensive tool that can integrate them to provide a single efficient model for safeguarding a network. In addition, there is no clear way to determine which particular combinations of defence decisions result in cost-effective solutions. To address these problems, this paper introduces a Layered Decision Model (LDM) for use in deciding how to address defence decisions based on their cost-effectiveness. To validate the LDM and illustrate how it is used, we used simulation to test model rationality and applied the LDM to the design of system security for an e-commercial business case.

  4. Systems Security Engineering Capability Maturity Model SSE-CMM Model Description Document

    National Research Council Canada - National Science Library

    1999-01-01

    The Systems Security Engineering Capability Maturity Model (SSE-CMM) describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering...

  5. Adaptable Authentication Model: Exploring Security with Weaker Attacker Models

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    2011-01-01

    suffer because of the identified vulnerabilities. Therefore, we may need to analyze a protocol for weaker notions of security. In this paper, we present a security model that supports such weaker notions. In this model, the overall goals of an authentication protocol are broken into a finer granularity......; for each fine level authentication goal, we determine the “least strongest-attacker” for which the authentication goal can be satisfied. We demonstrate that this model can be used to reason about the security of supposedly insecure protocols. Such adaptability is particularly useful in those applications...

  6. Research on network information security model and system construction

    OpenAIRE

    Wang Haijun

    2016-01-01

    It briefly describes the impact of large data era on China’s network policy, but also brings more opportunities and challenges to the network information security. This paper reviews for the internationally accepted basic model and characteristics of network information security, and analyses the characteristics of network information security and their relationship. On the basis of the NIST security model, this paper describes three security control schemes in safety management model and the...

  7. Using a Prediction Model to Manage Cyber Security Threats

    Directory of Open Access Journals (Sweden)

    Venkatesh Jaganathan

    2015-01-01

    Full Text Available Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

  8. Using a Prediction Model to Manage Cyber Security Threats.

    Science.gov (United States)

    Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

    2015-01-01

    Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

  9. Using a Prediction Model to Manage Cyber Security Threats

    Science.gov (United States)

    Muthu Sivashanmugam, Premapriya

    2015-01-01

    Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization. PMID:26065024

  10. An Integrative Behavioral Model of Information Security Policy Compliance

    Directory of Open Access Journals (Sweden)

    Sang Hoon Kim

    2014-01-01

    Full Text Available The authors found the behavioral factors that influence the organization members’ compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members’ attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1 the study is expected to play a role of the baseline for future research about organization members’ compliance with the information security policy, (2 the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3 the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training

  11. An integrative behavioral model of information security policy compliance.

    Science.gov (United States)

    Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

    2014-01-01

    The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing

  12. Modelling operations and security of cloud systems using Z-notation and Chinese Wall security policy

    Science.gov (United States)

    Basu, Srijita; Sengupta, Anirban; Mazumdar, Chandan

    2016-11-01

    Enterprises are increasingly using cloud computing for hosting their applications. Availability of fast Internet and cheap bandwidth are causing greater number of people to use cloud-based services. This has the advantage of lower cost and minimum maintenance. However, ensuring security of user data and proper management of cloud infrastructure remain major areas of concern. Existing techniques are either too complex, or fail to properly represent the actual cloud scenario. This article presents a formal cloud model using the constructs of Z-notation. Principles of the Chinese Wall security policy have been applied to design secure cloud-specific operations. The proposed methodology will enable users to safely host their services, as well as process sensitive data, on cloud.

  13. Vehicle security encryption based on unlicensed encryption

    Science.gov (United States)

    Huang, Haomin; Song, Jing; Xu, Zhijia; Ding, Xiaoke; Deng, Wei

    2018-03-01

    The current vehicle key is easy to be destroyed and damage, proposing the use of elliptical encryption algorithm is improving the reliability of vehicle security system. Based on the encryption rules of elliptic curve, the chip's framework and hardware structure are designed, then the chip calculation process simulation has been analyzed by software. The simulation has been achieved the expected target. Finally, some issues pointed out in the data calculation about the chip's storage control and other modules.

  14. Provably Secure Password-based Authentication in TLS

    Energy Technology Data Exchange (ETDEWEB)

    Abdalla, Michel; Emmanuel, Bresson; Chevassut, Olivier; Moeller,Bodo; Pointcheval, David

    2005-12-20

    In this paper, we show how to design an efficient, provably secure password-based authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify themselves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Diffie-Hellman ciphersuites in which the client's Diffie-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised to the power of (a hash of) the password.The SOKE ciphersuites, in advantage over previous pass-word-based authentication ciphersuites for TLS, combine the following features. First, SOKE has formal security arguments; the proof of security based on the computational Diffie-Hellman assumption is in the random oracle model, and holds for concurrent executions and for arbitrarily large password dictionaries. Second, SOKE is computationally efficient; in particular, it only needs operations in a sufficiently large prime-order subgroup for its Diffie-Hellman computations (no safe primes). Third, SOKE provides good protocol flexibility because the user identity and password are only required once a SOKE ciphersuite has actually been negotiated, and after the server has sent a server identity.

  15. Design and realization of a network security model

    OpenAIRE

    WANG, Jiahai; HAN, Fangxi; Tang, Zheng; TAMURA, Hiroki; Ishii, Masahiro

    2002-01-01

    The security of information is a key problem in the development of network technology. The basic requirements of security of information clearly include confidentiality, integrity, authentication and non-repudiation. This paper proposes a network security model that is composed of security system, security connection and communication, and key management. The model carries out encrypting, decrypting, signature and ensures confidentiality, integrity, authentication and non-repudiation. Finally...

  16. Prototype of smart office system using based security system

    Science.gov (United States)

    Prasetyo, T. F.; Zaliluddin, D.; Iqbal, M.

    2018-05-01

    Creating a new technology in the modern era gives a positive impact on business and industry. Internet of Things (IoT) as a new communication technology is very useful in realizing smart systems such as: smart home, smart office, smart parking and smart city. This study presents a prototype of the smart office system which was designed as a security system based on IoT. Smart office system development method used waterfall model. IoT-based smart office system used platform (project builder) cayenne so that. The data can be accessed and controlled through internet network from long distance. Smart office system used arduino mega 2560 microcontroller as a controller component. In this study, Smart office system is able to detect threats of dangerous objects made from metals, earthquakes, fires, intruders or theft and perform security monitoring outside the building by using raspberry pi cameras on autonomous robots in real time to the security guard.

  17. Trust Model to Enhance Security and Interoperability of Cloud Environment

    Science.gov (United States)

    Li, Wenjuan; Ping, Lingdi

    Trust is one of the most important means to improve security and enable interoperability of current heterogeneous independent cloud platforms. This paper first analyzed several trust models used in large and distributed environment and then introduced a novel cloud trust model to solve security issues in cross-clouds environment in which cloud customer can choose different providers' services and resources in heterogeneous domains can cooperate. The model is domain-based. It divides one cloud provider's resource nodes into the same domain and sets trust agent. It distinguishes two different roles cloud customer and cloud server and designs different strategies for them. In our model, trust recommendation is treated as one type of cloud services just like computation or storage. The model achieves both identity authentication and behavior authentication. The results of emulation experiments show that the proposed model can efficiently and safely construct trust relationship in cross-clouds environment.

  18. CRISP. Information Security Models and Their Economics

    International Nuclear Information System (INIS)

    Gustavsson, R.; Mellstrand, P.; Tornqvist, B.

    2005-03-01

    The deliverable D1.6 includes background material and specifications of a CRISP Framework on protection of information assets related to power net management and management of business operations related to energy services. During the project it was discovered by the CRISP consortium that the original description of WP 1.6 was not adequate for the project as such. The main insight was that the original emphasis on cost-benefit analysis of security protection measures was to early to address in the project. This issue is of course crucial in itself but requires new models of consequence analysis that still remains to be developed, especially for the new business models we are investigated in the CRISP project. The updated and approved version of the WP1.6 description, together with the also updated WP2.4 focus on Dependable ICT support of Power Grid Operations constitutes an integrated approach towards dependable and secure future utilities and their business processes. This document (D1.6) is a background to deliverable D2.4. Together they provide a dependability and security framework to the three CRISP experiments in WP3

  19. The Latent Structure of Secure Base Script Knowledge

    Science.gov (United States)

    Waters, Theodore E. A.; Fraley, R. Chris; Groh, Ashley M.; Steele, Ryan D.; Vaughn, Brian E.; Bost, Kelly K.; Veríssimo, Manuela; Coppola, Gabrielle; Roisman, Glenn I.

    2015-01-01

    There is increasing evidence that attachment representations abstracted from childhood experiences with primary caregivers are organized as a cognitive script describing secure base use and support (i.e., the "secure base script"). To date, however, the latent structure of secure base script knowledge has gone unexamined--this despite…

  20. Risk assessment of security systems based on entropy theory and the Neyman–Pearson criterion

    International Nuclear Information System (INIS)

    Lv, Haitao; Yin, Chao; Cui, Zongmin; Zhan, Qin; Zhou, Hongbo

    2015-01-01

    For a security system, the risk assessment is an important method to verdict whether its protection effectiveness is good or not. In this paper, a security system is regarded abstractly as a network by the name of a security network. A security network is made up of security nodes that are abstract functional units with the ability of detecting, delaying and responding. By the use of risk entropy and the Neyman–Pearson criterion, we construct a model to computer the protection probability of any position in the area where a security network is deployed. We provide a solution to find the most vulnerable path of a security network and the protection probability on the path is considered as the risk measure. Finally, we study the effect of some parameters on the risk and the breach protection probability of a security network. Ultimately, we can gain insight about the risk assessment of a security system. - Highlights: • A security system is regarded abstractly as a network made up of security nodes. • We construct a model to computer the protection probability provided by a security network. • We provide a better solution to find the most vulnerable path of a security network. • We build a risk assessment model for a security network based on the most vulnerable path

  1. Future consumer mobile phone security: A case study using the data-centric security model

    NARCIS (Netherlands)

    van Cleeff, A.

    Consumer mobile phone security requires more attention, now that their data storage capacity is increasing. At the same time, much effort is spent on data-centric security for large enterprises. In this article we try to apply data-centric security to consumer mobile phones. We show a maturity model

  2. Secure direct communication based on secret transmitting order of particles

    International Nuclear Information System (INIS)

    Zhu Aidong; Zhang Shou; Xia Yan; Fan Qiubo

    2006-01-01

    We propose the schemes of quantum secure direct communication based on a secret transmitting order of particles. In these protocols, the secret transmitting order of particles ensures the security of communication, and no secret messages are leaked even if the communication is interrupted for security. This strategy of security for communication is also generalized to a quantum dialogue. It not only ensures the unconditional security but also improves the efficiency of communication

  3. RFID Based Security Access Control System with GSM Technology

    OpenAIRE

    Peter Adole; Joseph M. Môm; Gabriel A. Igwue

    2016-01-01

    The security challenges being encountered in many places today require electronic means of controlling access to secured premises in addition to the available security personnel. Various technologies were used in different forms to solve these challenges. The Radio Frequency Identification (RFID) Based Access Control Security system with GSM technology presented in this work helps to prevent unauthorized access to controlled environments (secured premises). This is achieved mainly...

  4. Modeling and Security in Cloud Ecosystems

    Directory of Open Access Journals (Sweden)

    Eduardo B. Fernandez

    2016-04-01

    Full Text Available Clouds do not work in isolation but interact with other clouds and with a variety of systems either developed by the same provider or by external entities with the purpose to interact with them; forming then an ecosystem. A software ecosystem is a collection of software systems that have been developed to coexist and evolve together. The stakeholders of such a system need a variety of models to give them a perspective of the possibilities of the system, to evaluate specific quality attributes, and to extend the system. A powerful representation when building or using software ecosystems is the use of architectural models, which describe the structural aspects of such a system. These models have value for security and compliance, are useful to build new systems, can be used to define service contracts, find where quality factors can be monitored, and to plan further expansion. We have described a cloud ecosystem in the form of a pattern diagram where its components are patterns and reference architectures. A pattern is an encapsulated solution to a recurrent problem. We have recently expanded these models to cover fog systems and containers. Fog Computing is a highly-virtualized platform that provides compute, storage, and networking services between end devices and Cloud Computing Data Centers; a Software Container provides an execution environment for applications sharing a host operating system, binaries, and libraries with other containers. We intend to use this architecture to answer a variety of questions about the security of this system as well as a reference to design interacting combinations of heterogeneous components. We defined a metamodel to relate security concepts which is being expanded.

  5. A Container-based Trusted Multi-level Security Mechanism

    Directory of Open Access Journals (Sweden)

    Li Xiao-Yong

    2017-01-01

    Full Text Available Multi-level security mechanism has been widely applied in the military, government, defense and other domains in which information is required to be divided by security-level. Through this type of security mechanism, users at different security levels are provided with information at corresponding security levels. Traditional multi-level security mechanism which depends on the safety of operating system finally proved to be not practical. We propose a container-based trusted multi-level security mechanism in this paper to improve the applicability of the multi-level mechanism. It guarantees multi-level security of the system through a set of multi-level security policy rules and trusted techniques. The technical feasibility and application scenarios are also discussed. The ease of realization, strong practical significance and low cost of our method will largely expand the application of multi-level security mechanism in real life.

  6. Intelligent Security Auditing Based on Access Control of Devices in Ad Hoc Network

    Institute of Scientific and Technical Information of China (English)

    XU Guang-wei; SHI You-qun; ZHU Ming; WU Guo-wen; CAO Qi-ying

    2006-01-01

    Security in Ad Hoc network is an important issue under the opening circumstance of application service. Some protocols and models of security auditing have been proposed to ensure rationality of contracting strategy and operating regulation and used to identify abnormal operation. Model of security auditing based on access control of devices will be advanced to register sign of devices and property of event of access control and to audit those actions. In the end, the model is analyzed and simulated.

  7. Achieving Security Assurance with Assertion-based Application Construction

    Directory of Open Access Journals (Sweden)

    Carlos E. Rubio-Medrano

    2015-12-01

    Full Text Available Modern software applications are commonly built by leveraging pre-fabricated modules, e.g. application programming interfaces (APIs, which are essential to implement the desired functionalities of software applications, helping reduce the overall development costs and time. When APIs deal with security-related functionality, it is critical to ensure they comply with their design requirements since otherwise unexpected flaws and vulnerabilities may consequently occur. Often, such APIs may lack sufficient specification details, or may implement a semantically-different version of a desired security model to enforce, thus possibly complicating the runtime enforcement of security properties and making it harder to minimize the existence of serious vulnerabilities. This paper proposes a novel approach to address such a critical challenge by leveraging the notion of software assertions. We focus on security requirements in role-based access control models and show how proper verification at the source-code level can be performed with our proposed approach as well as with automated state-of-the-art assertion-based techniques.

  8. Risk Based Security Management at Research Reactors

    Energy Technology Data Exchange (ETDEWEB)

    Ek, David R. [Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States)

    2015-09-01

    This presentation provides a background of what led to the international emphasis on nuclear security and describes how nuclear security is effectively implemented so as to preserve the societal benefits of nuclear and radioactive materials.

  9. IoT Security Techniques Based on Machine Learning

    OpenAIRE

    Xiao, Liang; Wan, Xiaoyue; Lu, Xiaozhen; Zhang, Yanyong; Wu, Di

    2018-01-01

    Internet of things (IoT) that integrate a variety of devices into networks to provide advanced and intelligent services have to protect user privacy and address attacks such as spoofing attacks, denial of service attacks, jamming and eavesdropping. In this article, we investigate the attack model for IoT systems, and review the IoT security solutions based on machine learning techniques including supervised learning, unsupervised learning and reinforcement learning. We focus on the machine le...

  10. 76 FR 46668 - Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based Swap...

    Science.gov (United States)

    2011-08-03

    ... SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 [Release No. 34-64766; File No. S7-25-11] RIN 3235-AL10 Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based Swap Participants Correction In proposed rule document number 2011-16758, appearing on pages 42396-42455 in the...

  11. On the Need for Relaxed Security Models

    DEFF Research Database (Denmark)

    Slides for the opening panel on "Issues in the Security of Wireless Network systems" at ICETE 2008.......Slides for the opening panel on "Issues in the Security of Wireless Network systems" at ICETE 2008....

  12. A study of the security technology and a new security model for WiFi network

    Science.gov (United States)

    Huang, Jing

    2013-07-01

    The WiFi network is one of the most rapidly developing wireless communication networks, which makes wireless office and wireless life possible and greatly expands the application form and scope of the internet. At the same time, the WiFi network security has received wide attention, and this is also the key factor of WiFi network development. This paper makes a systematic introduction to the WiFi network and WiFi network security problems, and the WiFi network security technology are reviewed and compared. In order to solve the security problems in WiFi network, this paper presents a new WiFi network security model and the key exchange algorithm. Experiments are performed to test the performance of the model, the results show that the new security model can withstand external network attack and ensure stable and safe operation of WiFi network.

  13. Secured web-based video repository for multicenter studies.

    Science.gov (United States)

    Yan, Ling; Hicks, Matt; Winslow, Korey; Comella, Cynthia; Ludlow, Christy; Jinnah, H A; Rosen, Ami R; Wright, Laura; Galpern, Wendy R; Perlmutter, Joel S

    2015-04-01

    We developed a novel secured web-based dystonia video repository for the Dystonia Coalition, part of the Rare Disease Clinical Research network funded by the Office of Rare Diseases Research and the National Institute of Neurological Disorders and Stroke. A critical component of phenotypic data collection for all projects of the Dystonia Coalition includes a standardized video of each participant. We now describe our method for collecting, serving and securing these videos that is widely applicable to other studies. Each recruiting site uploads standardized videos to a centralized secured server for processing to permit website posting. The streaming technology used to view the videos from the website does not allow downloading of video files. With appropriate institutional review board approval and agreement with the hosting institution, users can search and view selected videos on the website using customizable, permissions-based access that maintains security yet facilitates research and quality control. This approach provides a convenient platform for researchers across institutions to evaluate and analyze shared video data. We have applied this methodology for quality control, confirmation of diagnoses, validation of rating scales, and implementation of new research projects. We believe our system can be a model for similar projects that require access to common video resources. Copyright © 2015 Elsevier Ltd. All rights reserved.

  14. Designing Fuzzy Rule Based Expert System for Cyber Security

    OpenAIRE

    Goztepe, Kerim

    2016-01-01

    The state of cyber security has begun to attract more attention and interest outside the community of computer security experts. Cyber security is not a single problem, but rather a group of highly different problems involving different sets of threats. Fuzzy Rule based system for cyber security is a system consists of a rule depository and a mechanism for accessing and running the rules. The depository is usually constructed with a collection of related rule sets. The aim of this study is to...

  15. Secure electronic commerce communication system based on CA

    Science.gov (United States)

    Chen, Deyun; Zhang, Junfeng; Pei, Shujun

    2001-07-01

    In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The system can implement automatic allocation and united management of key through setting up the CA in the network.

  16. The IEA Model of Short-term Energy Security

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2011-07-01

    Ensuring energy security has been at the centre of the IEA mission since its inception, following the oil crises of the early 1970s. While the security of oil supplies remains important, contemporary energy security policies must address all energy sources and cover a comprehensive range of natural, economic and political risks that affect energy sources, infrastructures and services. In response to this challenge, the IEA is currently developing a Model Of Short-term Energy Security (MOSES) to evaluate the energy security risks and resilience capacities of its member countries. The current version of MOSES covers short-term security of supply for primary energy sources and secondary fuels among IEA countries. It also lays the foundation for analysis of vulnerabilities of electricity and end-use energy sectors. MOSES contains a novel approach to analysing energy security, which can be used to identify energy security priorities, as a starting point for national energy security assessments and to track the evolution of a country's energy security profile. By grouping together countries with similar 'energy security profiles', MOSES depicts the energy security landscape of IEA countries. By extending the MOSES methodology to electricity security and energy services in the future, the IEA aims to develop a comprehensive policy-relevant perspective on global energy security. This Working Paper is intended for readers who wish to explore the MOSES methodology in depth; there is also a brochure which provides an overview of the analysis and results.

  17. Food Security Strategy Based on Computer Innovation

    OpenAIRE

    Ruihui Mu

    2015-01-01

    Case analysis to identify innovative strategies for food security occurred in the Oriental Hotel, voluntarily implement food safety control. Food security strategy investigation and the reasons for their use of multiple data sources, including accommodation and catering industry to implement and document interviews with key decision makers in the hotel performed to observe the business environment were examined. This finding suggests that addressing food security, not only is the food control...

  18. Family Food Security and Children’s Environment: A Comprehensive Analysis with Structural Equation Modeling

    OpenAIRE

    Che Wan Jasimah bt Wan Mohamed Radzi; Huang Hui; Nur Anisah Binti Mohamed @ A. Rahman; Hashem Salarzadeh Jenatabadi

    2017-01-01

    Structural Equation Modeling (SEM) has been used extensively in sustainability studies to model relationships among latent and manifest variables. This paper provides a tutorial exposition of the SEM approach in food security studies and introduces a basic framework based on family food security and children’s environment sustainability. This framework includes family food security and three main concepts representing children’s environment, including children’s BMI, health, and school perfor...

  19. Study on Cloud Security Based on Trust Spanning Tree Protocol

    Science.gov (United States)

    Lai, Yingxu; Liu, Zenghui; Pan, Qiuyue; Liu, Jing

    2015-09-01

    Attacks executed on Spanning Tree Protocol (STP) expose the weakness of link layer protocols and put the higher layers in jeopardy. Although the problems have been studied for many years and various solutions have been proposed, many security issues remain. To enhance the security and credibility of layer-2 network, we propose a trust-based spanning tree protocol aiming at achieving a higher credibility of LAN switch with a simple and lightweight authentication mechanism. If correctly implemented in each trusted switch, the authentication of trust-based STP can guarantee the credibility of topology information that is announced to other switch in the LAN. To verify the enforcement of the trusted protocol, we present a new trust evaluation method of the STP using a specification-based state model. We implement a prototype of trust-based STP to investigate its practicality. Experiment shows that the trusted protocol can achieve security goals and effectively avoid STP attacks with a lower computation overhead and good convergence performance.

  20. Deployment Models: Towards Eliminating Security Concerns From Cloud Computing

    OpenAIRE

    Zhao, Gansen; Chunming, Rong; Jaatun, Martin Gilje; Sandnes, Frode Eika

    2010-01-01

    Cloud computing has become a popular choice as an alternative to investing new IT systems. When making decisions on adopting cloud computing related solutions, security has always been a major concern. This article summarizes security concerns in cloud computing and proposes five service deployment models to ease these concerns. The proposed models provide different security related features to address different requirements and scenarios and can serve as reference models for deployment. D...

  1. Safeguards and security modeling for electrochemical plants

    International Nuclear Information System (INIS)

    Cipiti, B.B.; Duran, F.A.; Mendoza, L.A.; Parks, M.J.; Dominguez, D.; Le, T.D.

    2013-01-01

    Safeguards and security design for reprocessing plants can lead to excessive costs if not incorporated early in the design process. The design for electrochemical plants is somewhat uncertain since these plants have not been built at a commercial scale in the past. The Separation and Safeguards Performance Model (SSPM), developed at Sandia National Laboratories, has been used for safeguards design and evaluation for multiple reprocessing plant types. The SSPM includes the following capabilities: -) spent fuel source term library, -) mass tracking of elements 1-99 and bulk solid/liquids, -) tracking of heat load and activity, -) customisable measurement points, -) automated calculation of ID and error propagation, -) alarm conditions and statistical tests, and -) user-defined diversion scenarios. Materials accountancy and process monitoring data can provide more timely detection of material loss specifically to protect against the insider threat. While the SSPM is capable of determining detection probabilities and examining detection times for material loss scenarios, it does not model the operations or spatial effects for a plant design. The STAGE software was chosen to model the physical protection system. STAGE provides a framework to create end-to-end scalable force-on-force combat simulations. It allows for a complete 3D model of a facility to be designed along with the design of physical protection elements. This software, then, can be used to model operations and response for various material loss scenarios. The future integration of the SSPM model data with the STAGE software will provide a more complete analysis of diversion scenarios to assist plant designers

  2. Safeguards and security modeling for electrochemical plants

    Energy Technology Data Exchange (ETDEWEB)

    Cipiti, B.B.; Duran, F.A.; Mendoza, L.A.; Parks, M.J.; Dominguez, D.; Le, T.D. [Sandia National Laboratories, PO Box 5800 MS 0747, Albuquerque, NM 87185 (United States)

    2013-07-01

    Safeguards and security design for reprocessing plants can lead to excessive costs if not incorporated early in the design process. The design for electrochemical plants is somewhat uncertain since these plants have not been built at a commercial scale in the past. The Separation and Safeguards Performance Model (SSPM), developed at Sandia National Laboratories, has been used for safeguards design and evaluation for multiple reprocessing plant types. The SSPM includes the following capabilities: -) spent fuel source term library, -) mass tracking of elements 1-99 and bulk solid/liquids, -) tracking of heat load and activity, -) customisable measurement points, -) automated calculation of ID and error propagation, -) alarm conditions and statistical tests, and -) user-defined diversion scenarios. Materials accountancy and process monitoring data can provide more timely detection of material loss specifically to protect against the insider threat. While the SSPM is capable of determining detection probabilities and examining detection times for material loss scenarios, it does not model the operations or spatial effects for a plant design. The STAGE software was chosen to model the physical protection system. STAGE provides a framework to create end-to-end scalable force-on-force combat simulations. It allows for a complete 3D model of a facility to be designed along with the design of physical protection elements. This software, then, can be used to model operations and response for various material loss scenarios. The future integration of the SSPM model data with the STAGE software will provide a more complete analysis of diversion scenarios to assist plant designers.

  3. Secure Communication using Identity Based Encryption

    NARCIS (Netherlands)

    Roschke, Sebastian; Ibraimi, L.; Cheng, Feng; Meinel, Christoph

    2010-01-01

    Secured communication has been widely deployed to guarantee confidentiality and integrity of connections over untrusted networks, e.g., the Internet. Although secure connections are designed to prevent attacks on the connection, they hide attacks inside the channel from being analyzed by Intrusion

  4. Quantitative Model for Economic Analyses of Information Security Investment in an Enterprise Information System

    Directory of Open Access Journals (Sweden)

    Bojanc Rok

    2012-11-01

    Full Text Available The paper presents a mathematical model for the optimal security-technology investment evaluation and decision-making processes based on the quantitative analysis of security risks and digital asset assessments in an enterprise. The model makes use of the quantitative analysis of different security measures that counteract individual risks by identifying the information system processes in an enterprise and the potential threats. The model comprises the target security levels for all identified business processes and the probability of a security accident together with the possible loss the enterprise may suffer. The selection of security technology is based on the efficiency of selected security measures. Economic metrics are applied for the efficiency assessment and comparative analysis of different protection technologies. Unlike the existing models for evaluation of the security investment, the proposed model allows direct comparison and quantitative assessment of different security measures. The model allows deep analyses and computations providing quantitative assessments of different options for investments, which translate into recommendations facilitating the selection of the best solution and the decision-making thereof. The model was tested using empirical examples with data from real business environment.

  5. Securing Localization With Hidden and Mobile Base Stations

    DEFF Research Database (Denmark)

    Capkun, Srdjan; Srivastava, Mani; Cagalj, Mario

    2006-01-01

    localization based on hidden and mobile base stations. Our approach enables secure localization with a broad spectrum of localization techniques: ultrasonic or radio, based on received signal strength or signal time of flight. Through several examples we show how this approach can be used to secure nodecentric...

  6. XMSS : a practical forward secure signature scheme based on minimal security assumptions

    NARCIS (Netherlands)

    Buchmann, Johannes; Dahmen, Erik; Hülsing, Andreas; Yang, B.-Y.

    2011-01-01

    We present the hash-based signature scheme XMSS. It is the first provably (forward) secure and practical signature scheme with minimal security requirements: a pseudorandom and a second preimage resistant (hash) function family. Its signature size is reduced to less than 25% compared to the best

  7. Modelling the System of Ensuring the Investment Security

    Directory of Open Access Journals (Sweden)

    Moroz Maxim O.

    2017-11-01

    Full Text Available The article explores approaches to modelling the system of ensuring the investment security. Necessity of observance of investment security of Ukraine has been substantiated. The author’s own vision of the modelling essentials has been provided. The eligibility for consideration of the system of ensuring the investment security of Ukraine in the functional, structural, process, formative, and factor aspects has been proved. The target setting and tasks of a functional model of the system of ensuring the investment security have been defined. The functions, subjects, organizational-economic mechanisms of the system of ensuring the investment security of Ukraine have been characterized. A structural model of the system of ensuring the investment security has been presented. Special attention has been given to the definition of objects of direct and indirect influence, control and controlled subsystems, aggregate of indicators, safe levels, principles of formation of the investment security system. The process and formative models of the system of ensuring the investment security, as well as the algorithm of the complex assessment of the level of investment security, were analyzed in detail. Measures to ensure the investment security of Ukraine have been defined.

  8. An Overview of DRAM-Based Security Primitives

    Directory of Open Access Journals (Sweden)

    Nikolaos Athanasios Anagnostopoulos

    2018-03-01

    Full Text Available Recent developments have increased the demand for adequate security solutions, based on primitives that cannot be easily manipulated or altered, such as hardware-based primitives. Security primitives based on Dynamic Random Access Memory (DRAM can provide cost-efficient and practical security solutions, especially for resource-constrained devices, such as hardware used in the Internet of Things (IoT, as DRAMs are an intrinsic part of most contemporary computer systems. In this work, we present a comprehensive overview of the literature regarding DRAM-based security primitives and an extended classification of it, based on a number of different criteria. In particular, first, we demonstrate the way in which DRAMs work and present the characteristics being exploited for the implementation of security primitives. Then, we introduce the primitives that can be implemented using DRAM, namely Physical Unclonable Functions (PUFs and True Random Number Generators (TRNGs, and present the applications of each of the two types of DRAM-based security primitives. We additionally proceed to assess the security such primitives can provide, by discussing potential attacks and defences, as well as the proposed security metrics. Subsequently, we also compare these primitives to other hardware-based security primitives, noting their advantages and shortcomings, and proceed to demonstrate their potential for commercial adoption. Finally, we analyse our classification methodology, by reviewing the criteria employed in our classification and examining their significance.

  9. High Assurance Models for Secure Systems

    Science.gov (United States)

    Almohri, Hussain M. J.

    2013-01-01

    Despite the recent advances in systems and network security, attacks on large enterprise networks consistently impose serious challenges to maintaining data privacy and software service integrity. We identify two main problems that contribute to increasing the security risk in a networked environment: (i) vulnerable servers, workstations, and…

  10. Aspect-oriented security hardening of UML design models

    CERN Document Server

    Mouheb, Djedjiga; Pourzandi, Makan; Wang, Lingyu; Nouh, Mariam; Ziarati, Raha; Alhadidi, Dima; Talhi, Chamseddine; Lima, Vitor

    2015-01-01

    This book comprehensively presents a novel approach to the systematic security hardening of software design models expressed in the standard UML language. It combines model-driven engineering and the aspect-oriented paradigm to integrate security practices into the early phases of the software development process. To this end, a UML profile has been developed for the specification of security hardening aspects on UML diagrams. In addition, a weaving framework, with the underlying theoretical foundations, has been designed for the systematic injection of security aspects into UML models. The

  11. Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium.

    Science.gov (United States)

    Somasundaram, M; Sivakumar, R

    2015-01-01

    Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security.

  12. Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium

    Science.gov (United States)

    Somasundaram, M.; Sivakumar, R.

    2015-01-01

    Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security. PMID:26759829

  13. Multifunctional optical security features based on bacteriorhodopsin

    Science.gov (United States)

    Hampp, Norbert A.; Neebe, Martin; Juchem, Thorsten; Wolperdinger, Markus; Geiger, Markus; Schmuck, Arno

    2004-06-01

    Bacteriorhodopsin (BR), a photochromic retinal protein, has been developed into a new materials platform for applications in anti-counterfeiting. The combination of three different properties of the material on its molecular level, a light-inducible color change, photochemical data storage and traceability of the protein due to molecular marker sequences make this protein a promising material for security applications. The crystalline structure of the biopigment combines these properties with high stability. As BR is a biological material specialized knowledge for modification, cost- effective production and suitable processing of the material is required. Photochromic BR-based inks have been developed for screen printing, pad printing and ink jet printing. These prints show a high photochromic sensitivity towards variation of illumination. For this reason it is not possible to reproduce the dynamic color by photocopying. In addition to such visual inspection the printed symbols offer the possibility for digital write-once-read-many (WORM) data storage. Photochemical recording is accomplished by a two-photon process. Recording densities in a range from 106 bit/cm2 to 108 bit/cm2 have been achieved. Data structures are stored in a polarization sensitive mode which allows an easy and efficient data encryption.

  14. Optimal Allocation of Water Resources Based on Water Supply Security

    Directory of Open Access Journals (Sweden)

    Jianhua Wang

    2016-06-01

    Full Text Available Under the combined impacts of climate change and human activities, a series of water issues, such as water shortages, have arisen all over the world. According to current studies in Science and Nature, water security has become a frontier critical topic. Water supply security (WSS, which is the state of water resources and their capacity and their capacity to meet the demand of water users by water supply systems, is an important part of water security. Currently, WSS is affected by the amount of water resources, water supply projects, water quality and water management. Water shortages have also led to water supply insecurity. WSS is now evaluated based on the balance of the supply and demand under a single water resources condition without considering the dynamics of the varying conditions of water resources each year. This paper developed an optimal allocation model for water resources that can realize the optimal allocation of regional water resources and comprehensively evaluate WSS. The objective of this model is to minimize the duration of water shortages in the long term, as characterized by the Water Supply Security Index (WSSI, which is the assessment value of WSS, a larger WSSI value indicates better results. In addition, the simulation results of the model can determine the change process and dynamic evolution of the WSS. Quanzhou, a city in China with serious water shortage problems, was selected as a case study. The allocation results of the current year and target year of planning demonstrated that the level of regional comprehensive WSS was significantly influenced by the capacity of water supply projects and the conditions of the natural water resources. The varying conditions of the water resources allocation results in the same year demonstrated that the allocation results and WSSI were significantly affected by reductions in precipitation, decreases in the water yield coefficient, and changes in the underlying surface.

  15. Design and implementation of a secure workflow system based on PKI/PMI

    Science.gov (United States)

    Yan, Kai; Jiang, Chao-hui

    2013-03-01

    As the traditional workflow system in privilege management has the following weaknesses: low privilege management efficiency, overburdened for administrator, lack of trust authority etc. A secure workflow model based on PKI/PMI is proposed after studying security requirements of the workflow systems in-depth. This model can achieve static and dynamic authorization after verifying user's ID through PKC and validating user's privilege information by using AC in workflow system. Practice shows that this system can meet the security requirements of WfMS. Moreover, it can not only improve system security, but also ensures integrity, confidentiality, availability and non-repudiation of the data in the system.

  16. Re-designing the PhEDEx Security Model

    Science.gov (United States)

    C-H, Huang; Wildish, T.; X, Zhang

    2014-06-01

    PhEDEx, the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model provided a safe environment for site agents and operators, but offerred little more protection than that. Data was not sufficiently protected against loss caused by operator error or software bugs or by deliberate manipulation of the database. Operators were given high levels of access to the database, beyond what was actually needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time. In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and re-implemented. Security was moved from the application layer into the database itself, fine-grained access roles were established, and tools and procedures created to control the evolution of the security model over time. In this paper we describe this work, we describe the deployment of the new security model, and we show how these enhancements improve security on several fronts simultaneously.

  17. Re-designing the PhEDEx security model

    International Nuclear Information System (INIS)

    Huang C-H; Wildish, T; Zhang X

    2014-01-01

    PhEDEx, the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model provided a safe environment for site agents and operators, but offerred little more protection than that. Data was not sufficiently protected against loss caused by operator error or software bugs or by deliberate manipulation of the database. Operators were given high levels of access to the database, beyond what was actually needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time. In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and re-implemented. Security was moved from the application layer into the database itself, fine-grained access roles were established, and tools and procedures created to control the evolution of the security model over time. In this paper we describe this work, we describe the deployment of the new security model, and we show how these enhancements improve security on several fronts simultaneously.

  18. Marine data security based on blockchain technology

    Science.gov (United States)

    Yang, Zhao; Xie, Weiwei; Huang, Lei; Wei, Zhiqiang

    2018-03-01

    With the development of marine observation technology and network technology, the volume of marine data growing rapidly. This brings new challenges for data storage and transmission. How to protect data security of marine big data has become an urgent problem. The traditional information security methods’ characteristic is centralization. These technologies cannot provide whole process protection, e.g., data storage, data management and application of data. The blockchain technology is a novel technology, which can keep the data security and reliability by using decentralized methodology. It has aroused wide interest in the financial field. In this paper, we describe the concept, characteristics and key technologies of blockchain technology and introduce it into the field of marine data security.

  19. Hacking a Bridge: An Exploratory Study of Compliance-Based Information Security Management in Banking Organization

    Directory of Open Access Journals (Sweden)

    Tesleem Fagade

    2017-10-01

    Full Text Available This work is approached through the lens of compliant security by drawing on the concepts of neutralization theory, a prominent postulation in the criminology domain and the 'big five' personality construct. This research is conducted based on a case study of ISO/IEC27001 Standard certified banks, to empirically evaluate the link between cybersecurity protocols violation and how employees rationalise security behaviour. We propose that compliance-based security has the propensity for a heightened sense of false security and vulnerability perception; by showing that systemic security violation in compliance-based security models can be explained by the level of linkages from the personality construct and the neutralization theory. Building on the survey responses from banking organization employees and the application of partial least square structural equation modelling (PLS-SME analysis to test the hypotheses and validate survey samples, we draw a strong inference to support the importance of individual security scenario effect as a vital complementary element of compliance-based security. Based on our initial findings, conceptual principles and practical guidelines for reducing insider threats and improving employees' compliance is presented. We then suggest how information security protocol violations can be addressed in that context.

  20. Quantum Secure Direct Communication Based on Authentication

    International Nuclear Information System (INIS)

    Min-Jie, Wang; Wei, Pan

    2008-01-01

    We propose two schemes of quantum secure direct communication (QSDC) combined ideas of user authentication [Phys. Rev. A 73 (2006) 042305] and direct communication with dense coding [Phys. Rev. A. 68 (2003) 042317]. In these protocols, the privacy of authentication keys and the properties of the EPR pairs not only ensure the realization of identity authentication but also further improve the security of communication, and no secret messages are leaked even if the messages were broken. (general)

  1. The method of a joint intraday security check system based on cloud computing

    Science.gov (United States)

    Dong, Wei; Feng, Changyou; Zhou, Caiqi; Cai, Zhi; Dan, Xu; Dai, Sai; Zhang, Chuancheng

    2017-01-01

    The intraday security check is the core application in the dispatching control system. The existing security check calculation only uses the dispatch center’s local model and data as the functional margin. This paper introduces the design of all-grid intraday joint security check system based on cloud computing and its implementation. To reduce the effect of subarea bad data on the all-grid security check, a new power flow algorithm basing on comparison and adjustment with inter-provincial tie-line plan is presented. And the numerical example illustrated the effectiveness and feasibility of the proposed method.

  2. A Novel Model for Security Evaluation for Compliance

    DEFF Research Database (Denmark)

    Hald, Sara Ligaard; Pedersen, Jens Myrup; Prasad, Neeli R.

    2011-01-01

    for Compliance (SEC) model offers a lightweight alternative for use by decision makers to get a quick overview of the security attributes of different technologies for easy comparison and requirement compliance evaluation. The scientific contribution is this new approach to security modelling as well...

  3. Bayesian Network Models in Cyber Security: A Systematic Review

    NARCIS (Netherlands)

    Chockalingam, S.; Pieters, W.; Herdeiro Teixeira, A.M.; van Gelder, P.H.A.J.M.; Lipmaa, Helger; Mitrokotsa, Aikaterini; Matulevicius, Raimundas

    2017-01-01

    Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also instantiated by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these

  4. USign--a security enhanced electronic consent model.

    Science.gov (United States)

    Li, Yanyan; Xie, Mengjun; Bian, Jiang

    2014-01-01

    Electronic consent becomes increasingly popular in the healthcare sector given the many benefits it provides. However, security concerns, e.g., how to verify the identity of a person who is remotely accessing the electronic consent system in a secure and user-friendly manner, also arise along with the popularity of electronic consent. Unfortunately, existing electronic consent systems do not pay sufficient attention to those issues. They mainly rely on conventional password based authentication to verify the identity of an electronic consent user, which is far from being sufficient given that identity theft threat is real and significant in reality. In this paper, we present a security enhanced electronic consent model called USign. USign enhances the identity protection and authentication for electronic consent systems by leveraging handwritten signatures everyone is familiar with and mobile computing technologies that are becoming ubiquitous. We developed a prototype of USign and conducted preliminary evaluation on accuracy and usability of signature verification. Our experimental results show the feasibility of the proposed model.

  5. COLLABORATIVE NETWORK SECURITY MANAGEMENT SYSTEM BASED ON ASSOCIATION MINING RULE

    Directory of Open Access Journals (Sweden)

    Nisha Mariam Varughese

    2014-07-01

    Full Text Available Security is one of the major challenges in open network. There are so many types of attacks which follow fixed patterns or frequently change their patterns. It is difficult to find the malicious attack which does not have any fixed patterns. The Distributed Denial of Service (DDoS attacks like Botnets are used to slow down the system performance. To address such problems Collaborative Network Security Management System (CNSMS is proposed along with the association mining rule. CNSMS system is consists of collaborative Unified Threat Management (UTM, cloud based security centre and traffic prober. The traffic prober captures the internet traffic and given to the collaborative UTM. Traffic is analysed by the Collaborative UTM, to determine whether it contains any malicious attack or not. If any security event occurs, it will reports to the cloud based security centre. The security centre generates security rules based on association mining rule and distributes to the network. The cloud based security centre is used to store the huge amount of tragic, their logs and the security rule generated. The feedback is evaluated and the invalid rules are eliminated to improve the system efficiency.

  6. A security model for saas in cloud computing

    International Nuclear Information System (INIS)

    Abbas, R.; Farooq, A.

    2016-01-01

    Cloud computing is a type of computing that relies on sharing computing resources rather than having local servers or personal devices to handle applications. It has many service modes like Software as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS). In SaaS model, service providers install and activate the applications in cloud and cloud customers access the software from cloud. So, the user does not have the need to purchase and install a particular software on his/her machine. While using SaaS model, there are multiple security issues and problems like Data security, Data breaches, Network security, Authentication and authorization, Data integrity, Availability, Web application security and Backup which are faced by users. Many researchers minimize these security problems by putting in hard work. A large work has been done to resolve these problems but there are a lot of issues that persist and need to overcome. In this research work, we have developed a security model that improves the security of data according to the desire of the End-user. The proposed model for different data security options can be helpful to increase the data security through which trade-off between functionalities can be optimized for private and public data. (author)

  7. The Quality of Maternal Secure-Base Scripts Predicts Children's Secure-Base Behavior at Home in Three Sociocultural Groups

    Science.gov (United States)

    Vaughn, Brian E.; Coppola, Gabrielle; Verissimo, Manuela; Monteiro, Ligia; Santos, Antonio Jose; Posada, German; Carbonell, Olga A.; Plata, Sandra J.; Waters, Harriet S.; Bost, Kelly K.; McBride, Brent; Shin, Nana; Korth, Bryan

    2007-01-01

    The secure-base phenomenon is central to the Bowlby/Ainsworth theory of attachment and is also central to the assessment of attachment across the lifespan. The present study tested whether mothers' knowledge about the secure-base phenomenon, as assessed using a recently designed wordlist prompt measure for eliciting attachment-relevant stories,…

  8. Inherent secure communications using lattice based waveform design

    Energy Technology Data Exchange (ETDEWEB)

    Pugh, Matthew Owen [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

    2013-12-01

    The wireless communications channel is innately insecure due to the broadcast nature of the electromagnetic medium. Many techniques have been developed and implemented in order to combat insecurities and ensure the privacy of transmitted messages. Traditional methods include encrypting the data via cryptographic methods, hiding the data in the noise floor as in wideband communications, or nulling the signal in the spatial direction of the adversary using array processing techniques. This work analyzes the design of signaling constellations, i.e. modulation formats, to combat eavesdroppers from correctly decoding transmitted messages. It has been shown that in certain channel models the ability of an adversary to decode the transmitted messages can be degraded by a clever signaling constellation based on lattice theory. This work attempts to optimize certain lattice parameters in order to maximize the security of the data transmission. These techniques are of interest because they are orthogonal to, and can be used in conjunction with, traditional security techniques to create a more secure communication channel.

  9. MAST – A Mobile Agent-based Security Tool

    Directory of Open Access Journals (Sweden)

    Marco Carvalho

    2004-08-01

    Full Text Available One of the chief computer security problems is not the long list of viruses and other potential vulnerabilities, but the vast number of systems that continue to be easy prey, as their system administrators or owners simply are not able to keep up with all of the available patches, updates, or needed configuration changes in order to protect them from those known vulnerabilities. Even up-to-date systems could become vulnerable to attacks, due to inappropriate configuration or combined used of applications and services. Our mobile agent-based security tool (MAST is designed to bridge this gap, and provide automated methods to make sure that all of the systems in a specific domain or network are secured and up-to-date with all patches and updates. The tool is also designed to check systems for misconfigurations that make them vulnerable. Additionally, this user interface is presented in a domain knowledge model known as a Concept Map that provides a continuous learning experience for the system administrator.

  10. A model to secure a stable iodine concentration in milk

    Directory of Open Access Journals (Sweden)

    Gisken Trøan

    2015-12-01

    Full Text Available Background: Dairy products account for approximately 60% of the iodine intake in the Norwegian population. The iodine concentration in cow's milk varies considerably, depending on feeding practices, season, and amount of iodine and rapeseed products in cow fodder. The variation in iodine in milk affects the risk of iodine deficiency or excess in the population. Objective: The first goal of this study was to develop a model to predict the iodine concentration in milk based on the concentration of iodine and rapeseed or glucosinolate in feed, as a tool to securing stable iodine concentration in milk. A second aim was to estimate the impact of different iodine levels in milk on iodine nutrition in the Norwegian population. Design: Two models were developed on the basis of results from eight published and two unpublished studies from the past 20 years. The models were based on different iodine concentrations in the fodder combined with either glucosinolate (Model 1 or rapeseed cake/meal (Model 2. To illustrate the impact of different iodine concentrations in milk on iodine intake, we simulated the iodine contribution from dairy products in different population groups based on food intake data in the most recent dietary surveys in Norway. Results: The models developed could predict iodine concentration in milk. Cross-validation showed good fit and confirmed the explanatory power of the models. Our calculations showed that dairy products with current iodine level in milk (200 µg/kg cover 68, 49, 108 and 56% of the daily iodine requirements for men, women, 2-year-old children, and pregnant women, respectively. Conclusions: Securing a stable level of iodine in milk by adjusting iodine concentration in different cow feeds is thus important for preventing excess intake in small children and iodine deficiency in pregnant and non-pregnant women.

  11. Efficient and Provable Secure Pairing-Free Security-Mediated Identity-Based Identification Schemes

    Directory of Open Access Journals (Sweden)

    Ji-Jian Chin

    2014-01-01

    Full Text Available Security-mediated cryptography was first introduced by Boneh et al. in 2001. The main motivation behind security-mediated cryptography was the capability to allow instant revocation of a user’s secret key by necessitating the cooperation of a security mediator in any given transaction. Subsequently in 2003, Boneh et al. showed how to convert a RSA-based security-mediated encryption scheme from a traditional public key setting to an identity-based one, where certificates would no longer be required. Following these two pioneering papers, other cryptographic primitives that utilize a security-mediated approach began to surface. However, the security-mediated identity-based identification scheme (SM-IBI was not introduced until Chin et al. in 2013 with a scheme built on bilinear pairings. In this paper, we improve on the efficiency results for SM-IBI schemes by proposing two schemes that are pairing-free and are based on well-studied complexity assumptions: the RSA and discrete logarithm assumptions.

  12. Efficient and provable secure pairing-free security-mediated identity-based identification schemes.

    Science.gov (United States)

    Chin, Ji-Jian; Tan, Syh-Yuan; Heng, Swee-Huay; Phan, Raphael C-W

    2014-01-01

    Security-mediated cryptography was first introduced by Boneh et al. in 2001. The main motivation behind security-mediated cryptography was the capability to allow instant revocation of a user's secret key by necessitating the cooperation of a security mediator in any given transaction. Subsequently in 2003, Boneh et al. showed how to convert a RSA-based security-mediated encryption scheme from a traditional public key setting to an identity-based one, where certificates would no longer be required. Following these two pioneering papers, other cryptographic primitives that utilize a security-mediated approach began to surface. However, the security-mediated identity-based identification scheme (SM-IBI) was not introduced until Chin et al. in 2013 with a scheme built on bilinear pairings. In this paper, we improve on the efficiency results for SM-IBI schemes by proposing two schemes that are pairing-free and are based on well-studied complexity assumptions: the RSA and discrete logarithm assumptions.

  13. Context aware adaptive security service model

    Science.gov (United States)

    Tunia, Marcin A.

    2015-09-01

    Present systems and devices are usually protected against different threats concerning digital data processing. The protection mechanisms consume resources, which are either highly limited or intensively utilized by many entities. The optimization of these resources usage is advantageous. The resources that are saved performing optimization may be utilized by other mechanisms or may be sufficient for longer time. It is usually assumed that protection has to provide specific quality and attack resistance. By interpreting context situation of business services - users and services themselves, it is possible to adapt security services parameters to countermeasure threats associated with current situation. This approach leads to optimization of used resources and maintains sufficient security level. This paper presents architecture of adaptive security service, which is context-aware and exploits quality of context data issue.

  14. Secure OpenID Authentication Model by Using Trusted Computing

    Directory of Open Access Journals (Sweden)

    E. Ghazizadeh

    2014-01-01

    Full Text Available The growth of Internet online services has been very quick in recent years. Each online service requires Internet users to create a new account to use the service. The problem can be seen when each user usually needs more than one service and, consequently, has numerous accounts. These numerous accounts have to be managed in a secure and simple way to be protected against identity theft. Single sign-on (SSO and OpenID have been used to decrease the complexity of managing numerous accounts required in the Internet identity environment. Trusted Platform Module (TPM and Trust Multitenancy are great trusted computing-based technologies to solve security concerns in the Internet identity environment. Since trust is one of the pillars of security in the cloud, this paper analyzes the existing cloud identity techniques in order to investigate their strengths and weaknesses. This paper proposes a model in which One Time Password (OTP, TPM, and OpenID are used to provide a solution against phishing as a common identity theft in cloud environment.

  15. Modelling of Processes of Logistics in Cyberspace Security

    Directory of Open Access Journals (Sweden)

    Konečný Jiří

    2017-01-01

    Full Text Available The goal of this contribution is especially to familiarize experts in various fields with the need for a new approach to the system-defined model and modelling of processes in the engineering practice and the expression of some state variables' possibilities for the modelling of real-world systems with regard to the highly dynamic development of structures and to the behaviour of systems of logistics. Thus, in this contribution, the necessity of making full use of cybernetics as a field for the management and communication of information is expressed, and also the environment of cybernetics as a much needed cybernetic realm (cyberspace, determining the steady state between cyber-attacks and cyber-defence as a modern knowledge-based potential in general and specifically of logistics in cyber security. Connected with this process is the very important area of lifelong training of experts in the dynamic world of science and technology (that is, also in a social system which is also expressed here briefly, and also the cyber and information security, all of which falls under the cyberspace of new perspective electronic learning (e-learning with the use of modern laboratories with new effects also for future possibilities of process modelling of artificial intelligence (AI with a perspective of mass use of UAVs in logistics.

  16. Nuclear security culture: a generic model for universal application

    International Nuclear Information System (INIS)

    Khripunov, I.

    2005-01-01

    Full text: Nuclear security culture found its way into professional parlance several years ago, but still lacks an agreed-upon definition and description. The February 2005 U.S.-Russian Joint Statement, issued at the presidential summit meeting in Bratislava, referred specifically to security culture, focusing renewed attention on the concept. Numerous speakers at the March 2005 International Atomic Energy Agency's (IAEA) international conference on nuclear security referred to security culture, but their visions and interpretations were often at odds with one another. Clearly, there is a need for a generic model of nuclear security culture with universal applicability. Internationally acceptable standards in this area would be invaluable for evaluation, comparison, cooperation, and assistance. They would also help international bodies better manage their relations with the nuclear sectors in various countries. This paper will develop such a model. It will use the IAEA definition of nuclear security, and then apply Edgar Schein's model of organizational culture to security culture at a generic nuclear facility. A cultural approach to physical protection involves determining what attitudes and beliefs need to be established in an organization, how these attitudes and beliefs manifest themselves in the behavior of assigned personnel, and how desirable attitudes and beliefs can be transcribed into formal working methods to produce good outcomes, i.e., effective protection. The security-culture mechanism I will propose is broken into four major units: facility leadership, proactive policies and procedures, personnel performance, and learning and professional improvement. The paper will amplify on the specific traits characteristic of each of these units. Security culture is not a panacea. In a time of mounting terrorist threats, it should nonetheless be looked upon as a necessary organizational tool that enhances the skills of nuclear personnel and ensures that

  17. A Learning-Based Approach to Reactive Security

    Science.gov (United States)

    Barth, Adam; Rubinstein, Benjamin I. P.; Sundararajan, Mukund; Mitchell, John C.; Song, Dawn; Bartlett, Peter L.

    Despite the conventional wisdom that proactive security is superior to reactive security, we show that reactive security can be competitive with proactive security as long as the reactive defender learns from past attacks instead of myopically overreacting to the last attack. Our game-theoretic model follows common practice in the security literature by making worst-case assumptions about the attacker: we grant the attacker complete knowledge of the defender's strategy and do not require the attacker to act rationally. In this model, we bound the competitive ratio between a reactive defense algorithm (which is inspired by online learning theory) and the best fixed proactive defense. Additionally, we show that, unlike proactive defenses, this reactive strategy is robust to a lack of information about the attacker's incentives and knowledge.

  18. ONTOLOGICAL MODEL OF STRATEGIC ECONOMIC SECURITY OF ENTERPRISE

    Directory of Open Access Journals (Sweden)

    L. A. Zaporozhtseva

    2014-01-01

    Full Text Available Article explains the necessity the application of the ontological approach to modeling the strategic economic security in the formalization of the basic categories of domain company recognized its benefits. Among the advantages of the model distinguishes its versatility and ability to describe various aspects of strategic security - the system strategies and goals of the organization and business processes; possibility of its use at different levels of detail - from the top-level description of the basic categories of management, to design-level analytic applications; as well as the adaptability of the model, with depth on particular aspects determined by practical necessity and not regulated methodology. The model integrates various aspects of the concept of enterprise architecture and organizes conceptual apparatus. Ontological model easy to understand and adjust as business architects and specialists in designing systems of economic security and offers many categories of verbal representation of the domain of the enterprise. Proved the feasibility of using process-functional approach in providing strategic economic security, according to which the components of such a security company proposed as business processes, finance, staff and contractors. The article presents the author's ontological model of strategic economic security, including endangered sites, the presence of factors that threaten the security of the object and the subject of providing security. Further, it is proved that in the subjects of security impact on the object using the tools, measures and activities within the strategy formed the mechanism is implemented managerial decisions to strengthen the strategic economic security. The process of diagnosis, detection, identification of threats of economic security, and the development of enterprise development strategies, taking into account its level of economic security must be under the constant supervision of the process of

  19. Econometric modeling of the balance of social security Brazil

    OpenAIRE

    Isaac Figueiredo de Sousa

    2009-01-01

    This work aims to build models using econometrics techniques to explain the components of the balance of Social Security System, or in other words, the net value of tax revenues and the benefit values of the General Regime of Social Security. These models were subjected to statistic validations indicated in the theoretical reference of econometrics, to apply the method of ordinary least square from the classic model of linear regression. From an increasing longevity and the gradual decr...

  20. Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas

    Directory of Open Access Journals (Sweden)

    Ze Wang

    2015-09-01

    Full Text Available Network security is one of the most important issues in mobile sensor networks (MSNs. Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA is proposed to resist malicious attacks by using mobile nodes’ dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

  1. Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas.

    Science.gov (United States)

    Wang, Ze; Zhang, Haijuan; Wu, Luqiang; Zhou, Chang

    2015-09-25

    Network security is one of the most important issues in mobile sensor networks (MSNs). Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA) is proposed to resist malicious attacks by using mobile nodes' dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

  2. Secure Virtualization Environment Based on Advanced Memory Introspection

    Directory of Open Access Journals (Sweden)

    Shuhui Zhang

    2018-01-01

    Full Text Available Most existing virtual machine introspection (VMI technologies analyze the status of a target virtual machine under the assumption that the operating system (OS version and kernel structure information are known at the hypervisor level. In this paper, we propose a model of virtual machine (VM security monitoring based on memory introspection. Using a hardware-based approach to acquire the physical memory of the host machine in real time, the security of the host machine and VM can be diagnosed. Furthermore, a novel approach for VM memory forensics based on the virtual machine control structure (VMCS is put forward. By analyzing the memory of the host machine, the running VMs can be detected and their high-level semantic information can be reconstructed. Then, malicious activity in the VMs can be identified in a timely manner. Moreover, by mutually analyzing the memory content of the host machine and VMs, VM escape may be detected. Compared with previous memory introspection technologies, our solution can automatically reconstruct the comprehensive running state of a target VM without any prior knowledge and is strongly resistant to attacks with high reliability. We developed a prototype system called the VEDefender. Experimental results indicate that our system can handle the VMs of mainstream Linux and Windows OS versions with high efficiency and does not influence the performance of the host machine and VMs.

  3. The many secure knowledge bases of psychotherapy.

    Science.gov (United States)

    Bergner, Raymond M

    2006-01-01

    Psychotherapeutic practice, while it has benefited greatly from scientific research, rests on many further secure epistemic foundations. In the present article, this thesis is argued in two stages. First, a brief review of some elementary epistemological findings is presented. In this review, the generally acknowledged degree of certainty attributed to different knowledge sources, and thus the confidence with which we may believe and act upon them, are recounted. Second, an extended analysis of the ways in which each of these knowledge sources enter into the practice of psychotherapy is developed. In the end, what is proffered here is a demonstration that well conducted psychotherapy is an activity whose judgments and decisions rest on many secure foundations.

  4. Security personnel training using a computer-based game

    International Nuclear Information System (INIS)

    Ralph, J.; Bickner, L.

    1987-01-01

    Security personnel training is an integral part of a total physical security program, and is essential in enabling security personnel to perform their function effectively. Several training tools are currently available for use by security supervisors, including: textbook study, classroom instruction, and live simulations. However, due to shortcomings inherent in each of these tools, a need exists for the development of low-cost alternative training methods. This paper discusses one such alternative: a computer-based, game-type security training system. This system would be based on a personal computer with high-resolution graphics. Key features of this system include: a high degree of realism; flexibility in use and maintenance; high trainee motivation; and low cost

  5. ICT-Based Framework for Improved Food Security in Nigeria ...

    African Journals Online (AJOL)

    The six regional decision support systems in this model is a comprehensive database ... from research findings and innovations, inputs from agricultural extension officers, ... Keywords: Food Security, Interactive websites, National Internet host, ...

  6. [Calculation on ecological security baseline based on the ecosystem services value and the food security].

    Science.gov (United States)

    He, Ling; Jia, Qi-jian; Li, Chao; Xu, Hao

    2016-01-01

    The rapid development of coastal economy in Hebei Province caused rapid transition of coastal land use structure, which has threatened land ecological security. Therefore, calculating ecosystem service value of land use and exploring ecological security baseline can provide the basis for regional ecological protection and rehabilitation. Taking Huanghua, a city in the southeast of Hebei Province, as an example, this study explored the joint point, joint path and joint method between ecological security and food security, and then calculated the ecological security baseline of Huanghua City based on the ecosystem service value and the food safety standard. The results showed that ecosystem service value of per unit area from maximum to minimum were in this order: wetland, water, garden, cultivated land, meadow, other land, salt pans, saline and alkaline land, constructive land. The order of contribution rates of each ecological function value from high to low was nutrient recycling, water conservation, entertainment and culture, material production, biodiversity maintenance, gas regulation, climate regulation and environmental purification. The security baseline of grain production was 0.21 kg · m⁻², the security baseline of grain output value was 0.41 yuan · m⁻², the baseline of ecosystem service value was 21.58 yuan · m⁻², and the total of ecosystem service value in the research area was 4.244 billion yuan. In 2081 the ecological security will reach the bottom line and the ecological system, in which human is the subject, will be on the verge of collapse. According to the ecological security status, Huanghua can be divided into 4 zones, i.e., ecological core protection zone, ecological buffer zone, ecological restoration zone and human activity core zone.

  7. A Novel Computer Virus Propagation Model under Security Classification

    Directory of Open Access Journals (Sweden)

    Qingyi Zhu

    2017-01-01

    Full Text Available In reality, some computers have specific security classification. For the sake of safety and cost, the security level of computers will be upgraded with increasing of threats in networks. Here we assume that there exists a threshold value which determines when countermeasures should be taken to level up the security of a fraction of computers with low security level. And in some specific realistic environments the propagation network can be regarded as fully interconnected. Inspired by these facts, this paper presents a novel computer virus dynamics model considering the impact brought by security classification in full interconnection network. By using the theory of dynamic stability, the existence of equilibria and stability conditions is analysed and proved. And the above optimal threshold value is given analytically. Then, some numerical experiments are made to justify the model. Besides, some discussions and antivirus measures are given.

  8. Border Security: A Conceptual Model of Complexity

    Science.gov (United States)

    2013-12-01

    law , constitutional powers, environmental regulations, and civil rights, http://tpplegal.files.wordpress.com/2012/05/isds-domestic-legal-process...Violation NAFTA North American Free Trade Agreement NII Non-Intrusive Inspection POE Port of Entry PPD-8 Presidential Policy Directive 8...security measured? What constitutes a measure of effectiveness for protection? These are all questions presented to representatives of the Department of

  9. Energy security, energy modelling and uncertainty

    Energy Technology Data Exchange (ETDEWEB)

    Markandya, Anil [Basque Centre for Climate Change (Spain); University of Bath (United Kingdom); Pemberton, Malcolm [University College London (United Kingdom)

    2010-04-15

    The paper develops a framework to analyze energy security in an expected utility framework, where there is a risk of disruption of imported energy. The analysis shows the importance of an energy tax as a tool in maximizing expected utility, and how the level of that tax varies according to the key parameters of the system: risk aversion, probability of disruption, demand elasticity and cost of disruption. (author)

  10. Energy security, energy modelling and uncertainty

    International Nuclear Information System (INIS)

    Markandya, Anil; Pemberton, Malcolm

    2010-01-01

    The paper develops a framework to analyze energy security in an expected utility framework, where there is a risk of disruption of imported energy. The analysis shows the importance of an energy tax as a tool in maximizing expected utility, and how the level of that tax varies according to the key parameters of the system: risk aversion, probability of disruption, demand elasticity and cost of disruption. (author)

  11. Optimizing ZigBee Security using Stochastic Model Checking

    DEFF Research Database (Denmark)

    Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

    , we identify an important gap in the specification on key updates, and present a methodology for determining optimal key update policies and security parameters. We exploit the stochastic model checking approach using the probabilistic model checker PRISM, and assess the security needs for realistic......ZigBee is a fairly new but promising wireless sensor network standard that offers the advantages of simple and low resource communication. Nevertheless, security is of great concern to ZigBee, and enhancements are prescribed in the latest ZigBee specication: ZigBee-2007. In this technical report...

  12. Secure Certificateless Signature with Revocation in the Standard Model

    Directory of Open Access Journals (Sweden)

    Tung-Tso Tsai

    2014-01-01

    previously proposed certificateless signature schemes were insecure under a considerably strong security model in the sense that they suffered from outsiders’ key replacement attacks or the attacks from the key generation center (KGC. In this paper, we propose a certificateless signature scheme without random oracles. Moreover, our scheme is secure under the strong security model and provides a public revocation mechanism, called revocable certificateless signature (RCLS. Under the standard computational Diffie-Hellman assumption, we formally demonstrate that our scheme possesses existential unforgeability against adaptive chosen-message attacks.

  13. Breaking a chaos-noise-based secure communication scheme

    Science.gov (United States)

    Li, Shujun; Álvarez, Gonzalo; Chen, Guanrong; Mou, Xuanqin

    2005-03-01

    This paper studies the security of a secure communication scheme based on two discrete-time intermittently chaotic systems synchronized via a common random driving signal. Some security defects of the scheme are revealed: 1) The key space can be remarkably reduced; 2) the decryption is insensitive to the mismatch of the secret key; 3) the key-generation process is insecure against known/chosen-plaintext attacks. The first two defects mean that the scheme is not secure enough against brute-force attacks, and the third one means that an attacker can easily break the cryptosystem by approximately estimating the secret key once he has a chance to access a fragment of the generated keystream. Yet it remains to be clarified if intermittent chaos could be used for designing secure chaotic cryptosystems.

  14. Dynamic Model of Islamic Hybrid Securities: Empirical Evidence From Malaysia Islamic Capital Market

    Directory of Open Access Journals (Sweden)

    Jaafar Pyeman

    2016-12-01

    Full Text Available Capital structure selection is fundamentally important in corporate financial management as it influence on mutually return and risk to stakeholders. Despite of Malaysia’s position as one of the major players of Islamic Financial Market, there are still lack of studies has been conducted on the capital structure of shariah compliant firms especially related to hybrid securities. The objective of this study is to determine the hybrid securities issuance model among the shariah compliant firms in Malaysia. As such, this study is to expand the literature review by providing comprehensive analysis on the hybrid capital structure and to develop dynamic Islamic hybrid securities model for shariah compliant firms. We use panel data of 50 companies that have been issuing the hybrid securities from the year of 2004- 2012. The outcomes of the studies are based on the dynamic model GMM estimation for the determinants of hybrid securities. Based on our model, risk and growth are considered as the most determinant factors for issuing convertible bond and loan stock. These results suggest that, the firms that have high risk but having good growth prospect will choose hybrid securities of convertible bond. The model also support the backdoor equity listing hypothesis by Stein (1992 where the hybrid securities enable the profitable firms to venture into positive NPV project by issuing convertible bond as it offer lower coupon rate as compare to the normal debt rate

  15. Security Considerations and Recommendations in Computer-Based Testing

    Directory of Open Access Journals (Sweden)

    Saleh M. Al-Saleem

    2014-01-01

    Full Text Available Many organizations and institutions around the globe are moving or planning to move their paper-and-pencil based testing to computer-based testing (CBT. However, this conversion will not be the best option for all kinds of exams and it will require significant resources. These resources may include the preparation of item banks, methods for test delivery, procedures for test administration, and last but not least test security. Security aspects may include but are not limited to the identification and authentication of examinee, the risks that are associated with cheating on the exam, and the procedures related to test delivery to the examinee. This paper will mainly investigate the security considerations associated with CBT and will provide some recommendations for the security of these kinds of tests. We will also propose a palm-based biometric authentication system incorporated with basic authentication system (username/password in order to check the identity and authenticity of the examinee.

  16. Security considerations and recommendations in computer-based testing.

    Science.gov (United States)

    Al-Saleem, Saleh M; Ullah, Hanif

    2014-01-01

    Many organizations and institutions around the globe are moving or planning to move their paper-and-pencil based testing to computer-based testing (CBT). However, this conversion will not be the best option for all kinds of exams and it will require significant resources. These resources may include the preparation of item banks, methods for test delivery, procedures for test administration, and last but not least test security. Security aspects may include but are not limited to the identification and authentication of examinee, the risks that are associated with cheating on the exam, and the procedures related to test delivery to the examinee. This paper will mainly investigate the security considerations associated with CBT and will provide some recommendations for the security of these kinds of tests. We will also propose a palm-based biometric authentication system incorporated with basic authentication system (username/password) in order to check the identity and authenticity of the examinee.

  17. Method for secure electronic voting system: face recognition based approach

    Science.gov (United States)

    Alim, M. Affan; Baig, Misbah M.; Mehboob, Shahzain; Naseem, Imran

    2017-06-01

    In this paper, we propose a framework for low cost secure electronic voting system based on face recognition. Essentially Local Binary Pattern (LBP) is used for face feature characterization in texture format followed by chi-square distribution is used for image classification. Two parallel systems are developed based on smart phone and web applications for face learning and verification modules. The proposed system has two tire security levels by using person ID followed by face verification. Essentially class specific threshold is associated for controlling the security level of face verification. Our system is evaluated three standard databases and one real home based database and achieve the satisfactory recognition accuracies. Consequently our propose system provides secure, hassle free voting system and less intrusive compare with other biometrics.

  18. Network Security Risk Assessment System Based on Attack Graph and Markov Chain

    Science.gov (United States)

    Sun, Fuxiong; Pi, Juntao; Lv, Jin; Cao, Tian

    2017-10-01

    Network security risk assessment technology can be found in advance of the network problems and related vulnerabilities, it has become an important means to solve the problem of network security. Based on attack graph and Markov chain, this paper provides a Network Security Risk Assessment Model (NSRAM). Based on the network infiltration tests, NSRAM generates the attack graph by the breadth traversal algorithm. Combines with the international standard CVSS, the attack probability of atomic nodes are counted, and then the attack transition probabilities of ones are calculated by Markov chain. NSRAM selects the optimal attack path after comprehensive measurement to assessment network security risk. The simulation results show that NSRAM can reflect the actual situation of network security objectively.

  19. A secure quantum group signature scheme based on Bell states

    International Nuclear Information System (INIS)

    Zhang Kejia; Song Tingting; Zuo Huijuan; Zhang Weiwei

    2013-01-01

    In this paper, we propose a new secure quantum group signature with Bell states, which may have applications in e-payment system, e-government, e-business, etc. Compared with the recent quantum group signature protocols, our scheme is focused on the most general situation in practice, i.e. only the arbitrator is trusted and no intermediate information needs to be stored in the signing phase to ensure the security. Furthermore, our scheme has achieved all the characteristics of group signature—anonymity, verifiability, traceability, unforgetability and undeniability, by using some current developed quantum and classical technologies. Finally, a feasible security analysis model for quantum group signature is presented. (paper)

  20. Analysis of appraisal tool of system security engineering capability maturity based on component

    International Nuclear Information System (INIS)

    Liu Zhenghai; Yang Xiaohua; Zou Shuliang; Liu Yachun; Xiao Jiantian; Liu Zhiming

    2012-01-01

    Spent Fuel Reprocessing is a part of nuclear fuel cycle and is the inevitably choice of nuclear power sustainable development. Reprocessing needs to face with radiological, criticality, chemical hazards. Besides using the tradition appraisal methods based on the security goals, it is a beneficial supplement that using the appraisal method of system security engineering capability maturity model based on the process. Experts should check and approve large numbers of documents during the appraisal based on system security engineering capability maturity model, so it is necessary that developing a tool to assist the expert to complete the appraisal. The method of developing software based on component is highly effective, nimble and reliable. Component technology is analyzed, the methods of extraction model domain components and general components is introduced, and the appraisal system is developed based on component technology. (authors)

  1. Security cost analysis in electricity markets based on voltage security criteria and Web-based implementation

    International Nuclear Information System (INIS)

    Chen, H.

    2003-01-01

    This paper presents an efficient and transparent method for electricity market operators to analyze transaction security costs and to quantify the correlation between market operation and power system operation. Rescheduling and take-risk strategies were proposed and discussed with reference to transaction impact computations, thermal and voltage limits and voltage stability criteria. The rescheduling method is associated with an iterative generation dispatch or load curtailment approach to minimize the amount of rescheduling. The take-risk method considered operating risks to facilitate transactions. The SATC concept was also proposed to accurately evaluate transmission congestion. The impact of transaction was calculated using a new sensitivity formula to find the most effective rescheduling direction and the most effective cost distribution. A new pricing method called Nodal Congestion Price was also proposed to determine proper price signals. The paper also presents an Artificial Neural Network (ANN) based short term load forecasting method that considers the effect of price on the load. A web-based prototype was implemented to allow all market participants access to the proposed analysis and pricing techniques. Several case studies have validated the effectiveness of the proposed method which would help independent system operators in determining congestion prices, coordinate transactions and make profitable market decisions

  2. Analysis of security protocols based on challenge-response

    Institute of Scientific and Technical Information of China (English)

    LUO JunZhou; YANG Ming

    2007-01-01

    Security protocol is specified as the procedure of challenge-response, which uses applied cryptography to confirm the existence of other principals and fulfill some data negotiation such as session keys. Most of the existing analysis methods,which either adopt theorem proving techniques such as state exploration or logic reasoning techniques such as authentication logic, face the conflicts between analysis power and operability. To solve the problem, a new efficient method is proposed that provides SSM semantics-based definition of secrecy and authentication goals and applies authentication logic as fundamental analysis techniques,in which secrecy analysis is split into two parts: Explicit-Information-Leakage and Implicit-Information-Leakage, and correspondence analysis is concluded as the analysis of the existence relationship of Strands and the agreement of Strand parameters. This new method owns both the power of the Strand Space Model and concision of authentication logic.

  3. Statistics-based email communication security behavior recognition

    Science.gov (United States)

    Yi, Junkai; Su, Yueyang; Zhao, Xianghui

    2017-08-01

    With the development of information technology, e-mail has become a popular communication medium. It has great significant to determine the relationship between the two sides of the communication. Firstly, this paper analysed and processed the content and attachment of e-mail using the skill of steganalysis and malware analysis. And it also conducts the following feature extracting and behaviour model establishing which based on Naive Bayesian theory. Then a behaviour analysis method was employed to calculate and evaluate the communication security. Finally, some experiments about the accuracy of the behavioural relationship of communication identifying has been carried out. The result shows that this method has a great effects and correctness as eighty-four percent.

  4. Activity Modelling and Comparative Evaluation of WSN MAC Security Attacks

    DEFF Research Database (Denmark)

    Pawar, Pranav M.; Nielsen, Rasmus Hjorth; Prasad, Neeli R.

    2012-01-01

    and initiate security attacks that disturb the normal functioning of the network in a severe manner. Such attacks affect the performance of the network by increasing the energy consumption, by reducing throughput and by inducing long delays. Of all existing WSN attacks, MAC layer attacks are considered...... the most harmful as they directly affect the available resources and thus the nodes’ energy consumption. The first endeavour of this paper is to model the activities of MAC layer security attacks to understand the flow of activities taking place when mounting the attack and when actually executing it....... The second aim of the paper is to simulate these attacks on hybrid MAC mechanisms, which shows the performance degradation of aWSN under the considered attacks. The modelling and implementation of the security attacks give an actual view of the network which can be useful in further investigating secure...

  5. Reconfigurable Secure Video Codec Based on DWT and AES Processor

    OpenAIRE

    Rached Tourki; M. Machhout; B. Bouallegue; M. Atri; M. Zeghid; D. Dia

    2010-01-01

    In this paper, we proposed a secure video codec based on the discrete wavelet transformation (DWT) and the Advanced Encryption Standard (AES) processor. Either, use of video coding with DWT or encryption using AES is well known. However, linking these two designs to achieve secure video coding is leading. The contributions of our work are as follows. First, a new method for image and video compression is proposed. This codec is a synthesis of JPEG and JPEG2000,which is implemented using Huffm...

  6. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    OpenAIRE

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2012-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justificat...

  7. RFID-based Electronic Identity Security Cloud Platform in Cyberspace

    OpenAIRE

    Bing Chen; Chengxiang Tan; Bo Jin; Xiang Zou; Yuebo Dai

    2012-01-01

    With the moving development of networks, especially Internet of Things, electronic identity administration in cyberspace is becoming more and more important. And personal identity management in cyberspace associated with individuals in reality has been one significant and urgent task for the further development of information construction in China. So this paper presents a RFID-based electronic identity security cloud platform in cyberspace to implement an efficient security management of cyb...

  8. Research on mobile electronic commerce security technology based on WPKI

    Science.gov (United States)

    Zhang, Bo

    2013-07-01

    Through the in-depth study on the existing mobile e-commerce and WAP protocols, this paper presents a security solution of e-commerce system based on WPKI, and describes its implementation process and specific implementation details. This solution uniformly distributes the key used by the various participating entities , to fully ensure the confidentiality, authentication, fairness and integrity of mobile e-commerce payments, therefore has some pract ical value for improving the security of e-commerce system.

  9. Security Considerations around End-to-End Security in the IP-based Internet of Things

    NARCIS (Netherlands)

    Brachmann, M.; Garcia-Mochon, O.; Keoh, S.L.; Kumar, S.S.

    2012-01-01

    The IP-based Internet of Things refers to the interconnection of smart objects in a Low-power and Lossy Network (LLN) with the Internetby means of protocols such as 6LoWPAN or CoAP. The provisioning of an end-to-end security connection is the key to ensure basic functionalities such as software

  10. Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium

    OpenAIRE

    Somasundaram, M.; Sivakumar, R.

    2015-01-01

    Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient’s life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body fu...

  11. Agents Based e-Commerce and Securing Exchanged Information

    Science.gov (United States)

    Al-Jaljouli, Raja; Abawajy, Jemal

    Mobile agents have been implemented in e-Commerce to search and filter information of interest from electronic markets. When the information is very sensitive and critical, it is important to develop a novel security protocol that can efficiently protect the information from malicious tampering as well as unauthorized disclosure or at least detect any malicious act of intruders. In this chapter, we describe robust security techniques that ensure a sound security of information gathered throughout agent’s itinerary against various security attacks, as well as truncation attacks. A sound security protocol is described, which implements the various security techniques that would jointly prevent or at least detect any malicious act of intruders. We reason about the soundness of the protocol usingSymbolic Trace Analyzer (STA), a formal verification tool that is based on symbolic techniques. We analyze the protocol in key configurations and show that it is free of flaws. We also show that the protocol fulfils the various security requirements of exchanged information in MAS, including data-integrity, data-confidentiality, data-authenticity, origin confidentiality and data non-repudiability.

  12. User Modelling Validation over the Security Awareness of Digital Natives

    Directory of Open Access Journals (Sweden)

    Vasileios Gkioulos

    2017-07-01

    Full Text Available Young generations make extensive use of mobile devices, such as smart-phones, tablets and laptops, for a variety of daily tasks with potentially critical impact, while the number of security breaches via portable devices increases exponentially. A plethora of security risks associated with these devices are induced by design shortcomings and vulnerabilities related to user behavior. Therefore, deploying suitable risk treatments requires the investigation of how security experts perceive the digital natives (young people, born in the digital era, when utilizing their user behavior models in the design and analysis of related systems. In this article, we present the results of a survey performed across a multinational sample of security professionals, in comparison to our earlier study over the security awareness of digital natives. Through this study, we seek to identify divergences between user behavior and the conceptual user-models that security experts utilise in their professional tasks. Our results indicate that the experts understanding over the user behaviour does not follow a solidified user-model, while influences from personal perceptions and randomness are also noticeable.

  13. Virtual-optical information security system based on public key infrastructure

    Science.gov (United States)

    Peng, Xiang; Zhang, Peng; Cai, Lilong; Niu, Hanben

    2005-01-01

    A virtual-optical based encryption model with the aid of public key infrastructure (PKI) is presented in this paper. The proposed model employs a hybrid architecture in which our previously published encryption method based on virtual-optics scheme (VOS) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). The whole information security model is run under the framework of international standard ITU-T X.509 PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOS security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network. Numerical experiments prove the effectiveness of the method. The security of proposed model is briefly analyzed by examining some possible attacks from the viewpoint of a cryptanalysis.

  14. Authentication Test-Based the RFID Authentication Protocol with Security Analysis

    Directory of Open Access Journals (Sweden)

    Minghui Wang

    2014-08-01

    Full Text Available To the problem of many recently proposed RFID authentication protocol was soon find security holes, we analyzed the main reason, which is that protocol design is not rigorous, and the correctness of the protocol cannot be guaranteed. To this end, authentication test method was adopted in the process of the formal analysis and strict proof to the proposed RFID protocol in this paper. Authentication Test is a new type of analysis and design method of security protocols based on Strand space model, and it can be used for most types of the security protocols. After analysis the security, the proposed protocol can meet the RFID security demand: information confidentiality, data integrity and identity authentication.

  15. A security framework for nationwide health information exchange based on telehealth strategy.

    Science.gov (United States)

    Zaidan, B B; Haiqi, Ahmed; Zaidan, A A; Abdulnabi, Mohamed; Kiah, M L Mat; Muzamel, Hussaen

    2015-05-01

    This study focuses on the situation of health information exchange (HIE) in the context of a nationwide network. It aims to create a security framework that can be implemented to ensure the safe transmission of health information across the boundaries of care providers in Malaysia and other countries. First, a critique of the major elements of nationwide health information networks is presented from the perspective of security, along with such topics as the importance of HIE, issues, and main approaches. Second, a systematic evaluation is conducted on the security solutions that can be utilized in the proposed nationwide network. Finally, a secure framework for health information transmission is proposed within a central cloud-based model, which is compatible with the Malaysian telehealth strategy. The outcome of this analysis indicates that a complete security framework for a global structure of HIE is yet to be defined and implemented. Our proposed framework represents such an endeavor and suggests specific techniques to achieve this goal.

  16. Document and author promotion strategies in the secure wiki model

    DEFF Research Database (Denmark)

    Lindberg, Kasper; Jensen, Christian D.

    2012-01-01

    Wiki systems form a subclass of the more general Open Collaborative Authoring Systems, where content is created by a user community. The ability of anyone to edit the content is, at the same time, their strength and their weakness. Anyone can write documents that improve the value of the wiki-system......, but this also means that anyone can introduce errors into documents, either by accident or on purpose. A security model for wiki-style authoring systems, called the Secure Wiki Model, has previously been proposed to address this problem. This model is designed to prevent corruption of good quality documents......, by limiting updates, to such documents, to users who have demonstrated their ability to produce documents of similar or better quality. While this security model prevents all user from editing all documents, it does respect the wiki philosophy by allowing any author who has produced documents of a certain...

  17. Protection and security of data base information

    Directory of Open Access Journals (Sweden)

    Mariuţa ŞERBAN

    2011-06-01

    Full Text Available Data bases are one of the most important components in every large informatics system which stores and processes data and information. Because data bases contain all of the valuable information about a company, its clients, its financial activity, they represent one of the key elements in the structure of an organization, which determines imperatives such as confidentiality, integrity and ease of data access. The current paper discuses the integrity of data bases and it refers to the validity and the coherence of stored data. Usually, integrity is defined in connection with terms of constraint, that are rules regarding coherence which the data base cannot infringe. Data base that integrity refers to information correctness and assumes to detect, correct and prevent errors that might have an effect on the data comprised by the data bases.

  18. Content Sharing Based on Personal Information in Virtually Secured Space

    Science.gov (United States)

    Sohn, Hosik; Ro, Yong Man; Plataniotis, Kostantinos N.

    User generated contents (UGC) are shared in an open space like social media where users can upload and consume contents freely. Since the access of contents is not restricted, the contents could be delivered to unwanted users or misused sometimes. In this paper, we propose a method for sharing UGCs securely based on the personal information of users. With the proposed method, virtual secure space is created for contents delivery. The virtual secure space allows UGC creator to deliver contents to users who have similar personal information and they can consume the contents without any leakage of personal information. In order to verify the usefulness of the proposed method, the experiment was performed where the content was encrypted with personal information of creator, and users with similar personal information have decrypted and consumed the contents. The results showed that UGCs were securely shared among users who have similar personal information.

  19. International Conference on Computational Intelligence, Cyber Security, and Computational Models

    CERN Document Server

    Ramasamy, Vijayalakshmi; Sheen, Shina; Veeramani, C; Bonato, Anthony; Batten, Lynn

    2016-01-01

    This book aims at promoting high-quality research by researchers and practitioners from academia and industry at the International Conference on Computational Intelligence, Cyber Security, and Computational Models ICC3 2015 organized by PSG College of Technology, Coimbatore, India during December 17 – 19, 2015. This book enriches with innovations in broad areas of research like computational modeling, computational intelligence and cyber security. These emerging inter disciplinary research areas have helped to solve multifaceted problems and gained lot of attention in recent years. This encompasses theory and applications, to provide design, analysis and modeling of the aforementioned key areas.

  20. Designing and implementing the logical security framework for e-commerce based on service oriented architecture

    OpenAIRE

    Luhach, Ashish Kr.; Dwivedi, Sanjay K; Jha, C K

    2014-01-01

    Rapid evolution of information technology has contributed to the evolution of more sophisticated E- commerce system with the better transaction time and protection. The currently used E-commerce models lack in quality properties such as logical security because of their poor designing and to face the highly equipped and trained intruders. This editorial proposed a security framework for small and medium sized E-commerce, based on service oriented architecture and gives an analysis of the emin...

  1. E-commerce System Security Assessment based on Bayesian Network Algorithm Research

    OpenAIRE

    Ting Li; Xin Li

    2013-01-01

    Evaluation of e-commerce network security is based on assessment method Bayesian networks, and it first defines the vulnerability status of e-commerce system evaluation index and the vulnerability of the state model of e-commerce systems, and after the principle of the Bayesian network reliability of e-commerce system and the criticality of the vulnerabilities were analyzed, experiments show that the change method is a good evaluation of the security of e-commerce systems.

  2. Security model for picture archiving and communication systems.

    Science.gov (United States)

    Harding, D B; Gac, R J; Reynolds, C T; Romlein, J; Chacko, A K

    2000-05-01

    The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement comprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both non-performance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model.

  3. Modeling of Integrated Security Systems in Higher Education

    Directory of Open Access Journals (Sweden)

    Iskandar Maratovich Azhmuhamedov

    2013-06-01

    Full Text Available It is proposed the model, which takes into account the main features of the integrated system of information security: weak structure, bad formal description, fuzzy description of the status of system components and the relationships between them. Adequacy of the model is tested on the example of Astrakhan State Technical University.

  4. SCPR: Secure Crowdsourcing-Based Parking Reservation System

    Directory of Open Access Journals (Sweden)

    Changsheng Wan

    2017-01-01

    Full Text Available The crowdsourcing-based parking reservation system is a new computing paradigm, where private owners can rent their parking spots out. Security is the main concern for parking reservation systems. However, current schemes cannot provide user privacy protection for drivers and have no key agreement functions, resulting in a lot of security problems. Moreover, current schemes are typically based on the time-consuming bilinear pairing and not suitable for real-time applications. To solve these security and efficiency problems, we present a novel security protocol with user privacy called SCPR. Similar to protocols of this field, SCPR can authenticate drivers involved in the parking reservation system. However, different from other well-known approaches, SCPR uses pseudonyms instead of real identities for providing user privacy protection for drivers and designs a novel pseudonym-based key agreement protocol. Finally, to reduce the time cost, SCPR designs several novel cryptographic algorithms based on the algebraic signature technique. By doing so, SCPR can satisfy a number of security requirements and enjoy high efficiency. Experimental results show SCPR is feasible for real world applications.

  5. Investigation of a Markov Model for Computer System Security Threats

    Directory of Open Access Journals (Sweden)

    Alexey A. A. Magazev

    2017-01-01

    Full Text Available In this work, a model for computer system security threats formulated in terms of Markov processes is investigated. In the framework of this model the functioning of the computer system is considered as a sequence of failures and recovery actions which appear as results of information security threats acting on the system. We provide a detailed description of the model: the explicit analytical formulas for the probabilities of computer system states at any arbitrary moment of time are derived, some limiting cases are discussed, and the long-run dynamics of the system is analysed. The dependence of the security state probability (i.e. the state for which threats are absent on the probabilities of threats is separately investigated. In particular, it is shown that this dependence is qualitatively different for odd and even moments of time. For instance, in the case of one threat the security state probability demonstrates non-monotonic dependence on the probability of threat at even moments of time; this function admits at least one local minimum in its domain of definition. It is believed that the mentioned feature is important because it allows to locate the most dangerous areas of threats where the security state probability can be lower then the permissible level. Finally, we introduce an important characteristic of the model, called the relaxation time, by means of which we construct the permitting domain of the security parameters. Also the prospects of the received results application to the problem of finding the optimal values of the security parameters is discussed.

  6. Re-designing the PhEDEx security model

    CERN Document Server

    Wildish, Anthony

    2013-01-01

    PhEDEx. the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model was designed to provide a safe working environment for site agents and operators, but provided little more protection than that. CMS data was not sufficiently protected against accidental loss caused by operator error or software bugs or from loss of data caused by deliberate manipulation of the database. Operations staff were given high levels of access to the database, beyond what should have been needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time.In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and r...

  7. Information security system based on virtual-optics imaging methodology and public key infrastructure

    Science.gov (United States)

    Peng, Xiang; Zhang, Peng; Cai, Lilong

    In this paper, we present a virtual-optical based information security system model with the aid of public-key-infrastructure (PKI) techniques. The proposed model employs a hybrid architecture in which our previously published encryption algorithm based on virtual-optics imaging methodology (VOIM) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). For an asymmetric system, given an encryption key, it is computationally infeasible to determine the decryption key and vice versa. The whole information security model is run under the framework of PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOIM security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network.

  8. Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes.

    Science.gov (United States)

    Ali, Bako; Awad, Ali Ismail

    2018-03-08

    The Internet of Things (IoT) is an emerging paradigm focusing on the connection of devices, objects, or "things" to each other, to the Internet, and to users. IoT technology is anticipated to become an essential requirement in the development of smart homes, as it offers convenience and efficiency to home residents so that they can achieve better quality of life. Application of the IoT model to smart homes, by connecting objects to the Internet, poses new security and privacy challenges in terms of the confidentiality, authenticity, and integrity of the data sensed, collected, and exchanged by the IoT objects. These challenges make smart homes extremely vulnerable to different types of security attacks, resulting in IoT-based smart homes being insecure. Therefore, it is necessary to identify the possible security risks to develop a complete picture of the security status of smart homes. This article applies the operationally critical threat, asset, and vulnerability evaluation (OCTAVE) methodology, known as OCTAVE Allegro, to assess the security risks of smart homes. The OCTAVE Allegro method focuses on information assets and considers different information containers such as databases, physical papers, and humans. The key goals of this study are to highlight the various security vulnerabilities of IoT-based smart homes, to present the risks on home inhabitants, and to propose approaches to mitigating the identified risks. The research findings can be used as a foundation for improving the security requirements of IoT-based smart homes.

  9. Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users

    Directory of Open Access Journals (Sweden)

    Vladislav D. Veksler

    2018-05-01

    Full Text Available Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior via techniques such as model tracing and dynamic parameter fitting.

  10. Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users

    Science.gov (United States)

    Veksler, Vladislav D.; Buchler, Norbou; Hoffman, Blaine E.; Cassenti, Daniel N.; Sample, Char; Sugrim, Shridat

    2018-01-01

    Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting. PMID:29867661

  11. Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users.

    Science.gov (United States)

    Veksler, Vladislav D; Buchler, Norbou; Hoffman, Blaine E; Cassenti, Daniel N; Sample, Char; Sugrim, Shridat

    2018-01-01

    Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting.

  12. Attacks on Heartbeat-Based Security Using Remote Photoplethysmography.

    Science.gov (United States)

    Seepers, Robert Mark; Wang, Wenjin; de Haan, Gerard; Sourdis, Ioannis; Strydis, Christos

    2018-05-01

    The time interval between consecutive heartbeats (interpulse interval, IPI) has previously been suggested for securing mobile-health solutions. This time interval is known to contain a degree of randomness, permitting the generation of a time- and person-specific identifier. It is commonly assumed that only devices trusted by a person can make physical contact with him/her, and that this physical contact allows each device to generate a similar identifier based on its own cardiac recordings. Under these conditions, the identifiers generated by different trusted devices can facilitate secure authentication. Recently, a wide range of techniques have been proposed for measuring heartbeats remotely, a prominent example of which is remote photoplethysmography (rPPG). These techniques may pose a significant threat to heartbeat-based security, as an adversary may pretend to be a trusted device by generating a similar identifier without physical contact, thus bypassing one of the core security conditions. In this paper, we assess the feasibility of such remote attacks using state-of-the-art rPPG methods. Our evaluation shows that rPPG has similar accuracy as contact PPG and, thus, forms a substantial threat to heartbeat-based-security systems that permit trusted devices to obtain their identifiers from contact PPG recordings. Conversely, rPPG cannot obtain an accurate representation of an identifier generated from electrical cardiac signals, making the latter invulnerable to state-of-the-art remote attacks.

  13. Simple security proof of quantum key distribution based on complementarity

    International Nuclear Information System (INIS)

    Koashi, M

    2009-01-01

    We present an approach to the unconditional security of quantum key distribution protocols based on a complementarity argument. The approach is applicable to, but not limited to, every case that has been treated via the argument by Shor and Preskill based on entanglement distillation, with a benefit of decoupling of the error correction from the privacy amplification. It can also treat cases with uncharacterized apparatuses. We derive a secure key rate for the Bennett-Brassard-1984 protocol with an arbitrary source characterized only by a single parameter representing the basis dependence.

  14. Managing business compliance using model-driven security management

    Science.gov (United States)

    Lang, Ulrich; Schreiner, Rudolf

    Compliance with regulatory and governance standards is rapidly becoming one of the hot topics of information security today. This is because, especially with regulatory compliance, both business and government have to expect large financial and reputational losses if compliance cannot be ensured and demonstrated. One major difficulty of implementing such regulations is caused the fact that they are captured at a high level of abstraction that is business-centric and not IT centric. This means that the abstract intent needs to be translated in a trustworthy, traceable way into compliance and security policies that the IT security infrastructure can enforce. Carrying out this mapping process manually is time consuming, maintenance-intensive, costly, and error-prone. Compliance monitoring is also critical in order to be able to demonstrate compliance at any given point in time. The problem is further complicated because of the need for business-driven IT agility, where IT policies and enforcement can change frequently, e.g. Business Process Modelling (BPM) driven Service Oriented Architecture (SOA). Model Driven Security (MDS) is an innovative technology approach that can solve these problems as an extension of identity and access management (IAM) and authorization management (also called entitlement management). In this paper we will illustrate the theory behind Model Driven Security for compliance, provide an improved and extended architecture, as well as a case study in the healthcare industry using our OpenPMF 2.0 technology.

  15. IT Security Management Implementation Model in Iranian Bank Industry

    Directory of Open Access Journals (Sweden)

    Mona Vanaki

    2017-06-01

    Full Text Available According to the complexity and differences between Iranian banks and other developed countries the appropriate actions to implement effective security management of information technology have not been taken. The aim of this study was to create a powerful model by selecting the appropriate security controls to protect information assets in the bank. In this model, at first the principle set fort in ISO standard 27001, was extracted and then by further studies derived from best practices carried out in the world on the related subject from 2008 to 2016 using a qualitative descriptive method, points comply with information security management in the banking industry were added to it. With the study of Iranian banks in dealing with IT security management system and with help of action research tools, provisions which prevent the actual implementation of this standard was removed and finally a conceptual model with operating instructions and considering all the principles of information security management standard, as well as banking institutions focusing on the characteristics of Iran was proposed.

  16. Security Analysis of Dynamic SDN Architectures Based on Game Theory

    Directory of Open Access Journals (Sweden)

    Chao Qi

    2018-01-01

    Full Text Available Security evaluation of SDN architectures is of critical importance to develop robust systems and address attacks. Focused on a novel-proposed dynamic SDN framework, a game-theoretic model is presented to analyze its security performance. This model can represent several kinds of players’ information, simulate approximate attack scenarios, and quantitatively estimate systems’ reliability. And we explore several typical game instances defined by system’s capability, players’ objects, and strategies. Experimental results illustrate that the system’s detection capability is not a decisive element to security enhancement as introduction of dynamism and redundancy into SDN can significantly improve security gain and compensate for its detection weakness. Moreover, we observe a range of common strategic actions across environmental conditions. And analysis reveals diverse defense mechanisms adopted in dynamic systems have different effect on security improvement. Besides, the existence of equilibrium in particular situations further proves the novel structure’s feasibility, flexibility, and its persistent ability against long-term attacks.

  17. Elgamal Elliptic Curve Based Secure Communication Architecture for Microgrids

    Directory of Open Access Journals (Sweden)

    Sarmadullah Khan

    2018-03-01

    Full Text Available Microgrids play an important role in today’s power systems as the distributed generation is becoming increasingly common. They can operate in two possible modes: (i standalone and (ii grid-connected. The transitional state from standalone to grid-connected mode is very critical and requires the microgrid to be synchronized with the main grid. Thus, secure, reliable and trustworthy control and communication is utmost necessary to prevent out-of-sync connection which could severely damage the microgrid and/or the main grid. Existing solutions consume more resources and take long time to establish a secure connection. The objective of the proposed work is to reduce the connection establishment time by using efficient computational algorithms and save the resources. This paper proposes a secure authentication and key establishment mechanism for ensuring safe operation and control of the microgrids. The proposed approach uses the concept of Elgamal with slight modification. Private key of the sender is used instead of a random number. The proposed modification ensures the non repudiation. This paper also presents a system threat model along with security network architecture and evaluates the performance of proposed algorithm in protecting microgrid communication against man in the middle attacks and replay attacks that could delay the packets to damage the system and need to be detected. Mathematical modeling and simulation results show that the proposed algorithm performs better than the existing protocols in terms of connection establishment, resource consumption and security level.

  18. A secure key agreement protocol based on chaotic maps

    International Nuclear Information System (INIS)

    Wang Xing-Yuan; Luan Da-Peng

    2013-01-01

    To guarantee the security of communication in the public channel, many key agreement protocols have been proposed. Recently, Gong et al. proposed a key agreement protocol based on chaotic maps with password sharing. In this paper, Gong et al.'s protocol is analyzed, and we find that this protocol exhibits key management issues and potential security problems. Furthermore, the paper presents a new key agreement protocol based on enhanced Chebyshev polynomials to overcome these problems. Through our analysis, our key agreement protocol not only provides mutual authentication and the ability to resist a variety of common attacks, but also solve the problems of key management and security issues existing in Gong et al.'s protocol

  19. Fuzzy Logic Based Anomaly Detection for Embedded Network Security Cyber Sensor

    Energy Technology Data Exchange (ETDEWEB)

    Ondrej Linda; Todd Vollmer; Jason Wright; Milos Manic

    2011-04-01

    Resiliency and security in critical infrastructure control systems in the modern world of cyber terrorism constitute a relevant concern. Developing a network security system specifically tailored to the requirements of such critical assets is of a primary importance. This paper proposes a novel learning algorithm for anomaly based network security cyber sensor together with its hardware implementation. The presented learning algorithm constructs a fuzzy logic rule based model of normal network behavior. Individual fuzzy rules are extracted directly from the stream of incoming packets using an online clustering algorithm. This learning algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental test-bed mimicking the environment of a critical infrastructure control system.

  20. Password-only authenticated three-party key exchange with provable security in the standard model.

    Science.gov (United States)

    Nam, Junghyun; Choo, Kim-Kwang Raymond; Kim, Junghwan; Kang, Hyun-Kyu; Kim, Jinsoo; Paik, Juryon; Won, Dongho

    2014-01-01

    Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

  1. Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model

    Directory of Open Access Journals (Sweden)

    Junghyun Nam

    2014-01-01

    Full Text Available Protocols for password-only authenticated key exchange (PAKE in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000, which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

  2. Graph Model Based Indoor Tracking

    DEFF Research Database (Denmark)

    Jensen, Christian Søndergaard; Lu, Hua; Yang, Bin

    2009-01-01

    The tracking of the locations of moving objects in large indoor spaces is important, as it enables a range of applications related to, e.g., security and indoor navigation and guidance. This paper presents a graph model based approach to indoor tracking that offers a uniform data management...

  3. Flood Risk Assessment Based On Security Deficit Analysis

    Science.gov (United States)

    Beck, J.; Metzger, R.; Hingray, B.; Musy, A.

    Risk is a human perception: a given risk may be considered as acceptable or unac- ceptable depending on the group that has to face that risk. Flood risk analysis of- ten estimates economic losses from damages, but neglects the question of accept- able/unacceptable risk. With input from land use managers, politicians and other stakeholders, risk assessment based on security deficit analysis determines objects with unacceptable risk and their degree of security deficit. Such a risk assessment methodology, initially developed by the Swiss federal authorities, is illustrated by its application on a reach of the Alzette River (Luxembourg) in the framework of the IRMA-SPONGE FRHYMAP project. Flood risk assessment always involves a flood hazard analysis, an exposed object vulnerability analysis, and an analysis combing the results of these two previous analyses. The flood hazard analysis was done with the quasi-2D hydraulic model FldPln to produce flood intensity maps. Flood intensity was determined by the water height and velocity. Object data for the vulnerability analysis, provided by the Luxembourg government, were classified according to their potential damage. Potential damage is expressed in terms of direct, human life and secondary losses. A thematic map was produced to show the object classification. Protection goals were then attributed to the object classes. Protection goals are assigned in terms of an acceptable flood intensity for a certain flood frequency. This is where input from land use managers and politicians comes into play. The perception of risk in the re- gion or country influences the protection goal assignment. Protection goals as used in Switzerland were used in this project. Thematic maps showing the protection goals of each object in the case study area for a given flood frequency were produced. Com- parison between an object's protection goal and the intensity of the flood that touched the object determine the acceptability of the risk and the

  4. Stochastic models of the Social Security trust funds.

    Science.gov (United States)

    Burdick, Clark; Manchester, Joyce

    Each year in March, the Board of Trustees of the Social Security trust funds reports on the current and projected financial condition of the Social Security programs. Those programs, which pay monthly benefits to retired workers and their families, to the survivors of deceased workers, and to disabled workers and their families, are financed through the Old-Age, Survivors, and Disability Insurance (OASDI) Trust Funds. In their 2003 report, the Trustees present, for the first time, results from a stochastic model of the combined OASDI trust funds. Stochastic modeling is an important new tool for Social Security policy analysis and offers the promise of valuable new insights into the financial status of the OASDI trust funds and the effects of policy changes. The results presented in this article demonstrate that several stochastic models deliver broadly consistent results even though they use very different approaches and assumptions. However, they also show that the variation in trust fund outcomes differs as the approach and assumptions are varied. Which approach and assumptions are best suited for Social Security policy analysis remains an open question. Further research is needed before the promise of stochastic modeling is fully realized. For example, neither parameter uncertainty nor variability in ultimate assumption values is recognized explicitly in the analyses. Despite this caveat, stochastic modeling results are already shedding new light on the range and distribution of trust fund outcomes that might occur in the future.

  5. Supporting Case-Based Learning in Information Security with Web-Based Technology

    Science.gov (United States)

    He, Wu; Yuan, Xiaohong; Yang, Li

    2013-01-01

    Case-based learning has been widely used in many disciplines. As an effective pedagogical method, case-based learning is also being used to support teaching and learning in the domain of information security. In this paper, we demonstrate case-based learning in information security by sharing our experiences in using a case study to teach security…

  6. Citizen-based Strategies to Improve Community Security: Working ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    Citizen-based Strategies to Improve Community Security: Working with Vulnerable Populations to Address Urban Violence in Medellin ... Water Resources Association, in close collaboration with IDRC, is holding a webinar titled “Climate change and adaptive water management: Innovative solutions from the Global South”.

  7. Cloud-Based Virtual Laboratory for Network Security Education

    Science.gov (United States)

    Xu, Le; Huang, Dijiang; Tsai, Wei-Tek

    2014-01-01

    Hands-on experiments are essential for computer network security education. Existing laboratory solutions usually require significant effort to build, configure, and maintain and often do not support reconfigurability, flexibility, and scalability. This paper presents a cloud-based virtual laboratory education platform called V-Lab that provides a…

  8. Security Analysis of A Chaos-based Image Encryption Algorithm

    OpenAIRE

    Lian, Shiguo; Sun, Jinsheng; Wang, Zhiquan

    2006-01-01

    The security of Fridrich Image Encryption Algorithm against brute-force attack, statistical attack, known-plaintext attack and select-plaintext attack is analyzed by investigating the properties of the involved chaotic maps and diffusion functions. Based on the given analyses, some means are proposed to strengthen the overall performance of the focused cryptosystem.

  9. Security analysis of a chaos-based image encryption algorithm

    Science.gov (United States)

    Lian, Shiguo; Sun, Jinsheng; Wang, Zhiquan

    2005-06-01

    The security of Fridrich's algorithm against brute-force attack, statistical attack, known-plaintext attack and select-plaintext attack is analyzed by investigating the properties of the involved chaotic maps and diffusion functions. Based on the given analyses, some means are proposed to strengthen the overall performance of the focused cryptosystem.

  10. Automated analysis of security requirements through risk-based argumentation

    NARCIS (Netherlands)

    Yu, Yijun; Nunes Leal Franqueira, V.; Tun, Thein Tan; Wieringa, Roelf J.; Nuseibeh, Bashar

    2015-01-01

    Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about

  11. Invariant-based reasoning about parameterized security protocols

    NARCIS (Netherlands)

    Mooij, A.J.

    2010-01-01

    We explore the applicability of the programming method of Feijen and van Gasteren to the domain of security protocols. This method addresses the derivation of concurrent programs from a formal specification, and it is based on common notions like invariants and pre- and post-conditions. We show that

  12. Security Vulnerabilities of the Web Based Open Source Information ...

    African Journals Online (AJOL)

    This paper exposes security vulnerabilities of the web based Open Source Information Systems (OSIS) from both system angle and human perspectives.It shows the extent of risk that can likely hinder adopting organization from attaning full intended benefits of using OSIS software. To undertake this study, a case study ...

  13. Game based cyber security training: are serious games suitable for cyber security training?

    OpenAIRE

    Hendrix, Maurice; Al-Sherbaz, Ali; Victoria, Bloom

    2016-01-01

    Security research and training is attracting a lot of investment and interest from governments and the private sector. Most efforts have focused on physical security, while cyber security or digital security has been given less importance. With recent high-profile attacks it has become clear that training in cyber security is needed. Serious Games have the capability to be effective tools for public engagement and behavioural change and role play games, are already used by security profession...

  14. Pattern and security requirements engineering-based establishment of security standards

    CERN Document Server

    Beckers, Kristian

    2015-01-01

    Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security standards presented, and the relations to the elementary concepts of security requirements engineering (SRE) methods explored. Using this knowledge, engineers can build customised methods that support the establishment of security standards. Standard

  15. A secure medical data exchange protocol based on cloud environment.

    Science.gov (United States)

    Chen, Chin-Ling; Yang, Tsai-Tung; Shih, Tzay-Farn

    2014-09-01

    In recent years, health care technologies already became matured such as electronic medical records that can be easily stored. However, how to get medical resources more convenient is currently concern issue. In spite of many literatures discussed about medical systems, but these literatures should face many security challenges. The most important issue is patients' privacy. Therefore, we propose a secure medical data exchange protocol based on cloud environment. In our scheme, we use mobile device's characteristics, allowing peoples use medical resources on the cloud environment to seek medical advice conveniently.

  16. Information Security Scheme Based on Computational Temporal Ghost Imaging.

    Science.gov (United States)

    Jiang, Shan; Wang, Yurong; Long, Tao; Meng, Xiangfeng; Yang, Xiulun; Shu, Rong; Sun, Baoqing

    2017-08-09

    An information security scheme based on computational temporal ghost imaging is proposed. A sequence of independent 2D random binary patterns are used as encryption key to multiply with the 1D data stream. The cipher text is obtained by summing the weighted encryption key. The decryption process can be realized by correlation measurement between the encrypted information and the encryption key. Due to the instinct high-level randomness of the key, the security of this method is greatly guaranteed. The feasibility of this method and robustness against both occlusion and additional noise attacks are discussed with simulation, respectively.

  17. A Cluster Based Group Signature Mechanism For Secure Vanet Communication

    Directory of Open Access Journals (Sweden)

    Navjot Kaur

    2015-08-01

    Full Text Available Vehicular adhoc network is one of the recent area of research to administer safety to human lives controlling of messages and in disposal of messages to users and passengers. VANETs allows communication of moving vehicular nodes. Movement of nodes leads in changing network size and scenario. Whenever a new node joins the network there is a threat of malicious node attack. So we need an environment that is secure and trust worthy. Therefore a new cluster based secure technique is proposed where cluster head is responsible for providing communication between the vehicular nodes. Performance parameters used in this paper are message drop ratio packet delay ratio and verification time.

  18. 75 FR 75207 - Regulation SBSR-Reporting and Dissemination of Security-Based Swap Information

    Science.gov (United States)

    2010-12-02

    ... Dissemination of Security-Based Swap Information; Proposed Rule #0;#0;Federal Register / Vol. 75 , No. 231... Dissemination of Security-Based Swap Information AGENCY: Securities and Exchange Commission. ACTION: Proposed... SBSR--Reporting and Dissemination of Security-Based Swap Information (``Regulation SBSR'') under the...

  19. Security Issues Model on Cloud Computing: A Case of Malaysia

    OpenAIRE

    Komeil Raisian; Jamaiah Yahaya

    2015-01-01

    By developing the cloud computing, viewpoint of many people regarding the infrastructure architectures, software distribution and improvement model changed significantly. Cloud computing associates with the pioneering deployment architecture, which could be done through grid calculating, effectiveness calculating and autonomic calculating. The fast transition towards that, has increased the worries regarding a critical issue for the effective transition of cloud computing. From the security v...

  20. Organizational information assets classification model and security architecture methodology

    Directory of Open Access Journals (Sweden)

    Mostafa Tamtaji

    2015-12-01

    Full Text Available Today's, Organizations are exposed with huge and diversity of information and information assets that are produced in different systems shuch as KMS, financial and accounting systems, official and industrial automation sysytems and so on and protection of these information is necessary. Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released.several benefits of this model cuses that organization has a great trend to implementing Cloud computing. Maintaining and management of information security is the main challenges in developing and accepting of this model. In this paper, at first, according to "design science research methodology" and compatible with "design process at information systems research", a complete categorization of organizational assets, including 355 different types of information assets in 7 groups and 3 level, is presented to managers be able to plan corresponding security controls according to importance of each groups. Then, for directing of organization to architect it’s information security in cloud computing environment, appropriate methodology is presented. Presented cloud computing security architecture , resulted proposed methodology, and presented classification model according to Delphi method and expers comments discussed and verified.

  1. Modelling effective and simultaneous promotion of food security and ...

    African Journals Online (AJOL)

    This ineffectiveness extends to promoting household food security within the context of encouraging biodiversity conservation on farm lands. To examine this, this paper draws on recently conducted research to sketch the current model within which extension pursues these seemingly dichotomous objectives and identifies ...

  2. Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

    Directory of Open Access Journals (Sweden)

    Igor Bernik

    Full Text Available Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

  3. Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

    Science.gov (United States)

    Bernik, Igor; Prislan, Kaja

    Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

  4. Chaotic secure content-based hidden transmission of biometric templates

    International Nuclear Information System (INIS)

    Khan, Muhammad Khurram; Zhang Jiashu; Tian Lei

    2007-01-01

    The large-scale proliferation of biometric verification systems creates a demand for effective and reliable security and privacy of its data. Like passwords and PIN codes, biometric data is also not secret and if it is compromised, the integrity of the whole verification system could be at high risk. To address these issues, this paper presents a novel chaotic secure content-based hidden transmission scheme of biometric data. Encryption and data hiding techniques are used to improve the security and secrecy of the transmitted templates. Secret keys are generated by the biometric image and used as the parameter value and initial condition of the chaotic map, and each transaction session has different secret keys to protect from the attacks. Two chaotic maps are incorporated for the encryption to resolve the finite word length effect and to improve the system's resistance against attacks. Encryption is applied on the biometric templates before hiding into the cover/host images to make them secure, and then templates are hidden into the cover image. Experimental results show that the security, performance, and accuracy of the presented scheme are encouraging comparable with other methods found in the current literature

  5. Chaotic secure content-based hidden transmission of biometric templates

    Energy Technology Data Exchange (ETDEWEB)

    Khan, Muhammad Khurram [Research Group for Biometrics and Security, Sichuan Province Key Lab of Signal and Information Processing, Southwest Jiaotong University, Chengdu 610031, Sichuan (China)]. E-mail: khurram.khan@scientist.com; Zhang Jiashu [Research Group for Biometrics and Security, Sichuan Province Key Lab of Signal and Information Processing, Southwest Jiaotong University, Chengdu 610031, Sichuan (China); Tian Lei [Research Group for Biometrics and Security, Sichuan Province Key Lab of Signal and Information Processing, Southwest Jiaotong University, Chengdu 610031, Sichuan (China)

    2007-06-15

    The large-scale proliferation of biometric verification systems creates a demand for effective and reliable security and privacy of its data. Like passwords and PIN codes, biometric data is also not secret and if it is compromised, the integrity of the whole verification system could be at high risk. To address these issues, this paper presents a novel chaotic secure content-based hidden transmission scheme of biometric data. Encryption and data hiding techniques are used to improve the security and secrecy of the transmitted templates. Secret keys are generated by the biometric image and used as the parameter value and initial condition of the chaotic map, and each transaction session has different secret keys to protect from the attacks. Two chaotic maps are incorporated for the encryption to resolve the finite word length effect and to improve the system's resistance against attacks. Encryption is applied on the biometric templates before hiding into the cover/host images to make them secure, and then templates are hidden into the cover image. Experimental results show that the security, performance, and accuracy of the presented scheme are encouraging comparable with other methods found in the current literature.

  6. An energy security management model using quality function deployment and system dynamics

    International Nuclear Information System (INIS)

    Shin, Juneseuk; Shin, Wan-Seon; Lee, Changyong

    2013-01-01

    An energy security management model using quality function deployment (QFD) and system dynamics (SD) is suggested for application in public policymaking in developing economies. Through QFD, experts are guided toward identifying key energy security components, including indicators and policies, and in making these components consistent, focused, and customized for a particular country. Using these components as inputs, we construct an intermediate complex system dynamics model with a minimal number of crucial interactions. Key policies are simulated and evaluated in terms of the improvement of key indicators. Even with little data, our approach provides a coherent, useful, and customized energy security management model to help policymakers more effectively manage national energy security. To demonstrate its advantages, the model is applied to the Korean gas sector as an example. - Highlights: ► We suggest an energy security management model for developing economies. ► We identify a consistent set of key components, indicators and policies by using QFD. ► A coherent and practical system dynamics model based on QFD's output is constructed. ► The model is applied to the Korean gas sector as an example

  7. Enhanced ATM Security using Biometric Authentication and Wavelet Based AES

    Directory of Open Access Journals (Sweden)

    Sreedharan Ajish

    2016-01-01

    Full Text Available The traditional ATM terminal customer recognition systems rely only on bank cards, passwords and such identity verification methods are not perfect and functions are too single. Biometrics-based authentication offers several advantages over other authentication methods, there has been a significant surge in the use of biometrics for user authentication in recent years. This paper presents a highly secured ATM banking system using biometric authentication and wavelet based Advanced Encryption Standard (AES algorithm. Two levels of security are provided in this proposed design. Firstly we consider the security level at the client side by providing biometric authentication scheme along with a password of 4-digit long. Biometric authentication is achieved by considering the fingerprint image of the client. Secondly we ensure a secured communication link between the client machine to the bank server using an optimized energy efficient and wavelet based AES processor. The fingerprint image is the data for encryption process and 4-digit long password is the symmetric key for the encryption process. The performance of ATM machine depends on ultra-high-speed encryption, very low power consumption, and algorithmic integrity. To get a low power consuming and ultra-high speed encryption at the ATM machine, an optimized and wavelet based AES algorithm is proposed. In this system biometric and cryptography techniques are used together for personal identity authentication to improve the security level. The design of the wavelet based AES processor is simulated and the design of the energy efficient AES processor is simulated in Quartus-II software. Simulation results ensure its proper functionality. A comparison among other research works proves its superiority.

  8. A Game Theory Based Solution for Security Challenges in CRNs

    Science.gov (United States)

    Poonam; Nagpal, Chander Kumar

    2018-03-01

    Cognitive radio networks (CRNs) are being envisioned to drive the next generation Ad hoc wireless networks due to their ability to provide communications resilience in continuously changing environments through the use of dynamic spectrum access. Conventionally CRNs are dependent upon the information gathered by other secondary users to ensure the accuracy of spectrum sensing making them vulnerable to security attacks leading to the need of security mechanisms like cryptography and trust. However, a typical cryptography based solution is not a viable security solution for CRNs owing to their limited resources. Effectiveness of trust based approaches has always been, in question, due to credibility of secondary trust resources. Game theory with its ability to optimize in an environment of conflicting interests can be quite a suitable tool to manage an ad hoc network in the presence of autonomous selfish/malevolent/malicious and attacker nodes. The literature contains several theoretical proposals for augmenting game theory in the ad hoc networks without explicit/detailed implementation. This paper implements a game theory based solution in MATLAB-2015 to secure the CRN environment and compares the obtained results with the traditional approaches of trust and cryptography. The simulation result indicates that as the time progresses the game theory performs much better with higher throughput, lower jitter and better identification of selfish/malicious nodes.

  9. Gerenciamento de resultados em bancos com uso de TVM: validação de modelo de dois estágios Securities-based earnings management in nanks: validation of a two-stage model

    Directory of Open Access Journals (Sweden)

    José Alves Dantas

    2013-04-01

    menor porte e nos controlados por capital privado.Studies investigating earnings management in banks have been particularly concerned with the use of Loan Loss Provisions (LLP and mainly use two-stage models to identify discretionary management actions. Another type of record that has received attention from researchers in identifying discretionary management actions is the classification and measurement of the fair value of securities. In this case, however, one-stage models have prevailed. The present study aims to develop and validate a two-stage model for the identification of discretionary management actions using gains obtained from securities. Our model incorporates macroeconomic indicators and specific attributes of the securities portfolios to the traditional parameters used in models previously utilized in the literature. To validate the proposed model, the results are compared with the results from the estimation of a one-stage model - a methodology widely used in the literature. Tests conducted with the two models reveal evidence of income smoothing using securities and the classification of available-for-sale securities among the actions taken by management. The consistency of the results across the two models validates the proposed model, thereby contributing to the development of research on the topic that is not only concerned with determining whether earnings management is practiced but also whether it can be associated with other variables. We also find that securities-based earnings management is more significant in smaller-sized banks and in banks controlled by private capital.

  10. CONCEPTUAL MODELLING AND ORGANIZATION OF SECURITY MECHANISMS IN DISTRIBUTED SYSTEMS

    Directory of Open Access Journals (Sweden)

    T. Galibus

    2016-01-01

    Full Text Available We analyze the existing DS from the point of security and construct a two-level hierarchy of models. Such approach allows us to separate the abstraction (architecture level and the concrete (component level of ISS. The core set of methods, i. e. authentication and key exchange protocols, corresponds to the abstraction level and is defined as security infrastructure (SI. The final security parameters optimization and additional mechanisms such as authorization, routing and data auditing of the protection mechanisms are configured on the component level of the DS. In addition, we outline the systematic step-by-step ISS configuration method.

  11. Mission Assurance Modeling and Simulation: A Cyber Security Roadmap

    Science.gov (United States)

    Gendron, Gerald; Roberts, David; Poole, Donold; Aquino, Anna

    2012-01-01

    This paper proposes a cyber security modeling and simulation roadmap to enhance mission assurance governance and establish risk reduction processes within constrained budgets. The term mission assurance stems from risk management work by Carnegie Mellon's Software Engineering Institute in the late 19905. By 2010, the Defense Information Systems Agency revised its cyber strategy and established the Program Executive Officer-Mission Assurance. This highlights a shift from simply protecting data to balancing risk and begins a necessary dialogue to establish a cyber security roadmap. The Military Operations Research Society has recommended a cyber community of practice, recognizing there are too few professionals having both cyber and analytic experience. The authors characterize the limited body of knowledge in this symbiotic relationship. This paper identifies operational and research requirements for mission assurance M&S supporting defense and homeland security. M&S techniques are needed for enterprise oversight of cyber investments, test and evaluation, policy, training, and analysis.

  12. FlySec: a risk-based airport security management system based on security as a service concept

    Science.gov (United States)

    Kyriazanos, Dimitris M.; Segou, Olga E.; Zalonis, Andreas; Thomopoulos, Stelios C. A.

    2016-05-01

    Complementing the ACI/IATA efforts, the FLYSEC European H2020 Research and Innovation project (http://www.fly-sec.eu/) aims to develop and demonstrate an innovative, integrated and end-to-end airport security process for passengers, enabling a guided and streamlined procedure from the landside to airside and into the boarding gates, and offering for an operationally validated innovative concept for end-to-end aviation security. FLYSEC ambition turns through a well-structured work plan into: (i) innovative processes facilitating risk-based screening; (ii) deployment and integration of new technologies and repurposing existing solutions towards a risk-based Security paradigm shift; (iii) improvement of passenger facilitation and customer service, bringing security as a real service in the airport of tomorrow;(iv) achievement of measurable throughput improvement and a whole new level of Quality of Service; and (v) validation of the results through advanced "in-vitro" simulation and "in-vivo" pilots. On the technical side, FLYSEC achieves its ambitious goals by integrating new technologies on video surveillance, intelligent remote image processing and biometrics combined with big data analysis, open-source intelligence and crowdsourcing. Repurposing existing technologies is also in the FLYSEC objectives, such as mobile application technologies for improved passenger experience and positive boarding applications (i.e. services to facilitate boarding and landside/airside way finding) as well as RFID for carry-on luggage tracking and quick unattended luggage handling. In this paper, the authors will describe the risk based airport security management system which powers FLYSEC intelligence and serves as the backend on top of which FLYSEC's front end technologies reside for security services management, behaviour and risk analysis.

  13. A Security Scheme of 5G Ultradense Network Based on the Implicit Certificate

    Directory of Open Access Journals (Sweden)

    Zhonglin Chen

    2018-01-01

    Full Text Available The ultradense network (UDN is one of the most promising technologies in the fifth generation (5G to address the network system capacity issue. It can enhance spatial reuse through the flexible, intensive deployment of small base stations. A universal 5G UDN architecture is necessary to realize the autonomous and dynamic deployment of small base stations. However, the security of the 5G UDN is still in its infancy, and the data communication security among the network entities is facing new challenges. In this paper, we proposed a new security based on implicit certificate (IC scheme; the scheme solves the security problem among the access points (APs in a dynamic APs group (APG and between the AP and user equipment (UE. We present each phase regarding how two network entities obtain the Elliptic Curve Qu-Vanstone (ECQV implicit certificate scheme, verify each other’s identity, and share keys in an UDN. Finally, we extensively analyze our lightweight security communication model in terms of security and performance. The simulation on network bandwidth evaluation is also conducted to prove the efficiency of the solution.

  14. ID based cryptography for secure cloud data storage

    OpenAIRE

    Kaaniche , Nesrine; Boudguiga , Aymen; Laurent , Maryline

    2013-01-01

    International audience; This paper addresses the security issues of storing sensitive data in a cloud storage service and the need for users to trust the commercial cloud providers. It proposes a cryptographic scheme for cloud storage, based on an original usage of ID-Based Cryptography. Our solution has several advantages. First, it provides secrecy for encrypted data which are stored in public servers. Second, it offers controlled data access and sharing among users, so that unauthorized us...

  15. Assessing the impacts of the changes in farming systems on food security and environmental sustainability of a Chinese rural region under different policy scenarios: an agent-based model.

    Science.gov (United States)

    Yuan, Chengcheng; Liu, Liming; Qi, Xiaoxing; Fu, Yonghu; Ye, Jinwei

    2017-07-01

    Since China has undergone a series of economic reforms and implemented opening up policies, its farming systems have significantly changed and have dramatically influenced the society, economy, and environment of China. To assess the comprehensive impacts of these changes on food security and environmental sustainability, and establish effective and environment-friendly subsidy policies, this research constructed an agent-based model (ABM). Daligang Town, which is located in the two-season rice region of Southern China, was selected as the case study site. Four different policy scenarios, i.e., "sharply increasing" (SI), "no-increase" (NI), "adjusted-method" (AM), and "trend" (TD) scenarios were investigated from 2015 to 2029. The validation result shows that the relative prediction errors between the simulated and actual values annually ranged from -20 to 20%, indicating the reliability of the proposed model. The scenario analysis revealed that the four scenarios generated different variations in cropping systems, rice yield, and fertilizer and pesticide inputs when the purchase price of rice and the non-agricultural income were assumed to increase annually by 0.1 RMB per kg and 10% per person, respectively. Among the four different policy scenarios in Daligang, the TD scenario was considered the best, because it had a relatively high rice yield, fairly minimal use of fertilizers and pesticides, and a lower level of subsidy. Despite its limitations, ABM could be considered a useful tool in analyzing, exploring, and discussing the comprehensive effects of the changes in farming system on food security and environmental sustainability.

  16. Quantitative Analysis of the Security of Software-Defined Network Controller Using Threat/Effort Model

    Directory of Open Access Journals (Sweden)

    Zehui Wu

    2017-01-01

    Full Text Available SDN-based controller, which is responsible for the configuration and management of the network, is the core of Software-Defined Networks. Current methods, which focus on the secure mechanism, use qualitative analysis to estimate the security of controllers, leading to inaccurate results frequently. In this paper, we employ a quantitative approach to overcome the above shortage. Under the analysis of the controller threat model we give the formal model results of the APIs, the protocol interfaces, and the data items of controller and further provide our Threat/Effort quantitative calculation model. With the help of Threat/Effort model, we are able to compare not only the security of different versions of the same kind controller but also different kinds of controllers and provide a basis for controller selection and secure development. We evaluated our approach in four widely used SDN-based controllers which are POX, OpenDaylight, Floodlight, and Ryu. The test, which shows the similarity outcomes with the traditional qualitative analysis, demonstrates that with our approach we are able to get the specific security values of different controllers and presents more accurate results.

  17. A Stochastic Model for Improving Information Security in Supply Chain Systems

    OpenAIRE

    Ibrahim Al Kattan; Ahmed Al Nunu; Kassem Saleh

    2009-01-01

    This article presents a probabilistic security model for supply chain management systems (SCM) in which the basic goals of security (including confidentiality, integrity, availability and accountability, CIAA) are modeled and analyzed. Consequently, the weak points in system security are identified. A stochastic model using measurable values to describe the information system security of a SCM is introduced. Information security is a crucial and integral part of the network of supply chains. ...

  18. Development of Food Security Information System Based on Business Intelligence in Food Security Agency, Ministry of Agriculture, Indonesia

    OpenAIRE

    Hendrawaty, Manise; Harisno, Harisno

    2014-01-01

    Food is the main basic need of human, because of that fulfillment of human need of food has to be fulfilled. So it can fulfill that need, then government institution, Food Security Agency (BKP) is formed so it can monitor fulfillment of food need of society. The goals of this writing are to develop food security information system that provides dashboard facility based on business intelligence, to develop food security information system that can give fast, precise and real time information a...

  19. IoT security with one-time pad secure algorithm based on the double memory technique

    Science.gov (United States)

    Wiśniewski, Remigiusz; Grobelny, Michał; Grobelna, Iwona; Bazydło, Grzegorz

    2017-11-01

    Secure encryption of data in Internet of Things is especially important as many information is exchanged every day and the number of attack vectors on IoT elements still increases. In the paper a novel symmetric encryption method is proposed. The idea bases on the one-time pad technique. The proposed solution applies double memory concept to secure transmitted data. The presented algorithm is considered as a part of communication protocol and it has been initially validated against known security issues.

  20. Modeling, simulation and analysis of a securities settlement system:The case of Central Securities Depository of Mexico

    OpenAIRE

    Muñoz, David F; Palacios, Arturo; Lascurain, Miguel

    2012-01-01

    The Instituto para el Depósito de Valores (INDEVAL) is the Central Securities Depository of Mexico. It is the only Mexican institution authorized to perform, in an integrated manner, the activities of safe-keeping, custody, management, clearing, settlement and transfer of securities. In this article, we report the modeling, simulation and analysis of a new Securities Settlement System (SSS) implemented by INDEVAL, as part of a project for the implementation of a safer and more efficient opera...

  1. Modeling, simulation and analysis of a securities settlement system: the case of Central Securities Depository of Mexico

    OpenAIRE

    Muñoz, David F.; Palacios, Arturo; de Lascurain, Miguel

    2012-01-01

    The Instituto para el Depósito de Valores (INDEVAL) is the Central Securities Depository of Mexico. It is the only Mexican institution authorized to perform, in an integrated manner, the activities of safe-keeping, custody, management, clearing, settlement and transfer of securities. In this article, we report the modeling, simulation and analysis of a new Securities Settlement System (SSS) implemented by INDEVAL, as part of a project for the implementation of a safer and more efficient opera...

  2. A provably-secure ECC-based authentication scheme for wireless sensor networks.

    Science.gov (United States)

    Nam, Junghyun; Kim, Moonseong; Paik, Juryon; Lee, Youngsook; Won, Dongho

    2014-11-06

    A smart-card-based user authentication scheme for wireless sensor networks (in short, a SUA-WSN scheme) is designed to restrict access to the sensor data only to users who are in possession of both a smart card and the corresponding password. While a significant number of SUA-WSN schemes have been suggested in recent years, their intended security properties lack formal definitions and proofs in a widely-accepted model. One consequence is that SUA-WSN schemes insecure against various attacks have proliferated. In this paper, we devise a security model for the analysis of SUA-WSN schemes by extending the widely-accepted model of Bellare, Pointcheval and Rogaway (2000). Our model provides formal definitions of authenticated key exchange and user anonymity while capturing side-channel attacks, as well as other common attacks. We also propose a new SUA-WSN scheme based on elliptic curve cryptography (ECC), and prove its security properties in our extended model. To the best of our knowledge, our proposed scheme is the first SUA-WSN scheme that provably achieves both authenticated key exchange and user anonymity. Our scheme is also computationally competitive with other ECC-based (non-provably secure) schemes.

  3. A Provably-Secure ECC-Based Authentication Scheme for Wireless Sensor Networks

    Science.gov (United States)

    Nam, Junghyun; Kim, Moonseong; Paik, Juryon; Lee, Youngsook; Won, Dongho

    2014-01-01

    A smart-card-based user authentication scheme for wireless sensor networks (in short, a SUA-WSN scheme) is designed to restrict access to the sensor data only to users who are in possession of both a smart card and the corresponding password. While a significant number of SUA-WSN schemes have been suggested in recent years, their intended security properties lack formal definitions and proofs in a widely-accepted model. One consequence is that SUA-WSN schemes insecure against various attacks have proliferated. In this paper, we devise a security model for the analysis of SUA-WSN schemes by extending the widely-accepted model of Bellare, Pointcheval and Rogaway (2000). Our model provides formal definitions of authenticated key exchange and user anonymity while capturing side-channel attacks, as well as other common attacks. We also propose a new SUA-WSN scheme based on elliptic curve cryptography (ECC), and prove its security properties in our extended model. To the best of our knowledge, our proposed scheme is the first SUA-WSN scheme that provably achieves both authenticated key exchange and user anonymity. Our scheme is also computationally competitive with other ECC-based (non-provably secure) schemes. PMID:25384009

  4. A Provably-Secure ECC-Based Authentication Scheme for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Junghyun Nam

    2014-11-01

    Full Text Available A smart-card-based user authentication scheme for wireless sensor networks (in short, a SUA-WSN scheme is designed to restrict access to the sensor data only to users who are in possession of both a smart card and the corresponding password. While a significant number of SUA-WSN schemes have been suggested in recent years, their intended security properties lack formal definitions and proofs in a widely-accepted model. One consequence is that SUA-WSN schemes insecure against various attacks have proliferated. In this paper, we devise a security model for the analysis of SUA-WSN schemes by extending the widely-accepted model of Bellare, Pointcheval and Rogaway (2000. Our model provides formal definitions of authenticated key exchange and user anonymity while capturing side-channel attacks, as well as other common attacks. We also propose a new SUA-WSN scheme based on elliptic curve cryptography (ECC, and prove its security properties in our extended model. To the best of our knowledge, our proposed scheme is the first SUA-WSN scheme that provably achieves both authenticated key exchange and user anonymity. Our scheme is also computationally competitive with other ECC-based (non-provably secure schemes.

  5. Risk-Based Aviation Security: Diffusion and Acceptance

    Science.gov (United States)

    2012-03-01

    The authors 32 recommended use of DOI for builders of social networking sites to examine the attributes of the model to see how they...November 23, 2011, from http://www.stltoday.com/news/ multimedia /full-body- scanners-arrive-at-lambert-airport/image_898152d8-f8ac-5c61-8fd6...Department of Homeland Security: Progress report on implementation of mission and management functions (GAO-07-454). Retrieved August 31, 2011, from

  6. Improved E-Banking System With Advanced Encryption Standards And Security Models

    Directory of Open Access Journals (Sweden)

    Sharaaf N. A.

    2015-08-01

    Full Text Available Emerging new Technologies and large scale businesses have made this world a global village. Many business organizations provide online services targeting global consumer bases. Transaction in international scale has been enabled by banks all around the world through E-banking in order to supply the needs of above business organizations. E-banking serves lots of benefits to both customers of banks and banks itself. It adds value to customers satisfaction with better service quality and enables banks to gain a competitive advantage over other competitors. Online banking need to possess high level security in order to provide safe consistent and robust online environment which guarantees secure data transmission and identity of both bank and customer. Lack of security may lead to less trust or hard to trust attitude towards online banking. Although customers are attracted by online banking convenience they seem largely in concern about identity theft and phishing. Analysis of many research papers on e-banking security models and their respective advantages and disadvantages have been discussed in literature review. Username password E-banking dongles fractal images biometric scans and advanced encryption standards are some of the suggested solutions for E-banking security. This study focuses on the security beyond above mechanisms. This paper ensures security of online banking at three levels. At client side using internet dongle integrated with finger print scanning technology at banking sever side and data transmission level. This model also includes username password and advanced encryption for further security. Complete description on the model has been discussed in methodology section. Future works on this topic and Conclusion are covered in separate sections.

  7. A Secure Cluster-Based Multipath Routing Protocol for WMSNs

    Directory of Open Access Journals (Sweden)

    Jamal N. Al-Karaki

    2011-04-01

    Full Text Available The new characteristics of Wireless Multimedia Sensor Network (WMSN and its design issues brought by handling different traffic classes of multimedia content (video streams, audio, and still images as well as scalar data over the network, make the proposed routing protocols for typical WSNs not directly applicable for WMSNs. Handling real-time multimedia data requires both energy efficiency and QoS assurance in order to ensure efficient utility of different capabilities of sensor resources and correct delivery of collected information. In this paper, we propose a Secure Cluster-based Multipath Routing protocol for WMSNs, SCMR, to satisfy the requirements of delivering different data types and support high data rate multimedia traffic. SCMR exploits the hierarchical structure of powerful cluster heads and the optimized multiple paths to support timeliness and reliable high data rate multimedia communication with minimum energy dissipation. Also, we present a light-weight distributed security mechanism of key management in order to secure the communication between sensor nodes and protect the network against different types of attacks. Performance evaluation from simulation results demonstrates a significant performance improvement comparing with existing protocols (which do not even provide any kind of security feature in terms of average end-to-end delay, network throughput, packet delivery ratio, and energy consumption.

  8. The Model-Driven openETCS Paradigm for Secure, Safe and Certifiable Train Control Systems

    DEFF Research Database (Denmark)

    Peleska, Jan; Feuser, Johannes; Haxthausen, Anne Elisabeth

    2012-01-01

    -driven openETCS approach, a threat analysis is performed, identifying both safety and security hazards that may be common to all model-based development paradigms for safety-critical railway control systems, or specific to the openETCS approach. In the subsequent sections state-of-the-art methods suitable...

  9. Security management based on trust determination in cognitive radio networks

    Science.gov (United States)

    Li, Jianwu; Feng, Zebing; Wei, Zhiqing; Feng, Zhiyong; Zhang, Ping

    2014-12-01

    Security has played a major role in cognitive radio networks. Numerous researches have mainly focused on attacking detection based on source localization and detection probability. However, few of them took the penalty of attackers into consideration and neglected how to implement effective punitive measures against attackers. To address this issue, this article proposes a novel penalty mechanism based on cognitive trust value. The main feature of this mechanism has been realized by six functions: authentication, interactive, configuration, trust value collection, storage and update, and punishment. Data fusion center (FC) and cluster heads (CHs) have been put forward as a hierarchical architecture to manage trust value of cognitive users. Misbehaving users would be punished by FC by declining their trust value; thus, guaranteeing network security via distinguishing attack users is of great necessity. Simulation results verify the rationality and effectiveness of our proposed mechanism.

  10. Improved security detection strategy in quantum secure direct communication protocol based on four-particle Green-Horne-Zeilinger state

    Energy Technology Data Exchange (ETDEWEB)

    Li, Jian; Nie, Jin-Rui; Li, Rui-Fan [Beijing Univ. of Posts and Telecommunications, Beijing (China). School of Computer; Jing, Bo [Beijing Univ. of Posts and Telecommunications, Beijing (China). School of Computer; Beijing Institute of Applied Meteorology, Beijing (China). Dept. of Computer Science

    2012-06-15

    To enhance the efficiency of eavesdropping detection in the quantum secure direct communication protocol, an improved quantum secure direct communication protocol based on a four-particle Green-Horne-Zeilinger (GHZ) state is presented. In the protocol, the four-particle GHZ state is used to detect eavesdroppers, and quantum dense coding is used to encode the message. In the security analysis, the method of entropy theory is introduced, and two detection strategies are compared quantitatively by using the constraint between the information that the eavesdroppers can obtain and the interference that has been introduced. If the eavesdropper wants to obtain all the information, the detection rate of the quantum secure direct communication using an Einstein-Podolsky-Rosen (EPR) pair block will be 50% and the detection rate of the presented protocol will be 87%. At last, the security of the proposed protocol is discussed. The analysis results indicate that the protocol proposed is more secure than the others. (orig.)

  11. Argumentation-Based Security Requirements Elicitation: The Next Round

    NARCIS (Netherlands)

    Ionita, Dan; Bullee, Jan-Willem; Wieringa, Roelf J.

    2014-01-01

    Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of

  12. Prototipe Critting Badot (Car Security System Monitoring Based On STNK)

    OpenAIRE

    Nasruloh, Agan; Kurniawan, Deny; Subekti, Massus

    2017-01-01

    The crime of burglary vehicle accompanied also by forgery vehicle registration certificate of vehicle number.For it, needed CRITING BADOT (Car Security System Monitoring Based On Stnk), an apparatus capable of preventing motor vehicle theft by means of technology RFID and SMS Gateway, blends the ignition and vehicle registration into a single entity, change the key of the car being contact id card, capable of being on the monitoring of the position the car.This tool requires the driver to be ...

  13. AES based secure low energy adaptive clustering hierarchy for WSNs

    Science.gov (United States)

    Kishore, K. R.; Sarma, N. V. S. N.

    2013-01-01

    Wireless sensor networks (WSNs) provide a low cost solution in diversified application areas. The wireless sensor nodes are inexpensive tiny devices with limited storage, computational capability and power. They are being deployed in large scale in both military and civilian applications. Security of the data is one of the key concerns where large numbers of nodes are deployed. Here, an energy-efficient secure routing protocol, secure-LEACH (Low Energy Adaptive Clustering Hierarchy) for WSNs based on the Advanced Encryption Standard (AES) is being proposed. This crypto system is a session based one and a new session key is assigned for each new session. The network (WSN) is divided into number of groups or clusters and a cluster head (CH) is selected among the member nodes of each cluster. The measured data from the nodes is aggregated by the respective CH's and then each CH relays this data to another CH towards the gateway node in the WSN which in turn sends the same to the Base station (BS). In order to maintain confidentiality of data while being transmitted, it is necessary to encrypt the data before sending at every hop, from a node to the CH and from the CH to another CH or to the gateway node.

  14. 76 FR 29817 - Further Definition of “Swap,” “Security-Based Swap,” and “Security-Based Swap Agreement”; Mixed...

    Science.gov (United States)

    2011-05-23

    ... Securities Exchanges H. Method of Settlement of Index CDS I. Security-Based Swaps as Securities Under the.... 20, 2010 (``SFAA Letter''); Letter from J. Stephen Zielezienski, Senior Vice President & General... Stephen E. Roth, James M. Cain, and W. Thomas Conner, Sutherland Asbill & Brennan LLP, for the Committee...

  15. 77 FR 48207 - Further Definition of “Swap,” “Security-Based Swap,” and “Security-Based Swap Agreement”; Mixed...

    Science.gov (United States)

    2012-08-13

    ... Swaps and Cross-Currency Swaps (c) Interpretation Regarding Foreign Exchange Spot Transactions (d... Exchange Act, 15 U.S.C. 78c(a)(68). This new security-based swap definition also is cross-referenced in new... Securities and Exchange Commission 17 CFR Parts 230, 240 and 241 Further Definition of ``Swap,'' ``Security...

  16. Application distribution model and related security attacks in VANET

    Science.gov (United States)

    Nikaein, Navid; Kanti Datta, Soumya; Marecar, Irshad; Bonnet, Christian

    2013-03-01

    In this paper, we present a model for application distribution and related security attacks in dense vehicular ad hoc networks (VANET) and sparse VANET which forms a delay tolerant network (DTN). We study the vulnerabilities of VANET to evaluate the attack scenarios and introduce a new attacker`s model as an extension to the work done in [6]. Then a VANET model has been proposed that supports the application distribution through proxy app stores on top of mobile platforms installed in vehicles. The steps of application distribution have been studied in detail. We have identified key attacks (e.g. malware, spamming and phishing, software attack and threat to location privacy) for dense VANET and two attack scenarios for sparse VANET. It has been shown that attacks can be launched by distributing malicious applications and injecting malicious codes to On Board Unit (OBU) by exploiting OBU software security holes. Consequences of such security attacks have been described. Finally, countermeasures including the concepts of sandbox have also been presented in depth.

  17. A compressive sensing based secure watermark detection and privacy preserving storage framework.

    Science.gov (United States)

    Qia Wang; Wenjun Zeng; Jun Tian

    2014-03-01

    Privacy is a critical issue when the data owners outsource data storage or processing to a third party computing service, such as the cloud. In this paper, we identify a cloud computing application scenario that requires simultaneously performing secure watermark detection and privacy preserving multimedia data storage. We then propose a compressive sensing (CS)-based framework using secure multiparty computation (MPC) protocols to address such a requirement. In our framework, the multimedia data and secret watermark pattern are presented to the cloud for secure watermark detection in a CS domain to protect the privacy. During CS transformation, the privacy of the CS matrix and the watermark pattern is protected by the MPC protocols under the semi-honest security model. We derive the expected watermark detection performance in the CS domain, given the target image, watermark pattern, and the size of the CS matrix (but without the CS matrix itself). The correctness of the derived performance has been validated by our experiments. Our theoretical analysis and experimental results show that secure watermark detection in the CS domain is feasible. Our framework can also be extended to other collaborative secure signal processing and data-mining applications in the cloud.

  18. Peak misdetection in heart-beat-based security : Characterization and tolerance

    NARCIS (Netherlands)

    Seepers, Robert M; Strydis, Christos; Peris-Lopez, Pedro; Sourdis, Ioannis; De Zeeuw, Chris I

    The Inter-Pulse-Interval (IPI) of heart beats has previously been suggested for security in mobile health (mHealth) applications. In IPI-based security, secure communication is facilitated through a security key derived from the time difference between heart beats. However, there currently exists no

  19. Optimizing a physical security configuration using a highly detailed simulation model

    NARCIS (Netherlands)

    Marechal, T.M.A.; Smith, A.E.; Ustun, V.; Smith, J.S.; Lefeber, A.A.J.; Badiru, A.B.; Thomas, M.U.

    2009-01-01

    This research is focused on using a highly detailed simulation model to create a physical security system to prevent intrusions in a building. Security consists of guards and security cameras. The problem is represented as a binary optimization problem. A new heuristic is proposed to do the security

  20. A Security Monitoring Framework For Virtualization Based HEP Infrastructures

    Science.gov (United States)

    Gomez Ramirez, A.; Martinez Pedreira, M.; Grigoras, C.; Betev, L.; Lara, C.; Kebschull, U.; ALICE Collaboration

    2017-10-01

    High Energy Physics (HEP) distributed computing infrastructures require automatic tools to monitor, analyze and react to potential security incidents. These tools should collect and inspect data such as resource consumption, logs and sequence of system calls for detecting anomalies that indicate the presence of a malicious agent. They should also be able to perform automated reactions to attacks without administrator intervention. We describe a novel framework that accomplishes these requirements, with a proof of concept implementation for the ALICE experiment at CERN. We show how we achieve a fully virtualized environment that improves the security by isolating services and Jobs without a significant performance impact. We also describe a collected dataset for Machine Learning based Intrusion Prevention and Detection Systems on Grid computing. This dataset is composed of resource consumption measurements (such as CPU, RAM and network traffic), logfiles from operating system services, and system call data collected from production Jobs running in an ALICE Grid test site and a big set of malware samples. This malware set was collected from security research sites. Based on this dataset, we will proceed to develop Machine Learning algorithms able to detect malicious Jobs.

  1. Unconditionally secure commitment in position-based quantum cryptography.

    Science.gov (United States)

    Nadeem, Muhammad

    2014-10-27

    A new commitment scheme based on position-verification and non-local quantum correlations is presented here for the first time in literature. The only credential for unconditional security is the position of committer and non-local correlations generated; neither receiver has any pre-shared data with the committer nor does receiver require trusted and authenticated quantum/classical channels between him and the committer. In the proposed scheme, receiver trusts the commitment only if the scheme itself verifies position of the committer and validates her commitment through non-local quantum correlations in a single round. The position-based commitment scheme bounds committer to reveal valid commitment within allocated time and guarantees that the receiver will not be able to get information about commitment unless committer reveals. The scheme works for the commitment of both bits and qubits and is equally secure against committer/receiver as well as against any third party who may have interests in destroying the commitment. Our proposed scheme is unconditionally secure in general and evades Mayers and Lo-Chau attacks in particular.

  2. INFORMATION SECURITY RISK ASSESSMENT USING EXISTING LEGAL AND METHODOLOGICAL BASE

    Directory of Open Access Journals (Sweden)

    A. I. Trubei

    2015-01-01

    Full Text Available The article provides a survey of the existing regulatory framework for information security riskmanagement. Practical methods for information security risk and vulnerability assessment are proposed.

  3. A security mechanism based on evolutionary game in fog computing.

    Science.gov (United States)

    Sun, Yan; Lin, Fuhong; Zhang, Nan

    2018-02-01

    Fog computing is a distributed computing paradigm at the edge of the network and requires cooperation of users and sharing of resources. When users in fog computing open their resources, their devices are easily intercepted and attacked because they are accessed through wireless network and present an extensive geographical distribution. In this study, a credible third party was introduced to supervise the behavior of users and protect the security of user cooperation. A fog computing security mechanism based on human nervous system is proposed, and the strategy for a stable system evolution is calculated. The MATLAB simulation results show that the proposed mechanism can reduce the number of attack behaviors effectively and stimulate users to cooperate in application tasks positively.

  4. Chaotic secure communication based on strong tracking filtering

    International Nuclear Information System (INIS)

    Li Xiongjie; Xu Zhengguo; Zhou Donghua

    2008-01-01

    A scheme for implementing secure communication based on chaotic maps and strong tracking filter (STF) is presented, and a modified STF algorithm with message estimation is developed for the special requirement of chaotic secure communication. At the emitter, the message symbol is modulated by chaotic mapping and is output through a nonlinear function. At the receiver, the driving signal is received and the message symbol is recovered dynamically by the STF with estimation of message symbol. Simulation results of Holmes map demonstrate that when message symbols are binary codes, STF can effectively recover the codes of the message from the noisy chaotic signals. Compared with the extended Kalman filter (EKF), STF has a lower bit error rate

  5. Medical image security using modified chaos-based cryptography approach

    Science.gov (United States)

    Talib Gatta, Methaq; Al-latief, Shahad Thamear Abd

    2018-05-01

    The progressive development in telecommunication and networking technologies have led to the increased popularity of telemedicine usage which involve storage and transfer of medical images and related information so security concern is emerged. This paper presents a method to provide the security to the medical images since its play a major role in people healthcare organizations. The main idea in this work based on the chaotic sequence in order to provide efficient encryption method that allows reconstructing the original image from the encrypted image with high quality and minimum distortion in its content and doesn’t effect in human treatment and diagnosing. Experimental results prove the efficiency of the proposed method using some of statistical measures and robust correlation between original image and decrypted image.

  6. A security mechanism based on evolutionary game in fog computing

    Directory of Open Access Journals (Sweden)

    Yan Sun

    2018-02-01

    Full Text Available Fog computing is a distributed computing paradigm at the edge of the network and requires cooperation of users and sharing of resources. When users in fog computing open their resources, their devices are easily intercepted and attacked because they are accessed through wireless network and present an extensive geographical distribution. In this study, a credible third party was introduced to supervise the behavior of users and protect the security of user cooperation. A fog computing security mechanism based on human nervous system is proposed, and the strategy for a stable system evolution is calculated. The MATLAB simulation results show that the proposed mechanism can reduce the number of attack behaviors effectively and stimulate users to cooperate in application tasks positively.

  7. Secure and Usable Bio-Passwords based on Confidence Interval

    Directory of Open Access Journals (Sweden)

    Aeyoung Kim

    2017-02-01

    Full Text Available The most popular user-authentication method is the password. Many authentication systems try to enhance their security by enforcing a strong password policy, and by using the password as the first factor, something you know, with the second factor being something you have. However, a strong password policy and a multi-factor authentication system can make it harder for a user to remember the password and login in. In this paper a bio-password-based scheme is proposed as a unique authentication method, which uses biometrics and confidence interval sets to enhance the security of the log-in process and make it easier as well. The method offers a user-friendly solution for creating and registering strong passwords without the user having to memorize them. Here we also show the results of our experiments which demonstrate the efficiency of this method and how it can be used to protect against a variety of malicious attacks.

  8. The Theoretical Basis of Modeling the Economic Mechanism of Intellectual Security of Enterprise

    Directory of Open Access Journals (Sweden)

    Puyda Halia V.

    2017-11-01

    Full Text Available The article is aimed at studying the existing scientific approaches to the process of modeling the economic mechanism of intellectual security of enterprise. The author has allocated three approaches: process; based on IDFE0 methodology; system, considering the entities of economic activity as complex systems; and the so-called «information», based on the theory of economic mechanisms. The main features of each of the studied approaches have been disclosed, suggesting to consolidate them to obtain a synergistic effect in the construction of the economic mechanism of intellectual security of enterprises. The basic principles of creation of mechanisms of intellectual security of enterprise have been developed. Also, on the basis of the main postulate of the theory of economic mechanisms – reverse design, the cyclic passes process of designing the economic mechanism of intellectual security of enterprise has been illustrated. That, certainly, does not exhaust the theoretical problematics in the field of modeling the economic mechanisms of intellectual security of enterprise, raising new challenges for further researches.

  9. Exploring Hardware-Based Primitives to Enhance Parallel Security Monitoring in a Novel Computing Architecture

    National Research Council Canada - National Science Library

    Mott, Stephen

    2007-01-01

    This research explores how hardware-based primitives can be implemented to perform security-related monitoring in real-time, offer better security, and increase performance compared to software-based approaches...

  10. Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes

    Directory of Open Access Journals (Sweden)

    Bako Ali

    2018-03-01

    Full Text Available The Internet of Things (IoT is an emerging paradigm focusing on the connection of devices, objects, or “things” to each other, to the Internet, and to users. IoT technology is anticipated to become an essential requirement in the development of smart homes, as it offers convenience and efficiency to home residents so that they can achieve better quality of life. Application of the IoT model to smart homes, by connecting objects to the Internet, poses new security and privacy challenges in terms of the confidentiality, authenticity, and integrity of the data sensed, collected, and exchanged by the IoT objects. These challenges make smart homes extremely vulnerable to different types of security attacks, resulting in IoT-based smart homes being insecure. Therefore, it is necessary to identify the possible security risks to develop a complete picture of the security status of smart homes. This article applies the operationally critical threat, asset, and vulnerability evaluation (OCTAVE methodology, known as OCTAVE Allegro, to assess the security risks of smart homes. The OCTAVE Allegro method focuses on information assets and considers different information containers such as databases, physical papers, and humans. The key goals of this study are to highlight the various security vulnerabilities of IoT-based smart homes, to present the risks on home inhabitants, and to propose approaches to mitigating the identified risks. The research findings can be used as a foundation for improving the security requirements of IoT-based smart homes.

  11. Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes

    Science.gov (United States)

    2018-01-01

    The Internet of Things (IoT) is an emerging paradigm focusing on the connection of devices, objects, or “things” to each other, to the Internet, and to users. IoT technology is anticipated to become an essential requirement in the development of smart homes, as it offers convenience and efficiency to home residents so that they can achieve better quality of life. Application of the IoT model to smart homes, by connecting objects to the Internet, poses new security and privacy challenges in terms of the confidentiality, authenticity, and integrity of the data sensed, collected, and exchanged by the IoT objects. These challenges make smart homes extremely vulnerable to different types of security attacks, resulting in IoT-based smart homes being insecure. Therefore, it is necessary to identify the possible security risks to develop a complete picture of the security status of smart homes. This article applies the operationally critical threat, asset, and vulnerability evaluation (OCTAVE) methodology, known as OCTAVE Allegro, to assess the security risks of smart homes. The OCTAVE Allegro method focuses on information assets and considers different information containers such as databases, physical papers, and humans. The key goals of this study are to highlight the various security vulnerabilities of IoT-based smart homes, to present the risks on home inhabitants, and to propose approaches to mitigating the identified risks. The research findings can be used as a foundation for improving the security requirements of IoT-based smart homes. PMID:29518023

  12. Modeling Turkey’s future LNG supply security strategy

    International Nuclear Information System (INIS)

    Efe Biresselioglu, Mehmet; Hakan Demir, Muhittin; Kandemir, Cansu

    2012-01-01

    Turkey was among those countries which decided to increase its natural gas consumption in the 1990s, due to its relative low cost and lack of impact on the environment. However, a heavy dependence on imports, from Algeria, Qatar and Nigeria, respectively, creates a threat to energy security, both in terms of source and supply diversity. Accordingly, we follow an analytical approach to identify the accuracy of our assumption, considering the current economic, political and security risk. To this end, we formulate and solve a mixed integer programming model that determines the optimal sourcing strategy for Turkey’s increasing LNG demand. This model demonstrates a number of alternative policy options for LNG supply. Furthermore, we consider that increasing the proportion of LNG in the overall gas supply will contribute to the aim of improving Turkey’s level of energy security. - Highlights: ► Turkey’s best policy option is to increase the share of LNG. ► Turkey’s main suppliers of LNG will be Algeria, Egypt, Nigeria, and Trinidad and Tobago. ► Norway, Libya, and Oman contribute to the supply with rather smaller shares. ► With high risk scenario Algeria, Egypt, Nigeria and Libya will not be suppliers. ► Oman and Qatar will cover; even though they are high-cost suppliers.

  13. Modeling Security-Enhanced Linux Policy Specifications for Analysis (Preprint)

    National Research Council Canada - National Science Library

    Archer, Myla; Leonard, Elizabeth; Pradella, Matteo

    2003-01-01

    Security-Enhanced (SE) Linux is a modification of Linux initially released by NSA in January 2001 that provides a language for specifying Linux security policies and, as in the Flask architecture, a security server...

  14. Security requirements engineering : the SI* modeling language and the Secure Tropos methodology

    NARCIS (Netherlands)

    Massacci, F.; Mylopoulos, J.; Zannone, N.; Ras, Z.W.; Tsay, L.-S.

    2010-01-01

    Security Requirements Engineering is an emerging field which lies at the crossroads of Security and Software Engineering. Much research has focused on this field in recent years, spurred by the realization that security must be dealt with in the earliest phases of the software development process as

  15. Future consumer mobile phone security : a case study using the data centric security model

    NARCIS (Netherlands)

    van Cleeff, A.

    2008-01-01

    In the interconnected world that we live in, traditional security barriers are broken down. Developments such as outsourcing, increased usage of mobile devices and wireless networks each cause new security problems. To address the new security threats, a number of solutions have been suggested,

  16. DESIGN MODELING OF A UNIVERSITY’S COMPREHENSIVE-INTEGRATED SECURITY SYSTEM

    Directory of Open Access Journals (Sweden)

    Marina V. Dulyasova

    2017-03-01

    Full Text Available Introduction: the safety of higher education institutions is considered to be of great importance nowadays. Security challenges need to be addressed through a comprehensive and integrative approach. This approach provides neutralisation of various threats systemically, risk prevention, minimisation of the tangible and moral harm. The project concept of “safe university” is proposed and substantiated for the above-mentioned purposes. Materials and Methods: the authors used a special literature survey on the issue, which is divided into three main groups of publications, where the complex security of educational institutions is considered in the context of the general theory of security, in the educational-methodical plan and within the framework of sociological, psychological and pedagogical approaches. The legislative and regulatory sources also indicated, legislative and regulatory legal acts reviews, “Safe City” concept, National standard “Information security technologies: complex and integrated ones. Standard requirements to architecture and technologies of intellectual systems of monitoring for safety of the companies and the territories” (State standard specification P 56875-2016, documents of higher education institutions, media reports. The analysis and generalisation of information was coupled with project modeling of the new comprehensive system of higher education institution security. Results: the authors introduce the concept, architecture and model of the comprehensive integrated higher education institution security, monitoring based on measures and indicators pertaining to implementation of standard requirements and level of satisfaction with safety, evaluation of the taken measures in terms of efficiency. Discussion and Conclusions: the main contours of the model for comprehensive integrated security system in a higher education institution and algorithm of interaction between the subjects are determined. These

  17. DNA-based random number generation in security circuitry.

    Science.gov (United States)

    Gearheart, Christy M; Arazi, Benjamin; Rouchka, Eric C

    2010-06-01

    DNA-based circuit design is an area of research in which traditional silicon-based technologies are replaced by naturally occurring phenomena taken from biochemistry and molecular biology. This research focuses on further developing DNA-based methodologies to mimic digital data manipulation. While exhibiting fundamental principles, this work was done in conjunction with the vision that DNA-based circuitry, when the technology matures, will form the basis for a tamper-proof security module, revolutionizing the meaning and concept of tamper-proofing and possibly preventing it altogether based on accurate scientific observations. A paramount part of such a solution would be self-generation of random numbers. A novel prototype schema employs solid phase synthesis of oligonucleotides for random construction of DNA sequences; temporary storage and retrieval is achieved through plasmid vectors. A discussion of how to evaluate sequence randomness is included, as well as how these techniques are applied to a simulation of the random number generation circuitry. Simulation results show generated sequences successfully pass three selected NIST random number generation tests specified for security applications.

  18. HMM-based Trust Model

    DEFF Research Database (Denmark)

    ElSalamouny, Ehab; Nielsen, Mogens; Sassone, Vladimiro

    2010-01-01

    Probabilistic trust has been adopted as an approach to taking security sensitive decisions in modern global computing environments. Existing probabilistic trust frameworks either assume fixed behaviour for the principals or incorporate the notion of ‘decay' as an ad hoc approach to cope...... with their dynamic behaviour. Using Hidden Markov Models (HMMs) for both modelling and approximating the behaviours of principals, we introduce the HMM-based trust model as a new approach to evaluating trust in systems exhibiting dynamic behaviour. This model avoids the fixed behaviour assumption which is considered...... the major limitation of existing Beta trust model. We show the consistency of the HMM-based trust model and contrast it against the well known Beta trust model with the decay principle in terms of the estimation precision....

  19. Reconfigurable Secure Video Codec Based on DWT and AES Processor

    Directory of Open Access Journals (Sweden)

    Rached Tourki

    2010-01-01

    Full Text Available In this paper, we proposed a secure video codec based on the discrete wavelet transformation (DWT and the Advanced Encryption Standard (AES processor. Either, use of video coding with DWT or encryption using AES is well known. However, linking these two designs to achieve secure video coding is leading. The contributions of our work are as follows. First, a new method for image and video compression is proposed. This codec is a synthesis of JPEG and JPEG2000,which is implemented using Huffman coding to the JPEG and DWT to the JPEG2000. Furthermore, an improved motion estimation algorithm is proposed. Second, the encryptiondecryption effects are achieved by the AES processor. AES is aim to encrypt group of LL bands. The prominent feature of this method is an encryption of LL bands by AES-128 (128-bit keys, or AES-192 (192-bit keys, or AES-256 (256-bit keys.Third, we focus on a method that implements partial encryption of LL bands. Our approach provides considerable levels of security (key size, partial encryption, mode encryption, and has very limited adverse impact on the compression efficiency. The proposed codec can provide up to 9 cipher schemes within a reasonable software cost. Latency, correlation, PSNR and compression rate results are analyzed and shown.

  20. Security on Cloud Revocation Authority using Identity Based Encryption

    Science.gov (United States)

    Rajaprabha, M. N.

    2017-11-01

    As due to the era of cloud computing most of the people are saving there documents, files and other things on cloud spaces. Due to this security over the cloud is also important because all the confidential things are there on the cloud. So to overcome private key infrastructure (PKI) issues some revocable Identity Based Encryption (IBE) techniques are introduced which eliminates the demand of PKI. The technique introduced is key update cloud service provider which is having two issues in it and they are computation and communication cost is high and second one is scalability issue. So to overcome this problem we come along with the system in which the Cloud Revocation Authority (CRA) is there for the security which will only hold the secret key for each user. And the secret key was send with the help of advanced encryption standard security. The key is encrypted and send to the CRA for giving the authentication to the person who wants to share the data or files or for the communication purpose. Through that key only the other user will able to access that file and if the user apply some invalid key on the particular file than the information of that user and file is send to the administrator and administrator is having rights to block that person of black list that person to use the system services.

  1. Telemedicine with integrated data security in ATM-based networks

    Science.gov (United States)

    Thiel, Andreas; Bernarding, Johannes; Kurth, Ralf; Wenzel, Rudiger; Villringer, Arno; Tolxdorff, Thomas

    1997-05-01

    Telemedical services rely on the digital transfer of large amounts of data in a short time. The acceptance of these services requires therefore new hard- and software concepts. The fast exchange of data is well performed within a high- speed ATM-based network. The fast access to the data from different platforms imposes more difficult problems, which may be divided into those relating to standardized data formats and those relating to different levels of data security across nations. For a standardized access to the formats and those relating to different levels of data security across nations. For a standardized access to the image data, a DICOM 3.0 server was implemented.IMages were converted into the DICOM 3.0 standard if necessary. The access to the server is provided by an implementation of DICOM in JAVA allowing access to the data from different platforms. Data protection measures to ensure the secure transfer of sensitive patient data are not yet solved within the DICOM concept. We investigated different schemes to protect data using the DICOM/JAVA modality with as little impact on data transfer speed as possible.

  2. Modeling the transient security constraints of natural gas network in day-ahead power system scheduling

    DEFF Research Database (Denmark)

    Yang, Jingwei; Zhang, Ning; Kang, Chongqing

    2017-01-01

    The rapid deployment of gas-fired generating units makes the power system more vulnerable to failures in the natural gas system. To reduce the risk of gas system failure and to guarantee the security of power system operation, it is necessary to take the security constraints of natural gas...... accurately, they are hard to be embedded into the power system scheduling model, which consists of algebraic equations and inequations. This paper addresses this dilemma by proposing an algebraic transient model of natural gas network which is similar to the branch-node model of power network. Based...... pipelines into account in the day-ahead power generation scheduling model. However, the minute- and hour-level dynamic characteristics of gas systems prevents an accurate decision-making simply with the steady-state gas flow model. Although the partial differential equations depict the dynamics of gas flow...

  3. Towards an Enhancement of Organizational Information Security through Threat Factor Profiling (TFP) Model

    Science.gov (United States)

    Sidi, Fatimah; Daud, Maslina; Ahmad, Sabariah; Zainuddin, Naqliyah; Anneisa Abdullah, Syafiqa; Jabar, Marzanah A.; Suriani Affendey, Lilly; Ishak, Iskandar; Sharef, Nurfadhlina Mohd; Zolkepli, Maslina; Nur Majdina Nordin, Fatin; Amat Sejani, Hashimah; Ramadzan Hairani, Saiful

    2017-09-01

    Information security has been identified by organizations as part of internal operations that need to be well implemented and protected. This is because each day the organizations face a high probability of increase of threats to their networks and services that will lead to information security issues. Thus, effective information security management is required in order to protect their information assets. Threat profiling is a method that can be used by an organization to address the security challenges. Threat profiling allows analysts to understand and organize intelligent information related to threat groups. This paper presents a comparative analysis that was conducted to study the existing threat profiling models. It was found that existing threat models were constructed based on specific objectives, thus each model is limited to only certain components or factors such as assets, threat sources, countermeasures, threat agents, threat outcomes and threat actors. It is suggested that threat profiling can be improved by the combination of components found in each existing threat profiling model/framework. The proposed model can be used by an organization in executing a proactive approach to incident management.

  4. Security of Heterogeneous Content in Cloud Based Library Information Systems Using an Ontology Based Approach

    Directory of Open Access Journals (Sweden)

    Mihai DOINEA

    2014-01-01

    Full Text Available As in any domain that involves the use of software, the library information systems take advantages of cloud computing. The paper highlights the main aspect of cloud based systems, describing some public solutions provided by the most important players on the market. Topics related to content security in cloud based services are tackled in order to emphasize the requirements that must be met by these types of systems. A cloud based implementation of an Information Library System is presented and some adjacent tools that are used together with it to provide digital content and metadata links are described. In a cloud based Information Library System security is approached by means of ontologies. Aspects such as content security in terms of digital rights are presented and a methodology for security optimization is proposed.

  5. Security in a Web 2.0+ World A Standards Based Approach

    CERN Document Server

    Solari , Carlos Curtis

    2010-01-01

    Discover how technology is affecting your business, and why typical security mechanisms are failing to address the issue of risk and trust. Security for a Web 2.0+ World looks at the perplexing issues of cyber security, and will be of interest to those who need to know how to make effective security policy decisions to engineers who design ICT systems - a guide to information security and standards in the Web 2.0+ era. It provides an understanding of IT security in the converged world of communications technology based on the Internet Protocol. Many companies are currently applying security mo

  6. OpenID connect as a security service in Cloud-based diagnostic imaging systems

    Science.gov (United States)

    Ma, Weina; Sartipi, Kamran; Sharghi, Hassan; Koff, David; Bak, Peter

    2015-03-01

    The evolution of cloud computing is driving the next generation of diagnostic imaging (DI) systems. Cloud-based DI systems are able to deliver better services to patients without constraining to their own physical facilities. However, privacy and security concerns have been consistently regarded as the major obstacle for adoption of cloud computing by healthcare domains. Furthermore, traditional computing models and interfaces employed by DI systems are not ready for accessing diagnostic images through mobile devices. RESTful is an ideal technology for provisioning both mobile services and cloud computing. OpenID Connect, combining OpenID and OAuth together, is an emerging REST-based federated identity solution. It is one of the most perspective open standards to potentially become the de-facto standard for securing cloud computing and mobile applications, which has ever been regarded as "Kerberos of Cloud". We introduce OpenID Connect as an identity and authentication service in cloud-based DI systems and propose enhancements that allow for incorporating this technology within distributed enterprise environment. The objective of this study is to offer solutions for secure radiology image sharing among DI-r (Diagnostic Imaging Repository) and heterogeneous PACS (Picture Archiving and Communication Systems) as well as mobile clients in the cloud ecosystem. Through using OpenID Connect as an open-source identity and authentication service, deploying DI-r and PACS to private or community clouds should obtain equivalent security level to traditional computing model.

  7. Systems Security Engineering Capability Maturity Model (SSECMM), Model Description, Version 1.1

    National Research Council Canada - National Science Library

    1997-01-01

    This document is designed to acquaint the reader with the SSE-CMM Project as a whole and present the project's major work product - the Systems Security Engineering Capability Maturity Model (SSE- CMM...

  8. Network secure communications based on beam halo-chaos

    International Nuclear Information System (INIS)

    Liu Qiang; Fang Jinqing; Li Yong

    2010-01-01

    Based on beam halo-chaos synchronization in the beam transport network (line)with small-world effect, using three synchronization methods:the driver-response synchronization, small-world topology coupling synchronization and multi-local small-world topology coupling synchronization, three kinds of secure communication projects were designed respectively, and were studied numerically by the Simulink tool of the Matlab software. Numerical experimental results demonstrate that encryption and decryption of the original signal are realized successfully. It provides effective theoretical foundation and reference for the next engineering design and network experiment. (authors)

  9. Secure and Usable Bio-Passwords based on Confidence Interval

    OpenAIRE

    Aeyoung Kim; Geunshik Han; Seung-Hyun Seo

    2017-01-01

    The most popular user-authentication method is the password. Many authentication systems try to enhance their security by enforcing a strong password policy, and by using the password as the first factor, something you know, with the second factor being something you have. However, a strong password policy and a multi-factor authentication system can make it harder for a user to remember the password and login in. In this paper a bio-password-based scheme is proposed as a unique authenticatio...

  10. IEC-based neutron generator for security inspection system

    International Nuclear Information System (INIS)

    Miley, G.H.; Wu, L.; Kim, H.J.

    2005-01-01

    Use of a combined X-ray and neutron source for security inspections based on Inertial Electrostatic Confinement (IEC) fusion is discussed. Current inspection systems typically use X-ray techniques, but thermal neutron analysis (TNA) and fast neutron analysis (FNA), allow expanded detection of certain types of explosives. The integrated unit proposed here uses three separate IEC sources producing 14 and 2.45 MeV neutrons plus soft X-rays. This combination allows multiple detection methods with the composite signal analysis being done by a fuzzy logic system, significantly reducing false signals. (author)

  11. Resilience of chemical industrial areas through attenuation-based security

    International Nuclear Information System (INIS)

    Reniers, G.L.L.; Sörensen, K.; Khan, F.; Amyotte, P.

    2014-01-01

    This paper investigates the possibility of attenuation-based security within chemical industrial areas. Representing chemical industrial areas as mathematical networks, we prove by case-study that the resilience to disaster of such areas may follow a power-law distribution. Furthermore, we examine what happens to the network when highly hazardous installations would be intelligently protected against malicious acts: the network disintegrates into separate smaller networks. Hence, islands are formed with no escalation danger in between. We conclude that it is possible to protect chemical industrial areas in such a way that they are more resilient against terrorism

  12. Modelling of Security Principles Within Car-to-Car Communications in Modern Cooperative Intelligent Transportation Systems

    Directory of Open Access Journals (Sweden)

    Jan Durech

    2016-01-01

    Full Text Available Intelligent transportation systems (ITS bring advanced applications that provide innovative services for various transportation modes in the area of traffic control, and enable better awareness for different users. Communication connections between intelligent vehicles with the use of wireless communication standards, so called Vehicular Ad Hoc Networks (VANETs, require ensuring verification of validity of provided services as well as services related to transmission confidentiality and integrity. The goal of this paper is to analyze secure mechanisms utilised in VANET communication within Cooperative Intelligent Transportation Systems (C-ITS with a focus on safety critical applications. The practical part of the contribution is dedicated to modelling of security properties of VANET networks via OPNET Modeler tool extended by the implementation of the OpenSSL library for authentication protocol realisation based on digital signature schemes. The designed models simulate a transmission of authorised alert messages in Car-to-Car communication for several traffic scenarios with recommended Elliptic Curve Integrated Encryption Scheme (ECIES. The obtained results of the throughput and delay in the simulated network are compared for secured and no-secured communications in dependence on the selected digital signature schemes and the number of mobile nodes. The OpenSSL library has also been utilised for the comparison of time demandingness of digital signature schemes based on RSA (Rivest Shamir Adleman, DSA (Digital Signature Algorithm and ECDSA (Elliptic Curve Digital Signature Algorithm for different key-lengths suitable for real time VANET communications for safety-critical applications of C-ITS.

  13. SECURE SERVICE DISCOVERY BASED ON PROBE PACKET MECHANISM FOR MANETS

    Directory of Open Access Journals (Sweden)

    S. Pariselvam

    2015-03-01

    Full Text Available In MANETs, Service discovery process is always considered to be crucial since they do not possess a centralized infrastructure for communication. Moreover, different services available through the network necessitate varying categories. Hence, a need arises for devising a secure probe based service discovery mechanism to reduce the complexity in providing the services to the network users. In this paper, we propose a Secure Service Discovery Based on Probe Packet Mechanism (SSDPPM for identifying the DoS attack in MANETs, which depicts a new approach for estimating the level of trust present in each and every routing path of a mobile ad hoc network by using probe packets. Probing based service discovery mechanisms mainly identifies a mobile node’s genuineness using a test packet called probe that travels the entire network for the sake of computing the degree of trust maintained between the mobile nodes and it’s attributed impact towards the network performance. The performance of SSDPPM is investigated through a wide range of network related parameters like packet delivery, throughput, Control overhead and total overhead using the version ns-2.26 network simulator. This mechanism SSDPPM, improves the performance of the network in an average by 23% and 19% in terms of packet delivery ratio and throughput than the existing service discovery mechanisms available in the literature.

  14. Decision Model for U.S.- Mexico Border Security Measures

    Science.gov (United States)

    2017-09-01

    missions that the I&A focuses on is, “border security, including narcotics smuggling, alien and human smuggling, and money laundering ...and money assigned to border security investments. 14. SUBJECT TERMS Department of Homeland Security (DHS), border security, U.S.–Mexico border...and money assigned to border security investments. vi THIS PAGE INTENTIONALLY LEFT BLANK vii TABLE OF CONTENTS I. INTRODUCTION

  15. Information Security Behavioral Model: Towards Employees' Knowledge and Attitude

    OpenAIRE

    Mishra, Saurabh; Snehlata, Snehlata; Srivastava, Anjali

    2014-01-01

    Information Security has become a significant concern for today's organizations. The internal security threats acts as the most curtail type of security threat within an organization. These internal security threats are a result of poor conduct of security behavior by the employees within an organization. If not deal properly, it may hamper the auditing of organization. Auditing plays an important role in the business environment. Before conducting auditing it is essential to examine the beha...

  16. Information Security Role Model for Staff of Banking Structures

    Directory of Open Access Journals (Sweden)

    A. O. Vybornov

    2012-12-01

    Full Text Available Categories roles of information security employees of the banking organization are defined. Functional roles are described. The relationship between functional roles, employees, functions and authority are defined. The role of information security employees of the banking organization for information security system and information security management system are described. Recommendations for the implementation phases of the selection and appointment of the functional roles and to control the selection and role assignment information security employees of the banking organization are stated.

  17. From Wireless Sensor Networks to Wireless Body Area Networks: Formal Modeling and Verification on Security Using PAT

    Directory of Open Access Journals (Sweden)

    Tieming Chen

    2016-01-01

    Full Text Available Model checking has successfully been applied on verification of security protocols, but the modeling process is always tedious and proficient knowledge of formal method is also needed although the final verification could be automatic depending on specific tools. At the same time, due to the appearance of novel kind of networks, such as wireless sensor networks (WSN and wireless body area networks (WBAN, formal modeling and verification for these domain-specific systems are quite challenging. In this paper, a specific and novel formal modeling and verification method is proposed and implemented using an expandable tool called PAT to do WSN-specific security verification. At first, an abstract modeling data structure for CSP#, which is built in PAT, is developed to support the node mobility related specification for modeling location-based node activity. Then, the traditional Dolev-Yao model is redefined to facilitate modeling of location-specific attack behaviors on security mechanism. A throughout formal verification application on a location-based security protocol in WSN is described in detail to show the usability and effectiveness of the proposed methodology. Furthermore, also a novel location-based authentication security protocol in WBAN can be successfully modeled and verified directly using our method, which is, to the best of our knowledge, the first effort on employing model checking for automatic analysis of authentication protocol for WBAN.

  18. Security Framework for Agent-Based Cloud Computing

    Directory of Open Access Journals (Sweden)

    K Venkateshwaran

    2015-06-01

    Full Text Available Agent can play a key role in bringing suitable cloud services to the customer based on their requirements. In agent based cloud computing, agent does negotiation, coordination, cooperation and collaboration on behalf of the customer to make the decisions in efficient manner. However the agent based cloud computing have some security issues like (a. addition of malicious agent in the cloud environment which could demolish the process by attacking other agents, (b. denial of service by creating flooding attacks on other involved agents. (c. Some of the exceptions in the agent interaction protocol such as Not-Understood and Cancel_Meta protocol can be misused and may lead to terminating the connection of all the other agents participating in the negotiating services. Also, this paper proposes algorithms to solve these issues to ensure that there will be no intervention of any malicious activities during the agent interaction.

  19. 75 FR 68560 - Prohibition Against Fraud, Manipulation, and Deception in Connection With Security-Based Swaps

    Science.gov (United States)

    2010-11-08

    ... 3235-AK77 Prohibition Against Fraud, Manipulation, and Deception in Connection With Security-Based... fraud, manipulation, and deception in connection with the offer, purchase or sale of any security-based... measured and reasonable means to prevent fraud, manipulation, and deception in connection with security...

  20. 75 FR 65881 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

    Science.gov (United States)

    2010-10-26

    ... it determines they are necessary or appropriate to improve the governance of, or to mitigate systemic... Part IV Securities and Exchange Commission 17 CFR Part 242 Ownership Limitations and Governance... Ownership Limitations and Governance Requirements for Security- Based Swap Clearing Agencies, Security-Based...

  1. Cooperative Monitoring Center Occasional Paper/7: A Generic Model for Cooperative Border Security

    Energy Technology Data Exchange (ETDEWEB)

    Netzer, Colonel Gideon

    1999-03-01

    This paper presents a generic model for dealing with security problems along borders between countries. It presents descriptions and characteristics of various borders and identifies the threats to border security, while emphasizing cooperative monitoring solutions.

  2. Game Based Cyber Security Training: are Serious Games suitable for cyber security training?

    Directory of Open Access Journals (Sweden)

    Maurice Hendrix

    2016-03-01

    Full Text Available Security research and training is attracting a lot of investment and interest from governments and the private sector. Most efforts have focused on physical security, while cyber security or digital security has been given less importance. With recent high-profile attacks it has become clear that training in cyber security is needed. Serious Games have the capability to be effective tools for public engagement and behavioural change and role play games, are already used by security professionals. Thus cyber security seems especially well-suited to Serious Games. This paper investigates whether games can be effective cyber security training tools. The study is conducted by means of a structured literature review supplemented with a general web search.While there are early positive indications there is not yet enough evidence to draw any definite conclusions. There is a clear gap in target audience with almost all products and studies targeting the general public and very little attention given to IT professionals and managers. The products and studies also mostly work over a short period, while it is known that short-term interventions are not particularly effective at affecting behavioural change.

  3. Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model.

    Science.gov (United States)

    Moghaddasi, Hamid; Sajjadi, Samad; Kamkarhaghighi, Mehran

    2016-01-01

    Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. The "data security models" presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the "needs and improvement" cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced.

  4. Perceptual security of encrypted images based on wavelet scaling analysis

    Science.gov (United States)

    Vargas-Olmos, C.; Murguía, J. S.; Ramírez-Torres, M. T.; Mejía Carlos, M.; Rosu, H. C.; González-Aguilar, H.

    2016-08-01

    The scaling behavior of the pixel fluctuations of encrypted images is evaluated by using the detrended fluctuation analysis based on wavelets, a modern technique that has been successfully used recently for a wide range of natural phenomena and technological processes. As encryption algorithms, we use the Advanced Encryption System (AES) in RBT mode and two versions of a cryptosystem based on cellular automata, with the encryption process applied both fully and partially by selecting different bitplanes. In all cases, the results show that the encrypted images in which no understandable information can be visually appreciated and whose pixels look totally random present a persistent scaling behavior with the scaling exponent α close to 0.5, implying no correlation between pixels when the DFA with wavelets is applied. This suggests that the scaling exponents of the encrypted images can be used as a perceptual security criterion in the sense that when their values are close to 0.5 (the white noise value) the encrypted images are more secure also from the perceptual point of view.

  5. A MEMS-based, wireless, biometric-like security system

    Science.gov (United States)

    Cross, Joshua D.; Schneiter, John L.; Leiby, Grant A.; McCarter, Steven; Smith, Jeremiah; Budka, Thomas P.

    2010-04-01

    We present a system for secure identification applications that is based upon biometric-like MEMS chips. The MEMS chips have unique frequency signatures resulting from fabrication process variations. The MEMS chips possess something analogous to a "voiceprint". The chips are vacuum encapsulated, rugged, and suitable for low-cost, highvolume mass production. Furthermore, the fabrication process is fully integrated with standard CMOS fabrication methods. One is able to operate the MEMS-based identification system similarly to a conventional RFID system: the reader (essentially a custom network analyzer) detects the power reflected across a frequency spectrum from a MEMS chip in its vicinity. We demonstrate prototype "tags" - MEMS chips placed on a credit card-like substrate - to show how the system could be used in standard identification or authentication applications. We have integrated power scavenging to provide DC bias for the MEMS chips through the use of a 915 MHz source in the reader and a RF-DC conversion circuit on the tag. The system enables a high level of protection against typical RFID hacking attacks. There is no need for signal encryption, so back-end infrastructure is minimal. We believe this system would make a viable low-cost, high-security system for a variety of identification and authentication applications.

  6. A computer model for identifying security system upgrades

    International Nuclear Information System (INIS)

    Lamont, A.

    1988-01-01

    This paper describes a prototype safeguards analysis tool that automatically identifies system weaknesses against an insider adversary and suggest possible upgrades to improve the probability that the adversary will be detected. The tool is based on this premise: as the adversary acts, he or she creates a set of facts that can be detected by safeguards components. Whenever an adversary's planned set of actions create a set of facts which the security personnel would consider irregular or unusual, we can improve the security system by implementing safeguards that detect those facts. Therefore, an intelligent computer program can suggest upgrades to the facility if we construct a knowledge base that contains information about: (1) the facts created by each possible adversary action, (2) the facts that each possible safeguard can detect, and (3) groups of facts which will be considered irregular whenever they occur together. The authors describe the structure of the knowledge base and show how the above information can be represented in it. They also describe the procedures that a computer program can use to identify missing or weak safeguards and to suggest upgrades

  7. Risk-informed, performance-based safety-security interface

    International Nuclear Information System (INIS)

    Mrowca, B.; Eltawila, F.

    2012-01-01

    Safety-security interface is a term that is used as part of the commercial nuclear power security framework to promote coordination of the many potentially adverse interactions between plant security and plant safety. Its object is to prevent the compromise of either. It is also used to describe the concept of building security into a plant's design similar to the long standing practices used for safety therefore reducing the complexity of the operational security while maintaining or enhancing overall security. With this in mind, the concept of safety-security interface, when fully implemented, can influence a plant's design, operation and maintenance. It brings the approach use for plant security to one that is similar to that used for safety. Also, as with safety, the application of risk-informed techniques to fully implement and integrate safety and security is important. Just as designers and operators have applied these techniques to enhance and focus safety, these same techniques can be applied to security to not only enhance and focus the security but also to aid in the implementation of effective techniques to address the safety-security interfaces. Implementing this safety-security concept early within the design process can prevent or reduce security vulnerabilities through low cost solutions that often become difficult and expensive to retrofit later in the design and/or post construction period. These security considerations address many of the same issues as safety in ensuring that the response of equipment and plant personnel are adequate. That is, both safety and security are focused on reaching safe shutdown and preventing radiological release. However, the initiation of challenges and the progression of actions in response these challenges and even the definitions of safe shutdown can be considerably different. This paper explores the techniques and limitations that are employed to fully implement a risk-informed, safety-security interface

  8. A Source Anonymity-Based Lightweight Secure AODV Protocol for Fog-Based MANET.

    Science.gov (United States)

    Fang, Weidong; Zhang, Wuxiong; Xiao, Jinchao; Yang, Yang; Chen, Wei

    2017-06-17

    Fog-based MANET (Mobile Ad hoc networks) is a novel paradigm of a mobile ad hoc network with the advantages of both mobility and fog computing. Meanwhile, as traditional routing protocol, ad hoc on-demand distance vector (AODV) routing protocol has been applied widely in fog-based MANET. Currently, how to improve the transmission performance and enhance security are the two major aspects in AODV's research field. However, the researches on joint energy efficiency and security seem to be seldom considered. In this paper, we propose a source anonymity-based lightweight secure AODV (SAL-SAODV) routing protocol to meet the above requirements. In SAL-SAODV protocol, source anonymous and secure transmitting schemes are proposed and applied. The scheme involves the following three parts: the source anonymity algorithm is employed to achieve the source node, without being tracked and located; the improved secure scheme based on the polynomial of CRC-4 is applied to substitute the RSA digital signature of SAODV and guarantee the data integrity, in addition to reducing the computation and energy consumption; the random delayed transmitting scheme (RDTM) is implemented to separate the check code and transmitted data, and achieve tamper-proof results. The simulation results show that the comprehensive performance of the proposed SAL-SAODV is a trade-off of the transmission performance, energy efficiency, and security, and better than AODV and SAODV.

  9. OpenID Connect as a security service in cloud-based medical imaging systems.

    Science.gov (United States)

    Ma, Weina; Sartipi, Kamran; Sharghigoorabi, Hassan; Koff, David; Bak, Peter

    2016-04-01

    The evolution of cloud computing is driving the next generation of medical imaging systems. However, privacy and security concerns have been consistently regarded as the major obstacles for adoption of cloud computing by healthcare domains. OpenID Connect, combining OpenID and OAuth together, is an emerging representational state transfer-based federated identity solution. It is one of the most adopted open standards to potentially become the de facto standard for securing cloud computing and mobile applications, which is also regarded as "Kerberos of cloud." We introduce OpenID Connect as an authentication and authorization service in cloud-based diagnostic imaging (DI) systems, and propose enhancements that allow for incorporating this technology within distributed enterprise environments. The objective of this study is to offer solutions for secure sharing of medical images among diagnostic imaging repository (DI-r) and heterogeneous picture archiving and communication systems (PACS) as well as Web-based and mobile clients in the cloud ecosystem. The main objective is to use OpenID Connect open-source single sign-on and authorization service and in a user-centric manner, while deploying DI-r and PACS to private or community clouds should provide equivalent security levels to traditional computing model.

  10. From Paper-based to Electronic Securities Posttrading

    DEFF Research Database (Denmark)

    Rapp, Hermann; Parisi, Cristiana

    centuries old business practices in the investment industry. This study focuses on CREST, a leading settlement infrastructure that facilitated the leap from paper-based to electronic post-trading in London. In 1993 it started as a project of the Bank of England, and today, CREST is operated by Euroclear......Over recent decades, securities post-trading has seen a radical change from paper-based to electronic procedures. Technological advances have facilitated digitisation as a global trend. While in the investment industry technology has also been a key driver for financial automation since the late...... United Kingdom & Ireland (EUI). Research objectives of this study are to investigate the industry context, how the CREST project was managed and introduced at a time of crisis, how the technology was designed, and its impact on financial markets and today’s UK and European infrastructure. Twenty...

  11. Query translation for XPath-based security views

    NARCIS (Netherlands)

    Vercammen, R.; Hidders, A.J.H.; Paredaens, J.; Grust, T.; Hopfner, H.; Illarramendi, A.

    2006-01-01

    Since XML is used as a storage format in an increasing number of applications, security has become an important issue in XML databases. One aspect of security is restricting access to data by certain users. This can, for example, be achieved by means of access rules or XML security views, which

  12. A cooperative model for IS security risk management in distributed environment.

    Science.gov (United States)

    Feng, Nan; Zheng, Chundong

    2014-01-01

    Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

  13. COORDINATION IN MULTILEVEL NETWORK-CENTRIC CONTROL SYSTEMS OF REGIONAL SECURITY: APPROACH AND FORMAL MODEL

    Directory of Open Access Journals (Sweden)

    A. V. Masloboev

    2015-01-01

    Full Text Available The paper deals with development of methods and tools for mathematical and computer modeling of the multilevel network-centric control systems of regional security. This research is carried out under development strategy implementation of the Arctic zone of the Russian Federation and national safeguarding for the period before 2020 in the Murmansk region territory. Creation of unified interdepartmental multilevel computer-aided system is proposed intended for decision-making information support and socio-economic security monitoring of the Arctic regions of Russia. The distinctive features of the investigated system class are openness, self-organization, decentralization of management functions and decision-making, weak hierarchy in the decision-making circuit and goal generation capability inside itself. Research techniques include functional-target approach, mathematical apparatus of multilevel hierarchical system theory and principles of network-centric control of distributed systems with pro-active components and variable structure. The work considers network-centric management local decisions coordination problem-solving within the multilevel distributed systems intended for information support of regional security. The coordination problem-solving approach and problem formalization in the multilevel network-centric control systems of regional security have been proposed based on developed multilevel recurrent hierarchical model of regional socio-economic system complex security. The model provides coordination of regional security indexes, optimized by the different elements of multilevel control systems, subject to decentralized decision-making. The model specificity consists in application of functional-target technology and mathematical apparatus of multilevel hierarchical system theory for coordination procedures implementation of the network-centric management local decisions. The work-out and research results can find further

  14. Reputation-Based Internet Protocol Security: A Multilayer Security Framework for Mobile Ad Hoc Networks

    Science.gov (United States)

    2010-09-01

    motivated research in behavior grading systems [56]. Peer-to-peer eCommerce appli- cations such as eBay, Amazon, uBid, and Yahoo have performed research that...Security in Mobile Ad Hoc Networks”. IEEE Security & Privacy , 72–75, 2008. 15. Chakeres, ID and EM Belding-Royer. “AODV Routing Protocol Implementa...Detection System”. Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy , 240–250. 1992. 21. Devore, J.L. and N.R. Farnum

  15. A Secure Network Coding Based on Broadcast Encryption in SDN

    Directory of Open Access Journals (Sweden)

    Yue Chen

    2016-01-01

    Full Text Available By allowing intermediate nodes to encode the received packets before sending them out, network coding improves the capacity and robustness of multicast applications. But it is vulnerable to the pollution attacks. Some signature schemes were proposed to thwart such attacks, but most of them need to be homomorphic that the keys cannot be generated and managed easily. In this paper, we propose a novel fast and secure switch network coding multicast (SSNC on the software defined networks (SDN. In our scheme, the complicated secure multicast management was separated from the fast data transmission based on the SDN. Multiple multicasts will be aggregated to one multicast group according to the requirements of services and the network status. Then, the controller will route aggregated multicast group with network coding; only the trusted switch will be allowed to join the network coding by using broadcast encryption. The proposed scheme can use the traditional cryptography without homomorphy, which greatly reduces the complexity of the computation and improves the efficiency of transmission.

  16. A Key Generation Model for Improving the Security of Cryptographic ...

    African Journals Online (AJOL)

    Cryptography is a mathematical technique that plays an important role in information security techniques for addressing authentication, interactive proofs, data origination, sender/receiver identity, non-repudiation, secure computation, data integrity and confidentiality, message integrity checking and digital signatures.

  17. Behavioral and physical biometric characteristics modeling used for ITS security improvement

    Directory of Open Access Journals (Sweden)

    Miroslav BAČA

    2009-01-01

    Full Text Available Biometric technologies rely on specific biometric characteristics that are used for recognition. The particular characteristic for a given situation can be described through a serious of descriptive parameters including ease of collecting, permanence, measurably, acceptability, deceptiveness, universality, uniqueness, sample cost, system cost, database size, as well as environmental factors. By using our ontology-based framework for adequacy of biometric systems, we introduce a model for using biometric technologies in ITS. Such technologies increase security, safety and protection of ITS.

  18. E-learning stakeholders information security vulnerability model

    OpenAIRE

    Mohd Alwi, Najwa Hayaati

    2012-01-01

    The motivation to conduct this research has come from awareness that the Internet exposes the e-learning environment to information security threats and vulnerabilities. Information security management as practised as a top down approach in many organisations tend to detach of people’s responsibility in ensuring the security of e-learning. Literature has pointed out that people’s behaviour required to be addressed to control the information security threats. This research proposes an ISM huma...

  19. Business models and business model innovation in a “Secure and Distributed Cloud Clustering (DISC) Society”

    DEFF Research Database (Denmark)

    Lindgren, Peter; Taran, Yariv

    2011-01-01

    of secure business models and how business models can be operated and innovated in a secure context have intensified tremendously. The development of new mobile and wireless security technologies gives hopes to really realize a secure cloud clustering society where business models can act and be innovated......The development and innovation of business models to a secure distributed cloud clustering society (DISC)—is indeed still a complex venture and has not been widely researched yet. Numerous types of security technologies are in these years proposed and in the “slip stream” of these the study...... secure—but we still have some steps to go before we reach the final destination. The paper gives a conceptual futuristic outlook on behalf of the input from SW2010 and state of the art business model research to what we can expect of business Model and business model innovation in a future secure cloud...

  20. Architectural model for crowdsourcing for human security threats ...

    African Journals Online (AJOL)

    Journal of Computer Science and Its Application ... Crowdsourcing for Human Security Threats Situation Information and Response System (CHSTSIRS) is proposed in this paper to report Human Security (HS) ... Keywords: Human security, Crowdsourcing, Threats, Situation Information, Agency, Google, Cloud Messaging ...

  1. Security Certification Challenges in a Cloud Computing Delivery Model

    Science.gov (United States)

    2010-04-27

    Relevant Security Standards, Certifications, and Guidance  NIST SP 800 series  ISO /IEC 27001 framework  Cloud Security Alliance  Statement of...CSA Domains / Cloud Features ISO 27001 Cloud Service Provider Responsibility Government Agency Responsibility Analyze Security gaps Compensating

  2. ITIL Based Service Level Management if SLAs Cover Security

    Directory of Open Access Journals (Sweden)

    Tomas Feglar

    2005-08-01

    Full Text Available Current level of information technology creates new perspectives for more IT service oriented market. Quality of these services requires slightly different approach then was applied for products including software. No IT services are delivered and supported in risk free environment. Risks would be considered consistently with IT services quality gaps from Service Level Management (SLM perspective. SLM is one of ITIL modules that are widely used within the IT service industry. We identified some weaknesses in how SLM is developed in ITIL environment if service level agreement (SLA has cover Security. We argue that in such cases Architecture modeling and risk assessment approach let us effectively control analytical effort that relates to risks identification and understanding. Risk driven countermeasures designed in a next step (Risk treatment have significant impact to the SLM especially from responsibility perspective. To demonstrate SLM's importance in real practice we analyze SLA synthesize process in CCI (Cyber Critical Infrastructure environment.

  3. An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System.

    Science.gov (United States)

    Li, Chun-Ta; Wu, Tsu-Yang; Chen, Chin-Ling; Lee, Cheng-Chi; Chen, Chien-Ming

    2017-06-23

    In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients' physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu-Chung's scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.

  4. An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System

    Science.gov (United States)

    Wu, Tsu-Yang; Chen, Chin-Ling; Lee, Cheng-Chi; Chen, Chien-Ming

    2017-01-01

    In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients’ physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu–Chung’s scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP. PMID:28644381

  5. Probabilistic modelling of security of supply in gas networks and evaluation of new infrastructure

    International Nuclear Information System (INIS)

    Praks, Pavel; Kopustinskas, Vytis; Masera, Marcelo

    2015-01-01

    The paper presents a probabilistic model to study security of supply in a gas network. The model is based on Monte-Carlo simulations with graph theory, and is implemented in the software tool ProGasNet. The software allows studying gas networks in various aspects including identification of weakest links and nodes, vulnerability analysis, bottleneck analysis, evaluation of new infrastructure etc. In this paper ProGasNet is applied to a benchmark network based on a real EU gas transmission network of several countries with the purpose of evaluating the security of supply effects of new infrastructure, either under construction, recently completed or under planning. The probabilistic model enables quantitative evaluations by comparing the reliability of gas supply in each consuming node of the network. - Highlights: • A Monte-Carlo algorithm for stochastic flow networks is presented. • Network elements can fail according to a given probabilistic model. • Priority supply pattern of gas transmission networks is assumed. • A real-world EU gas transmission network is presented and analyzed. • A risk ratio is used for security of supply quantification of a new infrastructure.

  6. A comprehensive Network Security Risk Model for process control networks.

    Science.gov (United States)

    Henry, Matthew H; Haimes, Yacov Y

    2009-02-01

    The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example.

  7. On sustainable development of uranium mining industry in China based on the concept of ecological security

    International Nuclear Information System (INIS)

    Wu Shali; Tai Kaixuan

    2011-01-01

    Ecological security is an important issue for sustainable development of mining industry, on which the development of nuclear industry and nuclear power is based. But uranium mining and processing has larger effect on ecological environment which mainly include tailings, waste rock, waste water, and radiation effects. In this paper, the dialectical relationship between ecological security and sustainable relationship is analyzed, the ecological safety concept at home and abroad is compared and the role that ecological safety plays in the sustainable development of uranium mining based on analysis of restricting factors on uranium mining in China from the perspective of ecological security is also probed into. To achieve sustainable development of the uranium mining industry in China, an ecological security concept from four aspects must be established: 1) the concept of ecological security management; 2) the scientific concept of ecological security; 3) the concept of ecological security investment; and 4) the concept of ecological security responsibility. (authors)

  8. Reliability, compliance, and security in web-based course assessments

    Directory of Open Access Journals (Sweden)

    Scott Bonham

    2008-04-01

    Full Text Available Pre- and postcourse assessment has become a very important tool for education research in physics and other areas. The web offers an attractive alternative to in-class paper administration, but concerns about web-based administration include reliability due to changes in medium, student compliance rates, and test security, both question leakage and utilization of web resources. An investigation was carried out in introductory astronomy courses comparing pre- and postcourse administration of assessments using the web and on paper. Overall no difference was seen in performance due to the medium. Compliance rates fluctuated greatly, and factors that seemed to produce higher rates are identified. Notably, email reminders increased compliance by 20%. Most of the 559 students complied with requests to not copy, print, or save questions nor use web resources; about 1% did copy some question text and around 2% frequently used other windows or applications while completing the assessment.

  9. An evaluation index system of water security in China based on macroeconomic data from 2000 to 2012

    Science.gov (United States)

    Li, X. S.; Peng, Z. Y.; Li, T. T.

    2016-08-01

    This paper establishes an evaluation index system of water security. The index system employs 5 subsystems (water circulation security, water environment security, water ecology security, water society security and water economy security) and has 39 indicators. Using the AHP method, each indicator is given a relative weight to integrate within the whole system. With macroeconomic data from 2000 to 2012, a model of water security evaluation is applied to assess the state of water security in China. The results show an improving trend in the overall state of China's water security. In particular, the cycle of water security is at a high and low fluctuation. Water environment security presents an upward trend on the whole; however, this trend is unsteady and has shown a descending tendency in some years. Yet, water ecology security, water society security, and water economy security are basically on the rise. However, the degree of coordination of China's water security system remains in need of consolidation.

  10. The Chain-Link Fence Model: A Framework for Creating Security Procedures

    Science.gov (United States)

    Houghton, Robert F.

    2013-01-01

    A long standing problem in information technology security is how to help reduce the security footprint. Many specific proposals exist to address specific problems in information technology security. Most information technology solutions need to be repeatable throughout the course of an information systems lifecycle. The Chain-Link Fence Model is…

  11. On the Modelling of Context-Aware Security for Mobile Devices

    Directory of Open Access Journals (Sweden)

    Tomasz Zurek

    2016-01-01

    Full Text Available Security management in wireless networks has to deal with the changing character of the environment, which can further lead to decision making problem for unexpected events. Among a huge list of devices, the mobile ones are especially vulnerable to this situation. The solution for adapting systems and applications to dynamic environments can be context-aware description of the user actions, which gives a possibility to take into account the factors that influence these actions. In the article, we propose a context-aware security adjusting model, which is based on proposition logic and incorporates mechanisms that assist in the reasoning process. The main benefits that differentiate our approach from similar ones are a formal representation of the model, the usage of the whole spectrum of context attributes, the detection and analysis of contextual data integrity, and conflicting rules’ eradication capability. All these traits transcribe into a more effective way of adjusting security measures in accordance with existing circumstances. To illustrate the proposed approach, we present the case study of context-aware security management for mobile devices.

  12. Flexible, Secure, and Reliable Data Sharing Service Based on Collaboration in Multicloud Environment

    Directory of Open Access Journals (Sweden)

    Qiang Wei

    2018-01-01

    Full Text Available Due to the abundant storage resources and high reliability data service of cloud computing, more individuals and enterprises are motivated to outsource their data to public cloud platform and enable legal data users to search and download what they need in the outsourced dataset. However, in “Paid Data Sharing” model, some valuable data should be encrypted before outsourcing for protecting owner’s economic benefits, which is an obstacle for flexible application. Specifically, if the owner does not know who (user will download which data files in advance and even does not know the attributes of user, he/she has to either remain online all the time or import a trusted third party (TTP to distribute the file decryption key to data user. Obviously, making the owner always remain online is too inflexible, and wholly depending on the security of TTP is a potential risk. In this paper, we propose a flexible, secure, and reliable data sharing scheme based on collaboration in multicloud environment. For securely and instantly providing data sharing service even if the owner is offline and without TTP, we distribute all encrypted split data/key blocks together to multiple cloud service providers (CSPs, respectively. An elaborate cryptographic protocol we designed helps the owner verify the correctness of data exchange bills, which is directly related to the owner’s economic benefits. Besides, in order to support reliable data service, the erasure-correcting code technic is exploited for tolerating multiple failures among CSPs, and we offer a secure keyword search mechanism that makes the system more close to reality. Extensive security analyses and experiments on real-world data show that our scheme is secure and efficient.

  13. The French nuclear policy. A model for security policy in North-East Asia

    International Nuclear Information System (INIS)

    Choe, K.

    1998-01-01

    Between the end of the second world war and the collapse of the Berlin wall, the French diplomacy was based on the nuclear policy in a solid and coherent way. This nuclear policy was an 'incarnation' of the national security conception, allowing France to recover its political, military and economical rank on the international scene. The most important characteristic of the French nuclear policy concerns the commercialization of the nuclear energy which aims to ensuring the national security through the building up of a financial, technological and political 'reserve'. In front of the domination of the USA and USSR during the cold war era, NE Asia had a similar geostrategic configuration as Western Europe. It concerns in particular the massive application of nuclear energy for both military and industrial purposes. The bases of the security policy in this region refers to the real use of the nuclear weapon by the USA against Japan in 1945. The French nuclear policy may be considered as a model for the building of the security policy of NE Asia, in particular through the commercialization of the nuclear technology between the countries in concern. This nuclear approach would allow the countries of these region to change their present day national defense policy into an economical and military cooperation. (J.S.)

  14. Special Issue on Entropy-Based Applied Cryptography and Enhanced Security for Ubiquitous Computing

    Directory of Open Access Journals (Sweden)

    James (Jong Hyuk Park

    2016-09-01

    Full Text Available Entropy is a basic and important concept in information theory. It is also often used as a measure of the unpredictability of a cryptographic key in cryptography research areas. Ubiquitous computing (Ubi-comp has emerged rapidly as an exciting new paradigm. In this special issue, we mainly selected and discussed papers related with ore theories based on the graph theory to solve computational problems on cryptography and security, practical technologies; applications and services for Ubi-comp including secure encryption techniques, identity and authentication; credential cloning attacks and countermeasures; switching generator with resistance against the algebraic and side channel attacks; entropy-based network anomaly detection; applied cryptography using chaos function, information hiding and watermark, secret sharing, message authentication, detection and modeling of cyber attacks with Petri Nets, and quantum flows for secret key distribution, etc.

  15. CC-based Design of Secure Application Systems

    DEFF Research Database (Denmark)

    Sharp, Robin

    2009-01-01

    This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secu...... an effective and secure design, starting with the formulation of a Protection Profile and ending with a concrete design, within the project timeframe.......This paper describes some experiences with using the Common Criteria for Information Security Evaluation as the basis for a design methodology for secure application systems. The examples considered include a Point-of-Sale (POS) system, a wind turbine park monitoring and control system and a secure...

  16. Secure base scripts are associated with maternal parenting behavior across contexts and reflective functioning among trauma-exposed mothers.

    Science.gov (United States)

    Huth-Bocks, Alissa C; Muzik, Maria; Beeghly, Marjorie; Earls, Lauren; Stacks, Ann M

    2014-01-01

    There is growing evidence that "secure-base scripts" are an important part of the cognitive underpinnings of internal working models of attachment. Recent research in middle class samples has shown that secure-base scripts are linked to maternal attachment-oriented behavior and child outcomes. However, little is known about the correlates of secure base scripts in higher-risk samples. Participants in the current study included 115 mothers who were oversampled for childhood maltreatment and their infants. Results revealed that a higher level of secure base scriptedness was significantly related to more positive and less negative maternal parenting in both unstructured free play and structured teaching contexts, and to higher reflective functioning scores on the Parent Development Interview-Revised Short Form. Associations with parent-child secure base scripts, specifically, indicate some level of relationship-specificity in attachment scripts. Many, but not all, significant associations remained after controlling for family income and maternal age. Findings suggest that assessing secure base scripts among mothers known to be at risk for parenting difficulties may be important for interventions aimed at altering problematic parental representations and caregiving behavior.

  17. Geomechanical Modeling for Improved CO2 Storage Security

    Science.gov (United States)

    Rutqvist, J.; Rinaldi, A. P.; Cappa, F.; Jeanne, P.; Mazzoldi, A.; Urpi, L.; Vilarrasa, V.; Guglielmi, Y.

    2017-12-01

    This presentation summarizes recent modeling studies on geomechanical aspects related to Geologic Carbon Sequestration (GCS,) including modeling potential fault reactivation, seismicity and CO2 leakage. The model simulations demonstrates that the potential for fault reactivation and the resulting seismic magnitude as well as the potential for creating a leakage path through overburden sealing layers (caprock) depends on a number of parameters such as fault orientation, stress field, and rock properties. The model simulations further demonstrate that seismic events large enough to be felt by humans requires brittle fault properties as well as continuous fault permeability allowing for the pressure to be distributed over a large fault patch to be ruptured at once. Heterogeneous fault properties, which are commonly encountered in faults intersecting multilayered shale/sandstone sequences, effectively reduce the likelihood of inducing felt seismicity and also effectively impede upward CO2 leakage. Site specific model simulations of the In Salah CO2 storage site showed that deep fractured zone responses and associated seismicity occurred in the brittle fractured sandstone reservoir, but at a very substantial reservoir overpressure close to the magnitude of the least principal stress. It is suggested that coupled geomechanical modeling be used to guide the site selection and assisting in identification of locations most prone to unwanted and damaging geomechanical changes, and to evaluate potential consequence of such unwanted geomechanical changes. The geomechanical modeling can be used to better estimate the maximum sustainable injection rate or reservoir pressure and thereby provide for improved CO2 storage security. Whether damaging geomechanical changes could actually occur very much depends on the local stress field and local reservoir properties such the presence of ductile rock and faults (which can aseismically accommodate for the stress and strain induced by

  18. A Secure and Robust Object-Based Video Authentication System

    Directory of Open Access Journals (Sweden)

    He Dajun

    2004-01-01

    Full Text Available An object-based video authentication system, which combines watermarking, error correction coding (ECC, and digital signature techniques, is presented for protecting the authenticity between video objects and their associated backgrounds. In this system, a set of angular radial transformation (ART coefficients is selected as the feature to represent the video object and the background, respectively. ECC and cryptographic hashing are applied to those selected coefficients to generate the robust authentication watermark. This content-based, semifragile watermark is then embedded into the objects frame by frame before MPEG4 coding. In watermark embedding and extraction, groups of discrete Fourier transform (DFT coefficients are randomly selected, and their energy relationships are employed to hide and extract the watermark. The experimental results demonstrate that our system is robust to MPEG4 compression, object segmentation errors, and some common object-based video processing such as object translation, rotation, and scaling while securely preventing malicious object modifications. The proposed solution can be further incorporated into public key infrastructure (PKI.

  19. Assessing work disability for social security benefits: international models for the direct assessment of work capacity.

    Science.gov (United States)

    Geiger, Ben Baumberg; Garthwaite, Kayleigh; Warren, Jon; Bambra, Clare

    2017-08-25

    It has been argued that social security disability assessments should directly assess claimants' work capacity, rather than relying on proxies such as on functioning. However, there is little academic discussion of how such assessments could be conducted. The article presents an account of different models of direct disability assessments based on case studies of the Netherlands, Germany, Denmark, Norway, the United States of America, Canada, Australia, and New Zealand, utilising over 150 documents and 40 expert interviews. Three models of direct work disability assessments can be observed: (i) structured assessment, which measures the functional demands of jobs across the national economy and compares these to claimants' functional capacities; (ii) demonstrated assessment, which looks at claimants' actual experiences in the labour market and infers a lack of work capacity from the failure of a concerned rehabilitation attempt; and (iii) expert assessment, based on the judgement of skilled professionals. Direct disability assessment within social security is not just theoretically desirable, but can be implemented in practice. We have shown that there are three distinct ways that this can be done, each with different strengths and weaknesses. Further research is needed to clarify the costs, validity/legitimacy, and consequences of these different models. Implications for rehabilitation It has recently been argued that social security disability assessments should directly assess work capacity rather than simply assessing functioning - but we have no understanding about how this can be done in practice. Based on case studies of nine countries, we show that direct disability assessment can be implemented, and argue that there are three different ways of doing it. These are "demonstrated assessment" (using claimants' experiences in the labour market), "structured assessment" (matching functional requirements to workplace demands), and "expert assessment" (the

  20. An Intelligent and Secure Health Monitoring Scheme Using IoT Sensor Based on Cloud Computing

    Directory of Open Access Journals (Sweden)

    Jin-Xin Hu

    2017-01-01

    Full Text Available Internet of Things (IoT is the network of physical objects where information and communication technology connect multiple embedded devices to the Internet for collecting and exchanging data. An important advancement is the ability to connect such devices to large resource pools such as cloud. The integration of embedded devices and cloud servers offers wide applicability of IoT to many areas of our life. With the aging population increasing every day, embedded devices with cloud server can provide the elderly with more flexible service without the need to visit hospitals. Despite the advantages of the sensor-cloud model, it still has various security threats. Therefore, the design and integration of security issues, like authentication and data confidentiality for ensuring the elderly’s privacy, need to be taken into consideration. In this paper, an intelligent and secure health monitoring scheme using IoT sensor based on cloud computing and cryptography is proposed. The proposed scheme achieves authentication and provides essential security requirements.

  1. MISTRAL: A game-theoretical model to allocate security measures in a multi-modal chemical transportation network with adaptive adversaries

    International Nuclear Information System (INIS)

    Talarico, Luca; Reniers, Genserik; Sörensen, Kenneth; Springael, Johan

    2015-01-01

    In this paper we present a multi-modal security-transportation model to allocate security resources within a chemical supply chain which is characterized by the use of different transport modes, each having their own security features. We consider security-related risks so as to take measures against terrorist acts which could target critical transportation systems. The idea of addressing security-related issues, by supporting decisions for preventing or mitigating intentional acts on transportation infrastructure, has gained attention in academic research only recently. The decision model presented in this paper is based on game theory and it can be employed to organize intelligence capabilities aimed at securing chemical supply chains. It enables detection and warning against impending attacks on transportation infrastructures and the subsequent adoption of security countermeasures. This is of extreme importance for preventing terrorist attacks and for avoiding (possibly huge) human and economic losses. In our work we also provide data sources and numerical simulations by applying the proposed model to a illustrative multi-modal chemical supply chain. - Highlights: • A model to increase the security in a multimodal chemical supply chain is proposed. • The model considers adaptive opponents having multi-attribute utility functions. • The model is based on game theory using an attacker–defender schema. • The model provides recommendations about where to allocate security measures. • Numerical simulations on a sample multimodal chemical supply chain are shown

  2. Providing a secure base: parenting children in long-term foster family care.

    Science.gov (United States)

    Schofield, Gillian; Beek, Mary

    2005-03-01

    This paper reports on a longitudinal study of children growing up in long-term foster family care. It focuses attention on the challenges for foster carers in providing a secure base for foster children in middle childhood and early adolescence, who have come predominantly from backgrounds of abuse, neglect, and psychosocial adversity. Separation and loss in the children's lives, often through multiple placements, increase the likelihood of difficulties across a range of development. These children tend to be wary, distrustful, and controlling when they enter foster placements, but need from their carers many of the caregiving qualities most commonly described as providing a secure base in infancy. This study describes a model of parenting which uses four caregiving dimensions that are consistent with attachment theory and research: promoting trust in availability, promoting reflective function, promoting self-esteem, and promoting autonomy. A fifth dimension, promoting family membership, is added, as it reflects the need for children in long-term foster family care to experience the security that comes from a sense of identity and belonging. Qualitative data from the study demonstrates the usefulness of this model as a framework for analysis, but also suggests the potential use of such a framework for working with and supporting foster carers.

  3. Risk and business goal based security requirement and countermeasure prioritization

    NARCIS (Netherlands)

    Herrmann, A.; Morali, A.; Etalle, S.; Wieringa, R.J.; Niedrite, L.; Strazdina, R.; Wangler, B.

    2012-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement "good-enough security" but need to be able to justify their security investment plans. Currently companies achieve this by means of

  4. A study of insider threat in nuclear security analysis using game theoretic modeling

    International Nuclear Information System (INIS)

    Kim, Kyo-Nam; Yim, Man-Sung; Schneider, Erich

    2017-01-01

    Highlights: • Implications of an insider threat in nuclear security were quantitatively analyzed. • The analysis was based on of a hypothetical nuclear facility and using game theoretic approach. • Through a sensitivity analysis, vulnerable paths and important parameters were identified. • The methodology can be utilized to prioritize the implementation of PPS improvements in a facility. - Abstract: An Insider poses a greater threat to the security system of a nuclear power plant (NPP) because of their ability to take advantage of their access rights and knowledge of a facility, to bypass dedicated security measures. If an insider colludes with an external terrorist group, this poses a key threat to the safety-security interface. However, despite the importance of the insider threat, few studies have been conducted to quantitatively analyze an insider threat. This research examines the quantitative framework for investigating the implications of insider threat, taking a novel approach. Conventional tools assessing the security threats to nuclear facilities focus on a limited number of attack pathways. These are defined by the modeler and are based on simple probabilistic calculations. They do not capture the adversary’s intentions nor do they account for their response and adaptation to defensive investments. As an alternative way of performing physical protection analysis, this research explores the use of game theoretic modeling of Physical Protection Systems (PPS) analysis by incorporating the implications of an insider threat, to address the issues of intentionality and interactions. The game theoretic approach has the advantage of modeling an intelligent adversary and insider who has an intention to do harm and complete knowledge of the facility. Through a quantitative assessment and sensitivity analysis, vulnerable but important parameters in this model were identified. This made it possible to determine which insider threat is more important. The

  5. Certificate-Based Encryption with Keyword Search: Enabling Secure Authorization in Electronic Health Record

    Directory of Open Access Journals (Sweden)

    Clémentine Gritti

    2016-11-01

    Full Text Available In an e-Health scenario, we study how the practitioners are authorized when they are requesting access to medical documents containing sensitive information. Consider the following scenario. A clinician wants to access and retrieve a patient’s Electronic Health Record (EHR, and this means that the clinician must acquire sufficient access right to access this document. As the EHR is within a collection of many other patients, the clinician would need to specify some requirements (such as a keyword which match the patient’s record, as well as having a valid access right. The complication begins when we do not want the server to learn anything from this query (as the server might be outsourced to other place. To encompass this situation, we define a new cryptographic primitive called Certificate-Based Encryption with Keyword Search (CBEKS, which will be suitable in this scenario. We also specify the corresponding security models, namely computational consistency, indistinguishability against chosen keyword and ciphertext attacks, indistinguishability against keyword-guessing attacks and collusion resistance. We provide a CBEKS construction that is proven secure in the standard model with respect to the aforementioned security models.

  6. Security Concerns and Countermeasures in Network Coding Based Communications Systems

    DEFF Research Database (Denmark)

    Talooki, Vahid; Bassoli, Riccardo; Roetter, Daniel Enrique Lucani

    2015-01-01

    key protocol types, namely, state-aware and stateless protocols, specifying the benefits and disadvantages of each one of them. We also present the key security assumptions of network coding (NC) systems as well as a detailed analysis of the security goals and threats, both passive and active......This survey paper shows the state of the art in security mechanisms, where a deep review of the current research and the status of this topic is carried out. We start by introducing network coding and its variety applications in enhancing current traditional networks. In particular, we analyze two....... This paper also presents a detailed taxonomy and a timeline of the different NC security mechanisms and schemes reported in the literature. Current proposed security mechanisms and schemes for NC in the literature are classified later. Finally a timeline of these mechanism and schemes is presented....

  7. Security Scheme Based on Parameter Hiding Technic for Mobile Communication in a Secure Cyber World

    Directory of Open Access Journals (Sweden)

    Jong Hyuk Park

    2016-10-01

    Full Text Available Long Term Evolution (LTE and Long Term Evolution-Advanced (LTE-A support a better data transmission service than 3G dose and are globally commercialized technologies in a cyber world that is essential for constructing a future mobile environment, since network traffics have exponentially increased as people have started to use more than just one mobile device. However, when User Equipment (UE is executing initial attach processes to access LTE networks, there is a vulnerability in which identification parameters like International Mobile Subscriber Identity (IMSI and Radio Network Temporary Identities (RNTI are transmitted as plain texts. It can threat various services that are commercialized therewith in a cyber world. Therefore, a security scheme is proposed in this paper where identification parameters can be securely transmitted and hidden in four cases where initial attach occurs between UE and Mobility Management Entity (MME. The proposed security scheme not only supports encrypted transmission of identification parameters but also mutual authentication between Evolved Node B (eNB and MME to make a secure cyber world. Additionally, performance analysis results using an OPNET simulator showed the satisfaction of the average delay rate that is specified in LTE standards.

  8. Secure grid-based computing with social-network based trust management in the semantic web

    Czech Academy of Sciences Publication Activity Database

    Špánek, Roman; Tůma, Miroslav

    2006-01-01

    Roč. 16, č. 6 (2006), s. 475-488 ISSN 1210-0552 R&D Projects: GA AV ČR 1ET100300419; GA MŠk 1M0554 Institutional research plan: CEZ:AV0Z10300504 Keywords : semantic web * grid computing * trust management * reconfigurable networks * security * hypergraph model * hypergraph algorithms Subject RIV: IN - Informatics, Computer Science

  9. Fiber-optic perimeter security system based on WDM technology

    Science.gov (United States)

    Polyakov, Alexandre V.

    2017-10-01

    Intelligent underground fiber optic perimeter security system is presented. Their structure, operation, software and hardware with neural networks elements are described. System allows not only to establish the fact of violation of the perimeter, but also to locate violations. This is achieved through the use of WDM-technology division spectral information channels. As used quasi-distributed optoelectronic recirculation system as a discrete sensor. The principle of operation is based on registration of the recirculation period change in the closed optoelectronic circuit at different wavelengths under microstrain exposed optical fiber. As a result microstrain fiber having additional power loss in a fiber optical propagating pulse, which causes a time delay as a result of switching moments of the threshold device. To separate the signals generated by intruder noise and interference, the signal analyzer is used, based on the principle of a neural network. The system detects walking, running or crawling intruder, as well as undermining attempts to register under the perimeter line. These alarm systems can be used to protect the perimeters of facilities such as airports, nuclear reactors, power plants, warehouses, and other extended territory.

  10. Batch Attribute-Based Encryption for Secure Clouds

    Directory of Open Access Journals (Sweden)

    Chen Yang

    2015-10-01

    Full Text Available Cloud storage is widely used by organizations due to its advantage of allowing universal access with low cost. Attribute-based encryption (ABE is a kind of public key encryption suitable for cloud storage. The secret key of each user and the ciphertext are associated with an access policy and an attribute set, respectively; in addition to holding a secret key, one can decrypt a ciphertext only if the associated attributes match the predetermined access policy, which allows one to enforce fine-grained access control on outsourced files. One issue in existing ABE schemes is that they are designed for the users of a single organization. When one wants to share the data with the users of different organizations, the owner needs to encrypt the messages to the receivers of one organization and then repeats this process for another organization. This situation is deteriorated with more and more mobile devices using cloud services, as the ABE encryption process is time consuming and may exhaust the power supplies of the mobile devices quickly. In this paper, we propose a batch attribute-based encryption (BABE approach to address this problem in a provably-secure way. With our approach, the data owner can outsource data in batches to the users of different organizations simultaneously. The data owner is allowed to decide the receiving organizations and the attributes required for decryption. Theoretical and experimental analyses show that our approach is more efficient than traditional encryption implementations in computation and communication.

  11. Secure Image Encryption Based On a Chua Chaotic Noise Generator

    Directory of Open Access Journals (Sweden)

    A. S. Andreatos

    2013-10-01

    Full Text Available This paper presents a secure image cryptography telecom system based on a Chua's circuit chaotic noise generator. A chaotic system based on synchronised Master–Slave Chua's circuits has been used as a chaotic true random number generator (CTRNG. Chaotic systems present unpredictable and complex behaviour. This characteristic, together with the dependence on the initial conditions as well as the tolerance of the circuit components, make CTRNGs ideal for cryptography. In the proposed system, the transmitter mixes an input image with chaotic noise produced by a CTRNG. Using thresholding techniques, the chaotic signal is converted to a true random bit sequence. The receiver must be able to reproduce exactly the same chaotic noise in order to subtract it from the received signal. This becomes possible with synchronisation between the two Chua's circuits: through the use of specific techniques, the trajectory of the Slave chaotic system can be bound to that of the Master circuit producing (almost identical behaviour. Additional blocks have been used in order to make the system highly parameterisable and robust against common attacks. The whole system is simulated in Matlab. Simulation results demonstrate satisfactory performance, as well as, robustness against cryptanalysis. The system works with both greyscale and colour jpg images.

  12. Security in the data link layer of the OSI model on LANs wired Cisco

    Directory of Open Access Journals (Sweden)

    María Genoveva Moreira Santos

    2018-02-01

    Full Text Available There are no technologies or protocols completely secure in network infrastructures, for this reason, this document aims to demonstrate the importance of configuring security options on network equipments. On this occasion we will focus on the data link layer of the OSI model, which is where controls have begun to be implemented at level of protocols. The tools that are used in the research facilitate the implementation of a virtual laboratory, which consists of a base operating system (windows in which virtualbox is installed to mount linux mint, which will generate attacks; while in VMware, we installed a virtual machine that allows you to add the image of a switch to our network simulation software (GNS3, which integrates all the components. The tests were able to identify the vulnerabilities in MAC, ARP, VLAN and STP, and then to proceed to patch these security aws. Keeping the setting by default or ignoring the characteristics of network equipment are usually the reasons why these vulnerabilities exist. Finally, it was proved how easy it can be to run an attack and at the same time to implement security measures on the layer 2 of the OSI.

  13. Security challenges in integration of a PHR-S into a standards based national EHR.

    Science.gov (United States)

    Mense, Alexander; Hoheiser Pförtner, Franz; Sauermann, Stefan

    2014-01-01

    Health related data provided by patients themselves is expected to play a major role in future healthcare. Data from personal health devices, vaccination records, health diaries or observations of daily living, for instance, is stored in personal health records (PHR) which are maintained by personal health record systems (PHR-S). Combining this information with medical records provided by healthcare providers in electronic health records (EHR) is one of the next steps towards "personal care". Austria currently sets up a nationwide EHR system that incorporates all healthcare providers and is technically based on international standards (IHE, HL7, OASIS, ...). Looking at the expected potential of merging PHR and EHR data it is worth to analyse integration approaches. Although knowing that an integration requires the coordination of processes, information models and technical architectures, this paper specifically focuses on security issues by evaluating general security requirements for a PHR-S (based on HL7 PHR-S FM), comparing them with the information security specifications for the Austrian's national EHR (based on ISO/IES 27000 series) and identifying the main challenges as well as possible approaches.

  14. Modelling Public Security Operations: Evaluation of the Holistic Security Ecosystem (HSE) Proof-of-Concept

    Science.gov (United States)

    2012-12-01

    base pour construire de telles simulations et pourrait être adaptée à d’autres expériences à un coût relativement bas. Perspectives : Les leçons...systems (such as culture , [ Culture ]). This seven-dimensional framework advocates that systems be viewed from the physical, individual, functional...structural, normative, social, and informational dimensions. The human factors include modelling stress, trust, risk factors, and cultural factors

  15. Two-Dimensional (2D Slices Encryption-Based Security Solution for Three-Dimensional (3D Printing Industry

    Directory of Open Access Journals (Sweden)

    Giao N. Pham

    2018-05-01

    Full Text Available Nowadays, three-dimensional (3D printing technology is applied to many areas of life and changes the world based on the creation of complex structures and shapes that were not feasible in the past. But, the data of 3D printing is often attacked in the storage and transmission processes. Therefore, 3D printing must be ensured security in the manufacturing process, especially the data of 3D printing to prevent attacks from hackers. This paper presents a security solution for 3D printing based on two-dimensional (2D slices encryption. The 2D slices of 3D printing data is encrypted in the frequency domain or in the spatial domain by the secret key to generate the encrypted data of 3D printing. We implemented the proposed solution in both the frequency domain based on the Discrete Cosine Transform and the spatial domain based on geometric transform. The entire 2D slices of 3D printing data is altered and secured after the encryption process. The proposed solution is responsive to the security requirements for the secured storage and transmission. Experimental results also verified that the proposed solution is effective to 3D printing data and is independent on the format of 3D printing models. When compared to the conventional works, the security and performance of the proposed solution is also better.

  16. Complex Conjugated certificateless-based signcryption with differential integrated factor for secured message communication in mobile network.

    Directory of Open Access Journals (Sweden)

    Sumithra Alagarsamy

    Full Text Available Certificateless-based signcryption overcomes inherent shortcomings in traditional Public Key Infrastructure (PKI and Key Escrow problem. It imparts efficient methods to design PKIs with public verifiability and cipher text authenticity with minimum dependency. As a classic primitive in public key cryptography, signcryption performs validity of cipher text without decryption by combining authentication, confidentiality, public verifiability and cipher text authenticity much more efficiently than the traditional approach. In this paper, we first define a security model for certificateless-based signcryption called, Complex Conjugate Differential Integrated Factor (CC-DIF scheme by introducing complex conjugates through introduction of the security parameter and improving secured message distribution rate. However, both partial private key and secret value changes with respect to time. To overcome this weakness, a new certificateless-based signcryption scheme is proposed by setting the private key through Differential (Diff Equation using an Integration Factor (DiffEIF, minimizing computational cost and communication overhead. The scheme is therefore said to be proven secure (i.e. improving the secured message distributing rate against certificateless access control and signcryption-based scheme. In addition, compared with the three other existing schemes, the CC-DIF scheme has the least computational cost and communication overhead for secured message communication in mobile network.

  17. Complex Conjugated certificateless-based signcryption with differential integrated factor for secured message communication in mobile network.

    Science.gov (United States)

    Alagarsamy, Sumithra; Rajagopalan, S P

    2017-01-01

    Certificateless-based signcryption overcomes inherent shortcomings in traditional Public Key Infrastructure (PKI) and Key Escrow problem. It imparts efficient methods to design PKIs with public verifiability and cipher text authenticity with minimum dependency. As a classic primitive in public key cryptography, signcryption performs validity of cipher text without decryption by combining authentication, confidentiality, public verifiability and cipher text authenticity much more efficiently than the traditional approach. In this paper, we first define a security model for certificateless-based signcryption called, Complex Conjugate Differential Integrated Factor (CC-DIF) scheme by introducing complex conjugates through introduction of the security parameter and improving secured message distribution rate. However, both partial private key and secret value changes with respect to time. To overcome this weakness, a new certificateless-based signcryption scheme is proposed by setting the private key through Differential (Diff) Equation using an Integration Factor (DiffEIF), minimizing computational cost and communication overhead. The scheme is therefore said to be proven secure (i.e. improving the secured message distributing rate) against certificateless access control and signcryption-based scheme. In addition, compared with the three other existing schemes, the CC-DIF scheme has the least computational cost and communication overhead for secured message communication in mobile network.

  18. Researches on the Security of Cluster-based Communication Protocol for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Yanhong Sun

    2014-08-01

    Full Text Available Along with the in-depth application of sensor networks, the security issues have gradually become the bottleneck of wireless sensor applications. To provide a solution for security scheme is a common concern not only of researchers but also of providers, integrators and users of wireless sensor networks. Based on this demand, this paper focuses on the research of strengthening the security of cluster-based wireless sensor networks. Based on the systematic analysis of the clustering protocol and its security enhancement scheme, the paper introduces the broadcast authentication scheme, and proposes an SA-LEACH network security enhancement protocol. The performance analysis and simulation experiments prove that the protocol consumes less energy with the same security requirements, and when the base station is comparatively far from the network deployment area, it is more advantageous in terms of energy consumption and t more suitable for wireless sensor networks.

  19. Adaptive fuzzy observer based synchronization design and secure communications of chaotic systems

    International Nuclear Information System (INIS)

    Hyun, Chang-Ho; Kim, Jae-Hun; Kim, Euntai; Park, Mignon

    2006-01-01

    This paper proposes a synchronization design scheme based on an alternative indirect adaptive fuzzy observer and its application to secure communication of chaotic systems. It is assumed that their states are unmeasurable and their parameters are unknown. Chaotic systems and the structure of the fuzzy observer are represented by the Takagi-Sugeno fuzzy model. Using Lyapunov stability theory, an adaptive law is derived to estimate the unknown parameters and the stability of the proposed system is guaranteed. Through this process, the asymptotic synchronization of chaotic systems is achieved. The proposed observer is applied to secure communications of chaotic systems and some numerical simulation results show the validity of theoretical derivations and the performance of the proposed observer

  20. End-to-end Information Flow Security Model for Software-Defined Networks

    Directory of Open Access Journals (Sweden)

    D. Ju. Chaly

    2015-01-01

    Full Text Available Software-defined networks (SDN are a novel paradigm of networking which became an enabler technology for many modern applications such as network virtualization, policy-based access control and many others. Software can provide flexibility and fast-paced innovations in the networking; however, it has a complex nature. In this connection there is an increasing necessity of means for assuring its correctness and security. Abstract models for SDN can tackle these challenges. This paper addresses to confidentiality and some integrity properties of SDNs. These are critical properties for multi-tenant SDN environments, since the network management software must ensure that no confidential data of one tenant are leaked to other tenants in spite of using the same physical infrastructure. We define a notion of end-to-end security in context of software-defined networks and propose a semantic model where the reasoning is possible about confidentiality, and we can check that confidential information flows do not interfere with non-confidential ones. We show that the model can be extended in order to reason about networks with secure and insecure links which can arise, for example, in wireless environments.The article is published in the authors’ wording.

  1. Evaluating the Security Risks of System Using Hidden Markov Models

    African Journals Online (AJOL)

    System security assessment tools are either restricted to manual risk evaluation methodologies that are not appropriate for real-time application or used to determine the impact of certain events on the security status of networked systems. In this paper, we determine the strength of computer systems from the perspective of ...

  2. Asset backed securities : risks, ratings and quantitative modelling

    NARCIS (Netherlands)

    Jönsson, B.H.B.; Schoutens, W.

    2009-01-01

    Asset backed securities (ABSs) are structured finance products backed by pools of assets and are created through a securitisation process. The risks in asset backed securities, such as, credit risk, prepayment risk, market risks, operational risk, and legal risks, are directly connected with the

  3. Children affected by HIV/AIDS: SAFE, a model for promoting their security, health, and development.

    Science.gov (United States)

    Betancourt, Theresa S; Fawzi, Mary K S; Bruderlein, Claude; Desmond, Chris; Kim, Jim Y

    2010-05-01

    A human security framework posits that individuals are the focus of strategies that protect the safety and integrity of people by proactively promoting children's well being, placing particular emphasis on prevention efforts and health promotion. This article applies this framework to a rights-based approach in order to examine the health and human rights of children affected by HIV/AIDS. The SAFE model describes sources of insecurity faced by children across four fundamental dimensions of child well-being and the survival strategies that children and families may employ in response. The SAFE model includes: Safety/protection; Access to health care and basic physiological needs; Family/connection to others; and Education/livelihoods. We argue that it is critical to examine the situation of children through an integrated lens that effectively looks at human security and children's rights through a holistic approach to treatment and care rather than artificially limiting our scope of work to survival-oriented interventions for children affected by HIV/AIDS. Interventions targeted narrowly at children, in isolation of their social and communal environment as outlined in the SAFE model, may in fact undermine protective resources in operation in families and communities and present additional threats to children's basic security. An integrated approach to the basic security and care of children has implications for the prospects of millions of children directly infected or indirectly affected by HIV/AIDS around the world. The survival strategies that young people and their families engage in must be recognized as a roadmap for improving their protection and promoting healthy development. Although applied to children affected by HIV/AIDS in the present analysis, the SAFE model has implications for guiding the care and protection of children and families facing adversity due to an array of circumstances from armed conflict and displacement to situations of extreme poverty.

  4. Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users

    OpenAIRE

    Vladislav D. Veksler; Norbou Buchler; Blaine E. Hoffman; Daniel N. Cassenti; Char Sample; Shridat Sugrim

    2018-01-01

    Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision li...

  5. The study on network security based on software engineering

    Science.gov (United States)

    Jia, Shande; Ao, Qian

    2012-04-01

    Developing a SP is a sensitive task because the SP itself can lead to security weaknesses if it is not conform to the security properties. Hence, appropriate techniques are necessary to overcome such problems. These techniques must accompany the policy throughout its deployment phases. The main contribution of this paper is then, the proposition of three of these activities: validation, test and multi-SP conflict management. Our techniques are inspired by the well established techniques of the software engineering for which we have found some similarities with the security domain.

  6. A new data collaboration service based on cloud computing security

    Science.gov (United States)

    Ying, Ren; Li, Hua-Wei; Wang, Li na

    2017-09-01

    With the rapid development of cloud computing, the storage and usage of data have undergone revolutionary changes. Data owners can store data in the cloud. While bringing convenience, it also brings many new challenges to cloud data security. A key issue is how to support a secure data collaboration service that supports access and updates to cloud data. This paper proposes a secure, efficient and extensible data collaboration service, which prevents data leaks in cloud storage, supports one to many encryption mechanisms, and also enables cloud data writing and fine-grained access control.

  7. Adapting Rational Unified Process (RUP) approach in designing a secure e-Tendering model

    Science.gov (United States)

    Mohd, Haslina; Robie, Muhammad Afdhal Muhammad; Baharom, Fauziah; Darus, Norida Muhd; Saip, Mohamed Ali; Yasin, Azman

    2016-08-01

    e-Tendering is an electronic processing of the tender document via internet and allow tenderer to publish, communicate, access, receive and submit all tender related information and documentation via internet. This study aims to design the e-Tendering system using Rational Unified Process approach. RUP provides a disciplined approach on how to assign tasks and responsibilities within the software development process. RUP has four phases that can assist researchers to adjust the requirements of various projects with different scope, problem and the size of projects. RUP is characterized as a use case driven, architecture centered, iterative and incremental process model. However the scope of this study only focusing on Inception and Elaboration phases as step to develop the model and perform only three of nine workflows (business modeling, requirements, analysis and design). RUP has a strong focus on documents and the activities in the inception and elaboration phases mainly concern the creation of diagrams and writing of textual descriptions. The UML notation and the software program, Star UML are used to support the design of e-Tendering. The e-Tendering design based on the RUP approach can contribute to e-Tendering developers and researchers in e-Tendering domain. In addition, this study also shows that the RUP is one of the best system development methodology that can be used as one of the research methodology in Software Engineering domain related to secured design of any observed application. This methodology has been tested in various studies in certain domains, such as in Simulation-based Decision Support, Security Requirement Engineering, Business Modeling and Secure System Requirement, and so forth. As a conclusion, these studies showed that the RUP one of a good research methodology that can be adapted in any Software Engineering (SE) research domain that required a few artifacts to be generated such as use case modeling, misuse case modeling, activity

  8. A security and privacy preserving e-prescription system based on smart cards.

    Science.gov (United States)

    Hsu, Chien-Lung; Lu, Chung-Fu

    2012-12-01

    In 2002, Ateniese and Medeiros proposed an e-prescription system, in which the patient can store e-prescription and related information using smart card. Latter, Yang et al. proposed a novel smart-card based e-prescription system based on Ateniese and Medeiros's system in 2004. Yang et al. considered the privacy issues of prescription data and adopted the concept of a group signature to provide patient's privacy protection. To make the e-prescription system more realistic, they further applied a proxy signature to allow a patient to delegate his signing capability to other people. This paper proposed a novel security and privacy preserving e-prescription system model based on smart cards. A new role, chemist, is included in the system model for settling the medicine dispute. We further presented a concrete identity-based (ID-based) group signature scheme and an ID-based proxy signature scheme to realize the proposed model. Main property of an ID-based system is that public key is simple user's identity and can be verified without extra public key certificates. Our ID-based group signature scheme can allow doctors to sign e-prescription anonymously. In a case of a medical dispute, identities of the doctors can be identified. The proposed ID-based proxy signature scheme can improve signing delegation and allows a delegation chain. The proposed e-prescription system based on our proposed two cryptographic schemes is more practical and efficient than Yang et al.'s system in terms of security, communication overheads, computational costs, practical considerations.

  9. OPNET Modeler Simulation Testing of the New Model Used to Cooperation Between QoS and Security Mechanisms

    Directory of Open Access Journals (Sweden)

    Jan Papaj

    2012-01-01

    Full Text Available In this article the performance analysis of the new model, used to integration between QoS and Security, is introduced. OPNET modeler simulation testing of the new model with comparation with the standard model is presented. This new model enables the process of cooperation between QoS and Security in MANET. The introduction how the model is implemented to the simulation OPNET modeler is also showed. Model provides possibilities to integration and cooperation of QoS and security by the cross layer design (CLD with modified security service vector (SSV. An overview of the simulation tested of the new model, comparative study in mobile ad-hoc networks, describe requirements and directions for adapted solutions are presented. Main idea of the testing is to show how QoS and Security related services could be provided simultaneously with using minimal interfering with each service.

  10. Bacteriorhodopsin-based photochromic pigments for optical security applications

    Science.gov (United States)

    Hampp, Norbert A.; Fischer, Thorsten; Neebe, Martin

    2002-04-01

    Bacteriorhodopsin is a two-dimensional crystalline photochromic protein which is astonishingly stable towards chemical and thermal degradation. This is one of the reasons why this is one of the very few proteins which may be used as a biological pigment in printing inks. Variants of the naturally occurring bacteriorhodopsin have been developed which show a distinguished color change even with low light intensities and without the requirement of UV-light. Several pigments with different color changes are available right now. In addition to this visual detectable feature, the photochromism, the proteins amino acid sequence can be genetically altered in order to code and identify specific production lots. For advanced applications the data storage capability of bacteriorhodopsin will be useful. Write-once-read-many (WORM) recording of digital data is accomplished by laser excitation of printed bacteriorhodopsin inks. A density of 1 MBit per square inch is currently achieved. Several application examples for this biological molecule are described where low and high level features are used in combination. Bacteriorhodopsin-based inks are a new class of optical security pigments.

  11. Implementation of chaotic secure communication systems based on OPA circuits

    International Nuclear Information System (INIS)

    Huang, C.-K.; Tsay, S.-C.; Wu, Y.-R.

    2005-01-01

    In this paper, we proposed a novel three-order autonomous circuit to construct a chaotic circuit with double scroll characteristic. The design idea is to use RLC elements and a nonlinear resistor. The one of salient features of the chaotic circuit is that the circuit with two flexible breakpoints of nonlinear element, and the advantage of the flexible breakpoint is that it increased complexity of the dynamical performance. Here, if we take a large and suitable breakpoint value, then the chaotic state can masking a large input signal in the circuit. Furthermore, we proposed a secure communication hyperchaotic system based on the proposed chaotic circuits, where the chaotic communication system is constituted by a chaotic transmitter and a chaotic receiver. To achieve the synchronization between the transmitter and the receiver, we are using a suitable Lyapunov function and Lyapunov theorem to design the feedback control gain. Thus, the transmitting message masked by chaotic state in the transmitter can be guaranteed to perfectly recover in the receiver. To achieve the systems performance, some basic components containing OPA, resistor and capacitor elements are used to implement the proposed communication scheme. From the viewpoints of circuit implementation, this proposed chaotic circuit is superior to the Chua chaotic circuits. Finally, the test results containing simulation and the circuit measurement are shown to demonstrate that the proposed method is correct and feasible

  12. A developmental approach to learning causal models for cyber security

    Science.gov (United States)

    Mugan, Jonathan

    2013-05-01

    To keep pace with our adversaries, we must expand the scope of machine learning and reasoning to address the breadth of possible attacks. One approach is to employ an algorithm to learn a set of causal models that describes the entire cyber network and each host end node. Such a learning algorithm would run continuously on the system and monitor activity in real time. With a set of causal models, the algorithm could anticipate novel attacks, take actions to thwart them, and predict the second-order effects flood of information, and the algorithm would have to determine which streams of that flood were relevant in which situations. This paper will present the results of efforts toward the application of a developmental learning algorithm to the problem of cyber security. The algorithm is modeled on the principles of human developmental learning and is designed to allow an agent to learn about the computer system in which it resides through active exploration. Children are flexible learners who acquire knowledge by actively exploring their environment and making predictions about what they will find,1, 2 and our algorithm is inspired by the work of the developmental psychologist Jean Piaget.3 Piaget described how children construct knowledge in stages and learn new concepts on top of those they already know. Developmental learning allows our algorithm to focus on subsets of the environment that are most helpful for learning given its current knowledge. In experiments, the algorithm was able to learn the conditions for file exfiltration and use that knowledge to protect sensitive files.

  13. Zero based programming: a viable security budgeting approach.

    Science.gov (United States)

    Roll, Frederick G

    2003-01-01

    To get additional dollars or avoid budget cuts or personnel reductions, healthcare security directors should consider a budget approach that best justifies the needs of the department or organization.

  14. A Video Based System and Method for Improving Aircraft Security

    National Research Council Canada - National Science Library

    Meitzler, Tom; Ebenstein, Sam; Smith, Greg; Rodin, Yelena; Zorka, Nick

    2004-01-01

    In late September of 2001 the Commercial Airline Pilots Association (CAPA) endorsed president Bush's plan for improved airline security but expressed concern that it did not address many critical issues...

  15. Sensor Based Framework for Secure Multimedia Communication in VANET

    Science.gov (United States)

    Rahim, Aneel; Khan, Zeeshan Shafi; Bin Muhaya, Fahad T.; Sher, Muhammad; Kim, Tai-Hoon

    2010-01-01

    Secure multimedia communication enhances the safety of passengers by providing visual pictures of accidents and danger situations. In this paper we proposed a framework for secure multimedia communication in Vehicular Ad-Hoc Networks (VANETs). Our proposed framework is mainly divided into four components: redundant information, priority assignment, malicious data verification and malicious node verification. The proposed scheme jhas been validated with the help of the NS-2 network simulator and the Evalvid tool. PMID:22163462

  16. Sensor Based Framework for Secure Multimedia Communication in VANET

    Directory of Open Access Journals (Sweden)

    Tai-Hoon Kim

    2010-11-01

    Full Text Available Secure multimedia communication enhances the safety of passengers by providing visual pictures of accidents and danger situations. In this paper we proposed a framework for secure multimedia communication in Vehicular Ad-Hoc Networks (VANETs. Our proposed framework is mainly divided into four components: redundant information, priority assignment, malicious data verification and malicious node verification. The proposed scheme jhas been validated with the help of the NS-2 network simulator and the Evalvid tool.

  17. Analysis of theoretical security level of PDF Encryption mechanism based on X.509 certificates

    Directory of Open Access Journals (Sweden)

    Joanna Dmitruk

    2017-12-01

    Full Text Available PDF Encryption is a content security mechanism developed and used by Adobe in their products. In this paper, we have checked a theoretical security level of a variant that uses public key infrastructure and X.509 certificates. We have described a basis of this mechanism and we have performed a simple security analysis. Then, we have showed possible tweaks and security improvements. At the end, we have given some recommendations that can improve security of a content secured with PDF Encryption based on X.509 certificates. Keywords: DRM, cryptography, security level, PDF Encryption, Adobe, X.509

  18. 33 CFR 165.1120 - Security Zone; Naval Amphibious Base, San Diego, CA.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security Zone; Naval Amphibious Base, San Diego, CA. 165.1120 Section 165.1120 Navigation and Navigable Waters COAST GUARD, DEPARTMENT... § 165.1120 Security Zone; Naval Amphibious Base, San Diego, CA. (a) Location. The following area is a...

  19. 基于P—S—R模型的汕头市土地生态安全评价%Evaluation on Land Ecological Security in Shantou Based on P -S-R Model

    Institute of Scientific and Technical Information of China (English)

    杨春红; 张正栋; 田楠楠; 吴申凤; 张五美

    2012-01-01

    As one of the first Special Economic Zones in China,Shantou has a large population,with relatively little (arable) land. During the past 30 years,with the rapid economic growth,the ecological environment of Shantou also got through great changes. Using the Socio-economic development characteristics of Shantou as a case,we established land ecological security assessment system which was based on the 'P-S-R' concep tual framework mode, with the main data sources of 2001--2008 Shantou Statistical Yearbook, 2001-2008 Shantou Environmental Bulletin, etc. Then 19 indexes according to the concrete features of Shantou City were selected by using principal components analysis method and analytical hierarchy process theory, with referring to related literatures and studying achievements to confirm the weight of indexes, so as to evaluate the safe condition of land ecological security at Shantou from 2001 to 2008. Finally, the result of calculation showed that the integrated value of the land ecological security at Shantou was between adjacent safety and comparative safety statement, yet, with the trend of slight decline, which indicated that it was necessary to take measures to improve Shantou's land ecological environments. This research showed the current situation of Shantou, which was a reference for land ecological security planning and ecological security management.%汕头作为中国首批经济特区之一,人多地少是其一大特点,经历30a特区的建设和发展,在经济发展同时其生态环境也发生了较大的变化。以经济特区汕头市社会经济发展特点为出发点,基于P—S—R模型构建了一套包含3个准则19个指标的土地生态安全评价指标体系,采用主成分分析法确定指标权重,依据土地生态安全综合指数法对20012008年汕头土地生态安全状况进行了评价。结果表明:20012008年汕头市土地生态安全值在0.65上下摆动,

  20. CRYPTOGRAPHIC SECURE CLOUD STORAGE MODEL WITH ANONYMOUS AUTHENTICATION AND AUTOMATIC FILE RECOVERY

    Directory of Open Access Journals (Sweden)

    Sowmiya Murthy

    2014-10-01

    Full Text Available We propose a secure cloud storage model that addresses security and storage issues for cloud computing environments. Security is achieved by anonymous authentication which ensures that cloud users remain anonymous while getting duly authenticated. For achieving this goal, we propose a digital signature based authentication scheme with a decentralized architecture for distributed key management with multiple Key Distribution Centers. Homomorphic encryption scheme using Paillier public key cryptosystem is used for encrypting the data that is stored in the cloud. We incorporate a query driven approach for validating the access policies defined by an individual user for his/her data i.e. the access is granted to a requester only if his credentials matches with the hidden access policy. Further, since data is vulnerable to losses or damages due to the vagaries of the network, we propose an automatic retrieval mechanism where lost data is recovered by data replication and file replacement with string matching algorithm. We describe a prototype implementation of our proposed model.

  1. Advancing botnet modeling techniques for military and security simulations

    Science.gov (United States)

    Banks, Sheila B.; Stytz, Martin R.

    2011-06-01

    Simulation environments serve many purposes, but they are only as good as their content. One of the most challenging and pressing areas that call for improved content is the simulation of bot armies (botnets) and their effects upon networks and computer systems. Botnets are a new type of malware, a type that is more powerful and potentially dangerous than any other type of malware. A botnet's power derives from several capabilities including the following: 1) the botnet's capability to be controlled and directed throughout all phases of its activity, 2) a command and control structure that grows increasingly sophisticated, and 3) the ability of a bot's software to be updated at any time by the owner of the bot (a person commonly called a bot master or bot herder.) Not only is a bot army powerful and agile in its technical capabilities, a bot army can be extremely large, can be comprised of tens of thousands, if not millions, of compromised computers or it can be as small as a few thousand targeted systems. In all botnets, their members can surreptitiously communicate with each other and their command and control centers. In sum, these capabilities allow a bot army to execute attacks that are technically sophisticated, difficult to trace, tactically agile, massive, and coordinated. To improve our understanding of their operation and potential, we believe that it is necessary to develop computer security simulations that accurately portray bot army activities, with the goal of including bot army simulations within military simulation environments. In this paper, we investigate issues that arise when simulating bot armies and propose a combination of the biologically inspired MSEIR infection spread model coupled with the jump-diffusion infection spread model to portray botnet propagation.

  2. An Impact Assessment Model for Distributed Adaptive Security Situation Assessment

    National Research Council Canada - National Science Library

    Heckman, Mark; Joshi, Nikhil; Tylutki, Marcus; Levitt, Karl; Just, James; Clough, Lawrence

    2005-01-01

    The goal of any intrusion detection, anti-virus, firewall or other security mechanism is not simply to stop attacks, but to protect a computing resource so that the resource can continue to perform its function...

  3. A Security Risk Measurement for the RAdAC Model

    National Research Council Canada - National Science Library

    Britton, David W; Brown, Ian A

    2007-01-01

    .... The intent is to quantify the risk involved in a single information transaction. Additionally, this thesis will attempt to identify the risk factors involved when calculating the total security risk measurement...

  4. Improved Security Models & Protocols in Online Mobile Business Financial Transactions

    OpenAIRE

    Sreeramana Aithal

    2017-01-01

    Chapter I : Introduction to Mobile Business and Mobile Banking Chapter II : Review of Literature on Mobile Business Technology, Mobile Banking Services & Security Chapter III : Research Objectives and Methodology Chapter IV : Results and Discussion Chapter V : Summary and Conclusions Bibliography

  5. Adaptable Authentication Model - for Exploring the Weaker Notions of Security

    DEFF Research Database (Denmark)

    Ahmed, Naveed; Jensen, Christian D.

    achieve only a subset of all fine level goals. We believe that these flexible choices of attackers and security goals are more practical in many real world scenarios. An applications may require the protection against a weaker attacker and may require to achieve fewer security goals....... of communication security. One potent argument often presented is we keep designing new protocols due the demand of new type of applications and due to the discovery of flaws in existing protocols. While designing new protocols for new type of applications, such as RFID, is definitely an important driving factor....... In fact, the most of the published protocols are considered insecure from this point of view. In practice, however, this approach has a side effect, namely, we rarely bother to explore how much insecure is the protocol. This question asks us to explore the area between security and insecurity; after all...

  6. Using Bayesian Networks and Decision Theory to Model Physical Security

    National Research Council Canada - National Science Library

    Roberts, Nancy

    2003-01-01

    .... Cameras, sensors and other components used along with the simple rules in the home automation software provide an environment where the lights, security and other appliances can be monitored and controlled...

  7. Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems.

    Science.gov (United States)

    Sutrala, Anil Kumar; Das, Ashok Kumar; Odelu, Vanga; Wazid, Mohammad; Kumari, Saru

    2016-10-01

    Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home. Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin-Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed, which overcomes the security pitfalls of Amin-Biswas's scheme and also preserves user anonymity property. The careful formal security analysis using the two widely accepted Burrows-Abadi-Needham (BAN) logic and the random oracle models is done. Moreover, the informal security analysis of the scheme is also done. These security analyses show the robustness of our new scheme against the various known attacks as well as attacks found in Amin-Biswas's scheme. The simulation of the proposed scheme using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done. We present a new user authentication and session key agreement scheme for TMIS, which fixes the mentioned security pitfalls found in Amin-Biswas's scheme, and we also show that the proposed scheme provides better security than other existing schemes through the rigorous security analysis and verification tool. Furthermore, we present the formal security

  8. Landscape ecological security assessment based on projection pursuit in Pearl River Delta.

    Science.gov (United States)

    Gao, Yang; Wu, Zhifeng; Lou, Quansheng; Huang, Huamei; Cheng, Jiong; Chen, Zhangli

    2012-04-01

    Regional landscape ecological security is an important issue for ecological security, and has a great influence on national security and social sustainable development. The Pearl River Delta (PRD) in southern China has experienced rapid economic development and intensive human activities in recent years. This study, based on landscape analysis, provides a method to discover the alteration of character among different landscape types and to understand the landscape ecological security status. Based on remotely sensed products of the Landsat 5 TM images in 1990 and the Landsat 7 ETM+ images in 2005, landscape classification maps of nine cities in the PRD were compiled by implementing Remote Sensing and Geographic Information System technology. Several indices, including aggregation, crush index, landscape shape index, Shannon's diversity index, landscape fragile index, and landscape security adjacent index, were applied to analyze spatial-temporal characteristics of landscape patterns in the PRD. A landscape ecological security index based on these outcomes was calculated by projection pursuit using genetic algorithm. The landscape ecological security of nine cities in the PRD was thus evaluated. The main results of this research are listed as follows: (1) from 1990 to 2005, the aggregation index, crush index, landscape shape index, and Shannon's diversity index of nine cities changed little in the PRD, while the landscape fragile index and landscape security adjacent index changed obviously. The landscape fragile index of nine cities showed a decreasing trend; however, the landscape security adjacent index has been increasing; (2) from 1990 to 2005, landscape ecology of the cities of Zhuhai and Huizhou maintained a good security situation. However, there was a relatively low value of ecological security in the cities of Dongguan and Foshan. Except for Foshan and Guangzhou, whose landscape ecological security situation were slightly improved, the cities had reduced

  9. Hadoop-Based Healthcare Information System Design and Wireless Security Communication Implementation

    Directory of Open Access Journals (Sweden)

    Hongsong Chen

    2015-01-01

    Full Text Available Human health information from healthcare system can provide important diagnosis data and reference to doctors. However, continuous monitoring and security storage of human health data are challenging personal privacy and big data storage. To build secure and efficient healthcare application, Hadoop-based healthcare security communication system is proposed. In wireless biosensor network, authentication and key transfer should be lightweight. An ECC (Elliptic Curve Cryptography based lightweight digital signature and key transmission method are proposed to provide wireless secure communication in healthcare information system. Sunspot wireless sensor nodes are used to build healthcare secure communication network; wireless nodes and base station are assigned different tasks to achieve secure communication goal in healthcare information system. Mysql database is used to store Sunspot security entity table and measure entity table. Hadoop is used to backup and audit the Sunspot security entity table. Sqoop tool is used to import/export data between Mysql database and HDFS (Hadoop distributed file system. Ganglia is used to monitor and measure the performance of Hadoop cluster. Simulation results show that the Hadoop-based healthcare architecture and wireless security communication method are highly effective to build a wireless healthcare information system.

  10. An Enhanced Erasure Code-Based Security Mechanism for Cloud Storage

    Directory of Open Access Journals (Sweden)

    Wenfeng Wang

    2014-01-01

    Full Text Available Cloud computing offers a wide range of luxuries, such as high performance, rapid elasticity, on-demand self-service, and low cost. However, data security continues to be a significant impediment in the promotion and popularization of cloud computing. To address the problem of data leakage caused by unreliable service providers and external cyber attacks, an enhanced erasure code-based security mechanism is proposed and elaborated in terms of four aspects: data encoding, data transmission, data placement, and data reconstruction, which ensure data security throughout the whole traversing into cloud storage. Based on the mechanism, we implement a secure cloud storage system (SCSS. The key design issues, including data division, construction of generator matrix, data encoding, fragment naming, and data decoding, are also described in detail. Finally, we conduct an analysis of data availability and security and performance evaluation. Experimental results and analysis demonstrate that SCSS achieves high availability, strong security, and excellent performance.

  11. SOME QUESTIONS OF THE GRID AND NEURAL NETWORK MODELING OF AIRPORT AVIATION SECURITY CONTROL TASKS

    Directory of Open Access Journals (Sweden)

    N. Elisov Lev

    2017-01-01

    Full Text Available The authors’ original problem-solution-approach concerning aviation security management in civil aviation apply- ing parallel calculation processes method and the usage of neural computers is considered in this work. The statement of secure environment modeling problems for grid models and with the use of neural networks is presented. The research sub- ject area of this article is airport activity in the field of civil aviation, considered in the context of aviation security, defined as the state of aviation security against unlawful interference with the aviation field. The key issue in this subject area is aviation safety provision at an acceptable level. In this case, airport security level management becomes one of the main objectives of aviation security. Aviation security management is organizational-regulation in modern systems that can no longer correspond to changing requirements, increasingly getting complex and determined by external and internal envi- ronment factors, associated with a set of potential threats to airport activity. Optimal control requires the most accurate identification of management parameters and their quantitative assessment. The authors examine the possibility of applica- tion of mathematical methods for the modeling of security management processes and procedures in their latest works. Par- allel computing methods and network neurocomputing for modeling of airport security control processes are examined in this work. It is shown that the methods’ practical application of the methods is possible along with the decision support system, where the decision maker plays the leading role.

  12. Design and Implementation of GSM Based Automated Home Security System

    Directory of Open Access Journals (Sweden)

    Love Aggarwal

    2014-05-01

    Full Text Available The Automated Home Security System aims at building a security system for common households using GSM modem, sensors and microcontroller. Since many years, impeccable security system has been the prime need of every man who owns a house. The increasing crime rate has further pressed the need for it. Our system is an initiative in this direction. The system provides security function by monitoring the surroundings at home for intruders, fire, gas leakages etc. using sensors and issue alerts to the owners and local authorities by using GSM via SMS. It provides the automation function as it can control (On/Off the various home appliances while the owners are away via SMS. Thus the Automated Home Security System is self-sufficient and can be relied upon undoubtedly. Also, it is capable of establishing two way communication with its owner so that he/she can keep a watch on his/her home via sensor information or live video streaming. A camera can be installed for continuous monitoring of the system and its surroundings. The system consists of two main parts: hardware and software. Hardware consists of Microcontroller, Sensors, Buzzer and GSM modem while software is implemented by tools using Embedded ‘C’.

  13. Determinants of Food Security Status of Maize-Based Farming Households in Southern Guinea Savannah Area of Oyo State, Nigeria.

    Directory of Open Access Journals (Sweden)

    Oluwayemisi Abidemi Onasanya

    2016-05-01

    Full Text Available Nigeria is one of the countries in sub-Saharan Africa with insufficient food and high food import bill, which have debilitating effects on the productive capacity of the citizens. Maize is the most important cereal after rice and its production contributes immensely to food availability on the tables of many Nigerians. This study examined the contribution of maize production to household food security status of rural maize-farming households in the southern guinea savannah of Oyo state, Nigeria. A multistage sampling procedure was used to select 200 farm households and the data were analysed using descriptive statistics, recommended daily calorie requirement (RDCR approach, Logit model. Results showed that about three-quarters of the households were food secure and were able to meet the recommended calorie intake of 2260Kcal per capita per day. The shortfall index (P which measures the extent of deviation from the food security line, indicated that the food secure households exceeded the RDCR by 65%, while the food insecure households fell short of the RDCR by 31%. The logit model showed that maize output, gender, primary occupation of the farmer, farm size and farming experience had a positive influence on food security status while age had a negative influence on the food security status of maize-based farming households in the Southern Guinea Savannah of Oyo State, Nigeria. This suggests need for specific support to improve maize production

  14. Review of the model of technological pragmatism considering privacy and security

    Directory of Open Access Journals (Sweden)

    Kovačević-Lepojević Marina M.

    2013-01-01

    Full Text Available The model of technological pragmatism assumes awareness that technological development involves both benefits and dangers. Most modern security technologies represent citizens' mass surveillance tools, which can lead to compromising a significant amount of personal data due to the lack of institutional monitoring and control. On the other hand, people are interested in improving crime control and reducing the fear of potential victimization which this framework provides as a rational justification for the apparent loss of privacy, personal rights and freedoms. Citizens' perception on the categories of security and privacy, and their balancing, can provide the necessary guidelines to regulate the application of security technologies in the actual context. The aim of this paper is to analyze the attitudes of students at the University of Belgrade (N = 269 toward the application of security technology and identification of the key dimensions. On the basis of the relevant research the authors have formed assumptions about the following dimensions: security, privacy, trust in institutions and concern about the misuse of security technology. The Prise Questionnaire on Security Technology and Privacy was used for data collection. Factor analysis abstracted eight factors which together account for 58% of variance, with the highest loading of the four factors that are identified as security, privacy, trust and concern. The authors propose a model of technological pragmatism considering security and privacy. The data also showed that students are willing to change their privacy for the purpose of improving security and vice versa.

  15. Methodology for Applying Cyber Security Risk Evaluation from BN Model to PSA Model

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jin Soo; Heo, Gyun Young [Kyung Hee University, Youngin (Korea, Republic of); Kang, Hyun Gook [KAIST, Dajeon (Korea, Republic of); Son, Han Seong [Joongbu University, Chubu (Korea, Republic of)

    2014-08-15

    There are several advantages to use digital equipment such as cost, convenience, and availability. It is inevitable to use the digital I and C equipment replaced analog. Nuclear facilities have already started applying the digital system to I and C system. However, the nuclear facilities also have to change I and C system even though it is difficult to use digital equipment due to high level of safety, irradiation embrittlement, and cyber security. A cyber security which is one of important concerns to use digital equipment can affect the whole integrity of nuclear facilities. For instance, cyber-attack occurred to nuclear facilities such as the SQL slammer worm, stuxnet, DUQU, and flame. The regulatory authorities have published many regulatory requirement documents such as U.S. NRC Regulatory Guide 5.71, 1.152, IAEA guide NSS-17, IEEE Standard, and KINS Regulatory Guide. One of the important problem of cyber security research for nuclear facilities is difficulty to obtain the data through the penetration experiments. Therefore, we make cyber security risk evaluation model with Bayesian network (BN) for nuclear reactor protection system (RPS), which is one of the safety-critical systems to trip the reactor when the accident is happened to the facilities. BN can be used for overcoming these problems. We propose a method to apply BN cyber security model to probabilistic safety assessment (PSA) model, which had been used for safety assessment of system, structure and components of facility. The proposed method will be able to provide the insight of safety as well as cyber risk to the facility.

  16. Methodology for Applying Cyber Security Risk Evaluation from BN Model to PSA Model

    International Nuclear Information System (INIS)

    Shin, Jin Soo; Heo, Gyun Young; Kang, Hyun Gook; Son, Han Seong

    2014-01-01

    There are several advantages to use digital equipment such as cost, convenience, and availability. It is inevitable to use the digital I and C equipment replaced analog. Nuclear facilities have already started applying the digital system to I and C system. However, the nuclear facilities also have to change I and C system even though it is difficult to use digital equipment due to high level of safety, irradiation embrittlement, and cyber security. A cyber security which is one of important concerns to use digital equipment can affect the whole integrity of nuclear facilities. For instance, cyber-attack occurred to nuclear facilities such as the SQL slammer worm, stuxnet, DUQU, and flame. The regulatory authorities have published many regulatory requirement documents such as U.S. NRC Regulatory Guide 5.71, 1.152, IAEA guide NSS-17, IEEE Standard, and KINS Regulatory Guide. One of the important problem of cyber security research for nuclear facilities is difficulty to obtain the data through the penetration experiments. Therefore, we make cyber security risk evaluation model with Bayesian network (BN) for nuclear reactor protection system (RPS), which is one of the safety-critical systems to trip the reactor when the accident is happened to the facilities. BN can be used for overcoming these problems. We propose a method to apply BN cyber security model to probabilistic safety assessment (PSA) model, which had been used for safety assessment of system, structure and components of facility. The proposed method will be able to provide the insight of safety as well as cyber risk to the facility

  17. Reinforcement Learning Based Data Self-Destruction Scheme for Secured Data Management

    Directory of Open Access Journals (Sweden)

    Young Ki Kim

    2018-04-01

    Full Text Available As technologies and services that leverage cloud computing have evolved, the number of businesses and individuals who use them are increasing rapidly. In the course of using cloud services, as users store and use data that include personal information, research on privacy protection models to protect sensitive information in the cloud environment is becoming more important. As a solution to this problem, a self-destructing scheme has been proposed that prevents the decryption of encrypted user data after a certain period of time using a Distributed Hash Table (DHT network. However, the existing self-destructing scheme does not mention how to set the number of key shares and the threshold value considering the environment of the dynamic DHT network. This paper proposes a method to set the parameters to generate the key shares needed for the self-destructing scheme considering the availability and security of data. The proposed method defines state, action, and reward of the reinforcement learning model based on the similarity of the graph, and applies the self-destructing scheme process by updating the parameter based on the reinforcement learning model. Through the proposed technique, key sharing parameters can be set in consideration of data availability and security in dynamic DHT network environments.

  18. Blockchain-based Public Key Infrastructure for Inter-Domain Secure Routing

    OpenAIRE

    de la Rocha Gómez-Arevalillo , Alfonso; Papadimitratos , Panos

    2017-01-01

    International audience; A gamut of secure inter-domain routing protocols has been proposed in the literature. They use traditional PGP-like and centralized Public Key Infrastructures for trust management. In this paper, we propose our alternative approach for managing security associations, Secure Blockchain Trust Management (SBTM), a trust management system that instantiates a blockchain-based PKI for the operation of securerouting protocols. A main motivation for SBTM is to facilitate gradu...

  19. A Guanxi Shibboleth based security infrastructure for e-social science

    OpenAIRE

    Jie, Wei; Young, Alistair; Arshad, Junaid; Finch, June; Procter, Rob; Turner, Andy

    2008-01-01

    An e-Social Science infrastructure generally has security requirements to protect their restricted resources or services. As a widely accepted authentication and authorization technology, Shibboleth supports the sharing of resources on interinstitutional federation. Guanxi is an open source implementation of the Shibboleth protocol and architecture. In this paper, we propose a security infrastructure for e-social science based on the Guanxi Shibboleth. This security infrastructure presents tw...

  20. SECURE VISUAL SECRET SHARING BASED ON DISCRETE WAVELET TRANSFORM

    Directory of Open Access Journals (Sweden)

    S. Jyothi Lekshmi

    2015-08-01

    Full Text Available Visual Cryptography Scheme (VCS is an encryption method to encode secret written materials. This method converts the secret written material into an image. Then encode this secret image into n shadow images called shares. For the recreation of the original secret, all or some selected subsets of shares are needed; individual shares are of no use on their own. The secret image can be recovered simply by selecting some subset of these n shares, makes transparencies of them and stacking on top of each other. Nowadays, the data security has an important role. The shares can be altered by an attacker. So providing security to the shares is important. This paper proposes a method of adding security to cryptographic shares. This method uses two dimensional discrete wavelet transform to hide visual secret shares. Then the hidden secrets are distributed among participants through the internet. All hidden shares are extracted to reconstruct the secret.

  1. Modeling and simulation for cyber-physical system security research, development and applications.

    Energy Technology Data Exchange (ETDEWEB)

    Pollock, Guylaine M.; Atkins, William Dee; Schwartz, Moses Daniel; Chavez, Adrian R.; Urrea, Jorge Mario; Pattengale, Nicholas; McDonald, Michael James; Cassidy, Regis H.; Halbgewachs, Ronald D.; Richardson, Bryan T.; Mulder, John C.

    2010-02-01

    This paper describes a new hybrid modeling and simulation architecture developed at Sandia for understanding and developing protections against and mitigations for cyber threats upon control systems. It first outlines the challenges to PCS security that can be addressed using these technologies. The paper then describes Virtual Control System Environments (VCSE) that use this approach and briefly discusses security research that Sandia has performed using VCSE. It closes with recommendations to the control systems security community for applying this valuable technology.

  2. Behavioral Modeling of WSN MAC Layer Security Attacks: A Sequential UML Approach

    DEFF Research Database (Denmark)

    Pawar, Pranav M.; Nielsen, Rasmus Hjorth; Prasad, Neeli R.

    2012-01-01

    is the vulnerability to security attacks/threats. The performance and behavior of a WSN are vastly affected by such attacks. In order to be able to better address the vulnerabilities of WSNs in terms of security, it is important to understand the behavior of the attacks. This paper addresses the behavioral modeling...... of medium access control (MAC) security attacks in WSNs. The MAC layer is responsible for energy consumption, delay and channel utilization of the network and attacks on this layer can introduce significant degradation of the individual sensor nodes due to energy drain and in performance due to delays....... The behavioral modeling of attacks will be beneficial for designing efficient and secure MAC layer protocols. The security attacks are modeled using a sequential diagram approach of Unified Modeling Language (UML). Further, a new attack definition, specific to hybrid MAC mechanisms, is proposed....

  3. Utilization of Integrated Assessment Modeling for determining geologic CO2 storage security

    Science.gov (United States)

    Pawar, R.

    2017-12-01

    Geologic storage of carbon dioxide (CO2) has been extensively studied as a potential technology to mitigate atmospheric concentration of CO2. Multiple international research & development efforts, large-scale demonstration and commercial projects are helping advance the technology. One of the critical areas of active investigation is prediction of long-term CO2 storage security and risks. A quantitative methodology for predicting a storage site's long-term performance is critical for making key decisions necessary for successful deployment of commercial scale projects where projects will require quantitative assessments of potential long-term liabilities. These predictions are challenging given that they require simulating CO2 and in-situ fluid movements as well as interactions through the primary storage reservoir, potential leakage pathways (such as wellbores, faults, etc.) and shallow resources such as groundwater aquifers. They need to take into account the inherent variability and uncertainties at geologic sites. This talk will provide an overview of an approach based on integrated assessment modeling (IAM) to predict long-term performance of a geologic storage site including, storage reservoir, potential leakage pathways and shallow groundwater aquifers. The approach utilizes reduced order models (ROMs) to capture the complex physical/chemical interactions resulting due to CO2 movement and interactions but are computationally extremely efficient. Applicability of the approach will be demonstrated through examples that are focused on key storage security questions such as what is the probability of leakage of CO2 from a storage reservoir? how does storage security vary for different geologic environments and operational conditions? how site parameter variability and uncertainties affect storage security, etc.

  4. Secure data structures based on multi-party computation

    DEFF Research Database (Denmark)

    Toft, Tomas

    2011-01-01

    to be realized using MPC primitives, however, by focusing on a specific example -- a priority queue -- it is shown that it is possible to achieve much better results than the generic solutions can provide. Moreover, the techniques differ significantly from existing ORAM constructions. Indeed it has recently been...... shown that any information theoretically secure ORAM with n memory locations requires at least log n random bits per read/write to hide the access pattern. In contrast, the present construction achieves security with a completely deterministic access pattern....

  5. Notes on recent approaches concerning the Kirchhoff-law-Johnson-noise-based secure key exchange

    Science.gov (United States)

    Kish, Laszlo B.; Horvath, Tamas

    2009-08-01

    We critically analyze the results and claims in [P.-L. Liu, Phys. Lett. A 373 (2009) 901]. We show that the strong security leak appeared in the simulations is only an artifact and not caused by “multiple reflections”. Since no wave modes exist at cable length of 5% of the shortest wavelength of the signal, no wave is present to reflect it. In the high wave impedance limit, the conditions used in the simulations are heavily unphysical (requiring cable diameters up to 28000 times greater than the measured size of the known universe) and the results are modeling artifacts due to the unphysical values. At the low cable impedance limit, the observed artifacts are due to violating the recommended (and tested) conditions by neglecting the cable capacitance restrictions and using about 100 times longer cable than recommended without cable capacitance compensation arrangement. We implement and analyze the general circuitry of Liu's circulator [P.-L. Liu, Phys. Lett. A 373 (2009) 901] and confirm that they are conceptually secure against passive attacks. We introduce an asymmetric, more robust version without feedback loop. Then we crack all these systems by an active attack: a circulator-based man-in-the middle attack. Finally, we analyze the proposed method to increase security by dropping only high-risk bits. We point out the differences between different types of high-risk bits and show the shortage of this strategy for some simple key exchange protocols.

  6. Notes on recent approaches concerning the Kirchhoff-law-Johnson-noise-based secure key exchange

    International Nuclear Information System (INIS)

    Kish, Laszlo B.; Horvath, Tamas

    2009-01-01

    We critically analyze the results and claims in [P.-L. Liu, Phys. Lett. A 373 (2009) 901]. We show that the strong security leak appeared in the simulations is only an artifact and not caused by 'multiple reflections'. Since no wave modes exist at cable length of 5% of the shortest wavelength of the signal, no wave is present to reflect it. In the high wave impedance limit, the conditions used in the simulations are heavily unphysical (requiring cable diameters up to 28000 times greater than the measured size of the known universe) and the results are modeling artifacts due to the unphysical values. At the low cable impedance limit, the observed artifacts are due to violating the recommended (and tested) conditions by neglecting the cable capacitance restrictions and using about 100 times longer cable than recommended without cable capacitance compensation arrangement. We implement and analyze the general circuitry of Liu's circulator [P.-L. Liu, Phys. Lett. A 373 (2009) 901] and confirm that they are conceptually secure against passive attacks. We introduce an asymmetric, more robust version without feedback loop. Then we crack all these systems by an active attack: a circulator-based man-in-the middle attack. Finally, we analyze the proposed method to increase security by dropping only high-risk bits. We point out the differences between different types of high-risk bits and show the shortage of this strategy for some simple key exchange protocols.

  7. Notes on recent approaches concerning the Kirchhoff-law-Johnson-noise-based secure key exchange

    Energy Technology Data Exchange (ETDEWEB)

    Kish, Laszlo B., E-mail: Laszlo.Kish@ece.tamu.ed [Department of Electrical and Computer Engineering, Texas A and M University, College Station, TX 77843-3128 (United States); Horvath, Tamas, E-mail: tamas.horvath@iais.fraunhofer.d [Department of Computer Science, University of Bonn (Germany); Fraunhofer IAIS, Schloss Birlinghoven, D-53754 Sankt Augustin (Germany)

    2009-08-03

    We critically analyze the results and claims in [P.-L. Liu, Phys. Lett. A 373 (2009) 901]. We show that the strong security leak appeared in the simulations is only an artifact and not caused by 'multiple reflections'. Since no wave modes exist at cable length of 5% of the shortest wavelength of the signal, no wave is present to reflect it. In the high wave impedance limit, the conditions used in the simulations are heavily unphysical (requiring cable diameters up to 28000 times greater than the measured size of the known universe) and the results are modeling artifacts due to the unphysical values. At the low cable impedance limit, the observed artifacts are due to violating the recommended (and tested) conditions by neglecting the cable capacitance restrictions and using about 100 times longer cable than recommended without cable capacitance compensation arrangement. We implement and analyze the general circuitry of Liu's circulator [P.-L. Liu, Phys. Lett. A 373 (2009) 901] and confirm that they are conceptually secure against passive attacks. We introduce an asymmetric, more robust version without feedback loop. Then we crack all these systems by an active attack: a circulator-based man-in-the middle attack. Finally, we analyze the proposed method to increase security by dropping only high-risk bits. We point out the differences between different types of high-risk bits and show the shortage of this strategy for some simple key exchange protocols.

  8. Design of security scheme of the radiotherapy planning administration system based on the hospital information system

    International Nuclear Information System (INIS)

    Zhuang Yongzhi; Zhao Jinzao

    2010-01-01

    Objective: To design a security scheme of radiotherapy planning administration system. Methods: Power Builder 9i language was used to program the system through the model of client-server machine. Oracle 9i was used as the database server. Results In this system, user registration management, user login management, application-level functions of control, database access control, and audit trail were designed to provide system security. Conclusions: As a prototype for the security analysis and protection of this scheme provides security of the system, application system, important data and message, which ensures the system work normally. (authors)

  9. A MAS-Based Cloud Service Brokering System to Respond Security Needs of Cloud Customers

    Directory of Open Access Journals (Sweden)

    Jamal Talbi

    2017-03-01

    Full Text Available Cloud computing is becoming a key factor in computer science and an important technology for many organizations to deliver different types of services. The companies which provide services to customers are called as cloud service providers. The cloud users (CUs increase and require secure, reliable and trustworthy cloud service providers (CSPs from the market. So, it’s a challenge for a new customer to choose the highly secure provider. This paper presents a cloud service brokering system in order to analyze and rank the secured cloud service provider among the available providers list. This model uses an autonomous and flexible agent in multi-agent system (MASs that have an intelligent behavior and suitable tools for helping the brokering system to assess the security risks for the group of cloud providers which make decision of the more secured provider and justify the business needs of users in terms of security and reliability.

  10. Securing the second front: achieving first receiver safety and security through competency-based tools.

    Science.gov (United States)

    Jones, Jamal; Staub, Judith; Seymore, Andrew; Scott, Lancer A

    2014-12-01

    Limited research has focused on the safety and security of First Responders and Receivers, including clinicians, hospital workers, public safety officials, community volunteers, and other lay personnel, during public health emergencies. These providers are, in some cases, at greater peril during large-scale disasters due to their lack of training and inadequate resources to handle major influxes of patients. Exemplified in the 1995 Tokyo sarin gas attacks and the 2008 Wenchuan earthquakes, lack of training results in poor outcomes for both patients and First Receivers. The improvement of knowledge and comfort level of First Receivers preparing for a medical disaster via an affordable, repeatable emergency preparedness training (EPT) curriculum. A 5-hour EPT curriculum was developed including nine learning objectives, 18 competencies, and 34 performance objectives. Following brief didactic and small group sessions, interprofessional teams of four to six trainees were observed in a large patient simulator designed to recreate environmentally challenging (ie, flood evacuation), multi-patient scenarios using a novel technique developed to utilize trainees as actors. Trained observers assessed successful completion of 16 individual and 18 team performance objectives. Prior to training, team members completed a 24-question knowledge assessment, a demographic survey, and a comfort level self-assessment. Following training, trainees repeated the 24 questions, self-assessment, and course assessment. One hundred ninety-five participants completed the course between November 2012 and August 2013. One hundred ninety-one (98.5%), 150 (76.9%), and 66 (33.8%) participants completed the pretest, post-test, and course assessment, respectively. The mean (SD) percentage of correct answers between the pretest and post-test increased from 46.3 (13.4) to 75.3 (12.2), P safety and security of the "Second Front.

  11. ADVANCED SECURE EXAM MANAGEMENT SYSTEM THROUGH QR CODE BASED AUTHENTICATION

    OpenAIRE

    MR. OMKAR RAJENDRA URUNKAR , PROF. S. A. JOSHI

    2018-01-01

    M-Learning has enhanced the e-learning by making the learning process learner-centered. However, obligating exam security in environments which are open, every student has devices or Laptop connected to a Wi-Fi network or internet.

  12. Improving DNS security : a measurement-based approach

    NARCIS (Netherlands)

    van Rijswijk-Deij, Roland

    2017-01-01

    The Domain Name System (DNS) is a vital part of the core infrastructure of the Internet. It maps human readable names (such as www.example.com) to machine readable information (such as 93.184.216.34). This thesis studies two aspects of the DNS. First, it studies problems in the DNS Security

  13. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. Currently companies achieve this by means of

  14. Performance and Security Evaluation of Biometric-Based Web ...

    African Journals Online (AJOL)

    PROF. O. E. OSUAGWU

    2013-12-01

    Dec 1, 2013 ... vulnerabilities that have put different business organisations ... guidelines aimed at managing the risks from the open nature of ... Automated Attendance Management System ... effects of aging, the small-scale radial features of the iris ..... [1] Dror, E. & Shaikh, A., 2005. ... Fundamentals of Network Security.

  15. Application of the JDL data fusion process model for cyber security

    Science.gov (United States)

    Giacobe, Nicklaus A.

    2010-04-01

    A number of cyber security technologies have proposed the use of data fusion to enhance the defensive capabilities of the network and aid in the development of situational awareness for the security analyst. While there have been advances in fusion technologies and the application of fusion in intrusion detection systems (IDSs), in particular, additional progress can be made by gaining a better understanding of a variety of data fusion processes and applying them to the cyber security application domain. This research explores the underlying processes identified in the Joint Directors of Laboratories (JDL) data fusion process model and further describes them in a cyber security context.

  16. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization (extended version)

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.

    2010-01-01

    Today, companies are required to be in control of the security of their IT assets. This is especially challenging in the presence of limited budgets and conflicting requirements. Here, we present Risk-Based Requirements Elicitation and Prioritization (RiskREP), a method for managing IT security

  17. RiskREP : risk-based security requirements elicitation and prioritization

    NARCIS (Netherlands)

    Herrmann, A.; Morali, A.; Etalle, S.; Wieringa, R.J.

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement "good-enough security" but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  18. Dynamic Security Assessment of Danish Power System Based on Decision Trees: Today and Tomorrow

    DEFF Research Database (Denmark)

    Rather, Zakir Hussain; Liu, Leo; Chen, Zhe

    2013-01-01

    The research work presented in this paper analyzes the impact of wind energy, phasing out of central power plants and cross border power exchange on dynamic security of Danish Power System. Contingency based decision tree (DT) approach is used to assess the dynamic security of present and future...

  19. An Evaluation Methodology for the Usability and Security of Cloud-based File Sharing Technologies

    Science.gov (United States)

    2012-09-01

    FISMA, ISO 27001 , FIPS 140-2, and ISO 270001) indicate a cloud-based service’s compliance with industry standard security controls, management and...Information Assurance IEEE Institute of Electrical and Electronics Engineers IT Information Technology ITS Insider Threat Study ISO International...effectively, efficiently and with satisfaction” (International Organization for Standardization [ ISO ], 1998). Alternately, information security

  20. 75 FR 79320 - Security-Based Swap Data Repository Registration, Duties, and Core Principles

    Science.gov (United States)

    2010-12-20

    ... SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 240 and 249 [Release No. 34-63347; File No. S7-35-10] RIN 3235-AK79 Security-Based Swap Data Repository Registration, Duties, and Core Principles Correction In proposed rule document 2010-29719 beginning on page 77306 in the issue of December 10, 2010...