Security of supply in electricity markets: Improving cost efficiency of supplying security and possible welfare gains

DEFF Research Database (Denmark)

Klinge Jacobsen, Henrik; Grenaa Jensen, Stine

2012-01-01

In liberalised markets the ability to maintain security of electricity supply is questioned because security is characterised as a public good. We discuss if this property can be modified with changing technology. Furthermore, we examine if construction of markets for security can be justified...... by possible welfare gains. From a welfare perspective it is possible that security levels are too high and obtained with too high costs. Adjusting the effort so that marginal cost for securing supply is at similar levels in generation capacity and in network maintenance could increase welfare even without...... the need to construct markets. Secondarily, a consumer defined average level of security might improve welfare. Finally, different willingness to pay among customers and construction of advanced markets might increase welfare further. We argue that several cost and welfare improvements can be achieved...

Process Improvement Should Link to Security: SEPG 2007 Security Track Recap

National Research Council Canada - National Science Library

Woody, Carol

2007-01-01

...; organizations must support an expensive unending update-and-upgrade cycle. Process improvement has been proposed as a mechanism for addressing security challenges, but the Capability Maturity Model Integration (CMMI[registered name...

Improving the redistribution of the security lessons in healthcare: An evaluation of the Generic Security Template.

Science.gov (United States)

He, Ying; Johnson, Chris

2015-11-01

The recurrence of past security breaches in healthcare showed that lessons had not been effectively learned across different healthcare organisations. Recent studies have identified the need to improve learning from incidents and to share security knowledge to prevent future attacks. Generic Security Templates (GSTs) have been proposed to facilitate this knowledge transfer. The objective of this paper is to evaluate whether potential users in healthcare organisations can exploit the GST technique to share lessons learned from security incidents. We conducted a series of case studies to evaluate GSTs. In particular, we used a GST for a security incident in the US Veterans' Affairs Administration to explore whether security lessons could be applied in a very different Chinese healthcare organisation. The results showed that Chinese security professional accepted the use of GSTs and that cyber security lessons could be transferred to a Chinese healthcare organisation using this approach. The users also identified the weaknesses and strengths of GSTs, providing suggestions for future improvements. Generic Security Templates can be used to redistribute lessons learned from security incidents. Sharing cyber security lessons helps organisations consider their own practices and assess whether applicable security standards address concerns raised in previous breaches in other countries. The experience gained from this study provides the basis for future work in conducting similar studies in other healthcare organisations. Copyright © 2015 Elsevier Ireland Ltd. All rights reserved.

The Justice of Improving Security and Confronting Poverty

DEFF Research Database (Denmark)

Farah, Abdulkadir Osman

2016-01-01

Following decades of postcolonial dictatorships and authoritarianism, many African countries have experienced expanded efforts by transnational organizations—from both top down and bottom up—aimed at alleviating poverty and improving security. This article provides a partial inventory of such eff......Following decades of postcolonial dictatorships and authoritarianism, many African countries have experienced expanded efforts by transnational organizations—from both top down and bottom up—aimed at alleviating poverty and improving security. This article provides a partial inventory...

Nuclear security. Improving correction of security deficiencies at DOE's weapons facilities

International Nuclear Information System (INIS)

Wells, James E.; Cannon, Doris E.; Fenzel, William F.; Lightner, Kenneth E. Jr.; Curtis, Lois J.; DuBois, Julia A.; Brown, Gail W.; Trujillo, Charles S.; Tumler, Pamela K.

1992-11-01

The US nuclear weapons research, development, and production are conducted at 10 DOE nuclear weapons facilities by contractors under the guidance and oversight of 9 DOE field offices. Because these facilities house special nuclear materials used in making nuclear weapons and nuclear weapons components, DOE administers a security program to protect (1) against theft, sabotage, espionage, terrorism, or other risks to national security and (2) the safety and health of DOE employees and the public. DOE spends almost $1 billion a year on this security program. DOE administers the security program through periodic inspections that evaluate and monitor the effectiveness of facilities' safeguards and security. Security inspections identify deficiencies, instances of noncompliance with safeguards and security requirements or poor performance of the systems being evaluated, that must be corrected to maintain adequate security. The contractors and DOE share responsibility for correcting deficiencies. Contractors, in correcting deficiencies, must comply with several DOE orders. The contractors' performances were not adequate in conducting four of the eight procedures considered necessary in meeting DOE's deficiency correction requirements. For 19 of the 20 deficiency cases we reviewed, contractors could not demonstrate that they had conducted three critical deficiency analyses (root cause, risk assessment, and cost-benefit) required by DOE. Additionally, the contractors did not always adequately verify that corrective actions taken were appropriate, effective, and complete. The contractors performed the remaining four procedures (reviewing deficiencies for duplication, entering deficiencies into a data base, tracking the status of deficiencies, and preparing and implementing a corrective action plan) adequately in all 20 cases. DOE's oversight of the corrective action process could be improved in three areas. The computerized systems used to track the status of security

Security improvements for rail movements of SNM

International Nuclear Information System (INIS)

Garcia, M.R.; Gronager, J.E.; Shemigon, N.N.

1998-01-01

The US Department of Energy (DOE) and the Russian Special Scientific and Production State Enterprise Eleron have teamed to lead a project to enhance the overall security of Russian Ministry of Atomic Energy (MINATOM) transportation of Special Nuclear Material (SNM) shipments. The effort is called the Railcar Transportation Security Project and is part of the overall DOE Material Protection, Control, and Accounting (MPC and A) program addressing the enhancement of nuclear material control, accounting, and physical protection for Russian SNM. The goal of this MPC and A project is to significantly increase the security of Russian MINATOM highly enriched SNM rail shipments. To accomplish this, the MPC and A Railcar Transportation Security program will provide an enhanced, yet cost effective, railcar transportation security system. The system incorporates a balance between the traditional detection, communications, delay, and response security elements to significantly improve the security of MINATOM SNM shipments. The strategy of this program is to use rapid upgrades to implement mature security technologies as quickly as possible. The rapid upgrades emphasize rapidly deployable delay elements, enhanced radio communications, and intrusion detection and surveillance. Upgraded railcars have begun operation during FY98. Subsequent upgrades will build upon the rapid upgrades and eventually be integrated into a final deployed system configuration. This paper provides an overview of the program, with a summary of performance of the deployed railcars

Empowerment and BYOx: Towards Improved IS Security Compliance

DEFF Research Database (Denmark)

Welck, Maximilian von; Trenz, Manuel; Jensen, Tina Blegind

2017-01-01

Non-compliant employees continue to pose a serious threat to information systems security. Most attempts to increase compliant behavior rely on measures that reduce employees’ latitude. However, recent studies suggest that this indeed eventuates in less compliance due to adverse behaviors...... outline how this novel approach to improve IS security compliance can be developed and investigated further....

BIOTECHNOLOGY CAN IMPROVE FOOD SECURITY IN AFRICA ...

African Journals Online (AJOL)

BIOTECHNOLOGY CAN IMPROVE FOOD SECURITY IN AFRICA. ... and capacity to innovate and patent new materials as well as enforce biosafety requirements. In order for countries to access biotechnology products or technologies, it will ...

Security improvement by using a modified coherent state for quantum cryptography

International Nuclear Information System (INIS)

Lu, Y.J.; Zhu, Luobei; Ou, Z.Y.

2005-01-01

Weak coherent states as a photon source for quantum cryptography have a limit in secure data rate and transmission distance because of the presence of multiphoton events and loss in transmission line. Two-photon events in a coherent state can be taken out by a two-photon interference scheme. We investigate the security issue of utilizing this modified coherent state in quantum cryptography. A 4-dB improvement in the secure data rate or a nearly twofold increase in transmission distance over the coherent state are found. With a recently proposed and improved encoding strategy, further improvement is possible

IAEA-EU Joint Action Partnership in Improving Nuclear Security

International Nuclear Information System (INIS)

2011-12-01

Nuclear and other radioactive material is on the move and in demand. Used in peaceful applications such as energy, medicine, research and industry, it improves the daily lives of individuals worldwide. Nonetheless, the risk posed by it falling into the wrong hands is a real and growing concern of the international community and one that demands improved nuclear security. Steps to bolster nuclear security and mitigate this risk include accounting for and securing nuclear and radioactive material as well as their related facilities, and helping to prevent theft, sabotage and use with malicious intent. Strong legislative, regulatory and enforcement frameworks, enhanced national capacity, and increased international cooperation in protecting against, and preparing for, any scenario strengthens these measures further. As a result, the Board of Governors of the International Atomic Energy Agency (IAEA) approved a plan of activities in 2002 to improve nuclear security worldwide. In 2003, the Council of the European Union (EU) adopted its Strategy against Proliferation of Weapons of Mass Destruction. Since then, five Contribution Agreements between the European Commission (EC) and the IAEA have been undertaken to provide financial support to IAEA activities in the areas of nuclear security and verification. These 'Joint Actions' assist States in strengthening their nuclear security infrastructure and underscore both the EU and IAEA's commitment to effective cooperation. IAEA-EU JOINT ACTION. The IAEA works to improve and strengthen national nuclear security programmes worldwide. EU support helps to advance the IAEA's efforts by raising awareness and improving understanding of nuclear security and its many component parts. Priority is given to those States that need to determine what radioactive and nuclear material they have, how to control it and how to reduce the risk it poses. Efforts focus on three main areas, strengthening: (i) States' legislative and regulatory

Communications and Integration Enhancements to Improve Homeland Security

National Research Council Canada - National Science Library

Sando, Terrance W

2007-01-01

.... Homeland Security responses. These technology enhancements and processes combined with the force capabilities that the National Guard has recently created, when integrated with other national capabilities, will greatly improve...

Improving the security of quantum protocols via commit-and-open

NARCIS (Netherlands)

I.B. Damgård (Ivan); S. Fehr (Serge); C. Luneman; L. Salvail (Louis); C. Schaffner (Christian)

2009-01-01

htmlabstractWe consider two-party quantum protocols starting with a transmission of some random BB84 qubits followed by classical messages. We show a general compiler improving the security of such protocols: if the original protocol is secure against an almost honest adversary, then the

Simple, low-cost ways to dramatically improve the security of tags and seals

International Nuclear Information System (INIS)

Johnston, R.G.; Garcia, A.R.E.

1999-01-01

The Vulnerability Assessment Team at Los Alamos National Laboratory has analyzed over 100 different tags and security seals (tamper-indicating devices). We have demonstrated how all these security products can be defeated quickly, easily, and inexpensively using low-tech methods. In our view, most of these security devices can be significantly improved with minor changes in their design and/or in how they are used. In this paper, we present some generic suggestions for improving the security and reliability of tags and seals. (author)

Improving the security of the Hwang-Su protocol for mobile networks

African Journals Online (AJOL)

user

Improving the security of the Hwang-Su protocol for mobile networks. Miloud Ait Hemad, My ... Furthermore, the wireless data channel is low data rate. These restrictions have an ..... Research in Security and Privacy. Wu T. Y. and Tsen Y. M., ...

Report: EPA Improved Its National Security Information Program, but Some Improvements Still Needed

Science.gov (United States)

Report #16-P-0196, June 2, 2016. The EPA will continue to improve its national security information program by completing information classification guides that can be used uniformly and consistently throughout the agency.

Citizen-based Strategies to Improve Community Security: Working ...

International Development Research Centre (IDRC) Digital Library (Canada)

Citizen-based Strategies to Improve Community Security: Working with Vulnerable Populations to Address Urban Violence in Medellin ... Water Resources Association, in close collaboration with IDRC, is holding a webinar titled “Climate change and adaptive water management: Innovative solutions from the Global South”.

Information and technology: Improving food security in Uganda ...

International Development Research Centre (IDRC) Digital Library (Canada)

2014-06-23

Jun 23, 2014 ... Information and technology: Improving food security in Uganda ... knowledge to make decisions about planting, harvesting, and managing livestock, but ... to be effective for minimizing risks and increasing agricultural productivity. ... In time, this network of information – made possible by digital technology ...

Improving method for calculating integral index of personnel security of company

Directory of Open Access Journals (Sweden)

Chjan Khao Yui

2016-06-01

Full Text Available The paper improves the method of calculating the integral index of personnel security of a company. The author has identified four components of personnel security (social and motivational safety, occupational safety, not confliction security, life safety which are characterized by certain indicators. Integral index of personnel security is designed for the enterprises of machine-building sector in Kharkov region, taking into account theweight coefficients j-th component of bj, and weighting factors that determine the degree of contribution of the ith parameter in the integral index aіj as defined by experts.

Healthier, more nutritious potatoes improve food security in Colombia

International Development Research Centre (IDRC) Digital Library (Canada)

2016-04-26

Apr 26, 2016 ... Healthier, more nutritious potatoes improve food security in Colombia ... farmers, have high commercial potential, and are popular with consumers. ... children and adolescents is an alarming trend throughout the Caribbean.

New bean products to improve food security | IDRC - International ...

International Development Research Centre (IDRC) Digital Library (Canada)

2016-04-21

... Agricultural Research Organisation and the Kenya Agricultural and Livestock Research ... New bean products to improve food security. April 21, 2016. Image ... more lucrative market for smallholder bean farmers, most of whom are women.

Cryptanalysis and security improvements of 'two-factor user authentication in wireless sensor networks'.

Science.gov (United States)

Khan, Muhammad Khurram; Alghathbar, Khaled

2010-01-01

User authentication in wireless sensor networks (WSN) is a critical security issue due to their unattended and hostile deployment in the field. Since sensor nodes are equipped with limited computing power, storage, and communication modules; authenticating remote users in such resource-constrained environments is a paramount security concern. Recently, M.L. Das proposed a two-factor user authentication scheme in WSNs and claimed that his scheme is secure against different kinds of attack. However, in this paper, we show that the M.L. Das-scheme has some critical security pitfalls and cannot be recommended for real applications. We point out that in his scheme: users cannot change/update their passwords, it does not provide mutual authentication between gateway node and sensor node, and is vulnerable to gateway node bypassing attack and privileged-insider attack. To overcome the inherent security weaknesses of the M.L. Das-scheme, we propose improvements and security patches that attempt to fix the susceptibilities of his scheme. The proposed security improvements can be incorporated in the M.L. Das-scheme for achieving a more secure and robust two-factor user authentication in WSNs.

Improving Reliability, Security, and Efficiency of Reconfigurable Hardware Systems (Habilitation)

NARCIS (Netherlands)

Ziener, Daniel

2017-01-01

In this treatise,  my research on methods to improve efficiency, reliability, and security of reconfigurable hardware systems, i.e., FPGAs, through partial dynamic reconfiguration is outlined. The efficiency of reconfigurable systems can be improved by loading optimized data paths on-the-fly on an

Improving Food and Nutrition Security in the Philippines through ...

International Development Research Centre (IDRC) Digital Library (Canada)

Improving food and nutrition security in the Philippines through school ... Implementation of the Community Health Assessment Program in the Philippines ... This project will address the effects of fast-paced economic growth in the Greater ...

Improved security detection strategy in quantum secure direct communication protocol based on four-particle Green-Horne-Zeilinger state

Energy Technology Data Exchange (ETDEWEB)

Li, Jian; Nie, Jin-Rui; Li, Rui-Fan [Beijing Univ. of Posts and Telecommunications, Beijing (China). School of Computer; Jing, Bo [Beijing Univ. of Posts and Telecommunications, Beijing (China). School of Computer; Beijing Institute of Applied Meteorology, Beijing (China). Dept. of Computer Science

2012-06-15

To enhance the efficiency of eavesdropping detection in the quantum secure direct communication protocol, an improved quantum secure direct communication protocol based on a four-particle Green-Horne-Zeilinger (GHZ) state is presented. In the protocol, the four-particle GHZ state is used to detect eavesdroppers, and quantum dense coding is used to encode the message. In the security analysis, the method of entropy theory is introduced, and two detection strategies are compared quantitatively by using the constraint between the information that the eavesdroppers can obtain and the interference that has been introduced. If the eavesdropper wants to obtain all the information, the detection rate of the quantum secure direct communication using an Einstein-Podolsky-Rosen (EPR) pair block will be 50% and the detection rate of the presented protocol will be 87%. At last, the security of the proposed protocol is discussed. The analysis results indicate that the protocol proposed is more secure than the others. (orig.)

Towards improving security measures in Nigeria University Libraries ...

African Journals Online (AJOL)

A questionnaire designed by the researchers titled “Towards Improving Security Measures in Nigerian University Libraries (TISMINUL)” was used to collect the needed data. The questionnaire was designed in two parts. Part one was to gather information on the size of collection, frequency of stock taking and book loss.

Sustainability impact assessment to improve food security of smallholders in Tanzania

International Nuclear Information System (INIS)

Schindler, Jana; Graef, Frieder; König, Hannes Jochen; Mchau, Devotha; Saidia, Paul; Sieber, Stefan

2016-01-01

The objective of this paper was to assess the sustainability impacts of planned agricultural development interventions, so called upgrading strategies (UPS), to enhance food security and to identify what advantages and risks are assessed from the farmer's point of view in regards to social life, the economy and the environment. We developed a participatory methodological procedure that links food security and sustainable development. Farmers in four different case study villages in rural Tanzania chose their priority UPS. For these UPS, they assessed the impacts on locally relevant food security criteria. The positive impacts identified were mainly attributed to increased agricultural production and its related positive impacts such as increased income and improved access to necessary means to diversify the diet. However, several risks of certain UPS were also indicated by farmers, such as increased workload, high maintenance costs, higher competition among farmers, loss of traditional knowledge and social conflicts. We discussed the strong interdependence of socio-economic and environmental criteria to improve food security for small-scale farmers and analysed several trade-offs in regards to UPS choices and food security criteria. We also identified and discussed the advantages and challenges of our methodological approach. In conclusion, the participatory impact assessment on the farmer level allowed a locally specific analysis of the various positive and negative impacts of UPS on social life, the economy and the environment. We emphasize that only a development approach that considers social, economic and environmental challenges simultaneously can enhance food security.

78 FR 69433 - Executive Order 13650 Improving Chemical Facility Safety and Security Listening Sessions

Science.gov (United States)

2013-11-19

... Chemical Facility Safety and Security Listening Sessions AGENCY: National Protection and Programs... from stakeholders on issues pertaining to Improving Chemical Facility Safety and Security (Executive... regulations, guidance, and policies; and identifying best practices in chemical facility safety and security...

Security analysis and improvements to the PsychoPass method.

Science.gov (United States)

Brumen, Bostjan; Heričko, Marjan; Rozman, Ivan; Hölbl, Marko

2013-08-13

In a recent paper, Pietro Cipresso et al proposed the PsychoPass method, a simple way to create strong passwords that are easy to remember. However, the method has some security issues that need to be addressed. To perform a security analysis on the PsychoPass method and outline the limitations of and possible improvements to the method. We used the brute force analysis and dictionary attack analysis of the PsychoPass method to outline its weaknesses. The first issue with the Psychopass method is that it requires the password reproduction on the same keyboard layout as was used to generate the password. The second issue is a security weakness: although the produced password is 24 characters long, the password is still weak. We elaborate on the weakness and propose a solution that produces strong passwords. The proposed version first requires the use of the SHIFT and ALT-GR keys in combination with other keys, and second, the keys need to be 1-2 distances apart. The proposed improved PsychoPass method yields passwords that can be broken only in hundreds of years based on current computing powers. The proposed PsychoPass method requires 10 keys, as opposed to 20 keys in the original method, for comparable password strength.

A Video Based System and Method for Improving Aircraft Security

National Research Council Canada - National Science Library

Meitzler, Tom; Ebenstein, Sam; Smith, Greg; Rodin, Yelena; Zorka, Nick

2004-01-01

In late September of 2001 the Commercial Airline Pilots Association (CAPA) endorsed president Bush's plan for improved airline security but expressed concern that it did not address many critical issues...

Information Technology Management: Social Security Administration Practices Can Be Improved

National Research Council Canada - National Science Library

Shaw, Clay

2001-01-01

To improve SSAs IT management practices, we recommend that the Acting Commissioner of Social Security direct the Chief Information Officer and the Deputy Commissioner for Systems to complete the following actions...

Sustainability impact assessment to improve food security of smallholders in Tanzania

Energy Technology Data Exchange (ETDEWEB)

Schindler, Jana, E-mail: jana.schindler@zalf.de [Leibniz Centre for Agricultural Landscape Research (ZALF), Institute of Land Use Systems, Eberswalder Straße 84, 15374 Müncheberg (Germany); Humboldt Universität zu Berlin, Faculty of Agriculture and Horticulture, Invalidenstr. 42, 10099 Berlin (Germany); Graef, Frieder, E-mail: graef@zalf.de [Leibniz Centre for Agricultural Landscape Research (ZALF), Institute of Land Use Systems, Eberswalder Straße 84, 15374 Müncheberg (Germany); König, Hannes Jochen, E-mail: hkoenig@zalf.de [Leibniz Centre for Agricultural Landscape Research (ZALF), Institute of Land Use Systems, Eberswalder Straße 84, 15374 Müncheberg (Germany); Mchau, Devotha, E-mail: dvtmchau@yahoo.com [Agricultural Research Institute (ARI Hombolo/Makutupora), P. O. Box 1676, Dodoma (Tanzania, United Republic of); Saidia, Paul, E-mail: saidiapaul@gmail.com [Sokoine University of Agriculture (SUA) Morogoro, Department of Crop Science and Production, P O. Box 3005, Morogoro (Tanzania, United Republic of); Sieber, Stefan, E-mail: stefan.sieber@zalf.de [Leibniz Centre for Agricultural Landscape Research (ZALF), Institute of Socio-Economics, Eberswalder Straße 84, 15374 Müncheberg (Germany)

2016-09-15

The objective of this paper was to assess the sustainability impacts of planned agricultural development interventions, so called upgrading strategies (UPS), to enhance food security and to identify what advantages and risks are assessed from the farmer's point of view in regards to social life, the economy and the environment. We developed a participatory methodological procedure that links food security and sustainable development. Farmers in four different case study villages in rural Tanzania chose their priority UPS. For these UPS, they assessed the impacts on locally relevant food security criteria. The positive impacts identified were mainly attributed to increased agricultural production and its related positive impacts such as increased income and improved access to necessary means to diversify the diet. However, several risks of certain UPS were also indicated by farmers, such as increased workload, high maintenance costs, higher competition among farmers, loss of traditional knowledge and social conflicts. We discussed the strong interdependence of socio-economic and environmental criteria to improve food security for small-scale farmers and analysed several trade-offs in regards to UPS choices and food security criteria. We also identified and discussed the advantages and challenges of our methodological approach. In conclusion, the participatory impact assessment on the farmer level allowed a locally specific analysis of the various positive and negative impacts of UPS on social life, the economy and the environment. We emphasize that only a development approach that considers social, economic and environmental challenges simultaneously can enhance food security.

Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’

Directory of Open Access Journals (Sweden)

Muhammad Khurram Khan

2010-03-01

Full Text Available User authentication in wireless sensor networks (WSN is a critical security issue due to their unattended and hostile deployment in the field. Since sensor nodes are equipped with limited computing power, storage, and communication modules; authenticating remote users in such resource-constrained environments is a paramount security concern. Recently, M.L. Das proposed a two-factor user authentication scheme in WSNs and claimed that his scheme is secure against different kinds of attack. However, in this paper, we show that the M.L. Das-scheme has some critical security pitfalls and cannot be recommended for real applications. We point out that in his scheme: users cannot change/update their passwords, it does not provide mutual authentication between gateway node and sensor node, and is vulnerable to gateway node bypassing attack and privileged-insider attack. To overcome the inherent security weaknesses of the M.L. Das-scheme, we propose improvements and security patches that attempt to fix the susceptibilities of his scheme. The proposed security improvements can be incorporated in the M.L. Das-scheme for achieving a more secure and robust two-factor user authentication in WSNs.

Secure Intra-Body Wireless Communications (SIWiC) System Project

Science.gov (United States)

Ahmad, Aftab; Doggett, Terrence P.

2011-01-01

SIWiC System is a project to investigate, design and implement future wireless networks of implantable sensors in the body. This futuristic project is designed to make use of the emerging and yet-to-emerge technologies, including ultra-wide band (UWB) for wireless communications, smart implantable sensors, ultra low power networking protocols, security and privacy for bandwidth and power deficient devices and quantum computing. Progress in each of these fronts is hindered by the needs of breakthrough. But, as we will see in this paper, these major challenges are being met or will be met in near future. SIWiC system is a network of in-situ wireless devices that are implanted to coordinate sensed data inside the body, such as symptoms monitoring collected internally, or biometric data collected of an outside object from within the intra-body network. One node has the capability of communicating outside the body to send data or alarm to a relevant authority, e.g., a remote physician.

PV in Japan - improving energy security?

International Nuclear Information System (INIS)

Anon

2002-01-01

Currently, almost 80% of Japan's primary energy is imported and about 50% of this comes from politically unstable countries. The Japanese are now working hard to improve energy security in a clean and sustainable fashion. Since the wind patterns are not favourable for wind power, the emphasis is on photovoltaics (PVs), and many companies that once manufactured integrated circuits are now working on solar cells where their knowledge and experience of mass production, quality control, sales and marketing stand them in good stead. It is expected that the Japanese will be world leaders in the making and export of solar equipment, as well as one of the world's greatest users

Analytical approximations for thermophysical properties of supercritical nitrogen (SCN) to be used in futuristic high temperature superconducting (HTS) cables

Energy Technology Data Exchange (ETDEWEB)

Dondapati, Raja Sekhar, E-mail: drsekhar@ieee.org [School of Mechanical Engineering, Lovely Professional University, Phagwara, Punjab 144401 (India); Ravula, Jeswanth [School of Mechanical Engineering, Lovely Professional University, Phagwara, Punjab 144401 (India); Thadela, S. [Department of Mechanical Engineering, Andhra University, Visakhapatnam, Andhra Pradesh (India); Usurumarti, Preeti Rao [Department of Mechanical Engineering, P.V.K. Institute of Technology, Anantapur, Andhra Pradesh (India)

2015-12-15

Future power transmission applications demand higher efficiency due to the limited resources of energy. In order to meet such demand, a novel method of transmission is being developed using High Temperature Superconducting (HTS) cables. However, these HTS cables need to be cooled below the critical temperature of superconductors used in constructing the cable to retain the superconductivity. With the advent of new superconductors whose critical temperatures having reached up to 134 K (Hg based), a need arises to find a suitable coolant which can accommodate the heating loads on the superconductors. The present work proposes, Supercritical Nitrogen (SCN) to be a feasible coolant to achieve the required cooling. Further, the feasibility of proposed coolant to be used in futuristic HTS cables is investigated by studying the thermophysical properties such as density, viscosity, specific heat and thermal conductivity with respect to temperature (T{sub C} + 10 K) and pressure (P{sub C} + 10 bar). In addition, few temperature dependent analytical functions are developed for thermophysical properties of SCN which are useful in predicting thermohydraulic performance (pressure drop, pumping power and cooling capacity) using numerical or computational techniques. Also, the developed analytical functions are used to calculate the pumping power and the temperature difference between inlet and outlet of HTS cable. These results are compared with those of liquid nitrogen (LN2) and found that the circulating pumping power required to pump SCN is significantly smaller than that to pump LN2. Further, it is found that the temperature difference between the inlet and outlet is smaller as compared to that when LN2 is used, SCN can be preferred to cool long length Hg based HTS cables. - Highlights: • Analytical functions are developed for thermophysical properties of Supercritical Nitrogen. • Error analysis shows extremely low errors in the developed analytical functions. �

Analytical approximations for thermophysical properties of supercritical nitrogen (SCN) to be used in futuristic high temperature superconducting (HTS) cables

International Nuclear Information System (INIS)

Dondapati, Raja Sekhar; Ravula, Jeswanth; Thadela, S.; Usurumarti, Preeti Rao

2015-01-01

Future power transmission applications demand higher efficiency due to the limited resources of energy. In order to meet such demand, a novel method of transmission is being developed using High Temperature Superconducting (HTS) cables. However, these HTS cables need to be cooled below the critical temperature of superconductors used in constructing the cable to retain the superconductivity. With the advent of new superconductors whose critical temperatures having reached up to 134 K (Hg based), a need arises to find a suitable coolant which can accommodate the heating loads on the superconductors. The present work proposes, Supercritical Nitrogen (SCN) to be a feasible coolant to achieve the required cooling. Further, the feasibility of proposed coolant to be used in futuristic HTS cables is investigated by studying the thermophysical properties such as density, viscosity, specific heat and thermal conductivity with respect to temperature (T_C + 10 K) and pressure (P_C + 10 bar). In addition, few temperature dependent analytical functions are developed for thermophysical properties of SCN which are useful in predicting thermohydraulic performance (pressure drop, pumping power and cooling capacity) using numerical or computational techniques. Also, the developed analytical functions are used to calculate the pumping power and the temperature difference between inlet and outlet of HTS cable. These results are compared with those of liquid nitrogen (LN2) and found that the circulating pumping power required to pump SCN is significantly smaller than that to pump LN2. Further, it is found that the temperature difference between the inlet and outlet is smaller as compared to that when LN2 is used, SCN can be preferred to cool long length Hg based HTS cables. - Highlights: • Analytical functions are developed for thermophysical properties of Supercritical Nitrogen. • Error analysis shows extremely low errors in the developed analytical functions. �

Additional improvements needed in physical security at nuclear powerplants

International Nuclear Information System (INIS)

1983-01-01

Since the middle 1970's, the Nuclear Regulatory Commission and powerplant operators have taken measures to reduce the vulnerability of powerplants to attempted acts of sabotage. GAO's evaluation disclosed that further improvements can be made by screening nuclear plant employees to reduce the number of potential saboteurs and strengthening the physical security systems to ensure their compatibility with other plant safety systems. The Commission has taken two initiatives addressing these improvements. Therefore, GAO is not making recommendations at this time

State regulation as a tool for improving the economic security of the regions

Directory of Open Access Journals (Sweden)

Yu. M. Sokolinskaya

2017-01-01

Full Text Available Providing economic security for the development of regions, increasing their competitiveness, risk-free and sustainable activities are the main tasks of the regional program of social and economic development, which occupies a special place in the system of instruments for public management of these processes. The program of social and economic development is a unique strategy of the region aimed at security and optimization of the spatial structure and relations between the center and the regions in order to ensure economic security and growth by maximizing the effective use of existing internal and external factors. The institutional influence of the state in order to improve the economic security of regions and enterprises occurs palliatively when the business of the region is supported in direct – subsidies, and more often indirectly – compliance with the laws and regulations of the Russian Federation and the region, on the principles of institutional and market synergies. Adaptation of enterprises in the region to the market is difficult, when specific socio-organizational, economic, technical and technological, scientific, information activities in their interrelations function in the field of Russian laws. The search for ways to improve the economic security of the Russian Federation, regions and enterprises takes place in the context of global integration through the improvement of the mechanism of state regulation. An important task of the current stage of economic security of the country and regions is the construction of a system of its institutional organization that would be able to balance the levers of government with the opportunities of private enterprises, provide a quality level of providing the business with protection from terrorism, predation, financial risks, legal competition etc.

Improved Asymmetric Cipher Based on Matrix Power Function with Provable Security

Directory of Open Access Journals (Sweden)

Eligijus Sakalauskas

2017-01-01

Full Text Available The improved version of the author’s previously declared asymmetric cipher protocol based on matrix power function (MPF is presented. Proposed modification avoids discrete logarithm attack (DLA which could be applied to the previously declared protocol. This attack allows us to transform the initial system of MPF equations to so-called matrix multivariate quadratic (MMQ system of equations, which is a system representing a subclass of multivariate quadratic (MQ systems of equations. We are making a conjecture that avoidance of DLA in protocol, presented here, should increase its security, since an attempt to solve the initial system of MPF equations would appear to be no less complex than solving the system of MMQ equations. No algorithms are known to solve such a system of equations. Security parameters and their secure values are defined. Security analysis against chosen plaintext attack (CPA and chosen ciphertext attack (CCA is presented. Measures taken to prevent DLA attack increase the security of this protocol with respect to the previously declated protocol.

Improving the security of multiparty quantum secret sharing against Trojan horse attack

International Nuclear Information System (INIS)

Deng Fuguo; Li Xihan; Zhou Hongyu; Zhang Zhanjun

2005-01-01

We analyzed the security of the multiparty quantum secret sharing (MQSS) protocol recently proposed by Zhang, Li, and Man [Phys. Rev. A 71, 044301 (2005)] and found that this protocol is secure for any other eavesdropper except for the agent Bob who prepares the quantum signals as he can attack the quantum communication with a Trojan horse. That is, Bob replaces the single-photon signal with a multiphoton one and the other agent Charlie cannot find this cheating as she does not measure the photons before they run back from the boss Alice, which reveals that this MQSS protocol is not secure for Bob. Finally, we present a possible improvement of the MQSS protocol security with two single-photon measurements and four unitary operations

Nuclear security. DOE actions to improve the personnel clearance program

International Nuclear Information System (INIS)

Fultz, Keith O.; Bannerman, Carl J.; Daniel, Beverly A.

1988-11-01

The status of the Department of Energy's (DOE) implementation of recommendations in our two reports on DOE's personnel security clearance program was determined. The recommendations were aimed at improving the timeliness, accuracy, and efficiency of personnel security clearance decisions. Specifically, the objective was to determine and report on steps DOE is taking to implement these recommendations. In summary, it was found that DOE has either initiated action or is studying ways to address all the recommendations, but none of the recommendations have been completely implemented. The effectiveness of the DOE actions will depend, in part, on the adequacy of its internal control system for overseeing and evaluating program operations. DOE's personnel security clearance program is intended to provide reasonable assurance that personnel with access to classified information and materials are trustworthy. The Department requests that the Office of Personnel Management or the Federal Bureau of Investigation collect personal data on each person who requires such access to do his or her job. Based on these background investigations, DOE officials authorize individuals whose personal histories indicate that they are trustworthy to have access to classified information, secured facilities, and controlled materials as needed to perform their jobs. DOE has five types of these authorizations or personnel security clearances and must update information on personnel holding each type at 5-year intervals to confirm their continuing reliability. The five types are based on the types of security interests to which the person needs access, e.g., persons needing nuclear weapons-related data must have a Q clearance, and persons with a top secret clearance can have access to national security data classified as top secret

Improving an Anonymous and Provably Secure Authentication Protocol for a Mobile User

Directory of Open Access Journals (Sweden)

Jongho Moon

2017-01-01

Full Text Available Recently many authentication protocols using an extended chaotic map were suggested for a mobile user. Many researchers demonstrated that authentication protocol needs to provide key agreement, mutual authentication, and user anonymity between mobile user and server and resilience to many possible attacks. In this paper, we cautiously analyzed chaotic-map-based authentication scheme and proved that it is still insecure to off-line identity guessing, user and server impersonation, and on-line identity guessing attacks. To address these vulnerabilities, we proposed an improved protocol based on an extended chaotic map and a fuzzy extractor. We proved the security of the proposed protocol using a random oracle and AVISPA (Automated Validation of Internet Security Protocols and Applications tool. Furthermore, we present an informal security analysis to make sure that the improved protocol is invulnerable to possible attacks. The proposed protocol is also computationally efficient when compared to other previous protocols.

75 FR 56858 - Improvements to the Supplemental Security Income Program-Heroes Earnings Assistance and Relief...

Science.gov (United States)

2010-09-17

... number, 1-800-772-1213, or TTY 1-800-325-0778, or visit our Internet site, Social Security Online, at... SOCIAL SECURITY ADMINISTRATION 20 CFR Part 416 [Docket No. SSA-2009-0017] RIN 0960-AH00 Improvements to the Supplemental Security Income Program--Heroes Earnings Assistance and Relief Tax Act of 2008...

Analysis and improvement of security of energy smart grids

International Nuclear Information System (INIS)

Halimi, Halim

2014-01-01

The Smart grid is the next generation power grid, which is a new self-healing, self-activating form of electricity network, and integrates power-flow control, increased quality of electricity, and energy reliability, energy efficiency and energy security using information and communication technologies. Communication networks play a critical role in smart grid, as the intelligence of smart grid is built based on information exchange across the power grid. Its two-way communication and electricity flow enable to monitor, predict and manage the energy usage. To upgrade an existing power grid into a smart grid, it requires an intelligent and secure communication infrastructure. Because of that, the main goal of this dissertation is to propose new architecture and implementation of algorithms for analysis and improvement of the security and reliability in smart grid. In power transmission segments of smart grid, wired communications are usually adopted to ensure robustness of the backbone power network. In contrast, for a power distribution grid, wireless communications provide many benefits such as low cost high speed links, easy setup of connections among different devices/appliances, and so on. Wireless communications are usually more vulnerable to security attacks than wired ones. Developing appropriate wireless communication architecture and its security measures is extremely important for a smart grid system. This research addresses physical layer security in a Wireless Smart Grid. Hence a defense Quorum- based algorithm is proposed to ensure physical security in wireless communication. The new security architecture for smart grid that supports privacy-preserving, data aggregation and access control is defined. This architecture consists of two parts. In the first part we propose to use an efficient and privacy-preserving aggregation scheme (EPPA), which aggregates real-time data of consumers by Local Gateway. During aggregation the privacy of consumers is

Climate resilient crops for improving global food security and safety.

Science.gov (United States)

Dhankher, Om Parkash; Foyer, Christine H

2018-05-01

Food security and the protection of the environment are urgent issues for global society, particularly with the uncertainties of climate change. Changing climate is predicted to have a wide range of negative impacts on plant physiology metabolism, soil fertility and carbon sequestration, microbial activity and diversity that will limit plant growth and productivity, and ultimately food production. Ensuring global food security and food safety will require an intensive research effort across the food chain, starting with crop production and the nutritional quality of the food products. Much uncertainty remains concerning the resilience of plants, soils, and associated microbes to climate change. Intensive efforts are currently underway to improve crop yields with lower input requirements and enhance the sustainability of yield through improved biotic and abiotic stress tolerance traits. In addition, significant efforts are focused on gaining a better understanding of the root/soil interface and associated microbiomes, as well as enhancing soil properties. © 2018 The Authors Plant, Cell & Environment Published by John Wiley & Sons Ltd.

Impersonation attack on a quantum secure direct communication and authentication protocol with improvement

Science.gov (United States)

Amerimehr, Ali; Hadain Dehkordi, Massoud

2018-03-01

We analyze the security of a quantum secure direct communication and authentication protocol based on single photons. We first give an impersonation attack on the protocol. The cryptanalysis shows that there is a gap in the authentication procedure of the protocol so that an opponent can reveal the secret information by an undetectable attempt. We then propose an improvement for the protocol and show it closes the gap by applying a mutual authentication procedure. In the improved protocol single photons are transmitted once in a session, so it is easy to implement as the primary protocol. Furthermore, we use a novel technique for secret order rearrangement of photons by which not only quantum storage is eliminated also a secret key can be reused securely. So the new protocol is applicable in practical approaches like embedded system devices.

What's under the hood? Improving SCADA security with process awareness

NARCIS (Netherlands)

Chromik, Justyna Joanna; Remke, Anne Katharina Ingrid; Haverkort, Boudewijn R.H.M.

2016-01-01

SCADA networks are an essential part of monitoring and controlling physical infrastructures, such as the power grid. Recent news item show that tampering with the data exchanged in a SCADA network occurs and has severe consequences. A possible way of improving the security of SCADA networks is to

Sustaining Operational Resiliency: A Process Improvement Approach to Security Management

National Research Council Canada - National Science Library

Caralli, Richard A

2006-01-01

.... Coordinating these efforts to sustain operational resiliency requires a process-oriented approach that can be defined, measured, and actively managed. This report describes the fundamental elements and benefits of a process approach to security and operational resiliency and provides a notional view of a framework for process improvement.

Improving the security of the Hwang-Su protocol for mobile networks

African Journals Online (AJOL)

user

Improving the security of the Hwang-Su protocol for mobile networks. Miloud Ait ... But, it is threatened by weak ... Wireless networks (IEEE standard 802.11 1996, Gast 2005) have allowed computer systems to exchange data without cable.

Environmental and climate security: improving scenario methodologies for science and risk assessment

Science.gov (United States)

Briggs, C. M.; Carlsen, H.

2010-12-01

Governments and popular discussions have increasingly referred to concepts of ‘climate security’, often with reference to IPCC data. Development of effective methodologies to translate complex, scientific data into risk assessments has lagged, resulting in overly simplistic political assumptions of potential impacts. Climate security scenarios have been developed for use by security and military agencies, but effective engagement by scientific communities requires an improved framework. Effective use of data requires improvement both of climate projections, and the mapping of cascading impacts across interlinked, complex systems. In this research we propose a process for systematic generation of subsets of scenarios (of arbitrary size) from a given set of variables with possible interlinkages. The variables could include climatic changes as well as other global changes of concerns in a security context. In coping with possible challenges associated with the nexus of climate change and security - where deep structural uncertainty and possible irreversible changes are of primary interest - it is important to explore the outer limits of the relevant uncertainties. Therefore the proposed process includes a novel method that will help scenario developers in generating scenario sets where the scenarios are in a quantifiable sense maximally different and therefore best ‘span’ the whole set of scenarios. When downscaled onto a regional level, this process can provide guidance to potentially significant and abrupt geophysical changes, where high uncertainty has often prevented communication of risks. Potential physical changes can then be used as starting points for mapping cascading effects across networks, including topological analysis to identify critically vulnerable nodes and fragile systems, the existence of positive or negative feedback loops, and possible intervention points. Advanced knowledge of both potential geo-physical shifts and related non

Improving industrial process control systems security

CERN Document Server

Epting, U; CERN. Geneva. TS Department

2004-01-01

System providers are today creating process control systems based on remote connectivity using internet technology, effectively exposing these systems to the same threats as corporate computers. It is becoming increasingly difficult and costly to patch/maintain the technical infrastructure monitoring and control systems to remove these vulnerabilities. A strategy including risk assessment, security policy issues, service level agreements between the IT department and the controls engineering groups must be defined. In addition an increased awareness of IT security in the controls system engineering domain is needed. As consequence of these new factors the control system architectures have to take into account security requirements, that often have an impact on both operational aspects as well as on the project and maintenance cost. Manufacturers of industrial control system equipment do however also propose progressively security related solutions that can be used for our active projects. The paper discusses ...

An Improved Constraint-Based System for the Verification of Security Protocols

NARCIS (Netherlands)

Corin, R.J.; Etalle, Sandro

We propose a constraint-based system for the verification of security protocols that improves upon the one developed by Millen and Shmatikov [30]. Our system features (1) a significantly more efficient implementation, (2) a monotonic behavior, which also allows to detect flaws associated to partial

An Improved Constraint-based system for the verification of security protocols

NARCIS (Netherlands)

Corin, R.J.; Etalle, Sandro; Hermenegildo, Manuel V.; Puebla, German

We propose a constraint-based system for the verification of security protocols that improves upon the one developed by Millen and Shmatikov. Our system features (1) a significantly more efficient implementation, (2) a monotonic behavior, which also allows to detect aws associated to partial runs

Results of special security inspection on improvement of security management setup in Head Office and Tsuruga Nuclear Power Station of the Japan Atomic Power Company and improvement of facilities in Tsuruga Nuclear Power Station

International Nuclear Information System (INIS)

1982-01-01

In connection with the series of accidents in the Tsuruga Nuclear Power Station, the Agency of Natural Resources and Energy had instructed JAPC to make comprehensive inspection on the security management setup and to take improvement measures in the nuclear power station. The results of the subsequent inspection by ANRE confirmed that the improvements made by JAPC are adequate, and the following items are described: improvement of security management setup - communication and reporting in emergency, the management of inspection and maintenance records, work control and supervision in repair, improvement, etc., functional authority and responsibility in maintenance management, operation management, radiation control, personnel education; improvement of facilities - feed water heaters, laundry waste-water filter room, radioactive waste treatment facility, general drainage, concentrated waste liquid storage tanks in newly-built waste treatment building, etc. (J.P.N.)

CRYPTO-STEG: A Hybrid Cryptology - Steganography Approach for Improved Data Security

Directory of Open Access Journals (Sweden)

Atif Bin Mansoor

2012-04-01

Full Text Available Internet is a widely used medium for transfer of information due to its reach and ease of availability. However, internet is an insecure medium and any information might be easily intercepted and viewed during its transfer. Different mechanisms like cryptology and steganography are adopted to secure the data communication over an inherently insecure medium like internet. Cryptology scrambles the information in a manner that an unintended recipient cannot easily extract the information, while steganography hides the information in a cover object so that it is transferred unnoticed in the cover. Encrypted data may not be extracted easily but causes a direct suspicion to any observer, while data hidden using steganographic techniques go inconspicuous. Cryptanalysis is the process of attacking the encrypted text to extract the information, while steganalysis is the process of detecting the disguised messages. In literature, both cryptology and steganography are treated separately. In this paper, we present our research on an improved data security paradigm, where data is first encrypted using AES (Advanced Encryption Standard and DES (Data Encryption Standard cryptology algorithms. Both plain and encrypted data is hidden in the images using Model Based and F5 steganographic techniques. Features are extracted in DWT (Discrete Wavelet Transform and DCT (Discrete Cosine Transform domains using higher order statistics for steganalysis, and subsequently used to train a FLD (Fisher Linear Discriminant classifier which is employed to categorize a separate set of images as clean or stego (containing hidden messages. Experimental results demonstrate improved data security using proposed CRYPTO-STEG approach compared to plain text steganography. Results also demonstrate that the Model Based steganography is more secure than the F5 steganography.

National Institute of Justice (NIJ): improving the effectiveness of law enforcement via homeland security technology improvements (Keynote Address)

Science.gov (United States)

Morgan, John S.

2005-05-01

Law enforcement agencies play a key role in protecting the nation from and responding to terrorist attacks. Preventing terrorism and promoting the nation"s security is the Department of Justice"s number one strategic priority. This is reflected in its technology development efforts, as well as its operational focus. The National Institute of Justice (NIJ) is the national focal point for the research, development, test and evaluation of technology for law enforcement. In addition to its responsibilities in supporting day-to-day criminal justice needs in areas such as less lethal weapons and forensic science, NIJ also provides critical support for counter-terrorism capacity improvements in state and local law enforcement in several areas. The most important of these areas are bomb response, concealed weapons detection, communications and information technology, which together offer the greatest potential benefit with respect to improving the ability to law enforcement agencies to respond to all types of crime including terrorist acts. NIJ coordinates its activities with several other key federal partners, including the Department of Homeland Security"s Science and Technology Directorate, the Technical Support Working Group, and the Department of Defense.

Improved Optical Document Security Techniques Based on Volume Holography and Lippmann Photography

Science.gov (United States)

Bjelkhagen, Hans I.

Optical variable devices (OVDs), such as holograms, are now common in the field of document security. Up until now mass-produced embossed holograms or other types of mass-produced OVDs are used not only for banknotes but also for personalized documents, such as passports, ID cards, travel documents, driving licenses, credit cards, etc. This means that identical OVDs are used on documents issued to individuals. Today, there is need for a higher degree of security on such documents and this chapter covers new techniques to make improved mass-produced or personalized OVDs.

Assessing Community Readiness to Reduce Childhood Diarrheal Disease and Improve Food Security in Dioro, Mali

Directory of Open Access Journals (Sweden)

Erica C. Borresen

2016-06-01

Full Text Available Diarrhea and malnutrition represent leading causes of death for children in Mali. Understanding a community’s needs and ideas are critical to ensure the success of prevention and treatment interventions for diarrheal disease, as well as to improve food security to help reduce malnutrition. The objective of this study was to incorporate the Community Readiness Model (CRM for the issues of childhood diarrheal disease and food security in Mali to measure baseline community readiness prior to any program implementation. Thirteen key respondents residing in Dioro, Mali were selected based on varied social roles and demographics and completed two questionnaires on these public health issues. The overall readiness score to reduce childhood diarrheal disease was 5.75 ± 1.0 standard deviation (preparation stage. The overall readiness score to improve food security was 5.5 ± 0.5 standard deviation (preparation stage. The preparation stage indicates that at least some of the community have basic knowledge regarding these issues, and want to act locally to reduce childhood diarrhea and improve food security and nutrition. Proposed activities to increase community readiness on these issues are provided and are broad enough to allow opportunities to implement community- and culturally-specific activities by the Dioro community.

Security Analysis and Improvement of 'a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System'.

Directory of Open Access Journals (Sweden)

S K Hafizul Islam

Full Text Available Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.'s scheme for integrated electronic patient record (EPR information system, which has been analyzed in this study. We have found that Wen's scheme still has the following inefficiencies: (1 the correctness of identity and password are not verified during the login and password change phases; (2 it is vulnerable to impersonation attack and privileged-insider attack; (3 it is designed without the revocation of lost/stolen smart card; (4 the explicit key confirmation and the no key control properties are absent, and (5 user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature.

Seeking A Breakthrough: The Improvement of The Asia-Pacific Security Structure From the Perspective of “One Belt One Road” Initiative

Directory of Open Access Journals (Sweden)

Zhang Zhaoxi

2016-12-01

Full Text Available The U.S alliance in the Asia-Pacific region has exerted significant influence on Asia-Pacific security architecture for a long time. While with the deepening of interdependence among Asia-Pacific countries, the development of regional international relations has outdated the existing security architecture in this region. It is imperative to improve the architecture in that there are plenty of structural hurdles, such as the obsolescence of security concepts, the fragmentation of security mechanism and the dearth of public goods on security affairs. OBOR, which is exemplary as a new multilateral cooperative initiative and has interacted profoundly with the regional security of the Asia-Pacific, holds endogenous relations with the Asia-Pacific security architecture. OBOR could improve the Asia-Pacific security architecture in the following ways: to create a new model of security maintenance in light of the advanced ideas given by OBOR; to design new institutional frameworks which are more normative and effective with mechanical innovations stemming from OBOR; to enrich the security public goods in the Asia-Pacific region under the reference of co-construction and sharing the idea of OBOR. However, the practice of improvement will face tremendous challenges both internally and externally. These challenges should be prudently analyzed and treated in order to better fulfill the co-evolution in the process of the construction of OBOR and the improvement of the Asia-Pacific security architecture, for the promotion of long-termed prosperity and stability in this region.

Reducing food wastage, improving food security? An inventory study on stakeholders’ perspectives and the current state

NARCIS (Netherlands)

Tielens, J.; Candel, J.J.L.

2014-01-01

This study is concerned with the relation between food wastage reduction and the improvement of food security. The central question of this inventory study is to what extent interventions to reduce food wastage are effective contributions for food security, in particular for local access in

Breaking a chaos-based secure communication scheme designed by an improved modulation method

Energy Technology Data Exchange (ETDEWEB)

Li Shujun [Department of Electronic Engineering, City University of Hong Kong, Kowloon, Hong Kong (China)]. E-mail: hooklee@mail.com; Alvarez, Gonzalo [Instituto de Fisica Aplicada, Consejo Superior de Investigaciones Cientificas, Serrano 144-28006 Madrid (Spain); Chen Guanrong [Department of Electronic Engineering, City University of Hong Kong, Kowloon, Hong Kong (China)

2005-07-01

Recently Bu and Wang [Bu S, Wang B-H. Chaos, Solitons and Fractals 2004;19(4):919-24] proposed a simple modulation method aiming to improve the security of chaos-based secure communications against return-map-based attacks. Soon this modulation method was independently cryptanalyzed by Chee et al. [Chee CY, Xu D, Bishop SR. Chaos, Solitons and Fractals 2004;21(5):1129-34], Wu et al. [Wu X, Hu H, Zhang B. Chaos, Solitons and Fractals 2004;22(2):367-73], and Alvarez et al. [Alvarez G, Montoya F, Romera M, Pastor G. Chaos, Solitons and Fractals, in press, arXiv:nlin/0406065] via different attacks. As an enhancement to the Bu-Wang method, an improving scheme was suggested by Wu et al. by removing the relationship between the modulating function and the zero-points. The present paper points out that the improved scheme proposed by Wu et al. is still insecure against a new attack. Compared with the existing attacks, the proposed attack is more powerful and can also break the original Bu-Wang scheme. Furthermore, it is pointed out that the security of the modulation-based schemes proposed by Wu et al. is not so satisfactory from a pure cryptographical point of view. The synchronization performance of this class of modulation-based schemes is also discussed.

Breaking a chaos-based secure communication scheme designed by an improved modulation method

International Nuclear Information System (INIS)

Li Shujun; Alvarez, Gonzalo; Chen Guanrong

2005-01-01

Recently Bu and Wang [Bu S, Wang B-H. Chaos, Solitons and Fractals 2004;19(4):919-24] proposed a simple modulation method aiming to improve the security of chaos-based secure communications against return-map-based attacks. Soon this modulation method was independently cryptanalyzed by Chee et al. [Chee CY, Xu D, Bishop SR. Chaos, Solitons and Fractals 2004;21(5):1129-34], Wu et al. [Wu X, Hu H, Zhang B. Chaos, Solitons and Fractals 2004;22(2):367-73], and Alvarez et al. [Alvarez G, Montoya F, Romera M, Pastor G. Chaos, Solitons and Fractals, in press, arXiv:nlin/0406065] via different attacks. As an enhancement to the Bu-Wang method, an improving scheme was suggested by Wu et al. by removing the relationship between the modulating function and the zero-points. The present paper points out that the improved scheme proposed by Wu et al. is still insecure against a new attack. Compared with the existing attacks, the proposed attack is more powerful and can also break the original Bu-Wang scheme. Furthermore, it is pointed out that the security of the modulation-based schemes proposed by Wu et al. is not so satisfactory from a pure cryptographical point of view. The synchronization performance of this class of modulation-based schemes is also discussed

Improving organisational resilience through enterprise security risk management.

Science.gov (United States)

Petruzzi, John; Loyear, Rachelle

Enterprise Security Risk Management (ESRM) is a new philosophy and method of managing security programmes through the use of traditional risk principles. As a philosophy and life cycle, ESRM is focused on creating a business partnership between security practitioners and business leaders to more effectively provide protection against security risks in line with acceptable risk tolerances as defined by business asset owners and stakeholders. This paper explores the basics of the ESRM philosophy and life cycle and also shows how embracing the ESRM philosophy and implementing a risk-based security management model in the business organisation can lead to higher levels of organisational resilience as desired by organisation leaders, executives and the board of directors.

Security dialogues: building better relationships between security and business

OpenAIRE

Ashenden, Debi; Lawrence, Darren

2016-01-01

In the real world, there's often a discrepancy between an organization's mandated security processes and what actually happens. The social practice of security flourishes in the space between and around formal organizational security processes. By recognizing the value of risk management as a communication tool, security practitioners can tap opportunities to improve the security dialogue with staff.

Security analysis and improvements of authentication and access control in the Internet of Things.

Science.gov (United States)

Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

2014-08-13

Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.

An improved smartcard for the South African Social Security Agency (SASSA): A proof of life based solution

CSIR Research Space (South Africa)

Mthethwa, Sthembile

2016-12-01

Full Text Available Conference on Information Science and Security, Pattaya, Thailand, 19 - 22 December 2016 An improved smartcard for the South African Social Security Agency (SASSA): A proof of life based solution Mthethwa, S. Barbour, G. Thinyane, M...

Information Security Service Branding – beyond information security awareness

Directory of Open Access Journals (Sweden)

Rahul Rastogi

2012-12-01

Full Text Available End-users play a critical role in the effective implementation and running of an information security program in any organization. The success of such a program depends primarily on the effective implementation and execution of associated information security policies and controls and the resultant behavior and actions of end-users. However, end-users often have negative perception of information security in the organization and exhibit non-compliance. In order to improve compliance levels, it is vital to improve the image of information security in the minds of end-users. This paper borrows the concepts of brands and branding from the domain of marketing to achieve this objective and applies these concepts to information security. The paper also describes a process for creating the information security service brand in the organization.

Transboundary Water: Improving Methodologies and Developing Integrated Tools to Support Water Security

Science.gov (United States)

Hakimdavar, Raha; Wood, Danielle; Eylander, John; Peters-Lidard, Christa; Smith, Jane; Doorn, Brad; Green, David; Hummel, Corey; Moore, Thomas C.

2018-01-01

River basins for which transboundary coordination and governance is a factor are of concern to US national security, yet there is often a lack of sufficient data-driven information available at the needed time horizons to inform transboundary water decision-making for the intelligence, defense, and foreign policy communities. To address this need, a two-day workshop entitled Transboundary Water: Improving Methodologies and Developing Integrated Tools to Support Global Water Security was held in August 2017 in Maryland. The committee that organized and convened the workshop (the Organizing Committee) included representatives from the National Aeronautics and Space Administration (NASA), the US Army Corps of Engineers Engineer Research and Development Center (ERDC), and the US Air Force. The primary goal of the workshop was to advance knowledge on the current US Government and partners' technical information needs and gaps to support national security interests in relation to transboundary water. The workshop also aimed to identify avenues for greater communication and collaboration among the scientific, intelligence, defense, and foreign policy communities. The discussion around transboundary water was considered in the context of the greater global water challenges facing US national security.

Formulation, computation and improvement of steady state security margins in power systems. Part II: Results

International Nuclear Information System (INIS)

Echavarren, F.M.; Lobato, E.; Rouco, L.; Gomez, T.

2011-01-01

A steady state security margin for a particular operating point can be defined as the distance from this initial point to the secure operating limits of the system. Four of the most used steady state security margins are the power flow feasibility margin, the contingency feasibility margin, the load margin to voltage collapse, and the total transfer capability between system areas. This is the second part of a two part paper. Part I has proposed a novel framework of a general model able to formulate, compute and improve any steady state security margin. In Part II the performance of the general model is validated by solving a variety of practical situations in modern real power systems. Actual examples of the Spanish power system will be used for this purpose. The same computation and improvement algorithms outlined in Part I have been applied for the four security margins considered in the study, outlining the convenience of defining a general framework valid for the four of them. The general model is used here in Part II to compute and improve: (a) the power flow feasibility margin (assessing the influence of the reactive power generation limits in the Spanish power system), (b) the contingency feasibility margin (assessing the influence of transmission and generation capacity in maintaining a correct voltage profile), (c) the load margin to voltage collapse (assessing the location and quantity of loads that must be shed in order to be far away from voltage collapse) and (d) the total transfer capability (assessing the export import pattern of electric power between different areas of the Spanish system). (author)

Formulation, computation and improvement of steady state security margins in power systems. Part II: Results

Energy Technology Data Exchange (ETDEWEB)

Echavarren, F.M.; Lobato, E.; Rouco, L.; Gomez, T. [School of Engineering of Universidad Pontificia Comillas, C/Alberto Aguilera, 23, 28015 Madrid (Spain)

2011-02-15

A steady state security margin for a particular operating point can be defined as the distance from this initial point to the secure operating limits of the system. Four of the most used steady state security margins are the power flow feasibility margin, the contingency feasibility margin, the load margin to voltage collapse, and the total transfer capability between system areas. This is the second part of a two part paper. Part I has proposed a novel framework of a general model able to formulate, compute and improve any steady state security margin. In Part II the performance of the general model is validated by solving a variety of practical situations in modern real power systems. Actual examples of the Spanish power system will be used for this purpose. The same computation and improvement algorithms outlined in Part I have been applied for the four security margins considered in the study, outlining the convenience of defining a general framework valid for the four of them. The general model is used here in Part II to compute and improve: (a) the power flow feasibility margin (assessing the influence of the reactive power generation limits in the Spanish power system), (b) the contingency feasibility margin (assessing the influence of transmission and generation capacity in maintaining a correct voltage profile), (c) the load margin to voltage collapse (assessing the location and quantity of loads that must be shed in order to be far away from voltage collapse) and (d) the total transfer capability (assessing the export import pattern of electric power between different areas of the Spanish system). (author)

Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’

Science.gov (United States)

Islam, SK Hafizul; Khan, Muhammad Khurram; Li, Xiong

2015-01-01

Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.’s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen’s scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature. PMID:26263401

Collaborating toward improving food security in Nunavut.

Science.gov (United States)

Wakegijig, Jennifer; Osborne, Geraldine; Statham, Sara; Issaluk, Michelle Doucette

2013-01-01

Community members, Aboriginal organizations, public servants and academics have long been describing a desperate situation of food insecurity in the Eastern Canadian Arctic. The Nunavut Food Security Coalition, a partnership of Inuit Organizations and the Government of Nunavut, is collaborating to develop a territorial food security strategy to address pervasive food insecurity in the context of poverty reduction. The Nunavut Food Security Coalition has carried out this work using a community consultation model. The research was collected through community visits, stakeholder consultation and member checking at the Nunavut Food Security Symposium. In this paper, we describe a continuous course of action, based on community engagement and collective action, that has led to sustained political interest in and public mobilization around the issue of food insecurity in Nunavut. The process described in this article is a unique collaboration between multiple organizations that has led to the development of a sustainable partnership that will inform policy development while representing the voice of Nunavummiut.

Analysis and Improvement of Large Payload Bidirectional Quantum Secure Direct Communication Without Information Leakage

Science.gov (United States)

Liu, Zhi-Hao; Chen, Han-Wu

2018-02-01

As we know, the information leakage problem should be avoided in a secure quantum communication protocol. Unfortunately, it is found that this problem does exist in the large payload bidirectional quantum secure direct communication (BQSDC) protocol (Ye Int. J. Quantum. Inf. 11(5), 1350051 2013) which is based on entanglement swapping between any two Greenberger-Horne-Zeilinger (GHZ) states. To be specific, one half of the information interchanged in this protocol is leaked out unconsciously without any active attack from an eavesdropper. Afterward, this BQSDC protocol is revised to the one without information leakage. It is shown that the improved BQSDC protocol is secure against the general individual attack and has some obvious features compared with the original one.

Cryptanalysis and improvement of quantum secure communication network protocol with entangled photons for mobile communications

International Nuclear Information System (INIS)

Gao, Gan

2014-01-01

Recently, a communication protocol called controlled bidirectional quantum secret direct communication for mobile networks was proposed by Chou et al (2014 Mobile Netw. Appl. 19 121). We study the security of the proposed communication protocol and find that it is not secure. The controller, Telecom Company, may eavesdrop secret messages from mobile devices without being detected. Finally, we give a possible improvement of the communication protocol. (paper)

Process Control/SCADA system vendor security awareness and security posture.

NARCIS (Netherlands)

Luiijf, H.A.M.; Lüders, S.

2009-01-01

A starting point for the adequate security of process control/SCADA systems is the security awareness and security posture by the manufacturers, vendors, system integrators, and service organisations. The results of a short set of questions indicate that major security improvements are required in

Understanding How the "Open" of Open Source Software (OSS) Will Improve Global Health Security.

Science.gov (United States)

Hahn, Erin; Blazes, David; Lewis, Sheri

2016-01-01

Improving global health security will require bold action in all corners of the world, particularly in developing settings, where poverty often contributes to an increase in emerging infectious diseases. In order to mitigate the impact of emerging pandemic threats, enhanced disease surveillance is needed to improve early detection and rapid response to outbreaks. However, the technology to facilitate this surveillance is often unattainable because of high costs, software and hardware maintenance needs, limited technical competence among public health officials, and internet connectivity challenges experienced in the field. One potential solution is to leverage open source software, a concept that is unfortunately often misunderstood. This article describes the principles and characteristics of open source software and how it may be applied to solve global health security challenges.

What's under the hood? Improving SCADA security with process awareness

OpenAIRE

Chromik, Justyna Joanna; Remke, Anne Katharina Ingrid; Haverkort, Boudewijn R.H.M.

2016-01-01

SCADA networks are an essential part of monitoring and controlling physical infrastructures, such as the power grid. Recent news item show that tampering with the data exchanged in a SCADA network occurs and has severe consequences. A possible way of improving the security of SCADA networks is to use intrusion detection systems. By monitoring and analysing the traffic, it is possible to detect whether information has a legitimate source or was tampered with. However, in many cases the knowled...

Security Analysis and Improvements of Authentication and Access Control in the Internet of Things

Science.gov (United States)

Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

2014-01-01

Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18–21 June 2012, pp. 588–592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost. PMID:25123464

Collaborating toward improving food security in Nunavut

Directory of Open Access Journals (Sweden)

Jennifer Wakegijig

2013-08-01

Full Text Available Background. Community members, Aboriginal organizations, public servants and academics have long been describing a desperate situation of food insecurity in the Eastern Canadian Arctic. Objective. The Nunavut Food Security Coalition, a partnership of Inuit Organizations and the Government of Nunavut, is collaborating to develop a territorial food security strategy to address pervasive food insecurity in the context of poverty reduction. Design. The Nunavut Food Security Coalition has carried out this work using a community consultation model. The research was collected through community visits, stakeholder consultation and member checking at the Nunavut Food Security Symposium. Results. In this paper, we describe a continuous course of action, based on community engagement and collective action, that has led to sustained political interest in and public mobilization around the issue of food insecurity in Nunavut. Conclusions. The process described in this article is a unique collaboration between multiple organizations that has led to the development of a sustainable partnership that will inform policy development while representing the voice of Nunavummiut.

Improving food security empowerment in Indonesia- Timor Leste border

Science.gov (United States)

Dewi, G. D. P.; Yustikaningrum, R. V.

2018-03-01

Post Referendum 1999, Indonesia and Timor Leste have a strategic challenge to provide food consistently around the border. This research intended to discover an appropriate strategy to tackle fragility of food security in the land border of Indonesia-Timor Leste, to improve collaborative actions between parties, as well as, opportunity to actualize food cross-border trading between local farmers and factories. For the result, there are two approaches will be applied. First, the empowerment term refers to the strategy of empowerment in strengthening the capability and capacity of human capital as one of the determinant factors of the resilience and self-sufficiency achievement. Second, the gender approach looks at the women and men build confidence, resilience, and independence which one of them through an educational intervention that enable the local people to manage food chain. Atambua is a region count as relatively as high poverty, poor human capital, weak quality and competitiveness of agriculture products, livestock and fishery, SMEs, and infrastructure. Thus, field study research is applied to find the actual and strategic effort aim to lead the achievement of food security and to engage Atambua over food trade to Timor Leste.

The state of improvement of security management setup in the Japan Atomic Power Company and improvement of facilities in its Tsuruga Nuclear Power Station

International Nuclear Information System (INIS)

1982-01-01

In connection with the series of accidents in the Tsuruga Nuclear Power Station of the Japan Atomic Power Company, the state of security management in JAPC and the safety of facilities in the Tsuruga Nuclear Power Station, which have resulted from improvement efforts, are described on the following items: security management setup - communication and reporting in emergency, the management of inspection and maintenance records, work control and supervision in repair, improvement, etc., functional authority and responsibility in maintenance management, operation management, radiation control, personnel education; improvement of facilities - feed water heaters, laundry waste-water filter room, radioactive waste treatment facility, general drainage, concentrated waste liquid storage tanks in newly-built waste treatment building, etc. (Mori, K.)

Improving Timeliness in Real-Time Secure Database Systems

National Research Council Canada - National Science Library

Son, Sang H; David, Rasikan; Thuraisingham, Bhavani

2006-01-01

.... In addition to real-time requirements, security is usually required in many applications. Multilevel security requirements introduce a new dimension to transaction processing in real-time database systems...

Improving the security of optoelectronic delayed feedback system by parameter modulation and system coupling

Science.gov (United States)

Liu, Lingfeng; Miao, Suoxia; Cheng, Mengfan; Gao, Xiaojing

2016-02-01

A coupled system with varying parameters is proposed to improve the security of optoelectronic delayed feedback system. This system is coupled by two parameter-varied optoelectronic delayed feedback systems with chaotic modulation. Dynamics performance results show that this system has a higher complexity compared to the original one. Furthermore, this system can conceal the time delay effectively against the autocorrelation function and delayed mutual information method and can increase the dimension space of secure parameters to resist brute-force attack by introducing the digital chaotic systems.

Process Security in Chemical Engineering Education

Science.gov (United States)

Piluso, Cristina; Uygun, Korkut; Huang, Yinlun; Lou, Helen H.

2005-01-01

The threats of terrorism have greatly alerted the chemical process industries to assure plant security at all levels: infrastructure-improvement-focused physical security, information-protection-focused cyber security, and design-and-operation-improvement-focused process security. While developing effective plant security methods and technologies…

Water System Security and Resilience in Homeland Security Research

Science.gov (United States)

EPA's water security research provides tools needed to improve infrastructure security and to recover from an attack or contamination incident involving chemical, biological, or radiological (CBR) agents or weapons.

Improvement of economic security management system of municipalities with account of transportation system development: methods of assessment

Science.gov (United States)

Khe Sun, Pak; Vorona-Slivinskaya, Lubov; Voskresenskay, Elena

2017-10-01

The article highlights the necessity of a complex approach to assess economic security of municipalities, which would consider municipal management specifics. The approach allows comparing the economic security level of municipalities, but it does not describe parameter differences between compared municipalities. Therefore, there is a second method suggested: parameter rank order method. Applying these methods allowed to figure out the leaders and outsiders of the economic security among municipalities and rank all economic security parameters according to the significance level. Complex assessment of the economic security of municipalities, based on the combination of the two approaches, allowed to assess the security level more accurate. In order to assure economic security and equalize its threshold values, one should pay special attention to transportation system development in municipalities. Strategic aims of projects in the area of transportation infrastructure development in municipalities include the following issues: contribution into creating and elaborating transportation logistics and manufacture transport complexes, development of transportation infrastructure with account of internal and external functions of the region, public transport development, improvement of transport security and reducing its negative influence on the environment.

TWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKS

OpenAIRE

Sen-Tarng Lai

2015-01-01

E-commerce is an important information system in the network and digital age. However, the network intrusion, malicious users, virus attack and system security vulnerabilities have continued to threaten the operation of the e-commerce, making e-commerce security encounter serious test. How to improve ecommerce security has become a topic worthy of further exploration. Combining routine security test and security event detection procedures, this paper proposes the Two-Layer Secure ...

SAFETY AND SECURITY IMPROVEMENT IN PUBLIC TRANSPORTATION BASED ON PUBLIC PERCEPTION IN DEVELOPING COUNTRIES

Directory of Open Access Journals (Sweden)

Tri Basuki JOEWONO

2006-01-01

Three aspects of an improvement agenda are proposed based on the perception data, namely technology, management, and institution. This agenda is clarified by a set of action plans incorporating the responsible parties and a time frame. The action plan is divided into three terms to define a clear goal for each step. The short-term action focuses on the hardware and on preparing further steps, whereas the medium-term action focuses on developing and improving the standard of safety and security. The long-term action focuses on advancing safety and security practices. The effectiveness of this agenda and action plan rests upon a set of assumptions, such as the degree of seriousness from the authoritative institution, fair distribution of information, the availability of reasonable resources, and coordinated and collaborative action from all parties involved to reach the objective.

Improving Information Security Risk Management

Science.gov (United States)

Singh, Anand

2009-01-01

manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

Improving Control System Security through the Evaluation of Current Trends in Computer Security Research

Energy Technology Data Exchange (ETDEWEB)

Rolston

2005-03-01

At present, control system security efforts are primarily technical and reactive in nature. What has been overlooked is the need for proactive efforts, focused on the IT security research community from which new threats might emerge. Evaluating cutting edge IT security research and how it is evolving can provide defenders with valuable information regarding what new threats and tools they can anticipate in the future. Only known attack methodologies can be blocked, and there is a gap between what is known to the general security community and what is being done by cutting edge researchers --both those trying to protect systems and those trying to compromise them. The best security researchers communicate with others in their field; they know what cutting edge research is being done; what software can be penetrated via this research; and what new attack techniques and methodologies are being circulated in the black hat community. Standardization of control system applications, operating systems, and networking protocols is occurring at a rapid rate, following a path similar to the standardization of modern IT networks. Many attack methodologies used on IT systems can be ported over to the control system environment with little difficulty. It is extremely important to take advantage of the lag time between new research, its use on traditional IT networks, and the time it takes to port the research over for use on a control system network. Analyzing nascent trends in IT security and determining their applicability to control system networks provides significant information regarding defense mechanisms needed to secure critical infrastructure more effectively. This work provides the critical infrastructure community with a better understanding of how new attacks might be launched, what layers of defense will be needed to deter them, how the attacks could be detected, and how their impact could be limited.

Nuclear Regulatory Systems in Africa: Improving Safety and Security Culture Through Education and Training

International Nuclear Information System (INIS)

Kazadi Kabuya, F.

2016-01-01

The purpose of this paper is to address the important issue of supporting safety and security culture through an educational and training course program designed both for regulatory staff and licensees. Enhancing the safety and security of nuclear facilities may involve assessing the overall effectiveness of the organization's safety culture. Safety Culture implies steps such as identifying and targeting areas requiring attention, putting emphasis on organizational strengths and weaknesses, human attitudes and behaviours that may positively impact an organization's safety culture, resulting in improving workplace safety and developing and maintaining a high level of awareness within these facilities. Following the terrorist attacks of September 11, 2001, international efforts were made towards achieving such goals. This was realized through meetings, summits and training courses events, with main aim to enhance security at facilities whose activities, if attacked, could impact public health and safety. During regulatory oversight inspections undertaken on some licensee's premises, violations of security requirements were identified. They mostly involved inadequate management oversight of security, lack of a questioning attitude, complacency and mostly inadequate training in both security and safety issues. Using training and education approach as a support to raise awareness on safety and security issues in the framework of improving safety and security culture, a tentative training program in nuclear and radiological safety was started in 2002 with the main aim of vulgarizing the regulatory framework. Real first needs for a training course program were identified among radiographers and radiologists with established working experience but with limited knowledge in radiation safety. In the field of industrial uses of radiation the triggering events for introducing and implementing a training program were: the loss of a radioactive source in a mining

Leveraging Safety Programs to Improve and Support Security Programs

Energy Technology Data Exchange (ETDEWEB)

Leach, Janice [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Snell, Mark K. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Pratt, R. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Sandoval, S. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2015-10-01

There has been a long history of considering Safety, Security, and Safeguards (3S) as three functions of nuclear security design and operations that need to be properly and collectively integrated with operations. This paper specifically considers how safety programmes can be extended directly to benefit security as part of an integrated facility management programme. The discussion will draw on experiences implementing such a programme at Sandia National Laboratories’ Annular Research Reactor Facility. While the paper focuses on nuclear facilities, similar ideas could be used to support security programmes at other types of high-consequence facilities and transportation activities.

Improvement on Quantum Secure Direct Communication with W State in Noisy Channel

International Nuclear Information System (INIS)

Dong Li; Xiu Xiaoming; Gao Yajun; Chi Feng

2009-01-01

An improvement (Y-protocol) [Commun. Theor. Phys. 49 (2008) 103] on the quantum secure direct communication with W state (C-protocol) [Chin. Phys. Lett. 23 (2006) 290] is proposed by Yuan et al. The quantum bit error rate induced by eavesdropper is 4.17% in C-protocol and 6.25% in Y-protocol. In this paper, another improvement on C-protocol is given. The quantum bit error rate of the eavesdropping will increase to 8.75%, which is 1.1 times larger than that in C-protocol and 0.4 times larger than that in Y-protocol.

Improving the Security of Internet Banking Applications by Using Multimodal Biometrics

Directory of Open Access Journals (Sweden)

Cătălin Lupu

2015-03-01

Full Text Available Online banking applications are used by more and more people all over the world. Most of the banks are providing these services to their customers. The authentication methods varies from the basic user and password to username and a onetime password (OTP generated by a virtual or a physical digipass. The common thing among authentication methods is that the login wepage is provided through a secure channel. Some banks have introduced (especially for testing purposes the authentication using common biometric characteristics, like fingerprint, voice or keystroke recognition. This paper will present some of the most common online banking authentication methods, together with basic biometric characteristics that could be used in these applications. The security in internet banking applications can be improved by using biometrics for the authentication process. Also, the authors have developed an application for authentication of users using fingerprint as the main characteristic, which will be presented at the end of this paper.

Urban Ecological Security Simulation and Prediction Using an Improved Cellular Automata (CA) Approach-A Case Study for the City of Wuhan in China.

Science.gov (United States)

Gao, Yuan; Zhang, Chuanrong; He, Qingsong; Liu, Yaolin

2017-06-15

Ecological security is an important research topic, especially urban ecological security. As highly populated eco-systems, cities always have more fragile ecological environments. However, most of the research on urban ecological security in literature has focused on evaluating current or past status of the ecological environment. Very little literature has carried out simulation or prediction of future ecological security. In addition, there is even less literature exploring the urban ecological environment at a fine scale. To fill-in the literature gap, in this study we simulated and predicted urban ecological security at a fine scale (district level) using an improved Cellular Automata (CA) approach. First we used the pressure-state-response (PSR) method based on grid-scale data to evaluate urban ecological security. Then, based on the evaluation results, we imported the geographically weighted regression (GWR) concept into the CA model to simulate and predict urban ecological security. We applied the improved CA approach in a case study-simulating and predicting urban ecological security for the city of Wuhan in Central China. By comparing the simulated ecological security values from 2010 using the improved CA model to the actual ecological security values of 2010, we got a relatively high value of the kappa coefficient, which indicates that this CA model can simulate or predict well future development of ecological security in Wuhan. Based on the prediction results for 2020, we made some policy recommendations for each district in Wuhan.

Urban Ecological Security Simulation and Prediction Using an Improved Cellular Automata (CA) Approach—A Case Study for the City of Wuhan in China

Science.gov (United States)

Gao, Yuan; Zhang, Chuanrong; He, Qingsong; Liu, Yaolin

2017-01-01

Ecological security is an important research topic, especially urban ecological security. As highly populated eco-systems, cities always have more fragile ecological environments. However, most of the research on urban ecological security in literature has focused on evaluating current or past status of the ecological environment. Very little literature has carried out simulation or prediction of future ecological security. In addition, there is even less literature exploring the urban ecological environment at a fine scale. To fill-in the literature gap, in this study we simulated and predicted urban ecological security at a fine scale (district level) using an improved Cellular Automata (CA) approach. First we used the pressure-state-response (PSR) method based on grid-scale data to evaluate urban ecological security. Then, based on the evaluation results, we imported the geographically weighted regression (GWR) concept into the CA model to simulate and predict urban ecological security. We applied the improved CA approach in a case study—simulating and predicting urban ecological security for the city of Wuhan in Central China. By comparing the simulated ecological security values from 2010 using the improved CA model to the actual ecological security values of 2010, we got a relatively high value of the kappa coefficient, which indicates that this CA model can simulate or predict well future development of ecological security in Wuhan. Based on the prediction results for 2020, we made some policy recommendations for each district in Wuhan. PMID:28617348

Securing Chinese nuclear power development: further strengthening nuclear security

International Nuclear Information System (INIS)

Zhang Hui

2014-01-01

Chinese President Xi Jinping addresses China's new concept of nuclear security with four 'equal emphasis' at the third Nuclear Security Summit, and makes four commitments to strengthen nuclear security in the future. To convert President Xi's political commitments into practical, sustainable reality, China should take further steps to install a complete, reliable, and effective security system to ensure that all its nuclear materials and nuclear facilities are effectively protected against the full spectrum of plausible terrorist and criminal threats. This paper suggests the following measures be taken to improve China's existing nuclear security system, including updating and clarifying the requirements for a national level DBT; updating and enforcing existing regulations; further promoting nuclear security culture; balancing the costs of nuclear security, and further strengthening international cooperation on nuclear security. (author)

An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system.

Science.gov (United States)

Das, Ashok Kumar; Bruhadeshwar, Bezawada

2013-10-01

Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, their scheme still has two security weaknesses such as (1) it has design flaws in authentication phase and (2) it has design flaws in password change phase. In order to withstand these flaws found in Lee-Liu's scheme, we propose an improvement of their scheme. Our improved scheme keeps also the original merits of Lee-Liu's scheme. We show that our scheme is efficient as compared to Lee-Liu's scheme. Further, through the security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against passive and active attacks.

A case for avoiding security-enhanced HTTP tools to improve security for Web-based applications

Energy Technology Data Exchange (ETDEWEB)

Wood, B.

1996-03-01

This paper describes some of the general weaknesses of the current popular Hypertext Transmission Protocol (HTTP) security standards and products in an effort to show that these standards are not appealing for many applications. The author will then show how one can treat HTTP browsers and servers as untrusted elements in the network so that one can rely on other mechanisms to achieve better overall security than can be attained through today`s security-enhanced HTTP tools.

Cryptanalyzing an improved security modulated chaotic encryption scheme using ciphertext absolute value

International Nuclear Information System (INIS)

Alvarez, G.; Montoya, F.; Romera, M.; Pastor, G.

2005-01-01

This paper describes the security weakness of a recently proposed improved chaotic encryption method based on the modulation of a signal generated by a chaotic system with an appropriately chosen scalar signal. The aim of the improvement is to avoid the breaking of chaotic encryption schemes by means of the return map attack introduced by Perez and Cerdeira. A method of attack based on taking the absolute value of the ciphertext is presented, that allows for the cancellation of the modulation scalar signal and the determination of some system parameters that play the role of system key. The proposed improved method is shown to be compromised without any knowledge of the chaotic system parameter values and even without knowing the transmitter structure

Mobile communication security

NARCIS (Netherlands)

Broek, F.M.J. van den

2016-01-01

Security of the mobile network Fabian van den Broek We looked at the security of the wireless connection between mobile phone and cell towers and suggested possible improvements. The security was analysed on a design level, by looking at the protocols and encryption techniques, but also on an

Multimedia Security System for Security and Medical Applications

Science.gov (United States)

Zhou, Yicong

2010-01-01

This dissertation introduces a new multimedia security system for the performance of object recognition and multimedia encryption in security and medical applications. The system embeds an enhancement and multimedia encryption process into the traditional recognition system in order to improve the efficiency and accuracy of object detection and…

Information Security: USDA Needs to Implement Its Departmentwide Information Security Plan

National Research Council Canada - National Science Library

2000-01-01

USDA has taken positive steps to begin improving its information security by developing its August 1999 Action Plan with recommendations to strengthen department-wide information security and hiring...

When Information Improves Information Security

Science.gov (United States)

Grossklags, Jens; Johnson, Benjamin; Christin, Nicolas

This paper presents a formal, quantitative evaluation of the impact of bounded-rational security decision-making subject to limited information and externalities. We investigate a mixed economy of an individual rational expert and several naïve near-sighted agents. We further model three canonical types of negative externalities (weakest-link, best shot and total effort), and study the impact of two information regimes on the threat level agents are facing.

Fischer-Tropsch. A futuristic view

Energy Technology Data Exchange (ETDEWEB)

Vosloo, A.C. [Sasol Technology Research and Development, PO Box 1, 9570 Sasolburg (South Africa)

2001-06-01

Although the three processing steps that constitute the Fischer-Tropsch based Gas-to-Liquids (GTL) technology, namely syngas generation, syngas conversion and hydroprocessing, are all commercially proven and individually optimized, their combined use is not widely applied. In order to make the GTL technology more cost-effective, the focus must be on reducing both the capital and the operating costs of such a plant. Current developments in the area of syngas generation, namely oxygen transfer membranes and heat exchange reforming, have the potential to significantly reduce the capital cost and improve the thermal efficiency of a GTL plant. Further improvements in terms of the activity and selectivity of the Fischer-Tropsch catalyst can also make a significant reduction in the operating cost of such a plant.

Seeking A Breakthrough: The Improvement of The Asia-Pacific Security Structure From the Perspective of “One Belt One Road” Initiative

OpenAIRE

Zhang Zhaoxi

2016-01-01

The U.S alliance in the Asia-Pacific region has exerted significant influence on Asia-Pacific security architecture for a long time. While with the deepening of interdependence among Asia-Pacific countries, the development of regional international relations has outdated the existing security architecture in this region. It is imperative to improve the architecture in that there are plenty of structural hurdles, such as the obsolescence of security concepts, the fragmentation of security mech...

An Analysis Of Wireless Security

OpenAIRE

Salendra Prasad

2017-01-01

The WLAN security includes Wired Equivalent Primary WEP and WI-FI protected Access WPA. Today WEP is regarded as very poor security standard. WEP was regarded as very old security standard and has many security issues which users need to be addressed. In this Paper we will discuss Wireless Security and ways to improve on wireless security.

About Security Solutions in Fog Computing

Directory of Open Access Journals (Sweden)

Eugen Petac

2016-01-01

Full Text Available The key for improving a system's performance, its security and reliability is to have the dataprocessed locally in remote data centers. Fog computing extends cloud computing through itsservices to devices and users at the edge of the network. Through this paper it is explored the fogcomputing environment. Security issues in this area are also described. Fog computing providesthe improved quality of services to the user by complementing shortages of cloud in IoT (Internet ofThings environment. Our proposal, named Adaptive Fog Computing Node Security Profile(AFCNSP, which is based security Linux solutions, will get an improved security of fog node withrich feature sets.

A Stochastic Model for Improving Information Security in Supply Chain Systems

OpenAIRE

Ibrahim Al Kattan; Ahmed Al Nunu; Kassem Saleh

2009-01-01

This article presents a probabilistic security model for supply chain management systems (SCM) in which the basic goals of security (including confidentiality, integrity, availability and accountability, CIAA) are modeled and analyzed. Consequently, the weak points in system security are identified. A stochastic model using measurable values to describe the information system security of a SCM is introduced. Information security is a crucial and integral part of the network of supply chains. ...

Computer Security: improve software, avoid blunder

CERN Multimedia

Computer Security Team

2014-01-01

Recently, a severe vulnerability has been made public about how Apple devices are wrongly handling encryption. This vulnerability rendered SSL/TLS protection useless, and permitted attackers checking out a wireless network to capture or modify data in encrypted sessions.   In other words, all confidential data like passwords, banking information, etc. could have been siphoned off by a targeted attack. While Apple has been quick in providing adequate security patches for iOS devices and Macs, it is an excellent example of how small mistakes can lead to big security holes. Here is the corresponding code from Apple’s Open Source repository. Can you spot the issue? 1 static OSStatus 2 SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams, uint8_t *signature, UInt16 signatureLen) 3 { 4              OSStatus &nb...

Simple algorithm for improved security in the FDDI protocol

Science.gov (United States)

Lundy, G. M.; Jones, Benjamin

1993-02-01

We propose a modification to the Fiber Distributed Data Interface (FDDI) protocol based on a simple algorithm which will improve confidential communication capability. This proposed modification provides a simple and reliable system which exploits some of the inherent security properties in a fiber optic ring network. This method differs from conventional methods in that end to end encryption can be facilitated at the media access control sublayer of the data link layer in the OSI network model. Our method is based on a variation of the bit stream cipher method. The transmitting station takes the intended confidential message and uses a simple modulo two addition operation against an initialization vector. The encrypted message is virtually unbreakable without the initialization vector. None of the stations on the ring will have access to both the encrypted message and the initialization vector except the transmitting and receiving stations. The generation of the initialization vector is unique for each confidential transmission and thus provides a unique approach to the key distribution problem. The FDDI protocol is of particular interest to the military in terms of LAN/MAN implementations. Both the Army and the Navy are considering the standard as the basis for future network systems. A simple and reliable security mechanism with the potential to support realtime communications is a necessary consideration in the implementation of these systems. The proposed method offers several advantages over traditional methods in terms of speed, reliability, and standardization.

Integrating Visual Mnemonics and Input Feedback With Passphrases to Improve the Usability and Security of Digital Authentication.

Science.gov (United States)

Juang, Kevin; Greenstein, Joel

2018-04-01

We developed a new authentication system based on passphrases instead of passwords. Our new system incorporates a user-generated mnemonic picture displayed during login, definition tooltips, error correction to reduce typographical errors, a decoy-based input masking technique, and random passphrase generation using either a specialized wordlist or a sentence template. Passphrases exhibit a greater level of security than traditional passwords, but their wider adoption has been hindered by human factors issues. Our assertion is that the added features of our system work particularly well with passphrases and help address these shortcomings. We conducted a study to evaluate our new system with a customized 1,450-word list and our new system with a 6-word sentence structure against the control conditions of a user-created passphrase of at least 24 characters and a system-generated passphrase using a 10,326-word list. Fifty participants completed two sessions so that we could measure the usability and security of the authentication schemes. With the new system conditions, memorability was improved, and security was equivalent to or better than the control conditions. Usability and overall ratings also favored the new system conditions over the control conditions. Our research presents a new authentication system using innovative techniques that improve on the usability and security of existing password and passphrase authentication systems. In computer security, drastic changes should never happen overnight, but we recommend that our contributions be incorporated into current authentication systems to help facilitate a transition from passwords to usable passphrases.

Security and SCADA protocols

International Nuclear Information System (INIS)

Igure, V. M.; Williams, R. D.

2006-01-01

Supervisory control and data acquisition (SCADA) networks have replaced discrete wiring for many industrial processes, and the efficiency of the network alternative suggests a trend toward more SCADA networks in the future. This paper broadly considers SCADA to include distributed control systems (DCS) and digital control systems. These networks offer many advantages, but they also introduce potential vulnerabilities that can be exploited by adversaries. Inter-connectivity exposes SCADA networks to many of the same threats that face the public internet and many of the established defenses therefore show promise if adapted to the SCADA differences. This paper provides an overview of security issues in SCADA networks and ongoing efforts to improve the security of these networks. Initially, a few samples from the range of threats to SCADA network security are offered. Next, attention is focused on security assessment of SCADA communication protocols. Three challenges must be addressed to strengthen SCADA networks. Access control mechanisms need to be introduced or strengthened, improvements are needed inside of the network to enhance security and network monitoring, and SCADA security management improvements and policies are needed. This paper discusses each of these challenges. This paper uses the Profibus protocol as an example to illustrate some of the vulnerabilities that arise within SCADA networks. The example Profibus security assessment establishes a network model and an attacker model before proceeding to a list of example attacks. (authors)

Information security management: a proposal to improve the effectiveness of information security in the scientific research environment

International Nuclear Information System (INIS)

Alexandria, Joao Carlos Soares de

2009-01-01

The increase of the connectivity in the business environment, combined with the growing dependency of information systems, has become the information security management an important governance tool. Information security has as main goal to protect the business transactions in order to work normally. In this way, It will be safeguarding the business continuity. The threats of information come from hackers' attacks, electronic frauds and spying, as well as fire, electrical energy interruption and humans fault. Information security is made by implementation of a set of controls, including of the others politics, processes, procedures, organizational structures, software and hardware, which require a continuous management and a well established structure to be able to face such challenges. This work tried to search the reasons why the organizations have difficulties to make a practice of information security management. Many of them just limit to adopt points measures, sometimes they are not consistent with their realities. The market counts on enough quantity of standards and regulations related to information security issues, for example, ISO/IEC 27002, American Sarbanes-Oxley act, Basel capital accord, regulations from regulatory agency (such as the Brazilians ones ANATEL, ANVISA and CVM). The market researches have showed that the information security implementation is concentrated on a well-defined group of organization mainly formed by large companies and from specifics sectors of economy, for example, financial and telecommunication. However, information security must be done by all organizations that use information systems to carry out their activities, independently of its size or economic area that it belongs. The situation of information security in the governmental sector of Brazil, and inside its research institutions, is considered worrying by the Brazilian Court of Accounts (TCU). This research work presents an assessment and diagnostic proposal of

Genetically Engineered Crops and Certified Organic Agriculture for Improving Nutrition Security in Africa and South Asia.

Science.gov (United States)

Pray, Carl; Ledermann, Samuel

2016-01-01

In Africa and South Asia, where nutrition insecurity is severe, two of the most prominent production technologies are genetically modified (GM) crops and certified organic agriculture. We analyze the potential impact pathways from agricultural production to nutrition. Our review of data and the literature reveals increasing farm-level income from cash crop production as the main pathway by which organic agriculture and GM agriculture improve nutrition. Potential secondary pathways include reduced prices of important food crops like maize due to GM maize production and increased food production using organic technology. Potential tertiary pathways are improvements in health due to reduced insecticide use. Challenges to the technologies achieving their impact include the politics of GM agriculture and the certification costs of organic agriculture. Given the importance of agricultural production in addressing nutrition security, accentuated by the post-2015 sustainable development agenda, the chapter concludes by stressing the importance of private and public sector research in improving the productivity and adoption of both GM and organic crops. In addition, the chapter reminds readers that increased farm income and productivity require complementary investments in health, education, food access and women's empowerment to actually improve nutrition security. © 2016 S. Karger AG, Basel.

Grid Security

CERN Multimedia

CERN. Geneva

2004-01-01

The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

Hacking and securing the AR.Drone 2.0 quadcopter: investigations for improving the security of a toy

Science.gov (United States)

Pleban, Johann-Sebastian; Band, Ricardo; Creutzburg, Reiner

2014-02-01

In this article we describe the security problems of the Parrot AR.Drone 2.0 quadcopter. Due to the fact that it is promoted as a toy with low acquisition costs, it may end up being used by many individuals which makes it a target for harmful attacks. In addition, the videostream of the drone could be of interest for a potential attacker due to its ability of revealing confidential information. Therefore, we will perform a security threat analysis on this particular drone. We will set the focus mainly on obvious security vulnerabilities like the unencrypted Wi-Fi connection or the user management of the GNU/Linux operating system which runs on the drone. We will show how the drone can be hacked in order to hijack the AR.Drone 2.0. Our aim is to sensitize the end-user of AR.Drones by describing the security vulnerabilities and to show how the AR.Drone 2.0 could be secured from unauthorized access. We will provide instructions to secure the drones Wi-Fi connection and its operation with the official Smartphone App and third party PC software.

The Efficiency of Improvement of the Economic Security System of Ukraine

Directory of Open Access Journals (Sweden)

Klunko Nataliya S.

2017-09-01

Full Text Available An analysis of approaches to the formation of efficiency of ensuring economic security was carried out. The essence of economic security has been defined and its material base has been described. Threats to the economic security of Ukraine have been systematized and their structure analyzed. Both internal and external measures to prevent threats to the economic security of Ukraine have been allocated. Dynamics of the factors on which the economic security of Ukraine depends has been considered. It has been determined that the socio-economic development strategy formulated makes the country’s economic security system efficient. Two approaches to the strategic development of the Ukrainian economy have been allocated: enhancing competitiveness and integration into the international economic associations.

The Personal Information Security Assistant

NARCIS (Netherlands)

Kegel, Roeland Hendrik,Pieter

The human element is often found to be the weakest link in the information security chain. The Personal Information Security Assistant project aims to address this by improving the privacy and security awareness of end-users and by aligning the user's personal IT environment to the user's security

Proactive Security Testing and Fuzzing

Science.gov (United States)

Takanen, Ari

Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flaw-less. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and patches were quietly and humbly installed), they now are probably one of the most common reasons why people switch vendors or software providers. The maintenance costs from security updates often add to become one of the biggest cost items to large Enterprise users. Fortunately test automation techniques have also improved. Techniques like model-based testing (MBT) enable efficient generation of security tests that reach good confidence levels in discovering zero-day mistakes in software. This technique is called fuzzing.

Information Security Governance: When Compliance Becomes More Important than Security

OpenAIRE

Tan , Terence C. C.; Ruighaver , Anthonie B.; Ahmad , Atif

2010-01-01

International audience; Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational secu...

Improving the Security and Performance of the BaBar Detector Controls System

International Nuclear Information System (INIS)

Kotturi, Karen D.

2003-01-01

It starts out innocently enough--users want to monitor Online data and so run their own copies of the detector control GUIs in their offices and at home. But over time, the number of processes making requests for values to display on GUIs, webpages and stripcharts can grow, and affect the performance of an Input/Output Controller (IOC) such that it is unable to respond to requests from requests critical to data-taking. At worst, an IOC can hang, its CPU having been allocated 100% to responding to network requests. For the BaBar Online Detector Control System, we were able to eliminate this problem and make great gains in security by moving all of the IOCs to a non-routed, virtual LAN and by enlisting a workstation with two network interface cards to act as the interface between the virtual LAN and the public BaBar network. On the interface machine, we run the Experimental Physics Industrial Control System (EPICS) Channel Access (CA) gateway software (originating from Advanced Photon Source). This software accepts as inputs, all the channels which are loaded into the EPICS databases on all the IOCs. It polls them to update its copy of the values. It answers requests from applications by sending them the currently cached value. We adopted the requirement that data-taking would be independent of the gateway, so that, in the event of a gateway failure, data-taking would be uninterrupted. In this way, we avoided introducing any new risk elements to data-taking. Security rules already in use by the IOC were propagated to the gateway's own security rules and the security of the IOCs themselves was improved by removing them from the public BaBar network

POLICE OFFICE MODEL IMPROVEMENT FOR SECURITY OF SWARM ROBOTIC SYSTEMS

Directory of Open Access Journals (Sweden)

I. A. Zikratov

2014-09-01

Full Text Available This paper focuses on aspects of information security for group of mobile robotic systems with swarm intellect. The ways for hidden attacks realization by the opposing party on swarm algorithm are discussed. We have fulfilled numerical modeling of potentially destructive information influence on the ant shortest path algorithm. We have demonstrated the consequences of attacks on the ant algorithm with different concentration in a swarm of subversive robots. Approaches are suggested for information security mechanisms in swarm robotic systems, based on the principles of centralized security management for mobile agents. We have developed the method of forming a self-organizing information security management system for robotic agents in swarm groups implementing POM (Police Office Model – a security model based on police offices, to provide information security in multi-agent systems. The method is based on the usage of police station network in the graph nodes, which have functions of identification and authentication of agents, identifying subversive robots by both their formal characteristics and their behavior in the swarm. We have suggested a list of software and hardware components for police stations, consisting of: communication channels between the robots in police office, nodes register, a database of robotic agents, a database of encryption and decryption module. We have suggested the variants of logic for the mechanism of information security in swarm systems with different temporary diagrams of data communication between police stations. We present comparative analysis of implementation of protected swarm systems depending on the functioning logic of police offices, integrated in swarm system. It is shown that the security model saves the ability to operate in noisy environments, when the duration of the interference is comparable to the time necessary for the agent to overcome the path between police stations.

Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

Energy Technology Data Exchange (ETDEWEB)

Hadley, Mark D.; Clements, Samuel L.

2009-01-01

Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

From Serpent to CEO: Improving First-Term Security Forces Airman Performance Through Neuroscience Education

Science.gov (United States)

2017-06-09

support procedures and decision - making processes. Creating awareness that limitations are present creates a natural motivation to want to reduce...law enforcement decision - making ? What cultural norms within Security Forces should be challenged to improve responses of young adults faced with...enforcement and combat decision - making processes is available. However, it is not uncommon for laboratory discoveries to enter clinical practice, not to

Big data, little security: Addressing security issues in your platform

Science.gov (United States)

Macklin, Thomas; Mathews, Joseph

2017-05-01

This paper describes some patterns for information security problems that consistently emerge among traditional enterprise networks and applications, both with respect to cyber threats and data sensitivity. We draw upon cases from qualitative studies and interviews of system developers, network operators, and certifiers of military applications. Specifically, the problems discussed involve sensitivity of data aggregates, training efficacy, and security decision support in the human machine interface. While proven techniques can address many enterprise security challenges, we provide additional recommendations on how to further improve overall security posture, and suggest additional research thrusts to address areas where known gaps remain.

Auditing Organizational Security

Science.gov (United States)

2017-01-01

Organi- zation for Standardiza- tion ( ISO ): ISO 27000 : Information Systems Se- curity Management. A robust program of internal auditing of a...improvement is the basis and underpinning of the ISO . All processes must be considered ongoing and never at an “end state.” Top management develops a...security management system, including security policies and security objectives, plus threats and risks. Orga- nizations already working with ISO 9000

IAEA nuclear security program

Energy Technology Data Exchange (ETDEWEB)

Ek, D. [International Atomic Energy Agency, Vienna (Austria)

2006-07-01

Although nuclear security is a State responsibility, it is nevertheless an international concern, as the consequences of a nuclear security incident would have worldwide impact. These concerns have resulted in the development of numerous international instruments on nuclear security since the terrorist events in the USA on September 11, 2001. The IAEA Office of Nuclear Security has been charged to assist Member States to improvement their nuclear security and to meet the intent of these international obligations in order to ensure a cohesive thread of nuclear security protects the global community. The programs underway and planned by the Office of Nuclear Security will be discussed in this paper. (author)

IAEA nuclear security program

International Nuclear Information System (INIS)

Ek, D.

2006-01-01

Although nuclear security is a State responsibility, it is nevertheless an international concern, as the consequences of a nuclear security incident would have worldwide impact. These concerns have resulted in the development of numerous international instruments on nuclear security since the terrorist events in the USA on September 11, 2001. The IAEA Office of Nuclear Security has been charged to assist Member States to improvement their nuclear security and to meet the intent of these international obligations in order to ensure a cohesive thread of nuclear security protects the global community. The programs underway and planned by the Office of Nuclear Security will be discussed in this paper. (author)

Competitive Cyber-Insurance and Internet Security

Science.gov (United States)

Shetty, Nikhil; Schwartz, Galina; Felegyhazi, Mark; Walrand, Jean

This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user's probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyberinsurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users' security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography.

Science.gov (United States)

Chaudhry, Shehzad Ashraf; Mahmood, Khalid; Naqvi, Husnain; Khan, Muhammad Khurram

2015-11-01

Telecare medicine information system (TMIS) offers the patients convenient and expedite healthcare services remotely anywhere. Patient security and privacy has emerged as key issues during remote access because of underlying open architecture. An authentication scheme can verify patient's as well as TMIS server's legitimacy during remote healthcare services. To achieve security and privacy a number of authentication schemes have been proposed. Very recently Lu et al. (J. Med. Syst. 39(3):1-8, 2015) proposed a biometric based three factor authentication scheme for TMIS to confiscate the vulnerabilities of Arshad et al.'s (J. Med. Syst. 38(12):136, 2014) scheme. Further, they emphasized the robustness of their scheme against several attacks. However, in this paper we establish that Lu et al.'s scheme is vulnerable to numerous attacks including (1) Patient anonymity violation attack, (2) Patient impersonation attack, and (3) TMIS server impersonation attack. Furthermore, their scheme does not provide patient untraceability. We then, propose an improvement of Lu et al.'s scheme. We have analyzed the security of improved scheme using popular automated tool ProVerif. The proposed scheme while retaining the plusses of Lu et al.'s scheme is also robust against known attacks.

Improving Tamper Detection for Hazardous Waste Security

International Nuclear Information System (INIS)

Johnston, R. G.; Garcia, A. R. E.; Pacheco, N.; Martinez, R. K.; Martinez, D. D.; Trujillo, S. J.; Lopez, L. N.

2003-01-01

Since September 11, waste managers are increasingly expected to provide effective security for their hazardous wastes. Tamper-indicating seals can help. This paper discusses seals, and offers recommendations for how to choose and use them

7 CFR 1822.269 - Security.

Science.gov (United States)

2010-01-01

... 7 Agriculture 12 2010-01-01 2010-01-01 false Security. 1822.269 Section 1822.269 Agriculture..., Procedures, and Authorizations § 1822.269 Security. Each loan will be secured by a mortgage on the property purchased or improved with the loan, and a security interest in the funds held by the corporation in trust...

A security scheme of SMS system

Science.gov (United States)

Zhang, Fangzhou; Yang, Hong-Wei; Song, Chuck

2005-02-01

With the prosperous development and the use of SMS, more and more important information need to be transferred through the wireless and mobile networks by the users. But in the GSM/GPRS network, the SMS messages are transferred in text mode through the signaling channel and there is no integrality for SMS messages. Because of the speciality of the mobile communications, the security of signaling channel is very weak. So we need to improve and enhance the security and integrality of SMS. At present, developed investigation based on SMS security is still incomplete. The key distribution and management is not perfect to meet the usability in a wide area. This paper introduces a high-level security method to solve this problem. We design the Secure SMS of GSM/GPRS in order to improve the security of the important information that need to be transferred by the mobile networks. Using this method, we can improve the usability of E-payment and other mobile electronic commerce.

Improving Control System Cyber-State Awareness using Known Secure Sensor Measurements

Energy Technology Data Exchange (ETDEWEB)

Ondrej Linda; Milos Manic; Miles McQueen

2012-09-01

Abstract—This paper presents design and simulation of a low cost and low false alarm rate method for improved cyber-state awareness of critical control systems - the Known Secure Sensor Measurements (KSSM) method. The KSSM concept relies on physical measurements to detect malicious falsification of the control systems state. The KSSM method can be incrementally integrated with already installed control systems for enhanced resilience. This paper reviews the previously developed theoretical KSSM concept and then describes a simulation of the KSSM system. A simulated control system network is integrated with the KSSM components. The effectiveness of detection of various intrusion scenarios is demonstrated on several control system network topologies.

Information technology - Security techniques - Information security management systems - Requirements

CERN Document Server

International Organization for Standardization. Geneva

2005-01-01

ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives; use within organizations as a way to ensure that security risks are cost effectively managed; use within organizations to ensure comp...

Secure it now or secure it later: the benefits of addressing cyber-security from the outset

Science.gov (United States)

Olama, Mohammed M.; Nutaro, James

2013-05-01

The majority of funding for research and development (R&D) in cyber-security is focused on the end of the software lifecycle where systems have been deployed or are nearing deployment. Recruiting of cyber-security personnel is similarly focused on end-of-life expertise. By emphasizing cyber-security at these late stages, security problems are found and corrected when it is most expensive to do so, thus increasing the cost of owning and operating complex software systems. Worse, expenditures on expensive security measures often mean less money for innovative developments. These unwanted increases in cost and potential slowing of innovation are unavoidable consequences of an approach to security that finds and remediate faults after software has been implemented. We argue that software security can be improved and the total cost of a software system can be substantially reduced by an appropriate allocation of resources to the early stages of a software project. By adopting a similar allocation of R&D funds to the early stages of the software lifecycle, we propose that the costs of cyber-security can be better controlled and, consequently, the positive effects of this R&D on industry will be much more pronounced.

Security and Emergency Management Division

Data.gov (United States)

Federal Laboratory Consortium — Volpe's Security and Emergency Management Division identifies vulnerabilities, risks, and opportunities to improve the security of transportation systems, critical...

Trade and commerce in improved crops and food: an essay on food security.

Science.gov (United States)

Kershen, Drew L

2010-11-30

Agricultural trade between nations is a significant proportion of total international trade. Agricultural trade in transgenic crops faces extra complications due to the existence of domestic and international regimes that focus specifically on agricultural biotechnology. These specialized regimes create legal and commercial challenges for trade in transgenic crops that have significant implications for the food security of the nations of the world. By food security, one should understand not just the available supply of food, but also the quality of the food and the environmental impact of agricultural production systems. These specialized regimes for transgenic crops can either encourage or hinder the adoption of agricultural biotechnology as a sustainable intensive agriculture. Sustainable intensive agriculture offers hope for agronomic improvements for agricultural production, socio-economic betterment for farmers and environmental benefits for societies. Sustainable intensive agriculture offers particular hope for the poorest farmers of the world because agricultural biotechnology is a technology in the seed. Copyright © 2010 Elsevier B.V. All rights reserved.

Electronic healthcare information security

CERN Document Server

Dube, Kudakwashe; Shoniregun, Charles A

2010-01-01

The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

Insider Threat Security Reference Architecture

Science.gov (United States)

2012-04-01

this challenge. CMU/SEI-2012-TR-007 | 2 2 The Components of the ITSRA Figure 2 shows the four layers of the ITSRA. The Business Security layer......organizations improve their level of preparedness to address the insider threat. Business Security Architecture Data Security Architecture

Statistical security for Social Security.

Science.gov (United States)

Soneji, Samir; King, Gary

2012-08-01

The financial viability of Social Security, the single largest U.S. government program, depends on accurate forecasts of the solvency of its intergenerational trust fund. We begin by detailing information necessary for replicating the Social Security Administration's (SSA's) forecasting procedures, which until now has been unavailable in the public domain. We then offer a way to improve the quality of these procedures via age- and sex-specific mortality forecasts. The most recent SSA mortality forecasts were based on the best available technology at the time, which was a combination of linear extrapolation and qualitative judgments. Unfortunately, linear extrapolation excludes known risk factors and is inconsistent with long-standing demographic patterns, such as the smoothness of age profiles. Modern statistical methods typically outperform even the best qualitative judgments in these contexts. We show how to use such methods, enabling researchers to forecast using far more information, such as the known risk factors of smoking and obesity and known demographic patterns. Including this extra information makes a substantial difference. For example, by improving only mortality forecasting methods, we predict three fewer years of net surplus, $730 billion less in Social Security Trust Funds, and program costs that are 0.66% greater for projected taxable payroll by 2031 compared with SSA projections. More important than specific numerical estimates are the advantages of transparency, replicability, reduction of uncertainty, and what may be the resulting lower vulnerability to the politicization of program forecasts. In addition, by offering with this article software and detailed replication information, we hope to marshal the efforts of the research community to include ever more informative inputs and to continue to reduce uncertainties in Social Security forecasts.

A Key Generation Model for Improving the Security of Cryptographic ...

African Journals Online (AJOL)

Cryptography is a mathematical technique that plays an important role in information security techniques for addressing authentication, interactive proofs, data origination, sender/receiver identity, non-repudiation, secure computation, data integrity and confidentiality, message integrity checking and digital signatures.

Economic foundation and importance of non-state security sector within the national security system

Directory of Open Access Journals (Sweden)

Anđelković Slobodan

2016-01-01

Full Text Available The main purpose of this paper was to present the causes (for, role (played by and the growing importance of the non-state actors within the national security sector, while analyzing the economic interest of individuals, organizations and the state itself that were favoring such a development. In the course of our research we established how, as the state narrowed its activities down to more vital and more dangerous fields of work, this opened up space for independent contractors to enter those fields which carried less systemic risk. Such change was made possible in the post-Cold War context, when many of the former service members were hired by private companies. The economic motive had a role to play as well, given the need for additional security going beyond what state offered to its citizens, as many doubted the ability (efficiency of state to provide it in the first place; and private sector's willingness to provide it for a price. In Serbia, position of non-state security sector is still very much limited by the traditional notion of security as well as the division of competences, both left-overs from socialist times. This goes against positive tendencies within the sector itself (improvement of types and specialization of the security as service; strengthening of legal regulation; flexibility of services being offered. By conducting its basic service and improving the security of its clients, representatives of non-state security sector are - indirectly - improving the security of society as a whole, ensuring economic stability, which presents one of key national interests.

Improving Mental Health Reporting Practices in Between Personnel Security Investigations

Science.gov (United States)

2017-06-01

derogatory information, unfavorable administrative actions, and adverse actions to the appropriate personnel security, human resources , and...national security clearance? What type of clearances do people typically have (e.g., Secret, Top Secret, TS/SCI, SAP , etc.)? (2) Does [the

Don't Drop Your Guard: Securing Nuclear Facilities

International Nuclear Information System (INIS)

Lööf, Susanna

2013-01-01

You're never quite finished with nuclear security. ''Even the most advanced security system for radioactive or nuclear material needs to be continuously updated to ensure that it remains effective,'' says Arvydas Stadalnikas, an IAEA Senior Nuclear Security Officer. ''Security can always be improved. Even if you think you have the best system for today, it may require enhancements because of the changing environment,'' he said. To help States with this daunting task, the IAEA offers support through its International Physical Protection Advisory Service (IPPAS) which includes in-depth analysis of the physical protection and nuclear security followed by expert advice. The IAEA has carried out 58 missions to 37 countries since the IPPAS programme was launched in 1996, helping States translate international conventions, codes and guidance on nuclear security into practice. Although each mission focuses on improving the security in a specific country, ''the programme has benefits that reach far beyond the recipient State's national borders,'' Stadalnikas noted. ''Each IPPAS mission helps improve global nuclear security because enhanced security in one country means that you improve globally. Deficiencies in one country could open the way for malicious acts, which can have worldwide effects,'' he said

Perspectives on Energy Security

International Nuclear Information System (INIS)

Carlsson-Kanyama, Annika; Holmgren, Aake J.; Joensson, Thomas; Larsson, Robert L.

2007-05-01

A common notion of 'Energy Security' is that it includes access to energy resources without risking the the survival of the state. 'Security of supply' is most often the concept emphasized in the political discourse on energy security and it includes both production as well as secure and safe delivery of energy to the end consumers. Another aspect of energy security is the need for reducing energy consumption by improving energy efficiency. In this report, eight chapters covering these and other perspectives on energy security are presented. Six of the chapters deal with the supply perspective. Included topics cover power politics and geopolitical perspectives regarding large infrastructure projects and the ambitions of the EU in this regard. Further, methods and approaches for conducting risk analyses of electricity supply systems as well as for improving the security of digital control systems are discussed. As climate change will affect the supply and distribution of energy, one chapter presents an overview of this topic. The consumption perspective is discussed against the backdrop of research about household consumption practices and the role of climate change for future consumption levels. Finally, the role of armed forces as a large energy users is touched upon, as well as how so-called 'future studies' have dealt with energy as a topic

Nuclear security

International Nuclear Information System (INIS)

1991-12-01

This paper reports that despite their crucial importance to national security, safeguards at the Department of Energy's (DOE) weapons facilities may be falling short. DOE security inspections have identified many weaknesses, including poor performance by members of DOE's security force, poor accountability for quantities of nuclear materials, and the inability of personnel to locate documents containing classified information. About 13 percent of the 2,100 identified weakness resulted in DOE inspectors giving out unsatisfactory security ratings; another 38 percent led to marginal ratings. In addition, DOE's centralized safeguards and security information tracking system lacks current data on whether DOE field offices have corrected the identified weaknesses. Without reliable information, DOE has no way of knowing whether timely action was taken to correct problems, nor can it determine whether weaknesses are systematic. DOE has tried to minimize the impact of these security weaknesses at its facilities by establishing multiple layers of protection measures and instituting interim and compensatory measures for identified weaknesses. DOE is planning enhancements to the centralized tracking system that should improve its reliability and increase its effectiveness

A REGIONAL PARTNERSHIP ON RADIOLOGICAL SECURITY

International Nuclear Information System (INIS)

Morris, Fred A.; Murray, A.; Dickerson, S.; Tynan, Douglas M.; Rawl, Richard R.; Hoo, Mark S.

2007-01-01

In 2004, Australia, through the Australian Nuclear Science and Technology Organisation (ANSTO) created the Regional Security of Radioactive Sources (RSRS) project and partnered with the U.S. Department of Energy's National Nuclear Security Administration (NNSA) and the International Atomic Energy Agency (IAEA) to form the Southeast Asian Regional Radiological Security Partnership (RRSP). The intent of the RRSP/RSRS partnership is to cooperate with regional neighbors in Southeast Asia to improve the security of their radioactive sources. This Southeast Asian Partnership supports NNSA and IAEA objectives to improve the security of high risk radioactive sources by raising awareness of the need, and developing national programs, to: protect and control such materials; improve the security of such materials and recover and condition the materials no longer in use. To date, agreed upon joint activities have included assistance with the improvement of regulatory infrastructure for the control of radioactive sources, training on the physical protection of radioactive sources, training and assistance with the search, location, identification and securing of orphan radioactive sources and overall assistance with implementing the IAEA Code of Conduct on the Safety and Security of Radioactive Sources. Since the inception of the partnership, ten Southeast Asian nations have participated in a range of activities from receiving general training on the security of radioactive sources to receiving specialized equipment and training to locate orphan or abandoned radioactive sources. By having a shared vision and objectives for radioactive source security in the Southeast Asian region, ANSTO and NNSA have been able to develop a successful partnership which has effectively utilized the technical, financial and political resources of each contributing partner. An example of how this partnership works is the cooperation with the Nuclear Energy Regulatory Agency, Indonesia (BAPETEN) to

Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks.

Science.gov (United States)

Kim, Jiye; Lee, Donghoon; Jeon, Woongryul; Lee, Youngsook; Won, Dongho

2014-04-09

User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks). In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker's own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes.

Security Analysis and Improvements of Two-Factor Mutual Authentication with Key Agreement in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Jiye Kim

2014-04-01

Full Text Available User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks. In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker’s own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes.

Integrated security systems design a complete reference for building enterprise-wide digital security systems

CERN Document Server

Norman, Thomas L

2014-01-01

Integrated Security Systems Design, 2nd Edition, is recognized as the industry-leading book on the subject of security systems design. It explains how to design a fully integrated security system that ties together numerous subsystems into one complete, highly coordinated, and highly functional system. With a flexible and scalable enterprise-level system, security decision makers can make better informed decisions when incidents occur and improve their operational efficiencies in ways never before possible. The revised edition covers why designing an integrated security system is essential a

EU Failing FAO Challenge to Improve Global Food Security.

Science.gov (United States)

Smyth, Stuart J; Phillips, Peter W B; Kerr, William A

2016-07-01

The announcement that the European Union (EU) had reached an agreement allowing Member States (MS) to ban genetically modified (GM) crops confirms that the EU has chosen to ignore the food security challenge issued to the world by the Food and Agriculture Organization of the United Nations (FAO) in 2009. The FAO suggests that agricultural biotechnology has a central role in meeting the food security challenge. Copyright © 2016 Elsevier Ltd. All rights reserved.

Managing Cisco network security

CERN Document Server

Knipp, Eric

2002-01-01

An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

International Nuclear Security Education Network (INSEN): Promoting nuclear security education

International Nuclear Information System (INIS)

Muhamad Samudi Yasir

2013-01-01

Full-text: The need for human resource development programmes in nuclear security was underlined at several International Atomic Energy Agency (IAEA) General Conferences and Board of Governors Meetings. Successive IAEA Nuclear Security Plans, the most recent of which was agreed by the Board of Governors in September 2009, give high priority to assisting States in establishing educational programmes in nuclear security in order to ensure the sustainability of nuclear security improvements. The current Nuclear Security Plan 1 covering 2010-2013 emphasizes on the importance of considering existing capacities at international, regional and national levels while designing nuclear security academic programmes. In the course of implementing the Plan, the IAEA developed a guide entitled Educational Programme in Nuclear Security (IAEA Nuclear Security Series No. 12) that consists of a model of a MAster of Science (M.Sc.) and a Certificate Programme in Nuclear Security. This guide was aims at assisting universities or other educational institutes to developed academic programmes in nuclear security. Independently, some universities already offered academic programmes covering some areas of nuclear security, while other universities have asked the IAEA to support the implementation of these programmes. In order to better address current and future request for assistance in this area, the IAEA establish a collaboration network-International Nuclear Security Education Network (INSEN), among universities who are providing nuclear security education or who are interested in starting an academic programme/ course(s) in nuclear security. Universiti Kebangsaan Malaysia (UKM) is a first local university became a member of INSEN since the beginning of the establishment. (author)

24 CFR 201.51 - Proceeding against the loan security.

Science.gov (United States)

2010-04-01

....51 Proceeding against the loan security. (a) Property improvement loans. (1) After acceleration of maturity on a secured property improvement loan, the lender may either proceed against the loan security... proceeds against the loan security, it may submit an insurance claim only if it complies with the...

Transforming Security Screening With Biometrics

National Research Council Canada - National Science Library

Hearnsberger, Brian J

2003-01-01

... and identity theft to dramatically improve physical security. Today, biometric technology could be implemented to transform physical security by enhancing screening procedures currently in use at U.S...

Improved E-Banking System With Advanced Encryption Standards And Security Models

Directory of Open Access Journals (Sweden)

Sharaaf N. A.

2015-08-01

Full Text Available Emerging new Technologies and large scale businesses have made this world a global village. Many business organizations provide online services targeting global consumer bases. Transaction in international scale has been enabled by banks all around the world through E-banking in order to supply the needs of above business organizations. E-banking serves lots of benefits to both customers of banks and banks itself. It adds value to customers satisfaction with better service quality and enables banks to gain a competitive advantage over other competitors. Online banking need to possess high level security in order to provide safe consistent and robust online environment which guarantees secure data transmission and identity of both bank and customer. Lack of security may lead to less trust or hard to trust attitude towards online banking. Although customers are attracted by online banking convenience they seem largely in concern about identity theft and phishing. Analysis of many research papers on e-banking security models and their respective advantages and disadvantages have been discussed in literature review. Username password E-banking dongles fractal images biometric scans and advanced encryption standards are some of the suggested solutions for E-banking security. This study focuses on the security beyond above mechanisms. This paper ensures security of online banking at three levels. At client side using internet dongle integrated with finger print scanning technology at banking sever side and data transmission level. This model also includes username password and advanced encryption for further security. Complete description on the model has been discussed in methodology section. Future works on this topic and Conclusion are covered in separate sections.

Security research roadmap

Energy Technology Data Exchange (ETDEWEB)

Rouhiainen, V. (ed.)

2007-02-15

VTT has a broad range of security research ongoing in many areas of technology. The main areas have been concentrating on public safety and security, but VTT is also participating in several research projects related to defence technology. To identify and define expertise and research goals in more detail, the Security research roadmap was developed. The roadmap identified three particularly significant areas related to security. The assurance of a critical infrastructure emphasises the protection of energy networks, information networks, water supply, traffic and transport, and obviously also the citizens. For assuring the activities of entrepreneurship, significant areas include the security of production and services, the security of sites and assets, and information security for embedded systems. The most important security products and technologies needed are, for example, management of total security, detection, identification, localisation and communication, protection of information networks and systems, as well as physical protection. In the EU's Security programme, which aims at ensuring the security of society and its vital functions, it is stated that. Technology alone can not assure security, but security can not be assured without the support of technology. VTT is conducting security research in all its areas of expertise and clusters. The area has a significant research potential. The development of products and systems designed for the improvement of security has just started. There is still room for innovation. This report presents knowledge and development needs in more detail, as well as future development potential seen in the area of security. (orig.)

Information Security in Education: Are We Continually Improving?

Directory of Open Access Journals (Sweden)

Dennis Bialaszewski

2015-06-01

Full Text Available This paper will shed light on the lack of the development of appropriate monitoring systems in the field of education. Test banks can be easily purchased. Smart phones can take and share pictures of exams. A video of an exam given through Blackboard can easily be made. A survey to determine the extent of cheating using technology was given to several university students. Evidence is provided that shows security is lacking as evidenced by the number of students who have made use of technological advances to cheat on exams. The findings and conclusion may serve as evidence for administrators and policy makers to re-assess efforts being made to increase security in online testing.

Health Information Security in Hospitals: the Application of Security Safeguards.

Science.gov (United States)

Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

2016-02-01

A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

Improving Land Dry Farmer Capacity Toward Adequate Food Security

Directory of Open Access Journals (Sweden)

Sitti Aminah

2015-09-01

Full Text Available Land dry farmers have not enrolled in supporting food security. Most of the farmer are the peasants with low capacity to produce food. The purpose of the research is to formulate policy recommendation to increase capacity of the peasants for support food security. The data were collected using following techniques: questionnaire, interview and focus group discussion. The data were analyzed using descriptive statistics and structural equation modelling (SEM. The research results showed that the peasant characteristics and the peasants capacity are within low category, influencing the level of food security. The Government are expected actively to increase the peasant’s capacity by optimizing efforts: providing extension and training in participatory ways; increasing role of facilitator and researcher in empowerment process, increasing the peasants’ access to production input, credit facilities and wider markets, give incentive to the peasants so that they can do double working, as well as increasing coordination between government institutions and stakeholder.

Security force effectiveness and technology

International Nuclear Information System (INIS)

Seaton, M.B.

1988-01-01

No one would propose ineffective security forces. Applied technology always has, as its purpose, to increase effectiveness. Evidence exists, however, that poorly conceived or executed technological solutions can actually do more harm than good. The author argues for improved human factor considerations in physical security applied technology -- especially in the area of security console operations

Home blood pressure monitoring, secure electronic messaging and medication intensification for improving hypertension control: a mediation analysis.

Science.gov (United States)

Ralston, J D; Cook, A J; Anderson, M L; Catz, S L; Fishman, P A; Carlson, J; Johnson, R; Green, B B

2014-01-01

We evaluated the role of home monitoring, communication with pharmacists, medication intensification, medication adherence and lifestyle factors in contributing to the effectiveness of an intervention to improve blood pressure control in patients with uncontrolled essential hypertension. We performed a mediation analysis of a published randomized trial based on the Chronic Care Model delivered over a secure patient website from June 2005 to December 2007. Study arms analyzed included usual care with a home blood pressure monitor and usual care with home blood pressure monitor and web-based pharmacist care. Mediator measures included secure messaging and telephone encounters; home blood pressure monitoring; medications intensification and adherence and lifestyle factors. Overall fidelity to the Chronic Care Model was assessed with the Patient Assessment of Chronic Care (PACIC) instrument. The primary outcome was percent of participants with blood pressure (BP) <140/90 mm Hg. At 12 months follow-up, patients in the web-based pharmacist care group were more likely to have BP <140/90 mm Hg (55%) compared to patients in the group with home blood pressure monitors only (37%) (p = 0.001). Home blood pressure monitoring accounted for 30.3% of the intervention effect, secure electronic messaging accounted for 96%, and medication intensification for 29.3%. Medication adherence and self-report of fruit and vegetable intake and weight change were not different between the two study groups. The PACIC score accounted for 22.0 % of the main intervention effect. The effect of web-based pharmacist care on improved blood pressure control was explained in part through a combination of home blood pressure monitoring, secure messaging, and antihypertensive medication intensification.

Improving DNS security : a measurement-based approach

NARCIS (Netherlands)

van Rijswijk-Deij, Roland

2017-01-01

The Domain Name System (DNS) is a vital part of the core infrastructure of the Internet. It maps human readable names (such as www.example.com) to machine readable information (such as 93.184.216.34). This thesis studies two aspects of the DNS. First, it studies problems in the DNS Security

RFID security a lightweight paradigm

CERN Document Server

Khattab, Ahmed; Amini, Esmaeil; Bayoumi, Magdy

2017-01-01

This book provides a comprehensive treatment of security in the widely adopted, Radio Frequency Identification (RFID) technology. The authors present the fundamental principles of RFID cryptography in a manner accessible to a broad range of readers, enabling them to improve their RFID security design. This book also offers the reader a range of interesting topics portraying the current state-of-the-art in RFID technology and how it can be integrated with today’s Internet of Things (IoT) vision. The authors describe a first-of-its-kind, lightweight symmetric authenticated encryption cipher called Redundant Bit Security (RBS), which enables significant, multi-faceted performance improvements compared to existing cryptosystems. This book is a must-read for anyone aiming to overcome the constraints of practical implementation in RFID security technologies.

Argumentation-Based Security Requirements Elicitation: The Next Round

NARCIS (Netherlands)

Ionita, Dan; Bullee, Jan-Willem; Wieringa, Roelf J.

2014-01-01

Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of

Information security improving blocklist driven firewall implementation

OpenAIRE

Kylmänen, J. (Juha)

2013-01-01

Abstract The Internet has become a commodity and with it information security and privacy issues have appeared. Common threats against the end users include malware and phishing. Phishing is a social engineering technique used to mimic legit banking or social networking websites in an attempt to gain sensitive information from the user and malware is software with malicious intent. ...

Construction of Monitoring Model and Algorithm Design on Passenger Security during Shipping Based on Improved Bayesian Network

Science.gov (United States)

Wang, Jiali; Zhang, Qingnian; Ji, Wenfeng

2014-01-01

A large number of data is needed by the computation of the objective Bayesian network, but the data is hard to get in actual computation. The calculation method of Bayesian network was improved in this paper, and the fuzzy-precise Bayesian network was obtained. Then, the fuzzy-precise Bayesian network was used to reason Bayesian network model when the data is limited. The security of passengers during shipping is affected by various factors, and it is hard to predict and control. The index system that has the impact on the passenger safety during shipping was established on basis of the multifield coupling theory in this paper. Meanwhile, the fuzzy-precise Bayesian network was applied to monitor the security of passengers in the shipping process. The model was applied to monitor the passenger safety during shipping of a shipping company in Hainan, and the effectiveness of this model was examined. This research work provides guidance for guaranteeing security of passengers during shipping. PMID:25254227

Enhancing the Safety and Security of Radioactive Sources

International Nuclear Information System (INIS)

Hickey, J.

2004-01-01

The NRC initiatives to improve safety and security of sources began before 091101 and include both international and domestic activities. They supported the development and implementation of the IAEA Code of Conduct, which provides categorization of sources of concern, based on risk, improvement of regulatory programs of all member countries and improvement of safety and security of sources. International activities include the IAEA International Conference on Security of Sources (Vienna, Austria, March, 2003), the trilateral cooperation with Canada and Mexico, the assistance to individual countries to improve security and the proposed rule on export and import of radioactive material. The domestic initiatives are to issue the security orders and advisories to licensees, issue the panoramic irradiator orders (June 2003), issue the manufacturer orders (January 2004), complete the interim national source inventory, develop the national source tracking system, maintain the orphan source registration and retrieval program and upgrade the emergency preparedness

Microsoft Windows Server 2003: Security Enhancements and New Features

National Research Council Canada - National Science Library

Montehermoso, Ronald

2004-01-01

.... Windows NT and Windows 2000 were known to have numerous security vulnerabilities; hence Microsoft focused on improving security by making Windows Server 2003 secure by design, secure by default, secure in deployment...

Improving food security and nutrition through research | IDRC ...

International Development Research Centre (IDRC) Digital Library (Canada)

2016-10-06

Oct 6, 2016 ... In Canada, the 2012 federal budget highlighted CIFSRF's success, noting how the ... New animal vaccines could keep more African farmers in business ... Research on food security makes a difference for African women.

Secure Multiparty AES

Science.gov (United States)

Damgård, Ivan; Keller, Marcel

We propose several variants of a secure multiparty computation protocol for AES encryption. The best variant requires 2200 + {{400}over{255}} expected elementary operations in expected 70 + {{20}over{255}} rounds to encrypt one 128-bit block with a 128-bit key. We implemented the variants using VIFF, a software framework for implementing secure multiparty computation (MPC). Tests with three players (passive security against at most one corrupted player) in a local network showed that one block can be encrypted in 2 seconds. We also argue that this result could be improved by an optimized implementation.

Unconditionally Secure Protocols

DEFF Research Database (Denmark)

Meldgaard, Sigurd Torkel

This thesis contains research on the theory of secure multi-party computation (MPC). Especially information theoretically (as opposed to computationally) secure protocols. It contains results from two main lines of work. One line on Information Theoretically Secure Oblivious RAMS, and how....... We construct an oblivious RAM that hides the client's access pattern with information theoretic security with an amortized $\\log^3 N$ query overhead. And how to employ a second server that is guaranteed not to conspire with the first to improve the overhead to $\\log^2 N$, while also avoiding...... they are used to speed up secure computation. An Oblivious RAM is a construction for a client with a small $O(1)$ internal memory to store $N$ pieces of data on a server while revealing nothing more than the size of the memory $N$, and the number of accesses. This specifically includes hiding the access pattern...

Masters in Nuclear Security

International Nuclear Information System (INIS)

Rickwood, Peter

2013-01-01

Continuing global efforts to improve the security of nuclear and other radioactive material against the threat of malicious acts are being assisted by a new initiative, the development of a corps of professional experts to strengthen nuclear security. The IAEA, the European Commission, universities, research institutions and other bodies working in collaboration have established an International Nuclear Security Education Network (INSEN). In 2011, six European academic institutions, the Vienna University of Technology, the Brandenburg University of Applied Sciences, the Demokritos National Centre for Scientific Research in Greece, the Reactor Institute Delft of the Delft University of Technology in the Netherlands, the University of Oslo, and the University of Manchester Dalton Nuclear Institute, started developing a European Master of Science Programme in Nuclear Security Management. In March 2013, the masters project was inaugurated when ten students commenced studies at the Brandenburg University of Applied Sciences in Germany for two weeks. In April, they moved to the Delft University of Technology in the Netherlands for a further two weeks of studies. The pilot programme consists of six teaching sessions in different academic institutions. At the inauguration in Delft, IAEA Director General Yukiya Amano commended this effort to train a new generation of experts who can help to improve global nuclear security. ''It is clear that we will need a new generation of policy-makers and nuclear professionals - people like you - who will have a proper understanding of the importance of nuclear security,'' Mr. Amano told students and faculty members. ''The IAEA's goal is to support the development of such programmes on a global basis,'' said David Lambert, Senior Training Officer in the IAEA's Office of Nuclear Security. ''An existing postgraduate degree programme focused on nuclear security at Naif Arab University for Security Sciences (NAUSS) is currently supported by

Improving food and nutritional security of small and marginal coconut growers through diversification of crops and enterprises

Directory of Open Access Journals (Sweden)

Maria Luz George

2010-10-01

Full Text Available This paper presents the impact of integrating interventions like nutrition gardening, livestock rearing, product diversification and allied income generation activities in small and marginal coconut homesteads along with nutrition education in improving the food and nutritional security as well as the income of the family members. The activities were carried out through registered Community Based Organizations (CBOs in three locations in Kerala, India during 2005-2008. Data was collected before and after the project periods through interviews using a pre-tested questionnaire containing statements indicating the adequacy, quality and diversity of food materials. Fifty respondents each were randomly selected from the three communities, thereby resulting in a total sample size of 150. The data was analysed using SPSS by adopting statistical tools like frequency, average, percentage analysis, t – test and regression. Participatory planning and implementation of diverse interventions notably intercropping and off-farm activities along with nutrition education brought out significant improvements in the food and nutritional security, in terms of frequency and quantity of consumption as well as diet diversity. At the end of the project, 96%of the members became completely food secure and 72% nutritionally secure. The overall consumption of fruits, vegetables and milk by both children and adults and egg by children recorded increase over the project period. Consumption of fish was more than the Recommended Dietary Intake (RDI level during pre and post project periods. Project interventions like nutrition gardening could bring in surplus consumption of vegetables (35% and fruits (10% than RDI. In spite of the increased consumption of green leafy vegetables and milk and milk products over the project period, the levels of consumption were still below the RDI levels. CBO-wise analysis of the consumption patterns revealed the need for location

While Working Around Security

DEFF Research Database (Denmark)

Mathiasen, Niels Raabjerg

Users of technology encounter various IT security mechanisms in their everyday lives. If these mechanisms fail to support everyday activities, they either get in the way, or the users find a way to work around them. Even though users manage to carry out everyday activities by using substandard...... IT security mechanisms or via workarounds, it will influence their experience of security. If researchers and designers only focus on IT security artifacts and fail to take the user experience into account, incorrect processes or workarounds will occur. Accordingly, to get users to follow the correct process...... may seem to be a criterion of success, even though it may yield a less appropriate experience of security. This dissertation deals with an improved understanding of IT security sensitive IT artifacts and presents three design methods, and a framework for addressing the complexities and contingencies...

Natural gas to improve energy security in Small Island Developing States: A techno-economic analysis

Directory of Open Access Journals (Sweden)

Pravesh Raghoo

Full Text Available There is a paucity of studies on natural gas-based energy production in Small Island Developing States (SIDS even though technological improvements today are likely to make the application of natural gas more and more feasible. The development of natural gas in some of the regions of the Pacific, Africa, Indian Ocean and Caribbean attracts nearby countries and the coming up of the compressed natural gas (CNG technology which can serve regional markets are two motivations for SIDS to develop natural gas-based energy provision. A third factor concerns long-term energy security. Due to continued reliance on fossil fuels and slow uptake of renewable energy, there is a need to diversify SIDS’ energy mix for a sustainable electricity industry. Comparing the opportunities and constraints of liquefied natural gas (LNG and compressed natural gas (CNG in a SIDS-specific context, this paper discusses how to improve the integration of natural gas in prevailing energy regimes in SIDS as an alternative fuel to oil and complementary to renewable energy sources. To illustrate feasibility in practice, a techno-economic analysis is carried out using the island of Mauritius as an example. Keywords: Energy security, Natural gas, Small Island Developing States

Study to Improve Security for IoT Smart Device Controller: Drawbacks and Countermeasures

Directory of Open Access Journals (Sweden)

Xin Su

2018-01-01

Full Text Available Including mobile environment, conventional security mechanisms have been adapted to satisfy the needs of users. However, the device environment-IoT-based number of connected devices is quite different to the previous traditional desktop PC- or mobile-based environment. Based on the IoT, different kinds of smart and mobile devices are fully connected automatically via device controller, such as smartphone. Therefore, controller must be secure compared to conventional security mechanism. According to the existing security threats, these are quite different from the previous ones. Thus, the countermeasures applied should be changed. However, the smart device-based authentication techniques that have been proposed to date are not adequate in terms of usability and security. From the viewpoint of usability, the environment is based on mobility, and thus devices are designed and developed to enhance their owners’ efficiency. Thus, in all applications, there is a need to consider usability, even when the application is a security mechanism. Typically, mobility is emphasized over security. However, considering that the major characteristic of a device controller is deeply related to its owner’s private information, a security technique that is robust to all kinds of attacks is mandatory. In this paper, we focus on security. First, in terms of security achievement, we investigate and categorize conventional attacks and emerging issues and then analyze conventional and existing countermeasures, respectively. Finally, as countermeasure concepts, we propose several representative methods.

Assessment of Performance Measures for Security of the Maritime Transportation Network, Port Security Metrics : Proposed Measurement of Deterrence Capability

Science.gov (United States)

2007-01-03

This report is the thirs in a series describing the development of performance measures pertaining to the security of the maritime transportation network (port security metrics). THe development of measures to guide improvements in maritime security ...

Foraging Is Determinant to Improve Smallholders’ Food Security in Rural Areas in Mali, West Africa

Directory of Open Access Journals (Sweden)

Sognigbe N’Danikou

2017-11-01

Full Text Available Studies on the enabling factors for household food security (HFS most often used simplified econometric models looking into the links with a selected set of variables. In this research, a livelihood approach of HFS was used and aimed at determining the most significant livelihood assets for HFS in dryland agricultural systems. Elements of the five livelihood assets were assessed through questionnaire surveys with a random sample of 180 households, and six focus group discussions in three communities along the rural-urban continuum, in Southern Mali. The coping strategy index approach was used to evaluate household food security status. Non-parametric and parametric statistical tests were combined, as appropriate, to identify the most significant determinants of HFS status. Findings indicated that most determinant factors of HFS were the diversity of wild and cultivated food plants, and hunting (natural capital; access to clean water and irrigation (infrastructural capital; and off-farm employment (financial capital. HFS also improved along the urban-rural continuum and rural households with high natural capital seemed to be more food secure. Findings call for important investment to expand the natural capital (e.g., domestication of new crops and agricultural diversification and infrastructural capital (irrigation facilities, clean water of the rural households.

Spatio-Temporal Variation and Futuristic Emission Scenario of Ambient Nitrogen Dioxide over an Urban Area of Eastern India Using GIS and Coupled AERMOD-WRF Model.

Directory of Open Access Journals (Sweden)

Sharadia Dey

Full Text Available The present study focuses on the spatio-temporal variation of nitrogen dioxide (NO2 during June 2013 to May 2015 and its futuristic emission scenario over an urban area (Durgapur of eastern India. The concentration of ambient NO2 shows seasonal as well as site specific characteristics. The site with high vehicular density (Muchipara shows highest NO2 concentration followed by industrial site (DVC- DTPS Colony and the residential site (B Zone, respectively. The seasonal variation of ambient NO2 over the study area is portrayed by means of Geographical Information System based Digital Elevation Model. Out of the total urban area under consideration (114.982 km2, the concentration of NO2 exceeded the National Ambient Air Quality Standard (NAAQS permissible limit over an area of 5.000 km2, 0.786 km2 and 0.653 km2 in post monsoon, winter and pre monsoon, respectively. Wind rose diagrams, correlation and regression analyses show that meteorology plays a crucial role in dilution and dispersion of NO2 near the earth's surface. Principal component analysis identifies vehicular source as the major source of NO2 in all the seasons over the urban region. Coupled AMS/EPA Regulatory Model (AERMOD-Weather Research and Forecasting (WRF model is used for predicting the concentration of NO2. Comparison of the observed and simulated data shows that the model overestimates the concentration of NO2 in all the seasons (except winter. The results show that coupled AERMOD-WRF model can overcome the unavailability of hourly surface as well as upper air meteorological data required for predicting the pollutant concentration, but improvement of emission inventory along with better understanding of the sinks and sources of ambient NO2 is essential for capturing the more realistic scenario.

Symmetric Stream Cipher using Triple Transposition Key Method and Base64 Algorithm for Security Improvement

Science.gov (United States)

Nurdiyanto, Heri; Rahim, Robbi; Wulan, Nur

2017-12-01

Symmetric type cryptography algorithm is known many weaknesses in encryption process compared with asymmetric type algorithm, symmetric stream cipher are algorithm that works on XOR process between plaintext and key, to improve the security of symmetric stream cipher algorithm done improvisation by using Triple Transposition Key which developed from Transposition Cipher and also use Base64 algorithm for encryption ending process, and from experiment the ciphertext that produced good enough and very random.

Efficient and Provable Secure Pairing-Free Security-Mediated Identity-Based Identification Schemes

Directory of Open Access Journals (Sweden)

Ji-Jian Chin

2014-01-01

Full Text Available Security-mediated cryptography was first introduced by Boneh et al. in 2001. The main motivation behind security-mediated cryptography was the capability to allow instant revocation of a user’s secret key by necessitating the cooperation of a security mediator in any given transaction. Subsequently in 2003, Boneh et al. showed how to convert a RSA-based security-mediated encryption scheme from a traditional public key setting to an identity-based one, where certificates would no longer be required. Following these two pioneering papers, other cryptographic primitives that utilize a security-mediated approach began to surface. However, the security-mediated identity-based identification scheme (SM-IBI was not introduced until Chin et al. in 2013 with a scheme built on bilinear pairings. In this paper, we improve on the efficiency results for SM-IBI schemes by proposing two schemes that are pairing-free and are based on well-studied complexity assumptions: the RSA and discrete logarithm assumptions.

Efficient and provable secure pairing-free security-mediated identity-based identification schemes.

Science.gov (United States)

Chin, Ji-Jian; Tan, Syh-Yuan; Heng, Swee-Huay; Phan, Raphael C-W

2014-01-01

Security-mediated cryptography was first introduced by Boneh et al. in 2001. The main motivation behind security-mediated cryptography was the capability to allow instant revocation of a user's secret key by necessitating the cooperation of a security mediator in any given transaction. Subsequently in 2003, Boneh et al. showed how to convert a RSA-based security-mediated encryption scheme from a traditional public key setting to an identity-based one, where certificates would no longer be required. Following these two pioneering papers, other cryptographic primitives that utilize a security-mediated approach began to surface. However, the security-mediated identity-based identification scheme (SM-IBI) was not introduced until Chin et al. in 2013 with a scheme built on bilinear pairings. In this paper, we improve on the efficiency results for SM-IBI schemes by proposing two schemes that are pairing-free and are based on well-studied complexity assumptions: the RSA and discrete logarithm assumptions.

Security and gain improvement of a practical quantum key distribution using a gated single-photon source and probabilistic photon-number resolution

International Nuclear Information System (INIS)

Horikiri, Tomoyuki; Sasaki, Hideki; Wang, Haibo; Kobayashi, Takayoshi

2005-01-01

We propose a high security quantum key distribution (QKD) scheme utilizing one mode of spontaneous parametric downconversion gated by a photon number resolving detector. This photon number measurement is possible by using single-photon detectors operating at room temperature and optical fibers. By post selection, the multiphoton probability in this scheme can be reduced to lower than that of a scheme using an attenuated coherent light resulting in improvement of security. Furthermore, if distillation protocol (error correction and privacy amplification) is performed, the gain will be increased. Hence a QKD system with higher security and bit rate than the laser-based QKD system can be attained using present available technologies

How to improve nuclear security worldwide: Three young women win IAEA essay contest

International Nuclear Information System (INIS)

Li, Jeremy

2016-01-01

Three essays that provided actionable and innovative recommendations to strengthen nuclear security through stronger border controls, closer international cooperation and public education won the IAEA’s first ever nuclear security essay contest. In preparation for the International Conference on Nuclear Security: Commitments and Actions, the IAEA invited students and young professionals to submit essays focusing on challenges and recommendations to strengthen nuclear security. A panel of experts from the IAEA and the International Nuclear Security Education Network selected three winners from among the 353 submissions received. The winners will present their papers at the conference, taking place in Vienna in December 2016

How to improve nuclear security worldwide: Three young women win IAEA essay contest

International Nuclear Information System (INIS)

Li, Jeremy

2016-01-01

Three essays that provided actionable and innovative recommendations to strengthen nuclear security through stronger border controls, closer international cooperation and public education won the IAEA’s first ever nuclear security essay contest. In preparation for the International Conference on Nuclear Security: Commitments and Actions, the IAEA invited students and young professionals to submit essays focusing on challenges and recommendations to strengthen nuclear security. A panel of experts from the IAEA and the International Nuclear Security Education Network selected three winners from among the 353 submissions received. The winners will present their papers at the conference, taking place in Vienna in December 2016.

Metaphors for cyber security.

Energy Technology Data Exchange (ETDEWEB)

Moore, Judy Hennessey; Parrott, Lori K.; Karas, Thomas H.

2008-08-01

This report is based upon a workshop, called 'CyberFest', held at Sandia National Laboratories on May 27-30, 2008. Participants in the workshop came from organizations both outside and inside Sandia. The premise of the workshop was that thinking about cyber security from a metaphorical perspective could lead to a deeper understanding of current approaches to cyber defense and perhaps to some creative new approaches. A wide range of metaphors was considered, including those relating to: military and other types of conflict, biological, health care, markets, three-dimensional space, and physical asset protection. These in turn led to consideration of a variety of possible approaches for improving cyber security in the future. From the proposed approaches, three were formulated for further discussion. These approaches were labeled 'Heterogeneity' (drawing primarily on the metaphor of biological diversity), 'Motivating Secure Behavior' (taking a market perspective on the adoption of cyber security measures) and 'Cyber Wellness' (exploring analogies with efforts to improve individual and public health).

Security Analysis and the Contribution of UPFC for Improving Voltage Stability

Directory of Open Access Journals (Sweden)

Asma Meddeb

2018-02-01

Full Text Available The occurrence of many failures in the power system can lead to power instability and affects the system parameters to go beyond its operating limits. It may lead to obstructing the secure operations and reliability of power systems. Ensuring power system security needs proper actions to be taken for the undesirable contingency. Thus, security analysis is important tasks in modern energy management systems. This paper proposes an approach based on the Newton Raphson power flow method for power system security analysis. Firstly, the contingencies will be specified to assess their impact on the transient stability. Secondly, the selected contingencies will be classified in the order of severity. In addition, the integration of the Unified Power Flow Controller (UPFC to enhance the transient stability of the power system is considered. The proposed method is implemented on the IEEE-14 bus system. We performed this case study using the well-known software EUROSTAG.

While working around security

DEFF Research Database (Denmark)

Mathiasen, Niels Raabjerg; Bødker, Susanne; Petersen, Marianne Graves

This paper describes our work at two levels. First of all the paper discusses how users of IT deal with issues of IT security in their everyday life. Secondly, we discuss how the kind of understanding of IT security that comes out of careful analyses of use confronts the ways in which usable...... IT security is established in the literature. Recent literature has called for better conceptual models as a starting point for improving IT security. In contrast to such models we propose to dress up designers by helping them better understand the work that goes into everyday security. The result...... is a methodological toolbox that helps address and design for usable and useful IT security. We deploy examples of analyses and design, carried out by ourselves and by others to fine-tune our design perspective; in particular we use examples from three current research projects....

Security Sector Reform in Albania

OpenAIRE

Abazi, Enika; Bumci, Aldo; Hide, Enri; Rakipi, Albert

2009-01-01

International audience; This paper analyses security sector reform (SSR) in Albania. In all its enterprises in reforming the security sector,Albania is assisted by different initiatives and projects that provide expertise and financial support. To assesswhether reforms improved the overall security environment (national and human) of the country, it is necessaryto measure the effectiveness of the various initiatives and projects. This is gauged by how well the initiatives andprojects achieved...

Smart grid security

CERN Document Server

Goel, Sanjay; Papakonstantinou, Vagelis; Kloza, Dariusz

2015-01-01

This book on smart grid security is meant for a broad audience from managers to technical experts. It highlights security challenges that are faced in the smart grid as we widely deploy it across the landscape. It starts with a brief overview of the smart grid and then discusses some of the reported attacks on the grid. It covers network threats, cyber physical threats, smart metering threats, as well as privacy issues in the smart grid. Along with the threats the book discusses the means to improve smart grid security and the standards that are emerging in the field. The second part of the b

Improving ward environments and developing skills for discharge with the implementation of self-catering on a low secure forensic unit.

Science.gov (United States)

O'Reilly, Alison

2016-01-01

The opportunities for service users to develop skills for more independent living and take control of their environments are limited in secure mental health units. This paper will outline a quality improvement project that changed how the catering services were delivered in a low secure unit in East London NHS Foundation Trust (ELFT). A Quality Improvement methodology was adopted incorporating the Plan, Do, Study, Act (PDSA) cycle which included the trial of service users preparing their own meals on a daily basis. The participation rates were measured and functional daily living skills were recorded. Following success of the trial, long-term implementation of self-catering was agreed, with service users being supported to prepare a shared evening meal every day on the ward with an average of 60% participation. Functional living skills indicated an improvement in the area of process skills. The project aligned with ELFT's aims of service users working in collaboration with staff to implement changes in service delivery.

Improving computer security for authentication of users: influence of proactive password restrictions.

Science.gov (United States)

Proctor, Robert W; Lien, Mei-Ching; Vu, Kim-Phuong L; Schultz, E Eugene; Salvendy, Gavriel

2002-05-01

Entering a username-password combination is a widely used procedure for identification and authentication in computer systems. However, it is a notoriously weak method, in that the passwords adopted by many users are easy to crack. In an attempt to improve security, proactive password checking may be used, in which passwords must meet several criteria to be more resistant to cracking. In two experiments, we examined the influence of proactive password restrictions on the time that it took to generate an acceptable password and to use it subsequently to long in. The required length was a minimum of five characters in Experiment 1 and eight characters in Experiment 2. In both experiments, one condition had only the length restriction, and the other had additional restrictions. The additional restrictions greatly increased the time it took to generate the password but had only a small effect on the time it took to use it subsequently to long in. For the five-character passwords, 75% were cracked when no other restrictions were imposed, and this was reduced to 33% with the additional restrictions. For the eight-character passwords, 17% were cracked with no other restrictions, and 12.5% with restrictions. The results indicate that increasing the minimum character length reduces crackability and increases security, regardless of whether additional restrictions are imposed.

Network Security Visualization

National Research Council Canada - National Science Library

1999-01-01

The application of interactive, three-dimensional viewing techniques to the representation of security-related, computer network status and events is expected to improve the timeliness and efficiency...

Security assessment in harbours: parameters to be considered

Energy Technology Data Exchange (ETDEWEB)

Romero Faz, D.; Camarero Orive, A.

2016-07-01

The ports are the main node in the supply chain and freight transportation. The terrorist attacks of September 11, 2001 marked a turning point in global security. Following this event, and from then on, there is a widespread fear of an attack on commercial ports. The development of the International Ship and Port Facility Security (ISPS) Code of the International Maritime Organization (IMO), and the implementation of the measures derived from it, have significantly improved security at port facilities. However, the experience in recent decades indicates the need for adjustments in the security assessment, in order to improve risk assessment, which is sometimes either underestimated or overestimated. As a first result of the investigation, new parameters for assessing security are proposed considering new aspects on the basis of an analysis of the main methodologies specific to port facilities, the analysis of surveys of the responsible managers for the security of the Spanish port system, and the analysis of the security statistics obtained through security forces. (Author)

Automated Information Security Will Not Improve until Effectively Supported by IRM.

Science.gov (United States)

Chick, Morey J.

1989-01-01

The first of two articles on the nature of the growing problem of automated information systems security, especially in the federal government, this article presents a brief history of the problem and describes the need for integrating security activities into overall policies and programs to help reduce system vulnerabilities and risks. (23…

Evaluation of the nuclear security culture

International Nuclear Information System (INIS)

Spitalnik, Jorge

2003-01-01

The security culture of an organization resides in its workers and it is expressed by the way the personnel that works in a particular organization practice daily its activities. The security culture can be practice in a high or in a low level, but it always exists and it can always be improved. It is based on the security condition and procedures that have been established in the planning phase and in the implementation of a project. After its implantation, in order to avoid deterioration, basically it is necessary to maintain and to bring updated those conditions and procedures through strategies of follow up and control. This process establishes the basis of a program of maintenance and improvement of the Security Culture. Many self-evaluations that have been accomplished at nuclear organizations based on workers perception concerning working conditions and management environment, have permitted objectively determine if the security doctrine, which the organization assure to follow rigorously into its dally activities, is really so (LS)

Selecting Optimal Subset of Security Controls

OpenAIRE

Yevseyeva, I.; Basto-Fernandes, V.; Michael, Emmerich, T. M.; Moorsel, van, A.

2015-01-01

Open Access journal Choosing an optimal investment in information security is an issue most companies face these days. Which security controls to buy to protect the IT system of a company in the best way? Selecting a subset of security controls among many available ones can be seen as a resource allocation problem that should take into account conflicting objectives and constraints of the problem. In particular, the security of the system should be improved without hindering productivity, ...

The Remote Security Station (RSS) final report

International Nuclear Information System (INIS)

Pletta, J.B.; Amai, W.A.; Klarer, P.; Frank, D.; Carlson, J.; Byrne, R.

1992-10-01

The Remote Security Station (RSS) was developed by Sandia National Laboratories for the Defense Nuclear Agency to investigate issues pertaining to robotics and sensor fusion in physical security systems. This final report documents the status of the RSS program at its completion in April 1992. The RSS system consists of the Man Portable Security Station (MaPSS) and the Telemanaged Mobile Security Station (TMSS), which are integrated by the Operator's Control Unit (OCU) into a flexible exterior perimeter security system. The RSS system uses optical, infrared, microwave, and acoustic intrusion detection sensors in conjunction with sensor fusion techniques to increase the probability of detection and to decrease the nuisance alarm rate of the system. Major improvements to the system developed during the final year are an autonomous patrol capability, which allows TMSS to execute security patrols with limited operator interaction, and a neural network approach to sensor fusion, which significantly improves the system's ability to filter out nuisance alarms due to adverse weather conditions

Feasibility of a novel participatory multi-sector continuous improvement approach to enhance food security in remote Indigenous Australian communities.

Science.gov (United States)

Brimblecombe, J; Bailie, R; van den Boogaard, C; Wood, B; Liberato, S C; Ferguson, M; Coveney, J; Jaenke, R; Ritchie, J

2017-12-01

Food insecurity underlies and compounds many of the development issues faced by remote Indigenous communities in Australia. Multi-sector approaches offer promise to improve food security. We assessed the feasibility of a novel multi-sector approach to enhance community food security in remote Indigenous Australia. A longitudinal comparative multi-site case study, the Good Food Systems Good Food for All Project, was conducted (2009-2013) with four Aboriginal communities. Continuous improvement meetings were held in each community. Data from project documents and store sales were used to assess feasibility according to engagement, uptake and sustainability of action, and impact on community diet, as well as identifying conditions facilitating or hindering these. Engagement was established where: the community perceived a need for the approach; where trust was developed between the community and facilitators; where there was community stability; and where flexibility was applied in the timing of meetings. The approach enabled stakeholders in each community to collectively appraise the community food system and plan action. Actions that could be directly implemented within available resources resulted from developing collaborative capacity. Actions requiring advocacy, multi-sectoral involvement, commitment or further resources were less frequently used. Positive shifts in community diet were associated with key areas where actions were implemented. A multi-sector participatory approach seeking continuous improvement engaged committed Aboriginal and non-Aboriginal stakeholders and was shown to have potential to shift community diet. Provision of clear mechanisms to link this approach with higher level policy and decision-making structures, clarity of roles and responsibilities, and processes to prioritise and communicate actions across sectors should further strengthen capacity for food security improvement. Integrating this approach enabling local decision-making into

Homomorphic encryption and secure comparison

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Geisler, Martin; Krøigaard, Mikkel

2008-01-01

Computation (MPC). We show how our comparison protocol can be used to improve security of online auctions, and demonstrate that it is efficient enough to be used in practice. For comparison of 16 bits numbers with security based on 1024 bits RSA (executed by two parties), our implementation takes 0.28 sec......We propose a protocol for secure comparison of integers based on homomorphic encryption.We also propose a homomorphic encryption scheme that can be used in our protocol, makes it more efficient than previous solutions, and can also be used as the basis of efficient and general secure Multiparty...

Re-designing the PhEDEx Security Model

Science.gov (United States)

C-H, Huang; Wildish, T.; X, Zhang

2014-06-01

PhEDEx, the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model provided a safe environment for site agents and operators, but offerred little more protection than that. Data was not sufficiently protected against loss caused by operator error or software bugs or by deliberate manipulation of the database. Operators were given high levels of access to the database, beyond what was actually needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time. In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and re-implemented. Security was moved from the application layer into the database itself, fine-grained access roles were established, and tools and procedures created to control the evolution of the security model over time. In this paper we describe this work, we describe the deployment of the new security model, and we show how these enhancements improve security on several fronts simultaneously.

Re-designing the PhEDEx security model

International Nuclear Information System (INIS)

Huang C-H; Wildish, T; Zhang X

2014-01-01

PhEDEx, the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model provided a safe environment for site agents and operators, but offerred little more protection than that. Data was not sufficiently protected against loss caused by operator error or software bugs or by deliberate manipulation of the database. Operators were given high levels of access to the database, beyond what was actually needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time. In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and re-implemented. Security was moved from the application layer into the database itself, fine-grained access roles were established, and tools and procedures created to control the evolution of the security model over time. In this paper we describe this work, we describe the deployment of the new security model, and we show how these enhancements improve security on several fronts simultaneously.

The remote security station (RSS)

International Nuclear Information System (INIS)

Pletta, J.B.

1991-01-01

This paper reports that, as an outgrowth of research into physical security systems, Sandia is investigating robotic technologies for improving physical security performance and flexibility. Robotic systems have the potential to allow more effective utilization of security personnel, especially in scenarios where they might be exposed to harm. They also can supplement fixed site installations where sensors have failed or where transient assets are present. The Remote Security Station (RSS) program for the defense Nuclear Agency is developing a proof-of-principle robotic system which will be used to evaluate the role, and associated cost, of robotic technologies in exterior physical security systems. The RSS consists of three primary elements: a fixed but quickly moveable tripod with intrusion detection sensors and assessment camera; a mobile robotic platform with a functionally identical security module; and a control console which allows an operator to perform security functions and teleoperate the mobile platform

Security Vulnerability Profiles of NASA Mission Software: Empirical Analysis of Security Related Bug Reports

Science.gov (United States)

Goseva-Popstojanova, Katerina; Tyo, Jacob P.; Sizemore, Brian

2017-01-01

NASA develops, runs, and maintains software systems for which security is of vital importance. Therefore, it is becoming an imperative to develop secure systems and extend the current software assurance capabilities to cover information assurance and cybersecurity concerns of NASA missions. The results presented in this report are based on the information provided in the issue tracking systems of one ground mission and one flight mission. The extracted data were used to create three datasets: Ground mission IVV issues, Flight mission IVV issues, and Flight mission Developers issues. In each dataset, we identified the software bugs that are security related and classified them in specific security classes. This information was then used to create the security vulnerability profiles (i.e., to determine how, why, where, and when the security vulnerabilities were introduced) and explore the existence of common trends. The main findings of our work include:- Code related security issues dominated both the Ground and Flight mission IVV security issues, with 95 and 92, respectively. Therefore, enforcing secure coding practices and verification and validation focused on coding errors would be cost effective ways to improve mission's security. (Flight mission Developers issues dataset did not contain data in the Issue Category.)- In both the Ground and Flight mission IVV issues datasets, the majority of security issues (i.e., 91 and 85, respectively) were introduced in the Implementation phase. In most cases, the phase in which the issues were found was the same as the phase in which they were introduced. The most security related issues of the Flight mission Developers issues dataset were found during Code Implementation, Build Integration, and Build Verification; the data on the phase in which these issues were introduced were not available for this dataset.- The location of security related issues, as the location of software issues in general, followed the Pareto

Overview of security culture

International Nuclear Information System (INIS)

Matulanya, M. A.

2014-04-01

Nuclear Security culture concept has been aggressively promoted over the past several years as a tool to improve the physical protection of the nuclear and radioactive materials due to growing threats of catastrophic terrorism and other new security challenges. It is obvious that, the scope of nuclear security and the associated cultures need to be extended beyond the traditional task of protecting weapons-usable materials. The role of IAEA is to strengthen the nuclear security framework globally and in leading the coordination of international activities in this field. Therefore all governments should work closely with the IAEA to take stronger measures to ensure the physical protection, the safety and security of the nuclear and radioactive materials. In the effort to reflect this new realities and concerns, the IAEA in 2008 came up with the document, the Nuclear Security Culture, Nuclear Security Series No. 7, Implementing Guide to the member states which urged every member state to take appropriate measures to promote security culture with respect to nuclear and radioactive materials. The document depicted this cultural approach as the way to protect individual, society and the environment. Among other things, the document defined nuclear security culture as characteristics and attitudes in organizations and of individuals which establishes that, nuclear security issues receives attention warranted by their significance. (au)

FINANCIAL STABILITY AS A FACTOR ECONOMIC SECURITY

Directory of Open Access Journals (Sweden)

A. V. Endovitskaya

2015-01-01

Full Text Available Summary. The article examines the linkages between financial stability and the level of its economic security. Considered the content of financial stability, represented by its own definition, we studied the basic conditions to achieve it. The logic diagram showing the location of financial stability and financial security to ensure the economic security of the business entity. A system of internal and external factors affecting the financial stability and endanger financial stability and financial security company. It has been established that it is the internal factors such as the availability of financial resources and financial position, capital structure, the company's ability to generate profits determine the level of economic security and its ability to withstand the negative impact of external and internal threats. The necessity of improving the financial sustainability in order to improve the economic security of the enterprise. On the basis of the research proposed matrix of risks affecting the financial stability and economic security, which allows to determine the probability of their occurrence and impact. It presents the economic, social, human, financial, organizational, economic, innovative and productive tools to increase the stability and financial security of an economic entity. List considered standard measures will make a plan of action to minimize the adverse impacts and enhance financial stability and security. Therefore, a prerequisite for the economic security of the enterprise is the attainment of financial stability.

Embedding security messages in existing processes: a pragmatic and effective approach to information security culture change

CERN Document Server

Lopienski, Sebastian

Companies and organizations world-wide depend more and more on IT infrastructure and operations. Computer systems store vital information and sensitive data; computing services are essential for main business processes. This high dependency comes with a number of security risks, which have to be managed correctly on technological, organizational and human levels. Addressing the human aspects of information security often boils down just to procedures, training and awareness raising. On the other hand, employees and collaborators do not adopt security attitude and habits simply when told to do so – a real change in behaviour requires an established security culture. But how to introduce a security culture? This thesis outlines the need of developing or improving security culture, and discusses how this can be done. The proposed approach is to gradually build security knowledge and awareness, and influence behaviours. The way to achieve this is to make security communication pervasive by embedding security me...

EFFICIENCY INDICATORS INFORMATION MANAGEMENT IN INTEGRATED SECURITY SYSTEMS

Directory of Open Access Journals (Sweden)

N. S. Rodionova

2014-01-01

Full Text Available Summary. Introduction of information technology to improve the efficiency of security activity leads to the need to consider a number of negative factors associated with in consequence of the use of these technologies as a key element of modern security systems. One of the most notable factor is the exposure to information processes in protection systems security threats. This largely relates to integrated security systems (ISS is the system of protection with the highest level of informatization security functions. Significant damage to protected objects that they could potentially incur as a result of abnormal operation ISS, puts a very actual problem of assessing factors that reduce the efficiency of the ISS to justify the ways and methods to improve it. Because of the nature of threats and blocking distortion of information in the ISS of interest are: the volume undistorted ISF working environment, as a characteristic of data integrity; time access to information as a feature of its availability. This in turn leads to the need to use these parameters as the performance characteristics of information processes in the ISS - the completeness and timeliness of information processing. The article proposes performance indicators of information processes in integrated security systems in terms of optimal control procedures to protect information from unauthorized access. Set the considered parameters allows to conduct comprehensive security analysis of integrated security systems, and to provide recommendations to improve the management of information security procedures in them.

Water security evaluation in Yellow River basin

Science.gov (United States)

Jiang, Guiqin; He, Liyuan; Jing, Juan

2018-03-01

Water security is an important basis for making water security protection strategy, which concerns regional economic and social sustainable development. In this paper, watershed water security evaluation index system including 3 levels of 5 criterion layers (water resources security, water ecological security and water environment security, water disasters prevention and control security and social economic security) and 24 indicators were constructed. The entropy weight method was used to determine the weights of the indexes in the system. The water security index of 2000, 2005, 2010 and 2015 in Yellow River basin were calculated by linear weighting method based on the relative data. Results show that the water security conditions continue to improve in Yellow River basin but still in a basic security state. There is still a long way to enhance the water security in Yellow River basin, especially the water prevention and control security, the water ecological security and water environment security need to be promoted vigorously.

ICT-Based Framework for Improved Food Security in Nigeria ...

African Journals Online (AJOL)

The six regional decision support systems in this model is a comprehensive database ... from research findings and innovations, inputs from agricultural extension officers, ... Keywords: Food Security, Interactive websites, National Internet host, ...

Speaker identification for the improvement of the security communication between law enforcement units

Science.gov (United States)

Tovarek, Jaromir; Partila, Pavol

2017-05-01

This article discusses the speaker identification for the improvement of the security communication between law enforcement units. The main task of this research was to develop the text-independent speaker identification system which can be used for real-time recognition. This system is designed for identification in the open set. It means that the unknown speaker can be anyone. Communication itself is secured, but we have to check the authorization of the communication parties. We have to decide if the unknown speaker is the authorized for the given action. The calls are recorded by IP telephony server and then these recordings are evaluate using classification If the system evaluates that the speaker is not authorized, it sends a warning message to the administrator. This message can detect, for example a stolen phone or other unusual situation. The administrator then performs the appropriate actions. Our novel proposal system uses multilayer neural network for classification and it consists of three layers (input layer, hidden layer, and output layer). A number of neurons in input layer corresponds with the length of speech features. Output layer then represents classified speakers. Artificial Neural Network classifies speech signal frame by frame, but the final decision is done over the complete record. This rule substantially increases accuracy of the classification. Input data for the neural network are a thirteen Mel-frequency cepstral coefficients, which describe the behavior of the vocal tract. These parameters are the most used for speaker recognition. Parameters for training, testing and validation were extracted from recordings of authorized users. Recording conditions for training data correspond with the real traffic of the system (sampling frequency, bit rate). The main benefit of the research is the system developed for text-independent speaker identification which is applied to secure communication between law enforcement units.

Human Factors in Coast Guard Computer Security - An Analysis of Current Awareness and Potential Techniques to Improve Security Program Viability

National Research Council Canada - National Science Library

Whalen, Timothy

2001-01-01

.... As such, our ability to ensure the security of those systems is also increasing in import. Traditional information security measures tend to be system-oriented and often fail to address the human element that is critical to system success...

Critical Conversations and the Role of Dialogue in Delivering Meaningful Improvements in Safety and Security Culture

International Nuclear Information System (INIS)

Brissette, S.

2016-01-01

Significant scholarship has been devoted to research into safety culture assessment methodologies. These focus on the development, delivery and interpretations of safety culture surveys and other assessment techniques to assure reliable outcomes that provide insights into the safety culture of an organization across multiple dimensions. The lessons from this scholarship can be applied to the emerging area of security culture assessments as the nuclear industry broadens its focus on this topic. The aim of this paper is to discuss the value of establishing mechanisms, immediately after an assessment and regularly between assessments, to facilitate a structured dialogue among leaders around insights derived from an assessment, to enable ongoing improvements in safety and security culture. The leader’s role includes both understanding the current state of culture, the “what is”, and creating regular, open and informed dialogue around their role in shaping the culture to achieve “what should be”.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

Science.gov (United States)

Jung, Jaewook; Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

Directory of Open Access Journals (Sweden)

Jaewook Jung

Full Text Available Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System

Science.gov (United States)

Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency. PMID:28046075

Quantifying privacy and security of biometric fuzzy commitment

NARCIS (Netherlands)

Zhou, Xuebing; Kuijper, Arjan; Veldhuis, Raymond N.J.; Busch, Christoph

2011-01-01

Fuzzy commitment is an efficient template protection algorithm that can improve security and safeguard privacy of biometrics. Existing theoretical security analysis has proved that although privacy leakage is unavoidable, perfect security from information-theoretical points of view is possible when

IAEA Nuclear Security Human Resource Development Program

International Nuclear Information System (INIS)

Braunegger-Guelich, A.

2009-01-01

The IAEA is at the forefront of international efforts to strengthen the world's nuclear security framework. The current Nuclear Security Plan for 2006-2009 was approved by the IAEA Board of Governors in September 2005. This Plan has three main points of focus: needs assessment, prevention, detection and response. Its overall objective is to achieve improved worldwide security of nuclear and other radioactive material in use, storage and transport, and of their associated facilities. This will be achieved, in particular, through the provision of guidelines and recommendations, human resource development, nuclear security advisory services and assistance for the implementation of the framework in States, upon request. The presentation provides an overview of the IAEA nuclear security human resource development program that is divided into two parts: training and education. Whereas the training program focuses on filling gaps between the actual performance of personnel working in the area of nuclear security and the required competencies and skills needed to meet the international requirements and recommendations described in UN and IAEA documents relating to nuclear security, the Educational Program in Nuclear Security aims at developing nuclear security experts and specialists, at fostering a nuclear security culture and at establishing in this way sustainable knowledge in this field within a State. The presentation also elaborates on the nuclear security computer based learning component and provides insights into the use of human resource development as a tool in achieving the IAEA's long term goal of improving sustainable nuclear security in States. (author)

The National Security Strategy of the United Kingdom: Security in an Interdependent World

Science.gov (United States)

2008-03-01

security architecture has yet to adapt satisfactorily to the new landscape. The UN Security Council has failed to adapt to the rise of new powers. Across...including cinemas , theatres, pubs, nightclubs, restaurants, hotels and commercial centres, hospitals, schools and places of worship); work with architects...and export control regimes, and improving the international monitoring architecture . Countering the threat of nuclear weapons and other weapons of

Close to Optimally Secure Variants of GCM

Directory of Open Access Journals (Sweden)

Ping Zhang

2018-01-01

Full Text Available The Galois/Counter Mode of operation (GCM is a widely used nonce-based authenticated encryption with associated data mode which provides the birthday-bound security in the nonce-respecting scenario; that is, it is secure up to about 2n/2 adversarial queries if all nonces used in the encryption oracle are never repeated, where n is the block size. It is an open problem to analyze whether GCM security can be improved by using some simple operations. This paper presents a positive response for this problem. Firstly, we introduce two close to optimally secure pseudorandom functions and derive their security bound by the hybrid technique. Then, we utilize these pseudorandom functions that we design and a universal hash function to construct two improved versions of GCM, called OGCM-1 and OGCM-2. OGCM-1 and OGCM-2 are, respectively, provably secure up to approximately 2n/67(n-12 and 2n/67 adversarial queries in the nonce-respecting scenario if the underlying block cipher is a secure pseudorandom permutation. Finally, we discuss the properties of OGCM-1 and OGCM-2 and describe the future works.

Assessment of energy security in China based on ecological network analysis: A perspective from the security of crude oil supply

International Nuclear Information System (INIS)

Lu, Weiwei; Su, Meirong; Zhang, Yan; Yang, Zhifeng; Chen, Bin; Liu, Gengyuan

2014-01-01

Energy security usually considers both the stability of energy supply and security of energy use and it is receiving increasing attention globally. Considering the strategic importance and sensitivity to international change of the crude oil supply, we decided to examine China’s energy security. An original network model was established based on ecological network analysis to holistically evaluate the security of the crude oil supply in China. Using this model, we found that the security of the crude oil supply in China generally increased from 2001 to 2010. The contribution of different compartments in the network to the overall energy security resembled a pyramid structure, with supply sources at the bottom, the consumption sector at the top, and the refining and transfer sectors in the middle. North and South America made the largest contribution to the security of the crude oil supply in China. We provide suggestions to improve the security of the crude oil supply in China based on our results and further scenario analysis. The original network model provides a new perspective for energy security assessment, which can be used as a baseline to develop other models and policy. - Highlights: • Ecological network analysis (ENA) is introduced into energy security assessment. • A model of crude oil supply network in China is established based on ENA. • A pyramid structure of the contributions of different compartments to energy security was found. • Suggestions for forming a stable network are given to improve energy security

Radioactive Waste SECURITY

International Nuclear Information System (INIS)

Brodowski, R.; Drapalik, M.; Gepp, C.; Gufler, K.; Sholly, S.

2010-01-01

The purpose of this work is to investigate the safety requirements for a radioactive waste repository, the fundamental problems involved and the legislative rules and arrangements for doing so. As the title already makes clear, the focus of this work is on aspects that can be assigned to the security sector - ie the security against the influence of third parties - and are to be distinguished from safety measures for the improvement of the technical safety aspects. In this context, mention is made of events such as human intrusion into guarded facilities, whereas e.g. a geological analysis on seismic safety is not discussed. For a variety of reasons, the consideration of security nuclear waste repositories in public discussions is increasingly taking a back seat, as ia. Terrorist threats can be considered as negligible risk or well calculable. Depending on the type of storage, different security aspects still have to be considered. (roessner)

Role of thorium in ensuring long term energy security to India

International Nuclear Information System (INIS)

Malhotra, S.K.

2013-01-01

Role of nuclear power in ensuring energy security to the world is inevitable due to a) dwindling fossil fuel resources and b) need for minimising green house gas emission that poses the risk of global climate change. India, keeping in mind its limited uranium and vast thorium resources, is pursuing a three stage nuclear power programme. The first stage is based on reactors that use uranium as fuel. It comprises of the indigenous Pressurised Heavy Water Reactors using natural uranium as fuel and light water reactors that employ enriched uranium as fuel and are to be set up in technical collaboration with other countries. The second stage is based on fast breeder reactors that employ plutonium derived from reprocessing of spent fuel from the first stage reactors. The third stage envisages reactors which will employ thorium based fuel after its irradiation in the second stage reactors. This programme is sequential in nature and has an ultimate objective of securing long term energy security to India through judicial use of its thorium resources. Thorium based reactors offer advantages in terms of better neutronic characteristics of thorium, it being better fertile host for plutonium disposition and better thermo-mechanical properties and slower fuel deterioration of thorium oxide. It is planned to introduce thorium in the Indian Nuclear Power Programme after sufficient (about 200 GWe) capacity build-up in the second stage. DAE is a global leader in the development of the entire thorium fuel cycle. It has a mature technology for extraction of thorium and preparation of thoria pellets. It has long back carried out irradiation of thoria pellets in its research reactors and also in PHWRs, post irradiation examination and reprocessing of irradiated thoria, fabrication of 233 U based fuel. It has KAMINI - the world's only operating reactor employing 233 U as fuel. An Advanced Heavy Water Reactor (AHWR) has been designed as a technology demonstrator for large scale

Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium.

Science.gov (United States)

Somasundaram, M; Sivakumar, R

2015-01-01

Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security.

Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium

Science.gov (United States)

Somasundaram, M.; Sivakumar, R.

2015-01-01

Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security. PMID:26759829

Improving the security of electricity supply - report by a rapporteur ad int

International Nuclear Information System (INIS)

Forsten, J.; Lehtonen, M.

2002-07-01

The storms 'Pyry' and 'Janika', which swept over Finland in October-November 2001, caused serious damages to the operability of electric systems and led to long-term and extensive interruptions in electricity supply especially in Pirkanmaa, Central Home, Poijat-Hame and in the Uusimaa region. Although the security of electricity supply in Finland has in general been on a high level, the needs of customers concerning the quality of electrical power are constantly growing, and the operational reliability of the distribution networks will thereby have to be developed. The Rapporteur ad int. appointed by the Ministry of Trade and Industry on 21 November 2001 considers that such a scheme complementing the price reduction under the Electricity Market Act should be set up that would require a fixed compensation from the distribution network operators in the case of non deliverance of electricity. The fixed compensation should be paid automatically for e.g. interruptions lasting over 12 hours. The sum would depend on the length of the interruption and on the customer's annual rate of the network service fee. The Rapporteur also gives a number of other recommendations for improving the situation. Each distribution network operator is to choose the means of improvement on a technical-economical basis. The required level in the design, construction, operation and maintenance of an electrical network should guarantee that the interruptions in electricity supply would not exceed six hours even in exceptional circumstances. Ensuring electrical safety is of prime importance in disturbance situations. Shortening the interruption times and improving the quality of electricity call for sustained investment planning and activities. The distribution network operators should draw up a ten-year action plan. including measures aiming to reduce interruptions and the related timetables. To be able to keep the interruption times short in extensive cases of disturbance, the distribution

Risk assessment techniques for civil aviation security

Energy Technology Data Exchange (ETDEWEB)

Tamasi, Galileo, E-mail: g.tamasi@enac.rupa.i [Ente Nazionale per l' Aviazione Civile-Direzione Progetti, Studi e Ricerche, Via di Villa Ricotti, 42, 00161 Roma (Italy); Demichela, Micaela, E-mail: micaela.demichela@polito.i [SAfeR-Centro Studi su Sicurezza, Affidabilita e Rischi, Dipartimento di Scienza dei Materiali e Ingegneria Chimica, Politecnico di Torino, Corso Duca degli Abruzzi, 24, 10129 Torino (Italy)

2011-08-15

Following the 9/11 terrorists attacks in New York a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimization of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyze the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness.

Risk assessment techniques for civil aviation security

International Nuclear Information System (INIS)

Tamasi, Galileo; Demichela, Micaela

2011-01-01

Following the 9/11 terrorists attacks in New York a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimization of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyze the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness.

Application of the Concept of Intrusion Tolerant System for Evaluating Cyber Security Enhancements

Energy Technology Data Exchange (ETDEWEB)

Lee, Chanyoung; Seong, Poong Hyun [KAIST, Daejeon (Korea, Republic of)

2016-10-15

One of the major problems is that nuclear industry is in very early stage in dealing with cyber security issues. It is because that cyber security has received less attention compared to other safety problems. In addition, late adoption of digital I and C systems has resulted in lower level of cyber security advancements in nuclear industry than ones in other industries. For the cyber security of NPP I and C systems, many regulatory documents, guides and standards were already published. These documents include cyber security plans, methods for cyber security assessments and comprehensive set of security controls. However, methods which can help assess how much security is improved if a specific security control is applied are not included in these documents. Hence, NPP I and C system designers may encounter difficulties when trying to apply security controls with limited structure and cost. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. The extent of cyber security improvement caused by security enhancement was defined as reduction ratio of the failure probability to secure the system from cyber-attack as Eq.1. The concept of 'intrusion tolerant system' was applied to not only prevent cyber-attacks but also limit the extent of damage in this study. For applying the concept of intrusion tolerant system to NPP, the event tree was constructed with some assumptions. Cyber security improvement caused by cyber security enhancement can be estimated as Eq.3. By comparing current system to the enhanced system, it is

Application of the Concept of Intrusion Tolerant System for Evaluating Cyber Security Enhancements

International Nuclear Information System (INIS)

Lee, Chanyoung; Seong, Poong Hyun

2016-01-01

One of the major problems is that nuclear industry is in very early stage in dealing with cyber security issues. It is because that cyber security has received less attention compared to other safety problems. In addition, late adoption of digital I and C systems has resulted in lower level of cyber security advancements in nuclear industry than ones in other industries. For the cyber security of NPP I and C systems, many regulatory documents, guides and standards were already published. These documents include cyber security plans, methods for cyber security assessments and comprehensive set of security controls. However, methods which can help assess how much security is improved if a specific security control is applied are not included in these documents. Hence, NPP I and C system designers may encounter difficulties when trying to apply security controls with limited structure and cost. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. In order to provide useful information about cyber security issues including cyber security enhancements, this paper suggests a framework to evaluate how much cyber security is improved when a specific cyber security enhancement is applied in NPPs. The extent of cyber security improvement caused by security enhancement was defined as reduction ratio of the failure probability to secure the system from cyber-attack as Eq.1. The concept of 'intrusion tolerant system' was applied to not only prevent cyber-attacks but also limit the extent of damage in this study. For applying the concept of intrusion tolerant system to NPP, the event tree was constructed with some assumptions. Cyber security improvement caused by cyber security enhancement can be estimated as Eq.3. By comparing current system to the enhanced system, it is possible to

Primer Control System Cyber Security Framework and Technical Metrics

Energy Technology Data Exchange (ETDEWEB)

Wayne F. Boyer; Miles A. McQueen

2008-05-01

The Department of Homeland Security National Cyber Security Division supported development of a control system cyber security framework and a set of technical metrics to aid owner-operators in tracking control systems security. The framework defines seven relevant cyber security dimensions and provides the foundation for thinking about control system security. Based on the developed security framework, a set of ten technical metrics are recommended that allow control systems owner-operators to track improvements or degradations in their individual control systems security posture.

Retail E-Commerce Security Status among Fortune 500 Corporations

Science.gov (United States)

Zhao, Jensen J.; Zhao, Sherry Y.

2012-01-01

The authors assessed the "Fortune 500" corporations' retail e-commerce security to identify their strengths and weaknesses for improvement. They used online content analysis, information security auditing, and network security mapping for data collection and analysis. The findings indicate that most sites posted security policies; however, only…

Cryptanalyzing a discrete-time chaos synchronization secure communication system

International Nuclear Information System (INIS)

Alvarez, G.; Montoya, F.; Romera, M.; Pastor, G.

2004-01-01

This paper describes the security weakness of a recently proposed secure communication method based on discrete-time chaos synchronization. We show that the security is compromised even without precise knowledge of the chaotic system used. We also make many suggestions to improve its security in future versions

Securing General Aviation

National Research Council Canada - National Science Library

Elias, Bart

2005-01-01

.... Because GA plays a small but important role in the U.S. economy, improving upon GA security without unduly impeding air commerce or limiting the freedom of movement by air remains a significant challenge...

Shaping China's energy security: The impact of domestic reforms

International Nuclear Information System (INIS)

Yao, Lixia; Chang, Youngho

2015-01-01

This paper is a subsequent study of China's energy security situation which concludes that China's energy security has not improved over 30 years of economic reform. The objective of the study is to explore qualitatively why the energy security situation has not improved. To answer the ‘why’ question, the study opens up a new perspective by analyzing the relationship between energy security and energy policies from the macroeconomic reform perspective. This study discusses major reforms that took place over 30 years. It is found that China's macroeconomic reform has restricted the formation of China's energy policies and determined its energy security situation. In essence, China's energy policies are only a reaction to the macroeconomic measures. In other words, China's energy policies are not originally intended to improve energy security, but passive reactions to China's macroeconomic reform. This explains why China did not improve its energy security situation despite 30 years of reform. - Highlights: • This study identifies relationship between China's reform and energy policy. • This study identifies the key variable that has affected China's energy security. • Policy implication of the identification is drawn. • A new perspective to analyze energy security is provided

The 'virtual' national securities commission

International Nuclear Information System (INIS)

Campbell, G.A.; Benham, B.J.

1998-01-01

This paper describes the mandate of the Canadian Securities Administrators (CSA), a body established to ensure that Canada has an efficient and effective securities regulatory system to protect investors and a fair and efficient securities market. The CSA was created in 1937 and is comprised of the twelve provincial and territorial securities regulatory authorities. Some of the measures that the CSA has taken to improve regulatory efficiency are discussed. Among the measures highlighted are the creation of a task force on operational efficiencies in the administration of securities regulation, the development of a mutual reliance review system and a system for electronic document analysis and retrieval (SEDAR) to electronically file information to a central computer database. The CSA also adopted a system to expedite the review and receipt of short form prospectuses

Problems and solutions of information security management in Latvia

Directory of Open Access Journals (Sweden)

Deruma S.

2014-01-01

Security cannot exist as a standalone function, it should be integrated in the associated processes continuously supervising and improving the security management programme based on predefined criteria. Adopting a holistic approach with regard to security has proven to be a critical contributing factor to effective security in organizations.

Infant nutrition in Saskatoon: barriers to infant food security.

Science.gov (United States)

Partyka, Brendine; Whiting, Susan; Grunerud, Deanna; Archibald, Karen; Quennell, Kara

2010-01-01

We explored infant nutrition in Saskatoon by assessing current accessibility to all forms of infant nourishment, investigating challenges in terms of access to infant nutrition, and determining the use and effectiveness of infant nutrition programs and services. We also examined recommendations to improve infant food security in Saskatoon. Semi-structured community focus groups and stakeholder interviews were conducted between June 2006 and August 2006. Thematic analysis was used to identify themes related to infant feeding practices and barriers, as well as recommendations to improve infant food security in Saskatoon. Our study showed that infant food security is a concern among lower-income families in Saskatoon. Barriers that limited breastfeeding sustainability or nourishing infants through other means included knowledge of feeding practices, lack of breastfeeding support, access and affordability of infant formula, transportation, and poverty. Infant nutrition and food security should be improved by expanding education and programming opportunities, increasing breastfeeding support, and identifying acceptable ways to provide emergency formula. If infant food security is to be addressed successfully, discussion and change must occur in social policy and family food security contexts.

FlySec: a risk-based airport security management system based on security as a service concept

Science.gov (United States)

Kyriazanos, Dimitris M.; Segou, Olga E.; Zalonis, Andreas; Thomopoulos, Stelios C. A.

2016-05-01

Complementing the ACI/IATA efforts, the FLYSEC European H2020 Research and Innovation project (http://www.fly-sec.eu/) aims to develop and demonstrate an innovative, integrated and end-to-end airport security process for passengers, enabling a guided and streamlined procedure from the landside to airside and into the boarding gates, and offering for an operationally validated innovative concept for end-to-end aviation security. FLYSEC ambition turns through a well-structured work plan into: (i) innovative processes facilitating risk-based screening; (ii) deployment and integration of new technologies and repurposing existing solutions towards a risk-based Security paradigm shift; (iii) improvement of passenger facilitation and customer service, bringing security as a real service in the airport of tomorrow;(iv) achievement of measurable throughput improvement and a whole new level of Quality of Service; and (v) validation of the results through advanced "in-vitro" simulation and "in-vivo" pilots. On the technical side, FLYSEC achieves its ambitious goals by integrating new technologies on video surveillance, intelligent remote image processing and biometrics combined with big data analysis, open-source intelligence and crowdsourcing. Repurposing existing technologies is also in the FLYSEC objectives, such as mobile application technologies for improved passenger experience and positive boarding applications (i.e. services to facilitate boarding and landside/airside way finding) as well as RFID for carry-on luggage tracking and quick unattended luggage handling. In this paper, the authors will describe the risk based airport security management system which powers FLYSEC intelligence and serves as the backend on top of which FLYSEC's front end technologies reside for security services management, behaviour and risk analysis.

Leveraging multi-channel x-ray detector technology to improve quality metrics for industrial and security applications

Science.gov (United States)

Jimenez, Edward S.; Thompson, Kyle R.; Stohn, Adriana; Goodner, Ryan N.

2017-09-01

Sandia National Laboratories has recently developed the capability to acquire multi-channel radio- graphs for multiple research and development applications in industry and security. This capability allows for the acquisition of x-ray radiographs or sinogram data to be acquired at up to 300 keV with up to 128 channels per pixel. This work will investigate whether multiple quality metrics for computed tomography can actually benefit from binned projection data compared to traditionally acquired grayscale sinogram data. Features and metrics to be evaluated include the ability to dis- tinguish between two different materials with similar absorption properties, artifact reduction, and signal-to-noise for both raw data and reconstructed volumetric data. The impact of this technology to non-destructive evaluation, national security, and industry is wide-ranging and has to potential to improve upon many inspection methods such as dual-energy methods, material identification, object segmentation, and computer vision on radiographs.

IPv6 Security

Science.gov (United States)

Babik, M.; Chudoba, J.; Dewhurst, A.; Finnern, T.; Froy, T.; Grigoras, C.; Hafeez, K.; Hoeft, B.; Idiculla, T.; Kelsey, D. P.; López Muñoz, F.; Martelli, E.; Nandakumar, R.; Ohrenberg, K.; Prelz, F.; Rand, D.; Sciabà, A.; Tigerstedt, U.; Traynor, D.; Wartel, R.

2017-10-01

IPv4 network addresses are running out and the deployment of IPv6 networking in many places is now well underway. Following the work of the HEPiX IPv6 Working Group, a growing number of sites in the Worldwide Large Hadron Collider Computing Grid (WLCG) are deploying dual-stack IPv6/IPv4 services. The aim of this is to support the use of IPv6-only clients, i.e. worker nodes, virtual machines or containers. The IPv6 networking protocols while they do contain features aimed at improving security also bring new challenges for operational IT security. The lack of maturity of IPv6 implementations together with the increased complexity of some of the protocol standards raise many new issues for operational security teams. The HEPiX IPv6 Working Group is producing guidance on best practices in this area. This paper considers some of the security concerns for WLCG in an IPv6 world and presents the HEPiX IPv6 working group guidance for the system administrators who manage IT services on the WLCG distributed infrastructure, for their related site security and networking teams and for developers and software engineers working on WLCG applications.

Enabling food security by verifying agricultural carbon

DEFF Research Database (Denmark)

Kahiluoto, H; Smith, P; Moran, D

2014-01-01

Rewarding smallholders for sequestering carbon in agricultural land can improve food security while mitigating climate change. Verification of carbon offsets in food-insecure regions is possible and achievable through rigorously controlled monitoring......Rewarding smallholders for sequestering carbon in agricultural land can improve food security while mitigating climate change. Verification of carbon offsets in food-insecure regions is possible and achievable through rigorously controlled monitoring...

An approach to improve the match-on-card fingerprint authentication system security

CSIR Research Space (South Africa)

Nair, Kishor Krishnan

2016-07-01

Full Text Available -on-Card (TOC), Match-on- Card (MOC), Work-Sharing On-Card (WSOC), and System-on-Card (SOC). Out of these four approaches, the SOC is considered as the most secure and expensive, whereas the TOC is considered as the least secure and least expensive. The MOC...

An Approach to Improve the Match-on-Card ngerprint Authentication System Security

CSIR Research Space (South Africa)

Nair, Kishor Krishnan

2016-08-18

Full Text Available -on-Card (TOC), Match-on-Card (MOC), Work-Sharing On-Card (WSOC), and System-on-Card (SOC). Out of these four approaches, the SOC is considered as the most secure and expensive, whereas the TOC is considered as the least secure and least expensive. The MOC...

Multi-perspective analysis of China's energy supply security

International Nuclear Information System (INIS)

Geng, Jiang-Bo; Ji, Qiang

2014-01-01

China's energy supply security has faced many challenges such as the drastic change of the international energy environment and the domestic energy situation and so on. This paper constructs a multi-dimensional indicator system for the main risks deriving from four aspects to evaluate the situation of China's energy supply security and analyze its evolution characteristics from 1994 to 2011. The results indicate that the situation of China's energy supply security generally presented a downtrend during 1994–2008, as a result of increasing international energy market monopoly and high volatility of international crude oil prices. After 2008, the overall level of China's energy supply security has improved to the level of 2003, which is attributed to the relatively stable international energy environment as well as the effective implementation of energy policies. - Highlights: • A multi-dimensional index system for energy supply security is constructed. • The dynamic influences of external and internal risks are analyzed. • China's energy supply security presents a downward trend during 1994–2008. • The level of China's energy supply security has improved since 2009

Feasibility of a novel participatory multi-sector continuous improvement approach to enhance food security in remote Indigenous Australian communities

Directory of Open Access Journals (Sweden)

J. Brimblecombe

2017-12-01

Conclusion: A multi-sector participatory approach seeking continuous improvement engaged committed Aboriginal and non-Aboriginal stakeholders and was shown to have potential to shift community diet. Provision of clear mechanisms to link this approach with higher level policy and decision-making structures, clarity of roles and responsibilities, and processes to prioritise and communicate actions across sectors should further strengthen capacity for food security improvement. Integrating this approach enabling local decision-making into community governance structures with adequate resourcing is an imperative.

Parliamentary control of security information agency in terms of security culture: State and problems

Directory of Open Access Journals (Sweden)

Radivojević Nenad

2013-01-01

Full Text Available Even though security services have the same function as before, today they have different tasks and significantly more work than before. Modern security problems of the late 20th and early 21st century require states to reorganize their security services, adapting them to the new changes. The reorganization involves, among other things, giving wider powers of the security services, in order to effectively counter the growing and sophisticated security threats, which may also lead to violations of human rights and freedoms. It is therefore necessary to define the right competence, organization, authority and control of these services. In democratic countries, there are several institutions with different levels of control of security services. Parliament is certainly one of the most important institutions in that control, both in the world and in our country. Powers, finance, the use of special measures and the nature and scope of work of the Security Information Agency are certainly object of the control of the National Assembly. What seems to be the problem is achieving a balance between the need for control of security services and security services to have effective methods for combating modern security problems. This paper presents the legal framework related to the National Assembly control of the Security Intelligence Agency, as well as the practical problems associated with this type of control. We analyzed the role of security culture as one of the factors of that control. In this regard, it provides guidance for the practical work of the members of parliament who control the Security Intelligence Agency, noting in particular the importance of and the need for continuous improvement of security culture representatives.

OT-Combiners Via Secure Computation

DEFF Research Database (Denmark)

Harnik, Danny; Ishai, Yuval; Kushilevitz, Eyal

2008-01-01

of faulty candidates (t = Ω(n)). Previous OT-combiners required either ω(n) or poly(k) calls to the n candidates, where k is a security parameter, and produced only a single secure OT. We demonstrate the usefulness of the latter result by presenting several applications that are of independent interest......An OT-combiner implements a secure oblivious transfer (OT) protocol using oracle access to n OT-candidates of which at most t may be faulty. We introduce a new general approach for combining OTs by making a simple and modular use of protocols for secure computation. Specifically, we obtain an OT......, strengthen the security, and improve the efficiency of previous OT-combiners. In particular, we obtain the first constant-rate OT-combiners in which the number of secure OTs being produced is a constant fraction of the total number of calls to the OT-candidates, while still tolerating a constant fraction...

Sustaining Operational Resiliency: A Process Improvement Approach to Security Management

National Research Council Canada - National Science Library

Caralli, Richard A

2006-01-01

... potential to significantly disrupt an organization's pursuit of its mission. Security, business continuity, and IT operations management are activities that traditionally support operational risk management...

Improving Podcast Distribution on Gwanda using PrivHab: a Multiagent Secure Georouting Protocol.

Directory of Open Access Journals (Sweden)

Adrián SÁNCHEZ-CARMONA

2015-12-01

Full Text Available We present PrivHab, a multiagent secure georouting protocol that improves podcast distribution on Gwanda, Zimbabwe. PrivHab learns the whereabouts of the nodes of the network to select an itinerary for each agent carrying a piece of data. PrivHab makes use of cryptographic techniques to make the decisions while preserving nodes' privacy. PrivHab uses a waypoint-based georouting that achieves a high performance and low overhead in rugged terrain areas that are plenty of physical obstacles. The store-carry-and-forward approach used is based on mobile agents and is designed to operate in areas that lack network infrastructure. The PrivHab protocol is compared with a set of well-known delay-tolerant routing algorithms and shown to outperform them.

Advanced Interface for Tactical Security (AITS) Problem Analysis and Concept Definition

National Research Council Canada - National Science Library

Murray, S

1999-01-01

The Advanced Interface for Tactical Security (AITS) project was initiated to improve the task performance of security forces through technology and design improvements to information display systems...

A Forward-secure Grouping-proof Protocol for Multiple RFID Tags

Directory of Open Access Journals (Sweden)

Liu Ya-li

2012-09-01

Full Text Available Designing secure and robust grouping-proof protocols based on RFID characteristics becomes a hotspot in the research of security in Internet of Things (IOT. The proposed grouping-proof protocols recently have security and/or privacy omission and these schemes afford order-dependence by relaying message among tags through an RFID reader. In consequence, aiming at enhancing the robustness, improving scalability, reducing the computation costs on resource-constrained devices, and meanwhile combing Computational Intelligence (CI with Secure Multi-party Communication (SMC, a Forward-Secure Grouping-Proof Protocol (FSGP for multiple RFID tags based on Shamir's (, secret sharing is proposed. In comparison with the previous grouping-proof protocols, FSGP has the characteristics of forward-security and order-independence addressing the scalability issue by avoiding relaying message. Our protocol provides security enhancement, performance improvement, and meanwhile controls the computation cost, which equilibrates both security and low cost requirements for RFID tags.

China’s oil security from the supply chain perspective: A review

International Nuclear Information System (INIS)

Zhao, Chunfu; Chen, Bin

2014-01-01

Highlights: • The development phase of China’s oil industry is detailed. • Risk to oil industry in China is identified along the supply chain. • Policy aimed at improving oil security is examined. - Abstract: Oil security has become a major issue in China. This paper analyzes China’s oil security from the supply chain perspective, as the country faces challenges from an increasing reliance on imported oil, a fast-growing economy, the Malacca dilemma, and volatile international oil prices. To clarify the issue of oil security, we first review the development phase of China’s oil industry and previous research related to its energy security. Then a framework from the supply chain perspective is constructed to identify the current risk from three aspects: energy flow, financial and environmental. Finally, policies aimed at improving the country’s energy security are examined and potential problems presented. From this analysis, we conclude that the potential risk arising from China’s oil system is inherently interconnected. There is still great potential for the country to improve oil security by strengthening its strategic oil reserves, improving energy efficiency, and developing its domestic oil tanker fleet

Multimedia security watermarking, steganography, and forensics

CERN Document Server

Shih, Frank Y

2012-01-01

Multimedia Security: Watermarking, Steganography, and Forensics outlines essential principles, technical information, and expert insights on multimedia security technology used to prove that content is authentic and has not been altered. Illustrating the need for improved content security as the Internet and digital multimedia applications rapidly evolve, this book presents a wealth of everyday protection application examples in fields including multimedia mining and classification, digital watermarking, steganography, and digital forensics. Giving readers an in-depth overview of different asp

How to implement security controls for an information security program at CBRN facilities

International Nuclear Information System (INIS)

Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

2015-01-01

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

How to implement security controls for an information security program at CBRN facilities

Energy Technology Data Exchange (ETDEWEB)

Lenaeus, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

2015-12-01

This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

Managing Wetlands for Improved Food Security in Uganda | CRDI ...

International Development Research Centre (IDRC) Digital Library (Canada)

Researchers will determine the food security status of households adjacent to wetlands and the part that wetlands resources contribute to it. They will analyze the tradeoffs in using wetlands for crop production. And, they will test, adapt and promote agricultural technologies that enhance productivity while minimizing ...

Control system security in nuclear power plant

International Nuclear Information System (INIS)

Li Jianghai; Huang Xiaojin

2012-01-01

The digitalization and networking of control systems in nuclear power plants has brought significant improvements in system control, operation and maintenance. However, the highly digitalized control system also introduces additional security vulnerabilities. Moreover, the replacement of conventional proprietary systems with common protocols, software and devices makes these vulnerabilities easy to be exploited. Through the interaction between control systems and the physical world, security issues in control systems impose high risks on health, safety and environment. These security issues may even cause damages of critical infrastructures and threaten national security. The importance of control system security by reviewing several control system security incidents that happened in nuclear power plants was showed in recent years. Several key difficulties in addressing these security issues were described. Finally, existing researches on control system security and propose several promising research directions were reviewed. (authors)

Nuclear safeguards and security: we can do better.

Energy Technology Data Exchange (ETDEWEB)

Johnston, R. G. (Roger G.); Warner, Jon S.; Garcia, A. R. E. (Anthony R. E.); Martinez, R. K. (Ronald K.); Lopez, L. N. (Leon N.); Pacheco, A. N. (Adam N.); Trujillo, S. J. (Sonia J.); Herrera, A. M. (Alicia M.); Bitzer, E. G. (Edward G.), III

2005-01-01

There are a number of practical ways to significantly improve nuclear safeguards and security. These include recognizing and minimizing the insider threat; using adversarial vulnerability assessments to find vulnerabilities and countermeasures; fully appreciating the disparate nature of domestic and international nuclear safeguards; improving tamper detection and tamper-indicating seals; not confusing the inventory and security functions; and recognizing the limitations of GPS tracking, contact memory buttons, and RFID tags. The efficacy of nuclear safeguards depends critically on employing sophisticated security strategies and effective monitoring hardware. The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory has extensively researched issues associated with nuclear safeguards, especially in the areas of tamper/intrusion detection, transport security, and vulnerability assessments. This paper discusses some of our findings, recommendations, and warnings.

Information fusion for cyber-security analytics

CERN Document Server

Karabatis, George; Aleroud, Ahmed

2017-01-01

This book highlights several gaps that have not been addressed in existing cyber security research. It first discusses the recent attack prediction techniques that utilize one or more aspects of information to create attack prediction models. The second part is dedicated to new trends on information fusion and their applicability to cyber security; in particular, graph data analytics for cyber security, unwanted traffic detection and control based on trust management software defined networks, security in wireless sensor networks & their applications, and emerging trends in security system design using the concept of social behavioral biometric. The book guides the design of new commercialized tools that can be introduced to improve the accuracy of existing attack prediction models. Furthermore, the book advances the use of Knowledge-based Intrusion Detection Systems (IDS) to complement existing IDS technologies. It is aimed towards cyber security researchers. .

Improving the security of a quantum secret sharing protocol between multiparty and multiparty without entanglement

International Nuclear Information System (INIS)

Han Lianfang; Liu Yimin; Shi Shouhua; Zhang Zhanjun

2007-01-01

Recently Yan and Gao [F.L. Yan, T. Gao, Phys. Rev. A 72 (2005) 012304] have proposed a quantum secret sharing protocol which allows a secret message to be shared between one group of m parties and another group of n parties. The protocol is claimed to be secure. In this Letter, first we show that any subgroup consisting of evil cooperative parties (or one and only one evil party) can successfully cheat other parties to obtain the secret message without being detected. Then we improve the original Yan-Gao protocol such that the insider's cheats are prevented

Contribution of Food Crops to Household Food Security Among ...

African Journals Online (AJOL)

The study also showed that farmers in the study area are relatively food secure. Inputs such as fertilizer, processing and storage facilities, improved seedlings, tractor, access to credit loan etc. should be made available to encourage farmers to improve household food security and raise their living standard. In addition ...

Agencies Need Improved Financial Data Reporting for Private Security Contractors

National Research Council Canada - National Science Library

Warren, David R; Bianco, Michael A; Nasser, Waheed; Kusman, Richard R; Shafer, James; Venner, Jason; Walls, Lovell Q; Wright, Samson J

2008-01-01

.... The objective of this report was to determine the extent to which federal agencies have systematically captured financial data for private security services in Iraq since 2003, and to identify...

Managing Wetlands for Improved Food Security in Uganda | IDRC ...

International Development Research Centre (IDRC) Digital Library (Canada)

However, little is known about the contribution of wetland resources to household food security or the environmental impact of using wetlands for agriculture or other purposes. Researchers will ... IDRC is pleased to announce the results of its 2017 call for proposals to establish Cyber Policy Centres in the Global South.

Analysis of Security Protocols for Mobile Healthcare.

Science.gov (United States)

Wazid, Mohammad; Zeadally, Sherali; Das, Ashok Kumar; Odelu, Vanga

2016-11-01

Mobile Healthcare (mHealth) continues to improve because of significant improvements and the decreasing costs of Information Communication Technologies (ICTs). mHealth is a medical and public health practice, which is supported by mobile devices (for example, smartphones) and, patient monitoring devices (for example, various types of wearable sensors, etc.). An mHealth system enables healthcare experts and professionals to have ubiquitous access to a patient's health data along with providing any ongoing medical treatment at any time, any place, and from any device. It also helps the patient requiring continuous medical monitoring to stay in touch with the appropriate medical staff and healthcare experts remotely. Thus, mHealth has become a major driving force in improving the health of citizens today. First, we discuss the security requirements, issues and threats to the mHealth system. We then present a taxonomy of recently proposed security protocols for mHealth system based on features supported and possible attacks, computation cost and communication cost. Our detailed taxonomy demonstrates the strength and weaknesses of recently proposed security protocols for the mHealth system. Finally, we identify some of the challenges in the area of security protocols for mHealth systems that still need to be addressed in the future to enable cost-effective, secure and robust mHealth systems.

[Tourism ecological security early warning of Zhangjiajie, China based on the improved TOPSIS method and the grey GM (1,1)model].

Science.gov (United States)

Xu, Mei; Liu, Chun la; Li, Dan; Zhong, Xiao Lin

2017-11-01

Tourism ecological security early warning is of great significance both to the coordination of ecological environment protection and tourism industry rapid development in tourism destination, and the sustainable and healthy development of regional social and economy. Firstly, based on the DPSIR model, the tourism ecological security early warning index system of Zhangjiajie was constructed from 5 aspects, which were driving force, pressure, state, impact and response. Then, by using the improved TOPSIS method, the tourism ecological security situation of Zhangjiajie from 2001 to 2014 was analyzed. Lastly, by using the grey GM (1,1) model, the tourism ecological security evolution trend of 2015-2020 was predicted. The results indicated that, on the whole, the close degree of Zhangjiajie's tourism ecological security showed a slightly upward trend during 2001-2014, the warning degree was the moderate warning. In terms of each subsystem, warning degree of the driving force system and the pressure system of Zhangjiajie's tourism ecological secu-rity were on the rise, which evolved from light warning to heavy warning; warning degree of the state system and the impact system had not changed so much, and had been in the moderate warning; warning degree of the response system was on the decline, which changed from huge warning to no warning during 2001-2014. According to the current development trend, the close degree of Zhangjiajie's tourism ecological security would rise further in 2015-2020, and the warning degree would turn from moderate warning into light warning, but the task of coordinating the relationship between tourism development and ecological construction and environmental protection would be still arduous.

Effect of Policy Interventions on Food Security in Tigray, Northern Ethiopia

Directory of Open Access Journals (Sweden)

Anne van der Veen

2011-03-01

Full Text Available Following the design of a conservation-based agricultural development strategy and food security strategy, the Tigray government has implemented different pro-poor development programs over the past years to address the problems of food security. This study attempts to investigate the effectiveness of government policy interventions at different scales addressed to improve food security. Food security both at the regional and district level was investigated by deriving food balance sheets for the period 2000-2008. An empirical analysis based on a logit model was also employed to analyze household level food security status. The results of the logit model reveal that government policy interventions such as water harvesting schemes, employment generation schemes, and promotion of technology adoption significantly contribute to a higher likelihood of household food security status. The findings of the food balance sheet also indicate that the region has made some impressive development gains in improving regional food self-sufficiency, indicating the importance of government interventions in improving food security both at the household and regional level.

Report: Improvements Needed in Key EPA Information System Security Practices

Science.gov (United States)

Report #10-P-0146, June 15, 2010. Williams Adley found that EPA program offices lacked evidence that they planned and executed tests of information system security controls as required by federal requirements.

Multi-energy x-ray detectors to improve air-cargo security

Science.gov (United States)

Paulus, Caroline; Moulin, Vincent; Perion, Didier; Radisson, Patrick; Verger, Loïck

2017-05-01

X-ray based systems have been used for decades to screen luggage or cargo to detect illicit material. The advent of energy-sensitive photon-counting x-ray detectors mainly based on Cd(Zn)Te semi-conductor technology enables to improve discrimination between materials compared to single or dual energy technology. The presented work is part of the EUROSKY European project to develop a Single European Secure Air-Cargo Space. "Cargo" context implies the presence of relatively heavy objects and with potentially high atomic number. All the study is conducted on simulations with three different detectors: a typical dual energy sandwich detector, a realistic model of the commercial ME100 multi-energy detector marketed by MULTIX, and a ME100 "Cargo": a not yet existing modified multi-energy version of the ME100 more suited to air freight cargo inspection. Firstly, a comparison on simulated measurements shows the performances improvement of the new multi-energy detectors compared to the current dual-energy one. The relative performances are evaluated according to different criteria of separability or contrast-to-noise ratio and the impact of different parameters is studied (influence of channel number, type of materials and tube voltage). Secondly, performances of multi-energy detectors for overlaps processing in a dual-view system is accessed: the case of orthogonal projections has been studied, one giving dimensional values, the other one providing spectral data to assess effective atomic number. A method of overlap correction has been proposed and extended to multi-layer objects case. Therefore, Calibration and processing based on bi-material decomposition have been adapted for this purpose.

Computer Security: professionalism in security, too

CERN Multimedia

Stefan Lueders, Computer Security Team

2015-01-01

At CERN, we apply a great deal of dedication and professionalism to all the work we do. This is necessary because of the complexity and sophistication of the devices we deal with. However, when it comes to computer security, we can all agree that there is room for improvement.   In some cases, we’ve observed devices that are connected to our Intranet networks without the adequate level of protection. Also, in order to allow it to be disseminated easily with peers, information is often disclosed on public webpages, sometimes without appropriate consideration of important security-related aspects. Program code is lost due to a lack of proper version control or the use of central storage systems. Systems are brought down by “finger trouble”, confusing the right and wrong IP addresses. Software or system development is done directly on production devices, impinging on their proper operation up to the point where the system grinds to a halt. Applications full of useful fe...

Report: EPA’s National Security Information Program Could Be Improved

Science.gov (United States)

Report #12-P-0543, June 18, 2012. Under its classified NSI program, EPA has assigned responsibilities and provided guidance, training, and oversight. EPA program offices provide secure equipment and space, following NSI program specifications.

Technologies to counter aviation security threats

Science.gov (United States)

Karoly, Steve

2017-11-01

The Aviation and Transportation Security Act (ATSA) makes TSA responsible for security in all modes of transportation, and requires that TSA assess threats to transportation, enforce security-related regulations and requirements, and ensure the adequacy of security measures at airports and other transportation facilities. Today, TSA faces a significant challenge and must address a wide range of commercial, military grade, and homemade explosives and these can be presented in an infinite number of configurations and from multiple vectors. TSA screens 2 million passengers and crew, and screens almost 5 million carry-on items and 1.2 million checked bags daily. As TSA explores new technologies for improving efficiency and security, those on the forefront of research and development can help identify unique and advanced methods to combat terrorism. Research and Development (R&D) drives the development of future technology investments that can address an evolving adversary and aviation threat. The goal is to rethink the aviation security regime in its entirety, and rather than focusing security at particular points in the enterprise, distribute security from the time a reservation is made to the time a passenger boards the aircraft. The ultimate objective is to reengineer aviation security from top to bottom with a continued focus on increasing security throughout the system.

78 FR 14101 - Homeland Security Science and Technology Advisory Committee (HSSTAC)

Science.gov (United States)

2013-03-04

... Secretary for Science and Technology, such as new developments in systems engineering, cyber-security... HSSTAC input on how to improve that collaboration. --Cyber Security and the evolution of the Cyber... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0014] Homeland Security Science and...

A Container-based Trusted Multi-level Security Mechanism

Directory of Open Access Journals (Sweden)

Li Xiao-Yong

2017-01-01

Full Text Available Multi-level security mechanism has been widely applied in the military, government, defense and other domains in which information is required to be divided by security-level. Through this type of security mechanism, users at different security levels are provided with information at corresponding security levels. Traditional multi-level security mechanism which depends on the safety of operating system finally proved to be not practical. We propose a container-based trusted multi-level security mechanism in this paper to improve the applicability of the multi-level mechanism. It guarantees multi-level security of the system through a set of multi-level security policy rules and trusted techniques. The technical feasibility and application scenarios are also discussed. The ease of realization, strong practical significance and low cost of our method will largely expand the application of multi-level security mechanism in real life.

Systems analysis of a security alarm system

International Nuclear Information System (INIS)

Schiff, A.

1975-01-01

When the Lawrence Livermore Laboratory found that its security alarm system was causing more false alarms and maintenance costs than LLL felt was tolerable, a systems analysis was undertaken to determine what should be done about the situation. This report contains an analysis of security alarm systems in general and ends with a review of the existing Security Alarm Control Console (SACC) and recommendations for its improvement, growth and change. (U.S.)

Linking consumer energy efficiency with security of supply

International Nuclear Information System (INIS)

Rutherford, J.P.; Scharpf, E.W.; Carrington, C.G.

2007-01-01

Most modern energy policies seek to achieve systematic ongoing incremental increases in consumer energy efficiency, since this contributes to improved security of supply, favourable environmental outcomes and increased economic efficiency. Yet realised levels of efficiency are typically well below the most cost-effective equilibrium due to variety of behavioural and organisational barriers, which are often linked to information constraints. In addition efficient users are normally unrewarded for collective benefits to system security and to the environment, thus reducing the incentives for energy consumers to invest in efficiency improvements. This paper examines the dichotomies and symmetries between supply- and demand-side solutions to energy security concerns and reviews opportunities to overcome barriers to improved consumer efficiency. A security market is identified as a mechanism to promote both demand- and supply-side investments that support electricity system security. Such a market would assist in setting the optimal quantity of reserves while achieving an efficient balance between supply- and demand-side initiatives. It would also help to smooth overall investment throughout the energy system by encouraging incremental approaches, such as distributed generation and demand-side alternatives where they provide competitive value. Although the discussion is applicable to energy systems in general, it focuses primarily on electricity in New Zealand

Ontario Hydro looks at security

International Nuclear Information System (INIS)

Green, B.J.; Kee, B.

1995-01-01

Ontario Hydro operates 20 CANDU reactors on three different sites. Since 1984, a review of security arrangements on all the sites has taken place on a five-yearly basis. The review process for 1995 is outlined. The three objectives were as follows: to assess current security threats and risks to the stations; to assess the adequacy of the existing programme to protect against current threats; by comparing the security programme against those of comparable entities to establish benchmarks for good practice as a basis for improvements at Ontario Hydro. Valuable insights gained through the review are listed. These could be useful to other utilities. (UK)

Almaraz ovation control system security

International Nuclear Information System (INIS)

Madronal Rodriguez, E.; Anderson, E.; Jimenez Diaz, J.; Carrasco Mateos, J. A.

2013-01-01

Improving the security of a plant's Distributed Control System (DCS) is an important consideration for plant safety and profitability, as well as the necessity to comply with the regulation. The U.S. Nuclear Regulatory Commission has produced Regulatory Guide (RG) 5.71, and the Nuclear Energy Institute (NEI) has produced NEI 08-09 to assist plants in meeting 10 CFR 73.54, Protection of digital computer and communication systems and networks. These requirements, which address the establishment, implementation and maintenance of a cyber security program, present challenges to ensure that safety, security and emergency preparedness functions of nuclear facilities are not negatively impacted by the vulnerability scanning and testing process.

Agencies Need Improved Financial Data Reporting for Private Security Contractors

National Research Council Canada - National Science Library

Warren, David R; Bianco, Michael A; Nasser, Waheed; Kusman, Richard R; Shafer, James; Venner, Jason; Walls, Lovell Q; Wright, Samson J

2008-01-01

Section 842 of the National Defense Authorization Act of 2008 (Public Law 110-181), required SIGIR to, among other things, develop a plan to evaluate various characteristics of contracting for private security contractor services in Iraq...

Security Analysis and Improvement of an Anonymous Authentication Scheme for Roaming Services

Directory of Open Access Journals (Sweden)

Youngsook Lee

2014-01-01

Full Text Available An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.’s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1 it fails to provide user anonymity against any third party as well as the foreign agent, (2 it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3 it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.’s scheme can be addressed without degrading the efficiency of the scheme.

360 PORT MDA - A Strategy to Improve Port Security

Science.gov (United States)

2006-09-01

Participating Agencies (After: Executive Briefing..........................27 Table 6. Designated Joint Operations Center Participants (From: SAFE...Investigations CGIP Coast Guard Intelligence Program CHOC Charleston Harbor Operations Center CIO Command Intelligence Officer CMT Combating Maritime... EXECUTIVE SUMMARY Ports are critical to our economy and national security. Key hubs in the international trade network, U.S. ports accounted for more than

​Improving potato production for increased food security of ...

International Development Research Centre (IDRC) Digital Library (Canada)

The challenge. In Colombia, food security is a national concern, and indigenous communities of Nariño are among the most food insecure in the country. Potato is the staple food crop and main source of family income for the region's smallholder farms — many of which are headed by women. One of the biggest threats to ...

Natural Resources Management for Sustainable Food Security in ...

International Development Research Centre (IDRC) Digital Library (Canada)

Natural Resources Management for Sustainable Food Security in the Sahel ... as well as strategies for managing the resource base with a view to improving food security. ... InnoVet-AMR grants to support development of innovative veterinary ...

Systems analysis and futuristic designs of advanced biofuel factory concepts.

Energy Technology Data Exchange (ETDEWEB)

Chianelli, Russ; Leathers, James; Thoma, Steven George; Celina, Mathias C.; Gupta, Vipin P.

2007-10-01

The U.S. is addicted to petroleum--a dependency that periodically shocks the economy, compromises national security, and adversely affects the environment. If liquid fuels remain the main energy source for U.S. transportation for the foreseeable future, the system solution is the production of new liquid fuels that can directly displace diesel and gasoline. This study focuses on advanced concepts for biofuel factory production, describing three design concepts: biopetroleum, biodiesel, and higher alcohols. A general schematic is illustrated for each concept with technical description and analysis for each factory design. Looking beyond current biofuel pursuits by industry, this study explores unconventional feedstocks (e.g., extremophiles), out-of-favor reaction processes (e.g., radiation-induced catalytic cracking), and production of new fuel sources traditionally deemed undesirable (e.g., fusel oils). These concepts lay the foundation and path for future basic science and applied engineering to displace petroleum as a transportation energy source for good.

Hotel Security Management : Case: Original Sokos Hotel Vaakuna Vaasa

OpenAIRE

Koskela, Jere

2016-01-01

This thesis studied hotel security management and examined one case hotel more closely on matters of security management. The case hotel in this research was Original Sokos Hotel Vaakuna Vaasa. The aim of the thesis was to find out how security aspects are managed and how they could be developed in the case hotel. This research was conducted to help the case hotel’s security supervisor to develop and improve security. The thesis consists of a theoretical framework and an empirical study. The ...

Energy Security and Sub-Saharan Africa

Directory of Open Access Journals (Sweden)

Emily Meierding

2013-02-01

Full Text Available Published by Palgrave MacmillanOver the last decade the topic of energy security has reappeared on global policy agendas. Most analyses of international energy geopolitics examine the interests and behaviour of powerful energy-importing countries like the US and China. This chapter begins by examining foreign powers’ expanded exploitation of oil and uranium resources in Sub-Saharan Africa. It goes on to examine how energy importers’ efforts to enhance their energy security through Africa are impacting energy security within Africa. It assesses Sub-Saharan states’ attempts to increase consumption of local oil and uranium reserves. Observing the constraints on these efforts, it then outlines some alternative strategies that have been employed to enhance African energy security. It concludes that, while local community-based development projects have improved the well-being of many households, they are not a sufficient guarantor of energy security. Inadequate petroleum access, in particular, remains a development challenge. Foreign powers’ efforts to increase their oil security are undermining the energy security of Sub-Saharan African citizens.

Method to manufacture solar cells

International Nuclear Information System (INIS)

Hanschmann, H.

1978-01-01

An attempt has been made to outwit physics and to improve the solar energy utilization in households and space ships by means of power storers, gravitational drive and other futuristic means. (DG) [de

Biofuels and food security: Micro-evidence from Ethiopia

International Nuclear Information System (INIS)

Negash, Martha; Swinnen, Johan F.M.

2013-01-01

There is considerable controversy about the impact of biofuels on food security in developing countries. A major concern is that biofuels reduce food security by increasing food prices. In this paper we use survey evidence to assess the impact of castor production on poor and food insecure rural households in Ethiopia. About 1/3 of poor farmers have allocated on average 15% of their land to the production of castor beans under contract in biofuel supply chains. Castor production significantly improves their food security: they have fewer months without food and the amount of food they consume increases. Castor cultivation is beneficial for participating households’ food security in several ways: by generating cash income from castor contracts, they can store food for the lean season; castor beans preserve well on the field which allows sales when farmers are in need of cash (or food); spillover effects of castor contracts increases the productivity of food crops. Increased food crop productivity offsets the amount of land used for castor so that the total local food supply is not affected. - Highlights: • We evaluate the impact of biofuel production contracts on farmers’ food security. • We apply endogenous switching regression method on survey data from Ethiopia. • Impact is heterogeneous across groups. • Food security significantly improved for contract participants by 25%. • Spillover effects improve food productivity that offsets the amount of land diverted to biofuel

Internet Safety and Security Surveys - A Review

DEFF Research Database (Denmark)

Sharp, Robin

This report gives a review of investigations into Internet safety and security over the last 10 years. The review covers a number of surveys of Internet usage, of Internet security in general, and of Internet users' awareness of issues related to safety and security. The focus and approach...... of the various surveys is considered, and is related to more general proposals for investigating the issues involved. A variety of proposals for how to improve levels of Internet safety and security are also described, and they are reviewed in the light of studies of motivational factors which affect the degree...

Stormwater harvesting: Improving water security in South Africa's urban areas

Directory of Open Access Journals (Sweden)

Lloyd Fisher-Jeffes

2017-01-01

Full Text Available The drought experienced in South Africa in 2016 one of the worst in decades has left many urbanised parts of the country with limited access to water, and food production has been affected. If a future water crisis is to be averted, the country needs to conserve current water supplies, reduce its reliance on conventional surface water schemes, and seek alternative sources of water supply. Within urban areas, municipalities must find ways to adapt to, and mitigate the threats from, water insecurity resulting from, inter alia, droughts, climate change and increasing water demand driven by population growth and rising standards of living. Stormwater harvesting (SWH is one possible alternative water resource that could supplement traditional urban water supplies, as well as simultaneously offer a range of social and environmental benefits. We set out three position statements relating to how SWH can: improve water security and increase resilience to climate change in urban areas; prevent frequent flooding; and provide additional benefits to society. We also identify priority research areas for the future in order to target and support the appropriate uptake of SWH in South Africa, including testing the viability of SWH through the use of real-time control and managed aquifer recharge.

Nuclear security education and training at Naif Arab University for Security Sciences

International Nuclear Information System (INIS)

Amjad Fataftah

2009-01-01

Naif Arab University for Security Sciences (NAUSS) was established in 1978 as an Arab institution specialized in security sciences to fulfill the needs of the Arab law enforcement agencies for an academic institution that promotes research in security sciences, offers graduate education programs and conduct short-term training courses, which should contribute to the prevention and control of crimes in the Arab world. NAUSS and the IAEA organized the first workshop on nuclear security on November, 2006, which aimed to explore and improve the nuclear security culture awareness through the definitions of the nuclear security main pillars, Prevention, Detection and Response. In addition, NAUSS and IAEA organized a very important training course on April, 2008 on combating nuclear terrorism titled P rotection against nuclear terrorism: Protection of radioactive sources . In the past two years, IAEA has put tremendous efforts to develop an education program in nuclear security, which may lead into Master's degree in nuclear security, where NAUSS helped in this project through the participation in the IAEA organized consultancy and technical meetings for the development of this program along with many other academic, security and law enfacement experts and lawyers from many different institution in the world. NAUSS and IAEA drafted a work plan for the next coming two years which should lead into the gradual implementation of these educational programs at NAUSS. NAUSS also continues to participate in several local conferences and symposiums related to the peaceful application of nuclear power in the gulf region, and the need for a human resources development programs to fulfill the scientific and security needs which will arise from building nuclear power plants. NAUSS participated in the International Symposium on the Peaceful Application of Nuclear Technology in the GCC countries, organized by King Abdulaziz University in the city of Jeddah, Saudi Arabia. Also NAUSS

Security research roadmap; Security-tutkimuksen roadmap

Energy Technology Data Exchange (ETDEWEB)

Naumanen, M.; Rouhiainen, V. (eds.)

2006-02-15

Requirements for increasing security have arisen in Europe after highly visible and tragic events in Madrid and in London. While responsibility for security rests largely with the national activities, the EU has also started planning a research area .Space and security. as a part of the 7th Framework Programme. As the justification for this research area it has been presented that technology alone can not assure security, but security can not be assured without the support of technology. Furthermore, the justification highlights that security and military research are becoming ever closer. The old separation between civil and military research is decreasing, because it has been noticed that both areas are nowadays utilising the same knowledge. In Finland, there is already now noteworthy entrepreneurship related to security. Although some of the companies are currently only operating in Finland, others are already international leaders in their area. The importance of the security area is increasing and remarkable potential for new growth business areas can already be identified. This however also requires an increase in research efforts. VTT has a broad range of security research ongoing in many technology areas. The main areas have been concentrating on public safety and security, but VTT is participating also in several research projects related to the defence technology. For identifying and defining in more detail the expertise and research goals, the Security research roadmap was developed. The roadmap identified three particularly significant areas related to security. The assurance of critical infrastructure emphasises the protection of energy networks, information networks, water supply, traffic and transport, and obviously also the citizens. For assuring the activities of entrepreneurship, significant areas include the security of production and services, the security of sites and assets, and information security for embedded systems. The most important

INFORMATION SYSTEM SECURITY (CYBER SECURITY

Directory of Open Access Journals (Sweden)

Muhammad Siddique Ansari

2016-03-01

Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

Improved Security Models & Protocols in Online Mobile Business Financial Transactions

OpenAIRE

Sreeramana Aithal

2017-01-01

Chapter I : Introduction to Mobile Business and Mobile Banking Chapter II : Review of Literature on Mobile Business Technology, Mobile Banking Services & Security Chapter III : Research Objectives and Methodology Chapter IV : Results and Discussion Chapter V : Summary and Conclusions Bibliography

An Empirical Study and some Improvements of the MiniMac Protocol for Secure Computation

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Lauritsen, Rasmus; Toft, Tomas

2014-01-01

Recent developments in Multi-party Computation (MPC) has resulted in very efficient protocols for dishonest majority in the preprocessing model. In particular, two very promising protocols for Boolean circuits have been proposed by Nielsen et al. (nicknamed TinyOT) and by Damg˚ard and Zakarias...... suggest a modification of MiniMac that achieves increased parallelism at no extra communication cost. This gives an asymptotic improvement of the original protocol as well as an 8-fold speed-up of our implementation. We compare the resulting protocol to TinyOT for the case of secure computation in parallel...... of a large number of AES encryptions and find that it performs better than results reported so far on TinyOT, on the same hardware.p...

Study on the concentration of energy security

International Nuclear Information System (INIS)

Irie, Kazutomo

2002-01-01

'Energy Security' concept has played the central role in Japan's energy policy. However, the definition of the concept is not clear. If energy security will remain a principal policy target, its concept should be clearly defined as a precondition. This dissertation analyzes historical changes in energy security concept and considers their relationship with the development of national security concept in international relations studies. Following an introduction in the first chapter, the second chapter reveals that energy security concept has changed in accord with energy situation and policymakers' concern of the times. As a result, several different definitions of the concept now coexist. The third chapter deals with the relationship between energy security concept and national security concepts in international relations. Three major definitions of energy security concepts correspond to definitions of security concepts by three schools in security theory - realism, liberalism, and globalism. In the fourth chapter, energy security is conceptualized and its policy measures are systematized by addressing the issues appeared in its historical changes and referring to security theory in international relations studies. The fifth chapter discusses the contribution by nuclear energy to Japan's energy security, applying a theoretical framework presented in previous chapters. Characteristics of nuclear energy which enhance energy security are identified, and policy measures for improving those characteristics are proposed. (author)

Improving food security? Setting indicators and observing change of rural household in Central Sulawesi

Directory of Open Access Journals (Sweden)

Stephan Klasen

2017-11-01

Full Text Available Household food security is a critical issue for Indonesia, which is investigated in this study. Many of rural household in Indonesia depends on agricultural sectors and facing challenges of global warming that threatening food security and poverty alleviation in the country. We use panel data at the household level for a sample of households living in Central Sulawesi at the rainforest margin in Indonesia. For the purpose of this study, we apply principal component analysis to develop an indicator of food security and used the index in determining the household’s condition to be persistent food secure or insecure. The findings present the fact that over the period the household’s food security in the study area has changed to better food condition. The number of people who are food insecure has declined by 23.73 % over the year. However, the results suggest that public services on health, education and infrastructure need to be strengthened, investments in access to credit and off-farm employment policies, as well as insurance programs on social protection and disaster management, need to be developed.

The GridSite Web/Grid security system

International Nuclear Information System (INIS)

McNab, Andrew; Li Yibiao

2010-01-01

We present an overview of the current status of the GridSite toolkit, describing the security model for interactive and programmatic uses introduced in the last year. We discuss our experiences of implementing these internal changes and how they and previous rounds of improvements have been prompted by requirements from users and wider security trends in Grids (such as CSRF). Finally, we explain how these have improved the user experience of GridSite-based websites, and wider implications for portals and similar web/grid sites.

42 CFR 57.1510 - Security for loans.

Science.gov (United States)

2010-10-01

... 42 Public Health 1 2010-10-01 2010-10-01 false Security for loans. 57.1510 Section 57.1510 Public... Security for loans. Each loan with respect to which a guarantee is made or interest subsidies are paid... TEACHING FACILITIES, EDUCATIONAL IMPROVEMENTS, SCHOLARSHIPS AND STUDENT LOANS Loan Guarantees and Interest...

Secure direct communication based on secret transmitting order of particles

International Nuclear Information System (INIS)

Zhu Aidong; Zhang Shou; Xia Yan; Fan Qiubo

2006-01-01

We propose the schemes of quantum secure direct communication based on a secret transmitting order of particles. In these protocols, the secret transmitting order of particles ensures the security of communication, and no secret messages are leaked even if the communication is interrupted for security. This strategy of security for communication is also generalized to a quantum dialogue. It not only ensures the unconditional security but also improves the efficiency of communication

Optimization of airport security lanes

Science.gov (United States)

Chen, Lin

2018-05-01

Current airport security management system is widely implemented all around the world to ensure the safety of passengers, but it might not be an optimum one. This paper aims to seek a better security system, which can maximize security while minimize inconvenience to passengers. Firstly, we apply Petri net model to analyze the steps where the main bottlenecks lie. Based on average tokens and time transition, the most time-consuming steps of security process can be found, including inspection of passengers' identification and documents, preparing belongings to be scanned and the process for retrieving belongings back. Then, we develop a queuing model to figure out factors affecting those time-consuming steps. As for future improvement, the effective measures which can be taken include transferring current system as single-queuing and multi-served, intelligently predicting the number of security checkpoints supposed to be opened, building up green biological convenient lanes. Furthermore, to test the theoretical results, we apply some data to stimulate the model. And the stimulation results are consistent with what we have got through modeling. Finally, we apply our queuing model to a multi-cultural background. The result suggests that by quantifying and modifying the variance in wait time, the model can be applied to individuals with various habits customs and habits. Generally speaking, our paper considers multiple affecting factors, employs several models and does plenty of calculations, which is practical and reliable for handling in reality. In addition, with more precise data available, we can further test and improve our models.

The French Experience Regarding Peer Reviews to Improve the Safety and Security of Radioactive Sources

International Nuclear Information System (INIS)

Lachaume, J.-L.; Bélot, G.

2015-01-01

France has a 50 year history of control over radioactive sources. Convinced that peer reviews may be helpful to improve any regulatory system, France decided to experience a ‘full scope’ Integrated Regulatory Review Service mission in 2006 and its follow-up mission in 2009, including a review of the implementation of the Code of Conduct. The reviews, interviews and observations performed during these missions enabled the experts to have a thorough knowledge of the French system and to highlight its strengths and ways for improvements. Following these reviews, France decided to rely on its good practices, extend them as much as possible and to define, implement and address an action plan to improve its regulatory control over radioactive sources, while maintaining the prime responsibility on the operators. While good practices in the tracking of sources were maintained and slight evolutions were conducted in the safety regulations, licensing process, and inspection and enforcement actions, the major outcome of these reviews will obviously consist of the entrustment of the French Nuclear Safety Authority with the role of the regulatory authority for the security of radioactive sources and the implementation of dedicated provisions. (author)

Needs for Development of Nuclear Security Culture in Korea

International Nuclear Information System (INIS)

Shim, Hye Won; Yoo, Ho Sik; Kwack, Sung Woo; Lee, Ho Jin; Lee, Jong Uk

2005-01-01

Over the past several years, the growing international threat of terrorism has necessitated strengthening of physical protection and security of nuclear materials and facilities. A number of countries have made efforts in improving their physical protection system especially in the field of hardware such as security equipment. While security hardware is important, the efficient use of the equipment is yet another important issue, which depends on the operating personnel and their attitudes in performing their duties. Therefore, Security experts said that the nuclear security would not be completed without security culture. However, Nuclear Security Culture has not been introduced and developed in Korea. This paper introduces the concept and model of Nuclear Security Culture and raises awareness of the needs to develop the Nuclear Security Culture in Korea

Lidar and Dial application for detection and identification: a proposal to improve safety and security

International Nuclear Information System (INIS)

Gaudio, P.; Malizia, A.; Gelfusa, M.; Parracino, S.; Poggi, L.A.; Lungaroni, M.; Ciparisse, J.F.; Giovanni, D. Di; Cenciarelli, O.; Carestia, M.; Peluso, E.; Gabbarini, V.; Talebzadeh, S.; Bellecci, C.; Murari, A.

2017-01-01

Nowadays the intentional diffusion in air (both in open and confined environments) of chemical contaminants is a dramatic source of risk for the public health worldwide. The needs of a high-tech networks composed by software, diagnostics, decision support systems and cyber security tools are urging all the stakeholders (military, public, research and academic entities) to create innovative solutions to face this problem and improve both safety and security. The Quantum Electronics and Plasma Physics (QEP) Research Group of the University of Rome Tor Vergata is working since the 1960s on the development of laser-based technologies for the stand-off detection of contaminants in the air. Up to now, four demonstrators have been developed (two LIDAR-based and two DIAL-based) and have been used in experimental campaigns during all 2015. These systems and technologies can be used together to create an innovative solution to the problem of public safety and security: the creation of a network composed by detection systems: A low cost LIDAR based system has been tested in an urban area to detect pollutants coming from urban traffic, in this paper the authors show the results obtained in the city of Crotone (south of Italy). This system can be used as a first alarm and can be coupled with an identification system to investigate the nature of the threat. A laboratory dial based system has been used in order to create a database of absorption spectra of chemical substances that could be release in atmosphere, these spectra can be considered as the fingerprints of the substances that have to be identified. In order to create the database absorption measurements in cell, at different conditions, are in progress and the first results are presented in this paper.

Lidar and Dial application for detection and identification: a proposal to improve safety and security

Science.gov (United States)

Gaudio, P.; Malizia, A.; Gelfusa, M.; Murari, A.; Parracino, S.; Poggi, L. A.; Lungaroni, M.; Ciparisse, J. F.; Di Giovanni, D.; Cenciarelli, O.; Carestia, M.; Peluso, E.; Gabbarini, V.; Talebzadeh, S.; Bellecci, C.

2017-01-01

Nowadays the intentional diffusion in air (both in open and confined environments) of chemical contaminants is a dramatic source of risk for the public health worldwide. The needs of a high-tech networks composed by software, diagnostics, decision support systems and cyber security tools are urging all the stakeholders (military, public, research & academic entities) to create innovative solutions to face this problem and improve both safety and security. The Quantum Electronics and Plasma Physics (QEP) Research Group of the University of Rome Tor Vergata is working since the 1960s on the development of laser-based technologies for the stand-off detection of contaminants in the air. Up to now, four demonstrators have been developed (two LIDAR-based and two DIAL-based) and have been used in experimental campaigns during all 2015. These systems and technologies can be used together to create an innovative solution to the problem of public safety and security: the creation of a network composed by detection systems: A low cost LIDAR based system has been tested in an urban area to detect pollutants coming from urban traffic, in this paper the authors show the results obtained in the city of Crotone (south of Italy). This system can be used as a first alarm and can be coupled with an identification system to investigate the nature of the threat. A laboratory dial based system has been used in order to create a database of absorption spectra of chemical substances that could be release in atmosphere, these spectra can be considered as the fingerprints of the substances that have to be identified. In order to create the database absorption measurements in cell, at different conditions, are in progress and the first results are presented in this paper.

Security Controls for NPP I and C Systems

International Nuclear Information System (INIS)

Kim, Y. M.; Jeong, C. H.; Kim, T. H.

2014-01-01

In Korea, regulatory body have required cyber security plan for nuclear I and C system. Also, all I and C systems and equipment must be classified according to cyber security level and technical, operational and managerial security controls must be provided based on each level. It is necessary to determine the best set of security controls for NPP I and C system. In our research, selection, implementation and verification process of security controls which can be used for I and C systems has developed. For establishing the cyber security of the nuclear I and C system, special cyber security system which consider the difference between general IT system and nuclear I and C system is needed. This research, we developed security improvement methodology for NPP I and C system through establishing security control, applying and verifying activity. Also, the cyber security activities which are needed during development are defined. It is expected that the methodology which has been developed by this research can be used for establish, implement, evaluate the security controls for protecting nuclear I and C system from cyber-attacks

Security Controls for NPP I and C Systems

Energy Technology Data Exchange (ETDEWEB)

Kim, Y. M.; Jeong, C. H. [Korea Institute of Nuclear Safety, Daejeon (Korea, Republic of); Kim, T. H. [Formal Works Inc., Seoul (Korea, Republic of)

2014-05-15

In Korea, regulatory body have required cyber security plan for nuclear I and C system. Also, all I and C systems and equipment must be classified according to cyber security level and technical, operational and managerial security controls must be provided based on each level. It is necessary to determine the best set of security controls for NPP I and C system. In our research, selection, implementation and verification process of security controls which can be used for I and C systems has developed. For establishing the cyber security of the nuclear I and C system, special cyber security system which consider the difference between general IT system and nuclear I and C system is needed. This research, we developed security improvement methodology for NPP I and C system through establishing security control, applying and verifying activity. Also, the cyber security activities which are needed during development are defined. It is expected that the methodology which has been developed by this research can be used for establish, implement, evaluate the security controls for protecting nuclear I and C system from cyber-attacks.

Regional Radiological Security Partnership in Southeast Asia - Increasing the Sustainability of Security Systems at the Site-Level by Using a Model Facility Approach

International Nuclear Information System (INIS)

Chamberlain, Travis L.; Dickerson, Sarah; Ravenhill, Scott D.; Murray, Allan; Morris, Frederic A.; Herdes, Gregory A.

2009-01-01

In 2004, Australia, through the Australian Nuclear Science and Technology Organisation (ANSTO), created the Regional Security of Radioactive Sources (RSRS) project and partnered with the U.S. Department of Energy's Global Threat Reduction Initiative (GTRI) and the International Atomic Energy Agency (IAEA) to form the Southeast Asian Regional Radiological Security Partnership (RRSP). The intent of the RRSP is to cooperate with countries in Southeast Asia to improve the security of their radioactive sources. This Southeast Asian Partnership supports objectives to improve the security of high risk radioactive sources by raising awareness of the need and developing national programs to protect and control such materials, improve the security of such materials, and recover and condition the materials no longer in use. The RRSP has utilized many tools to meet those objectives including: provision of physical protection upgrades, awareness training, physical protection training, regulatory development, locating and recovering orphan sources, and most recently - development of model security procedures at a model facility. This paper discusses the benefits of establishing a model facility, the methods employed by the RRSP, and three of the expected outcomes of the Model Facility approach. The first expected outcome is to increase compliance with source security guidance materials and national regulations by adding context to those materials, and illustrating their impact on a facility. Second, the effectiveness of each of the tools above is increased by making them part of an integrated system. Third, the methods used to develop the model procedures establishes a sustainable process that can ultimately be transferred to all facilities beyond the model. Overall, the RRSP has utilized the Model Facility approach as an important tool to increase the security of radioactive sources, and to position facilities and countries for the long term secure management of those sources.

Almaraz ovation control system security

Energy Technology Data Exchange (ETDEWEB)

Madronal Rodriguez, E.; Anderson, E.; Jimenez Diaz, J.; Carrasco Mateos, J. A.

2013-07-01

Improving the security of a plant's Distributed Control System (DCS) is an important consideration for plant safety and profitability, as well as the necessity to comply with the regulation. The U.S. Nuclear Regulatory Commission has produced Regulatory Guide (RG) 5.71, and the Nuclear Energy Institute (NEI) has produced NEI 08-09 to assist plants in meeting 10 CFR 73.54, Protection of digital computer and communication systems and networks. These requirements, which address the establishment, implementation and maintenance of a cyber security program, present challenges to ensure that safety, security and emergency preparedness functions of nuclear facilities are not negatively impacted by the vulnerability scanning and testing process.

A new method for improving security in MANETs AODV Protocol

Directory of Open Access Journals (Sweden)

Zahra Alishahi

2012-10-01

Full Text Available In mobile ad hoc network (MANET, secure communication is more challenging task due to its fundamental characteristics like having less infrastructure, wireless link, distributed cooperation, dynamic topology, lack of association, resource constrained and physical vulnerability of node. In MANET, attacks can be broadly classified in two categories: routing attacks and data forwarding attacks. Any action not following rules of routing protocols belongs to routing attacks. The main objective of routing attacks is to disrupt normal functioning of network by advertising false routing updates. On the other hand, data forwarding attacks include actions such as modification or dropping data packet, which does not disrupt routing protocol. In this paper, we address the “Packet Drop Attack”, which is a serious threat to operational mobile ad hoc networks. The consequence of not forwarding other packets or dropping other packets prevents any kind of communication to be established in the network. Therefore, there is a need to address the packet dropping event takes higher priority for the mobile ad hoc networks to emerge and to operate, successfully. In this paper, we propose a method to secure ad hoc on-demand distance vector (AODV routing protocol. The proposed method provides security for routing packets where the malicious node acts as a black-hole and drops packets. In this method, the collaboration of a group of nodes is used to make accurate decisions. Validating received RREPs allows the source to select trusted path to its destination. The simulation results show that the proposed mechanism is able to detect any number of attackers.

An improved chaos-based secure communication technique using a novel encryption function with an embedded cipher key

Energy Technology Data Exchange (ETDEWEB)

Zaher, Ashraf A. [Physics Department, Science College, Kuwait University, P.O. Box 5969, Safat 13060 (Kuwait)], E-mail: ashraf.zaher@ku.edu.kw

2009-12-15

In this paper, a secure communication technique, using a chaotic system with a single adjustable parameter and a single observable time series, is proposed. The chosen chaotic system, which is a variant of the famous Rikitake model, has a special structure for which the adjustable parameter appears in the dynamic equation of the observable time series. This particular structure is used to build a synchronization-based state observer that is decoupled from the adaptive parameter identifier. A local Lyapunov function is used to design the parameter identifier, with an adjustable convergence rate that guarantees the stability of the overall system. A two-channel transmission method is used to exemplify the suggested technique where the secret message is encoded using a nonlinear function of both the chaotic states and the adjustable parameter of the chaotic system that acts as a secret key. Simulations show that, at the receiver, the signal can be efficiently retrieved only if the secret key is known, even when both the receiver and the transmitter are in perfect synchronization. The proposed technique is demonstrated to have improved security and privacy against intruders, when compared to other techniques reported in the literature, while being simple to implement using both analog and digital hardware. In addition, the chosen chaotic system is shown to be flexible in accommodating the transmission of signals with variable bandwidths, which promotes the superiority and versatility of the suggested secure communication technique.

An improved chaos-based secure communication technique using a novel encryption function with an embedded cipher key

International Nuclear Information System (INIS)

Zaher, Ashraf A.

2009-01-01

In this paper, a secure communication technique, using a chaotic system with a single adjustable parameter and a single observable time series, is proposed. The chosen chaotic system, which is a variant of the famous Rikitake model, has a special structure for which the adjustable parameter appears in the dynamic equation of the observable time series. This particular structure is used to build a synchronization-based state observer that is decoupled from the adaptive parameter identifier. A local Lyapunov function is used to design the parameter identifier, with an adjustable convergence rate that guarantees the stability of the overall system. A two-channel transmission method is used to exemplify the suggested technique where the secret message is encoded using a nonlinear function of both the chaotic states and the adjustable parameter of the chaotic system that acts as a secret key. Simulations show that, at the receiver, the signal can be efficiently retrieved only if the secret key is known, even when both the receiver and the transmitter are in perfect synchronization. The proposed technique is demonstrated to have improved security and privacy against intruders, when compared to other techniques reported in the literature, while being simple to implement using both analog and digital hardware. In addition, the chosen chaotic system is shown to be flexible in accommodating the transmission of signals with variable bandwidths, which promotes the superiority and versatility of the suggested secure communication technique.

The First International Conference on Global Food Security – A Synthesis

NARCIS (Netherlands)

Ittersum, van M.K.; Giller, K.E.

2014-01-01

Improving food security is difficult. There are many reasons why hunger and malnutrition persist, not least because deep social inequities and conflicts often dominate. Equally many approaches are needed to deal with this global problem. In the case of global food security, improvements can depend

A broadened typology on energy and security

International Nuclear Information System (INIS)

Johansson, Bengt

2013-01-01

A broadened typology describing the interconnection between energy and security is developed in this paper, with the aim of improving understanding of the relationship between energy and security by applying different research and policy perspectives. One approach involves studying energy as an object exposed to security threats, using concepts such as security of supply or security of demand. Another approach involves studying the role of the energy system as the subject in generating or enhancing insecurity. The latter approach includes studying the conflict-generating potential inherent in the economic value of energy, the risk of accidents and antagonistic attacks to energy infrastructure and the security risks related to the negative environmental impact of the energy system. In order to make a comprehensive analysis of the security consequences of proposed energy policies or strategies, all these aspects should be taken into account to varying degrees. The typology proposed here could be a valuable tool for ensuring that all security aspects have been considered. - Highlights: • The paper presents a broadened typology of energy and security, useful for policy analysis. • The energy system can be an object for security threats and as a subject generating or contributing to insecurity. • Energy as an object for security threats includes the concepts of security of supply and security of demand. • The economic value of energy can contribute to insecurity. • Technological and environmental risks of specific energy systems also provide potential threats to human security

Evaluation of nuclear energy in the context of energy security

International Nuclear Information System (INIS)

Irie, Kazutomo; Kanda, Keiji

2002-01-01

This paper analyzes the view expressed by the Japanese government on the role of nuclear energy for energy security through scrutiny of Japan's policy documents. The analysis revealed that the contribution by nuclear energy to Japan's energy security has been defined in two ways. Nuclear energy improves short-term energy security with its characteristics such as political stability in exporting countries of uranium, easiness of stockpiling of nuclear fuels, stability in power generation cost, and reproduction of plutonium and other fissile material for use by reprocessing of spent fuel. Nuclear energy also contributes to medium- and long-term energy security through its characteristics that fissile material can be reproduced (multiplied in the case of breeder reactor) from spent fuels. Further contribution can be expected by nuclear fusion. Japan's energy security can be strengthened not only by expanding the share of nuclear energy in total energy supply, but also by improving nuclear energy's characteristics which are related to energy security. Policy measures to be considered for such improvement will include (a) policy dialogue with exporting countries of uranium, (b) government assistance to development of uranium mines, (c) nuclear fuel stockpiling, (d) reprocessing and recycling of spent fuels, (e) development of fast breeder reactor, and (f) research of nuclear fusion. (author)

76 FR 63811 - Structural Reforms To Improve the Security of Classified Networks and the Responsible Sharing and...

Science.gov (United States)

2011-10-13

... implementation of policies and minimum standards regarding information security, personnel security, and systems security; address both internal and external security threats and vulnerabilities; and provide policies and... policies and minimum standards will address all agencies that operate or access classified computer...

Corporate strategic plan for safeguards and security

International Nuclear Information System (INIS)

1997-06-01

Department of Energy (DOE) safeguards and security (S and S) is a team effort, consisting of Field, National Laboratories, Program Office, and Headquarters units cooperating to support the Department's diverse security needs. As an integral part of the nation's security structure, the DOE S and S Program regularly supports and works in cooperation with other US Government agencies and private industry to improve the national security posture. Thus, inter- and intra-agency partnerships play an invaluable role in the continuing efforts to integrate and implement improved ways of doing business. Their Corporate Strategic Plan provides a road map to guide, track, and provide feedback for the incorporation and implementation of S and S activities within DOE. Part 1 Planning Framework, describes those overarching factors which influence the planning endeavors. Part 2, Strategic Perspective, outlines where the S and S Program has been and how they will move to the future through core competencies, changing cultural thinking, and implementing their strategies. Part 3, Strategic and Operational Integration, details critical focus areas, strategies, and success indicators designed to enhance inter-agency S and S integration and promote cooperation with external agencies. This Plan will be reviewed annually to ensure it remains supportive and fully-engaged with the nation's and international security environments

A Stitch in Time : Supporting Android Developers in Writing Secure Code

OpenAIRE

Nguyen, Duc Cuong; Wermke, Dominik; Acar, Yasemin; Backes, Michael; Weir, Charles Alexander Forbes; Fahl, Sascha

2017-01-01

Despite security advice in the official documentation and an extensive body of security research about vulnerabilities and exploits, many developers still fail to write secure Android applications. Frequently, Android developers fail to adhere to security best practices, leaving applications vulnerable to a multitude of attacks. We point out the advantage of a low-time-cost tool both to teach better secure coding and to improve app security. Using the FixDroid™ IDE plug-in, we show that profe...

Analysis of theoretical security level of PDF Encryption mechanism based on X.509 certificates

Directory of Open Access Journals (Sweden)

Joanna Dmitruk

2017-12-01

Full Text Available PDF Encryption is a content security mechanism developed and used by Adobe in their products. In this paper, we have checked a theoretical security level of a variant that uses public key infrastructure and X.509 certificates. We have described a basis of this mechanism and we have performed a simple security analysis. Then, we have showed possible tweaks and security improvements. At the end, we have given some recommendations that can improve security of a content secured with PDF Encryption based on X.509 certificates. Keywords: DRM, cryptography, security level, PDF Encryption, Adobe, X.509

What is Security? A perspective on achieving security

Energy Technology Data Exchange (ETDEWEB)

Atencio, Julian J.

2014-05-05

This presentation provides a perspective on achieving security in an organization. It touches upon security as a mindset, ability to adhere to rules, cultivating awareness of the reason for a security mindset, the quality of a security program, willingness to admit fault or acknowledge failure, peer review in security, science as a model that can be applied to the security profession, the security vision, security partnering, staleness in the security program, security responsibilities, and achievement of success over time despite the impossibility of perfection.

Integrating Programming Language and Operating System Information Security Mechanisms

Science.gov (United States)

2016-08-31

suggestions for reducing the burden, to the Department of Defense, Executive Service Directorate (0704-0188). Respondents should be aware that...improve the precision of security enforcement, and to provide greater assurance of information security. This grant focuses on two key projects: language...based control of authority; and formal guarantees for the correctness of audit information. 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17

Security of legacy process control systems : Moving towards secure process control systems

NARCIS (Netherlands)

Oosterink, M.

2012-01-01

This white paper describes solutions which organisations may use to improve the security of their legacy process control systems. When we refer to a legacy system, we generally refer to old methodologies, technologies, computer systems or applications which are still in use, despite the fact that

Investigation of Shift Work Disorders among Security Personnel

OpenAIRE

Zahra Zamanian; Mansooreh Dehghani; Heidar Mohammady; Mohammadtaghi Rezaeiani; Hadi Daneshmandi

2012-01-01

In today’s advanced world resulting from the improvement of technology, societies tend to encounter a large number of problems and accidents. As we know, university’s security personnel are classified as shift workers and are exposed to health disturbing factors. The aim of this study was investigation of shiftwork disorders among security personnel of the hospitals Affiliated to Shiraz University of Medical Sciences, Central. This case-control study was conducted among 130 security personnel...

Food security status among cocoa growing households in Ondo and ...

African Journals Online (AJOL)

Food security status among cocoa growing households in Ondo and Kwara states of ... A simple purposive random sampling technique was used to select 100 cocoa ... from the information were analysed with Descriptive Statistics, Food Security ... taken per day (p<0.05) would improve the food security status of households ...

Bio-Security Proficiencies Project for Beginning Producers in 4-H

Science.gov (United States)

Smith, Martin H.; Meehan, Cheryl L.; Borba, John A.

2014-01-01

Improving bio-security practices among 4-H members who raise and show project animals is important. Bio-security measures can reduce the risk of disease spread and mitigate potential health and economic risks of disease outbreaks involving animal and zoonotic pathogens. Survey data provided statistical evidence that the Bio-Security Proficiencies…

Behavior Change Support Systems for Privacy and Security

NARCIS (Netherlands)

Kegel, Roeland Hendrik,Pieter; Wieringa, Roelf J.; Kulyk, Olga Anatoliyivna; Kelders, S.; van Gemert-Pijnen, L.; Oinas-Kukkonen, H

2015-01-01

This article proposes to use Behavior Change Support Systems (BCSSs) to improve the security of IT applications and the privacy of its users. We discuss challenges specific to BCSSs applied to information security, list research questions to be answered in order to meet these challenges, and propose

Economic security of modern Russia: the current state and prospects

Directory of Open Access Journals (Sweden)

Karanina Elena

2018-01-01

Full Text Available In the conditions of instability of the world economy and the introduction of sanctions against Russia by a number of countries, the problem of ensuring national economic security has become particularly relevant. This topic also has a high scientific, practical and social significance, as it allows to identify possible gaps in the economic security of modern Russia and timely develop mechanisms to eliminate them to protect the national interests of the state. The purpose of this article is to determine the state and prospects of improving the economic security of modern Russia. This can be achieved by solving the following tasks: review of existing methods to evaluate the economic security of country, conduct a SWOT analysis of economic security of modern Russia, the development of suggestions for its improvement. This research analyzes various aspects of the economic security of modern Russia. As a result, the author developed an integrated method to ensuring the economic security of the country, as well as a matrix of economic security within this method. The way of increase of economic security of modern Russia is offered. Thus, to overcome the threats for the economic security of modern Russia, it is necessary to implement the recommendations developed by the authors, including the establishment of their own production and the construction of an innovatively oriented model of the economy. This will ensure the economic security of modern Russia and its stable development in the future.

The Security Research of Digital Library Network

Science.gov (United States)

Zhang, Xin; Song, Ding-Li; Yan, Shu

Digital library is a self-development needs for the modern library to meet the development requirements of the times, changing the way services and so on. digital library from the hardware, technology, management and other aspects to objective analysis of the factors of threats to digital library network security. We should face up the problems of digital library network security: digital library network hardware are "not hard", the technology of digital library is relatively lag, digital library management system is imperfect and other problems; the government should take active measures to ensure that the library funding, to enhance the level of network hardware, to upgrade LAN and prevention technology, to improve network control technology, network monitoring technology; to strengthen safety management concepts, to prefect the safety management system; and to improve the level of security management modernization for digital library.

Realizing Scientific Methods for Cyber Security

Energy Technology Data Exchange (ETDEWEB)

Carroll, Thomas E.; Manz, David O.; Edgar, Thomas W.; Greitzer, Frank L.

2012-07-18

There is little doubt among cyber security researchers about the lack of scientic rigor that underlies much of the liter-ature. The issues are manifold and are well documented. Further complicating the problem is insufficient scientic methods to address these issues. Cyber security melds man and machine: we inherit the challenges of computer science, sociology, psychology, and many other elds and create new ones where these elds interface. In this paper we detail a partial list of challenges imposed by rigorous science and survey how other sciences have tackled them, in the hope of applying a similar approach to cyber security science. This paper is by no means comprehensive: its purpose is to foster discussion in the community on how we can improve rigor in cyber security science.

Mitigations for Security Vulnerabilities Found in Control System Networks

Energy Technology Data Exchange (ETDEWEB)

Trent D. Nelson

2006-05-01

Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in on-site CS assessments and suggests mitigation strategies to provide asset owners with the information they need to better protect their systems from common security flows.

An Elliptic Curve Based Schnorr Cloud Security Model in Distributed Environment

Directory of Open Access Journals (Sweden)

Vinothkumar Muthurajan

2016-01-01

Full Text Available Cloud computing requires the security upgrade in data transmission approaches. In general, key-based encryption/decryption (symmetric and asymmetric mechanisms ensure the secure data transfer between the devices. The symmetric key mechanisms (pseudorandom function provide minimum protection level compared to asymmetric key (RSA, AES, and ECC schemes. The presence of expired content and the irrelevant resources cause unauthorized data access adversely. This paper investigates how the integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme. This paper proposes a virtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA to remove the expired content. The HCSA-based auditing improves the malicious activity prediction during the data transfer. The duplication in the cloud server degrades the performance of EC-Schnorr based encryption schemes. This paper utilizes the blooming filter concept to avoid the cloud server duplication. The combination of EC-Schnorr and blooming filter efficiently improves the security performance. The comparative analysis between proposed HCSA and the existing Distributed Hash Table (DHT regarding execution time, computational overhead, and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security model creation.

An Elliptic Curve Based Schnorr Cloud Security Model in Distributed Environment.

Science.gov (United States)

Muthurajan, Vinothkumar; Narayanasamy, Balaji

2016-01-01

Cloud computing requires the security upgrade in data transmission approaches. In general, key-based encryption/decryption (symmetric and asymmetric) mechanisms ensure the secure data transfer between the devices. The symmetric key mechanisms (pseudorandom function) provide minimum protection level compared to asymmetric key (RSA, AES, and ECC) schemes. The presence of expired content and the irrelevant resources cause unauthorized data access adversely. This paper investigates how the integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme. This paper proposes a virtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA) to remove the expired content. The HCSA-based auditing improves the malicious activity prediction during the data transfer. The duplication in the cloud server degrades the performance of EC-Schnorr based encryption schemes. This paper utilizes the blooming filter concept to avoid the cloud server duplication. The combination of EC-Schnorr and blooming filter efficiently improves the security performance. The comparative analysis between proposed HCSA and the existing Distributed Hash Table (DHT) regarding execution time, computational overhead, and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security model creation.

Reputation-based secure sensor localization in wireless sensor networks.

Science.gov (United States)

He, Jingsha; Xu, Jing; Zhu, Xingye; Zhang, Yuqiang; Zhang, Ting; Fu, Wanqing

2014-01-01

Location information of sensor nodes in wireless sensor networks (WSNs) is very important, for it makes information that is collected and reported by the sensor nodes spatially meaningful for applications. Since most current sensor localization schemes rely on location information that is provided by beacon nodes for the regular sensor nodes to locate themselves, the accuracy of localization depends on the accuracy of location information from the beacon nodes. Therefore, the security and reliability of the beacon nodes become critical in the localization of regular sensor nodes. In this paper, we propose a reputation-based security scheme for sensor localization to improve the security and the accuracy of sensor localization in hostile or untrusted environments. In our proposed scheme, the reputation of each beacon node is evaluated based on a reputation evaluation model so that regular sensor nodes can get credible location information from highly reputable beacon nodes to accomplish localization. We also perform a set of simulation experiments to demonstrate the effectiveness of the proposed reputation-based security scheme. And our simulation results show that the proposed security scheme can enhance the security and, hence, improve the accuracy of sensor localization in hostile or untrusted environments.

Practical Computer Security through Cryptography

Science.gov (United States)

McNab, David; Twetev, David (Technical Monitor)

1998-01-01

The core protocols upon which the Internet was built are insecure. Weak authentication and the lack of low level encryption services introduce vulnerabilities that propagate upwards in the network stack. Using statistics based on CERT/CC Internet security incident reports, the relative likelihood of attacks via these vulnerabilities is analyzed. The primary conclusion is that the standard UNIX BSD-based authentication system is by far the most commonly exploited weakness. Encryption of Sensitive password data and the adoption of cryptographically-based authentication protocols can greatly reduce these vulnerabilities. Basic cryptographic terminology and techniques are presented, with attention focused on the ways in which technology such as encryption and digital signatures can be used to protect against the most commonly exploited vulnerabilities. A survey of contemporary security software demonstrates that tools based on cryptographic techniques, such as Kerberos, ssh, and PGP, are readily available and effectively close many of the most serious security holes. Nine practical recommendations for improving security are described.

State Security Breach Response Laws: State-by-State Summary Table. Using Data to Improve Education: A Legal Reference Guide to Protecting Student Privacy and Data Security

Science.gov (United States)

Data Quality Campaign, 2011

2011-01-01

Under security breach response laws, businesses--and sometimes state and governmental agencies--are required to inform individuals when the security, confidentiality or integrity of their personal information has been compromised. This resource provides a state-by-state analysis of security breach response laws. [The Data Quality Campaign has…

Determinants of Household Food Security in Urban Areas

Directory of Open Access Journals (Sweden)

Sarah Ayu Mutiah

2017-03-01

Full Text Available Food security at household level is a very important precondition to foster the national and regional food security. Many people migrate to urban areas in the hope of improving their welfare. Generally people think that in the city there are more opportunities, but the opposite is true. The problem is more complex in the city especially for people who do not have adequate skills and education. This study aims to address whether  age of household head, household size, education level of household head, income, and distribution of subsidized rice policy affect the food security of urban poor households in Purbalingga district. A hundred respondents were selected from four top villages in urban areas of Purbalingga with the highest level of poverty. Using binary logistic regression, this study finds significant positive effect of education of household head and household income and significant negative effect of household size and raskin on household food security, while age of household head has no significant effect on household food security. The results imply the need for increased awareness of family planning, education, improved skills, and increased control of the implementation of subsidized rice for the poor.

Security Implications for Ultra-Low Power Configurable SoC FPAA Embedded Systems

Directory of Open Access Journals (Sweden)

Jennifer Hasler

2018-06-01

Full Text Available We discuss the impact of physical computing techniques to classifying network security issues for ultra-low power networked IoT devices. Physical computing approaches enable at least a factor of 1000 improvement in computational energy efficiency empowering a new generation of local computational structures for embedded IoT devices. These techniques offer computational capability to address network security concerns. This paper begins the discussion of security opportunities for, and issues using, FPAA devices for small embedded IoT platforms. These FPAAs enable devices often utilized for low-power context aware computation. Embedded FPAA devices have both positive Security attributes, as well as potential vulnerabilities. FPAA devices can be part of the resulting secure computation, such as implementing unique functions. FPAA devices can be used investigate security of analog/mixed signal capabilities. The paper concludes with summarizing key improvements for secure ultra-low power embedded FPAA devices.

Security of Electronic Payment Systems: A Comprehensive Survey

OpenAIRE

Solat , Siamak

2017-01-01

This comprehensive survey deliberated over the security of electronic payment systems. In our research, we focused on either dominant systems or new attempts and innovations to improve the level of security of the electronic payment systems. This survey consists of the Card-present (CP) transactions and a review of its dominant system i.e. EMV including several researches at Cambridge university to designate variant types of attacks against this standard which demonstrates lack of a secure "o...

Smart grid security innovative solutions for a modernized grid

CERN Document Server

Skopik, Florian

2015-01-01

The Smart Grid security ecosystem is complex and multi-disciplinary, and relatively under-researched compared to the traditional information and network security disciplines. While the Smart Grid has provided increased efficiencies in monitoring power usage, directing power supplies to serve peak power needs and improving efficiency of power delivery, the Smart Grid has also opened the way for information security breaches and other types of security breaches. Potential threats range from meter manipulation to directed, high-impact attacks on critical infrastructure that could bring down regi

Strategies for online test security.

Science.gov (United States)

Hart, Leigh; Morgan, Lesley

2009-01-01

As online courses continue to increase, maintaining academic integrity in student evaluation is a challenge. The authors review several strategies, with varying degrees of cost and technology, to improve test security in the online classroom.

Cyber security challenges in Smart Cities: Safety, security and privacy

Science.gov (United States)

Elmaghraby, Adel S.; Losavio, Michael M.

2014-01-01

The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect. PMID:25685517

Cyber security challenges in Smart Cities: Safety, security and privacy

Directory of Open Access Journals (Sweden)

Adel S. Elmaghraby

2014-07-01

Full Text Available The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect.

Cyber security challenges in Smart Cities: Safety, security and privacy.

Science.gov (United States)

Elmaghraby, Adel S; Losavio, Michael M

2014-07-01

The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the "Internet of Things." Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect.

Cyber Security Awareness and Its Impact on Employee’s Behavior

OpenAIRE

Li, Ling; Xu, Li; He, Wu; Chen, Yong; Chen, Hong

2016-01-01

Part 3: Security and Privacy Issues; International audience; This paper proposes a model that extends the Protection Motivation Theory to validate the relationships among peer behavior, cue to action, and employees’ action experience of cyber security, threat perception, response perception, and employee’s cyber security behavior. The findings of the study suggest that the influence from peer behavior and employees action experience of cyber security is an important factor for improving cyber...

Solutions for a food-secure future | IDRC - International ...

International Development Research Centre (IDRC) Digital Library (Canada)

2016-10-05

Oct 5, 2016 ... ... of people in developing countries lift themselves out of hunger and poverty. Through the Centre's Agriculture and Food Security program, IDRC invested more than CAD$179 million from 2009-2015 to develop, test, and scale up solutions that improve food security and nutrition in the developing world.

Information Security - A Growing Challenge for Online Business

OpenAIRE

Gabriela GHEORGHE; Ioana LUPASC

2017-01-01

In present, the cyber attack move to a global scale, also the online business cyber threats have the effect of impeding and even huge losses. Security issues currently facing online commerce, online payment systems require finding solutions to improve the security solutions offered by the providers of Business Information solution.

Theoretical foundations of information security investment security companies

Directory of Open Access Journals (Sweden)

G.V. Berlyak

2015-03-01

Full Text Available Methodological problems related to the lack of guidance in the provisions (standards of accounting on the reflection in the accounting and financial reporting of the research object. In this connection, it is proposed to amend the provisions (standards of accounting. This will allow to come to the consistency of accounting methods of operations with elements of investment activity. Based on analysis of the information needs of users suggested indicators identikativnye blocks (block corporate finance unit assess the relationship with financial institutions, block the fulfillment of obligations according to the calculations, the investment unit, a science and innovation, investment security and developed forms of internal accounting controls and improvements to existing forms financial statements for the investment activities of the enterprise. Using enterprise data reporting forms provide timely and reliable information on the identity and structure of investment security and enable the company to effectively plan and develop personnel policies for enterprise management.

Effects of renewables penetration on the security of Portuguese electricity supply

International Nuclear Information System (INIS)

Gouveia, João Pedro; Dias, Luís; Martins, Inês; Seixas, Júlia

2014-01-01

Highlights: • We assess the importance of the electricity sector in energy security in Portugal. • We compare energy security indicators for 2004 and 2011. • Strong wind penetration has an important role on the country energy security. • Infrastructure is the weaker component in electricity sector supply chain. - Abstract: The increase of renewables in power sector, together with the increase of their electricity share in final energy consumption, is changing our perception about energy security with diverse and contradictory statements. The Portuguese security of electricity supply is analyzed in this study by comparing selected indicators for 2 years before and after the high increase of onshore wind since 2005. Our goal is to find how the security of electricity supply was impacted by the penetration of renewables, taking a supply chain approach. Our analysis highlights that the penetration of renewables has decreased the energy dependence of the power sector by more than 20% between 2004 and 2011, while risks related to the concentration of natural gas suppliers and to the still-high share of fossil fuels suffering from price volatility are discussed. We observed a significant improvement in power interconnections with Spain, as well as an increase of the de-rated generation capacity margin, allowing proper management of renewable power intermittency if necessary, thereby improving power security. Although the share of intermittent renewables almost quadrupled in total installed capacity between those years, the indicators reveal an improvement in the quality of transport and distribution when delivering electricity to end-users. Although electricity prices increased, mainly due to taxes, the lack of energy efficiency is an aspect deserving improvement to alleviate the pressure on electricity security, mainly at high peak demands

PeerFlow: Secure Load Balancing in Tor

Directory of Open Access Journals (Sweden)

Johnson Aaron

2017-04-01

Full Text Available We present PeerFlow, a system to securely load balance client traffic in Tor. Security in Tor requires that no adversary handle too much traffic. However, Tor relays are run by volunteers who cannot be trusted to report the relay bandwidths, which Tor clients use for load balancing. We show that existing methods to determine the bandwidths of Tor relays allow an adversary with little bandwidth to attack large amounts of client traffic. These methods include Tor’s current bandwidth-scanning system, TorFlow, and the peer-measurement system EigenSpeed. We present an improved design called PeerFlow that uses a peer-measurement process both to limit an adversary’s ability to increase his measured bandwidth and to improve accuracy. We show our system to be secure, fast, and efficient. We implement PeerFlow in Tor and demonstrate its speed and accuracy in large-scale network simulations.

A Secure Behavior Modification Sensor System for Physical Activity Improvement

Science.gov (United States)

Price, Alan

2011-01-01

Today, advances in wireless sensor networks are making it possible to capture large amounts of information about a person and their interaction within their home environment. However, what is missing is how to ensure the security of the collected data and its use to alter human behavior for positive benefit. In this research, exploration was…

External dimension of Ukraine’s security policy

Directory of Open Access Journals (Sweden)

O. S. Vonsovych

2015-07-01

Full Text Available Investigation of the external dimension of security policy of Ukraine is stipulated for the need to analyse the current state of relations with organizations such as the Organization for Security and Co-operation in Europe and The Collective Security Treaty Organization, and relations within the Common European Security and Defence Policy. Ukraine’s European Integration means inclusion in the global space security with countries that it shares common values and principles. It does not exclude the collaboration with the countries that belong to other systems of collective security in the scope that is appropriate to basic national interests of Ukraine. It is proved that the activities of the OSCE Special Monitoring Mission is an important contribution to the process of peaceful conflict resolution, and helps to develop democratic principles and foundations of foreign policy. It is determined that the further development of the constructive cooperation between the EU advisory mission under CSDP will provide an opportunity to improve and increase the security of national borders from external threats and challenges, and help to accelerate the process of integration into the European security space. The attention is paid to the fact that, taken into consideration the state of relations with Russia, the further cooperation with the Collective Security Treaty Organization (CSTO may adversely affect the overall security situation in Ukraine and lead to further tension with Russia today.

Computer Security: the security marathon, part 2

CERN Multimedia

Computer Security Team

2014-01-01

Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

IAEA Nuclear Security - Achievements 2002-2011

International Nuclear Information System (INIS)

2012-03-01

The possibility that nuclear or other radioactive material could be used for malicious purposes is real. This calls for a collective commitment to the control of, and accountancy for, material, as well as to adequate levels of protection in order to prevent criminal or unauthorized access to the material or associated facilities. Sharing of knowledge and experience, coordination among States and collaboration with other international organizations, initiatives and industries supports an effective international nuclear security framework. In 2001, the Board of Governors tasked the IAEA with improving nuclear security worldwide. The report that follows provides an overview of accomplishments over the last decade and reflects the importance that States assign to keeping material in the right hands. The IAEA has established a comprehensive nuclear security programme, described first in the Nuclear Security Plan of 2002-2005 and subsequently in the second plan of 2006- 2009. Activities included developing internationally accepted nuclear security guidance, supporting international legal instruments, protecting material and facilities, securing transport and borders, detecting and interdicting illicit nuclear trafficking, strengthening human resource capacity and preparing response plans should a nuclear security event occur. The IAEA has begun the implementation of its third Nuclear Security Plan, to be completed at the end of 2013. This approach to nuclear security recognizes that an effective national nuclear security regime builds on a number of factors: the implementation of relevant international legal instruments; IAEA guidance and standards; information protection; physical protection; material accounting and control; detection of, and response to, trafficking in such material; national response plans and contingency measures. Implemented in a systematic manner, these building blocks make up a sustainable national nuclear security regime and contribute to global

Reasons in Support of Data Security and Data Security Management as Two Independent Concepts: A New Model.

Science.gov (United States)

Moghaddasi, Hamid; Sajjadi, Samad; Kamkarhaghighi, Mehran

2016-01-01

Any information which is generated and saved needs to be protected against accidental or intentional losses and manipulations if it is to be used by the intended users in due time. As such, information managers have adopted numerous measures to achieve data security within data storage systems, along with the spread of information technology. The "data security models" presented thus far have unanimously highlighted the significance of data security management. For further clarification, the current study first introduces the "needs and improvement" cycle; the study will then present some independent definitions, together with a support umbrella, in an attempt to shed light on the data security management. Data security focuses on three features or attributes known as integrity, identity of sender(s) and identity of receiver(s). Management in data security follows an endless evolutionary process, to keep up with new developments in information technology and communication. In this process management develops new characteristics with greater capabilities to achieve better data security. The characteristics, continuously increasing in number, with a special focus on control, are as follows: private zone, confidentiality, availability, non-repudiation, possession, accountability, authenticity, authentication and auditability. Data security management steadily progresses, resulting in more sophisticated features. The developments are in line with new developments in information and communication technology and novel advances in intrusion detection systems (IDS). Attention to differences between data security and data security management by international organizations such as the International Standard Organization (ISO), and International Telecommunication Union (ITU) is necessary if information quality is to be enhanced.

Measuring food security in the Republic of Serbia

Directory of Open Access Journals (Sweden)

Papić-Brankov Tatjana

2015-01-01

Full Text Available The overall goal of this paper is analysis of Serbian food security system across a set of indicators, with special emphasis to 2012 Global Food Security Index (GFSI. The results generally provided two major weakness of the Serbian food system: Gross domestic product (GDP per capita based on purchasing power parity and Corruption. Paper points out the need to improve the current food security system and proposed a number of measures for its improvement. Among other things appropriate nutritional standards and strategies will have to be adopted; investors' confidence must be strengthened and must be dealt with in a serious fight against corruption in the agriculture and food sector. The development of rural areas, reducing regional disparities and stabilization of agricultural production will certainly contribute to the tough battle against poverty.

A STRONG SECURITY PROTOCOL AGAINST FINGERPRINT DATABASE ATTACKS

Directory of Open Access Journals (Sweden)

U. Latha

2013-08-01

Full Text Available The Biometric data is subject to on-going changes and create a crucial problem in fingerprint database. To deal with this, a security protocol is proposed to protect the finger prints information from the prohibited users. Here, a security protocol is proposed to protect the finger prints information. The proposed system comprised of three phases namely, fingerprint reconstruction, feature extraction and development of trigon based security protocol. In fingerprint reconstruction, the different crack variance level finger prints images are reconstructed by the M-band Dual Tree Complex Wavelet Transform (DTCWT. After that features are extracted by binarization. A set of finger print images are utilized to evaluate the performance of security protocol and the result from this process guarantees the healthiness of the proposed trigon based security protocol. The implementation results show the effectiveness of proposed trigon based security protocol in protecting the finger print information and the achieved improvement in image reconstruction and the security process.

Security Analysis of Dynamic SDN Architectures Based on Game Theory

Directory of Open Access Journals (Sweden)

Chao Qi

2018-01-01

Full Text Available Security evaluation of SDN architectures is of critical importance to develop robust systems and address attacks. Focused on a novel-proposed dynamic SDN framework, a game-theoretic model is presented to analyze its security performance. This model can represent several kinds of players’ information, simulate approximate attack scenarios, and quantitatively estimate systems’ reliability. And we explore several typical game instances defined by system’s capability, players’ objects, and strategies. Experimental results illustrate that the system’s detection capability is not a decisive element to security enhancement as introduction of dynamism and redundancy into SDN can significantly improve security gain and compensate for its detection weakness. Moreover, we observe a range of common strategic actions across environmental conditions. And analysis reveals diverse defense mechanisms adopted in dynamic systems have different effect on security improvement. Besides, the existence of equilibrium in particular situations further proves the novel structure’s feasibility, flexibility, and its persistent ability against long-term attacks.

Information Security - A Growing Challenge for Online Business

Directory of Open Access Journals (Sweden)

Gabriela GHEORGHE

2017-06-01

Full Text Available In present, the cyber attack move to a global scale, also the online business cyber threats have the effect of impeding and even huge losses. Security issues currently facing online commerce, online payment systems require finding solutions to improve the security solutions offered by the providers of Business Information solution.

Alternative security

International Nuclear Information System (INIS)

Weston, B.H.

1990-01-01

This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview

Security infrastructures: towards the INDECT system security

OpenAIRE

Stoianov, Nikolai; Urueña, Manuel; Niemiec, Marcin; Machník, Petr; Maestro, Gema

2012-01-01

This paper provides an overview of the security infrastructures being deployed inside the INDECT project. These security infrastructures can be organized in five main areas: Public Key Infrastructure, Communication security, Cryptography security, Application security and Access control, based on certificates and smartcards. This paper presents the new ideas and deployed testbeds for these five areas. In particular, it explains the hierarchical architecture of the INDECT PKI...

Food sovereignty and rural development: beyond food security

Directory of Open Access Journals (Sweden)

Fabio Alberto Pachón-Ariza¹

2013-12-01

Full Text Available Food sovereignty and food security are not the same issue. Both are different but many people around the world confuse the two. This article explores and analyzes the issues surrounding food security and food sovereignty in order to explain the differences between them, identifies the principal statements in food sovereignty and compares some data from different countries in an attempt to highlight the fact that food security policies result in hunger, poverty and environmental damage. Food security and rural development share similar goals, both seek to improve the quality of life of peasants and rural inhabitants; however, economic ideas are unfortunately still prized more than people

Modification of CAS-protocol for improvement of security web-applications from unauthorized access

Directory of Open Access Journals (Sweden)

Alexey I Igorevich Alexandrov

2017-07-01

Full Text Available Dissemination of information technologies and the expansion of their application demand constantly increasing security level for users, operating with confidential information and personal data. The problem of setting up secure user identification is probably one of the most common tasks, which occur in the process of software development. Today, despite the availability of a large amount of authentication tools, new solutions, mechanisms and technologies are being introduced regularly. Primarily, it is done to increase the security level of data protection against unauthorized access. This article describes the experience of using central user authentication service based on CAS-protocol (CAS – Central Authentication Service and free open source software, analyzing its main advantages and disadvantages and describing the possibility of its modification, which would increase security of web-based information systems from being accessed illegally. The article contains recommendations for setting a maximum time limit for users working on services, integrated with central authentication; and, analyses the research of implementing modern web-technologies while using user authentication system based on CAS-protocol. In addition, it describes the ways of CAS-server modernization for developing additional modules: a module for collecting and analyzing the use of information systems, and another one, for a user management system. Furthermore, CAS-protocol can be used at universities and other organizations for creating a unified information environment in education.

Mobile Customer Relationship Management and Mobile Security

Science.gov (United States)

Sanayei, Ali; Mirzaei, Abas

The purpose of this study is twofold. First, in order to guarantee a coherent discussion about mobile customer relationship management (mCRM), this paper presents a conceptualization of mCRM delineating its unique characteristics because of Among the variety of mobile services, considerable attention has been devoted to mobile marketing and in particular to mobile customer relationship management services. Second, the authors discusses the security risks in mobile computing in different level(user, mobile device, wireless network,...) and finally we focus on enterprise mobile security and it's subgroups with a series of suggestion and solution for improve mobile computing security.

Geomechanical Modeling for Improved CO2 Storage Security

Science.gov (United States)

Rutqvist, J.; Rinaldi, A. P.; Cappa, F.; Jeanne, P.; Mazzoldi, A.; Urpi, L.; Vilarrasa, V.; Guglielmi, Y.

2017-12-01

This presentation summarizes recent modeling studies on geomechanical aspects related to Geologic Carbon Sequestration (GCS,) including modeling potential fault reactivation, seismicity and CO2 leakage. The model simulations demonstrates that the potential for fault reactivation and the resulting seismic magnitude as well as the potential for creating a leakage path through overburden sealing layers (caprock) depends on a number of parameters such as fault orientation, stress field, and rock properties. The model simulations further demonstrate that seismic events large enough to be felt by humans requires brittle fault properties as well as continuous fault permeability allowing for the pressure to be distributed over a large fault patch to be ruptured at once. Heterogeneous fault properties, which are commonly encountered in faults intersecting multilayered shale/sandstone sequences, effectively reduce the likelihood of inducing felt seismicity and also effectively impede upward CO2 leakage. Site specific model simulations of the In Salah CO2 storage site showed that deep fractured zone responses and associated seismicity occurred in the brittle fractured sandstone reservoir, but at a very substantial reservoir overpressure close to the magnitude of the least principal stress. It is suggested that coupled geomechanical modeling be used to guide the site selection and assisting in identification of locations most prone to unwanted and damaging geomechanical changes, and to evaluate potential consequence of such unwanted geomechanical changes. The geomechanical modeling can be used to better estimate the maximum sustainable injection rate or reservoir pressure and thereby provide for improved CO2 storage security. Whether damaging geomechanical changes could actually occur very much depends on the local stress field and local reservoir properties such the presence of ductile rock and faults (which can aseismically accommodate for the stress and strain induced by

Evaluating energy security in the Asia-Pacific region: A novel methodological approach

International Nuclear Information System (INIS)

Vivoda, Vlado

2010-01-01

This paper establishes an 'energy security assessment instrument' based on a new and expanded conceptualisation of energy security. The instrument is a systematic interrogative tool for evaluating energy security of individual states or regions. It consists of eleven broad energy security dimensions associated with the current global energy system. These energy security dimensions take into account numerous quantitative and qualitative attributes of each country's energy security and policy, and include both traditional energy security concerns and many new factors, such as environmental, socio-cultural and technological. Another dimension, largely absent from previous analyses, is the existence of, and the issues addressed in, energy security policy in each country. This instrument serves as an assessment system with which to evaluate energy security in the Asia-Pacific region. The existing studies on energy security in the Asia-Pacific region suffer from serious limitations. No study to date examines regional energy security policies by adopting a more comprehensive energy security definition as a starting point. Most studies also focus on a single country or issue. Even if they examine energy security in major regional economies, they lack critical comparative analysis. The instrument is valuable as it may be utilised to draw a comprehensive map of regional energy security situation, which can also include comparative analysis of energy security characteristics across the Asia-Pacific region. Ultimately, it may be utilised to set up a framework for improved regional energy cooperation with the aim of providing regional leaders with a blueprint for improving regional energy security and policy.

The challenges of multi-layered security governance in Ituri

DEFF Research Database (Denmark)

Hoffmann, Kasper; Vlassenroot, Koen

governance is that the inclusion of local non-state actors in security governance will improve security provision to people because they have more legitimacy. But in reality ‘multi-layered’ security governance is often marked by conflict and competition as much as by collaboration and common solutions......There has been a slow, but growing awareness among external actors that some local non-state security actors should be involved in security governance in conflict-affected situations. Already in 2006, the OECD published a report that called for a ‘multi-layered’ approach to reforming actors...... and institutions that provide security and justice services (Scheye and McLean, 2006). Often these actors consist of local authorities, such as customary chiefs, village elders, or business people working in collaboration with different kinds of self-defense groups. The idea behind ‘multi-layered’ security...

Nation State as Security Provider in Human Security Issue

OpenAIRE

Maya Padmi, Made Fitri

2015-01-01

Human Security notion is emphasizing on human as the central of security studies, challenging the position of state as the core of security. Some studies are tried to separate the state security and human security, however there are strong connection between these two notions. State has important role in establishing and maintaining the security of its own citizens. Through social contract and social security protection, state are oblige to set the security of its own people as their security...

Security Policy and Developments in Central Asia : Security Documents Compared with Security Challenges

NARCIS (Netherlands)

Haas, de M.

2016-01-01

This article examines the security policy of the Central Asian (CA) states, by comparing theory (security documents) with practice (the actual security challenges). The lack of CA regional (security) cooperation and authoritarian rule puts political and economic stability at stake. The internal and

The Importance of the Security Culture in SMEs as Regards the Correct Management of the Security of Their Assets

Directory of Open Access Journals (Sweden)

Antonio Santos-Olmo

2016-07-01

Full Text Available The information society is increasingly more dependent on Information Security Management Systems (ISMSs, and the availability of these kinds of systems is now vital for the development of Small and Medium-Sized Enterprises (SMEs. However, these companies require ISMSs that have been adapted to their special features, and which are optimized as regards the resources needed to deploy and maintain them. This article shows how important the security culture within ISMSs is for SMEs, and how the concept of security culture has been introduced into a security management methodology (MARISMA is a Methodology for “Information Security Management System in SMEs” developed by the Sicaman Nuevas Tecnologías Company, Research Group GSyA and Alarcos of the University of Castilla-La Mancha. for SMEs. This model is currently being directly applied to real cases, thus allowing a steady improvement to be made to its implementation.

Energy security of supply under EU climate policies

International Nuclear Information System (INIS)

Groenenberg, H.; Wetzelaer, B.J.H.W.

2006-12-01

The implications of various climate policies for the security of supply in the EU-25 were investigated. The security of supply was quantified using the Supply/Demand (S/D) Index. This index aggregates quantitative information on a country's energy system into one single figure. It takes a value between 0 and 100, with higher values indicating a more secure energy system. The S/D Index was calculated for the year 2020 based on the information in a series of policy scenarios, including a baseline (S/D Index 50.7), an energy efficiency scenario (53.8), two renewable energy scenarios (52.6 and 53.3) and two scenarios with combined policies (55.9 and 55.6).The S/D Index proved a useful indicator for assessing the implications of climate policies for the security of supply. As climate policies become more stringent, CO2 index fall, and the S/D index increases. The magnitude of the changes in the two indices is not always similar however. Major falls in CO2 indices in the order of 20% for two scenarios with combined energy efficiency and renewable energy polices lead to less noteworthy improvements in the associated S/D indices. Nevertheless, this combination of policies leads to the greatest improvements in the security of supply

Internet Banking Security Strategy: Securing Customer Trust

OpenAIRE

Frimpong Twum; Kwaku Ahenkora

2012-01-01

Internet banking strategies should enhance customers¡¯ online experiences which are affected by trust and security issues. This study provides perspectives of users and nonusers on internet banking security with a view to understanding trust and security factors in relation to adoption and continuous usage. Perception of internet banking security influenced usage intentions. Nonusers viewed internet banking to be insecure but users perceived it to be secure with perceived ease of use influenc...

Research on Lightweight Information Security System of the Internet of Things

OpenAIRE

Ying Li; Li Ping Du; JianWei Guo; Xin Zhao

2013-01-01

In order to improve the security of information transmitted in the internet of things, this study designs an information security system architecture of internet of things based on a lightweight cryptography. In this security system, an authentication protocol, encryption/decryption protocol and signature verification protocol are proposed and implemented. All these security protocol are used to verify the legality of access device and to protect the confidentiality and integrity of transform...

Land tenure security and land investments in Northwest China

NARCIS (Netherlands)

Ma Xian lei, Xianlei; Heerink, N.; Ierland, van E.C.; Berg, van den M.; Shi, X.

2013-01-01

Purpose - The purpose of this paper is to examine the effect of perceived land tenure security in China on farmers' decisions to invest in relatively long-term land quality improvement measures, taking into account the potential endogeneity of tenure security. Design/methodology/approach – Data from

Strategic planning futurists need to be capitation-specific and epidemiological.

Science.gov (United States)

Kurtenbach, J; Warmoth, T

1995-09-01

Strategic planning has always been a proposition of envisioning an organization's future state, then working backward, quarter by quarter, year by year, to plot a course of action. The surer the vision, the surer the course. In our burgeoning capitated environment, the successful provider will clarify a singular vision: to manage health care for a defined population. The key will be to understand the changing needs of covered lives and to prepare the organization to serve those needs. Gone are the days when mere responsiveness to market needs and preferences could secure a hospital's competitive advantage. Nimble, surefooted, practically clairvoyant--the emerging health care leader will listen to reliable epidemiologic information and custom-design its future. Timing is everything. Depending only your market's readiness for capitation, epidemiologic research and planning techniques may not prove critical to your organization for five to seven years. Good thing, too, because a few years may be just the head start many hospitals and health care systems need. Now is the time to lay the groundwork, to cultivate new planning techniques that will work under capitation, and to jettison any outdated modes of strategic thinking. Assemble all the talent and knowledge you need, then give your best minds ample room to do their work.

Novel Approaches to Enhance Mobile WiMAX Security

Directory of Open Access Journals (Sweden)

Taeshik Shon

2010-01-01

Full Text Available The IEEE 802.16 Working Group on Broadband Wireless Access Standards released IEEE 802.16-2004 which is a standardized technology for supporting broadband and wireless communication with fixed and nomadic access. After the IEEE 802.16-2004 standard, a new advanced and revised standard was released as the IEEE 802.16e-2005 amendment which is foundation of Mobile WiMAX network supporting handover and roaming capabilities. In the area of security aspects, compared to IEEE 802.16-2004, IEEE 802.16e, called Mobile WiMAX, adopts improved security architecture—PKMv2 which includes EAP authentication, AES-based authenticated encryption, and CMAC or HMAC message protection. However, there is no guarantee that PKMv2-based Mobile WiMAX network will not have security flaws. In this paper, we investigate the current Mobile WiMAX security architecture focusing mainly on pointing out new security vulnerabilities such as a disclosure of security context in network entry, a lack of secure communication in network domain, and a necessity of efficient handover supporting mutual authentication. Based on the investigation results, we propose a novel Mobile WiMAX security architecture, called RObust and Secure MobilE WiMAX (ROSMEX, to prevent the new security vulnerabilities.

Report: Fiscal Year 2006 Federal Information Security Management Act Report Status of EPA’s Computer Security Program

Science.gov (United States)

Report #2006-S-00008, September 25, 2006. Although the Agency has made substantial progress to improve its security program, the OIG identified weaknesses in the Agency’s incident reporting practices.

Fundamental quantitative security in quantum key generation

International Nuclear Information System (INIS)

Yuen, Horace P.

2010-01-01

We analyze the fundamental security significance of the quantitative criteria on the final generated key K in quantum key generation including the quantum criterion d, the attacker's mutual information on K, and the statistical distance between her distribution on K and the uniform distribution. For operational significance a criterion has to produce a guarantee on the attacker's probability of correctly estimating some portions of K from her measurement, in particular her maximum probability of identifying the whole K. We distinguish between the raw security of K when the attacker just gets at K before it is used in a cryptographic context and its composition security when the attacker may gain further information during its actual use to help get at K. We compare both of these securities of K to those obtainable from conventional key expansion with a symmetric key cipher. It is pointed out that a common belief in the superior security of a quantum generated K is based on an incorrect interpretation of d which cannot be true, and the security significance of d is uncertain. Generally, the quantum key distribution key K has no composition security guarantee and its raw security guarantee from concrete protocols is worse than that of conventional ciphers. Furthermore, for both raw and composition security there is an exponential catch-up problem that would make it difficult to quantitatively improve the security of K in a realistic protocol. Some possible ways to deal with the situation are suggested.

Assessing and improving SCADA security in the Dutch drinking water sector

NARCIS (Netherlands)

Luiijf, H.A.M.; Ali, M.; Zielstra, A.

2011-01-01

International studies have shown that information security for process control systems, in particular SCADA, is weak. Many of the critical infrastructure (CI) services critically depend on process control systems. Therefore, any vulnerability in the protection of process control systems in CI may

Assessing and Improving SCADA Security in the Dutch Drinking Water Sector

NARCIS (Netherlands)

Luiijf, H.A.M.; Ali, M.; Zielstra, A.

2009-01-01

International studies have shown that information security for process control systems, in particular SCADA, is weak. As many critical infrastructure (CI) services depend on process control systems, any vulnerability in the protection of process control systems in CI may result in serious

Mixing chaos modulations for secure communications in OFDM systems

Science.gov (United States)

Seneviratne, Chatura; Leung, Henry

2017-12-01

In this paper, we consider a novel chaotic OFDM communication scheme is to improve the physical layer security. By secure communication we refer to physical layer security that provides low probability of detection (LPD)/low probability of intercept (LPI) transmission. A mixture of chaotic modulation schemes is used to generate chaotically modulated symbols for each subcarrier of the OFDM transmitter. At the receiver, different demodulators are combined together for the different modulation schemes for enhanced security. Time domain, frequency domain and statistical randomness tests show that transmit signals are indistinguishable from background noise. BER performance comparison shows that the physical layer security of the proposed scheme comes with a slight performance degradation compared to conventional OFDM communication systems.

Windows Server 2012 vulnerabilities and security

Directory of Open Access Journals (Sweden)

Gabriel R. López

2015-09-01

Full Text Available This investigation analyses the history of the vulnerabilities of the base system Windows Server 2012 highlighting the most critic vulnerabilities given every 4 months since its creation until the current date of the research. It was organized by the type of vulnerabilities based on the classification of the NIST. Next, given the official vulnerabilities of the system, the authors show how a critical vulnerability is treated by Microsoft in order to countermeasure the security flaw. Then, the authors present the recommended security approaches for Windows Server 2012, which focus on the baseline software given by Microsoft, update, patch and change management, hardening practices and the application of Active Directory Rights Management Services (AD RMS. AD RMS is considered as an important feature since it is able to protect the system even though it is compromised using access lists at a document level. Finally, the investigation of the state of the art related to the security of Windows Server 2012 shows an analysis of solutions given by third parties vendors, which offer security products to secure the base system objective of this study. The recommended solution given by the authors present the security vendor Symantec with its successful features and also characteristics that the authors considered that may have to be improved in future versions of the security solution.

The Security of Energy Supply and the Contribution of Nuclear Energy

International Nuclear Information System (INIS)

2011-01-01

What contribution can nuclear energy make to improve the security of energy supply? This study, which examines a selection of OECD member countries, qualitatively and quantitatively validates the often intuitive assumption that, as a largely domestic source of electricity with stable costs and no greenhouse gas emissions during production, nuclear energy can make a positive contribution. Following an analysis of the meaning and context of security of supply, the study uses transparent and policy-relevant indicators to show that, together with improvements in energy efficiency, nuclear energy has indeed contributed significantly to enhanced energy supply security in OECD countries over the past 40 years. Content: Foreword; Executive Summary; 1. The Security of Energy Supply and the Contribution of Nuclear Energy - Concepts and Issues: - Energy supply security: An introduction, - Why security of energy supply remains a policy issue in OECD countries, - The external dimension: import dependence, resource exhaustion and carbon policy, - The internal dimension: economic, financial and technical considerations for energy supply security - Orientations for government policies to enhance the security of energy supply, - Conclusions; 2. Indicators and Models for Measuring Security of Energy Supply Risks: - Introduction, - Different approaches towards designing the Supply/Demand Index, - A detailed review of selected security of supply indicators, - Comprehensive models for assessing the security of energy supply, - The Supply/Demand Index, - Concluding observations; 3. Evolution of the Security of Energy Supply in OECD Countries: - Time-dependent quantification of the security of energy supply, - Changes in security of supply in selected OECD countries, - Electricity generation and the security of energy supply, - The contribution of nuclear energy and energy intensity to the security of energy supply, - The geographical distribution of SSDI values, - Conclusions; 4. Public

HUMAN SECURITY – BUILDING THE POST-2015 DEVELOPMENT FRAMEWORK

Directory of Open Access Journals (Sweden)

Andreea IANCU

2015-04-01

Full Text Available This article approaches the post-2015 Millennium Development Goals agenda through the human security paradigm. It suggests that the human security paradigm represents “the missing link” from the development agenda. Therefore, this analysis explains the necessity for extending the development agenda by including the human security doctrine. The first part of the article discusses the relation between human security and development. The next section analyzes the values of the Millennium Declaration and the Millennium Development Goals. The last part evaluates the improvements that the inclusion of the human security on the post-2015 development framework may bring. The results of this analysis present illustrate the opportunity of deepening the MDGs agenda with a more realistic and ethical approach, through the inclusion of the human security paradigm within the development agenda.

Security Support in Continuous Deployment Pipeline

DEFF Research Database (Denmark)

Ullah, Faheem; Raft, Adam Johannes; Shahin, Mojtaba

2017-01-01

Continuous Deployment (CD) has emerged as a new practice in the software industry to continuously and automatically deploy software changes into production. Continuous Deployment Pipeline (CDP) supports CD practice by transferring the changes from the repository to production. Since most of the CDP...... penetration tools. Our findings indicate that the applied tactics improve the security of the major components (i.e., repository, continuous integration server, main server) of a CDP by controlling access to the components and establishing secure connections....

Forensic nursing in secure environments.

Science.gov (United States)

Shelton, Deborah

2009-01-01

There are few well-designed studies of corrections or prison nursing roles. This study seeks to describe the corrections or prison role of forensic nurses in the United States who provide care in secure environments. National data detailing the scope of practice in secure environments are limited. This pencil and paper survey describes the roles of 180 forensic nurses from 14 states who work in secure environments. Descriptive statistics are utilized. A repeated measures ANOVA with post hoc analyses was implemented. These nurses were older than average in age, but had 10 years or less experience in forensic nursing practice. Two significant roles emerged to "promote and implement principles that underpin effective quality and practice" and to "assess, develop, implement, and improve programs of care for individuals." Significant roles varied based upon the security classification of the unit or institution in which the nurses were employed. Access to information about these nurses and their nursing practice was difficult in these closed systems. Minimal data are available nationally, indicating a need for collection of additional data over time to examine changes in role. It is through such developments that forensic nursing provided in secure environments will define its specialization and attract the attention it deserves.

Threats or threads: from usable security to secure experience

DEFF Research Database (Denmark)

Bødker, Susanne; Mathiasen, Niels Raabjerg

2008-01-01

While the domain of security dependent technologies brings new challenges to HCI research it seems that the results and breakthroughs of HCI have not been used in design of security dependent technologies. With exceptions, work in the research field of usable security may be criticized for focusing...... mainly on adjusting user behavior to behave securely. With our background in newer HCI perspectives we address secure interaction from the perspective of security technology as experience. We analyze a number of collected user stories to understand what happens when everyday users encounter security...... dependent technologies. We apply McCarthy & Wright's [12] experience framework to the security domain and our collected stories. We point out that there are significant differences between being secure and having a secure experience, and conclude that classical usable security, focus on people's immediate...

Re-designing the PhEDEx security model

CERN Document Server

Wildish, Anthony

2013-01-01

PhEDEx. the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model was designed to provide a safe working environment for site agents and operators, but provided little more protection than that. CMS data was not sufficiently protected against accidental loss caused by operator error or software bugs or from loss of data caused by deliberate manipulation of the database. Operations staff were given high levels of access to the database, beyond what should have been needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time.In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and r...

Chaotic secure content-based hidden transmission of biometric templates

International Nuclear Information System (INIS)

Khan, Muhammad Khurram; Zhang Jiashu; Tian Lei

2007-01-01

The large-scale proliferation of biometric verification systems creates a demand for effective and reliable security and privacy of its data. Like passwords and PIN codes, biometric data is also not secret and if it is compromised, the integrity of the whole verification system could be at high risk. To address these issues, this paper presents a novel chaotic secure content-based hidden transmission scheme of biometric data. Encryption and data hiding techniques are used to improve the security and secrecy of the transmitted templates. Secret keys are generated by the biometric image and used as the parameter value and initial condition of the chaotic map, and each transaction session has different secret keys to protect from the attacks. Two chaotic maps are incorporated for the encryption to resolve the finite word length effect and to improve the system's resistance against attacks. Encryption is applied on the biometric templates before hiding into the cover/host images to make them secure, and then templates are hidden into the cover image. Experimental results show that the security, performance, and accuracy of the presented scheme are encouraging comparable with other methods found in the current literature

Chaotic secure content-based hidden transmission of biometric templates

Energy Technology Data Exchange (ETDEWEB)

Khan, Muhammad Khurram [Research Group for Biometrics and Security, Sichuan Province Key Lab of Signal and Information Processing, Southwest Jiaotong University, Chengdu 610031, Sichuan (China)]. E-mail: khurram.khan@scientist.com; Zhang Jiashu [Research Group for Biometrics and Security, Sichuan Province Key Lab of Signal and Information Processing, Southwest Jiaotong University, Chengdu 610031, Sichuan (China); Tian Lei [Research Group for Biometrics and Security, Sichuan Province Key Lab of Signal and Information Processing, Southwest Jiaotong University, Chengdu 610031, Sichuan (China)

2007-06-15

The large-scale proliferation of biometric verification systems creates a demand for effective and reliable security and privacy of its data. Like passwords and PIN codes, biometric data is also not secret and if it is compromised, the integrity of the whole verification system could be at high risk. To address these issues, this paper presents a novel chaotic secure content-based hidden transmission scheme of biometric data. Encryption and data hiding techniques are used to improve the security and secrecy of the transmitted templates. Secret keys are generated by the biometric image and used as the parameter value and initial condition of the chaotic map, and each transaction session has different secret keys to protect from the attacks. Two chaotic maps are incorporated for the encryption to resolve the finite word length effect and to improve the system's resistance against attacks. Encryption is applied on the biometric templates before hiding into the cover/host images to make them secure, and then templates are hidden into the cover image. Experimental results show that the security, performance, and accuracy of the presented scheme are encouraging comparable with other methods found in the current literature.

Detection of total hip arthroplasties at airport security checkpoints - how do updated security measures affect patients?

Science.gov (United States)

Issa, Kimona; Pierce, Todd P; Gwam, Chukwuweieke; Festa, Anthony; Scillia, Anthony J; Mont, Michael A

2018-03-01

There have been historical reports on the experiences of patients with total hip arthroplasty (THA) passing through standard metal detectors at airports. The purpose of this study was to analyse those who had recently passed through airport security and the incidence of: (i) triggering of the alarm; (ii) extra security searches; and (iii) perceived inconvenience. A questionnaire was given to 125 patients with a THA during a follow-up appointment. Those who had passed through airport security after January 2014 met inclusion criteria. A survey was administered that addressed the number of encounters with airport security, frequency of metal detector activation, additional screening procedures utilised, whether security officials required prosthesis documentation, and perceived inconvenience. 51 patients met inclusion criteria. 10 patients (20%) reported triggered security scanners. 4 of the 10 patients stated they had surgical hardware elsewhere in the body. 13 of the 51 patients (25%) believed that having their THA increased the inconvenience of traveling. This is different from the historical cohort with standard metal detectors which patients reported a greater incidence of alarm triggering (n = 120 of 143; p = 0.0001) and perceived inconvenience (n = 99 of 143; p = 0.0001). The percentage of patients who have THA triggering security alarms has decreased. Furthermore, the number of patients who feel that their prosthesis caused traveling inconvenience has decreased. We feel that this decrease in alarms triggered and improved perceptions about inconvenience are related to the increased usage of new technology.

Using Real Option Thinking to Improve Decision Making in Security Investment

NARCIS (Netherlands)

Nunes Leal Franqueira, V.; Houmb, S.H.; Daneva, Maia

2010-01-01

Making well-founded security investment decisions is hard: several alternatives may need to be considered, the alternatives' space is often diffuse, and many decision parameters that are traded-off are uncertain or incomplete. We cope with these challenges by proposing a method that supports

Cyber Security for Smart Grid, Cryptography, and Privacy

Directory of Open Access Journals (Sweden)

Swapna Iyer

2011-01-01

Full Text Available The invention of “smart grid” promises to improve the efficiency and reliability of the power system. As smart grid is turning out to be one of the most promising technologies, its security concerns are becoming more crucial. The grid is susceptible to different types of attacks. This paper will focus on these threats and risks especially relating to cyber security. Cyber security is a vital topic, since the smart grid uses high level of computation like the IT. We will also see cryptography and key management techniques that are required to overcome these attacks. Privacy of consumers is another important security concern that this paper will deal with.

Security an introduction

CERN Document Server

Purpura, Philip P

2011-01-01

Section I The History and Profession of SecurityDefinition, Role, and History of Security Security Defined The Contexts of Security The Roles of Security The History of Security Security in an Environment of Threats, Terrorism, and All-Hazards Threats and Hazards Terrorism National Strategies The Profession and Business of Security The Business of Security Professionalism and Security Associations Ethics Regulation of the Security Industry Security Training Higher Education Careers Section II Protecting People and AssetsSecurity Methodology Methodology Defined Security Business Proposals Secur

A secure communication scheme using projective chaos synchronization

International Nuclear Information System (INIS)

Li Zhigang; Xu Daolin

2004-01-01

Most secure communication schemes using chaotic dynamics are based on identical synchronization. In this paper, we show the possibility of secure communication using projective synchronization (PS). The unpredictability of the scaling factor in projective synchronization can additionally enhance the security of communication. It is also showed that the scaling factor can be employed to improve the robustness against noise contamination. The feasibility of the communication scheme in high-dimensional chaotic systems, such as the hyperchaotic Roessler system, is demonstrated. Numerical results show the success in transmitting a sound signal through chaotic systems

A Novel Approach in Security Using Gyration Slab with Watermarking Technique

Science.gov (United States)

Rupa, Ch.

2016-09-01

In this paper, a novel security approach is proposed to improve the security and robustness of the data. It uses three levels of security to protect the sensitive data. In the first level, the data is to be protected by Gyration slab encryption algorithm. Result of the first level has to be embedded into an image as original using our earlier paper concept PLSB into a second level of security. The resultant image from the second level is considered as watermark Image. In the third level, the watermark image is embedded into the original image. Here watermark image and original image are similar. The final output of the proposed security approach is a watermarked image which holds the stego image. This method provides more security and robustness than the existing approaches. The main properties of the proposed approach are Gyration slab operations and watermark image and original image are similar. These can reduce the Brute-force attack and improve the confusion and diffusion principles. The main strengths of this paper are cryptanalysis, steganalysis, watermark analysis with reports.

ORDER SECURITY – NATIONAL SECURITY ADMINISTRATION. NATIONAL SECURITY DEFENSE AS SPECIAL ADMINISTRATION

OpenAIRE

Zoltán BALLA

2009-01-01

National security administration is the special executivedisposal activity of the national security agencies, the section of the state administration that helps the governmental work by reconnoitering and preventing with secret-servicing methods of the risks that shall harm or endanger the national security’s interests. The main operational principles of national security governing are the followings among others: - controlling the operation of national security organization belongs to the ex...

Scaling up: Expanding the impact of food security and nutrition ...

International Development Research Centre (IDRC) Digital Library (Canada)

Corey Piccioni

Together with partners, IDRC is scaling up proven food security and ... In rural Kenya and Uganda, a pre-mix for preparation of yogurt in community-based kitchens is key to ... Pre-cooked beans for improving food security, nutrition, and income.

Computer Security: Security operations at CERN (4/4)

CERN Document Server

CERN. Geneva

2012-01-01

Stefan Lueders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and infrastructure control systems against cyber-threats. Subsequently, he joined the CERN Computer Security Incident Response Team and is today heading this team as CERN's Computer Security Officer with the mandate to coordinate all aspects of CERN's computer security --- office computing security, computer centre security, GRID computing security and control system security --- whilst taking into account CERN's operational needs. Dr. Lueders has presented on these topics at many different occasions to international bodies, governments, and companies, and published several articles. With the prevalence of modern information technologies and...

Review of the model of technological pragmatism considering privacy and security

Directory of Open Access Journals (Sweden)

Kovačević-Lepojević Marina M.

2013-01-01

Full Text Available The model of technological pragmatism assumes awareness that technological development involves both benefits and dangers. Most modern security technologies represent citizens' mass surveillance tools, which can lead to compromising a significant amount of personal data due to the lack of institutional monitoring and control. On the other hand, people are interested in improving crime control and reducing the fear of potential victimization which this framework provides as a rational justification for the apparent loss of privacy, personal rights and freedoms. Citizens' perception on the categories of security and privacy, and their balancing, can provide the necessary guidelines to regulate the application of security technologies in the actual context. The aim of this paper is to analyze the attitudes of students at the University of Belgrade (N = 269 toward the application of security technology and identification of the key dimensions. On the basis of the relevant research the authors have formed assumptions about the following dimensions: security, privacy, trust in institutions and concern about the misuse of security technology. The Prise Questionnaire on Security Technology and Privacy was used for data collection. Factor analysis abstracted eight factors which together account for 58% of variance, with the highest loading of the four factors that are identified as security, privacy, trust and concern. The authors propose a model of technological pragmatism considering security and privacy. The data also showed that students are willing to change their privacy for the purpose of improving security and vice versa.

CHANGES IN THE SECURITY AGENDA: CRITICAL SECURITY STUDIES AND HUMAN SECURITY. THE CASE OF CHINA

Directory of Open Access Journals (Sweden)

Nguyen THI THUY HANG

2012-06-01

Full Text Available Since the end of the Cold War the meaning of security has fundamentally changed. Issues which are labeled as non-traditional security namely human development, economic crises, environmental degradation, natural disaster, poverty, epidemics… have become a crucial part of the security agenda. These changes have been intensified with the development of the two approaches: Critical Security Studies and Human Security. This article explores how the meaning of security has changed and how the boundaries between traditional and non-traditional security have become blurred. The case of China is taken as empirical evidence to support the assertion that security has evolved beyond its traditional focus on the state.

Human Factors in Coast Guard Computer Security - An Analysis of Current Awareness and Potential Techniques to Improve Security Program Viability

National Research Council Canada - National Science Library

Whalen, Timothy

2001-01-01

.... This thesis attempts to identify both the susceptibility of Coast Guard information systems to human factors-based security risks and possible means for increasing user awareness of those risks...

Food security in the context of HIV: towards harmonized definitions and indicators.

Science.gov (United States)

Anema, Aranka; Fielden, Sarah J; Castleman, Tony; Grede, Nils; Heap, Amie; Bloem, Martin

2014-10-01

Integration of HIV and food security services is imperative to improving the health and well-being of people living with HIV. However, consensus does not exist on definitions and measures of food security to guide service delivery and evaluation in the context of HIV. This paper reviews definitions and indicators of food security used by key agencies; outlines their relevance in the context of HIV; highlights opportunities for harmonized monitoring and evaluation indicators; and discusses promising developments in data collection and management. In addition to the commonly used dimensions of food availability, access, utilization and stability, we identify three components of food security-food sufficiency, dietary quality, and food safety-that are useful for understanding and measuring food security needs of HIV-affected and other vulnerable people. Harmonization across agencies of food security indicators in the context of HIV offers opportunities to improve measurement and tracking, strengthen coordination, and inform evidence-based programming.

Challenges of Carboy Security For Nuclear Power Plants

Energy Technology Data Exchange (ETDEWEB)

Kim, Kwangjo [Korea Advanced Institute of Science and Technology, Daejeon (Korea, Republic of)

2012-03-15

Nuclear Power Plants (NPPs) become one of the most important infrastructures in providing efficient and non-interrupted electricity in a country using radioactive elements due to global warming and shortage of fossil resources. To provide the higher reliability and better performance with additional diagnostic capabilities in operating NPPs, digital Instrumentation and Control (I and C) systems have been introduced to replace the analog I and C system. However, the digitalized I and C systems bring us new vulnerabilities and threats over the cyber space. In this paper, we discus that the trends of cyber security for legacy IT system and its countermeasure have been developed for last three decades from the security point of view. We found that the nuclear industry has an inherently conservative approach to safety and substantial effort is required to provide the necessary evidence and analysis to assure that digital I and C systems can be used in safety-critical and safety-related applications. NPP I and C systems are generally isolated from external communication systems. This cannot provide 100% cyber attack-free operation for NPP lessoned from an attack using stuxnet. Experience gained from cyber security in other sensitive fields, such as the military, national security, banking, and air-traffic control, etc. is valuable both for improving cyber security at NPPs with digital I and C systems and for demonstrating that cyber defenses can consistently stay ahead of cyber attacks. But as with safety and other areas of security, cyber security is an area where no-one can rest on his laurels. Continued success requires continuous vigilance and continuous improvement.

Challenges of Carboy Security For Nuclear Power Plants

International Nuclear Information System (INIS)

Kim, Kwangjo

2012-01-01

Nuclear Power Plants (NPPs) become one of the most important infrastructures in providing efficient and non-interrupted electricity in a country using radioactive elements due to global warming and shortage of fossil resources. To provide the higher reliability and better performance with additional diagnostic capabilities in operating NPPs, digital Instrumentation and Control (I and C) systems have been introduced to replace the analog I and C system. However, the digitalized I and C systems bring us new vulnerabilities and threats over the cyber space. In this paper, we discus that the trends of cyber security for legacy IT system and its countermeasure have been developed for last three decades from the security point of view. We found that the nuclear industry has an inherently conservative approach to safety and substantial effort is required to provide the necessary evidence and analysis to assure that digital I and C systems can be used in safety-critical and safety-related applications. NPP I and C systems are generally isolated from external communication systems. This cannot provide 100% cyber attack-free operation for NPP lessoned from an attack using stuxnet. Experience gained from cyber security in other sensitive fields, such as the military, national security, banking, and air-traffic control, etc. is valuable both for improving cyber security at NPPs with digital I and C systems and for demonstrating that cyber defenses can consistently stay ahead of cyber attacks. But as with safety and other areas of security, cyber security is an area where no-one can rest on his laurels. Continued success requires continuous vigilance and continuous improvement

Advanced topics in security computer system design

International Nuclear Information System (INIS)

Stachniak, D.E.; Lamb, W.R.

1989-01-01

The capability, performance, and speed of contemporary computer processors, plus the associated performance capability of the operating systems accommodating the processors, have enormously expanded the scope of possibilities for designers of nuclear power plant security computer systems. This paper addresses the choices that could be made by a designer of security computer systems working with contemporary computers and describes the improvement in functionality of contemporary security computer systems based on an optimally chosen design. Primary initial considerations concern the selection of (a) the computer hardware and (b) the operating system. Considerations for hardware selection concern processor and memory word length, memory capacity, and numerous processor features

Generating WS-SecurityPolicy documents via security model transformation

DEFF Research Database (Denmark)

Jensen, Meiko

2009-01-01

When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriat...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development.......When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...

Cryptonite: A Secure and Performant Data Repository on Public Clouds

Energy Technology Data Exchange (ETDEWEB)

Kumbhare, Alok; Simmhan, Yogesh; Prasanna, Viktor

2012-06-29

Cloud storage has become immensely popular for maintaining synchronized copies of files and for sharing documents with collaborators. However, there is heightened concern about the security and privacy of Cloud-hosted data due to the shared infrastructure model and an implicit trust in the service providers. Emerging needs of secure data storage and sharing for domains like Smart Power Grids, which deal with sensitive consumer data, require the persistence and availability of Cloud storage but with client-controlled security and encryption, low key management overhead, and minimal performance costs. Cryptonite is a secure Cloud storage repository that addresses these requirements using a StrongBox model for shared key management.We describe the Cryptonite service and desktop client, discuss performance optimizations, and provide an empirical analysis of the improvements. Our experiments shows that Cryptonite clients achieve a 40% improvement in file upload bandwidth over plaintext storage using the Azure Storage Client API despite the added security benefits, while our file download performance is 5 times faster than the baseline for files greater than 100MB.

Security Engine Management of Router based on Security Policy

OpenAIRE

Su Hyung Jo; Ki Young Kim; Sang Ho Lee

2007-01-01

Security management has changed from the management of security equipments and useful interface to manager. It analyzes the whole security conditions of network and preserves the network services from attacks. Secure router technology has security functions, such as intrusion detection, IPsec(IP Security) and access control, are applied to legacy router for secure networking. It controls an unauthorized router access and detects an illegal network intrusion. This paper re...

Risk assessment for sustainable food security in China according to integrated food security--taking Dongting Lake area for example.

Science.gov (United States)

Qi, Xiaoxing; Liu, Liming; Liu, Yabin; Yao, Lan

2013-06-01

Integrated food security covers three aspects: food quantity security, food quality security, and sustainable food security. Because sustainable food security requires that food security must be compatible with sustainable development, the risk assessment of sustainable food security is becoming one of the most important issues. This paper mainly focuses on the characteristics of sustainable food security problems in the major grain-producing areas in China. We establish an index system based on land resources and eco-environmental conditions and apply a dynamic assessment method based on status assessments and trend analysis models to overcome the shortcomings of the static evaluation method. Using fuzzy mathematics, the risks are categorized into four grades: negligible risk, low risk, medium risk, and high risk. A case study was conducted in one of China's major grain-producing areas: Dongting Lake area. The results predict that the status of the sustainable food security in the Dongting Lake area is unsatisfactory for the foreseeable future. The number of districts at the medium-risk range will increase from six to ten by 2015 due to increasing population pressure, a decrease in the cultivated area, and a decrease in the effective irrigation area. Therefore, appropriate policies and measures should be put forward to improve it. The results could also provide direct support for an early warning system-which could be used to monitor food security trends or nutritional status so to inform policy makers of impending food shortages-to prevent sustainable food security risk based on some classical systematic methods. This is the first research of sustainable food security in terms of risk assessment, from the perspective of resources and the environment, at the regional scale.