WorldWideScience

Sample records for internet securely protecting

  1. Connecting to the Internet Securely; Protecting Home Networks CIAC-2324

    Energy Technology Data Exchange (ETDEWEB)

    Orvis, W J; Krystosek, P; Smith, J

    2002-11-27

    With more and more people working at home and connecting to company networks via the Internet, the risk to company networks to intrusion and theft of sensitive information is growing. Working from home has many positive advantages for both the home worker and the company they work for. However, as companies encourage people to work from home, they need to start considering the interaction of the employee's home network and the company network he connects to. This paper discusses problems and solutions related to protection of home computers from attacks on those computers via the network connection. It does not consider protection of those systems from people who have physical access to the computers nor does it consider company laptops taken on-the-road. Home networks are often targeted by intruders because they are plentiful and they are usually not well secured. While companies have departments of professionals to maintain and secure their networks, home networks are maintained by the employee who may be less knowledgeable about network security matters. The biggest problems with home networks are that: Home networks are not designed to be secure and may use technologies (wireless) that are not secure; The operating systems are not secured when they are installed; The operating systems and applications are not maintained (for security considerations) after they are installed; and The networks are often used for other activities that put them at risk for being compromised. Home networks that are going to be connected to company networks need to be cooperatively secured by the employee and the company so they do not open up the company network to intruders. Securing home networks involves many of the same operations as securing a company network: Patch and maintain systems; Securely configure systems; Eliminate unneeded services; Protect remote logins; Use good passwords; Use current antivirus software; and Moderate your Internet usage habits. Most of these

  2. Security in Internet

    Directory of Open Access Journals (Sweden)

    Felician ALECU

    2006-01-01

    Full Text Available A very good method that can be used to protect a private network is the implementation of a firewall between Internet and Intranet. This firewall will filter the packets that transit the network according with the security policy defined at the system level. The SSL protocol allows verifying the identity of a WEB server based on a digital certificate issued by a certification authority. Secure data transport over the Internet is done by using encryption methods.

  3. Security, privacy, and confidentiality issues on the Internet

    OpenAIRE

    Kelly, Grant; McKenzie, Bruce

    2002-01-01

    We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standa...

  4. Cyber Security: Rule of Use Internet Safely?

    OpenAIRE

    -, Maskun

    2013-01-01

    International Journal Cyber security plays on important role to guarantee and protect people who use internet in their daily life. Some cases take place around the world that people get inconvenience condition when they access and use internet. Misuse of internet becomes a current issue which some cases take place including a university. Advantages of using internet in the university of course assist the student to get some information in internet. However, they have to be protected in ord...

  5. Survey of methods for secure connection to the internet

    Science.gov (United States)

    Matsui, Shouichi

    1994-04-01

    This paper describes a study of a security method of protecting inside network computers against outside miscreants and unwelcome visitors and a control method when these computers are connected with the Internet. In the present Internet, a method to encipher all data cannot be used, so that it is necessary to utilize PEM (Privacy Enhanced Mail) capable of the encipherment and conversion of secret information. For preventing miscreant access by eavesdropping password, one-time password is effective. The most cost-effective method is a firewall system. This system lies between the outside and inside network. By limiting computers that directly communicate with the Internet, control is centralized and inside network security is protected. If the security of firewall systems is strictly controlled under correct setting, security within the network can be secured even in open networks such as the Internet.

  6. Information Security and the Internet.

    Science.gov (United States)

    Doddrell, Gregory R.

    1996-01-01

    As business relies less on "fortress" style central computers and more on distributed systems, the risk of disruption increases because of inadequate physical security, support services, and site monitoring. This article discusses information security and why protection is required on the Internet, presents a best practice firewall, and…

  7. Security, privacy, and confidentiality issues on the Internet.

    Science.gov (United States)

    Kelly, Grant; McKenzie, Bruce

    2002-01-01

    We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to 'sign' a message whereby the private key of an individual can be used to 'hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a 'digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers.

  8. Survey o methods for secure connection to the internet; Internet tono anzenna setsuzoku hoshiki no genjo

    Energy Technology Data Exchange (ETDEWEB)

    Matsui, S

    1994-04-01

    This paper describes a study of a security method of protecting inside network computers against outside miscreants and unwelcome visitors and a control method when these computers are connected with the Internet. In the present Internet, a method to encipher all data cannot be used, so that it is necessary to utilize PEM (Privacy Enhanced Mail) capable of the encipherment and conversion of secret information. For preventing miscreant access by eavesdropping password, one-time password is effective. The most cost-effective method is a firewall system. This system lies between the outside and inside network. By limiting computers that directly communicate with the Internet, control is centralized and inside network Security is protected. If the security of firewall systems is strictly controlled under correct setting, security within the network can be secured even in open networks such as the Internet. 35 refs., 3 figs.

  9. Security, privacy, and confidentiality issues on the Internet

    Science.gov (United States)

    Kelly, Grant; McKenzie, Bruce

    2002-01-01

    We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to `sign' a message whereby the private key of an individual can be used to `hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a `digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers. PMID:12554559

  10. Internet Banking Security Strategy: Securing Customer Trust

    OpenAIRE

    Frimpong Twum; Kwaku Ahenkora

    2012-01-01

    Internet banking strategies should enhance customers¡¯ online experiences which are affected by trust and security issues. This study provides perspectives of users and nonusers on internet banking security with a view to understanding trust and security factors in relation to adoption and continuous usage. Perception of internet banking security influenced usage intentions. Nonusers viewed internet banking to be insecure but users perceived it to be secure with perceived ease of use influenc...

  11. Commercial Security on the Internet.

    Science.gov (United States)

    Liddy, Carrie

    1996-01-01

    Discusses commercial security on the Internet and explains public key technology as successfully melding the conflicting requirements of openness for practical business applications and isolation and confidentiality for protection of data. Examples of public key value-added products are described, including encryption, digital signature and…

  12. Issues in protection of human subjects in internet research.

    Science.gov (United States)

    Im, Eun-Ok; Chee, Wonshik

    2002-01-01

    Despite the increasing use of the Internet among nurses, the use of the Internet in nursing research has been rarely discussed and critiqued in terms of issues in protection of human subjects. In this article, issues in protection of human subjects in Internet research are explored by analyzing an Internet study to propose directions for human protection in Internet research. Issues raised through the study include those related to (a) anonymity and confidentiality, (b) security, (c) self-determination and authenticity, (d) full disclosure, and (e) fair treatment. Based on discussion of the five issues, development of standardized guidelines, investigator triangulation, and information sharing are proposed as directions for protection of human subjects in Internet research.

  13. Research on Lightweight Information Security System of the Internet of Things

    OpenAIRE

    Ying Li; Li Ping Du; JianWei Guo; Xin Zhao

    2013-01-01

    In order to improve the security of information transmitted in the internet of things, this study designs an information security system architecture of internet of things based on a lightweight cryptography. In this security system, an authentication protocol, encryption/decryption protocol and signature verification protocol are proposed and implemented. All these security protocol are used to verify the legality of access device and to protect the confidentiality and integrity of transform...

  14. Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

    Science.gov (United States)

    Caruso, Ronald D

    2003-01-01

    Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort. Copyright RSNA, 2003

  15. Internet security technologies

    CERN Multimedia

    CERN. Geneva

    2003-01-01

    The three pillars of Internet Security are Infrastructure, Applications and People. In this series of lectures we will examine those three pillars and how vital it is for individuals to understand the vulnerabilities of this technology so they can made informed decisions about risks and how they can reduce those risks for themselves and their colleagues.First we will focus on the infrastructure: network; servers; operating systems and all those things that are mostly invisible. Moving up a level, into the visible realm, we discuss the application and see things like buffer overflows, viruses and how as application developers and users we can protect ourselves. Finally, it's all about people. The strongest security technology in the world is easily defeated if people don't understand their role in the whole system.

  16. [The Internet and its security].

    Science.gov (United States)

    Masić, Izet; Ahmetović, Ademir; Jakupović, Safet; Masić, Zlatan; Zunić, Lejla

    2002-01-01

    Internet, is the greatest world net by by means of which nowadays the planet communicates, rapidly goes forward. The last years of the university in USA the commonly develop the more progressive concept of the net (Internet 2), thanks to the constant growing technologies, with the goal to answer the needs of the scientific and the educational institutions, but also the commercial institutions and the organizations. Almost the there is no more significant institution in the world which has not developed their web pages and data bases with the most actual contents available to the wider circle of the users. In this paper we have given the section of the most actual web pages. However, Internet is not immune to those users who are not benevolent and who have developed the different tools in the goal of the destroying or unabling of the normal use of all the Internet conveniences. The authors is considering the protection problem and the data security which get distributed by Internet.

  17. Model-based security engineering for the internet of things

    OpenAIRE

    NEISSE RICARDO; STERI GARY; NAI FOVINO Igor; BALDINI Gianmarco; VAN HOESEL Lodewijk

    2015-01-01

    We propose in this chapter a Model-based Security Toolkit (SecKit) and methodology to address the control and protection of user data in the deployment of the Internet of Things (IoT). This toolkit takes a more general approach for security engineering including risk analysis, establishment of aspect-specific trust relationships, and enforceable security policies. We describe the integrated metamodels used in the toolkit and the accompanying security engineering methodology for IoT systems...

  18. Internet security information system implement method

    International Nuclear Information System (INIS)

    Liu Baoxu; Mei Jie; Xu Rongsheng; An Dehai; Yu Mingjian; Chen Xiangyang; Zheng Peng

    1999-01-01

    On the basis of analysis of the key elements that will affect the Internet Security Information System, the author takes UNIX Operating System as an example, and provides the important stages that must be considered when implementing the Internet Security Information System. An implemental model of the Internet Security Information System is given

  19. Security in the internet

    International Nuclear Information System (INIS)

    Seibel, R.M.M.; Kocher, K.; Landsberg, P.

    2000-01-01

    Aim of the study: Is it possible to use the Internet as a secure media for transport of telemedicine? Which risks exist for routine use? In this article state of the art methods of security were analysed. Telemedicine in the Internet has severe risks, because patient data and hospital data of a secure Intranet can be manipulated by connecting it to the Web. Conclusions: Establishing of a firewall and the introduction of HPC (Health Professional Card) are minimizing the risk of un-authorized access to the hospital server. HPC allows good safety with digital signature and authentication of host and client of medical data. For secure e-mail PGP (Pretty Good Privacy) is easy to use as a standard protocol. Planning all activities exactly as well as following legal regulations are important requisites for reduction of safety risks in Internet. (orig.) [de

  20. Data Transmission and Access Protection of Community Medical Internet of Things

    OpenAIRE

    Wang, Xunbao; Chen, Fulong; Ye, Heping; Yang, Jie; Zhu, Junru; Zhang, Ziyang; Huang, Yakun

    2017-01-01

    On the basis of Internet of Things (IoT) technologies, Community Medical Internet of Things (CMIoT) is a new medical information system and generates massive multiple types of medical data which contain all kinds of user identity data, various types of medical data, and other sensitive information. To effectively protect users’ privacy, we propose a secure privacy data protection scheme including transmission protection and access control. For the uplink transmission data protection, bidirect...

  1. Security in the internet; Sicherheitsaspekte im Internet

    Energy Technology Data Exchange (ETDEWEB)

    Seibel, R.M.M.; Kocher, K.; Landsberg, P. [Witten-Herdecke Univ., Witten (Germany). Inst. fuer Diagnostische und Interventionelle Radiologie

    2000-04-01

    Aim of the study: Is it possible to use the Internet as a secure media for transport of telemedicine? Which risks exist for routine use? In this article state of the art methods of security were analysed. Telemedicine in the Internet has severe risks, because patient data and hospital data of a secure Intranet can be manipulated by connecting it to the Web. Conclusions: Establishing of a firewall and the introduction of HPC (Health Professional Card) are minimizing the risk of un-authorized access to the hospital server. HPC allows good safety with digital signature and authentication of host and client of medical data. For secure e-mail PGP (Pretty Good Privacy) is easy to use as a standard protocol. Planning all activities exactly as well as following legal regulations are important requisites for reduction of safety risks in Internet. (orig.) [German] Ziele der Studie und Analyse: Es sollten die Fragen beantwortet werden, ob es moeglich ist, das Internet als sicheres Uebermittlungsmedium fuer Telemedizin zu nutzen und welche Sicherheitsrisiken bestehen. Dazu wurden die gaengigen Sicherheitsmethoden analysiert. Telemedizin im Internet ist mit Sicherheitsrisiken behaftet, die durch die Oeffnung eines Intranets mit der Moeglichkeit zur unberechtigten Manipulation von aussen bedingt sind. Schlussfolgerung: Diese Sicherheitsrisiken koennen durch eine Firewall weitgehend unterbunden werden. Chipkarten wie die Health professional card ermoeglichen eine hohe Sicherheit bei digitaler Signatur und sicherer Authentifikation der Sender und Empfaenger von Daten im Internet. Auch Standards wie Pretty good privacy sind inzwischen fuer sichere e-mails einfach einzusetzen. Wichtige Voraussetzung fuer die Reduktion von Sicherheitsrisiken ist unter Beruecksichtigung der gesetzlichen Vorgaben die exakte Planung aller Aktivitaeten im Internet, bei denen medizinische Patientendaten versandt werden sollen, in einem Team aus Aerzten und Informatikern. (orig.)

  2. Internet Safety and Security Surveys - A Review

    DEFF Research Database (Denmark)

    Sharp, Robin

    This report gives a review of investigations into Internet safety and security over the last 10 years. The review covers a number of surveys of Internet usage, of Internet security in general, and of Internet users' awareness of issues related to safety and security. The focus and approach...... of the various surveys is considered, and is related to more general proposals for investigating the issues involved. A variety of proposals for how to improve levels of Internet safety and security are also described, and they are reviewed in the light of studies of motivational factors which affect the degree...

  3. [Security aspects on the Internet].

    Science.gov (United States)

    Seibel, R M; Kocher, K; Landsberg, P

    2000-04-01

    Is it possible to use the Internet as a secure media for transport of telemedicine? Which risks exist for routine use? In this article state of the art methods of security were analysed. Telemedicine in the Internet has severe risks, because patient data and hospital data of a secure Intranet can be manipulated by connecting it to the Web. Establishing of a firewall and the introduction of HPC (Health Professional Card) are minimizing the risk of un-authorized access to the hospital server. HPC allows good safety with digital signature and authentication of host and client of medical data. For secure e-mail PGP (Pretty Good Privacy) is easy to use as a standard protocol. Planning all activities exactly as well as following legal regulations are important requisites for reduction of safety risks in Internet.

  4. Problem of Information Security Traffic on Internet

    Directory of Open Access Journals (Sweden)

    Slavko Šarić

    2012-10-01

    Full Text Available Internet information traffic becomes greater and moreimportant. With increasing growth of information importancerequirement for its security becomes indispensable. Theinformation security problem especially affect large and smallcompanies whose prosperity is depending on Internet presence.This affecting the three areas of Internet commerce: credit cardtransactions, virtual private networks and digital certification.To ensure information traffic it is necessary to find a solution,in a proper way, for three major problems: frontier problem,market problem and government problem. While the eventualemergence of security standards for Internet transactions isexpected, it will not automatically result in secure Internettransactions. In future, there is a wealth of security issues thatwill continue to require attention: internal security, continuedhacking, social engineering, malicious code, reliability andperformance, skills shortages and denial of se1vice attacks.

  5. Smart Security System For Home Appliances Control Based On Internet Of Things

    Directory of Open Access Journals (Sweden)

    Su Zin Zin Win

    2015-08-01

    Full Text Available Technology is always evolves. Home security is essential for occupants convenience and protection. Security systems are being preferred over manual system. With the rapid increase in the number of users of internet over the past decade has made Internet a part and parcel of life and IoTs is the latest and emerging internet technology. Home Appliances Control of Smart Security System using IoTs uses computers or mobile devices to control basic home functions and features through internet from anywhere around the world. This security system differs from other system by allowing the user to operate the system from anywhere around the world through internet connection. With the implementation of Arduino Mega microcontroller as an Embedded device security system design was constructed with many sensors and web server database. The Arduino Ethernet shield is used to eliminate the use of a personal computer PC. The motion sensing circuit temperature and humidity sensing circuit smoke or gas sensing circuit door lock sensing circuit light onoff circuit were designed to be connected with Arduino Mega microcontroller and Ethernet shield. This system can monitor the temperature and humidity values and the state of some sensors for intruder detection. It can also control the electric appliances like lights and door at home. Real time result was displayed on web server page via the internet.

  6. Security incidents on the Internet, 1989--1995

    Energy Technology Data Exchange (ETDEWEB)

    Howard, J.D.

    1995-12-31

    This paper presents an analysis of trends in Internet security based on an investigation of 4,299 Internet security-related incidents reported to the CERT{reg_sign} Coordination Center (CERT{reg_sign}/CC) from 1989 through 1995. Prior to this research, knowledge of actual Internet security incidents was limited and primarily anecdotal. This research: (1) developed a taxonomy to classify Internet attacks and incidents, (2) organized, classified, and analyzed CERT{reg_sign}/CC incident records, (3) summarized the relative frequency of the use of tools and vulnerabilities, success in achieving access, and results of attacks, (4) estimated total Internet incident activity, (5) developed recommendations for Internet users and suppliers, and (6) developed recommendations for future research. With the exception of denial-of-service attacks, security incidents were found to be increasing at a rate less than Internet growth. Estimates showed that most, if not all, severe incidents were reported to the CERT{reg_sign}/CC, and that more than one out of three above average incidents (in terms of duration and number of sites) were reported. Estimates also indicated that a typical Internet site was involved in, at most, around one incident (of any kind) per year, and a typical Internet host in, at most, around one incident in 45 years. The probability of unauthorized privileged access was around an order of magnitude less likely. As a result, simple and reasonable security precautions should be sufficient for most Internet users.

  7. Design and Security Analysis of a Fragment of Internet of Things Telecommunication System

    Directory of Open Access Journals (Sweden)

    V. A. Alexandrov

    2016-01-01

    Full Text Available This paper comprises the development and implementation of systems using the concept of Internet of Things. In terms of active development of industries, use the concept of the Internet of Things, the information security problem is urgent. To create a protected module of information-telecommunication system which implements the Internet of Things concept, it is important to take into account all its aspects. To determine relevant threats, it is necessary to use the detailed risk analysis according to existing GOST standards when choosing protection measures, one must rely on identified relevant threats. Actual threats and necessary protective actions are determined in this paper for implementation of Smart House computer appliance module, in order to develop a protected part of Smart House, which is necessary for realization of room access control. We solved the following tasks in the work, namely, a description of the system Smart Home, a description of steps and evaluation system security Smart Home; implementation of hardware assembly and writing a code for the selected fragment of the system; safety evaluation of the selected fragment Smart House and identification of actual threats; make recommendations to counter current threats; software implementation of one of the most urgent threats and software implementation of protective measures for a selected threat. A feature of the work is an integrated approach to the design with the use of the intruder models, analysis of the system’s assets and evaluation of their security.

  8. Data Transmission and Access Protection of Community Medical Internet of Things

    Directory of Open Access Journals (Sweden)

    Xunbao Wang

    2017-01-01

    Full Text Available On the basis of Internet of Things (IoT technologies, Community Medical Internet of Things (CMIoT is a new medical information system and generates massive multiple types of medical data which contain all kinds of user identity data, various types of medical data, and other sensitive information. To effectively protect users’ privacy, we propose a secure privacy data protection scheme including transmission protection and access control. For the uplink transmission data protection, bidirectional identity authentication and fragmented multipath data transmission are used, and for the downlink data protection, fine grained access control and dynamic authorization are used. Through theoretical analysis and experiment evaluation, it is proved that the community medical data can be effectively protected in the transmission and access process without high performance loss.

  9. Security and Privacy Analyses of Internet of Things Toys

    OpenAIRE

    Chu, Gordon; Apthorpe, Noah; Feamster, Nick

    2018-01-01

    This paper investigates the security and privacy of Internet-connected children's smart toys through case studies of three commercially-available products. We conduct network and application vulnerability analyses of each toy using static and dynamic analysis techniques, including application binary decompilation and network monitoring. We discover several publicly undisclosed vulnerabilities that violate the Children's Online Privacy Protection Rule (COPPA) as well as the toys' individual pr...

  10. Physician office readiness for managing Internet security threats.

    Science.gov (United States)

    Keshavjee, K; Pairaudeau, N; Bhanji, A

    2006-01-01

    Internet security threats are evolving toward more targeted and focused attacks.Increasingly, organized crime is involved and they are interested in identity theft. Physicians who use Internet in their practice are at risk for being invaded. We studied 16 physician practices in Southern Ontario for their readiness to manage internet security threats. Overall, physicians have an over-inflated sense of preparedness. Security practices such as maintaining a firewall and conducting regular virus checks were not consistently done.

  11. PROBLEMS OF INFORMAT ION SECURITY: INTERNET OF THINGS

    Directory of Open Access Journals (Sweden)

    Stanislav A. Shikov

    2017-03-01

    Full Text Available Introduction: The article deals with the threats to information security in the internetworking of physical devices, also known as Internet of Things (IoT, and the security challenge in terms of home automation systems, ZigBee protocol, Tesla electric cars and Apple Pay mobile payment. Section provides the term definition and history of the Internet of Things. The IEEE 1888 IoT-related standard developed in 2011 as integrated solution based on energy-saving technologies for the Internet of Things. The author considers security challenges for the “smart home” system. Next section reviews the experiments of the author involved in testing of the Internet of Things devices. Materials and Methods: The subjects of study are the Apple Pay, the ZigBee wireless standard, Tesla Model S electric cars. The main methods for identification of security threats are analysis and comparison. Results: The companies of electronic devices simplify and reduce the price of manufacturing process. The customers and users are rarely interested in levels of electronic devices security policies. This is the weakest link of electronic products in terms of security and safety. The tests demonstrated that modern electronic-based technologies do not reach the 100-percentage security level. Apple Pay mobile payment system demonstrated the highest security rating. Discussion and Conclusions: Modern electronic devices for Internet of Things does not meet all safety requirements, from the point of view of the author. The article recommends analyzing the potential threats and developing new security standards. In addition, the logistics of electronic devices for Internet of Things need to be under control from the manufacturer to equipment installation time.

  12. Security in Internet of Things

    DEFF Research Database (Denmark)

    Kidmose, Egon; Pedersen, Jens Myrup

    2017-01-01

    2016 was a year when the discussions about Internet of Things and security gained significant grounds. Not only was it yet another year where the challenges of cybercrime became visible to the general public, maybe the presumable Russian hacking of Hillary Clinton's emails as the most prominent...... example, but at the end of the year the Mirai Botnet used Internet of Things devices to perform successful attacks on several Internet infrastructure points....

  13. Customer perceptions on Internet banking information protection

    Directory of Open Access Journals (Sweden)

    André Redlinghuis

    2010-12-01

    Objectives: This article has reported on the results of a survey (a close-ended questionnaire that was conducted by alumni of the University of Johannesburg (UJ. The research problem for this study has been formulated as ‘what are Internet banking customers’ perception on information protection when using Internet banking services and products?’ Method: The methodology for this study falls on quantitative research. The research study consisted of a detailed literature review, followed by an empirical component which consisted of a quantitative questionnaire. The questionnaire used in this study consisted of eight sections covering biographical information, financial institution and Internet banking, Internet banking service quality and delivery, Internet banking functionality, Internet banking costs, Internet banking convenience and relationships, Internet banking trust and Internet banking security and information technology (IT. Results: It was established that the findings of this research could assist financial institutions with fostering and building greater value adding relationships with their customers. These value-adding endeavours will ensure that customers experience and perceive their Internet banking experience to be enriching. Education and awareness campaigns are key focus areas financial institutions should continuously invest in. Information should be easily retrievable and communicated in a manner that makes sense to the diverse customer base, especially within South Africa with its diverse cultures and languages. Conclusion: The final conclusion that could be reached is that Internet banking products and services will continue to grow across various divides and platforms as the Internet costs decrease in future, the growth of Internet related products and services such as Internet banking will increase.

  14. Secure and privacy-preserving data communication in Internet of Things

    CERN Document Server

    Zhu, Liehuang; Xu, Chang

    2017-01-01

    This book mainly concentrates on protecting data security and privacy when participants communicate with each other in the Internet of Things (IoT). Technically, this book categorizes and introduces a collection of secure and privacy-preserving data communication schemes/protocols in three traditional scenarios of IoT: wireless sensor networks, smart grid and vehicular ad-hoc networks recently. This book presents three advantages which will appeal to readers. Firstly, it broadens reader’s horizon in IoT by touching on three interesting and complementary topics: data aggregation, privacy protection, and key agreement and management. Secondly, various cryptographic schemes/protocols used to protect data confidentiality and integrity is presented. Finally, this book will illustrate how to design practical systems to implement the algorithms in the context of IoT communication. In summary, readers can simply learn and directly apply the new technologies to communicate data in IoT after reading this book.

  15. Sweet Dreams and Nightmares: Security in the Internet of Things

    OpenAIRE

    Kasper , Timo; Oswald , David; Paar , Christof

    2014-01-01

    Part 1: Invited Paper; International audience; Wireless embedded devices are predominant in the Internet of Things: Objects tagged with Radio Frequency IDentification and Near Field Communication technology, smartphones, and other embedded tokens interact from device to device and thereby often process information that is security or privacy relevant for humans. For protecting sensitive data and preventing attacks, many embedded devices employ cryptographic algorithms and authentication schem...

  16. Practical Unix and Internet Security

    CERN Document Server

    Garfinkel, Simson; Spafford, Gene

    2003-01-01

    When Practical Unix Security was first published more than a decade ago, it became an instant classic. Crammed with information about host security, it saved many a Unix system administrator from disaster. The second edition added much-needed Internet security coverage and doubled the size of the original volume. The third edition is a comprehensive update of this very popular book - a companion for the Unix/Linux system administrator who needs to secure his or her organization's system, networks, and web presence in an increasingly hostile world. Focusing on the four most popular Unix varia

  17. Security threat assessment of an Internet security system using attack tree and vague sets.

    Science.gov (United States)

    Chang, Kuei-Hu

    2014-01-01

    Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete--the traditional approach for calculating reliability--is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods.

  18. The security concern on internet banking adoption among Malaysian banking customers.

    Science.gov (United States)

    Sudha, Raju; Thiagarajan, A S; Seetharaman, A

    2007-01-01

    The existing literatures highlights that the security is the primary factor which determines the adoption of Internet banking technology. The secondary information on Internet banking development in Malaysia shows a very slow growth rate. Hence, this study aims to study the banking customers perception towards security concern and Internet banking adoption through the information collected from 150 sample respondents. The data analysis reveals that the customers have much concern about security and privacy issue in adoption of Internet banking, whether the customers are adopted Internet banking or not. Hence, it infers that to popularize Internet banking system there is a need for improvement in security and privacy issue among the banking customers.

  19. Security Threat Assessment of an Internet Security System Using Attack Tree and Vague Sets

    OpenAIRE

    Kuei-Hu Chang

    2014-01-01

    Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system’s elementary event are incomplete—the traditional approach for ca...

  20. PROBLEMS OF INFORMAT ION SECURITY: INTERNET OF THINGS

    OpenAIRE

    Stanislav A. Shikov

    2017-01-01

    Introduction: The article deals with the threats to information security in the internetworking of physical devices, also known as Internet of Things (IoT), and the security challenge in terms of home automation systems, ZigBee protocol, Tesla electric cars and Apple Pay mobile payment. Section provides the term definition and history of the Internet of Things. The IEEE 1888 IoT-related standard developed in 2011 as integrated solution based on energy-saving technologies for the Internet of T...

  1. The use of crypto-analysis techniques for securing internet ...

    African Journals Online (AJOL)

    ... recommended to be combined with other techniques, such as client-side software, data transaction protocols, web server software, and the network server operating system involved in handling e-commerce, for securing internet transaction. This recommendation will invariable ensure that internet transaction is secured.

  2. Security in Internet of Things

    OpenAIRE

    Mohar, Matej

    2017-01-01

    The Internet of Things (IoT) is emerging the Internet and other networks with wireless technologies to make physical objects interact online. The IoT has developed to become a promising technology and receives significant research attention in recent years because of the development of wireless communications and micro-electronics.  Like other immature technological inventions, although IoT will promise their users a better life in the near future, it is a security risk, especially today the ...

  3. Development of an Internet Security Policy for health care establishments.

    Science.gov (United States)

    Ilioudis, C; Pangalos, G

    2000-01-01

    The Internet provides unprecedented opportunities for interaction and data sharing among health care providers, patients and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality and integrity of information. This paper defines the basic security requirements that must be addressed in order to use the Internet to safely transmit patient and/or other sensitive Health Care information. It describes a suitable Internet Security Policy for Health Care Establishments and provides the set of technical measures that are needed for its implementation. The proposed security policy and technical approaches have been based on an extensive study of the related recommendations from the security and standard groups both in EU amid USA and our related work and experience. The results have been utilized in the framework of the Intranet Health Clinic project, where the use of the Internet for the transmission of sensitive Health Care information is of vital importance.

  4. Security Challenges of the Internet of Things

    OpenAIRE

    Goeke, Lisa

    2017-01-01

    The ‘Internet of Things’ is the buzz phrase that describes a new era of computation. Briefly, the Internet of Things can be defined as the interaction of smart objects that are connected to the Internet. These objects can sense, share and process information, upload them in the cloud, and make them available to the user via a large amount of different applications. Despite all of these promising innovations, the Internet of Things, as every other technology, faces multiple security...

  5. Security for Multimedia Space Data Distribution over the Internet

    Science.gov (United States)

    Stone, Thom; Picinich, Lou; Givens, John J. (Technical Monitor)

    1995-01-01

    Distribution of interactive multimedia to remote investigators will be required for high quality science on the International Space Station (ISS). The Internet with the World Wide Web (WWW) and the JAVA environment are a good match for distribution of data, video and voice to remote science centers. Utilizing the "open" Internet in a secure manner is the major hurdle in making use of this cost effective, off-the-shelf, universal resource. This paper examines the major security threats to an Internet distribution system for payload data and the mitigation of these threats. A proposed security environment for the Space Station Biological Research Facility (SSBRP) is presented with a short description of the tools that have been implemented or planned. Formulating and implementing a security policy, firewalls, host hardware and software security are also discussed in this paper. Security is a vast topic and this paper can only give an overview of important issues. This paper postulates that a structured approach is required and stresses that security must be built into a network from the start. Ignoring security issues or putting them off until late in the development cycle can be disastrous.

  6. Crisis-management and the Security in the Internet

    Science.gov (United States)

    Harada, Izumi

    This paper discusses about the crisis-management and the security in the Internet. The crime that not is so far occurs during widespread to the society of the Internet, and a big social trouble. Moreover, the problem of a new security such as a cyber war and cyber terrorism appeared, too. It is necessary to recognize such a situation, and to do both correspondences corresponding to the environmental transformation by government and the people.

  7. Teaching Internet Security, Safety in Our Classrooms

    Science.gov (United States)

    DeFranco, Joanna F.

    2011-01-01

    Internet security is an important topic for educators due to curriculums now incorporating tools such as the Internet, Google docs, e-portfolios, and course management systems. Those tools require students to spend more time online, where they are susceptible to manipulation or intimidation if they do not stay on task. Kids of all ages lack…

  8. The information systems security officer's guide establishing and managing an information protection program

    CERN Document Server

    Kovacich, Gerald L

    2003-01-01

    Information systems security continues to grow and change based on new technology and Internet usage trends. In order to protect your organization's confidential information, you need information on the latest trends and practical advice from an authority you can trust. The new ISSO Guide is just what you need. Information Systems Security Officer's Guide, Second Edition, from Gerald Kovacich has been updated with the latest information and guidance for information security officers. It includes more information on global changes and threats, managing an international information secur

  9. Survey of Security and Privacy Issues of Internet of Things

    OpenAIRE

    Borgohain, Tuhin; Kumar, Uday; Sanyal, Sugata

    2015-01-01

    This paper is a general survey of all the security issues existing in the Internet of Things (IoT) along with an analysis of the privacy issues that an end-user may face as a consequence of the spread of IoT. The majority of the survey is focused on the security loopholes arising out of the information exchange technologies used in Internet of Things. No countermeasure to the security drawbacks has been analyzed in the paper.

  10. Vehicular Internet: Security & Privacy Challenges and Opportunities

    Directory of Open Access Journals (Sweden)

    Kamran Zaidi

    2015-07-01

    Full Text Available The vehicular internet will drive the future of vehicular technology and intelligent transportation systems (ITS. Whether it is road safety, infotainment, or driver-less cars, the vehicular internet will lay the foundation for the future of road travel. Governments and companies are pursuing driver-less vehicles as they are considered to be more reliable than humans and, therefore, safer. The vehicles today are not just a means of transportation but are also equipped with a wide range of sensors that provide valuable data. If vehicles are enabled to share data that they collect with other vehicles or authorities for decision-making and safer driving, they thereby form a vehicular network. However, there is a lot at stake in vehicular networks if they are compromised. With the stakes so high, it is imperative that the vehicular networks are secured and made resilient to any attack or attempt that may have serious consequences. The vehicular internet can also be the target of a cyber attack, which can be devastating. In this paper, the opportunities that the vehicular internet offers are presented and then various security and privacy aspects are discussed and some solutions are presented.

  11. Can Cyberloafing and Internet Addiction Affect Organizational Information Security?

    Science.gov (United States)

    Hadlington, Lee; Parsons, Kathryn

    2017-09-01

    Researchers have noted potential links between Internet addiction, the use of work computers for nonwork purposes and an increased risk of threat to the organization from breaches in cybersecurity. However, much of this research appears conjectural in nature and lacks clear empirical evidence to support such claims. To fill this knowledge gap, a questionnaire-based study explored the link between cyberloafing, Internet addiction, and information security awareness (ISA). A total of 338 participants completed an online questionnaire, which comprised of the Online Cognition Scale, Cyberloafing Scale, and the Human Aspects of Information Security Questionnaire. Participants who reported higher Internet addiction and cyberloafing tendencies had lower ISA, and Internet addiction and cyberloafing predicted a significant 45 percent of the variance in ISA. Serious cyberloafing, such as the propensity to visit adult websites and online gambling, was shown to be the significant predictor for poorer ISA. Implications for organizations and recommendations to reduce or manage inappropriate Internet use are discussed.

  12. Security Issues in Networks with Internet Access

    National Research Council Canada - National Science Library

    Landwehr, Carl E; Goldschlag, David M

    1997-01-01

    .... The principles are illustrated by describing the security issues a hypothetical company faces as the networks that support its operations evolve from strictly private, through a mix of Internet...

  13. Home security system using internet of things

    Science.gov (United States)

    Anitha, A.

    2017-11-01

    IoT refers to the infrastructure of connected physical devices which is growing at a rapid rate as huge number of devices and objects are getting associated to the Internet. Home security is a very useful application of IoT and we are using it to create an inexpensive security system for homes as well as industrial use. The system will inform the owner about any unauthorized entry or whenever the door is opened by sending a notification to the user. After the user gets the notification, he can take the necessary actions. The security system will use a microcontroller known as Arduino Uno to interface between the components, a magnetic Reed sensor to monitor the status, a buzzer for sounding the alarm, and a WiFi module, ESP8266 to connect and communicate using the Internet. The main advantages of such a system includes the ease of setting up, lower costs and low maintenance.

  14. A survey of secure middleware for the Internet of Things

    Directory of Open Access Journals (Sweden)

    Paul Fremantle

    2017-05-01

    Full Text Available The rapid growth of small Internet connected devices, known as the Internet of Things (IoT, is creating a new set of challenges to create secure, private infrastructures. This paper reviews the current literature on the challenges and approaches to security and privacy in the Internet of Things, with a strong focus on how these aspects are handled in IoT middleware. We focus on IoT middleware because many systems are built from existing middleware and these inherit the underlying security properties of the middleware framework. The paper is composed of three main sections. Firstly, we propose a matrix of security and privacy threats for IoT. This matrix is used as the basis of a widespread literature review aimed at identifying requirements on IoT platforms and middleware. Secondly, we present a structured literature review of the available middleware and how security is handled in these middleware approaches. We utilise the requirements from the first phase to evaluate. Finally, we draw a set of conclusions and identify further work in this area.

  15. Information Security Problem on Internet%因特网上的信息安全问题

    Institute of Scientific and Technical Information of China (English)

    郭晓苗

    2000-01-01

    With the wide use of Internet,the information security problem on Internet becomes more and more serious.The article gives an overall description of the information security problem on Internet,the cause of the problem and some threats to the information security on Internet.

  16. Analytical Characterization of Internet Security Attacks

    Science.gov (United States)

    Sellke, Sarah H.

    2010-01-01

    Internet security attacks have drawn significant attention due to their enormously adverse impact. These attacks includes Malware (Viruses, Worms, Trojan Horse), Denial of Service, Packet Sniffer, and Password Attacks. There is an increasing need to provide adequate defense mechanisms against these attacks. My thesis proposal deals with analytical…

  17. Engineering secure Internet of Things systems

    CERN Document Server

    Aziz, Benjamin; Crispo, Bruno

    2016-01-01

    This book examines important security considerations for the Internet of Things (IoT). IoT is collecting a growing amount of private and sensitive data about our lives, and requires increasing degrees of reliability and trustworthiness in terms of the levels of assurance provided with respect to confidentiality, integrity and availability.

  18. A framework for an institutional high level security policy for the processing of medical data and their transmission through the Internet.

    Science.gov (United States)

    Ilioudis, C; Pangalos, G

    2001-01-01

    The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy. To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information. We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet. We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information. The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a

  19. Internetting tactical security sensor systems

    Science.gov (United States)

    Gage, Douglas W.; Bryan, W. D.; Nguyen, Hoa G.

    1998-08-01

    The Multipurpose Surveillance and Security Mission Platform (MSSMP) is a distributed network of remote sensing packages and control stations, designed to provide a rapidly deployable, extended-range surveillance capability for a wide variety of military security operations and other tactical missions. The baseline MSSMP sensor suite consists of a pan/tilt unit with video and FLIR cameras and laser rangefinder. With an additional radio transceiver, MSSMP can also function as a gateway between existing security/surveillance sensor systems such as TASS, TRSS, and IREMBASS, and IP-based networks, to support the timely distribution of both threat detection and threat assessment information. The MSSMP system makes maximum use of Commercial Off The Shelf (COTS) components for sensing, processing, and communications, and of both established and emerging standard communications networking protocols and system integration techniques. Its use of IP-based protocols allows it to freely interoperate with the Internet -- providing geographic transparency, facilitating development, and allowing fully distributed demonstration capability -- and prepares it for integration with the IP-based tactical radio networks that will evolve in the next decade. Unfortunately, the Internet's standard Transport layer protocol, TCP, is poorly matched to the requirements of security sensors and other quasi- autonomous systems in being oriented to conveying a continuous data stream, rather than discrete messages. Also, its canonical 'socket' interface both conceals short losses of communications connectivity and simply gives up and forces the Application layer software to deal with longer losses. For MSSMP, a software applique is being developed that will run on top of User Datagram Protocol (UDP) to provide a reliable message-based Transport service. In addition, a Session layer protocol is being developed to support the effective transfer of control of multiple platforms among multiple control

  20. A roadmap for security challenges in the Internet of Things

    Directory of Open Access Journals (Sweden)

    Arbia Riahi Sfar

    2018-04-01

    Full Text Available Unquestionably, communicating entities (object, or things in the Internet of Things (IoT context are playing an active role in human activities, systems and processes. The high connectivity of intelligent objects and their severe constraints lead to many security challenges, which are not included in the classical formulation of security problems and solutions. The Security Shield for IoT has been identified by DARPA (Defense Advanced Research Projects Agency as one of the four projects with a potential impact broader than the Internet itself. To help interested researchers contribute to this research area, an overview of the IoT security roadmap overview is presented in this paper based on a novel cognitive and systemic approach. The role of each component of the approach is explained, we also study its interactions with the other main components, and their impact on the overall. A case study is presented to highlight the components and interactions of the systemic and cognitive approach. Then, security questions about privacy, trust, identification, and access control are discussed. According to the novel taxonomy of the IoT framework, different research challenges are highlighted, important solutions and research activities are revealed, and interesting research directions are proposed. In addition, current standardization activities are surveyed and discussed to the ensure the security of IoT components and applications. Keywords: Internet of Things, Systemic and cognitive approach, Security, Privacy, Trust, Identification, Access control

  1. To the Question of Information Security and Providing State and Municipal Services by Means of the Internet

    Directory of Open Access Journals (Sweden)

    Alexander A. Galushkin

    2015-09-01

    Full Text Available In the present article author investigates interconnected questions of information security and providing state and municipal services by means of the global information Internet. Author analyzes opinions of the number of leading Russian and foreign experts and scientists. In the summary author draws a conclusion that implementation of rules of law answering to modern realities and also fruitful work of law enforcement and supervisory authorities regarding law application practice improvement is necessary for information security and human rights protection.

  2. Security in the Cache and Forward Architecture for the Next Generation Internet

    Science.gov (United States)

    Hadjichristofi, G. C.; Hadjicostis, C. N.; Raychaudhuri, D.

    The future Internet architecture will be comprised predominately of wireless devices. It is evident at this stage that the TCP/IP protocol that was developed decades ago will not properly support the required network functionalities since contemporary communication profiles tend to be data-driven rather than host-based. To address this paradigm shift in data propagation, a next generation architecture has been proposed, the Cache and Forward (CNF) architecture. This research investigates security aspects of this new Internet architecture. More specifically, we discuss content privacy, secure routing, key management and trust management. We identify security weaknesses of this architecture that need to be addressed and we derive security requirements that should guide future research directions. Aspects of the research can be adopted as a step-stone as we build the future Internet.

  3. Security Techniques for Sensor Systems and the Internet of Things

    Science.gov (United States)

    Midi, Daniele

    2016-01-01

    Sensor systems are becoming pervasive in many domains, and are recently being generalized by the Internet of Things (IoT). This wide deployment, however, presents significant security issues. We develop security techniques for sensor systems and IoT, addressing all security management phases. Prior to deployment, the nodes need to be hardened. We…

  4. Trust Management and Accountability for Internet Security

    Science.gov (United States)

    Liu, Wayne W.

    2011-01-01

    Adversarial yet interacting interdependent relationships in information sharing and service provisioning have been a pressing issue of the Internet. Such relationships exist among autonomous software agents, in networking system peers, as well as between "service users and providers." Traditional "ad hoc" security approaches effective in…

  5. Secure Bootstrapping and Rebootstrapping for Resource-Constrained Thing in Internet of Things

    OpenAIRE

    Jung, Seung Wook; Jung, Souhwan

    2015-01-01

    In Internet of Things, secure key establishment and building trust relationship between the thing and the home gateway (or the controller) in home network or Body Area Network are extremely important. Without the guarantee of establishment of key and trust relationship, the traffic over the Internet of Things network cannot be presumed secure. Also, when the home gateway, which knows the shared secret key, is out of order and the new gateway should be installed, the secure key establishment a...

  6. Predictors and protective factors for adolescent Internet victimization

    DEFF Research Database (Denmark)

    Helweg-Larsen, Karin; Schütt, Nina; Larsen, Helmer Bøving

    2012-01-01

    To examine the rate of Internet victimization in a nationally representative sample of adolescents aged 14-17 and to analyze predictors and protective factors for victimization.......To examine the rate of Internet victimization in a nationally representative sample of adolescents aged 14-17 and to analyze predictors and protective factors for victimization....

  7. Privacy protection on the internet: The European model

    Directory of Open Access Journals (Sweden)

    Baltezarević Vesna

    2017-01-01

    Full Text Available The Internet has a huge impact on all areas of social activity. Everyday life, social interaction and economics are directed to new information and communication technologies. A positive aspect of the new technology is reflected in the fact that it has created a virtual space that has led to the elimination of the various barriers, which has enabled interaction and information exchange across the world. Inclusion in the virtual social network provides connectivity for communicators who are looking for space that allows them freedom of expression and connect them with new ' friends'. Because of the feeling of complete freedom and the absence of censorship on the network communicators leave many personal details and photos, without thinking about the possible abuses of privacy. Recording of the different incidents on the network has resulted in the need to take precaution measures, in order to protect the users and the rule of law, given that freedom on the network is only possible with the existence of an adequate system of safety and security. In this paper we deal with the problem of the protection of personal data of users of virtual social networks against malicious activity and abuse, with special reference to the activities of the European Union in an effort to regulate this area. The European Commission has concentrated on finding the best solutions to protect the user's virtual space for more than two decades, starting from 1995 until a directive on security of networks and information systems, which was adopted in the first half of 2016.

  8. A Survey of Security Challenges in Internet of Things

    Directory of Open Access Journals (Sweden)

    Anass Sedrati

    2018-01-01

    Full Text Available Internet of things (IoT is an innovative technology subject to all kind of imaginary and science fictional solutions. Dreams and speculations are still possible about it. A technology combining real life objects and virtual life (Internet is indeed a fertile pitch of fantasy and original ideas. However, IoT has in practice to face several challenges to ensure its function and operability in a near future. This paper defines first some technical challenges of IoT today, before focusing on security-related ones via a layered architecture of IoT that we suggest. Finally, a number of actions and required future work is presented to enhance IoT security (Privacy, Lightweight crypto, etc..

  9. Secure Web-based Ground System User Interfaces over the Open Internet

    Science.gov (United States)

    Langston, James H.; Murray, Henry L.; Hunt, Gary R.

    1998-01-01

    A prototype has been developed which makes use of commercially available products in conjunction with the Java programming language to provide a secure user interface for command and control over the open Internet. This paper reports successful demonstration of: (1) Security over the Internet, including encryption and certification; (2) Integration of Java applets with a COTS command and control product; (3) Remote spacecraft commanding using the Internet. The Java-based Spacecraft Web Interface to Telemetry and Command Handling (Jswitch) ground system prototype provides these capabilities. This activity demonstrates the use and integration of current technologies to enable a spacecraft engineer or flight operator to monitor and control a spacecraft from a user interface communicating over the open Internet using standard World Wide Web (WWW) protocols and commercial off-the-shelf (COTS) products. The core command and control functions are provided by the COTS Epoch 2000 product. The standard WWW tools and browsers are used in conjunction with the Java programming technology. Security is provided with the current encryption and certification technology. This system prototype is a step in the direction of giving scientist and flight operators Web-based access to instrument, payload, and spacecraft data.

  10. Internet of Things (IoT) Based Design of a Secure and Lightweight Body Area Network (BAN) Healthcare System.

    Science.gov (United States)

    Deng, Yong-Yuan; Chen, Chin-Ling; Tsaur, Woei-Jiunn; Tang, Yung-Wen; Chen, Jung-Hsuan

    2017-12-15

    As sensor networks and cloud computation technologies have rapidly developed over recent years, many services and applications integrating these technologies into daily life have come together as an Internet of Things (IoT). At the same time, aging populations have increased the need for expanded and more efficient elderly care services. Fortunately, elderly people can now wear sensing devices which relay data to a personal wireless device, forming a body area network (BAN). These personal wireless devices collect and integrate patients' personal physiological data, and then transmit the data to the backend of the network for related diagnostics. However, a great deal of the information transmitted by such systems is sensitive data, and must therefore be subject to stringent security protocols. Protecting this data from unauthorized access is thus an important issue in IoT-related research. In regard to a cloud healthcare environment, scholars have proposed a secure mechanism to protect sensitive patient information. Their schemes provide a general architecture; however, these previous schemes still have some vulnerability, and thus cannot guarantee complete security. This paper proposes a secure and lightweight body-sensor network based on the Internet of Things for cloud healthcare environments, in order to address the vulnerabilities discovered in previous schemes. The proposed authentication mechanism is applied to a medical reader to provide a more comprehensive architecture while also providing mutual authentication, and guaranteeing data integrity, user untraceability, and forward and backward secrecy, in addition to being resistant to replay attack.

  11. 78 FR 66318 - Securities Investor Protection Corporation

    Science.gov (United States)

    2013-11-05

    ...] Securities Investor Protection Corporation AGENCY: Securities and Exchange Commission. ACTION: Proposed rule. SUMMARY: The Securities Investor Protection Corporation (``SIPC'') filed a proposed rule change with the... satisfaction of customer claims for standardized options under the Securities Investor Protection Act of 1970...

  12. Current evaluation of the information about Radiological Protection in Internet

    International Nuclear Information System (INIS)

    Ruiz-Cruces, R.; Marco, M.; Villanueva, I.

    2003-01-01

    To analyze the current situation about the pedagogic information on radiological protection training which could be found in Internet. More than 756 web-pages have been visited in Internet about Radiological Protection in the nuclear and medical fields, providing information mainly focusing on information to the members of the public. In this search were used internet Searching Appliance (as Copernicus, Google and Scirus), using key words related with this subject (as Radiological Protection and Health Safety), getting the internet address of organizations, societies and investigation groups. Only a low percentage (less than 5 per cent) of these addresses content information on Radiological Protection for the members of the public, including information about the regulator Organizations, and which are the objectives for protection of the members of the public against ionization radiation (from the point of view of the use of the ionization radiation in the medical and nuclear field). This work attempts to propose the use of internet as a tool for informing the members of the public in matter of radiological protection, as first link in the chain of the training and education. (Author)

  13. European Trends in Privacy: How can we increase internet security and protect individual privacy?

    Directory of Open Access Journals (Sweden)

    Soren Duus Ostergaard

    2004-04-01

    Full Text Available In the aftermath of September 11 2001 security has been at the top of any Government or Enterprise agenda. Scrutinizing flight passenger lists, conference participants' background, customers' profile and securing access to public and private databases through gateways has become a standard way of doing things. Legislation has been put in place which in many countries give the authorities increased right to analyze personal data ? In some cases overriding existing privacy legislation. >In a networked world everybody leaves traces that are personally individually identifiable (PII. When we use our mobile phone, the cell network provider knows the location you are in and the time of the call. When you browse a bookstore on the internet, an applet will tell the web-site owner of your buying habits - and the moment you make a purchase on the net, you leave behind a sign of your reading habits and intellectual preferences. When you use your credit card on the net to buy flowers, the address of the receiver is recorded and related to your ID. If you are under medical treatment and receive medicine, the prescription will inform about your deceases. Under which circumstances do you want this information to be revealed? Most countries as well as the European Union and its member countries have since long been aware of the potential threat against personal integrity in case a malevolent organization got hold of all this information. And now Governments in most countries are becoming increasingly interested in accessing personal information to prevent terrorism and establish an electronic surveillance of dubious elements in the society. This paper intends to describe how IT solutions with a special focus on the public sector could be developed and deployed that will help organizations as well as individuals to protect their personally identifiable information, set up policies that will be translated to watch dogs that will ensure that these policies are

  14. Internet of Things (IoT Based Design of a Secure and Lightweight Body Area Network (BAN Healthcare System

    Directory of Open Access Journals (Sweden)

    Yong-Yuan Deng

    2017-12-01

    Full Text Available As sensor networks and cloud computation technologies have rapidly developed over recent years, many services and applications integrating these technologies into daily life have come together as an Internet of Things (IoT. At the same time, aging populations have increased the need for expanded and more efficient elderly care services. Fortunately, elderly people can now wear sensing devices which relay data to a personal wireless device, forming a body area network (BAN. These personal wireless devices collect and integrate patients’ personal physiological data, and then transmit the data to the backend of the network for related diagnostics. However, a great deal of the information transmitted by such systems is sensitive data, and must therefore be subject to stringent security protocols. Protecting this data from unauthorized access is thus an important issue in IoT-related research. In regard to a cloud healthcare environment, scholars have proposed a secure mechanism to protect sensitive patient information. Their schemes provide a general architecture; however, these previous schemes still have some vulnerability, and thus cannot guarantee complete security. This paper proposes a secure and lightweight body-sensor network based on the Internet of Things for cloud healthcare environments, in order to address the vulnerabilities discovered in previous schemes. The proposed authentication mechanism is applied to a medical reader to provide a more comprehensive architecture while also providing mutual authentication, and guaranteeing data integrity, user untraceability, and forward and backward secrecy, in addition to being resistant to replay attack.

  15. An Analysis of Security Incidents on the Internet 1989-1995

    Science.gov (United States)

    1997-04-07

    intervene. 14.4.2. Government Information Policies and the Computer Security Market - During the history of the Internet , the government has maintained a...the government is already taking to improve the operation of the Internet market by supplying information . The following analysis determined whether the... Information Assurance Technology Analysis Center (IATAC) 3190 Fairview Park Drive Falls Church VA 22042 Performing Organization Number(s) Sponsoring

  16. Presentation of various types of electronic business available on the Internet, Advantages, Disadvantages, Key Requirements and Security, Implementation Model of an Electronic Business

    OpenAIRE

    Andreea A.S. Ionescu; Raul Serban

    2012-01-01

    This paper speaks about the advantages, disadvantages, key requirements necessary of an electronic business, the infrastructure of the Internet, the existing main networks on the Internet, standards used to develop electronic business and the security of an e-business environment. As we know in an organization the information is an asset that has value and should be protected and diversified. We also propose an implementation model of an electronic business that interconnects two concepts: ER...

  17. Efficient Data Transfer Rate and Speed of Secured Ethernet Interface System

    Science.gov (United States)

    Ghanti, Shaila

    2016-01-01

    Embedded systems are extensively used in home automation systems, small office systems, vehicle communication systems, and health service systems. The services provided by these systems are available on the Internet and these services need to be protected. Security features like IP filtering, UDP protection, or TCP protection need to be implemented depending on the specific application used by the device. Every device on the Internet must have network interface. This paper proposes the design of the embedded Secured Ethernet Interface System to protect the service available on the Internet against the SYN flood attack. In this experimental study, Secured Ethernet Interface System is customized to protect the web service against the SYN flood attack. Secured Ethernet Interface System is implemented on ALTERA Stratix IV FPGA as a system on chip and uses the modified SYN flood attack protection method. The experimental results using Secured Ethernet Interface System indicate increase in number of genuine clients getting service from the server, considerable improvement in the data transfer rate, and better response time during the SYN flood attack. PMID:28116350

  18. Efficient Data Transfer Rate and Speed of Secured Ethernet Interface System.

    Science.gov (United States)

    Ghanti, Shaila; Naik, G M

    2016-01-01

    Embedded systems are extensively used in home automation systems, small office systems, vehicle communication systems, and health service systems. The services provided by these systems are available on the Internet and these services need to be protected. Security features like IP filtering, UDP protection, or TCP protection need to be implemented depending on the specific application used by the device. Every device on the Internet must have network interface. This paper proposes the design of the embedded Secured Ethernet Interface System to protect the service available on the Internet against the SYN flood attack. In this experimental study, Secured Ethernet Interface System is customized to protect the web service against the SYN flood attack. Secured Ethernet Interface System is implemented on ALTERA Stratix IV FPGA as a system on chip and uses the modified SYN flood attack protection method. The experimental results using Secured Ethernet Interface System indicate increase in number of genuine clients getting service from the server, considerable improvement in the data transfer rate, and better response time during the SYN flood attack.

  19. IP Security für Linux

    OpenAIRE

    Parthey, Mirko

    2001-01-01

    Die Nutzung des Internet für sicherheitskritische Anwendungen erfordert kryptographische Schutzmechanismen. IP Security (IPsec) definiert dafür geeignete Protokolle. Diese Arbeit gibt einen Überblick über IPsec. Eine IPsec-Implementierung für Linux (FreeS/WAN) wird auf Erweiterbarkeit und Praxistauglichkeit untersucht. Using the Internet in security-critical areas requires cryptographic protection, for which IP Security (IPsec) defines suitable protocols. This paper gives an overview of IP...

  20. Kaleidoscope on the Internet of Toys: Safety, security, privacy and societal insights

    OpenAIRE

    CHAUDRON STEPHANE; DI GIOIA Rosanna; GEMO Monica; HOLLOWAY Donell; MARSH Jackie; MASCHERONI Giovanna; PETER Jochen; YAMADA-RICE Dylan

    2016-01-01

    This paper gives an insight on safety, security, privacy and scocietal questions emerging from the rise of the Internet of Toys, meaning Internet Connected Toys that participate along with the wave of other domestic connected objects, the Internet of Things in increasing the ubiquity of the ICT within our everyday, closer to ourselves and our children more than ever. What changes and challenges 24/7 Internet connected devices, and Connected Toys particularly, will bring in our Society? What p...

  1. What we talk about when we talk about cybersecurity: security in internet governance debates

    Directory of Open Access Journals (Sweden)

    Josephine Wolff

    2016-09-01

    Full Text Available At meetings of internet governance organisations, participants generally agree that improving security is an important goal, but these conversations rarely yield consensus around how to achieve this outcome. One reason security plays this paradoxical role—as both a universal point of agreement and a continued source of contention—in these debates is that it has significantly different meanings to different stakeholders involved in these governance forums. In this paper, we discuss how different stakeholders define and frame internet security issues in the context of governance debates and analyse how these conflicting notions of security continue to shape emerging controversies.

  2. An Analysis of Fraud on the Internet.

    Science.gov (United States)

    Baker, C. Richard

    1999-01-01

    Examines the issue of fraud on the Internet and discusses three areas with significant potential for misleading and fraudulent practices: securities sales and trading; electronic commerce, including privacy and information protection; and the rapid growth of Internet companies, including advertising issues. (Author/LRW)

  3. Implementation of the Internet of Things on Public Security

    Science.gov (United States)

    Lu, Kesheng; Li, Xichun

    The development of the Internet of Things will occur within a new ecosystem that will be driven by a number of key players. The public security as one of the key players is going to make real-time communications will be possible not only by humans but also by things at anytime and from anywhere. This research will present the advent of the Internet of Things to create a plethora of innovative applications and services, which will enhance quality of life and reduce inequalities.

  4. Protective force legal issues: the security perspective

    International Nuclear Information System (INIS)

    Rich, B.L.

    1984-01-01

    There has been much discussion and some controversy on the legal issues faced by the Department of Energy's (DOE) protective forces in the performance of their security duties. These include the observance of legal proprieties in the arrest of non-violent demonstrators, the use of lethal weapons, and the extent of protective forces' authority to carry weapons and protect DOE's security interests offsite. In brief, the need to protect DOE's security interests may be in nominal conflict with other requirements. When faced with a potential conflict in requirements, we in the DOE security community must place first attention to the security mission -- to deter and prevent hostile acts

  5. The Internet of Things: Perspectives on Security from RFID and WSN

    OpenAIRE

    Shah, Ayush; Pal, Ambar; Acharya, H. B.

    2016-01-01

    A massive current research effort focuses on combining pre-existing 'Intranets' of Things into one Internet of Things. However, this unification is not a panacea; it will expose new attack surfaces and vectors, just as it enables new applications. We therefore urgently need a model of security in the Internet of Things. In this regard, we note that IoT descends directly from pre-existing research (in embedded Internet and pervasive intelligence), so there exist several bodies of related work:...

  6. Ethical considerations in internet use of electronic protected health information.

    Science.gov (United States)

    Polito, Jacquelyn M

    2012-03-01

    Caregivers, patients, and their family members are increasingly reliant on social network websites for storing, communicating, and referencing medical information. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule seeks balance by protecting the privacy of patients' health information and assuring that this information is available to those who need it to provide health care. Though federal and state governments have created laws and policies to safeguard patient privacy and confidentiality, the laws are inadequate against the rapid and innovative use of electronic health websites. As Internet use broadens access to information, health professionals must be aware that this information is not always secure. We must identify and reflect on medical ethics issues and be accountable for maintaining privacy for the patient.

  7. Security Framework and Jamming Detection for Internet of Things

    DEFF Research Database (Denmark)

    Babar, Sachin D.

    The Internet of Things (IoT) consists of billions of people, things and services having the potential to interact with each other and their environment. This highly interconnected global network structure presents new types of challenges from a security, trust and privacy perspective. Hence...

  8. OBSTACLES TO ONLINE SHOPPING: IMPACT OF GENDER AND INTERNET SECURITY ISSUES

    Directory of Open Access Journals (Sweden)

    AHU GENİS-GRUBER

    2013-06-01

    Full Text Available In the latest technology era, the widespread usage of internet enabled individuals to interact continuously and led to altered buying behavior patterns. Literature focuses on the critical effects in the field. Among many antecedents to online shopping, previous studies point out two important obstacles:  (i acceptance and tendency to use technology in accordance with gender perceptions and (ii internet security problems. This study analyzes the impact of these two prominent factors on e-commerce utilization by studying the effects of these factors through primary and secondary data; a survey designed specifically for this analysis and the cross-country data from Eurostat. The findings show that while internet security problems significantly impact online shopping behavior, the evidence is mixed for the impact of gender. The results of this paper provide insights for a successful e-commerce transaction and identify important obstacles to be avoided for an efficient e-commerce system.

  9. Internet of Things Security: Layered classification of attacks and possible Countermeasures

    Directory of Open Access Journals (Sweden)

    Otmane El Mouaatamid

    2016-12-01

    Full Text Available Nowadays, the internet of things (IoT presents a strong focus of research with various initiatives working on the application, and usage of Internet standards in the IoT. But the big challenge of the internet of things is security. In this paper a layered classification and a goal based comparison of attacks in the IoT are presented so that a better understanding of IoT attacks can be achieved and subsequently more efficient and effective techniques and procedures to combat these attacks may be developed

  10. 78 FR 5116 - NASA Information Security Protection

    Science.gov (United States)

    2013-01-24

    ... 2700-AD61 NASA Information Security Protection AGENCY: National Aeronautics and Space Administration..., projects, plans, or protection services relating to the national security; or (h) The development... implement the provisions of Executive Order (E.O.) 13526, Classified National Security Information, and...

  11. Security analysis and improvements of authentication and access control in the Internet of Things.

    Science.gov (United States)

    Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

    2014-08-13

    Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.

  12. Security Considerations around End-to-End Security in the IP-based Internet of Things

    NARCIS (Netherlands)

    Brachmann, M.; Garcia-Mochon, O.; Keoh, S.L.; Kumar, S.S.

    2012-01-01

    The IP-based Internet of Things refers to the interconnection of smart objects in a Low-power and Lossy Network (LLN) with the Internetby means of protocols such as 6LoWPAN or CoAP. The provisioning of an end-to-end security connection is the key to ensure basic functionalities such as software

  13. Cracking ShadowCrypt: Exploring the Limitations of Secure I/O Systems in Internet Browsers

    Directory of Open Access Journals (Sweden)

    Freyberger Michael

    2018-04-01

    Full Text Available An important line of privacy research is investigating the design of systems for secure input and output (I/O within Internet browsers. These systems would allow for users’ information to be encrypted and decrypted by the browser, and the specific web applications will only have access to the users’ information in encrypted form. The state-of-the-art approach for a secure I/O system within Internet browsers is a system called ShadowCrypt created by UC Berkeley researchers [23]. This paper will explore the limitations of ShadowCrypt in order to provide a foundation for the general principles that must be followed when designing a secure I/O system within Internet browsers. First, we developed a comprehensive UI attack that cannot be mitigated with popular UI defenses, and tested the efficacy of the attack through a user study administered on Amazon Mechanical Turk. Only 1 of the 59 participants who were under attack successfully noticed the UI attack, which validates the stealthiness of the attack. Second, we present multiple attack vectors against Shadow-Crypt that do not rely upon UI deception. These attack vectors expose the privacy weaknesses of Shadow DOM—the key browser primitive leveraged by ShadowCrypt. Finally, we present a sketch of potential countermeasures that can enable the design of future secure I/O systems within Internet browsers.

  14. Security Analysis and Improvements of Authentication and Access Control in the Internet of Things

    Science.gov (United States)

    Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

    2014-01-01

    Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18–21 June 2012, pp. 588–592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost. PMID:25123464

  15. Cracking ShadowCrypt: Exploring the Limitations of Secure I/O Systems in Internet Browsers

    OpenAIRE

    Freyberger Michael; He Warren; Akhawe Devdatta; Mazurek Michelle L.; Mittal Prateek

    2018-01-01

    An important line of privacy research is investigating the design of systems for secure input and output (I/O) within Internet browsers. These systems would allow for users’ information to be encrypted and decrypted by the browser, and the specific web applications will only have access to the users’ information in encrypted form. The state-of-the-art approach for a secure I/O system within Internet browsers is a system called ShadowCrypt created by UC Berkeley researchers [23]. This paper wi...

  16. A socio-organizational approach to information systems security management in the context of internet banking

    OpenAIRE

    Koskosas, loannis Vasileios

    2004-01-01

    This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University. This thesis takes a social and organizational point of view for studying information systems security in the context of internet banking. While the internet provides opportunities for businesses to extend their public network infrastructure, reduce transaction costs, and sell a wide range of products and services worldwide, security threats impede the business. Although, a number ...

  17. The summarize of the technique about proactive network security protection

    International Nuclear Information System (INIS)

    Liu Baoxu; Li Xueying; Cao Aijuan; Yu Chuansong; Xu Rongsheng

    2003-01-01

    The proactive protection measures and the traditional passive security protection tools are complementarities each other. It also can supply the conventional network security protection system and enhance its capability of the security protection. Based upon sorts of existing network security technologies, this article analyses and summarizes the technologies, functions and the development directions of some key proactive network security protection tools. (authors)

  18. Privacy and security of patient data in the pathology laboratory.

    Science.gov (United States)

    Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

    2013-01-01

    Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

  19. Privacy and security of patient data in the pathology laboratory

    Directory of Open Access Journals (Sweden)

    Ioan C Cucoranu

    2013-01-01

    Full Text Available Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI. In the United States, the Health Insurance Portability and Accountability Act (HIPAA govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

  20. Lightweight certificateless and provably-secure signcryptosystem for the internet of things

    OpenAIRE

    Nguyen , Kim Thuat; Oualha , Nouha; Laurent , Maryline

    2015-01-01

    International audience; In this paper, we propose an elliptic curve-based signcryption scheme derived from the standardized signature KCDSA (Korean Certificate-based Digital Signature Algorithm) in the context of the Internet of Things. Our solution has several advantages. First, the scheme is provably secure in the random oracle model. Second, it provides the following security properties: outsider/insider confidentiality and unforgeability; non-repudiation and public verifiability, while be...

  1. A Comparison of Internet Protocol (IPv6 Security Guidelines

    Directory of Open Access Journals (Sweden)

    Steffen Hermann

    2014-01-01

    Full Text Available The next generation of the Internet Protocol (IPv6 is currently about to be introduced in many organizations. However, its security features are still a very novel area of expertise for many practitioners. This study evaluates guidelines for secure deployment of IPv6, published by the U.S. NIST and the German federal agency BSI, for topicality, completeness and depth. The later two are scores defined in this paper and are based on the Requests for Comments relevant for IPv6 that were categorized, weighted and ranked for importance using an expert survey. Both guides turn out to be of practical value, but have a specific focus and are directed towards different audiences. Moreover, recommendations for possible improvements are presented. Our results could also support strategic management decisions on security priorities as well as for the choice of security guidelines for IPv6 roll-outs.

  2. DICOM image secure communications with Internet protocols IPv6 and IPv4.

    Science.gov (United States)

    Zhang, Jianguo; Yu, Fenghai; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen

    2007-01-01

    Image-data transmission from one site to another through public network is usually characterized in term of privacy, authenticity, and integrity. In this paper, we first describe a general scenario about how image is delivered from one site to another through a wide-area network (WAN) with security features of data privacy, integrity, and authenticity. Second, we give the common implementation method of the digital imaging and communication in medicine (DICOM) image communication software library with IPv6/IPv4 for high-speed broadband Internet by using open-source software. Third, we discuss two major security-transmission methods, the IP security (IPSec) and the secure-socket layer (SSL) or transport-layer security (TLS), being used currently in medical-image-data communication with privacy support. Fourth, we describe a test schema of multiple-modality DICOM-image communications through TCP/IPv4 and TCP/IPv6 with different security methods, different security algorithms, and operating systems, and evaluate the test results. We found that there are tradeoff factors between choosing the IPsec and the SSL/TLS-based security implementation of IPv6/IPv4 protocols. If the WAN networks only use IPv6 such as in high-speed broadband Internet, the choice is IPsec-based security. If the networks are IPv4 or the combination of IPv6 and IPv4, it is better to use SSL/TLS security. The Linux platform has more security algorithms implemented than the Windows (XP) platform, and can achieve better performance in most experiments of IPv6 and IPv4-based DICOM-image communications. In teleradiology or enterprise-PACS applications, the Linux operating system may be the better choice as peer security gateways for both the IPsec and the SSL/TLS-based secure DICOM communications cross public networks.

  3. Evaluating Common Privacy Vulnerabilities in Internet Service Providers

    Science.gov (United States)

    Kotzanikolaou, Panayiotis; Maniatis, Sotirios; Nikolouzou, Eugenia; Stathopoulos, Vassilios

    Privacy in electronic communications receives increased attention in both research and industry forums, stemming from both the users' needs and from legal and regulatory requirements in national or international context. Privacy in internet-based communications heavily relies on the level of security of the Internet Service Providers (ISPs), as well as on the security awareness of the end users. This paper discusses the role of the ISP in the privacy of the communications. Based on real security audits performed in national-wide ISPs, we illustrate privacy-specific threats and vulnerabilities that many providers fail to address when implementing their security policies. We subsequently provide and discuss specific security measures that the ISPs can implement, in order to fine-tune their security policies in the context of privacy protection.

  4. Information security protecting the global enterprise

    CERN Document Server

    Pipkin, Donald L

    2000-01-01

    In this book, IT security expert Donald Pipkin addresses every aspect of information security: the business issues, the technical process issues, and the legal issues. Pipkin starts by reviewing the key business issues: estimating the value of information assets, evaluating the cost to the organization if they are lost or disclosed, and determining the appropriate levels of protection and response to security incidents. Next, he walks through the technical processes required to build a consistent, reasonable information security system, with appropriate intrusion detection and reporting features. Finally, Pipkin reviews the legal issues associated with information security, including corporate officers' personal liability for taking care that information is protected. The book's coverage is applicable to businesses of any size, from 50 employees to 50,000 or more, and ideal for everyone who needs at least a basic understanding of information security: network/system administrators, managers, planners, archite...

  5. Quality of protection evaluation of security mechanisms.

    Science.gov (United States)

    Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

    2014-01-01

    Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol.

  6. Quality of Protection Evaluation of Security Mechanisms

    Science.gov (United States)

    Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

    2014-01-01

    Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol. PMID:25136683

  7. On the Security of Data Collection and Transmission from Wireless Sensor Networks in the Context of Internet of Things

    OpenAIRE

    Yu, Hong; He, Jingsha; Liu, Ruohong; Ji, Dajie

    2013-01-01

    In the context of Internet of Things (IoT), multiple cooperative nodes in wireless sensor networks (WSNs) can be used to monitor an event, jointly generate a report and then send it to one or more Internet nodes for further processing. A primary security requirement in such applications is that every event data report be authenticated to intended Internet users and effectively filtered on its way to the Internet users to realize the security of data collection and transmission from the WSN. H...

  8. The Digital Divide and Patient Portals: Internet Access Explained Differences in Patient Portal Use for Secure Messaging by Age, Race, and Income.

    Science.gov (United States)

    Graetz, Ilana; Gordon, Nancy; Fung, Vick; Hamity, Courtnee; Reed, Mary E

    2016-08-01

    Online access to health records and the ability to exchange secure messages with physicians can improve patient engagement and outcomes; however, the digital divide could limit access to web-based portals among disadvantaged groups. To understand whether sociodemographic differences in patient portal use for secure messaging can be explained by differences in internet access and care preferences. Cross-sectional survey to examine the association between patient sociodemographic characteristics and internet access and care preferences; then, the association between sociodemographic characteristics and secure message use with and without adjusting for internet access and care preference. One thousand forty-one patients with chronic conditions in a large integrated health care delivery system (76% response rate). Internet access, portal use for secure messaging, preference for in-person or online care, and sociodemographic and health characteristics. Internet access and preference mediated some of the differences in secure message use by age, race, and income. For example, using own computer to access the internet explained 52% of the association between race and secure message use and 60% of the association between income and use (Sobel-Goodman mediation test, Pdifferences in portal use remained statistically significant when controlling for internet access and preference. As the availability and use of patient portals increase, it is important to understand which patients have limited access and the barriers they may face. Improving internet access and making portals available across multiple platforms, including mobile, may reduce some disparities in secure message use.

  9. Lightweight S-Box Architecture for Secure Internet of Things

    Directory of Open Access Journals (Sweden)

    A. Prathiba

    2018-01-01

    Full Text Available Lightweight cryptographic solutions are required to guarantee the security of Internet of Things (IoT pervasiveness. Cryptographic primitives mandate a non-linear operation. The design of a lightweight, secure, non-linear 4 × 4 substitution box (S-box suited to Internet of Things (IoT applications is proposed in this work. The structure of the 4 × 4 S-box is devised in the finite fields GF (24 and GF ((222. The finite field S-box is realized by multiplicative inversion followed by an affine transformation. The multiplicative inverse architecture employs Euclidean algorithm for inversion in the composite field GF ((222. The affine transformation is carried out in the field GF (24. The isomorphic mapping between the fields GF (24 and GF ((222 is based on the primitive element in the higher order field GF (24. The recommended finite field S-box architecture is combinational and enables sub-pipelining. The linear and differential cryptanalysis validates that the proposed S-box is within the maximal security bound. It is observed that there is 86.5% lesser gate count for the realization of sub field operations in the composite field GF ((222 compared to the GF (24 field. In the PRESENT lightweight cipher structure with the basic loop architecture, the proposed S-box demonstrates 5% reduction in the gate equivalent area over the look-up-table-based S-box with TSMC 180 nm technology.

  10. Security leader insights for information protection lessons and strategies from leading security professionals

    CERN Document Server

    Fahy, Bob

    2014-01-01

    How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Information Protection, a collection of timeless leadership best practices featuring insights from some of the nation's most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on security's role in information protection. I

  11. Protecting whistle-blowers: Anonymity on the internet

    International Nuclear Information System (INIS)

    Guinnessy, P.

    1997-01-01

    Even though strict legislation exists in many countries, it appears that the next few years should be a golden opportunity for groups to successfully monitor and publish the activity of the nuclear states, and human right violations through use of the Internet. The reasons for this are: 1. The Internet is becoming widespread even in repressive regimes; 2. Software is available to either hide messages from others or hide the mailers account; 3. Information from sites in other countries can be easily obtained to be read inside repressive regimes from the Internet. In this regard It is suggested the Pugwash or a similar organization should set up either an anonymous account to receive information or maybe use a more heavily protected cyperpunk remailer. Such an ability would hopefully prompt more people to notify treaty violations

  12. Security Clearances and the Protection of National Security Information: Law and Procedures

    National Research Council Canada - National Science Library

    Cohen, Sheldon

    2000-01-01

    ... designed to protect National Security information. The report provides an authoritative compendium for lawyers, security officers and for managers of corporations who must deal with the legal and procedural aspects of security clearances...

  13. Avoiding the internet of insecure industrial things

    OpenAIRE

    Urquhart, Lachlan; McAuley, Derek

    2018-01-01

    Security incidents such as targeted distributed denial of service (DDoS) attacks on power grids and hacking of factory industrial control systems (ICS) are on the increase. This paper unpacks where emerging security risks lie for the industrial internet of things, drawing on both technical and regulatory perspectives. Legal changes are being ushered by the European Union (EU) Network and Information Security (NIS) Directive 2016 and the General Data Protection Regulation 2016 (GDPR) (both to ...

  14. Privacy and Security Research Group workshop on network and distributed system security: Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    1993-05-01

    This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

  15. APPROACH TO CYBER SECURITY ISSUES IN NIGERIA: CHALLENGES AND SOLUTION

    OpenAIRE

    Frank Ibikunle; Odunayo Eweniyi

    2013-01-01

    Cyber-space refers to the boundless space known as the internet. Cyber-security is the body of rules put in place for the protection of the cyber space. Cyber-crime refers to the series of organized crime attacking both cyber space and cyber security. The Internet is one of the fastest-growing areas of technical infrastructure development. Over the past decades, the growth of the internet and its use afforded everyone this opportunity. Google, Wikipedia and Bing to mention a few, give detaile...

  16. The enhancement of security in healthcare information systems.

    Science.gov (United States)

    Liu, Chia-Hui; Chung, Yu-Fang; Chen, Tzer-Shyong; Wang, Sheng-De

    2012-06-01

    With the progress and the development of information technology, the internal data in medical organizations have become computerized and are further established the medical information system. Moreover, the use of the Internet enhances the information communication as well as affects the development of the medical information system that a lot of medical information is transmitted with the Internet. Since there is a network within another network, when all networks are connected together, they will form the "Internet". For this reason, the Internet is considered as a high-risk and public environment which is easily destroyed and invaded so that a relevant protection is acquired. Besides, the data in the medical network system are confidential that it is necessary to protect the personal privacy, such as electronic patient records, medical confidential information, and authorization-controlled data in the hospital. As a consequence, a medical network system is considered as a network requiring high security that excellent protections and managerial strategies are inevitable to prevent illegal events and external attacks from happening. This study proposes secure medical managerial strategies being applied to the network environment of the medical organization information system so as to avoid the external or internal information security events, allow the medical system to work smoothly and safely that not only benefits the patients, but also allows the doctors to use it more conveniently, and further promote the overall medical quality. The objectives could be achieved by preventing from illegal invasion or medical information being stolen, protecting the completeness and security of medical information, avoiding the managerial mistakes of the internal information system in medical organizations, and providing the highly-reliable medical information system.

  17. Towards Formal Validation of Trust and Security of the Internet of Services

    DEFF Research Database (Denmark)

    Carbone, Roberto; Minea, Marius; Mödersheim, Sebastian Alexander

    2011-01-01

    Service designers and developers, while striving to meet the requirements posed by application scenarios, have a hard time to assess the trust and security impact of an option, a minor change, a combination of functionalities, etc., due to the subtle and unforeseeable situations and behaviors...... techniques to efficiently tackle industrial-size problems. The formal verification of trust and security of the Internet of Services will significantly boost its development and public acceptance....

  18. A Security Audit Framework to Manage Information System Security

    Science.gov (United States)

    Pereira, Teresa; Santos, Henrique

    The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

  19. Enforcing Security Mechanisms in the IP-Based Internet of Things: An Algorithmic Overview

    Directory of Open Access Journals (Sweden)

    Luca Veltri

    2013-04-01

    Full Text Available The Internet of Things (IoT refers to the Internet-like structure of billions of interconnected constrained devices, denoted as “smart objects”. Smart objects have limited capabilities, in terms of computational power and memory, and might be battery-powered devices, thus raising the need to adopt particularly energy efficient technologies. Among the most notable challenges that building interconnected smart objects brings about, there are standardization and interoperability. The use of IP has been foreseen as the standard for interoperability for smart objects. As billions of smart objects are expected to come to life and IPv4 addresses have eventually reached depletion, IPv6 has been identified as a candidate for smart-object communication. The deployment of the IoT raises many security issues coming from (i the very nature of smart objects, e.g., the adoption of lightweight cryptographic algorithms, in terms of processing and memory requirements; and (ii the use of standard protocols, e.g., the need to minimize the amount of data exchanged between nodes. This paper provides a detailed overview of the security challenges related to the deployment of smart objects. Security protocols at network, transport, and application layers are discussed, together with lightweight cryptographic algorithms proposed to be used instead of conventional and demanding ones, in terms of computational resources. Security aspects, such as key distribution and security bootstrapping, and application scenarios, such as secure data aggregation and service authorization, are also discussed.

  20. Design of the XML Security System for Electronic Commerce Application

    Institute of Scientific and Technical Information of China (English)

    2003-01-01

    The invocation of World Wide Web (www) first triggered mass adoption of the Internet for public access to digital information exchanges across the globe. To get a big market on the Web, a special security infrastructure would need to be put into place transforming the wild-and-woolly Internet into a network with end-to-end protections. XML (extensible Markup Language) is widely accepted as powerful data representation standard for electronic documents, so a security mechanism for XML documents must be provided in the first place to secure electronic commerce over Internet. In this paper the authors design and implement a secure framework that provides XML signature function, XML Element-wise Encryption function, smart card based crypto API library and Public Key Infrastructure (PKI) security functions to achieve confidentiality, integrity, message authentication, and/or signer authentication services for XML documents and existing non-XML documents that are exchanged by Internet for E-commerce application.

  1. Privacy Information Security Classification for Internet of Things Based on Internet Data

    OpenAIRE

    Lu, Xiaofeng; Qu, Zhaowei; Li, Qi; Hui, Pan

    2015-01-01

    A lot of privacy protection technologies have been proposed, but most of them are independent and aim at protecting some specific privacy. There is hardly enough deep study into the attributes of privacy. To minimize the damage and influence of the privacy disclosure, the important and sensitive privacy should be a priori preserved if all privacy pieces cannot be preserved. This paper focuses on studying the attributes of the privacy and proposes privacy information security classification (P...

  2. Twenty security considerations for cloud-supported Internet of Things

    OpenAIRE

    Singh, Jatinder; Pasquier, Thomas; Bacon, Jean Margaret; Ko, Hajoon; Eyers, David

    2015-01-01

    To realise the broad vision of pervasive computing, underpinned by the “Internet of Things” (IoT), it is essential to break down application and technology-based silos and support broad connectivity and data sharing; the cloud being a natural enabler. Work in IoT tends towards the subsystem, often focusing on particular technical concerns or application domains, before offloading data to the cloud. As such, there has been little regard given to the security, privacy and p...

  3. Security protection of DICOM medical images using dual-layer reversible watermarking with tamper detection capability.

    Science.gov (United States)

    Tan, Chun Kiat; Ng, Jason Changwei; Xu, Xiaotian; Poh, Chueh Loo; Guan, Yong Liang; Sheah, Kenneth

    2011-06-01

    Teleradiology applications and universal availability of patient records using web-based technology are rapidly gaining importance. Consequently, digital medical image security has become an important issue when images and their pertinent patient information are transmitted across public networks, such as the Internet. Health mandates such as the Health Insurance Portability and Accountability Act require healthcare providers to adhere to security measures in order to protect sensitive patient information. This paper presents a fully reversible, dual-layer watermarking scheme with tamper detection capability for medical images. The scheme utilizes concepts of public-key cryptography and reversible data-hiding technique. The scheme was tested using medical images in DICOM format. The results show that the scheme is able to ensure image authenticity and integrity, and to locate tampered regions in the images.

  4. How Robust Refugee Protection Policies Can Strengthen Human and National Security

    Directory of Open Access Journals (Sweden)

    Donald Kerwin

    2016-09-01

    Full Text Available This paper makes the case that refugee protection and national security should be viewed as complementary, not conflicting state goals. It argues that refugee protection can further the security of refugees, affected states, and the international community. Refugees and international migrants can also advance national security by contributing to a state’s economic vitality, military strength, diplomatic standing, and civic values. The paper identifies several strategies that would, if implemented, promote both security and refugee protection. It also outlines additional steps that the US Congress should take to enhance US refugee protection policies and security. Finally, it argues for the efficacy of political engagement in support of pro-protection, pro-security policies, and against the assumption that political populism will invariably impede support for refugee protection.

  5. Security and Privacy Grand Challenges for the Internet of Things

    Energy Technology Data Exchange (ETDEWEB)

    Fink, Glenn A.; Zarzhitsky, Dimitri V.; Carroll, Thomas E.; Farquhar, Ethan D.

    2015-08-20

    Abstract— The growth of the Internet of Things (IoT) is driven by market pressures, and while security is being considered, the relationship between the unintended consequences of billions of such devices connecting to the Internet cannot be described with existing mathematical methods. The possibilities for illicit surveillance through lifestyle analysis, unauthorized access to information, and new attack vectors will continue to increase by 2020, when up-to 50 billion devices may be connected. This paper discusses various kinds of vulnerabilities that can be expected to arise, and presents a research agenda for mitigating the worst of the impacts. We hope to draw research attention to the potential dangers of IoT so that many of these problems can be avoided.

  6. INTERNET SECURITY – TECHNOLOGY AND SOCIAL AWARENESS OF THE DANGERS

    Directory of Open Access Journals (Sweden)

    Laskowski Piotr Paweł

    2017-06-01

    Full Text Available The article describes selected issues related to user safety on the Internet. This safety consists of a number of factors such as the technology that we use to communicate and to browse the Internet, and habits and behaviors that we have acquired and through which we can identify at least some typical hazards encountered on the Web. Knowledge of software and the ability to use it and to configure it properly as well as checking regularly for security updates reduces the risk of data loss or identity theft. Public awareness of threats continues to grow, but there are also new, previously unknown threats; that is why it is so important to inform of the dangers by all available channels of communication.

  7. An Energy Efficient Protocol For The Internet Of Things

    Science.gov (United States)

    Venčkauskas, Algimantas; Jusas, Nerijus; Kazanavičius, Egidijus; Štuikys, Vytautas

    2015-01-01

    The Internet of Things (IoT) is a technological revolution that represents the future of computing and communications. One of the most important challenges of IoT is security: protection of data and privacy. The SSL protocol is the de-facto standard for secure Internet communications. The extra energy cost of encrypting and authenticating of the application data with SSL is around 15%. For IoT devices, where energy resources are limited, the increase in the cost of energy is a very significant factor. In this paper we present the energy efficient SSL protocol which ensures the maximum bandwidth and the required level of security with minimum energy consumption. The proper selection of the security level and CPU multiplier, can save up to 85% of the energy required for data encryption.

  8. Personal health record systems and their security protection.

    Science.gov (United States)

    Win, Khin Than; Susilo, Willy; Mu, Yi

    2006-08-01

    The objective of this study is to analyze the security protection of personal health record systems. To achieve this we have investigated different personal health record systems, their security functions, and security issues. We have noted that current security mechanisms are not adequate and we have proposed some security mechanisms to tackle these problems.

  9. 76 FR 75781 - Treasury Inflation-Protected Securities Issued at a Premium

    Science.gov (United States)

    2011-12-05

    ... Inflation-Protected Securities Issued at a Premium AGENCY: Internal Revenue Service (IRS), Treasury. ACTION... tax treatment of Treasury Inflation-Protected Securities issued with more than a de minimis amount of... a toll-free number). SUPPLEMENTARY INFORMATION: Background Treasury Inflation-Protected Securities...

  10. A Quantitative Study on Japanese Internet User's Awareness to Information Security: Necessity and Importance of Education and Policy

    OpenAIRE

    Toshihiko Takemura; Atsushi Umino

    2009-01-01

    In this paper, the authors examine whether or not there Institute for Information and Communications Policy shows are differences of Japanese Internet users awareness to information security based on individual attributes by using analysis of variance based on non-parametric method. As a result, generally speaking, it is found that Japanese Internet users' awareness to information security is different by individual attributes. Especially, the authors verify that the users who received the in...

  11. [Security specifications for electronic medical records on the Internet].

    Science.gov (United States)

    Mocanu, Mihai; Mocanu, Carmen

    2007-01-01

    The extension for the Web applications of the Electronic Medical Record seems both interesting and promising. Correlated with the expansion of Internet in our country, it allows the interconnection of physicians of different specialties and their collaboration for better treatment of patients. In this respect, the ophthalmologic medical applications consider the increased possibilities for monitoring chronic ocular diseases and for the identification of some elements for early diagnosis and risk factors supervision. We emphasize in this survey some possible solutions to the problems of interconnecting medical information systems to the Internet: the achievement of interoperability within medical organizations through the use of open standards, the automated input and processing for ocular imaging, the use of data reduction techniques in order to increase the speed of image retrieval in large databases, and, last but not least, the resolution of security and confidentiality problems in medical databases.

  12. Network security

    CERN Document Server

    Perez, André

    2014-01-01

    This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring. Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying

  13. Capacitation in radiological protection by internet

    International Nuclear Information System (INIS)

    Pena, Juan J.; Vega, Jose Maria; Rossell, Maria Angeles; Calvo, Jose L.; Galvez, Manuel

    2001-01-01

    This paper makes a proposal to use the Web for training Radiation Protection in Spanish/Portuguese languages. The Iberoamerican Group of Scientific Societies of Radioprotection (GRIAPRA) should take the lead of this educational project, to get in two years the following objectives: to prepare educational resources about Radioprotection in Spanish/Portuguese languages with the support of two Internet servers, one of them will be in Latin-American and the other in Spain; to talk over the methods for exchanging information between the teachers, tutors and students interested in participating in this project, to have a thorough knowledge of the activities and courses supported by the two internet servers; to set up agreements with Universities and professional Institutions related with Radioprotection in order that students, who get pass all the evaluations, exams and practical presential training organized in reference Centers previously selected, could obtain an academic accreditation. (author)

  14. Towards an automated security awareness system in a virtualized environment

    CSIR Research Space (South Africa)

    Labuschagne, WA

    2012-07-01

    Full Text Available resources. This is an efficient solution to access the Internet. However users might not be aware of the security threats that exist on using shared resources. Many companies provide security solutions to automatically protect resources on the network...

  15. 47 CFR 54.520 - Children's Internet Protection Act certifications required from recipients of discounts under the...

    Science.gov (United States)

    2010-10-01

    ... “technology protection measure” as used in this section, are defined in the Children's Internet Protection Act... discounts for Internet access or internal connections must certify on FCC Form 486 that an Internet safety... entity for the consortium, the school must certify instead on FCC Form 479 (“Certification to Consortium...

  16. Internet of people, things and services - the convergence of security, trust and privacy

    CSIR Research Space (South Africa)

    Eloff, JHP

    2009-12-01

    Full Text Available The Future Internet will consist of billions of people, things and services having the potential to interact with each other and their environment. This highly interconnected global network structure presents new types of challenges from a security...

  17. Comparison of risk and protective factors associated with smartphone addiction and Internet addiction.

    Science.gov (United States)

    Choi, Sam-Wook; Kim, Dai-Jin; Choi, Jung-Seok; Ahn, Heejune; Choi, Eun-Jeung; Song, Won-Young; Kim, Seohee; Youn, Hyunchul

    2015-12-01

    Smartphone addiction is a recent concern that has resulted from the dramatic increase in worldwide smartphone use. This study assessed the risk and protective factors associated with smartphone addiction in college students and compared these factors to those linked to Internet addiction. College students (N = 448) in South Korea completed the Smartphone Addiction Scale, the Young's Internet Addiction Test, the Alcohol Use Disorders Identification Test, the Beck Depression Inventory I, the State-Trait Anxiety Inventory (Trait Version), the Character Strengths Test, and the Connor-Davidson Resilience Scale. The data were analyzed using multiple linear regression analyses. The risk factors for smartphone addiction were female gender, Internet use, alcohol use, and anxiety, while the protective factors were depression and temperance. In contrast, the risk factors for Internet addiction were male gender, smartphone use, anxiety, and wisdom/knowledge, while the protective factor was courage. Discussion These differences may result from unique features of smartphones, such as high availability and primary use as a tool for interpersonal relationships. Our findings will aid clinicians in distinguishing between predictive factors for smartphone and Internet addiction and can consequently be utilized in the prevention and treatment of smartphone addiction.

  18. Security Considerations of Doing Business via the Internet: Cautions To Be Considered.

    Science.gov (United States)

    Aldridge, Alicia; White, Michele; Forcht, Karen

    1997-01-01

    Lack of security is perceived as a major roadblock to doing business online. This article examines system, user, and commercial transaction privacy on the World Wide Web and discusses methods of protection: operating systems security, file and data protection, user education, access restrictions, data authentication, perimeter and transaction…

  19. Building an authorization model for external means of protection of APCS based on the Internet of things

    Science.gov (United States)

    Zaharov, A. A.; Nissenbaum, O. V.; Ponomaryov, K. Y.; Nesgovorov, E. S.

    2018-01-01

    In this paper we study application of Internet of Thing concept and devices to secure automated process control systems. We review different approaches in IoT (Internet of Things) architecture and design and propose them for several applications in security of automated process control systems. We consider an Attribute-based encryption in context of access control mechanism implementation and promote a secret key distribution scheme between attribute authorities and end devices.

  20. 17 CFR 403.4 - Customer protection-reserves and custody of securities.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Customer protection-reserves... TREASURY REGULATIONS UNDER SECTION 15C OF THE SECURITIES EXCHANGE ACT OF 1934 PROTECTION OF CUSTOMER SECURITIES AND BALANCES § 403.4 Customer protection—reserves and custody of securities. Every registered...

  1. Securing Wireless Communications of the Internet of Things from the Physical Layer, An Overview

    Science.gov (United States)

    Zhang, Junqing; Duong, Trung; Woods, Roger; Marshall, Alan

    2017-08-01

    The security of the Internet of Things (IoT) is receiving considerable interest as the low power constraints and complexity features of many IoT devices are limiting the use of conventional cryptographic techniques. This article provides an overview of recent research efforts on alternative approaches for securing IoT wireless communications at the physical layer, specifically the key topics of key generation and physical layer encryption. These schemes can be implemented and are lightweight, and thus offer practical solutions for providing effective IoT wireless security. Future research to make IoT-based physical layer security more robust and pervasive is also covered.

  2. Differences in High School and College Students' Basic Knowledge and Perceived Education of Internet Safety: Do High School Students Really Benefit from the Children's Internet Protection Act?

    Science.gov (United States)

    Yan, Zheng

    2009-01-01

    The Children's Internet Protection Act (CIPA; 2000) requires an Internet filtering and public awareness strategy to protect children under 17 from harmful visual Internet depictions. This study compared high school students who went online with the CIPA restriction and college students who went online without the restriction in order to…

  3. Multimedia security watermarking, steganography, and forensics

    CERN Document Server

    Shih, Frank Y

    2012-01-01

    Multimedia Security: Watermarking, Steganography, and Forensics outlines essential principles, technical information, and expert insights on multimedia security technology used to prove that content is authentic and has not been altered. Illustrating the need for improved content security as the Internet and digital multimedia applications rapidly evolve, this book presents a wealth of everyday protection application examples in fields including multimedia mining and classification, digital watermarking, steganography, and digital forensics. Giving readers an in-depth overview of different asp

  4. [Internet research methods: advantages and challenges].

    Science.gov (United States)

    Liu, Yi; Tien, Yueh-Hsuan

    2009-12-01

    Compared to traditional research methods, using the Internet to conduct research offers a number of advantages to the researcher, which include increased access to sensitive issues and vulnerable / hidden populations; decreased data entry time requirements; and enhanced data accuracy. However, Internet research also presents certain challenges to the researcher. In this article, the advantages and challenges of Internet research methods are discussed in four principle issue areas: (a) recruitment, (b) data quality, (c) practicality, and (d) ethics. Nursing researchers can overcome problems related to sampling bias and data truthfulness using creative methods; resolve technical problems through collaboration with other disciplines; and protect participant's privacy, confidentiality and data security by maintaining a high level of vigilance. Once such issues have been satisfactorily addressed, the Internet should open a new window for Taiwan nursing research.

  5. Protecting livelihoods, boosting food security in Kenya | IDRC ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    2015-05-21

    May 21, 2015 ... Protecting livelihoods, boosting food security in Kenya ... livestock fodder, with important outcomes for household food security. ... and all counties have since committed funding toward scaling up successful technologies.

  6. Wireless mobile Internet security

    CERN Document Server

    Rhee, Man Young

    2013-01-01

      The mobile industry for wireless cellular services has grown at a rapid pace over the past decade. Similarly, Internet service technology has also made dramatic growth through the World Wide Web with a wire line infrastructure. Realization for complete wired/wireless mobile Internet technologies will become the future objectives for convergence of these technologies thr

  7. Practical Computer Security through Cryptography

    Science.gov (United States)

    McNab, David; Twetev, David (Technical Monitor)

    1998-01-01

    The core protocols upon which the Internet was built are insecure. Weak authentication and the lack of low level encryption services introduce vulnerabilities that propagate upwards in the network stack. Using statistics based on CERT/CC Internet security incident reports, the relative likelihood of attacks via these vulnerabilities is analyzed. The primary conclusion is that the standard UNIX BSD-based authentication system is by far the most commonly exploited weakness. Encryption of Sensitive password data and the adoption of cryptographically-based authentication protocols can greatly reduce these vulnerabilities. Basic cryptographic terminology and techniques are presented, with attention focused on the ways in which technology such as encryption and digital signatures can be used to protect against the most commonly exploited vulnerabilities. A survey of contemporary security software demonstrates that tools based on cryptographic techniques, such as Kerberos, ssh, and PGP, are readily available and effectively close many of the most serious security holes. Nine practical recommendations for improving security are described.

  8. Security Management Strategies for Protecting Your Library's Network.

    Science.gov (United States)

    Ives, David J.

    1996-01-01

    Presents security procedures for protecting a library's computer system from potential threats by patrons or personnel, and describes how security can be breached. A sidebar identifies four areas of concern in security management: the hardware, the operating system, the network, and the user interface. A selected bibliography of sources on…

  9. Protecting livelihoods, boosting food security in Kenya | IDRC ...

    International Development Research Centre (IDRC) Digital Library (Canada)

    2015-05-21

    May 21, 2015 ... Protecting livelihoods, boosting food security in Kenya ... America, and the Caribbean with funds from the Government of Canada's fast-start financing. ... Water management and food security in vulnerable regions of China.

  10. Consumer protection in electronic commerce

    Directory of Open Access Journals (Sweden)

    Nicoleta Andreea NEACŞU

    2016-07-01

    Full Text Available Electronic commerce is one of the most important aspects of the Internet and allows people to buy instant. Fast and easy development of e-commerce has led to the necessity of consumer protection in cyberspace, where trade takes place, so as to ensure consumer safety and security matters. This article examines e-commerce in terms of consumer protection and data security, which concerns equally all stakeholders in the electronic market: buyers, sellers, banks, courier cargo and other participants.

  11. Trademarks, consumer protection and domain names on the Internet

    Directory of Open Access Journals (Sweden)

    Hana Kelblová

    2007-01-01

    Full Text Available The article deals with current problems of the conflict of domain names on the Internet with trade marks in relation to the consumer protection. The aim of the article is to refer to ways and means of protection against of the speculative registration of a domain name. In the Czech legal order these means represent legal regulation of the unfair competition in Commercial Code, regulation of liability for damage together with the Trademarks Act.

  12. Establishing an Information Security System related to Physical Protection

    International Nuclear Information System (INIS)

    Jang, Sung Soon; Yoo, Ho Sik

    2009-01-01

    A physical protection system (PPS) integrates people, procedures and equipment for the protection of assets or facilities against theft, sabotage or other malevolent attacks. In the physical protection field, it is important the maintain confidentiality of PPS related information, such as the alarm system layout, detailed maps of buildings, and guard schedules. In this abstract, we suggest establishing a methodology for an information security system. The first step in this methodology is to determine the information to protect and possible adversaries. Next, system designers should draw all possible paths to the information and arrange appropriate protection elements. Finally he/she should analyze and upgrade their information security system

  13. A Malicious Pattern Detection Engine for Embedded Security Systems in the Internet of Things

    Directory of Open Access Journals (Sweden)

    Doohwan Oh

    2014-12-01

    Full Text Available With the emergence of the Internet of Things (IoT, a large number of physical objects in daily life have been aggressively connected to the Internet. As the number of objects connected to networks increases, the security systems face a critical challenge due to the global connectivity and accessibility of the IoT. However, it is difficult to adapt traditional security systems to the objects in the IoT, because of their limited computing power and memory size. In light of this, we present a lightweight security system that uses a novel malicious pattern-matching engine. We limit the memory usage of the proposed system in order to make it work on resource-constrained devices. To mitigate performance degradation due to limitations of computation power and memory, we propose two novel techniques, auxiliary shifting and early decision. Through both techniques, we can efficiently reduce the number of matching operations on resource-constrained systems. Experiments and performance analyses show that our proposed system achieves a maximum speedup of 2.14 with an IoT object and provides scalable performance for a large number of patterns.

  14. A Malicious Pattern Detection Engine for Embedded Security Systems in the Internet of Things

    Science.gov (United States)

    Oh, Doohwan; Kim, Deokho; Ro, Won Woo

    2014-01-01

    With the emergence of the Internet of Things (IoT), a large number of physical objects in daily life have been aggressively connected to the Internet. As the number of objects connected to networks increases, the security systems face a critical challenge due to the global connectivity and accessibility of the IoT. However, it is difficult to adapt traditional security systems to the objects in the IoT, because of their limited computing power and memory size. In light of this, we present a lightweight security system that uses a novel malicious pattern-matching engine. We limit the memory usage of the proposed system in order to make it work on resource-constrained devices. To mitigate performance degradation due to limitations of computation power and memory, we propose two novel techniques, auxiliary shifting and early decision. Through both techniques, we can efficiently reduce the number of matching operations on resource-constrained systems. Experiments and performance analyses show that our proposed system achieves a maximum speedup of 2.14 with an IoT object and provides scalable performance for a large number of patterns. PMID:25521382

  15. A malicious pattern detection engine for embedded security systems in the Internet of Things.

    Science.gov (United States)

    Oh, Doohwan; Kim, Deokho; Ro, Won Woo

    2014-12-16

    With the emergence of the Internet of Things (IoT), a large number of physical objects in daily life have been aggressively connected to the Internet. As the number of objects connected to networks increases, the security systems face a critical challenge due to the global connectivity and accessibility of the IoT. However, it is difficult to adapt traditional security systems to the objects in the IoT, because of their limited computing power and memory size. In light of this, we present a lightweight security system that uses a novel malicious pattern-matching engine. We limit the memory usage of the proposed system in order to make it work on resource-constrained devices. To mitigate performance degradation due to limitations of computation power and memory, we propose two novel techniques, auxiliary shifting and early decision. Through both techniques, we can efficiently reduce the number of matching operations on resource-constrained systems. Experiments and performance analyses show that our proposed system achieves a maximum speedup of 2.14 with an IoT object and provides scalable performance for a large number of patterns.

  16. Network Security Issues in The Internet of Things (IoT)

    OpenAIRE

    Millar, Stuart

    2016-01-01

    This paper surveys a broad range of other research works in order to discuss network security issues in the Internet of Things (IoT). We begin with setting the scene generally with an outline of IoT, followed by a discussion of IoT layer models and topologies. After this, IoT standardization efforts and protocols are analysed, before we discuss in depth vulnerabilities, attacks and mitigations with regard IoT. It is concluded that ample research and narrative exists for protocols and vulnerab...

  17. Implementing an Information Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.; O' Neil, Lori Ross; Leitch, Rosalyn; Johnson, Christopher; Lewis, John G.; Rodger, Robert M.

    2017-11-01

    The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.

  18. ICRP Publication 125: Radiological Protection in Security Screening.

    Science.gov (United States)

    Cool, D A; Lazo, E; Tattersall, P; Simeonov, G; Niu, S

    2014-07-01

    The use of technologies to provide security screening for individuals and objects has been increasing rapidly, in keeping with the significant increase in security concerns worldwide. Within the spectrum of technologies, the use of ionizing radiation to provide backscatter and transmission screening capabilities has also increased. The Commission has previously made a number of statements related to the general topic of deliberate exposures of individuals in non-medical settings. This report provides advice on how the radiological protection principles recommended by the Commission should be applied within the context of security screening. More specifically, the principles of justification, optimisation of protection, and dose limitation for planned exposure situations are directly applicable to the use of ionising radiation in security screening. In addition, several specific topics are considered in this report, including the situation in which individuals may be exposed because they are concealed (‘stowaways’) in a cargo container or conveyance that may be subject to screening. The Commission continues to recommend that careful justification of screening should be considered before decisions are made to employ the technology. If a decision is made that its use is justified, the framework for protection as a planned exposure situation should be employed, including optimization of protection with the use of dose constraints and the appropriate provisions for authorisation and inspection.

  19. 75 FR 82037 - National Protection and Programs Directorate; President's National Security Telecommunications...

    Science.gov (United States)

    2010-12-29

    ... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2010-0050] National Protection and Programs Directorate; President's National Security Telecommunications Advisory Committee AGENCY: National Protection... Committee Meeting. SUMMARY: The President's National Security Telecommunications Advisory Committee (NSTAC...

  20. 75 FR 68370 - Agency Information Collection Activities: Office of Infrastructure Protection; Chemical Security...

    Science.gov (United States)

    2010-11-05

    ... DEPARTMENT OF HOMELAND SECURITY National Protection and Programs Directorate [Docket No. DHS-2010-0071] Agency Information Collection Activities: Office of Infrastructure Protection; Chemical Security...: The Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD), Office...

  1. The Anonymization Protection Algorithm Based on Fuzzy Clustering for the Ego of Data in the Internet of Things

    Directory of Open Access Journals (Sweden)

    Mingshan Xie

    2017-01-01

    Full Text Available In order to enhance the enthusiasm of the data provider in the process of data interaction and improve the adequacy of data interaction, we put forward the concept of the ego of data and then analyzed the characteristics of the ego of data in the Internet of Things (IOT in this paper. We implement two steps of data clustering for the Internet of things; the first step is the spatial location of adjacent fuzzy clustering, and the second step is the sampling time fuzzy clustering. Equivalent classes can be obtained through the two steps. In this way we can make the data with layout characteristics to be classified into different equivalent classes, so that the specific location information of the data can be obscured, the layout characteristics of tags are eliminated, and ultimately anonymization protection would be achieved. The experimental results show that the proposed algorithm can greatly improve the efficiency of protection of the data in the interaction with others in the incompletely open manner, without reducing the quality of anonymization and enhancing the information loss. The anonymization data set generated by this method has better data availability, and this algorithm can effectively improve the security of data exchange.

  2. Ultra-Low-Power Design and Hardware Security Using Emerging Technologies for Internet of Things

    Directory of Open Access Journals (Sweden)

    Jiann-Shiun Yuan

    2017-09-01

    Full Text Available In this review article for Internet of Things (IoT applications, important low-power design techniques for digital and mixed-signal analog–digital converter (ADC circuits are presented. Emerging low voltage logic devices and non-volatile memories (NVMs beyond CMOS are illustrated. In addition, energy-constrained hardware security issues are reviewed. Specifically, light-weight encryption-based correlational power analysis, successive approximation register (SAR ADC security using tunnel field effect transistors (FETs, logic obfuscation using silicon nanowire FETs, and all-spin logic devices are highlighted. Furthermore, a novel ultra-low power design using bio-inspired neuromorphic computing and spiking neural network security are discussed.

  3. Development of measures of online privacy concern and protection for use on the Internet

    OpenAIRE

    Buchanan, T; Paine, C; Joinson, A; Reips, U D

    2007-01-01

    As the Internet grows in importance, concerns about online privacy have arisen. We describe the development and validation of three short Internet-administered scales measuring privacy related attitudes ('Privacy Concern') and behaviors ('General Caution' and 'Technical Protection').

  4. CNSS: Interagency Partnering to Protect Our National Security Systems

    National Research Council Canada - National Science Library

    Grimes, John G

    2008-01-01

    .... The CNSS performs the vital function of mobilizing the full, interagency National Security Community for the protection of telecommunications and information systems that support U.S. national security...

  5. Security Techniques for protecting data in Cloud Computing

    OpenAIRE

    Maddineni, Venkata Sravan Kumar; Ragi, Shivashanker

    2012-01-01

    Context: From the past few years, there has been a rapid progress in Cloud Computing. With the increasing number of companies resorting to use resources in the Cloud, there is a necessity for protecting the data of various users using centralized resources. Some major challenges that are being faced by Cloud Computing are to secure, protect and process the data which is the property of the user. Aims and Objectives: The main aim of this research is to understand the security threats and ident...

  6. Infectious disease protection for healthcare security officers.

    Science.gov (United States)

    D'Angelo, Michael S; Arias, Jean

    2015-01-01

    Healthcare Security should be considered an active component in an infectious disease event, the authors maintain, and security officers must be included in an Employee Health screening and N95 fit testing initiative to safely welcome the incoming infected patients. In this article, they spell out the different levels of precautions officers should become familiar with in order to protect themselves.

  7. Application to an Internet site in radiation protection

    International Nuclear Information System (INIS)

    Gambini, D.J.; Baum, T.P.; Spector, M.; Elgard, M.C.; Mechaly, Y.; Grainer, R.; Barritault, L.

    1997-01-01

    Training specialists in medical radiation protection is ensured by the Continuous Training Center of University Rene Descartes since 1990. The necessity of updating knowledge has urged us to develop an Internet site (http://www.citi2.fr/RADIO). Besides the mandatory functions of the educational management (secretariat, information on the stages, registrations, etc.) this site provides: 1. Practical information (addresses of administrative and technical organisms, presentation of radiation protection programs); 2. Scientific information (bibliographic bulletin of the EDF service of radiation protection, updated every two months, description of recent radiation protection works); 3. Institutional documentation (analysis of recent basic texts, ICRP publications, European directives). The interrogation of general interest asked via e-mail and forum allowing communication between experts, graduated students and the education faculty will be available on the site. The communication will be augmented by tele-formation modules for continuous distant training

  8. EDAS: An Evaluation Prototype for Autonomic Event-Driven Adaptive Security in the Internet of Things

    Directory of Open Access Journals (Sweden)

    Waqas Aman

    2015-07-01

    Full Text Available In Internet of Things (IoT, the main driving technologies are considered to be tiny sensory objects. These objects cannot host traditional preventive and detective technologies to provide protection against the increasing threat sophistication. Furthermore, these solutions are limited to analyzing particular contextual information, for instance network information or files, and do not provide holistic context for risk analysis and response. Analyzing a part of a situation may lead to false alarms and later to unnecessary and incorrect configurations. To overcome these concerns, we proposed an event-driven adaptive security (EDAS model for IoT. EDAS aims to observe security events (changes generated by various things in the monitored IoT environment, investigates any intentional or unintentional risks associated with the events and adapts to it autonomously. It correlates different events in time and space to reduce any false alarms and provides a mechanism to predict attacks before they are realized. Risks are responded to autonomically by utilizing a runtime adaptation ontology. The mitigation action is chosen after assessing essential information, such as the risk faced, user preferences, device capabilities and service requirements. Thus, it selects an optimal mitigation action in a particular adverse situation. The objective of this paper is to investigate EDAS feasibility and its aptitude as a real-world prototype in a remote patient monitoring context. It details how EDAS can be a practical choice for IoT-eHealth in terms of the security, design and implementation features it offers as compared to traditional security controls. We have explained the prototype’s major components and have highlighted the key technical challenges.

  9. 76 FR 36863 - Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Protection From...

    Science.gov (United States)

    2011-06-23

    ... Security Protection From Unauthorized External Access AGENCY: Federal Aviation Administration (FAA), DOT... for Gulfstream GVI airplanes. 1. The applicant must ensure electronic system security protection for... that effective electronic system security protection strategies are implemented to protect the airplane...

  10. Prototype system of secure VOD

    Science.gov (United States)

    Minemura, Harumi; Yamaguchi, Tomohisa

    1997-12-01

    Secure digital contents delivery systems are to realize copyright protection and charging mechanism, and aim at secure delivery service of digital contents. Encrypted contents delivery and history (log) management are means to accomplish this purpose. Our final target is to realize a video-on-demand (VOD) system that can prevent illegal usage of video data and manage user history data to achieve a secure video delivery system on the Internet or Intranet. By now, mainly targeting client-server systems connected with enterprise LAN, we have implemented and evaluated a prototype system based on the investigation into the delivery method of encrypted video contents.

  11. Cyber resilience: a review of critical national infrastructure and cyber security protection measures applied in the UK and USA.

    Science.gov (United States)

    Harrop, Wayne; Matteson, Ashley

    This paper presents cyber resilience as key strand of national security. It establishes the importance of critical national infrastructure protection and the growing vicarious nature of remote, well-planned, and well executed cyber attacks on critical infrastructures. Examples of well-known historical cyber attacks are presented, and the emergence of 'internet of things' as a cyber vulnerability issue yet to be tackled is explored. The paper identifies key steps being undertaken by those responsible for detecting, deterring, and disrupting cyber attacks on critical national infrastructure in the United Kingdom and the USA.

  12. Secure OpenID Authentication Model by Using Trusted Computing

    Directory of Open Access Journals (Sweden)

    E. Ghazizadeh

    2014-01-01

    Full Text Available The growth of Internet online services has been very quick in recent years. Each online service requires Internet users to create a new account to use the service. The problem can be seen when each user usually needs more than one service and, consequently, has numerous accounts. These numerous accounts have to be managed in a secure and simple way to be protected against identity theft. Single sign-on (SSO and OpenID have been used to decrease the complexity of managing numerous accounts required in the Internet identity environment. Trusted Platform Module (TPM and Trust Multitenancy are great trusted computing-based technologies to solve security concerns in the Internet identity environment. Since trust is one of the pillars of security in the cloud, this paper analyzes the existing cloud identity techniques in order to investigate their strengths and weaknesses. This paper proposes a model in which One Time Password (OTP, TPM, and OpenID are used to provide a solution against phishing as a common identity theft in cloud environment.

  13. A Multifactor Secure Authentication System for Wireless Payment

    Science.gov (United States)

    Sanyal, Sugata; Tiwari, Ayu; Sanyal, Sudip

    Organizations are deploying wireless based online payment applications to expand their business globally, it increases the growing need of regulatory requirements for the protection of confidential data, and especially in internet based financial areas. Existing internet based authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. The vulnerability is that access is based on only single factor authentication which is not secure to protect user data, there is a need of multifactor authentication. This paper proposes a new protocol based on multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce another security level with the traditional Login/password system. The system provides a highly secure environment that is simple to use and deploy with in a limited resources that does not require any change in infrastructure or underline protocol of wireless network. This Protocol for Wireless Payment is extended as a two way authentications system to satisfy the emerging market need of mutual authentication and also supports secure B2B communication which increases faith of the user and business organizations on wireless financial transaction using mobile devices.

  14. Security enhanced BioEncoding for protecting iris codes

    Science.gov (United States)

    Ouda, Osama; Tsumura, Norimichi; Nakaguchi, Toshiya

    2011-06-01

    Improving the security of biometric template protection techniques is a key prerequisite for the widespread deployment of biometric technologies. BioEncoding is a recently proposed template protection scheme, based on the concept of cancelable biometrics, for protecting biometric templates represented as binary strings such as iris codes. The main advantage of BioEncoding over other template protection schemes is that it does not require user-specific keys and/or tokens during verification. Besides, it satisfies all the requirements of the cancelable biometrics construct without deteriorating the matching accuracy. However, although it has been shown that BioEncoding is secure enough against simple brute-force search attacks, the security of BioEncoded templates against more smart attacks, such as record multiplicity attacks, has not been sufficiently investigated. In this paper, a rigorous security analysis of BioEncoding is presented. Firstly, resistance of BioEncoded templates against brute-force attacks is revisited thoroughly. Secondly, we show that although the cancelable transformation employed in BioEncoding might be non-invertible for a single protected template, the original iris code could be inverted by correlating several templates used in different applications but created from the same iris. Accordingly, we propose an important modification to the BioEncoding transformation process in order to hinder attackers from exploiting this type of attacks. The effectiveness of adopting the suggested modification is validated and its impact on the matching accuracy is investigated empirically using CASIA-IrisV3-Interval dataset. Experimental results confirm the efficacy of the proposed approach and show that it preserves the matching accuracy of the unprotected iris recognition system.

  15. Deploying Difference: Security Threat Narratives and State Displacement from Protected Areas

    Directory of Open Access Journals (Sweden)

    Elizabeth Lunstrum

    2018-01-01

    Full Text Available State actors are increasingly treating protected areas as sites of security threats and policing resident communities as though they are the cause of this insecurity. This is translating into community eviction from protected areas that is authorised by security concerns and logics and hence not merely conservation concerns. We ground this claim by drawing upon empirical work from two borderland conservation areas: Mozambique's Limpopo National Park (LNP and Guatemala's Maya Biosphere Reserve (MBR. In both cases, we show how these security-provoked evictions are authorised by the mobilisation of interlocking axes of difference that articulate notions of territorial trespass with that of a racialised enemy. Rather than a new problem or phenomena, we show how these axes are rooted in prior histories of state actors rendering racialised subjects dangerous, Cold War histories in both cases and a longer colonial history with the LNP. We also show how standing behind these evictions is the nation-state and its practices of protected area territorialisation. From here, we illustrate how the rationale behind displacement from protected areas matters, as evictions become more difficult to contest once they are authorised by security considerations. The cases, however, differ in one key respect. While displacement from the LNP is an instance of conservation-induced displacement (CID, although one re-worked by security considerations, eviction from the MBR is motivated more centrally by security concerns yet takes advantage of protected area legislation. The study hence offers insight into a growing literature on conservation-security encounters and into different articulations of conservation, security, and displacement.

  16. The Internet and Security: Do We need a Man With A Red Flag To Walk In Front of Computers?

    OpenAIRE

    Edwards, Lilian

    2007-01-01

    This editorial focusses on the topic of internet security; its real, or perceived threats to individuals, and the regulatory framework in place to deal with cybercrime. Edwards suggests some obligations for computer owners as an attempt to ensure the security of their computer.

  17. 77 FR 10657 - Protecting the Public and Our Employees in Our Hearing Process

    Science.gov (United States)

    2012-02-23

    ... Internet site, Social Security Online, at http://www.socialsecurity.gov . SUPPLEMENTARY INFORMATION... SOCIAL SECURITY ADMINISTRATION 20 CFR Parts 404 and 416 [Docket No. SSA-2011-0008] RIN 0960-AH29 Protecting the Public and Our Employees in Our Hearing Process AGENCY: Social Security Administration. ACTION...

  18. 10 CFR 2.903 - Protection of restricted data and national security information.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Protection of restricted data and national security... Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national security information. Nothing in this subpart shall relieve any person from safeguarding Restricted Data or...

  19. Internet-Based Solutions for a Secure and Efficient Seismic Network

    Science.gov (United States)

    Bhadha, R.; Black, M.; Bruton, C.; Hauksson, E.; Stubailo, I.; Watkins, M.; Alvarez, M.; Thomas, V.

    2017-12-01

    The Southern California Seismic Network (SCSN), operated by Caltech and USGS, leverages modern Internet-based computing technologies to provide timely earthquake early warning for damage reduction, event notification, ShakeMap, and other data products. Here we present recent and ongoing innovations in telemetry, security, cloud computing, virtualization, and data analysis that have allowed us to develop a network that runs securely and efficiently.Earthquake early warning systems must process seismic data within seconds of being recorded, and SCSN maintains a robust and resilient network of more than 350 digital strong motion and broadband seismic stations to achieve this goal. We have continued to improve the path diversity and fault tolerance within our network, and have also developed new tools for latency monitoring and archiving.Cyberattacks are in the news almost daily, and with most of our seismic data streams running over the Internet, it is only a matter of time before SCSN is targeted. To ensure system integrity and availability across our network, we have implemented strong security, including encryption and Virtual Private Networks (VPNs).SCSN operates its own data center at Caltech, but we have also installed real-time servers on Amazon Web Services (AWS), to provide an additional level of redundancy, and eventually to allow full off-site operations continuity for our network. Our AWS systems receive data from Caltech-based import servers and directly from field locations, and are able to process the seismic data, calculate earthquake locations and magnitudes, and distribute earthquake alerts, directly from the cloud.We have also begun a virtualization project at our Caltech data center, allowing us to serve data from Virtual Machines (VMs), making efficient use of high-performance hardware and increasing flexibility and scalability of our data processing systems.Finally, we have developed new monitoring of station average noise levels at most stations

  20. Security and Privacy in the Medical Internet of Things: A Review

    Directory of Open Access Journals (Sweden)

    Wencheng Sun

    2018-01-01

    Full Text Available Medical Internet of Things, also well known as MIoT, is playing a more and more important role in improving the health, safety, and care of billions of people after its showing up. Instead of going to the hospital for help, patients’ health-related parameters can be monitored remotely, continuously, and in real time, then processed, and transferred to medical data center, such as cloud storage, which greatly increases the efficiency, convenience, and cost performance of healthcare. The amount of data handled by MIoT devices grows exponentially, which means higher exposure of sensitive data. The security and privacy of the data collected from MIoT devices, either during their transmission to a cloud or while stored in a cloud, are major unsolved concerns. This paper focuses on the security and privacy requirements related to data flow in MIoT. In addition, we make in-depth study on the existing solutions to security and privacy issues, together with the open challenges and research issues for future work.

  1. Internet Governance and National Security

    Science.gov (United States)

    2012-01-01

    by the International Orga­ nization of Standards for the Open Systems Interconnection ( OSI ) model as the basis of Internet networking. A brief...or “ride on top” of the Internet. A corporate LAN , such as “.company–name” for internal company use, is an example of the first. When a group wishes

  2. 49 CFR 387.303 - Security for the protection of the public: Minimum limits.

    Science.gov (United States)

    2010-10-01

    ... 49 Transportation 5 2010-10-01 2010-10-01 false Security for the protection of the public: Minimum... Insurance for Motor Carriers and Property Brokers § 387.303 Security for the protection of the public... convenience of the user, the revised text is set forth as follows: § 387.303 Security for the protection of...

  3. Metric-Aware Secure Service Orchestration

    Directory of Open Access Journals (Sweden)

    Gabriele Costa

    2012-12-01

    Full Text Available Secure orchestration is an important concern in the internet of service. Next to providing the required functionality the composite services must also provide a reasonable level of security in order to protect sensitive data. Thus, the orchestrator has a need to check whether the complex service is able to satisfy certain properties. Some properties are expressed with metrics for precise definition of requirements. Thus, the problem is to analyse the values of metrics for a complex business process. In this paper we extend our previous work on analysis of secure orchestration with quantifiable properties. We show how to define, verify and enforce quantitative security requirements in one framework with other security properties. The proposed approach should help to select the most suitable service architecture and guarantee fulfilment of the declared security requirements.

  4. 76 FR 10529 - Special Conditions: Gulfstream Model GVI Airplane; Electronic Systems Security Protection From...

    Science.gov (United States)

    2011-02-25

    ... Security Protection From Unauthorized External Access AGENCY: Federal Aviation Administration (FAA), DOT... electronic system security protection for the aircraft control domain and airline information domain from... identified and assessed, and that effective electronic system security protection strategies are implemented...

  5. Performance evaluation of secured DICOM image communication with next generation internet protocol IPv6

    Science.gov (United States)

    Yu, Fenghai; Zhang, Jianguo; Chen, Xiaomeng; Huang, H. K.

    2005-04-01

    Next Generation Internet (NGI) technology with new communication protocol IPv6 emerges as a potential solution for low-cost and high-speed networks for image data transmission. IPv6 is designed to solve many of the problems of the current version of IP (known as IPv4) with regard to address depletion, security, autoconfiguration, extensibility, and more. We choose CTN (Central Test Node) DICOM software developed by The Mallinckrodt Institute of Radiology to implement IPv6/IPv4 enabled DICOM communication software on different operating systems (Windows/Linux), and used this DICOM software to evaluate the performance of the IPv6/IPv4 enabled DICOM image communication with different security setting and environments. We compared the security communications of IPsec with SSL/TLS on different TCP/IP protocols (IPv6/IPv4), and find that there are some trade-offs to choose security solution between IPsec and SSL/TLS in the security implementation of IPv6/IPv4 communication networks.

  6. 76 FR 75829 - Treasury Inflation-Protected Securities Issued at a Premium

    Science.gov (United States)

    2011-12-05

    ... Treasury Inflation-Protected Securities Issued at a Premium AGENCY: Internal Revenue Service (IRS... IRS is issuing temporary regulations that provide guidance on the tax treatment of Treasury Inflation....1275-7(d) applies to Treasury Inflation-Protected Securities (TIPS) issued with more than a de minimis...

  7. Implementing Physical Protection Education for an Enhanced Nuclear Security Culture

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Jeong Ho; Kim, Hyun Chul; Shin, Ick Hyun; Lee, Hyung Kyung; Choe, Kwan Kyoo [KINAC, Daejeon (Korea, Republic of)

    2013-10-15

    In this paper, we are going to outline our efforts and experiences at implementing physical protection education. KINAC (as the only designated educational institute) places great effort in delivering an effective and a high-quality education program for physical protection. We have also provided a way for nuclear operators to share the lessons they have gained through their own experiences. We made physical protection education an important communication channel, not only among nuclear operators but also between operators and a regulatory body. There is growing attention given to education and training on the subject of physical protection in order to enhance the nuclear security culture. The IAEA recommends that all personnel in organizations directly involved with the nuclear industry receive regularly education in physical protection according to the recently revised INFCIRC/225/Rev.5. The Korea Institute of Nuclear Nonproliferation and Control (KINAC) and the Nuclear Safety and Security Commission (NSSC), which are mainly responsible for the national nuclear security regime, have already recognized the importance of education and training in physical protection. The NSSC enacted its decree on physical protection education and training in 2010. KINAC was designated as the first educational institute in 2011 and implemented physical protection education as mandatory from 2012.

  8. Implementing Physical Protection Education for an Enhanced Nuclear Security Culture

    International Nuclear Information System (INIS)

    Lee, Jeong Ho; Kim, Hyun Chul; Shin, Ick Hyun; Lee, Hyung Kyung; Choe, Kwan Kyoo

    2013-01-01

    In this paper, we are going to outline our efforts and experiences at implementing physical protection education. KINAC (as the only designated educational institute) places great effort in delivering an effective and a high-quality education program for physical protection. We have also provided a way for nuclear operators to share the lessons they have gained through their own experiences. We made physical protection education an important communication channel, not only among nuclear operators but also between operators and a regulatory body. There is growing attention given to education and training on the subject of physical protection in order to enhance the nuclear security culture. The IAEA recommends that all personnel in organizations directly involved with the nuclear industry receive regularly education in physical protection according to the recently revised INFCIRC/225/Rev.5. The Korea Institute of Nuclear Nonproliferation and Control (KINAC) and the Nuclear Safety and Security Commission (NSSC), which are mainly responsible for the national nuclear security regime, have already recognized the importance of education and training in physical protection. The NSSC enacted its decree on physical protection education and training in 2010. KINAC was designated as the first educational institute in 2011 and implemented physical protection education as mandatory from 2012

  9. Marco Civil da Internet: Limits From the Express and Unequivocal Requirement Consent as a Legal Protection of Personal Data on the Internet

    Directory of Open Access Journals (Sweden)

    Marco Antonio Lima

    2016-10-01

    Full Text Available This article examines the limits of the legal determination of express and unequivocal consent for the collection, use, storage, processing and protection of personal data as provided for in the Marco Civil da Internet (Law 12.965/2014 provided for in the list of rights and guarantees of users of the World Wide Web. With the increasing use of personal data from the Internet, for purposes of market analysis, prospecting investment trends, consumption and guidance of advertising campaigns - possible through technological resources for treatment and analysis of information - it is urgent to effectiveness the legal protection of this intangible property.

  10. Protecting the Privacy and Security of Your Health Information

    Science.gov (United States)

    ... can be used and shared with others. The Security Rule sets rules for how your health information must be kept secure with administrative, technical, and physical safeguards. You may have additional protections and health information rights under your State's laws. ...

  11. Network Based Intrusion Detection and Prevention Systems in IP-Level Security Protocols

    OpenAIRE

    R. Kabila

    2008-01-01

    IPsec has now become a standard information security technology throughout the Internet society. It provides a well-defined architecture that takes into account confidentiality, authentication, integrity, secure key exchange and protection mechanism against replay attack also. For the connectionless security services on packet basis, IETF IPsec Working Group has standardized two extension headers (AH&ESP), key exchange and authentication protocols. It is also working on l...

  12. A Survey on Cyber Security awareness among college students in Tamil Nadu

    Science.gov (United States)

    Senthilkumar, K.; Easwaramoorthy, Sathishkumar

    2017-11-01

    The aim of the study is to analyse the awareness of cyber security on college students in Tamil Nadu by focusing various security threats in the internet. In recent years cybercrime is an enormous challenge in all areas including national security, public safety and personal privacy. To prevent from a victim of cybercrime everyone must know about their own security and safety measures to protect by themselves. A well-structured questionnaire survey method will be applied to analyse the college student’s awareness in the area of cyber security. This survey will be going to conducted in major cities of Tamil Nadu by focusing various security threats like email, virus, phishing, fake advertisement, popup windows and other attacks in the internet. This survey examines the college students’ awareness and the level of awareness about the security issues and some suggestions are set forth to overcome these issues.

  13. Identity Establishment and Capability Based Access Control (IECAC) Scheme for Internet of Things

    DEFF Research Database (Denmark)

    Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.

    2012-01-01

    Internet of Things (IoT) become discretionary part of everyday life and could befall a threat if security is not considered before deployment. Authentication and access control in IoT is equally important to establish secure communication between devices. To protect IoT from man in middle, replay...... and denial of service attacks, the concept of capability for access control is introduced. This paper presents Identity establishment and capability based access control (IECAC) protocol using ECC (Elliptical Curve Cryptography) for IoT along with protocol evaluation, which protect against the aforementioned...

  14. In Law We Trust? Trusted Computing and Legal Responsibility for Internet Security

    Science.gov (United States)

    Danidou, Yianna; Schafer, Burkhard

    This paper analyses potential legal responses and consequences to the anticipated roll out of Trusted Computing (TC). It is argued that TC constitutes such a dramatic shift in power away from users to the software providers, that it is necessary for the legal system to respond. A possible response is to mirror the shift in power by a shift in legal responsibility, creating new legal liabilities and duties for software companies as the new guardians of internet security.

  15. Cyber security in nuclear power plants and its portability to other industrial infrastructures

    International Nuclear Information System (INIS)

    Champigny, Sebastien; Gupta, Deeksha; Watson, Venesa; Waedt, Karl

    2017-01-01

    Power generation increasingly relies on decentralised and interconnected computerised systems. Concepts like ''Industrial Internet of Things'' of the Industrial Internet Consortium (IIC), and ''Industry 4.0'' find their way in this strategic industry. Risk of targeted exploits of errors and vulnerabilities increases with complexity, interconnectivity and decentralization. Inherently stringent security requirements and features make nuclear computerised applications and systems a benchmark for industrial counterparts seeking to hedge against those risks. Consequently, this contribution presents usual cyber security regulations and practices for nuclear power plants. It shows how nuclear cyber security can be ported and used in an industrial context to protect critical infrastructures against cyber-attacks and industrial espionage.

  16. 22 CFR 1101.5 - Security, confidentiality and protection of records.

    Science.gov (United States)

    2010-04-01

    ... 22 Foreign Relations 2 2010-04-01 2010-04-01 true Security, confidentiality and protection of... Bureau of Standard's booklet “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May... STATES AND MEXICO, UNITED STATES SECTION PRIVACY ACT OF 1974 § 1101.5 Security, confidentiality and...

  17. APPROACH TO CYBER SECURITY ISSUES IN NIGERIA: CHALLENGES AND SOLUTION

    Directory of Open Access Journals (Sweden)

    Frank Ibikunle

    2013-06-01

    Full Text Available Cyber-space refers to the boundless space known as the internet. Cyber-security is the body of rules put in place for the protection of the cyber space. Cyber-crime refers to the series of organized crime attacking both cyber space and cyber security. The Internet is one of the fastest-growing areas of technical infrastructure development. Over the past decades, the growth of the internet and its use afforded everyone this opportunity. Google, Wikipedia and Bing to mention a few, give detailed answers to millions of questions every day. Cyberspace is a world that contains just about anything one is searching for. With the advent of these advancements in information accessibility and the advantages and applications of the internet comes an exponentially growing disadvantage- Cyber Crime. Cyber security has risen to become a national concern as threats concerning it now need to be taken more seriously. This paper attempts to provide an overview of Cybercrime and Cyber-security. It defines the concept of cybercrime, identify reasons for cyber-crime and its eradication. It look at those involved and the reasons for their involvement. Methods of stepping up cyber security and the recommendations that would help in checking the increasing rate of cyber-crimes were highlighted. The paper also attempts to name some challenges of cybercrime and present practical and logical solutions to these threats.

  18. Security Enhancement for Multicast over Internet of Things by Dynamically Constructed Fountain Codes

    Directory of Open Access Journals (Sweden)

    Qinghe Du

    2018-01-01

    Full Text Available The Internet of Things (IoT is expected to accommodate every object which exists in this world or likely to exist in the near future. The enormous scale of the objects is challenged by big security concerns, especially for common information dissemination via multicast services, where the reliability assurance for multiple multicast users at the cost of increasing redundancy and/or retransmissions also benefits eavesdroppers in successfully decoding the overheard signals. The objective of this work is to address the security challenge present in IoT multicast applications. Specifically, with the presence of the eavesdropper, an adaptive fountain code design is proposed in this paper to enhance the security for multicast in IoT. The main novel features of the proposed scheme include two folds: (i dynamical encoding scheme which can effectively decrease intercept probability at the eavesdropper; (ii increasing the transmission efficiency compared with the conventional nondynamical design. The analysis and simulation results show that the proposed scheme can effectively enhance information security while achieving higher transmission efficiency with a little accredited complexity, thus facilitating the secured wireless multicast transmissions over IoT.

  19. Safeguarding the User - Developing a Multimodal Design for Surveying and Raising Internet Safety and Security Awareness

    DEFF Research Database (Denmark)

    Gjedde, Lisa; Sharp, Robin; Andersen, Preben

    2009-01-01

    Internet safety and security for the user is an issue of great importance for the successful implementation of ICT, but since it is a complex field, with a specialist vocabulary that cannot immediately be understood by the common user, it is difficult to survey the field. The user may not underst......Internet safety and security for the user is an issue of great importance for the successful implementation of ICT, but since it is a complex field, with a specialist vocabulary that cannot immediately be understood by the common user, it is difficult to survey the field. The user may...... describes an ICT-based research method that combines a verbal mode of inquiry with a visual mode employing illustrations, animations and simulations to provide the user with a multimodal media experience. The rationale for this is that we are working in a complex technical field with a specialist vocabulary...

  20. The Regulatory Framework for Privacy and Security

    Science.gov (United States)

    Hiller, Janine S.

    The internet enables the easy collection of massive amounts of personally identifiable information. Unregulated data collection causes distrust and conflicts with widely accepted principles of privacy. The regulatory framework in the United States for ensuring privacy and security in the online environment consists of federal, state, and self-regulatory elements. New laws have been passed to address technological and internet practices that conflict with privacy protecting policies. The United States and the European Union approaches to privacy differ significantly, and the global internet environment will likely cause regulators to face the challenge of balancing privacy interests with data collection for many years to come.

  1. 78 FR 5122 - NASA Security and Protective Services Enforcement

    Science.gov (United States)

    2013-01-24

    ... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION 14 CFR Parts 1203a, 1203b, and 1204 [Docket No NASA-2012-0007] RIN 2700-AD89 NASA Security and Protective Services Enforcement AGENCY: National Aeronautics... nonsubstantive changes to NASA regulations to clarify the procedures for establishing controlled/ secure areas...

  2. Using Internet search behavior to assess public awareness of protected wetlands.

    Science.gov (United States)

    Do, Yuno; Kim, Ji Yoon; Lineman, Maurice; Kim, Dong-Kyun; Joo, Gea-Jae

    2015-02-01

    Improving public awareness of protected wetlands facilitates sustainable wetland management, which depends on public participation. One way of gauging public interest is by tracking Internet search behavior (ISB). We assessed public awareness of issues related to protected wetland areas (PWAs) in South Korea by examining the frequencies of specific queries (PWAs, Ramsar, Upo wetland, Sunchon Bay, etc.) using relative search volumes (RSVs) obtained from an Internet search engine. RSV shows how many times a search term is used relative to a second search term during a specific period. Public awareness of PWAs changed from 2007 to 2013. Initially the majority of Internet searches were related to the most well-known tidal and inland wetlands Sunchon Bay and Upo wetlands, which are the largest existing wetlands in Korea with the greatest historical exposure. Public awareness, as reflected in RSVs, of wetlands increased significantly following PWA designation for the wetlands in 2008, which followed the Ramsar 10th Conference of Contracting Parties to the Convention on Wetlands (COP10) meeting. Public interest was strongly correlated to the number of news articles in the popular media, as evidenced by the increase in Internet searches for specific wetlands and words associated with specific wetlands. Correspondingly, the number of visitors to specific wetlands increased. To increase public interest in wetlands, wetland aspects that enhance wetland conservation should be promoted by the government and enhanced via public education. Our approach can be used to gauge public awareness and participation in a wide range of conservation efforts. © 2014 Society for Conservation Biology.

  3. PENGGUNAAN TEKNOLOGI INTERNET DALAM BISNIS

    Directory of Open Access Journals (Sweden)

    Oviliani Yuliana

    2000-01-01

    Full Text Available The uses of internet in business are for information exchange, product catalog, promotion media, electronic mail, bulletin boards, electronic questioner, and mailing list. Internet can also be used for dialog, discussion, and consultation with customer online, therefore consumer can be proactively and interactively involved in designing, developing, marketing, and selling products. There are 2 methods for marketing products via internet, which are push and pull marketing. The advantages of internet in business strategy are global and interactive communication, information supply; consumer based service; increased cooperation; possibility to open new marketplace, product or services; and integrated the activity on-line. There are 2 applications in electronic commerce, which are business-to-business and business-to-consumer commerce. Electronic commerce payment transaction is arranged by Electronic Funds Transfer system, whereas the data security is governed by Secure Socket Layer, which then be developed to Secure Electronic Transaction. Abstract in Bahasa Indonesia : Internet dalam bisnis digunakan untuk pertukaran informasi, katalog produk, media promosi, surat elektronik, bulletin boards, kuesioner elektronik, dan mailing list. Internet juga bisa digunakan untuk berdialog, berdiskusi, dan konsultasi dengan konsumen secara on-line, sehingga konsumen dapat dilibatkan secara proaktif dan interaktif dalam perancangan, pengembangan, pemasaran, dan penjualan produk. Pemasaran lewat internet ada 2 metode, yaitu push dan pull marketing. Keunggulan strategi bisnis yang dapat diperoleh dari internet adalah komunikasi global dan interaktif; menyediakan informasi dan pelayanan sesuai dengan kebutuhan konsumen; meningkatkan kerja sama; memungkinkan untuk membuka pasar, produk, atau pelayanan baru; serta mengintegrasikan aktivitas secara on-line. Aplikasi Electronic Commerce ada 2, yaitu: Business-to-Consumer dan Business-to-Business Commerce. Pembayaran

  4. Internet Economics IV

    Science.gov (United States)

    2004-08-01

    edts.): Internet Economics IV Technical Report No. 2004-04, August 2004 Information Systems Laboratory IIS, Departement of Computer Science University of...level agreements (SLA), Information technology (IT), Internet address, Internet service provider 16. PRICE CODE 17. SECURITY CLASSIFICATION 18... technology and its economic impacts in the Internet world today. The second talk addresses the area of AAA protocol, summarizing authentication

  5. [A security protocol for the exchange of personal medical data via Internet: monitoring treatment and drug effects].

    Science.gov (United States)

    Viviani, R; Fischer, J; Spitzer, M; Freudenmann, R W

    2004-04-01

    We present a security protocol for the exchange of medical data via the Internet, based on the type/domain model. We discuss two applications of the protocol: in a system for the exchange of data for quality assurance, and in an on-line database of adverse reactions to drug use. We state that a type/domain security protocol can successfully comply with the complex requirements for data privacy and accessibility typical of such applications.

  6. Annual training manual for security training: Protective force

    Energy Technology Data Exchange (ETDEWEB)

    1990-10-01

    Westinghouse is committed to high quality training relevant to the need of the Protective Forces at the Waste Isolation Pilot Plant (WIPP). The training programs at WIPP are designed to qualify Security personnel to perform WIPP security missions in a professional and responsible manner. The program consists of basic as well as sustainment training, as further described in this plan. This plan documents the WIPP Security training program for security personnel for calendar year 1990. The programs detailed in this plan are designed to adequately train persons to ensure the uninterrupted continuity of Department of Energy (DOE)/Westinghouse operations. The Security Training Program consists of four basic elements. These elements are (1) basic level training; (2) on-the-job training; (3) refresher training; and (4) in-service training.

  7. Guarding America: Security Guards and U.S. Critical Infrastructure Protection

    National Research Council Canada - National Science Library

    Parfomak, Paul W

    2004-01-01

    The Bush Administration's 2003 National Strategy for the Physical Protection of Critical Infrastructures and Key Assets indicates that security guards are an important source of protection for critical facilities...

  8. Secure transfer of surveillance data over Internet using Virtual Private Network technology. Field trial between STUK and IAEA

    International Nuclear Information System (INIS)

    Smartt, H.; Martinez, R.; Caskey, S.; Honkamaa, T.; Ilander, T.; Poellaenen, R.; Jeremica, N.; Ford, G.

    2000-01-01

    One of the primary concerns of employing remote monitoring technologies for IAEA safeguards applications is the high cost of data transmission. Transmitting data over the Internet has been shown often to be less expensive than other data transmission methods. However, data security of the Internet is often considered to be at a low level. Virtual Private Networks has emerged as a solution to this problem. A field demonstration was implemented to evaluate the use of Virtual Private Networks (via the Internet) as a means for data transmission. Evaluation points included security, reliability and cost. The existing Finnish Remote Environmental Monitoring System, located at the STUK facility in Helsinki, Finland, served as the field demonstration system. Sandia National Laboratories (SNL) established a Virtual Private Network between STUK (Radiation and Nuclear Safety Authority) Headquarters in Helsinki, Finland, and IAEA Headquarters in Vienna, Austria. Data from the existing STUK Remote Monitoring System was viewed at the IAEA via this network. The Virtual Private Network link was established in a proper manner, which guarantees the data security. Encryption was verified using a network sniffer. No problems were? encountered during the test. In the test system, fixed costs were higher than in the previous system, which utilized telephone lines. On the other hand transmission and operating costs are very low. Therefore, with low data amounts, the test system is not cost-effective, but if the data amount is tens of Megabytes per day the use of Virtual Private Networks and Internet will be economically justifiable. A cost-benefit analysis should be performed for each site due to significant variables. (orig.)

  9. Improving the Security of Internet Banking Applications by Using Multimodal Biometrics

    Directory of Open Access Journals (Sweden)

    Cătălin Lupu

    2015-03-01

    Full Text Available Online banking applications are used by more and more people all over the world. Most of the banks are providing these services to their customers. The authentication methods varies from the basic user and password to username and a onetime password (OTP generated by a virtual or a physical digipass. The common thing among authentication methods is that the login wepage is provided through a secure channel. Some banks have introduced (especially for testing purposes the authentication using common biometric characteristics, like fingerprint, voice or keystroke recognition. This paper will present some of the most common online banking authentication methods, together with basic biometric characteristics that could be used in these applications. The security in internet banking applications can be improved by using biometrics for the authentication process. Also, the authors have developed an application for authentication of users using fingerprint as the main characteristic, which will be presented at the end of this paper.

  10. Consumer protection and internet shopping

    OpenAIRE

    Blažková, Lenka

    2010-01-01

    The diploma thesis is devoted to the issue of online shopping. Its aim is to analyze internet shopping and see the rights and obligations of consumers and sellers, which are based on current legislation. The thesis is divided into two parts. The theoretical part deals with purchase over the internet and its regulations. There are explained the concepts internet, e-business and e-commerce and indicate the types of e-business and is mentioned certification of online stores. The practical part i...

  11. On technical security issues in cloud computing

    DEFF Research Database (Denmark)

    Jensen, Meiko; Schwenk, Jörg; Gruschka, Nils

    2009-01-01

    , however, there are still some challenges to be solved. Amongst these are security and trust issues, since the user's data has to be released to the Cloud and thus leaves the protection sphere of the data owner. Most of the discussions on this topics are mainly driven by arguments related to organisational......The Cloud Computing concept offers dynamically scalable resources provisioned as a service over the Internet. Economic benefits are the main driver for the Cloud, since it promises the reduction of capital expenditure (CapEx) and operational expenditure (OpEx). In order for this to become reality...... means. This paper focusses on technical security issues arising from the usage of Cloud services and especially by the underlying technologies used to build these cross-domain Internet-connected collaborations....

  12. Ensuring Freedoms and Protecting Rights in the Governance of the Internet: A Comparative Analysis on Blocking Measures and Internet Providers’ Removal of Illegal Internet Content

    Directory of Open Access Journals (Sweden)

    Katalin Parti

    2013-02-01

    Full Text Available Removing illegal or harmful material from the internet has been pursued for more than two decades. The advent of Web 2.0, with the prominent increase and diffusion of user-generated content, amplifies the necessity for technical and legal frameworks enabling the removal of illegal material from the network. This study deals with different levels and methods of Internet ‘cleansing’ measures, comparing government regulated and Internet service provider based removals of illegal Internet content. The paper aims at putting the regulatory option of internet blocking measures into the broader perspective of the legal framework regulating the (exemption from liability of Intermediary Service Providers (ISPs for user-generated contents. In addition, the paper suggests proposals on which regulatory options can better ensure the respect of freedoms and the protection of rights. The paper introduces several significant cases of blocking online copyright infringing materials. Copyright related blocking techniques have been devised for business reasons – by copyright holders’ associations. It must be recalled, however, that these blocking actions cannot be enforced without the states’ intervention. These business-level actions become isolated if they are not supported by both the European Union and its Member States. Conversely, state-centred initiatives cannot work out without the private sector’s cooperation. Internet service providers play a crucial role in this cooperative framework because of their task of providing access to the Internet and hosting web contents.

  13. Critical Infrastructure Protection: Maintenance is National Security

    Directory of Open Access Journals (Sweden)

    Kris Hemme

    2015-10-01

    Full Text Available U.S. critical infrastructure protection (CIP necessitates both the provision of security from internal and external threats and the repair of physically damaged critical infrastructure which may disrupt services. For years, the U.S. infrastructure has been deteriorating, triggering enough damage and loss of life to give cause for major concern. CIP is typically only addressed after a major disaster or catastrophe due to the extreme scrutiny that follows these events. In fact, CIP has been addressed repeatedly since Presidential Decision Directive Sixty-Three (PDD Sixty-Three signed by President Bill Clinton on May Twenty-Second, 1998.[1] This directive highlighted critical infrastructure as “a growing potential vulnerability” and recognized that the United States has to view the U.S. national infrastructure from a security perspective due to its importance to national and economic security. CIP must be addressed in a preventive, rather than reactive, manner.[2] As such, there are sixteen critical infrastructure sectors, each with its own protection plan and unique natural and man-made threats, deteriorations, and risks. A disaster or attack on any one of these critical infrastructures could cause serious damage to national security and possibly lead to the collapse of the entire infrastructure. [1] The White House, Presidential Decision Directive/NSC–63 (Washington D.C.: The White House, May 22, 1998: 1–18, available at: http://www.epa.gov/watersecurity/tools/trainingcd/Guidance/pdd-63.pdf. [2] Ibid, 1.

  14. Comparison of risk and protective factors associated with smartphone addiction and Internet addiction

    OpenAIRE

    Choi, Sam-Wook; Kim, Dai-Jin; Choi, Jung-Seok; Ahn, Heejune; Choi, Eun-Jeung; Song, Won-Young; Kim, Seohee; Youn, Hyunchul

    2015-01-01

    Background and Aims Smartphone addiction is a recent concern that has resulted from the dramatic increase in worldwide smartphone use. This study assessed the risk and protective factors associated with smartphone addiction in college students and compared these factors to those linked to Internet addiction. Methods College students (N?=?448) in South Korea completed the Smartphone Addiction Scale, the Young?s Internet Addiction Test, the Alcohol Use Disorders Identification Test, the Beck De...

  15. Cyber security in nuclear power plants and its portability to other industrial infrastructures

    Energy Technology Data Exchange (ETDEWEB)

    Champigny, Sebastien; Gupta, Deeksha; Watson, Venesa; Waedt, Karl [AREVA GmbH, Erlangen (Germany)

    2017-06-15

    Power generation increasingly relies on decentralised and interconnected computerised systems. Concepts like ''Industrial Internet of Things'' of the Industrial Internet Consortium (IIC), and ''Industry 4.0'' find their way in this strategic industry. Risk of targeted exploits of errors and vulnerabilities increases with complexity, interconnectivity and decentralization. Inherently stringent security requirements and features make nuclear computerised applications and systems a benchmark for industrial counterparts seeking to hedge against those risks. Consequently, this contribution presents usual cyber security regulations and practices for nuclear power plants. It shows how nuclear cyber security can be ported and used in an industrial context to protect critical infrastructures against cyber-attacks and industrial espionage.

  16. Securing SQL Server Protecting Your Database from Attackers

    CERN Document Server

    Cherry, Denny

    2011-01-01

    There is a lot at stake for administrators taking care of servers, since they house sensitive data like credit cards, social security numbers, medical records, and much more. In Securing SQL Server you will learn about the potential attack vectors that can be used to break into your SQL Server database, and how to protect yourself from these attacks. Written by a Microsoft SQL Server MVP, you will learn how to properly secure your database, from both internal and external threats. Best practices and specific tricks employed by the author will also be revealed. Learn expert techniques to protec

  17. Securing SQL server protecting your database from attackers

    CERN Document Server

    Cherry, Denny

    2015-01-01

    SQL server is the most widely-used database platform in the world, and a large percentage of these databases are not properly secured, exposing sensitive customer and business data to attack. In Securing SQL Server, Third Edition, you will learn about the potential attack vectors that can be used to break into SQL server databases as well as how to protect databases from these attacks. In this book, Denny Cherry - a Microsoft SQL MVP and one of the biggest names in SQL server - will teach you how to properly secure an SQL server database from internal and external threats using best practic

  18. The Internet of Things Security

    OpenAIRE

    Đekić Milica D.

    2017-01-01

    The Internet of Things (IoT) is a quite new concept covering on digital systems being correlated with each other. The first role of the Internet was to connect people, while this new paradigm serves in terms of connecting devices. Those solutions could get connected to each other using a standard web signal or applying another sort of communication channels. It's estimated that the IoT has included around 4.9 billion devices by the end of 2015, while it's expected that there would be 25 billi...

  19. Secure Fiberoptic Communications

    Science.gov (United States)

    Hodara, Henri

    At the heart of our current information explosion is the communication network. Networks are now an intrinsic part of our daily activities, whether they are for Internet business transactions or military communications in Future Combat Systems. Protection of this communication infrastructure is a must. In this article, we discuss two approaches for securing all-optical networks. The first is an optical encryption technique that denies the information to intruders. The second is an authentication scheme capable of detecting and identifying unauthorized users.

  20. 10 CFR 95.25 - Protection of National Security Information and Restricted Data in storage.

    Science.gov (United States)

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Protection of National Security Information and Restricted Data in storage. 95.25 Section 95.25 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY... Protection of National Security Information and Restricted Data in storage. (a) Secret matter, while...

  1. 76 FR 34732 - Privacy Act of 1974; Department of Homeland Security/National Protection and Programs Directorate...

    Science.gov (United States)

    2011-06-14

    ... 1974; Department of Homeland Security/National Protection and Programs Directorate--002 Chemical... Homeland Security/National Protection and Programs Directorate--002 Chemical Facility Anti-Terrorism.... 552a, the Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD...

  2. 78 FR 666 - Treasury Inflation-Protected Securities Issued at a Premium; Bond Premium Carryforward

    Science.gov (United States)

    2013-01-04

    ...-BL29 Treasury Inflation-Protected Securities Issued at a Premium; Bond Premium Carryforward AGENCY... contains final regulations that provide guidance on the tax treatment of Treasury Inflation-Protected... regulations in this document provide guidance to holders of Treasury Inflation-Protected Securities and other...

  3. 78 FR 6807 - Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait...

    Science.gov (United States)

    2013-01-31

    ... coordinating and sponsoring an executive-led Critical Infrastructure Protection and Cyber Security mission to... on the cyber security, critical infrastructure protection, and emergency management, ports of entry... security, including border protection, civil defense capabilities, and coast guard and maritime...

  4. 75 FR 75711 - Securities Investor Protection Corporation; Notice of Filing of a Proposed Bylaw Change Relating...

    Science.gov (United States)

    2010-12-06

    ... Securities Investor Protection Corporation (``SIPC'') filed with the Securities and Exchange Commission... Members, Rel. No. SIPA-156, 56 FR 51952 (Oct. 16, 1991). \\6\\ Securities Investor Protection Corporation... SECURITIES AND EXCHANGE COMMISSION [Release No. SIPA-169; File No. SIPC-2010-01] Securities...

  5. An Internet-based tailored hearing protection intervention for firefighters: development process and users' feedback.

    Science.gov (United States)

    Hong, OiSaeng; Eakin, Brenda L; Chin, Dal Lae; Feld, Jamie; Vogel, Stephen

    2013-07-01

    Noise-induced hearing loss is a significant occupational injury for firefighters exposed to intermittent noise on the job. It is important to educate firefighters about using hearing protection devices whenever they are exposed to loud noise. Computer technology is a relatively new health education approach and can be useful for tailoring specific aspects of behavioral change training. The purpose of this study is to present the development process of an Internet-based tailored intervention program and to assess its efficacy. The intervention programs were implemented for 372 firefighters (mean age = 44 years, Caucasian = 82%, male = 95%) in three states (California, Illinois, and Indiana). The efficacy was assessed from firefighters' feedback through an Internet-based survey. A multimedia Internet-based training program was developed through (a) determining program content and writing scripts, (b) developing decision-making algorithms for tailoring, (c) graphic design and audio and video productions, (d) creating computer software and a database, and (e) postproduction quality control and pilot testing. Participant feedback regarding the training has been very positive. Participants reported that they liked completing the training via computer (83%) and also that the Internet-based training program was well organized (97%), easy to use (97%), and effective (98%) and held their interest (79%). Almost all (95%) would recommend this Internet training program to other firefighters. Interactive multimedia computer technology using the Internet was a feasible mode of delivery for a hearing protection intervention among firefighters. Participants' favorable feedback strongly supports the continued utilization of this approach for designing and developing interventions to promote healthy behaviors.

  6. ASPECTS OF POLICIES AND STRATEGIES FOR CYBER SECURITY IN THE EUROPEAN UNION

    Directory of Open Access Journals (Sweden)

    Ilina ARMENCHEVA

    2015-10-01

    Full Text Available Freedom and prosperity of mankind greatly depend on an innovative, safe and reliable Internet that, of course, will keep evolving. Cyber space must be protected from incidents, misuse and abuse. Handling the increasing number of threats to cyber security is a challenge that national security and the trend in the international environment face. This makes taking fast and adequate measures at national, European and international level a must. Changing national security strategies and adopting new cyber security strategies are a part of these measures.

  7. A secure online image trading system for untrusted cloud environments.

    Science.gov (United States)

    Munadi, Khairul; Arnia, Fitri; Syaryadhi, Mohd; Fujiyoshi, Masaaki; Kiya, Hitoshi

    2015-01-01

    In conventional image trading systems, images are usually stored unprotected on a server, rendering them vulnerable to untrusted server providers and malicious intruders. This paper proposes a conceptual image trading framework that enables secure storage and retrieval over Internet services. The process involves three parties: an image publisher, a server provider, and an image buyer. The aim is to facilitate secure storage and retrieval of original images for commercial transactions, while preventing untrusted server providers and unauthorized users from gaining access to true contents. The framework exploits the Discrete Cosine Transform (DCT) coefficients and the moment invariants of images. Original images are visually protected in the DCT domain, and stored on a repository server. Small representation of the original images, called thumbnails, are generated and made publicly accessible for browsing. When a buyer is interested in a thumbnail, he/she sends a query to retrieve the visually protected image. The thumbnails and protected images are matched using the DC component of the DCT coefficients and the moment invariant feature. After the matching process, the server returns the corresponding protected image to the buyer. However, the image remains visually protected unless a key is granted. Our target application is the online market, where publishers sell their stock images over the Internet using public cloud servers.

  8. A Novel Security Scheme Based on Instant Encrypted Transmission for Internet of Things

    Directory of Open Access Journals (Sweden)

    Chen Wang

    2018-01-01

    Full Text Available Internet of Things (IoT is a research field that has been continuously developed and innovated in recent years and is also an important driving force for the improvement of people’s life in the future. There are lots of scenarios in IoT where we need to collaborate through devices to complete tasks; that is, a device sends data to other devices, and other devices operate on the aid of the data. These transmitted data are often users’ privacy data, such as medical data and grid data. We propose an instant encrypted transmission based security scheme for such scenarios in IoT. The analysis in this paper indicates that our scheme can guarantee the security of users’ data while ensuring rapid transmission and acquisition of instant IoT data.

  9. Evolution of Internet addiction in Greek adolescent students over a two-year period: the impact of parental bonding.

    Science.gov (United States)

    Siomos, Konstantinos; Floros, Georgios; Fisoun, Virginia; Evaggelia, Dafouli; Farkonas, Nikiforos; Sergentani, Elena; Lamprou, Maria; Geroukalis, Dimitrios

    2012-04-01

    We present results from a cross-sectional study of the entire adolescent student population aged 12-18 of the island of Kos and their parents, on Internet abuse, parental bonding and parental online security practices. We also compared the level of over involvement with personal computers of the adolescents to the respective estimates of their parents. Our results indicate that Internet addiction is increased in this population where no preventive attempts were made to combat the phenomenon from the initial survey, 2 years ago. This increase is parallel to an increase in Internet availability. The best predictor variables for Internet and computer addiction were parental bonding variables and not parental security practices. Parents tend to underestimate the level of computer involvement when compared to their own children estimates. Parental safety measures on Internet browsing have only a small preventive role and cannot protect adolescents from Internet addiction. The three online activities most associated with Internet addiction were watching online pornography, online gambling and online gaming. © Springer-Verlag 2012

  10. 76 FR 2728 - Securities Investor Protection Corporation; Order Approving a Proposed Bylaw Change Relating to...

    Science.gov (United States)

    2011-01-14

    ... on SIPC Members January 10, 2011. On October 8, 2010, the Securities Investor Protection Corporation... pursuant to Section 3(e)(1) of the Securities Investor Protection Act of 1970 (``SIPA''), 15 U.S.C. 78ccc(e... SECURITIES AND EXCHANGE COMMISSION [Release No. SIPA-170; File No. SIPC-2010-01] Securities...

  11. DeviceGuard: External Device-Assisted System And Data Security

    OpenAIRE

    Deng, Yipan

    2011-01-01

    This thesis addresses the threat that personal computer faced from malware when the personal computer is connected to the Internet. Traditional host-based security approaches, such as anti-virus scanning protect the host from virus, worms, Trojans and other malwares. One of the issues of the host-based security approaches is that when the operating system is compromised by the malware, the antivirus software also becomes vulnerable. In this thesis, we present a novel approach through usin...

  12. 78 FR 31955 - Privacy Act of 1974; Department of Homeland Security National Protection and Programs Directorate...

    Science.gov (United States)

    2013-05-28

    ... 1974; Department of Homeland Security National Protection and Programs Directorate--001 Arrival and... of records titled Department of Homeland Security/National Protection and Programs Directorate--001... of 1974, 5 U.S.C. 552a, the Department of Homeland Security (DHS) National Protection and Programs...

  13. 17 CFR 240.15c3-3 - Customer protection-reserves and custody of securities.

    Science.gov (United States)

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Customer protection-reserves... Markets § 240.15c3-3 Customer protection—reserves and custody of securities. (a) Definitions. For the... the dealer as to that collateral; (iii) The Securities Investor Protection Act of 1970 (15 U.S.C...

  14. Security risk assessment and protection in the chemical and process industry

    OpenAIRE

    Reniers, Genserik; van Lerberghe, Paul; van Gulijk, Coen

    2014-01-01

    This article describes a security risk assessment and protection methodology that was developed for use in the chemical- and process industry in Belgium. The approach of the method follows a risk-based approach that follows desing principles for chemical safety. That approach is beneficial for workers in the chemical industry because they recognize the steps in this model from familiar safety models .The model combines the rings-of-protection approach with generic security practices including...

  15. Saving the internet.

    Science.gov (United States)

    Zittrain, Jonathan

    2007-06-01

    The Internet goose has laid countless golden eggs, along with a growing number of rotten ones. But it's the rotten ones that now tempt commercial, governmental, and consumer interests to threaten the Internet's uniquely creative power. The expediently selected, almost accidentally generative properties of the Internet - its technical openness, ease of access and mastery, and adaptability - have combined, especially when coupled with those of the PC, to produce an unsurpassed environment for innovative experiment. Those same properties, however, also make the Internet hospitable to various forms of wickedness: hacking, porn, spam, fraud, theft, predation, and attacks on the network itself. As these undesirable phenomena proliferate, business, government, and many users find common cause for locking down Internet and PC architecture in the interests of security and order. PC and Internet security vulnerabilities are a legitimate menace. However, the most likely reactions - if they are not forestalled - will be at least as unfortunate as the security problems themselves. Consider the growing profusion of "tethered appliances" - devices whose functions cannot readily be altered by their owners (think TiVo). Such appliances take Internet innovations and wrap them up in a neat, easy-to-use package, which is good - but only if the Internet and PC can remain sufficiently in the center of the digital ecosystem to produce the next round of innovations and to generate competition. People buy these devices for their convenience or functionality and may appreciate the fact that they are safer to use (they limit the damage users can do through ignorance or carelessness). But the risk is that users, by migrating to such appliances, will unwittingly trade away the future benefits of generativity - a loss that will go unappreciated even as innovation tapers off.

  16. A Federated Capability-based Access Control Mechanism for Internet of Things (IoTs)

    OpenAIRE

    Xu, Ronghua; Chen, Yu; Blasch, Erik; Chen, Genshe

    2018-01-01

    The prevalence of Internet of Things (IoTs) allows heterogeneous embedded smart devices to collaboratively provide intelligent services with or without human intervention. While leveraging the large-scale IoT-based applications like Smart Gird and Smart Cities, IoT also incurs more concerns on privacy and security. Among the top security challenges that IoTs face is that access authorization is critical in resource and information protection over IoTs. Traditional access control approaches, l...

  17. The Internet of Hackable Things

    OpenAIRE

    Giaretta, Alberto; Mazzara, Manuel; Dragoni, Nicola

    2017-01-01

    The Internet of Things makes possible to connect each everyday object to the Internet, making computing pervasive like never before. From a security and privacy perspective, this tsunami of connectivity represents a disaster, which makes each object remotely hackable. We claim that, in order to tackle this issue, we need to address a new challenge in security: education.

  18. Leadership and New Technologies. New Security Issues for Management of Internet Connectivity and Remote Control in Automotive Industry

    Directory of Open Access Journals (Sweden)

    Cosmin Cătălin Olteanu

    2015-05-01

    Full Text Available The main purpose of the paper is to illustrate the importance of implementing new security policies for infotainment systems in automotive industry. A car is full of technology and is easier today to control car systems through an internet connection linked to car system infotainment. This is how it is possible to gain control of critical car systems. More than 84% of users doesn’t even know the risk of remote control of the car in the presence of Internet connection.

  19. Security Concerns in Android mHealth Apps.

    Science.gov (United States)

    He, Dongjing; Naveed, Muhammad; Gunter, Carl A; Nahrstedt, Klara

    2014-01-01

    Mobile Health (mHealth) applications lie outside of regulatory protection such as HIPAA, which requires a baseline of privacy and security protections appropriate to sensitive medical data. However, mHealth apps, particularly those in the app stores for iOS and Android, are increasingly handling sensitive data for both professionals and patients. This paper presents a series of three studies of the mHealth apps in Google Play that show that mHealth apps make widespread use of unsecured Internet communications and third party servers. Both of these practices would be considered problematic under HIPAA, suggesting that increased use of mHealth apps could lead to less secure treatment of health data unless mHealth vendors make improvements in the way they communicate and store data.

  20. 77 FR 15319 - Treasury Inflation-Protected Securities Issued at a Premium; Hearing Cancellation

    Science.gov (United States)

    2012-03-15

    ... DEPARTMENT OF THE TREASURY Internal Revenue Service 26 CFR Part 1 [REG-130777-11] RIN 1545-BK45 Treasury Inflation-Protected Securities Issued at a Premium; Hearing Cancellation AGENCY: Internal Revenue...), providing guidance on the tax treatment of Treasury Inflation-Protected Securities issued with more than a...

  1. A Survey of How to Use Blockchain to Secure Internet of Things and the Stalker Attack

    Directory of Open Access Journals (Sweden)

    Emanuel Ferreira Jesus

    2018-01-01

    Full Text Available The Internet of Things (IoT is increasingly a reality today. Nevertheless, some key challenges still need to be given particular attention so that IoT solutions further support the growing demand for connected devices and the services offered. Due to the potential relevance and sensitivity of services, IoT solutions should address the security and privacy concerns surrounding these devices and the data they collect, generate, and process. Recently, the Blockchain technology has gained much attention in IoT solutions. Its primary usage scenarios are in the financial domain, where Blockchain creates a promising applications world and can be leveraged to solve security and privacy issues. However, this emerging technology has a great potential in the most diverse technological areas and can significantly help achieve the Internet of Things view in different aspects, increasing the capacity of decentralization, facilitating interactions, enabling new transaction models, and allowing autonomous coordination of the devices. The paper goal is to provide the concepts about the structure and operation of Blockchain and, mainly, analyze how the use of this technology can be used to provide security and privacy in IoT. Finally, we present the stalker, which is a selfish miner variant that has the objective of preventing a node to publish its blocks on the main chain.

  2. Securing internet by eliminating DDOS attacks

    Science.gov (United States)

    Niranchana, R.; Gayathri Devi, N.; Santhi, H.; Gayathri, P.

    2017-11-01

    The major threat caused to the authorised usage of Internet is Distributed Denial of Service attack. The mechanisms used to prevent the DDoS attacks are said to overcome the attack’s ability in spoofing the IP packets source addresses. By utilising Internet Protocol spoofing, the attackers cause a consequential load over the networks destination for policing attack packets. To overcome the IP Spoofing level on the Internet, We propose an Inter domain Packet Filter (IPF) architecture. The proposed scheme is not based on global routing information. The packets with reliable source addresses are not rejected, the IPF frame work works in such a manner. The spoofing capability of attackers is confined by IPF, and also the filter identifies the source of an attack packet by minimal number of candidate network.

  3. WRR-Policy Brief 6 : Big data and security policies: serving security, protecting freedom

    NARCIS (Netherlands)

    Broeders, Dennis; Schrijvers, Erik; Hirsch Ballin, Ernst

    2017-01-01

    Big Data analytics in national security, law enforcement and the fight against fraud can reap great benefits for states, citizens and society but require extra safeguards to protect citizens’ fundamental rights. This requires new frameworks: a crucial shift is necessary from regulating the phase of

  4. 78 FR 56266 - Consent Based Social Security Number Verification (CBSV) Service

    Science.gov (United States)

    2013-09-12

    ... developed CBSV as a user- friendly, internet-based application with safeguards that protect the public's information. In addition to the benefit of providing high volume, centralized SSN verification services to users in a secure manner, CBSV provides us with cost and workload management benefits. New Information...

  5. Competitive Cyber-Insurance and Internet Security

    Science.gov (United States)

    Shetty, Nikhil; Schwartz, Galina; Felegyhazi, Mark; Walrand, Jean

    This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user's probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyberinsurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users' security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

  6. An Efficient Electronic English Auction System with a Secure On-Shelf Mechanism and Privacy Preserving

    Directory of Open Access Journals (Sweden)

    Hong Zhong

    2016-01-01

    Full Text Available With the rapid development of the Internet, electronic commerce has become more and more popular. As an important element of e-commerce, many Internet companies such as Yahoo! and eBay have launched electronic auction systems. However, like most electronic commerce products, safety is an important issue that should be addressed. Many researchers have proposed secure electronic auction mechanisms, but we found that some of them do not exhibit the property of unlinkability, which leads to the leakage of users’ privacy. Considering the importance of privacy preservation, we have designed a new auction mechanism. Through symmetrical key establishment in the registration phase, all messages transmitted over the Internet would be protected and, meanwhile, achieve the property of unlinkability. The security analysis and performance analysis show that our protocol fulfills more security properties and is more efficient for implementation compared with recent works.

  7. Service-Oriented Security Framework for Remote Medical Services in the Internet of Things Environment

    Science.gov (United States)

    Lee, Jae Dong; Yoon, Tae Sik; Chung, Seung Hyun

    2015-01-01

    Objectives Remote medical services have been expanding globally, and this is expansion is steadily increasing. It has had many positive effects, including medical access convenience, timeliness of service, and cost reduction. The speed of research and development in remote medical technology has been gradually accelerating. Therefore, it is expected to expand to enable various high-tech information and communications technology (ICT)-based remote medical services. However, the current state lacks an appropriate security framework that can resolve security issues centered on the Internet of things (IoT) environment that will be utilized significantly in telemedicine. Methods This study developed a medical service-oriented frame work for secure remote medical services, possessing flexibility regarding new service and security elements through its service-oriented structure. First, the common architecture of remote medical services is defined. Next medical-oriented secu rity threats and requirements within the IoT environment are identified. Finally, we propose a "service-oriented security frame work for remote medical services" based on previous work and requirements for secure remote medical services in the IoT. Results The proposed framework is a secure framework based on service-oriented cases in the medical environment. A com parative analysis focusing on the security elements (confidentiality, integrity, availability, privacy) was conducted, and the analysis results demonstrate the security of the proposed framework for remote medical services with IoT. Conclusions The proposed framework is service-oriented structure. It can support dynamic security elements in accordance with demands related to new remote medical services which will be diversely generated in the IoT environment. We anticipate that it will enable secure services to be provided that can guarantee confidentiality, integrity, and availability for all, including patients, non-patients, and medical

  8. Service-Oriented Security Framework for Remote Medical Services in the Internet of Things Environment.

    Science.gov (United States)

    Lee, Jae Dong; Yoon, Tae Sik; Chung, Seung Hyun; Cha, Hyo Soung

    2015-10-01

    Remote medical services have been expanding globally, and this is expansion is steadily increasing. It has had many positive effects, including medical access convenience, timeliness of service, and cost reduction. The speed of research and development in remote medical technology has been gradually accelerating. Therefore, it is expected to expand to enable various high-tech information and communications technology (ICT)-based remote medical services. However, the current state lacks an appropriate security framework that can resolve security issues centered on the Internet of things (IoT) environment that will be utilized significantly in telemedicine. This study developed a medical service-oriented frame work for secure remote medical services, possessing flexibility regarding new service and security elements through its service-oriented structure. First, the common architecture of remote medical services is defined. Next medical-oriented secu rity threats and requirements within the IoT environment are identified. Finally, we propose a "service-oriented security frame work for remote medical services" based on previous work and requirements for secure remote medical services in the IoT. The proposed framework is a secure framework based on service-oriented cases in the medical environment. A com parative analysis focusing on the security elements (confidentiality, integrity, availability, privacy) was conducted, and the analysis results demonstrate the security of the proposed framework for remote medical services with IoT. The proposed framework is service-oriented structure. It can support dynamic security elements in accordance with demands related to new remote medical services which will be diversely generated in the IoT environment. We anticipate that it will enable secure services to be provided that can guarantee confidentiality, integrity, and availability for all, including patients, non-patients, and medical staff.

  9. Webtechnology and internet services at power rail systems of German Railway DB AG; Nutzung von Webtechnologien und Internet-Diensten bei der Energieversorgung der Deutschen Bahn

    Energy Technology Data Exchange (ETDEWEB)

    Walther, J.T. [DB Energie, Frankfurt am Main (Germany)

    2007-07-01

    Internet services and the technologies of the World Wide Web are used at power rail systems of German Railway in some processes. Important applications are systems support, service and parametering of substation control- and protection equipment and the monitoring of switches and power transformers. The performance of the security claims of the asset management and the IT-Department are a condition for implementation these technologies. (orig.)

  10. Equipment for radiography in Yugoslavia - security and radiation protection

    International Nuclear Information System (INIS)

    Dobrijevic, R.; Vucina, J.

    1998-01-01

    Nondestructive method of material control by using radioisotopes is developed in Yugoslavia. This method of quality control is professionally performed by 30 firms. This paper presents the overview of the equipment used in the industrial radiography by using radioisotopes. Special attention was devoted to the security during the work and to the radiation protection of the operator and other personnel around the working place. In general it could be concluded that the main drawback which influences the security is the fact that most cases old and whom out equipment is in use. Other factors influencing the security are also discussed. (author)

  11. Nevada National Security Site Radiation Protection Program

    Energy Technology Data Exchange (ETDEWEB)

    none,

    2013-04-30

    Title 10 Code of Federal Regulations (CFR) Part 835, “Occupational Radiation Protection,” establishes radiation protection standards, limits, and program requirements for protecting individuals from ionizing radiation resulting from the conduct of U.S. Department of Energy (DOE) activities. 10 CFR 835.101(a) mandates that DOE activities be conducted in compliance with a documented Radiation Protection Program (RPP) as approved by DOE. This document promulgates the RPP for the Nevada National Security Site (NNSS), related (on-site or off-site) U.S. Department of Energy, National Nuclear Security Administration Nevada Field Office (NNSA/NFO) operations, and environmental restoration off-site projects. This RPP section consists of general statements that are applicable to the NNSS as a whole. The RPP also includes a series of appendices which provide supporting detail for the associated NNSS Tennant Organizations (TOs). Appendix H, “Compliance Demonstration Table,” contains a cross-walk for the implementation of 10 CFR 835 requirements. This RPP does not contain any exemptions from the established 10 CFR 835 requirements. The RSPC and TOs are fully compliant with 10 CFR 835 and no additional funding is required in order to meet RPP commitments. No new programs or activities are needed to meet 10 CFR 835 requirements and there are no anticipated impacts to programs or activities that are not included in the RPP. There are no known constraints to implementing the RPP. No guides or technical standards are adopted in this RPP as a means to meet the requirements of 10 CFR 835.

  12. A protect solution for data security in mobile cloud storage

    Science.gov (United States)

    Yu, Xiaojun; Wen, Qiaoyan

    2013-03-01

    It is popular to access the cloud storage by mobile devices. However, this application suffer data security risk, especial the data leakage and privacy violate problem. This risk exists not only in cloud storage system, but also in mobile client platform. To reduce the security risk, this paper proposed a new security solution. It makes full use of the searchable encryption and trusted computing technology. Given the performance limit of the mobile devices, it proposes the trusted proxy based protection architecture. The design basic idea, deploy model and key flows are detailed. The analysis from the security and performance shows the advantage.

  13. Recovering Data from Password Protected Data Security Applications in Android Based Smartphones

    Directory of Open Access Journals (Sweden)

    Hammad Riaz

    2016-06-01

    Full Text Available The standard method of mobile forensic analysis is to attach the mobile device to forensic tools and to perform logical, file system, or physical extraction. A hindrance in analysis arises if the mobile is not properly supported or data in the handset is secured using data security android applications. The techniques discussed in this paper help in the analysis and extraction of data files secured using data hiding password protected android based applications. A few well known data protection android applications are analyzed. The analysis was performed on both partially supported and fully supported sets.

  14. Internet firewalls: questions and answers

    Science.gov (United States)

    Ker, Keith

    1996-03-01

    As organizations consider connecting to the Internet, the issue of internetwork security becomes more important. There are many tools and components that can be used to secure a network, one of which is a firewall. Modern firewalls offer highly flexible private network security by controlling and monitoring all communications passing into or out of the private network. Specifically designed for security, firewalls become the private network's single point of attack from Internet intruders. Application gateways (or proxies) that have been written to be secure against even the most persistent attacks ensure that only authorized users and services access the private network. One-time passwords prevent intruders from `sniffing' and replaying the usernames and passwords of authorized users to gain access to the private network. Comprehensive logging permits constant and uniform system monitoring. `Address spoofing' attacks are prevented. The private network may use registered or unregistered IP addresses behind the firewall. Firewall-to-firewall encryption establishes a `virtual private network' across the Internet, preventing intruders from eavesdropping on private communications, eliminating the need for costly dedicated lines.

  15. Security in cyberspace targeting nations, infrastructures, individuals

    CERN Document Server

    Giacomello, Giampiero

    2014-01-01

    Today, the Internet has become a source of information that no country or company can forgo. It is not only used to communicate or entertain, but most importantly to operate utilities and public services such as banking or air traffic. As the reliance on computer networks across societies and economies keeps growing, so do security risks in cyberspace - referred to as ""cybersecurity."" Cybersecurity means protecting information and control systems from those who seek to compromise them. It also involves actors, both malicious or protective, policies and their societal consequences. This colle

  16. Physical protection educational program - information security aspects

    International Nuclear Information System (INIS)

    Tolstoy, A.

    2002-01-01

    Full text: Conceptual approaches for designing an expert training program on object physical protection taking into account information security aspects are examined. A special educational course does not only address the immediate needs for an educational support but also ensures that new professionals include new concepts and knowledge in their practice and encourages current practitioners towards such practice. Features of the modern physical protection systems (PPS) and classification of information circulating at them are pointed out. The requirements to the PPS information protection subsystem are discussed. During the PPS expert training on information security (IS) aspects they should receive certain knowledge, on the basis of which they could competently define and carry out the PPS IS policy for a certain object. Thus, it is important to consider minimally necessary volume of knowledge taught to the PPS experts for independent and competent implementation of the above listed tasks. For the graduate PPS IS expert training it is also necessary to examine the normative and legal acts devoted to IS as a whole and the PPS IS in particular. It is caused by necessity of conformity of methods and information protection tools implemented on a certain object to the federal and departmental IS requirements. The departmental normative IS requirements define an orientation of the PPS expert training. By curriculum development it is necessary to precisely determine for whom the PPS experts are taught. The curriculum should reflect common features of the PPS functioning of the certain object type, i.e. it should be adapted to a certain customer of the experts. The specified features were taken into account by development of an educational course 'Information security of the nuclear facility physical protection systems', taught at the Moscow Engineering Physics Institute (State University) according to the Russian-American educational program 'Master in Physical

  17. Security for whom? Stabilisation and civilian protection in Colombia.

    Science.gov (United States)

    Elhawary, Samir

    2010-10-01

    This paper focuses on three periods of stabilisation in Colombia: the Alliance for Progress (1961-73) that sought to stem the threat of communist revolution in Latin America; Plan Colombia and President Alvaro Uribe's 'democratic security' policy (2000-07) aimed at defeating the guerrillas and negotiating a settlement with the paramilitaries; and the current 'integrated approach', adopted from 2007, to consolidate more effectively the state's control of its territory.(1) The paper assesses the extent to which these stabilisation efforts have enhanced the protection of civilians and ultimately finds that in all three periods there has been a disconnect between the discourse and the practice of stabilisation. While they have all sought to enhance security, in actual fact, they have privileged the security of the state and its allies at the expense of the effective protection of the civilian population. This has not only led to widespread human rights abuses but also has undermined the long-term stability being pursued. © 2010 The Author(s). Journal compilation © Overseas Development Institute, 2010.

  18. Security Frameworks for Machine-to-Machine Devices and Networks

    Science.gov (United States)

    Demblewski, Michael

    Attacks against mobile systems have escalated over the past decade. There have been increases of fraud, platform attacks, and malware. The Internet of Things (IoT) offers a new attack vector for Cybercriminals. M2M contributes to the growing number of devices that use wireless systems for Internet connection. As new applications and platforms are created, old vulnerabilities are transferred to next-generation systems. There is a research gap that exists between the current approaches for security framework development and the understanding of how these new technologies are different and how they are similar. This gap exists because system designers, security architects, and users are not fully aware of security risks and how next-generation devices can jeopardize safety and personal privacy. Current techniques, for developing security requirements, do not adequately consider the use of new technologies, and this weakens countermeasure implementations. These techniques rely on security frameworks for requirements development. These frameworks lack a method for identifying next generation security concerns and processes for comparing, contrasting and evaluating non-human device security protections. This research presents a solution for this problem by offering a novel security framework that is focused on the study of the "functions and capabilities" of M2M devices and improves the systems development life cycle for the overall IoT ecosystem.

  19. Routing architecture and security for airborne networks

    Science.gov (United States)

    Deng, Hongmei; Xie, Peng; Li, Jason; Xu, Roger; Levy, Renato

    2009-05-01

    Airborne networks are envisioned to provide interconnectivity for terrestial and space networks by interconnecting highly mobile airborne platforms. A number of military applications are expected to be used by the operator, and all these applications require proper routing security support to establish correct route between communicating platforms in a timely manner. As airborne networks somewhat different from traditional wired and wireless networks (e.g., Internet, LAN, WLAN, MANET, etc), security aspects valid in these networks are not fully applicable to airborne networks. Designing an efficient security scheme to protect airborne networks is confronted with new requirements. In this paper, we first identify a candidate routing architecture, which works as an underlying structure for our proposed security scheme. And then we investigate the vulnerabilities and attack models against routing protocols in airborne networks. Based on these studies, we propose an integrated security solution to address routing security issues in airborne networks.

  20. Security Concerns in Android mHealth Apps

    Science.gov (United States)

    He, Dongjing; Naveed, Muhammad; Gunter, Carl A.; Nahrstedt, Klara

    2014-01-01

    Mobile Health (mHealth) applications lie outside of regulatory protection such as HIPAA, which requires a baseline of privacy and security protections appropriate to sensitive medical data. However, mHealth apps, particularly those in the app stores for iOS and Android, are increasingly handling sensitive data for both professionals and patients. This paper presents a series of three studies of the mHealth apps in Google Play that show that mHealth apps make widespread use of unsecured Internet communications and third party servers. Both of these practices would be considered problematic under HIPAA, suggesting that increased use of mHealth apps could lead to less secure treatment of health data unless mHealth vendors make improvements in the way they communicate and store data. PMID:25954370

  1. The development of international refugee protection through the practice of the UN Security Council

    NARCIS (Netherlands)

    Ahlborn, C.

    2010-01-01

    This paper examines the ambivalent influence of the UN Security Council’s practice on the development of international refugee protection since the early 1990s. While the international refugee protection regime did not originally foresee a role for the Security Council, the increasingly complex

  2. SOCIAL CONDITIONALITY OF INFORMATION SECURITY PROTECTION BY CRIMINAL LAW IN THE RUSSIAN FEDERATION

    OpenAIRE

    EFREMOVA MARINA ALEKSANDROVNA

    2016-01-01

    Information security is one of the components of the national security in the Russian Federation. The role of the information component in the national security has become significantly more important. The criminal law needs to be updated in order to enhance its effectiveness with regard to criminal law protection of information security.

  3. Harmonizing the Interests of Free Speech, Obscenity, and Child Pornography in Cyberspace: The New Roles of Parents, Technology, and Legislation for Internet Safety

    Science.gov (United States)

    Olagunju, Amos O.

    2009-01-01

    Inadvertent access to website addresses and spam e-mails continue to make pornography rampant on the Internet in schools, homes, and libraries. Collectively, parents, teachers, and members of the community must become more aware of the risks and consequences of open access to the Internet, and the distinction between censorship and Internet access filtering. Parental involvement is crucial for raising children with healthy Internet habits to access social and educational materials. Although generations have coped with different times and trials, technology is ushering in new trials. Parents and communities cannot ignore the present and future technology ingrained into the lives of children. This paper contends that parents armed with legislation and technological security devices for access to the Internet ought to strengthen the character of online Internet safety. The discussion is focused on the roles that parents, communities, technology, and laws should play in order to protect children from obscene and pornographic threats from cyberspace. It is argued that the roles of education and technology should outweigh the legislative interventions of governments. A critique of significant litigations and laws on obscenity and pornography is presented. The paper offers a variety of security tools and techniques for protecting children from Internet access to obscene and pornographic materials. The impacts of pornographic materials on the welfare of children, adolescents, women, and families are discussed. PMID:19936562

  4. Harmonizing the interests of free speech, obscenity, and child pornography in cyberspace: the new roles of parents, technology, and legislation for internet safety.

    Science.gov (United States)

    Olagunju, Amos O

    2009-11-18

    Inadvertent access to website addresses and spam e-mails continue to make pornography rampant on the Internet in schools, homes, and libraries. Collectively, parents, teachers, and members of the community must become more aware of the risks and consequences of open access to the Internet, and the distinction between censorship and Internet access filtering. Parental involvement is crucial for raising children with healthy Internet habits to access social and educational materials. Although generations have coped with different times and trials, technology is ushering in new trials. Parents and communities cannot ignore the present and future technology ingrained into the lives of children. This paper contends that parents armed with legislation and technological security devices for access to the Internet ought to strengthen the character of online Internet safety. The discussion is focused on the roles that parents, communities, technology, and laws should play in order to protect children from obscene and pornographic threats from cyberspace. It is argued that the roles of education and technology should outweigh the legislative interventions of governments. A critique of significant litigations and laws on obscenity and pornography is presented. The paper offers a variety of security tools and techniques for protecting children from Internet access to obscene and pornographic materials. The impacts of pornographic materials on the welfare of children, adolescents, women, and families are discussed.

  5. Harmonizing the Interests of Free Speech, Obscenity, and Child Pornography in Cyberspace: The New Roles of Parents, Technology, and Legislation for Internet Safety

    Directory of Open Access Journals (Sweden)

    Amos O. Olagunju

    2009-01-01

    Full Text Available Inadvertent access to website addresses and spam e-mails continue to make pornography rampant on the Internet in schools, homes, and libraries. Collectively, parents, teachers, and members of the community must become more aware of the risks and consequences of open access to the Internet, and the distinction between censorship and Internet access filtering. Parental involvement is crucial for raising children with healthy Internet habits to access social and educational materials. Although generations have coped with different times and trials, technology is ushering in new trials. Parents and communities cannot ignore the present and future technology ingrained into the lives of children. This paper contends that parents armed with legislation and technological security devices for access to the Internet ought to strengthen the character of online Internet safety. The discussion is focused on the roles that parents, communities, technology, and laws should play in order to protect children from obscene and pornographic threats from cyberspace. It is argued that the roles of education and technology should outweigh the legislative interventions of governments. A critique of significant litigations and laws on obscenity and pornography is presented. The paper offers a variety of security tools and techniques for protecting children from Internet access to obscene and pornographic materials. The impacts of pornographic materials on the welfare of children, adolescents, women, and families are discussed.

  6. Computer Security: Protect your plant: a "serious game" about control system cyber-security

    CERN Multimedia

    Stefan Lueders, Computer Security Team

    2015-01-01

    Control system cyber-security is attracting increasing attention: from cybercriminals, from the media and from security researchers.   After the legendary “Stuxnet” attacks of 2010 against an Iranian uranium enrichment plant, the infiltration of Saudi Aramco in 2012, and most recently the hacking of German blast furnaces, we should be prepared. Just imagine what would happen if hackers turned off the lights in Geneva and the Pays-de-Gex for a month? (“Hacking control systems, switching lights off!"). Or if attackers infiltrated CERN’s accelerator or experiment control systems and stopped us from pursuing our core business: delivering beams and recording particle collisions (“Hacking control systems, switching... accelerators off?"). Now you can test your ability to protect an industrial plant against cyber-threats! The Computer Security Team, in collaboration with Kaspersky Lab, is organising a so-...

  7. Towards Self-Awareness Privacy Protection for Internet of Things Data Collection

    Directory of Open Access Journals (Sweden)

    Kok-Seng Wong

    2014-01-01

    Full Text Available The Internet of Things (IoT is now an emerging global Internet-based information architecture used to facilitate the exchange of goods and services. IoT-related applications are aiming to bring technology to people anytime and anywhere, with any device. However, the use of IoT raises a privacy concern because data will be collected automatically from the network devices and objects which are embedded with IoT technologies. In the current applications, data collector is a dominant player who enforces the secure protocol that cannot be verified by the data owners. In view of this, some of the respondents might refuse to contribute their personal data or submit inaccurate data. In this paper, we study a self-awareness data collection protocol to raise the confidence of the respondents when submitting their personal data to the data collector. Our self-awareness protocol requires each respondent to help others in preserving his privacy. The communication (respondents and data collector and collaboration (among respondents in our solution will be performed automatically.

  8. Security Culture in Physical Protection of Nuclear Material and Facility

    International Nuclear Information System (INIS)

    Susyanta-Widyatmaka; Koraag, Venuesiana-Dewi; Taswanda-Taryo

    2005-01-01

    In nuclear related field, there are three different cultures: safety, safeguards and security culture. Safety culture has established mostly in nuclear industries, meanwhile safeguards and security culture are relatively new and still developing. The latter is intended to improve the physical protection of material and nuclear facility. This paper describes concept, properties and factors affecting security culture and interactions among these cultures. The analysis indicates that anybody involving in nuclear material and facility should have strong commitment and awareness of such culture to establish it. It is concluded that the assessment of security culture outlined in this paper is still preliminary for developing and conduction rigorous security culture implemented in a much more complex facility such as nuclear power plant

  9. Security of medical data transfer and storage in Internet. Cryptography, antiviral security and electronic signature problems, which must be solved in nearest future in practical context.

    Science.gov (United States)

    Kasztelowicz, Piotr; Czubenko, Marek; Zieba, Iwona

    2003-01-01

    The informatical revolution in computer age, which gives significant benefit in transfer of medical information requests to pay still more attention for aspect of network security. All known advantages of network technologies--first of all simplicity of copying, multiplication and sending information to many individuals can be also dangerous, if illegal, not permitted persons get access to medical data bases. Internet is assumed to be as especially "anarchic" medium, therefore in order to use it in professional work any security principles should be bewared. In our presentation we will try to find the optimal security solution in organisational and technological aspects for any medical network. In our opinion the harmonious co-operation between users, medical authorities and network administrators is core of the success.

  10. Network Security Hacks Tips & Tools for Protecting Your Privacy

    CERN Document Server

    Lockhart, Andrew

    2009-01-01

    This second edition of Network Security Hacks offers 125 concise and practical hacks, including more information for Windows administrators, hacks for wireless networking (such as setting up a captive portal and securing against rogue hotspots), and techniques to ensure privacy and anonymity, including ways to evade network traffic analysis, encrypt email and files, and protect against phishing attacks. System administrators looking for reliable answers will also find concise examples of applied encryption, intrusion detection, logging, trending, and incident response.

  11. Energy security and climate change protection: Complementarity or tradeoff?

    International Nuclear Information System (INIS)

    Brown, Stephen P.A.; Huntington, Hillard G.

    2008-01-01

    Energy security and climate change protection have risen to the forefront of energy policy - linked in time and a perception that both goals can be achieved through the same or similar policies. Although such complementarity can exist for individual technologies, policymakers face a tradeoff between these two policy objectives. The tradeoff arises when policymakers choose the mix of individual technologies with which to reduce greenhouse gas emissions and enhance energy security. Optimal policy is achieved when the cost of the additional use of each technology equals the value of the additional energy security and reduction in greenhouse gas emission that it provides. Such an approach may draw more heavily on conventional technologies that provide benefits in only one dimension than on more costly technologies that both increase energy security and reduce greenhouse gas emissions. (author)

  12. 77 FR 57072 - Proposed Information Collection; Comment Request; National Security and Critical Technology...

    Science.gov (United States)

    2012-09-17

    ..., DC 20230 (or via the Internet at [email protected] ). FOR FURTHER INFORMATION CONTACT: Requests for... techniques or other forms of information technology. Comments submitted in response to this notice will be... DEPARTMENT OF COMMERCE Bureau of Industry and Security Proposed Information Collection; Comment...

  13. Information Systems at Enterprise. Design of Secure Network of Enterprise

    Science.gov (United States)

    Saigushev, N. Y.; Mikhailova, U. V.; Vedeneeva, O. A.; Tsaran, A. A.

    2018-05-01

    No enterprise and company can do without designing its own corporate network in today's information society. It accelerates and facilitates the work of employees at any level, but contains a big threat to confidential information of the company. In addition to the data theft attackers, there are plenty of information threats posed by modern malware effects. In this regard, the computational security of corporate networks is an important component of modern information technologies of computer security for any enterprise. This article says about the design of the protected corporate network of the enterprise that provides the computers on the network access to the Internet, as well interoperability with the branch. The access speed to the Internet at a high level is provided through the use of high-speed access channels and load balancing between devices. The security of the designed network is performed through the use of VLAN technology as well as access lists and AAA server.

  14. [Application of classified protection of information security in the information system of air pollution and health impact monitoring].

    Science.gov (United States)

    Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

    2018-01-01

    To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

  15. Securing SQL Server Protecting Your Database from Attackers

    CERN Document Server

    Cherry, Denny

    2012-01-01

    Written by Denny Cherry, a Microsoft MVP for the SQL Server product, a Microsoft Certified Master for SQL Server 2008, and one of the biggest names in SQL Server today, Securing SQL Server, Second Edition explores the potential attack vectors someone can use to break into your SQL Server database as well as how to protect your database from these attacks. In this book, you will learn how to properly secure your database from both internal and external threats using best practices and specific tricks the author uses in his role as an independent consultant while working on some of the largest

  16. Social Protection for Enhanced Food Security in Sub-Saharan Africa

    OpenAIRE

    Stephen Devereux

    2012-01-01

    This paper identifies several positive synergies between social protection programmes and food security outcomes. One function of social protection is to manage and reduce vulnerability, and several instruments are reviewed – weather-indexed insurance, public works programmes, emergency food aid and buffer stock management – which all contribute to stabilising income and access to food across good and bad years, or between the harvest and the hungry season. Other social protection instruments...

  17. A New Look at Security Education: YouTube as YouTool

    Science.gov (United States)

    Werner, Laurie A.; Frank, Charles E.

    2010-01-01

    Teaching a computer security course which includes network administration and protection software is especially challenging because textbook tools are out of date by the time the text is published. In an effort to use lab activities that work effectively, we turned to the internet. This paper describes several resources for teaching computer…

  18. Cyber Security Analysis by Attack Trees for a Reactor Protection System

    International Nuclear Information System (INIS)

    Park, Gee-Yong; Lee, Cheol Kwon; Choi, Jong Gyun; Kim, Dong Hoon; Lee, Young Jun; Kwon, Kee-Choon

    2008-01-01

    As nuclear facilities are introducing digital systems, the cyber security becomes an emerging topic to be analyzed and resolved. The domestic and other nation's regulatory bodies notice this topic and are preparing an appropriate guidance. The nuclear industry where new construction or upgrade of I and C systems is planned is analyzing and establishing a cyber security. A risk-based analysis for the cyber security has been performed in the KNICS (Korea Nuclear I and C Systems) project where the cyber security analysis has been applied to a reactor protection system (RPS). In this paper, the cyber security analysis based on the attack trees is proposed for the KNICS RPS

  19. Secure E-Commerce Protocol

    OpenAIRE

    Khalid Haseeb, Muhammad Arshad, Shoukat Ali, Shazia Yasin

    2011-01-01

    E-commerce has presented a new way of doing business all over the world using internet.Organizations have changed their way of doing business from a traditional approach to embrace ecommerceprocesses. As individuals and businesses increase information sharing, a concernregarding the exchange of money securely and conveniently over the internet increases. Therefore,security is a necessity in an e-commerce transaction. The purpose of this paper is to present atoken based Secure E-commerce Proto...

  20. Culture: protection, safety and security connections toward good practices

    International Nuclear Information System (INIS)

    Rozental, Jose Julio

    2005-01-01

    This paper discusses concepts and connections on Protection, Safety and Security, considering many IAEA recent documents and international congress on the subject and basic regulation recommendation to developing countries toward the establishment of adequate capacity to deal with

  1. DATA SECURITY ISSUES IN CLOUD COMPUTING: REVIEW

    Directory of Open Access Journals (Sweden)

    Hussam Alddin Shihab Ahmed

    2016-02-01

    Full Text Available Cloud computing is an internet based model that empower on demand ease of access and pay for the usage of each access to shared pool of networks. It is yet another innovation that fulfills a client's necessity for computing resources like systems, stockpiling, servers, administrations and applications. Securing the Data is considered one of the principle significant challenges and concerns for cloud computing. This persistent problem is getting more affective due to the changes in improving cloud computing technology. From the perspective of the Clients, cloud computing is a security hazard especially when it comes to assurance affirmation issues and data security, remain the most basically which backs off for appropriation of Cloud Computing administrations. This paper audits and breaks down the essential issue of cloud computing and depicts the information security and protection of privacy issues in cloud.

  2. Securing Real-Time Sessions in an IMS-Based Architecture

    Science.gov (United States)

    Cennamo, Paolo; Fresa, Antonio; Longo, Maurizio; Postiglione, Fabio; Robustelli, Anton Luca; Toro, Francesco

    The emerging all-IP mobile network infrastructures based on 3rd Generation IP Multimedia Subsystem philosophy are characterised by radio access technology independence and ubiquitous connectivity for mobile users. Currently, great focus is being devoted to security issues since most of the security threats presently affecting the public Internet domain, and the upcoming ones as well, are going to be suffered by mobile users in the years to come. While a great deal of research activity, together with standardisation efforts and experimentations, is carried out on mechanisms for signalling protection, very few integrated frameworks for real-time multimedia data protection have been proposed in a context of IP Multimedia Subsystem, and even fewer experimental results based on testbeds are available. In this paper, after a general overview of the security issues arising in an advanced IP Multimedia Subsystem scenario, a comprehensive infrastructure for real-time multimedia data protection, based on the adoption of the Secure Real-Time Protocol, is proposed; then, the development of a testbed incorporating such functionalities, including mechanisms for key management and cryptographic context transfer, and allowing the setup of Secure Real-Time Protocol sessions is presented; finally, experimental results are provided together with quantitative assessments and comparisons of system performances for audio sessions with and without the adoption of the Secure Real-Time Protocol framework.

  3. The Influence of Security Statement, Technical Protection, and Privacy on Satisfaction and Loyalty; A Structural Equation Modeling

    Science.gov (United States)

    Peikari, Hamid Reza

    Customer satisfaction and loyalty have been cited as the e-commerce critical success factors and various studies have been conducted to find the antecedent determinants of these concepts in the online transactions. One of the variables suggested by some studies is perceived security. However, these studies have referred to security from a broad general perspective and no attempts have been made to study the specific security related variables. This paper intends to study the influence on security statement and technical protection on satisfaction, loyalty and privacy. The data was collected from 337 respondents and after the reliability and validity tests, path analysis was applied to examine the hypotheses. The results suggest that loyalty is influenced by satisfaction and security statement and no empirical support was found for the influence on technical protection and privacy on loyalty. Moreover, it was found that security statement and technical protection have a positive significant influence on satisfaction while no significant effect was found for privacy. Furthermore, the analysis indicated that security statement have a positive significant influence on technical protection while technical protection was found to have a significant negative impact on perceived privacy.

  4. Cyber Security Analysis by Attack Trees for a Reactor Protection System

    Energy Technology Data Exchange (ETDEWEB)

    Park, Gee-Yong; Lee, Cheol Kwon; Choi, Jong Gyun; Kim, Dong Hoon; Lee, Young Jun; Kwon, Kee-Choon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2008-10-15

    As nuclear facilities are introducing digital systems, the cyber security becomes an emerging topic to be analyzed and resolved. The domestic and other nation's regulatory bodies notice this topic and are preparing an appropriate guidance. The nuclear industry where new construction or upgrade of I and C systems is planned is analyzing and establishing a cyber security. A risk-based analysis for the cyber security has been performed in the KNICS (Korea Nuclear I and C Systems) project where the cyber security analysis has been applied to a reactor protection system (RPS). In this paper, the cyber security analysis based on the attack trees is proposed for the KNICS RPS.

  5. Internet enlightens; Internet eclaire

    Energy Technology Data Exchange (ETDEWEB)

    Figueiredo, S. [Institut de Radioprotection et de Surete Nucleaire (IRSN), 92 - Fontenay-aux-Roses (France)

    2009-07-15

    Numerous Internet sites are given in relation with radiotherapy, nuclear activity, radiation protection, and environment shared by sites in France, Europe, big agencies and non-ionizing radiations. (N.C.)

  6. Internet enlightens; Internet eclaire

    Energy Technology Data Exchange (ETDEWEB)

    Figueiredo, S. [Institut de Radioprotection et de Surete Nucleaire, IRSN, 92 - Fontenay aux Roses (France)

    2009-10-15

    Numerous Internet sites are given in relation with radiotherapy, nuclear medicine and ionizing radiation, nuclear activity, radiation protection for populations, radioactive waste management in France and Europe. (N.C.)

  7. The protective effects of parental monitoring and internet restriction on adolescents' risk of online harassment.

    Science.gov (United States)

    Khurana, Atika; Bleakley, Amy; Jordan, Amy B; Romer, Daniel

    2015-05-01

    With many adolescents using the internet to communicate with their peers, online harassment is on the rise among youth. The purpose of this study was to understand how parental monitoring and strategies parents use to regulate children's internet use (i.e., internet restriction) can help reduce online harassment among adolescents. Online survey data were collected from a nationally representative sample of parents and their 12-17 year old adolescents (n = 629; 49 % female). Structural equation modeling was used to test direct and indirect effects of parental monitoring and internet restriction on being a victim of online harassment. Potential mediators included adolescents' frequency of use of social networking websites, time spent on computers outside of school, and internet access in the adolescent's bedroom. Age and gender differences were also explored. Adolescents' reports of parental monitoring and efforts to regulate specific forms of internet use were associated with reduced rates of online harassment. Specifically, the effect of parental monitoring was largely direct and 26 times greater than parental internet restriction. The latter was associated with lower rates of harassment only indirectly by limiting internet access in the adolescent's bedroom. These effects operated similarly for younger and older adolescents and for males and females. Adolescents' perceptions of parental monitoring and awareness can be protective against online harassment. Specific restriction strategies such as regulating internet time and content can also help reduce the risk of online harassment.

  8. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Science.gov (United States)

    2010-01-01

    ... significance (Category III), and for protection of Restricted Data, National Security Information, Safeguards... 10 Energy 2 2010-01-01 2010-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED...

  9. Biometric Security for Cell Phones

    Directory of Open Access Journals (Sweden)

    2009-01-01

    Full Text Available Cell phones are already prime targets for theft. The increasing functionality of cell phones is making them even more attractive. With the increase of cell phone functionality including personal digital assistance, banking, e-commerce, remote work, internet access and entertainment, more and more confidential data is stored on these devices. What is protecting this confidential data stored on cell phones? Studies have shown that even though most of the cell phone users are aware of the PIN security feature more than 50% of them are not using it either because of the lack of confidence in it or because of the inconvenience. A large majority of those users believes that an alternative approach to security would be a good idea.

  10. Effectively protecting cyber infrastructure and assessing security needs

    Energy Technology Data Exchange (ETDEWEB)

    Robbins, J.; Starman, R. [EWA Canada Ltd., Edmonton, AB (Canada)

    2002-07-01

    This presentation addressed some of the requirements for effectively protecting cyber infrastructure and assessing security needs. The paper discussed the hype regarding cyber attacks, and presented the Canadian reality (as viewed by CanCERT). An assessment of security concerns was also presented. Recent cyber attacks on computer networks have raised fears of unsafe energy networks. Some experts claim the attacks are linked to terrorism, others blame industrial spying and mischief. Others dismiss the notion that somebody could bring down a power grid with a laptop as being far-fetched. It was noted that the cyber security threat is real, and that attacks are becoming more sophisticated as we live in a target rich environment. The issue of assessing vulnerabilities was discussed along with the selection of safeguards such as improving SCADA systems and the latest encryption methods to prevent hackers from bringing down computer networks. 3 tabs., 23 figs.

  11. Cyber security challenges in Smart Cities: Safety, security and privacy

    Science.gov (United States)

    Elmaghraby, Adel S.; Losavio, Michael M.

    2014-01-01

    The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect. PMID:25685517

  12. Cyber security challenges in Smart Cities: Safety, security and privacy

    Directory of Open Access Journals (Sweden)

    Adel S. Elmaghraby

    2014-07-01

    Full Text Available The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect.

  13. Cyber security challenges in Smart Cities: Safety, security and privacy.

    Science.gov (United States)

    Elmaghraby, Adel S; Losavio, Michael M

    2014-07-01

    The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the "Internet of Things." Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect.

  14. 76 FR 66940 - Privacy Act of 1974; Department of Homeland Security/United States Secret Service-004 Protection...

    Science.gov (United States)

    2011-10-28

    ... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0083] Privacy Act of 1974; Department of Homeland Security/United States Secret Service--004 Protection Information System... Security (DHS)/United States Secret Service (USSS)-004 System name: DHS/USSS-004 Protection Information...

  15. A legislative history of the Social Security Protection Act of 2004.

    Science.gov (United States)

    Hansen, Erik

    2008-01-01

    Passage of the original Social Security Act in 1935, Public Law (P.L.) 74-271, represented one of the watershed achievements of social welfare reform in American history. For the first time, workers were guaranteed a basic floor of protection against the hardships of poverty. In the ensuing decades, more than 100 million beneficiaries have realized the value of this protection through the receipt of monthly Social Security payments. As this guarantee has endured and progressed, the policies and administration of such a vast and complex program have required ongoing modifications-more than 150 such revisions over the past 73 years. To some extent, these amendments can be seen as an ongoing refinement process, with the Social Security Protection Act of 2004 (SSPA) being another incremental step in the development of a social insurance program that best meets the evolving needs of American society. This article discusses the legislative history of the SSPA in detail. It includes summaries of the provisions and a chronology of the modification of these proposals as they passed through the House and Senate, and ultimately to the president's desk.

  16. Internet enlightens; Internet eclaire

    Energy Technology Data Exchange (ETDEWEB)

    Figueiredo, S. [Societe Francaise de Radioprotection, 75 - Paris (France)

    2008-04-15

    Numerous Internet sites are given in relation with radiotherapy, nuclear activity, radiation protection,radioecology, nuclear laws. To note three sites treat the accident of radiotherapy arisen to Toulouse. (N.C.)

  17. Electronic Contracts and the Personal data Protection of the Consumer: Sources Dialogue Between the Consumer Protection Code and the Internet Civil Mark.

    Directory of Open Access Journals (Sweden)

    Rosane Leal Da Silva

    2016-10-01

    Full Text Available This paper analyzes the personal data protection of the consumer and your vulnerability in interactive electronic contracts, aiming to point means of defense. For this, uses the deductive approach and starts of the electronic contracting to discuss the legal protection of the consumer in light of the capturing and processing of personal data by the furnisher. Considering the absence of law about personal data, concludes that electronic contracting expands the consumer vulnerability, which requires the principles application of the Consumer Protection Code, adding the Internet Civil Mark in relation to the privacy protection.

  18. Breach of Personal Security through Applicative use of Online Social Networks

    Directory of Open Access Journals (Sweden)

    Bojan Nikolovski

    2013-11-01

    Full Text Available Throughout this article there is an attempt to indicate the threats of potential to breach of personal security through applicative use of internet as well as applicative use of online social networks. In addition to many other ways of privacy protection applicative users of social network’s sites must take into considerations the risk of distributing private data. Through a series of actions and settings users can customize the security settings with the ultimate goal of reducing the risk of attack on their privacy.

  19. Covering the Monitoring Network: A Unified Framework to Protect E-Commerce Security

    Directory of Open Access Journals (Sweden)

    Lirong Qiu

    2017-01-01

    Full Text Available Multimedia applications in smart electronic commerce (e-commerce, such as online trading and Internet marketing, always face security in storage and transmission of digital images and videos. This study addresses the problem of security in e-commerce and proposes a unified framework to analyze the security data. First, to allocate the definite security resources optimally, we build our e-commerce monitoring model as an undirected network, where a monitored node is a vertex of the graph and a connection between vertices is an undirected edge. Moreover, we aim to find a minimal cover for the monitoring network as the optimal solution of resource allocation, which is defined as the network monitoring minimization problem (NMM. This problem is proved to be NP-hard. Second, by analyzing the latent threats, we design a novel and trusted monitoring system that can integrate incident monitoring, data analysis, risk assessment, and security warnings. This system does not touch users’ privacy data. Third, we propose a sequential model-based risk assessment method, which can predict the risk according to the text semantics. Our experimental results on web scale data demonstrate that our system is flexible enough when monitoring, which also verify the effectiveness and efficiency of our system.

  20. Advanced Internet Protocols, Services, and Applications

    CERN Document Server

    Oki, Eiji; Tatipamula, Mallikarjun; Vogt, Christian

    2012-01-01

    Today, the internet and computer networking are essential parts of business, learning, and personal communications and entertainment. Virtually all messages or transactions sent over the internet are carried using internet infrastructure- based on advanced internet protocols. Advanced internet protocols ensure that both public and private networks operate with maximum performance, security, and flexibility. This book is intended to provide a comprehensive technical overview and survey of advanced internet protocols, first providing a solid introduction and going on to discu

  1. Taiwan's perspective on electronic medical records' security and privacy protection: lessons learned from HIPAA.

    Science.gov (United States)

    Yang, Che-Ming; Lin, Herng-Ching; Chang, Polun; Jian, Wen-Shan

    2006-06-01

    The protection of patients' health information is a very important concern in the information age. The purpose of this study is to ascertain what constitutes an effective legal framework in protecting both the security and privacy of health information, especially electronic medical records. All sorts of bills regarding electronic medical data protection have been proposed around the world including Health Insurance Portability and Accountability Act (HIPAA) of the U.S. The trend of a centralized bill that focuses on managing computerized health information is the part that needs our further attention. Under the sponsor of Taiwan's Department of Health (DOH), our expert panel drafted the "Medical Information Security and Privacy Protection Guidelines", which identifies nine principles and entails 12 articles, in the hope that medical organizations will have an effective reference in how to manage their medical information in a confidential and secured fashion especially in electronic transactions.

  2. Building a Successful Security Infrastructure: What You Want vs. What You Need vs. What You Can Afford

    Science.gov (United States)

    Crabb, Michele D.; Woodrow, Thomas S. (Technical Monitor)

    1995-01-01

    With the fast growing popularity of the Internet, many organizations are racing to get onto the on-ramp to the Information Superhighway. However, with frequent headlines such as 'Hackers' break in at General Electric raises questions about the Net's Security', 'Internet Security Imperiled - Hackers steal data that could threaten computers world-wide' and 'Stanford Computer system infiltrated; Security fears grow', organizations find themselves rethinking their approach to the on-ramp. Is the Internet safe? What do I need to do to protect my organization? Will hackers try to break into my systems? These are questions many organizations are asking themselves today. In order to safely travel along the Information Superhighway, organizations need a strong security framework. Developing such a framework for a computer site, whether it be just a few dozen hosts or several thousand hosts is not an easy task. The security infrastructure for a site is often developed piece-by-piece in response to security incidents which have affected that site over time. Or worse yet, no coordinated effort has been dedicated toward security. The end result is that many sites are still poorly prepared to handle the security dangers of the Internet. This paper presents guidelines for building a successful security infrastructure. The problem is addressed in a cookbook style method. First is a discussion on how to identify your assets and evaluate the threats to those assets; next are suggestions and tips for identifying the weak areas in your security armor. Armed with this information we can begin to think about what you really need for your site and what you can afford. In this stage of the process we examine the different categories of security tools and products that are available and then present some tips for deciding what is best for your site.

  3. Copyright on the internet: achieving security through electronic devices an artificial intelligence approach

    OpenAIRE

    Niebla Zatarain, Jesus Manuel

    2018-01-01

    This thesis aims to provide a novel approach to ensure copyright compliance online, appropriate for the Internet of Things and the robotic revolution. To achieve this, three different aims are pursued: - A novel application of “by design” solutions to copyright protection is introduced and its advantages and disadvantages discussed from a jurisprudential and doctrinal perspective. - On the basis of this, a new theoretical framework for legal AI is developed that draws on ...

  4. 76 FR 3014 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA

    Science.gov (United States)

    2011-01-19

    ... Coast Guard will enforce the Blair Waterway security zone in Commencement Bay, WA for protection of... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2011-0015] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA AGENCY: Coast Guard, DHS...

  5. A Secure and Stable Multicast Overlay Network with Load Balancing for Scalable IPTV Services

    Directory of Open Access Journals (Sweden)

    Tsao-Ta Wei

    2012-01-01

    Full Text Available The emerging multimedia Internet application IPTV over P2P network preserves significant advantages in scalability. IPTV media content delivered in P2P networks over public Internet still preserves the issues of privacy and intellectual property rights. In this paper, we use SIP protocol to construct a secure application-layer multicast overlay network for IPTV, called SIPTVMON. SIPTVMON can secure all the IPTV media delivery paths against eavesdroppers via elliptic-curve Diffie-Hellman (ECDH key exchange on SIP signaling and AES encryption. Its load-balancing overlay tree is also optimized from peer heterogeneity and churn of peer joining and leaving to minimize both service degradation and latency. The performance results from large-scale simulations and experiments on different optimization criteria demonstrate SIPTVMON's cost effectiveness in quality of privacy protection, stability from user churn, and good perceptual quality of objective PSNR values for scalable IPTV services over Internet.

  6. Security central processing unit applications in the protection of nuclear facilities

    International Nuclear Information System (INIS)

    Goetzke, R.E.

    1987-01-01

    New or upgraded electronic security systems protecting nuclear facilities or complexes will be heavily computer dependent. Proper planning for new systems and the employment of new state-of-the-art 32 bit processors in the processing of subsystem reports are key elements in effective security systems. The processing of subsystem reports represents only a small segment of system overhead. In selecting a security system to meet the current and future needs for nuclear security applications the central processing unit (CPU) applied in the system architecture is the critical element in system performance. New 32 bit technology eliminates the need for program overlays while providing system programmers with well documented program tools to develop effective systems to operate in all phases of nuclear security applications

  7. Securing the Internet Control Plane

    Science.gov (United States)

    Benton, Kevin

    2017-01-01

    The Internet carries traffic between billions of devices every day and modern societies depend on the resiliency of the routing technology behind it to work around the frequent link outages caused by natural disasters, equipment failures, destruction of cables, and even wars. However, the routing technology behind all of this, the Border Gateway…

  8. 5G internet of things: A survey

    OpenAIRE

    Li, S.; Xu, L.; Zhao, S.

    2018-01-01

    The existing 4G networks have been widely used in the Internet of Things (IoT) and is continuously evolving to match the needs of the future Internet of Things (IoT) applications. The 5G networks are expected to massive expand today's IoT that can boost cellular operationgs, IoT security, and network challenges and driving the Internet future to the edge. The existing IoT solutions are facing a number of challenges such as large number of conneciton of nodes, security, and new standards. This...

  9. An Analysis of Cloud Model-Based Security for Computing Secure Cloud Bursting and Aggregation in Real Environment

    OpenAIRE

    Pritesh Jain; Vaishali Chourey; Dheeraj Rane

    2011-01-01

    Cloud Computing has emerged as a major information and communications technology trend and has been proved as a key technology for market development and analysis for the users of several field. The practice of computing across two or more data centers separated by the Internet is growing in popularity due to an explosion in scalable computing demands. However, one of the major challenges that faces the cloud computing is how to secure and protect the data and processes the data of the user. ...

  10. Cryptography and the Internet: lessons and challenges

    Energy Technology Data Exchange (ETDEWEB)

    McCurley, K.S.

    1996-12-31

    The popularization of the Internet has brought fundamental changes to the world, because it allows a universal method of communication between computers. This carries enormous benefits with it, but also raises many security considerations. Cryptography is a fundamental technology used to provide security of computer networks, and there is currently a widespread engineering effort to incorporate cryptography into various aspects of the Internet. The system-level engineering required to provide security services for the Internet carries some important lessons for researchers whose study is focused on narrowly defined problems. It also offers challenges to the cryptographic research community by raising new questions not adequately addressed by the existing body of knowledge. This paper attempts to summarize some of these lessons and challenges for the cryptographic research community.

  11. Protecting food security when facing uncertain climate: Opportunities for Afghan communities

    Science.gov (United States)

    Salman, Dina; Amer, Saud A.; Ward, Frank A.

    2017-11-01

    Climate change, population growth, and weakly developed water management institutions in many of the world's dry communities have raised the importance of designing innovative water allocation methods that adapt to water supply fluctuations while respecting cultural sensitivities. For example, Afghanistan faces an ancient history of water supply fluctuations that have contributed to periodic food shortage and famine. Poorly designed and weakly enforced water allocation methods continue to result in agriculture sector underperformance and periodic food shortages when water shortfalls occur. To date, little research has examined alternative water sharing rules on a multi-basin scale to protect food security for a subsistence irrigation society when the community faces water shortage. This paper's contribution examines the economic performance of three water-sharing mechanisms for three basins in Afghanistan with the goal of protecting food security for crop irrigation under ongoing threats of drought, while meeting growing demands for food in the face of anticipated population growth. We achieved this by formulating an integrated empirical optimization model to identify water-sharing measures that minimize economic losses while protecting food security when water shortages occur. Findings show that implementation of either a water trading policy or a proportional shortage policy that respects cultural sensitivities has the potential to raise economic welfare in each basin. Such a policy can reduce food insecurity risks for all trading provinces within each basin, thus being a productive institution for adapting to water shortage when it occurs. Total economic welfare gains are highest when drought is the most severe for which suffering would otherwise be greatest. Gains would be considerably higher if water storage reservoirs were built to store wet year flows for use in dry years. Our results light a path for policy makers, donors, water administrators, and farm

  12. Banking on the Internet.

    Science.gov (United States)

    Internet Research, 1996

    1996-01-01

    Electronic ground was broken in 1995 with the development of the completely Internet-based bank Security First Network Bank. This article discusses the need for developing online services, outlines the reasons for the formation of an Internet-based bank and argues that to remain competitive financial services providers must provide easier customer…

  13. Classification of Device Behaviour in Internet of Things Infrastructures: Towards Distinguishing the Abnormal From Security Threats

    OpenAIRE

    Ferrando, Roman; Stacey, Paul

    2017-01-01

    Increasingly, Internet of Things (IoT) devices are being woven into the fabric of our physical world. With this rapidly expanding pervasive deployment of IoT devices, and supporting infrastructure, we are fast approaching the point where the problem of IoT based cyber-security attacks is a serious threat to industrial operations, business activity and social interactions that leverage IoT technologies. The number of threats and successful attacks against connected systems using IoT devices an...

  14. The emergence of internet-based virtual private networks in international safeguards

    International Nuclear Information System (INIS)

    Smartt, Heidi Anne

    2001-01-01

    Full text: The costs associated with secure data transmission can be an obstacle to International Safeguards. Typical communication methods are priced by distance and may include telephone lines, frame relay, and ISDN. It is therefore costly to communicate globally. The growth of the Internet has provided an extensive backbone for global communications; however, the Internet does not provide intrinsic security measures. Combining the Internet with Virtual Private Network technology, which encrypts and authenticates data, creates a secure and potentially cost-effective data transmission path, as well as achieving other benefits such as reliability and scalability. Access to the Internet can be achieved by connecting to a local Internet Service Provider, which can be preferable to installing a static link between two distant points. The cost-effectiveness of the Internet-based Virtual Private Network is dependent on such factors as data amount, current operational costs, and the specifics of the Internet connection, such as user proximity to an Internet Service Provider or existing access to the Internet. This paper will introduce Virtual Private Network technology, the benefits of Internet communication, and the emergence of Internet-based Virtual Private Networks throughout the International Safeguards community. Specific projects to be discussed include: The completed demonstration of secure remote monitoring data transfer via the Internet between STUK in Helsinki, Finland, and the IAEA in Vienna, Austria; The demonstration of secure remote access to IAEA resources by traveling inspectors with Virtual Private Network software loaded on laptops; The proposed Action Sheets between ABACC/DOE and ARN/DOE, which will provide a link between Rio de Janeiro and Buenos Aires; The proposed use at the HIFAR research reactor, located in Australia, to provide remote monitoring data to the IAEA; The use of Virtual Private Networks by JRC, Ispra, Italy. (author)

  15. An Automata Based Intrusion Detection Method for Internet of Things

    Directory of Open Access Journals (Sweden)

    Yulong Fu

    2017-01-01

    Full Text Available Internet of Things (IoT transforms network communication to Machine-to-Machine (M2M basis and provides open access and new services to citizens and companies. It extends the border of Internet and will be developed as one part of the future 5G networks. However, as the resources of IoT’s front devices are constrained, many security mechanisms are hard to be implemented to protect the IoT networks. Intrusion detection system (IDS is an efficient technique that can be used to detect the attackers when cryptography is broken, and it can be used to enforce the security of IoT networks. In this article, we analyzed the intrusion detection requirements of IoT networks and then proposed a uniform intrusion detection method for the vast heterogeneous IoT networks based on an automata model. The proposed method can detect and report the possible IoT attacks with three types: jam-attack, false-attack, and reply-attack automatically. We also design an experiment to verify the proposed IDS method and examine the attack of RADIUS application.

  16. Host based internet protocol (IP) packet analysis to enhance network security

    International Nuclear Information System (INIS)

    Ahmad, T.; Ahmad, S.Z.; Yasin, M.M.

    2007-01-01

    Data communication in a computer network environment is facing serious security threats from numerous sources such as viruses, worms, Zombies etc. These threats can be broadly characterized as internal or external security threats. Internal threats are mainly attributed to sneaker-nets, utility modems and unauthorized users, which can be minimized by skillful network administration, password management and optimum usage policy definition. The external threats need more serious attention as these attacks are mostly coming from public networks such as Internet. Frequency and complexity of such attacks is much higher as compared to internal attacks. This paper presents a host based network layer screening of external and internal IP packets for logging, analyzing and real-time detection of possible IP spoofing and Denial of Service attacks. This work can also be used in tuning security rules definition for gateway firewalls. Software has been developed which intercepts IP traffic and analyses it with respect to integrity and origin of I P packet. The received IP packets are parsed and analyzed for possible signs of intrusion. The results show that by watching and categorizing composition of various transport protocol such as TCP, UDP, ICMP and others along with verifying the origin of received IP packet can help in devising real-time firewall rule and blocking possible external attack. This is highly desirable for fighting against zero day attacks and can result in a better Mean Time between Failures (MTBF) to increase the survivability of computer network. Used in a right context, packet screening and filtering can be a useful tool for provision of reliable and stable network services. (author)

  17. Toward a Robust Security Paradigm for Bluetooth Low Energy-Based Smart Objects in the Internet-of-Things.

    Science.gov (United States)

    Cha, Shi-Cho; Yeh, Kuo-Hui; Chen, Jyun-Fu

    2017-10-14

    Bluetooth Low Energy (BLE) has emerged as one of the most promising technologies to enable the Internet-of-Things (IoT) paradigm. In BLE-based IoT applications, e.g., wearables-oriented service applications, the Bluetooth MAC addresses of devices will be swapped for device pairings. The random address technique is adopted to prevent malicious users from tracking the victim's devices with stationary Bluetooth MAC addresses and accordingly the device privacy can be preserved. However, there exists a tradeoff between privacy and security in the random address technique. That is, when device pairing is launched and one device cannot actually identify another one with addresses, it provides an opportunity for malicious users to break the system security via impersonation attacks. Hence, using random addresses may lead to higher security risks. In this study, we point out the potential risk of using random address technique and then present critical security requirements for BLE-based IoT applications. To fulfill the claimed requirements, we present a privacy-aware mechanism, which is based on elliptic curve cryptography, for secure communication and access-control among BLE-based IoT objects. Moreover, to ensure the security of smartphone application associated with BLE-based IoT objects, we construct a Smart Contract-based Investigation Report Management framework (SCIRM) which enables smartphone application users to obtain security inspection reports of BLE-based applications of interest with smart contracts.

  18. Los Alamos National Laboratory Facilities, Security and Safeguards Division, Safeguards and Security Program Office, Protective Force Oversight Program

    International Nuclear Information System (INIS)

    1995-01-01

    The purpose of this document is to identify and describe the duties and responsibilities of Facility Security and Safeguards (FSS) Safeguards and Security (SS) organizations (groups/offices) with oversight functions over the Protection Force (PF) subcontractor. Responsible organizations will continue their present PF oversight functions under the Cost Plus Award Fee (CPAF) assessment, but now will be required to also coordinate, integrate, and interface with other FSS S and S organizations and with the PF subcontractor to measure performance, assess Department of Energy (DOE) compliance, reduce costs, and minimize duplication of effort. The role of the PF subcontractor is to provide the Laboratory with effective and efficient protective force services. PF services include providing protection for the special nuclear material, government property and classified or sensitive information developed and/or consigned to the Laboratory, as well as protection for personnel who work or participate in laboratory activities. FSS S and S oversight of both performance and compliance standards/metrics is essential for these PF objectives to be met

  19. Building a highly available and intrusion tolerant Database Security and Protection System (DSPS).

    Science.gov (United States)

    Cai, Liang; Yang, Xiao-Hu; Dong, Jin-Xiang

    2003-01-01

    Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.

  20. Internet Censorship

    Science.gov (United States)

    Jyotsna; Kapil; Aayush

    2012-09-01

    Censorship on Internet has always wet its hands in the water of controversies, It is said to go in with synonym of "FILTERING THE NET" i.e. Either done to protect minors or for nationís privacy, some take it as snatching their freedom over internet and some take it as an appropriate step to protect minor, It has its supporters as well as opponents.Google has reported a whooping number of requests from Governments of U.K, China, Poland, Spain, and Canada to remove videos and search links that led to harassment, sensitive issues or suspicious people. This paper deals with the cons of censorship on internet and to make people aware of the fact that Internet is not a single body owned by an org. but an open sky of information shared equally by all. Research done has found out many unseen aspects of different people's view point.

  1. Current experiences with internet telepathology and possible evolution in the next generation of Internet services.

    Science.gov (United States)

    Della Mea, V; Beltrami, C A

    2000-01-01

    The last five years experience has definitely demonstrated the possible applications of the Internet for telepathology. They may be listed as follows: (a) teleconsultation via multimedia e-mail; (b) teleconsultation via web-based tools; (c) distant education by means of World Wide Web; (d) virtual microscope management through Web and Java interfaces; (e) real-time consultations through Internet-based videoconferencing. Such applications have led to the recognition of some important limits of the Internet, when dealing with telemedicine: (i) no guarantees on the quality of service (QoS); (ii) inadequate security and privacy; (iii) for some countries, low bandwidth and thus low responsiveness for real-time applications. Currently, there are several innovations in the world of the Internet. Different initiatives have been aimed at an amelioration of the Internet protocols, in order to have quality of service, multimedia support, security and other advanced services, together with greater bandwidth. The forthcoming Internet improvements, although induced by electronic commerce, video on demand, and other commercial needs, are of real interest also for telemedicine, because they solve the limits currently slowing down the use of Internet. When such new services will be available, telepathology applications may switch from research to daily practice in a fast way.

  2. A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS.

    Science.gov (United States)

    Das, Ashok Kumar; Odelu, Vanga; Goswami, Adrijit

    2015-09-01

    The telecare medicine information system (TMIS) helps the patients to gain the health monitoring facility at home and access medical services over the Internet of mobile networks. Recently, Amin and Biswas presented a smart card based user authentication and key agreement security protocol usable for TMIS system using the cryptographic one-way hash function and biohashing function, and claimed that their scheme is secure against all possible attacks. Though their scheme is efficient due to usage of one-way hash function, we show that their scheme has several security pitfalls and design flaws, such as (1) it fails to protect privileged-insider attack, (2) it fails to protect strong replay attack, (3) it fails to protect strong man-in-the-middle attack, (4) it has design flaw in user registration phase, (5) it has design flaw in login phase, (6) it has design flaw in password change phase, (7) it lacks of supporting biometric update phase, and (8) it has flaws in formal security analysis. In order to withstand these security pitfalls and design flaws, we aim to propose a secure and robust user authenticated key agreement scheme for the hierarchical multi-server environment suitable in TMIS using the cryptographic one-way hash function and fuzzy extractor. Through the rigorous security analysis including the formal security analysis using the widely-accepted Burrows-Abadi-Needham (BAN) logic, the formal security analysis under the random oracle model and the informal security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results show that our scheme is also secure. Our scheme is more efficient in computation and communication as compared to Amin-Biswas's scheme and other related schemes. In addition, our scheme supports extra functionality features as compared to

  3. The Internet of Hackable Things

    DEFF Research Database (Denmark)

    Dragoni, Nicola; Giaretta, Alberto; Mazzara, Manuel

    2017-01-01

    The Internet of Things makes possible to connect each everyday object to the Internet, making computing pervasive like never before. From a security and privacy perspective, this tsunami of connectivity represents a disaster, which makes each object remotely hackable. We claim that, in order...

  4. Privacy preservation and information security protection for patients' portable electronic health records.

    Science.gov (United States)

    Huang, Lu-Chou; Chu, Huei-Chung; Lien, Chung-Yueh; Hsiao, Chia-Hung; Kao, Tsair

    2009-09-01

    As patients face the possibility of copying and keeping their electronic health records (EHRs) through portable storage media, they will encounter new risks to the protection of their private information. In this study, we propose a method to preserve the privacy and security of patients' portable medical records in portable storage media to avoid any inappropriate or unintentional disclosure. Following HIPAA guidelines, the method is designed to protect, recover and verify patient's identifiers in portable EHRs. The results of this study show that our methods are effective in ensuring both information security and privacy preservation for patients through portable storage medium.

  5. Exploring and analyzing Internet crimes and their behaviours

    Directory of Open Access Journals (Sweden)

    Bhavna Arora

    2016-09-01

    Full Text Available The world today is experiencing an exponential growth in cyberspace. Nevertheless, India too has witnessed a significant ascend in Internet activities and it is quite assertive to say that such phenomenal growth in access to information on one hand leads to empowered individuals and organization and on the other hand also poses new challenges to government and citizens. To make the cyber world safe is the need of the hour. Putting up deterrent measures against cybercrime is essential to national cyber security in protecting critical infrastructure of the nation as well as for individuals. In this regard, the prime objective of the government is to prevent cyber attacks and to protect the country's critical infrastructure. It also focuses on reducing vulnerability to cyber attacks so as to reduce and minimize damage and recovery time. To prevent the cyber crimes, individuals and governments need to clearly understand the crime schemes in the cyberspace and the contemporary and continuing Internet trends and behaviours of these criminals. This paper gives a brief outline of categories of cybercrimes. These crimes are categorized as crimes against individuals, property, organizations and governments. Various Internet crime scheme are evaluated and behaviour of criminals to perform the cybercrimes has been analyzed. A critical evaluation of report of cybercrime complaints under IT Act 2000 has been presented.

  6. Internet-Shopping heute: Der Einsatz des Internets als Vertriebs- und Distributionskanal: Analyse der Sicherheitsanforderungen bestehender und potentieller Betreiber

    OpenAIRE

    Fark, M.

    1998-01-01

    This study examines enterprises which are to date already using the Internet for their customer communication. The analysis is based on commercial and security issues. Commercial issues include the market potential of the business. Security requirements include customer and server authenticity, data integrity, confidentiality, and provability of the service. The relationship between these factors is examined: success of the Internet usage, satisfaction of expectations by the providers, the am...

  7. Privacy and Security in Connected Vehicles Ecosystems

    Directory of Open Access Journals (Sweden)

    Marius POPA

    2017-01-01

    Full Text Available Modern vehicles could not be figured out without Internet connections in order to provide customers a wide range of services in the vehicle: infotainment platforms, third-party support, on-board and online monitor and maintenance, business analytics for car fleets. Exposure of the vehicles to the Internet turns them into targets for viruses, worms, Trojans, DoS and lot of other threats for connected vehicle security. Beside the classic threats of the Internet exposure, other new threats are introduced by the Internet of Things (IoT new technologies that are poor regulated or undefined yet from the security point of view. Also, the large variety of the IoT technologies not being standardized yet contribute to security issues in this area of the automotive industry. This paper provides an overview of the connected vehicle environment, considering the main components of such kind of system and the main security challenges to be considered for building reliable secure online systems for connected vehicles.

  8. Genetic-linked Inattentiveness Protects Individuals from Internet Overuse: A Genetic Study of Internet Overuse Evaluating Hypotheses Based on Addiction, Inattention, Novelty-seeking and Harm-avoidance

    Directory of Open Access Journals (Sweden)

    Cheng Sun

    2016-06-01

    Full Text Available The all-pervasive Internet has created serious problems, such as Internet overuse, which has triggered considerable debate over its relationship with addiction. To further explore its genetic susceptibilities and alternative explanations for Internet overuse, we proposed and evaluated four hypotheses, each based on existing knowledge of the biological bases of addiction, inattention, novelty-seeking, and harm-avoidance. Four genetic loci including DRD4 VNTR, DRD2 Taq1A, COMT Val158Met and 5-HTTLPR length polymorphisms were screened from seventy-three individuals. Our results showed that the DRD4 4R/4R individuals scored significantly higher than the 2R or 7R carriers in Internet Addiction Test (IAT. The 5-HTTLPR short/short males scored significantly higher in IAT than the long variant carriers. Bayesian analysis showed the most compatible hypothesis with the observed genetic results was based on attention (69.8%, whereas hypotheses based harm-avoidance (21.6%, novelty-seeking (7.8% and addiction (0.9% received little support. Our study suggests that carriers of alleles (DRD4 2R and 7R, 5-HTTLPR long associated with inattentiveness are more likely to experience disrupted patterns and reduced durations of Internet use, protecting them from Internet overuse. Furthermore, our study suggests that Internet overuse should be categorized differently from addiction due to the lack of shared genetic contributions.

  9. Cyber Security and Habeas Data: The Latin American response to information security and data protection

    Directory of Open Access Journals (Sweden)

    Luisa Parraguez Kobek

    2016-11-01

    Full Text Available Habeas Data is not a commonly known concept, yet it is widely acknowledged in certain circles that deal with information security and data protection. Though it has been around for decades, it has recently gained momentum in Latin America. It is the legal notion that protects any and all information pertaining to the individual, from personal to financial, giving them the power to decide how and where such data can be used. At the same time, most Latin American countries have created laws that protect individuals if their  information is misused. This article examines the concept of Habeas Data from its inception to its current applications, and explains the different approaches and legislations passed in Latin American countries on data protection due to the rise of global cybercrime.

  10. Protecting and securing the energy infrastructure

    Energy Technology Data Exchange (ETDEWEB)

    Gillham, B. [Conoco Canada Ltd., Calgary, AB (Canada)

    2002-07-01

    Critical Infrastructure Protection (CIP) includes protection against physical and cyber attacks as well as potential interruptions and vulnerabilities such as natural disasters and human error. CIP makes it possible to deal with the consequences of infrastructure failures that can have regional, national and international impacts. The energy sector is challenged because there has been an irreversible move to automated control systems and electronic transactions. In addition, due to mergers and joint ventures, the line between traditional oil, natural gas companies and power companies is not perfectly clear. Energy industries can no longer be seen in isolation of each other because they depend on other critical infrastructures. Industry should lead CIP programs through risk management assessments, develop and implement global information technology standards, and enhance response and recovery planning. The National Petroleum Council (NPC) will continue to develop the capabilities of the newly formed Information Sharing and Assessment Centre (ISAC). The sector will also continue to develop common vulnerability assessment goals. It was noted that response and recovery plans must include the cyber dimension, because there has been an increasing number of scans and probes from the Internet since the events of September 11, 2001. It was noted that physical incidents can often turn into cyber incidents and vice versa.

  11. Secure and Reliable IPTV Multimedia Transmission Using Forward Error Correction

    Directory of Open Access Journals (Sweden)

    Chi-Huang Shih

    2012-01-01

    Full Text Available With the wide deployment of Internet Protocol (IP infrastructure and rapid development of digital technologies, Internet Protocol Television (IPTV has emerged as one of the major multimedia access techniques. A general IPTV transmission system employs both encryption and forward error correction (FEC to provide the authorized subscriber with a high-quality perceptual experience. This two-layer processing, however, complicates the system design in terms of computational cost and management cost. In this paper, we propose a novel FEC scheme to ensure the secure and reliable transmission for IPTV multimedia content and services. The proposed secure FEC utilizes the characteristics of FEC including the FEC-encoded redundancies and the limitation of error correction capacity to protect the multimedia packets against the malicious attacks and data transmission errors/losses. Experimental results demonstrate that the proposed scheme obtains similar performance compared with the joint encryption and FEC scheme.

  12. Security Risks and Protection in Online Learning: A Survey

    Science.gov (United States)

    Chen, Yong; He, Wu

    2013-01-01

    This paper describes a survey of online learning which attempts to determine online learning providers' awareness of potential security risks and the protection measures that will diminish them. The authors use a combination of two methods: blog mining and a traditional literature search. The findings indicate that, while scholars have…

  13. IPTV Service Framework Based on Secure Authentication and Lightweight Content Encryption for Screen-Migration in Cloud Computing

    Directory of Open Access Journals (Sweden)

    Aymen Abdullah Alsaffar

    2015-01-01

    Full Text Available These days, the advancing of smart devices (e.g. smart phones, tablets, PC, etc. capabilities and the increase of internet bandwidth enables IPTV service provider to extend their services to smart mobile devices. User can just receive their IPTV service using any smart devices by accessing the internet via wireless network from anywhere anytime in the world which is convenience for users. However, wireless network communication has well a known critical security threats and vulnerabilities to user smart devices and IPTV service such as user identity theft, reply attack, MIM attack, and so forth. A secure authentication for user devices and multimedia protection mechanism is necessary to protect both user devices and IPTV services. As result, we proposed framework of IPTV service based on secure authentication mechanism and lightweight content encryption method for screen-migration in Cloud computing. We used cryptographic nonce combined with user ID and password to authenticate user device in any mobile terminal they passes by. In addition we used Lightweight content encryption to protect and reduce the content decode overload at mobile terminals. Our proposed authentication mechanism reduces the computational processing by 30% comparing to other authentication mechanism and our lightweight content encryption reduces encryption delay to 0.259 second.

  14. Older Adults' Knowledge of Internet Hazards

    Science.gov (United States)

    Grimes, Galen A.; Hough, Michelle G.; Mazur, Elizabeth; Signorella, Margaret L.

    2010-01-01

    Older adults are less likely to be using computers and less knowledgeable about Internet security than are younger users. The two groups do not differ on trust of Internet information. The younger group shows no age or gender differences. Within the older group, computer users are more trusting of Internet information, and along with those with…

  15. Internet enlightens; Internet eclaire

    Energy Technology Data Exchange (ETDEWEB)

    Anon.

    2010-01-15

    This part of the issue gives Internet addresses in relation with nuclear energy, safety, radiation protection, legislation, at the national level and European and international level. A special part is devoted to non ionizing radiation. (N.C.)

  16. Using innovation from block chain technology to address privacy and security problems of Internet of Things

    OpenAIRE

    Manocha, Jitendra

    2017-01-01

    Internet of things (IoT) is growing at a phenomenal speed and outpacing all the technological revolutions that occurred in the past. Together with window of opportunity it also poses quite a few challenges. One of the most important and unresolved challenge is vulnerability in security and privacy in IoT. This is mainly due to lack of a global decentralized standard even though characteristically IoT is based on distributed systems. Due to lack of standard IoT has interoperability issue betwe...

  17. 33 CFR 165.1321 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA.

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security Zone; Protection of... Areas Thirteenth Coast Guard District § 165.1321 Security Zone; Protection of Military Cargo, Captain of... Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PORTS AND WATERWAYS SAFETY...

  18. Teleradiology mobile internet system with a new information security solution

    Science.gov (United States)

    Satoh, Hitoshi; Niki, Noboru; Eguchi, Kenji; Ohmatsu, Hironobu; Kusumoto, Masahiko; Kaneko, Masahiro; Moriyama, Noriyuki

    2014-03-01

    We have developed an external storage system by using secret sharing scheme and tokenization for regional medical cooperation, PHR service and information preservation. The use of mobile devices such as smart phones and tablets will be accelerated for a PHR service, and the confidential medical information is exposed to the risk of damage and intercept. We verified the transfer rate of the sending and receiving of data to and from the external storage system that connected it with PACS by the Internet this time. External storage systems are the data centers that exist in Okinawa, in Osaka, in Sapporo and in Tokyo by using secret sharing scheme. PACS continuously transmitted 382 CT images to the external data centers. Total capacity of the CT images is about 200MB. The total time that had been required to transmit was about 250 seconds. Because the preservation method to use secret sharing scheme is applied, security is strong. But, it also takes the information transfer time of this system too much. Therefore, DICOM data is masked to the header information part because it is made to anonymity in our method. The DICOM data made anonymous is preserved in the data base in the hospital. Header information including individual information is divided into two or more tallies by secret sharing scheme, and preserved at two or more external data centers. The token to relate the DICOM data anonymity made to header information preserved outside is strictly preserved in the token server. The capacity of header information that contains patient's individual information is only about 2% of the entire DICOM data. This total time that had been required to transmit was about 5 seconds. Other, common solutions that can protect computer communication networks from attacks are classified as cryptographic techniques or authentication techniques. Individual number IC card is connected with electronic certification authority of web medical image conference system. Individual number IC

  19. 33 CFR 165.1313 - Security zone regulations, tank ship protection, Puget Sound and adjacent waters, Washington

    Science.gov (United States)

    2010-07-01

    ... Areas Thirteenth Coast Guard District § 165.1313 Security zone regulations, tank ship protection, Puget... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security zone regulations, tank ship protection, Puget Sound and adjacent waters, Washington 165.1313 Section 165.1313 Navigation and...

  20. Computer Security: Virus Highlights Need for Improved Internet Management

    Science.gov (United States)

    1989-06-01

    Kingdom. Page 47 GAO/IMTEC-89-57 Internet Computer Virus Appendix III Major Contributors to This Report Information Management and Technology ...resources; disrupts the intended use of the Internet ; or wastes resources, destroys the integrity of computer -based information , or compromises users...and information from the other party in order to assist in preparation for trial. Page 32 GAO/IMTEC-89-57 Internet Computer Virus Chapter 3 Factors

  1. Sandia's experience in designing and implementing integrated high security physical protection systems

    International Nuclear Information System (INIS)

    Caskey, D.L.

    1986-01-01

    As DOE's lead laboratory for physical security, Sandia National Laboratories has had a major physical security program for over ten years. Activities have ranged from component development and evaluation, to full scale system design and implementation. This paper presents some of the lessons learned in designing and implementing state-of-the-art high security physical protection systems for a number of government facilities. A generic system design is discussed for illustration purposes. Sandia efforts to transfer technology to industry are described

  2. Education Organization Baseline Control Protection and Trusted Level Security

    Directory of Open Access Journals (Sweden)

    Wasim A. Al-Hamdani

    2007-12-01

    Full Text Available Many education organizations have adopted for security the enterprise best practices for implementation on their campuses, while others focus on ISO Standard (or/and the National Institution of Standards and Technology.All these adoptions are dependent on IT personal and their experiences or knowledge of the standard. On top of this is the size of the education organizations. The larger the population in an education organization, the more the problem of information and security become very clear. Thus, they have been obliged to comply with information security issues and adopt the national or international standard. The case is quite different when the population size of the education organization is smaller. In such education organizations, they use social security numbers as student ID, and issue administrative rights to faculty and lab managers – or they are not aware of the Family Educational Rights and Privacy Act (FERPA – and release some personal information.The problem of education organization security is widely open and depends on the IT staff and their information security knowledge in addition to the education culture (education, scholarships and services has very special characteristics other than an enterprise or comparative organizationThis paper is part of a research to develop an “Education Organization Baseline Control Protection and Trusted Level Security.” The research has three parts: Adopting (standards, Testing and Modifying (if needed.

  3. Retailing and Shopping on the Internet.

    Science.gov (United States)

    Rowley, Jennifer

    1996-01-01

    Internet advertising and commercial activity are increasing. This article examines challenges facing the retail industry on the Internet: location; comparison shopping; security, especially financial transactions; customer base and profile; nature of the shopping experience; and legal and marketplace controls. (PEN)

  4. IoT Security Techniques Based on Machine Learning

    OpenAIRE

    Xiao, Liang; Wan, Xiaoyue; Lu, Xiaozhen; Zhang, Yanyong; Wu, Di

    2018-01-01

    Internet of things (IoT) that integrate a variety of devices into networks to provide advanced and intelligent services have to protect user privacy and address attacks such as spoofing attacks, denial of service attacks, jamming and eavesdropping. In this article, we investigate the attack model for IoT systems, and review the IoT security solutions based on machine learning techniques including supervised learning, unsupervised learning and reinforcement learning. We focus on the machine le...

  5. Raise your defence: a baseline for security

    CERN Multimedia

    Computer Security Team

    2011-01-01

    It is an unfair imbalance: the (computer) security of a system/service is only as strong as the weakest link in the chain of protection. This provides attackers with an incredible advantage: they can choose when to attack, where and with which means. The defence side is permanently under pressure: they must defend at all times all assets against all eventualities. For computer security, this means that every computer system, every account, every web site and every service must be properly protected --- always.   In particular, at CERN, those services visible to the Internet are permanently probed. Web sites and servers are permanently scanned by adversaries for vulnerabilities; attackers repeatedly try to guess user passwords on our remote access gateways like LXPLUS or CERNTS; computing services, e.g. for Grid computing, are analysed again and again by malicious attackers for weaknesses which can be exploited. Thanks to the vigilance of the corresponding system and service experts, these atta...

  6. Toward a Robust Security Paradigm for Bluetooth Low Energy-Based Smart Objects in the Internet-of-Things

    Science.gov (United States)

    Cha, Shi-Cho; Chen, Jyun-Fu

    2017-01-01

    Bluetooth Low Energy (BLE) has emerged as one of the most promising technologies to enable the Internet-of-Things (IoT) paradigm. In BLE-based IoT applications, e.g., wearables-oriented service applications, the Bluetooth MAC addresses of devices will be swapped for device pairings. The random address technique is adopted to prevent malicious users from tracking the victim’s devices with stationary Bluetooth MAC addresses and accordingly the device privacy can be preserved. However, there exists a tradeoff between privacy and security in the random address technique. That is, when device pairing is launched and one device cannot actually identify another one with addresses, it provides an opportunity for malicious users to break the system security via impersonation attacks. Hence, using random addresses may lead to higher security risks. In this study, we point out the potential risk of using random address technique and then present critical security requirements for BLE-based IoT applications. To fulfill the claimed requirements, we present a privacy-aware mechanism, which is based on elliptic curve cryptography, for secure communication and access-control among BLE-based IoT objects. Moreover, to ensure the security of smartphone application associated with BLE-based IoT objects, we construct a Smart Contract-based Investigation Report Management framework (SCIRM) which enables smartphone application users to obtain security inspection reports of BLE-based applications of interest with smart contracts. PMID:29036900

  7. Toward a Robust Security Paradigm for Bluetooth Low Energy-Based Smart Objects in the Internet-of-Things

    Directory of Open Access Journals (Sweden)

    Shi-Cho Cha

    2017-10-01

    Full Text Available Bluetooth Low Energy (BLE has emerged as one of the most promising technologies to enable the Internet-of-Things (IoT paradigm. In BLE-based IoT applications, e.g., wearables-oriented service applications, the Bluetooth MAC addresses of devices will be swapped for device pairings. The random address technique is adopted to prevent malicious users from tracking the victim’s devices with stationary Bluetooth MAC addresses and accordingly the device privacy can be preserved. However, there exists a tradeoff between privacy and security in the random address technique. That is, when device pairing is launched and one device cannot actually identify another one with addresses, it provides an opportunity for malicious users to break the system security via impersonation attacks. Hence, using random addresses may lead to higher security risks. In this study, we point out the potential risk of using random address technique and then present critical security requirements for BLE-based IoT applications. To fulfill the claimed requirements, we present a privacy-aware mechanism, which is based on elliptic curve cryptography, for secure communication and access-control among BLE-based IoT objects. Moreover, to ensure the security of smartphone application associated with BLE-based IoT objects, we construct a Smart Contract-based Investigation Report Management framework (SCIRM which enables smartphone application users to obtain security inspection reports of BLE-based applications of interest with smart contracts.

  8. Internet enlightens; Internet eclaire

    Energy Technology Data Exchange (ETDEWEB)

    Figueiredo, S. [IRSN, 92 - Fontenay-aux-Roses (France)

    2010-04-15

    This part of the issue gives Internet addresses in relation with nuclear energy, safety, radiation protection in nuclear medicine, legislation, at the national level and European and international level. A special part is devoted to non ionizing radiation. (N.C.)

  9. FPGA implementation cost and performance evaluation of IEEE 802.11 protocol encryption security schemes

    Science.gov (United States)

    Sklavos, N.; Selimis, G.; Koufopavlou, O.

    2005-01-01

    The explosive growth of internet and consumer demand for mobility has fuelled the exponential growth of wireless communications and networks. Mobile users want access to services and information, from both internet and personal devices, from a range of locations without the use of a cable medium. IEEE 802.11 is one of the most widely used wireless standards of our days. The amount of access and mobility into wireless networks requires a security infrastructure that protects communication within that network. The security of this protocol is based on the wired equivalent privacy (WEP) scheme. Currently, all the IEEE 802.11 market products support WEP. But recently, the 802.11i working group introduced the advanced encryption standard (AES), as the security scheme for the future IEEE 802.11 applications. In this paper, the hardware integrations of WEP and AES are studied. A field programmable gate array (FPGA) device has been used as the hardware implementation platform, for a fair comparison between the two security schemes. Measurements for the FPGA implementation cost, operating frequency, power consumption and performance are given.

  10. FPGA implementation cost and performance evaluation of IEEE 802.11 protocol encryption security schemes

    International Nuclear Information System (INIS)

    Sklavos, N; Selimis, G; Koufopavlou, O

    2005-01-01

    The explosive growth of internet and consumer demand for mobility has fuelled the exponential growth of wireless communications and networks. Mobile users want access to services and information, from both internet and personal devices, from a range of locations without the use of a cable medium. IEEE 802.11 is one of the most widely used wireless standards of our days. The amount of access and mobility into wireless networks requires a security infrastructure that protects communication within that network. The security of this protocol is based on the wired equivalent privacy (WEP) scheme. Currently, all the IEEE 802.11 market products support WEP. But recently, the 802.11i working group introduced the advanced encryption standard (AES), as the security scheme for the future IEEE 802.11 applications. In this paper, the hardware integrations of WEP and AES are studied. A field programmable gate array (FPGA) device has been used as the hardware implementation platform, for a fair comparison between the two security schemes. Measurements for the FPGA implementation cost, operating frequency, power consumption and performance are given

  11. The Internet of things connecting objects

    CERN Document Server

    Chaouchi, Hakima

    2013-01-01

    Internet of Things: Connecting Objects… puts forward the technologies and the networking architectures which make it possible to support the Internet of Things. Amongst these technologies, RFID, sensor and PLC technologies are described and a clear view on how they enable the Internet of Things is given. This book also provides a good overview of the main issues facing the Internet of Things such as the issues of privacy and security, application and usage, and standardization.

  12. Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets

    OpenAIRE

    Angrishi, Kishore

    2017-01-01

    Internet of Things (IoT) is the next big evolutionary step in the world of internet. The main intention behind the IoT is to enable safer living and risk mitigation on different levels of life. With the advent of IoT botnets, the view towards IoT devices has changed from enabler of enhanced living into Internet of vulnerabilities for cyber criminals. IoT botnets has exposed two different glaring issues, 1) A large number of IoT devices are accessible over public Internet. 2) Security (if cons...

  13. Develop a solution for protecting and securing enterprise networks from malicious attacks

    Science.gov (United States)

    Kamuru, Harshitha; Nijim, Mais

    2014-05-01

    In the world of computer and network security, there are myriad ways to launch an attack, which, from the perspective of a network, can usually be defined as "traffic that has huge malicious intent." Firewall acts as one of the measure in order to secure the device from incoming unauthorized data. There are infinite number of computer attacks that no firewall can prevent, such as those executed locally on the machine by a malicious user. From the network's perspective, there are numerous types of attack. All the attacks that degrade the effectiveness of data can be grouped into two types: brute force and precision. The Firewall that belongs to Juniper has the capability to protect against both types of attack. Denial of Service (DoS) attacks are one of the most well-known network security threats under brute force attacks, which is largely due to the high-profile way in which they can affect networks. Over the years, some of the largest, most respected Internet sites have been effectively taken offline by Denial of Service (DOS) attacks. A DoS attack typically has a singular focus, namely, to cause the services running on a particular host or network to become unavailable. Some DoS attacks exploit vulnerabilities in an operating system and cause it to crash, such as the infamous Win nuke attack. Others submerge a network or device with traffic so that there are no more resources to handle legitimate traffic. Precision attacks typically involve multiple phases and often involves a bit more thought than brute force attacks, all the way from reconnaissance to machine ownership. Before a precision attack is launched, information about the victim needs to be gathered. This information gathering typically takes the form of various types of scans to determine available hosts, networks, and ports. The hosts available on a network can be determined by ping sweeps. The available ports on a machine can be located by port scans. Screens cover a wide variety of attack traffic

  14. An ethernet/IP security review with intrusion detection applications

    International Nuclear Information System (INIS)

    Laughter, S. A.; Williams, R. D.

    2006-01-01

    Supervisory Control and Data Acquisition (SCADA) and automation networks, used throughout utility and manufacturing applications, have their own specific set of operational and security requirements when compared to corporate networks. The modern climate of heightened national security and awareness of terrorist threats has made the security of these systems of prime concern. There is a need to understand the vulnerabilities of these systems and how to monitor and protect them. Ethernet/IP is a member of a family of protocols based on the Control and Information Protocol (CIP). Ethernet/IP allows automation systems to be utilized on and integrated with traditional TCP/IP networks, facilitating integration of these networks with corporate systems and even the Internet. A review of the CIP protocol and the additions Ethernet/IP makes to it has been done to reveal the kind of attacks made possible through the protocol. A set of rules for the SNORT Intrusion Detection software is developed based on the results of the security review. These can be used to monitor, and possibly actively protect, a SCADA or automation network that utilizes Ethernet/IP in its infrastructure. (authors)

  15. Information security foundations, technologies and applications

    CERN Document Server

    Awad, Ali Ismail; Fairhurst, Michael

    2018-01-01

    This book outlines key emerging trends in information security from the foundations and technologies in biometrics, cybersecurity, and big data security to applications in hardware and embedded systems security, computer forensics, the Internet of Things security, and network security.

  16. On Secure Workflow Decentralisation on the Internet

    Directory of Open Access Journals (Sweden)

    Petteri Kaskenpalo

    2010-06-01

    Full Text Available Decentralised workflow management systems are a new research area, where most work to-date has focused on the system's overall architecture. As little attention has been given to the security aspects in such systems, we follow a security driven approach, and consider, from the perspective of available security building blocks, how security can be implemented and what new opportunities are presented when empowering the decentralised environment with modern distributed security protocols. Our research is motivated by a more general question of how to combine the positive enablers that email exchange enjoys, with the general benefits of workflow systems, and more specifically with the benefits that can be introduced in a decentralised environment. This aims to equip email users with a set of tools to manage the semantics of a message exchange, contents, participants and their roles in the exchange in an environment that provides inherent assurances of security and privacy. This work is based on a survey of contemporary distributed security protocols, and considers how these protocols could be used in implementing a distributed workflow management system with decentralised control . We review a set of these protocols, focusing on the required message sequences in reviewing the protocols, and discuss how these security protocols provide the foundations for implementing core control-flow, data, and resource patterns in a distributed workflow environment.

  17. Endpoint Security Using Biometric Authentication for Secure Remote Mission Operations

    Science.gov (United States)

    Donohue, John T.; Critchfield, Anna R.

    2000-01-01

    We propose a flexible security authentication solution for the spacecraft end-user, which will allow the user to interact over Internet with the spacecraft, its instruments, or with the ground segment from anywhere, anytime based on the user's pre-defined set of privileges. This package includes biometrics authentication products, such as face, voice or fingerprint recognition, authentication services and procedures, such as: user registration and verification over the Internet and user database maintenance, with a configurable schema of spacecraft users' privileges. This fast and reliable user authentication mechanism will become an integral part of end-to-end ground-to-space secure Internet communications and migration from current practice to the future. All modules and services of the proposed package are commercially available and built to the NIST BioAPI standard, which facilitates "pluggability" and interoperability.

  18. Canada and the Challenges of Cyberspace Governance and Security

    Directory of Open Access Journals (Sweden)

    Ron Deibert

    2013-03-01

    Full Text Available When Canada stood with the United States and Britain in refusing to sign on to a new, statecontrolled future for the Internet, at December’s World Conference on Information Technology, it certainly made the federal government appear to be a stalwart champion of Internet freedom. But in reality, Canada’s approach to cyberspace governance and security has, at best, sent mixed signals about our commitment to Internet freedom. At worst, it has actually contributed to increasing on-line censorship and surveillance by the very undemocratic and illiberal regimes that Canada voted against at the conference. Unfortunately this is a dangerous time for Canada to wallow in aimlessness: when it comes to cyberspace governance and security, the momentum is headed in the direction of greater state control. As demographic realities indicate, Internet usage will increasingly belong to the global South and East, where freedom is an unsettled and elusive concept. If Canada truly seeks to guard against the Internet falling captive to the controls sought by repressive regimes, such as those in China and Russia, it will have to offer the world a compelling, competing vision that demonstrates integrity and dedication to genuine Internet freedom. Among other things, that means moving beyond traditional top-down, state-centred models of security, which are a poor fit for a decentralized, global, publicly shared, but largely privately developed, communications network. Imposing conventional, state led policing frameworks on cyberspace — for instance, in the name of fighting cyber crime — only provides legitimacy to regimes abroad when they bring their own state powers to censor Internet communications. It also means thinking more carefully about how much we should tolerate our Canadian technology developers continuing to supply tools of repression to the foreign regimes who seek to dominate their own people. Canada has the potential to take on a leadership role in

  19. Protecting intellectual property in space; Proceedings of the Aerospace Computer Security Conference, McLean, VA, March 20, 1985

    Science.gov (United States)

    1985-01-01

    The primary purpose of the Aerospace Computer Security Conference was to bring together people and organizations which have a common interest in protecting intellectual property generated in space. Operational concerns are discussed, taking into account security implications of the space station information system, Space Shuttle security policies and programs, potential uses of probabilistic risk assessment techniques for space station development, key considerations in contingency planning for secure space flight ground control centers, a systematic method for evaluating security requirements compliance, and security engineering of secure ground stations. Subjects related to security technologies are also explored, giving attention to processing requirements of secure C3/I and battle management systems and the development of the Gemini trusted multiple microcomputer base, the Restricted Access Processor system as a security guard designed to protect classified information, and observations on local area network security.

  20. Space Internet-Embedded Web Technologies Demonstration

    Science.gov (United States)

    Foltz, David A.

    2001-01-01

    The NASA Glenn Research Center recently demonstrated the ability to securely command and control space-based assets by using the Internet and standard Internet Protocols (IP). This is a significant accomplishment because future NASA missions will benefit by using Internet standards-based protocols. The benefits include reduced mission costs and increased mission efficiency. The Internet-Based Space Command and Control System Architecture demonstrated at the NASA Inspection 2000 event proved that this communications architecture is viable for future NASA missions.

  1. Analysis of radiological protection and security in the radioactive diagnosis area in a third level hospital

    International Nuclear Information System (INIS)

    Azorin Vega, J.C.; Aazorin Nieto, J.; Rivera Montalvo, T.

    1998-01-01

    Results from the evaluation made to radiological security and protection conditions prevailing in 13 medical diagnosis rooms with X rays at the National Nutrition Institute Zlavador Zubiran (third level hospital), aiming to give adequate protection and radiological security devices to the staff exposed from that hospital and to comply fully with requirements set by the standards

  2. Securing E-mail Communication Using Hybrid Cryptosystem on Android-based Mobile Devices

    Directory of Open Access Journals (Sweden)

    Andri Zakariya

    2012-12-01

    Full Text Available One of the most popular internet services is electronic mail (e-mail. By using mobile devices with internet connection, e-mail can be widely used by anyone to exchange information anywhere and anytime whether public or confidential. Unfortunately, there are some security issues with email communication; e-mail is sent in over open networks and e-mail is stored on potentially insecure mail servers. Moreover, e-mail has no integrity protection so the body can be undectected altered in transit or on the e-mail server. E-mail also has no data origin authentication, so people cannot be sure that the emails they receive are from the e-mail address owner. In order to solve this problem, this study proposes a secure method of e-mail communication on Android-based mobile devices using a hybrid cryptosystem which combines symmetric encryption, asymmetric encryption and hash function. The experimental results show that the proposed method succeeded in meeting those aspects of information security including confidentiality, data integrity, authentication, and non-repudiation.

  3. Middleware-based Security for Hyperconnected Applications in Future In-Car Networks

    Directory of Open Access Journals (Sweden)

    Alexandre Bouard

    2013-12-01

    Full Text Available Today’s cars take advantage of powerful electronic platforms and provide more and more sophisticated connected services. More than just ensuring the role of a safe transportation mean, they process private information, industrial secrets, communicate with our smartphones, Internet and will soon host thirdparty applications. Their pervasive computerization makes them vulnerable to common security attacks, against which automotive technologies cannot protect. The transition toward Ethernet/IP-based on-board communication could be a first step to respond to these security and privacy issues. In this paper, we present a security framework leveraging local and distributed information flow techniques in order to secure the on-board network against internal and external untrusted components. We describe the implementation and integration of such a framework within an IP-based automotive middleware and provide its evaluation.

  4. An Energy-Efficient Virtualization-Based Secure Platform for Protecting Sensitive User Data

    Directory of Open Access Journals (Sweden)

    Kyung-Soo Lim

    2017-07-01

    Full Text Available Currently, the exchange cycles of various computers, smartphones, tablets, and others have become shorter, because new high-performance devices continue to roll out rapidly. However, existing legacy devices are not old-fashioned or obsolete to use. From the perspective of sustainable information technology (IT, energy-efficient virtualization can apply a way to increase reusability for special customized devices and enhance the security of existing legacy devices. It means that the virtualization can customize a specially designed purpose using the guest domain from obsolete devices. Thus, this could be a computing scheme that keeps energy supplies and demands in balance for future sustainable IT. Moreover, energy-efficient virtualization can be the long-term and self-sustainable solution such as cloud computing, big data and so forth. By separating the domain of the host device based on virtualization, the guest OS on the segmented domain can be used as a Trusted Execution Environment to perform security features. In this paper, we introduce a secure platform to protect sensitive user data by domain isolation utilizing virtualization. The sensitive user data on our secure platform can protect against the infringement of personal information by malicious attacks. This study is an effective solution in terms of sustainability by recycling them for special purposes or enhancing the security of existing devices.

  5. Factors and Predictors of Online Security and Privacy Behavior

    Directory of Open Access Journals (Sweden)

    Goran Bubaš

    2008-12-01

    Full Text Available Assumptions and habits regarding computer and Internet use are among the major factors which influence online privacy and security of Internet users. In our study a survey was performed on 312 subjects (college students who are Internet users with IT skills that investigated how assumptions and habits of Internet users are related to their online security and privacy. The following four factors of online security and privacy related behaviors were revealed in factor analysis: F1 – conscientiousness in the maintenance of the operating system, upgrading of the Internet browser and use of antivirus and antispyware programs; F2 –engagement in risky and careless online activities with lack of concern for personal online privacy; F3 – disbelief that privacy violations and security threats represent possible problems; F4 – lack of fear regarding potential privacy and security threats with no need for change in personal online behavior. Statistically significant correlations were found between some of the discovered factors on the one side, and criteria variables occurrence of malicious code (C1 and data loss on the home computer (C2 on the other. In addition, a regression analysis was performed which revealed that the potentially risky online behaviors of Internet users were associated with the two criteria variables. To properly interpret the results of correlation and regression analyses a conceptual model was developed of the potential causal relationships between the behavior of Internet users and their experiences with online security threats. An additional study was also performed which partly confirmed the conceptual model, as well as the factors of online security and privacy related behaviors.

  6. On the security of consumer wearable devices in the Internet of Things.

    Science.gov (United States)

    Tahir, Hasan; Tahir, Ruhma; McDonald-Maier, Klaus

    2018-01-01

    Miniaturization of computer hardware and the demand for network capable devices has resulted in the emergence of a new class of technology called wearable computing. Wearable devices have many purposes like lifestyle support, health monitoring, fitness monitoring, entertainment, industrial uses, and gaming. Wearable devices are hurriedly being marketed in an attempt to capture an emerging market. Owing to this, some devices do not adequately address the need for security. To enable virtualization and connectivity wearable devices sense and transmit data, therefore it is essential that the device, its data and the user are protected. In this paper the use of novel Integrated Circuit Metric (ICMetric) technology for the provision of security in wearable devices has been suggested. ICMetric technology uses the features of a device to generate an identification which is then used for the provision of cryptographic services. This paper explores how a device ICMetric can be generated by using the accelerometer and gyroscope sensor. Since wearable devices often operate in a group setting the work also focuses on generating a group identification which is then used to deliver services like authentication, confidentiality, secure admission and symmetric key generation. Experiment and simulation results prove that the scheme offers high levels of security without compromising on resource demands.

  7. Security Issues in E-Business Platforms

    OpenAIRE

    Defta Costinela – Luminita; Iacob Nicoleta - Magdalena

    2011-01-01

    E-business consists mostly in the implementation of the business processes by using the information technology and internet services. Since all business processes must be connected to the internet and available for users, the choice of the information solutions on which e-business is built is crucial for the security. Now more than ever, businesses need to be concerned about the security of their networks. In this paper we will highlight the security threats related to the e-business platform...

  8. 17 CFR 240.15b5-1 - Extension of registration for purposes of the Securities Investor Protection Act of 1970 after...

    Science.gov (United States)

    2010-04-01

    ... purposes of the Securities Investor Protection Act of 1970 after cancellation or revocation. 240.15b5-1... purposes of the Securities Investor Protection Act of 1970 after cancellation or revocation. Commission... member within the meaning of Section 3(a)(2) of the Securities Investor Protection Act of 1970 for...

  9. Influence of Security Mechanisms on the Quality of Service of VoIP

    Science.gov (United States)

    Backs, Peter; Pohlmann, Norbert

    While Voice over IP (VoIP) is advancing rapidly in the telecommunications market, the interest to protect the data transmitted by this new service is also rising. However, in contrast to other internet services such as email or HTTP, VoIP is real-time media, and therefore must meet a special requirement referred to as Quality-of-Service to provide a comfortable flow of speech. Speech quality is worsened when transmitted over the network due to delays in transmission or loss of packets. Often, voice quality is at a level that even prevents comprehensive dialog. Therefore, an administrator who is to setup a VoIP infrastructure might consider avoiding additional decreases in voice quality resulting from security mechanisms, and might leave internet telephony unprotected as a result. The inspiration for this paper is to illustrate that security mechanisms have negligible impact on speech quality and should in fact be encouraged.

  10. Joint force protection advanced security system (JFPASS) "the future of force protection: integrate and automate"

    Science.gov (United States)

    Lama, Carlos E.; Fagan, Joe E.

    2009-09-01

    The United States Department of Defense (DoD) defines 'force protection' as "preventive measures taken to mitigate hostile actions against DoD personnel (to include family members), resources, facilities, and critical information." Advanced technologies enable significant improvements in automating and distributing situation awareness, optimizing operator time, and improving sustainability, which enhance protection and lower costs. The JFPASS Joint Capability Technology Demonstration (JCTD) demonstrates a force protection environment that combines physical security and Chemical, Biological, Radiological, Nuclear, and Explosive (CBRNE) defense through the application of integrated command and control and data fusion. The JFPASS JCTD provides a layered approach to force protection by integrating traditional sensors used in physical security, such as video cameras, battlefield surveillance radars, unmanned and unattended ground sensors. The optimization of human participation and automation of processes is achieved by employment of unmanned ground vehicles, along with remotely operated lethal and less-than-lethal weapon systems. These capabilities are integrated via a tailorable, user-defined common operational picture display through a data fusion engine operating in the background. The combined systems automate the screening of alarms, manage the information displays, and provide assessment and response measures. The data fusion engine links disparate sensors and systems, and applies tailored logic to focus the assessment of events. It enables timely responses by providing the user with automated and semi-automated decision support tools. The JFPASS JCTD uses standard communication/data exchange protocols, which allow the system to incorporate future sensor technologies or communication networks, while maintaining the ability to communicate with legacy or existing systems.

  11. Differences in legislation of data privacy protection in internet marketing in USA, EU and Serbia

    Directory of Open Access Journals (Sweden)

    Markov Jasmina

    2012-01-01

    Full Text Available There is a growing number of companies that are, in its operations and dealings with consumers, turning to the Internet and using huge opportunities that it provides. Therefore, Internet marketing is now experiencing extreme expansion and it is considered to be the marketing segment that is vulnerable to intensive and continuous change. Along with the positive effects brought to both businesses and consumers, there are some negatives associated with this form of marketing, and one of them is the insufficient protection of privacy. The fact is that we must raise the level of data protection, and improve its quality. Intense changes have to be taken on the normative level, because there are still plenty of reasons for the dissatisfaction of consumers when it comes to protecting their privacy. Thus, the legislation must play a key role in building consumer confidence as well as in the establishment of a positive relationship with marketers. The aim of this paper is to show the importance of the construction of such levels of private data protection which will establish longterm partnerships between consumers, marketers and other participants in the market, since only the aforementioned relations can bring prosperity to all parties. The paper will make a comparative analysis of the legislative framework in this field in the United States, the European Union and Serbia, as well as stress still present significant backlog of Serbia in relation to the aforementioned developed countries.

  12. Zephyr: A secure Internet process to streamline engineering

    Energy Technology Data Exchange (ETDEWEB)

    Jordan, C.W.; Niven, W.A.; Cavitt, R.E. [and others

    1998-05-12

    Lawrence Livermore National Laboratory (LLNL) is implementing an Internet-based process pilot called `Zephyr` to streamline engineering and commerce using the Internet. Major benefits have accrued by using Zephyr in facilitating industrial collaboration, speeding the engineering development cycle, reducing procurement time, and lowering overall costs. Programs at LLNL are potentializing the efficiencies introduced since implementing Zephyr. Zephyr`s pilot functionality is undergoing full integration with Business Systems, Finance, and Vendors to support major programs at the Laboratory.

  13. Internet Ethics Issues and Actions in Japan

    OpenAIRE

    江澤, 義典

    2013-01-01

    The International Symposium on Internet Ethics 2012 was planned and organized by the Korea Internet Security Agency and was held in September 2012 at the Lotte Hotel World in Seoul. This note relates to the presentation in Japan, it outlines current Internet ethics issues and actions in Japan. Moreover, four aspects of Japanese civilization were introduced as the bases of these ethics issues.

  14. Breaching the security of the Kaiser Permanente Internet patient portal: the organizational foundations of information security.

    Science.gov (United States)

    Collmann, Jeff; Cooper, Ted

    2007-01-01

    This case study describes and analyzes a breach of the confidentiality and integrity of personally identified health information (e.g. appointment details, answers to patients' questions, medical advice) for over 800 Kaiser Permanente (KP) members through KP Online, a web-enabled health care portal. The authors obtained and analyzed multiple types of qualitative data about this incident including interviews with KP staff, incident reports, root cause analyses, and media reports. Reasons at multiple levels account for the breach, including the architecture of the information system, the motivations of individual staff members, and differences among the subcultures of individual groups within as well as technical and social relations across the Kaiser IT program. None of these reasons could be classified, strictly speaking, as "security violations." This case study, thus, suggests that, to protect sensitive patient information, health care organizations should build safe organizational contexts for complex health information systems in addition to complying with good information security practice and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

  15. STUDY ON COMPANY SECURITY POLICIES FROM DIGITAL MEDIA

    Directory of Open Access Journals (Sweden)

    CRISTINA-MARIA RĂDULESCU

    2015-12-01

    Full Text Available The Internet development has brought both new opportunities and risks for either retailers or consumers. For example, electronic commerce is much faster and less expensive, but this openness makes it difficult to secure. People are aware of the fact that online businesses collecting, process and distribute enormous amounts of personal data and therefore, are concerned about their unauthorized use or their use in other purposes than intended by third parties in order to gain unauthorized access to them. There are more examples of cyber criminal activities, such as: hacking, software piracy, passwords attack, service prohibition attacks, scamming, etc. Such fears led to the editing of protection policies meant to secure personal data and to develop some mechanisms to ensure the reliability and confidentiality of electronic information. Security measures include access control devices, installation of firewalls and intrusion detection devices, of some security procedures to identify and authenticate authorized users of network systems. Such mechanisms constitute the core of this study. We will also analyze security and confidentiality policy of personal data of Google Inc.

  16. Associated diacritical watermarking approach to protect sensitive arabic digital texts

    Science.gov (United States)

    Kamaruddin, Nurul Shamimi; Kamsin, Amirrudin; Hakak, Saqib

    2017-10-01

    Among multimedia content, one of the most predominant medium is text content. There have been lots of efforts to protect and secure text information over the Internet. The limitations of existing works have been identified in terms of watermark capacity, time complexity and memory complexity. In this work, an invisible digital watermarking approach has been proposed to protect and secure the most sensitive text i.e. Digital Holy Quran. The proposed approach works by XOR-ing only those Quranic letters that has certain diacritics associated with it. Due to sensitive nature of Holy Quran, diacritics play vital role in the meaning of the particular verse. Hence, securing letters with certain diacritics will preserve the original meaning of Quranic verses in case of alternation attempt. Initial results have shown that the proposed approach is promising with less memory complexity and time complexity compared to existing approaches.

  17. The strategic measures for the industrial security of small and medium business.

    Science.gov (United States)

    Lee, Chang-Moo

    2014-01-01

    The competitiveness of companies increasingly depends upon whether they possess the cutting-edge or core technology. The technology should be protected from industrial espionage or leakage. A special attention needs to be given to SMB (small and medium business), furthermore, because SMB occupies most of the companies but has serious problems in terms of industrial security. The technology leakages of SMB would account for more than 2/3 of total leakages during last five years. The purpose of this study is, therefore, to analyze the problems of SMB in terms of industrial security and suggest the strategic solutions for SMB in South Korea. The low security awareness and financial difficulties, however, make it difficult for SMB to build the effective security management system which would protect the company from industrial espionage and leakage of its technology. The growing dependence of SMB on network such as internet, in addition, puts the SMB at risk of leaking its technology through hacking or similar ways. It requires new measures to confront and control such a risk. Online security control services and technology deposit system are suggested for such measures.

  18. The Strategic Measures for the Industrial Security of Small and Medium Business

    Directory of Open Access Journals (Sweden)

    Chang-Moo Lee

    2014-01-01

    Full Text Available The competitiveness of companies increasingly depends upon whether they possess the cutting-edge or core technology. The technology should be protected from industrial espionage or leakage. A special attention needs to be given to SMB (small and medium business, furthermore, because SMB occupies most of the companies but has serious problems in terms of industrial security. The technology leakages of SMB would account for more than 2/3 of total leakages during last five years. The purpose of this study is, therefore, to analyze the problems of SMB in terms of industrial security and suggest the strategic solutions for SMB in South Korea. The low security awareness and financial difficulties, however, make it difficult for SMB to build the effective security management system which would protect the company from industrial espionage and leakage of its technology. The growing dependence of SMB on network such as internet, in addition, puts the SMB at risk of leaking its technology through hacking or similar ways. It requires new measures to confront and control such a risk. Online security control services and technology deposit system are suggested for such measures.

  19. Design and Analysis of Optimization Algorithms to Minimize Cryptographic Processing in BGP Security Protocols.

    Science.gov (United States)

    Sriram, Vinay K; Montgomery, Doug

    2017-07-01

    The Internet is subject to attacks due to vulnerabilities in its routing protocols. One proposed approach to attain greater security is to cryptographically protect network reachability announcements exchanged between Border Gateway Protocol (BGP) routers. This study proposes and evaluates the performance and efficiency of various optimization algorithms for validation of digitally signed BGP updates. In particular, this investigation focuses on the BGPSEC (BGP with SECurity extensions) protocol, currently under consideration for standardization in the Internet Engineering Task Force. We analyze three basic BGPSEC update processing algorithms: Unoptimized, Cache Common Segments (CCS) optimization, and Best Path Only (BPO) optimization. We further propose and study cache management schemes to be used in conjunction with the CCS and BPO algorithms. The performance metrics used in the analyses are: (1) routing table convergence time after BGPSEC peering reset or router reboot events and (2) peak-second signature verification workload. Both analytical modeling and detailed trace-driven simulation were performed. Results show that the BPO algorithm is 330% to 628% faster than the unoptimized algorithm for routing table convergence in a typical Internet core-facing provider edge router.

  20. Risk and protective factors of internet addiction: a meta-analysis of empirical studies in Korea.

    Science.gov (United States)

    Koo, Hoon Jung; Kwon, Jung-Hye

    2014-11-01

    A meta-analysis of empirical studies performed in Korea was conducted to systematically investigate the associations between the indices of Internet addiction (IA) and psychosocial variables. Systematic literature searches were carried out using the Korean Studies Information Service System, Research Information Sharing Service, Science Direct, Google Scholar, and references in review articles. The key words were Internet addiction, (Internet) game addiction, and pathological, problematic, and excessive Internet use. Only original research papers using Korean samples published from 1999 to 2012 and officially reviewed by peers were included for analysis. Ninety-five studies meeting the inclusion criteria were identified. The magnitude of the overall effect size of the intrapersonal variables associated with internet addiction was significantly higher than that of interpersonal variables. Specifically, IA demonstrated a medium to strong association with "escape from self" and "self-identity" as self-related variables. "Attention problem", "self-control", and "emotional regulation" as control and regulation-relation variables; "addiction and absorption traits" as temperament variables; "anger" and "aggression" as emotion and mood and variables; "negative stress coping" as coping variables were also associated with comparably larger effect sizes. Contrary to our expectation, the magnitude of the correlations between relational ability and quality, parental relationships and family functionality, and IA were found to be small. The strength of the association between IA and the risk and protective factors was found to be higher in younger age groups. The findings highlight a need for closer examination of psychosocial factors, especially intrapersonal variables when assessing high-risk individuals and designing intervention strategies for both general IA and Internet game addiction.

  1. Improvement of security techniques and protection of biometric data in biometric systems: Presentation of International Standard ISO 24745

    OpenAIRE

    Milinković, Milorad

    2017-01-01

    This paper presents the International Standard ISO 24745 as a potential security tool for biometric information protection, more precisely as a tool for privacy protection in biometric systems. This is one of the latest internationally accepted standards that address the security issues of biometric systems.

  2. E-Commerce and Security Governance in Developing Countries

    Science.gov (United States)

    Sanayei, Ali.; Rajabion, Lila

    Security is very often mentioned as one of the preconditions for the faster growth of e-commerce. Without a secure and reliable internet, customer will continue to be reluctant to provide confidential information online, such as credit card number. Moreover, organizations of all types and sizes around the world rely heavily on technologies of electronic commerce (e-commerce) for conducting their day-to-day business transaction. Providing organizations with a secure e-commerce environment is a major issue and challenging one especially in Middle Eastern countries. Without secure e-commerce, it is almost impossible to take advantage of the opportunities offered by e-commerce technologies. E-commerce can create opportunities for small entrepreneurs in Middle Eastern countries. This requires removing infrastructure blockages in telecommunications and logistics alongside the governance of e-commerce with policies on consumer protection, security of transactions, privacy of records and intellectual property. In this paper, we will explore the legal implications of e-commerce security governance by establishing who is responsible for ensuring compliance with this discipline, demonstrating the value to be derived from information security governance, the methodology of applying information security governance, and liability for non-compliance with this discipline. Our main focus will be on analyzing the importance and implication of e-commerce security governance in developing countries.

  3. A Secure Watermarking Scheme for Buyer-Seller Identification and Copyright Protection

    Science.gov (United States)

    Ahmed, Fawad; Sattar, Farook; Siyal, Mohammed Yakoob; Yu, Dan

    2006-12-01

    We propose a secure watermarking scheme that integrates watermarking with cryptography for addressing some important issues in copyright protection. We address three copyright protection issues—buyer-seller identification, copyright infringement, and ownership verification. By buyer-seller identification, we mean that a successful watermark extraction at the buyer's end will reveal the identities of the buyer and seller of the watermarked image. For copyright infringement, our proposed scheme enables the seller to identify the specific buyer from whom an illegal copy of the watermarked image has originated, and further prove this fact to a third party. For multiple ownership claims, our scheme enables a legal seller to claim his/her ownership in the court of law. We will show that the combination of cryptography with watermarking not only increases the security of the overall scheme, but it also enables to associate identities of buyer/seller with their respective watermarked images.

  4. 76 FR 27897 - Security and Safety Zone Regulations, Large Passenger Vessel Protection, Captain of the Port...

    Science.gov (United States)

    2011-05-13

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2011-0342] Security and Safety Zone Regulations, Large Passenger Vessel Protection, Captain of the Port Columbia River... will enforce the security and safety zone in 33 CFR 165.1318 for large passenger vessels operating in...

  5. Internet flash of lightning

    International Nuclear Information System (INIS)

    Anon.

    2005-01-01

    Seven Internet sites are given relative to European Research and IAEA; Three sites in relation with optimization of radiation protection and environment, Google scolar, medicine, radioecology, finally seventeen Internet sites are detailed in this article. (N.C.)

  6. When data representation compromise data security

    DEFF Research Database (Denmark)

    Simonsen, Eivind Ortind; Dahl, Mads Ronald

    WHEN DATA REPRESENTATION COMPROMISE DATA SECURITY The workflow of transforming data into informative representations makes extensive usage of computers and software. Scientists have a conventional tradition for producing publications that include tables and graphs as data representations....... These representations can be used for multiple purposes such as publications in journals, teaching and conference material. But when created, stored and distributed in a digital form there is a risk of compromising data security. Data beyond the once used specifically to create the representation can be included...... on the internet over many years? A new legislation proposed in 2012 by the European Commission on protection of personal data will be implemented from 2015. The new law will impose sanction options ranging from a warning to a fine up to 100.000.000 EUR. We argue that this new law will lead to especially...

  7. Security Risks in IP Telephony

    Directory of Open Access Journals (Sweden)

    Filip Rezac

    2010-01-01

    Full Text Available This paper deals with VoIP communication security and various techniques of VoIP attacks. We divided these threats in several categories according to their specific behaviour and their impact on the affected system. We also tried to find effective methods to prevent or mitigate these attacks. We focused our work on Spam over Internet Telephony (SPIT as a real threat for the future. We have developed both a tool generating SPIT attacks and AntiSPIT tool defending communication systems against SPIT attacks. AntiSPIT represents an effective protection based on statistical blacklist and works without participation of the called party which is a significant advantage.

  8. Practical aspects of handling data protection and data security.

    Science.gov (United States)

    Louwerse, C P

    1991-01-01

    Looking at practical applications of health care information systems, we must conclude that in the field of data protection there still is too large a gap between what is feasible and necessary on one hand, and what is achieved in actual realizations on the other. To illustrate this point, we sketch the actual data protection measures in a large hospital information system, and describe the effects of changes affecting the system, such as increasing use of personal computers, and growing intensity of use of the system. Trends in the development of new and additional systems are indicated, and a summary of possible weak points and gaps in the security is given, some suggestions for improvement are made.

  9. Rating behavior of football fans by Internet

    Directory of Open Access Journals (Sweden)

    Dawid Szczygielski

    2017-02-01

    Full Text Available The aim of this article was to present the opinion of Internet users for football fans and their behavior. The research method was used diagnostic survey research in the form of a survey computer. 102 people were tested mostly in the age of 21-25 years. The research can draw the following conclusions: (1 Football stadiums should be better secured and protected by the relevant departments, (2 The colors and club merchandise is not a reliable indicator of fan devotion of his team, (3 These are the fans, the fans are cheering for is a sacred thing, (4 All acts of devastation to property and vandalism in football stadiums should be severely punished.

  10. National Infrastructure Protection Plan: Partnering to Enhance Protection and Resiliency

    Science.gov (United States)

    2009-01-01

    Port Security Grant Program and the Intercity Bus Security Grant Program. More information about the NIPP is available on the Internet at...and a • registered traveler program; and implementation of biometric or other secure passports; Requires standards for birth certificates and

  11. A Fresh Look at Internet Protocol Version 6 (IPv6) for Department of Defense (DoD) Networks

    Science.gov (United States)

    2010-08-01

    SUBJECT TERMS Internet Protocol, Computer Networking, Network Security, Computer Security, Technology Deployment 16. SECURITY CLASSIFICATION OF...Systems FCS Future Combat System IETF Internet Engineering Task Force ISAT Information Science and Technology BAST Board on Army Science and...Science and Technology committee and the Internet Architecture Board. Dr. Sincoskie was Executive Director of the Computer Networking Research

  12. 77 FR 9528 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound

    Science.gov (United States)

    2012-02-17

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2012-0087] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound AGENCY: Coast Guard, DHS... Waterway Security Zone in Commencement Bay, Tacoma, Washington from 6 a.m. on February 17, 2012, through 11...

  13. An Examination of Organizational Information Protection in the Era of Social Media: A Study of Social Network Security and Privacy Protection

    Science.gov (United States)

    Maar, Michael C.

    2013-01-01

    This study investigates information protection for professional users of online social networks. It addresses management's desire to motivate their employees to adopt protective measures while accessing online social networks and to help their employees improve their proficiency in information security and ability to detect deceptive…

  14. Internet research in an international context.

    Science.gov (United States)

    Baernholdt, Marianne; Clarke, Sean P

    2006-02-01

    Computers and the Internet provide researchers with new options in surveying. When using electronic surveys, several practical and methodological issues need to be considered such as whether the majority of the surveyed population has Internet access and whether an e-mail or a Web-based survey is most appropriate. Other important considerations relate to Internet security issues and, in international research, the possibility of language barriers. Despite these challenges, electronic surveys offer a promising alternative to conventional mail surveys.

  15. SEGMENTASI LAYANAN INTERNET BANKING

    Directory of Open Access Journals (Sweden)

    Ellen Theresia Sihotang

    2017-04-01

    Full Text Available The purpose of this study is to analyze internet banking�s users based on their experiences. It can be used to set marketing program of internet banking that appropriate with customers needs, in order to anticipate tight competition. This research methods starts with focus group discussion and clustering analysis to classify 312 respondents of internet banking users based on demographic, benefit and behavioral segmentation. The sampling method uses purposive sampling and snowball sampling. K-Means Clustering method�s produces four optimal clusters. The benefit orientation of the first cluster in on time saving. Second cluster, concern on the ease of getting and operating internet banking so this cluster does not need auxiliary features such as video guide to use internet banking. The third cluster�s orientation is on the modern lifestyle and the ease of getting and operating internet banking service with detailed daily mutation transaction The fourth cluster, concerns on the detailed daily mutation transaction but they are not sure with the security of personal data via internet banking. �

  16. 33 CFR 165.1324 - Safety and Security Zone; Cruise Ship Protection, Elliott Bay and Pier-91, Seattle, Washington.

    Science.gov (United States)

    2010-07-01

    ... Areas Thirteenth Coast Guard District § 165.1324 Safety and Security Zone; Cruise Ship Protection... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Safety and Security Zone; Cruise Ship Protection, Elliott Bay and Pier-91, Seattle, Washington. 165.1324 Section 165.1324 Navigation and...

  17. Internet of Cloud: Security and Privacy issues

    OpenAIRE

    Cook, Allan; Robinson, Michael; Ferrag, Mohamed Amine; Maglaras, Leandros A.; He, Ying; Jones, Kevin; Janicke, Helge

    2017-01-01

    The synergy between the cloud and the IoT has emerged largely due to the cloud having attributes which directly benefit the IoT and enable its continued growth. IoT adopting Cloud services has brought new security challenges. In this book chapter, we pursue two main goals: 1) to analyse the different components of Cloud computing and the IoT and 2) to present security and privacy problems that these systems face. We thoroughly investigate current security and privacy preservation solutions th...

  18. Internet Roadside Cafe #6. [Videotape.

    Science.gov (United States)

    American Library Association Video/Library Video Network, Towson, MD.

    This 30-minute videotape takes an in-depth look at World Wide Web business transactions, potential risks, client privacy and security issues by asking businesses and consumers how they do business on the Internet. Also featured in the program is advice about choosing a secure password, the use of credit cards for Web purchasing and a review of…

  19. A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity.

    Science.gov (United States)

    Amin, Ruhul; Biswas, G P

    2015-08-01

    Telecare medical information system (TMIS) makes an efficient and convenient connection between patient(s)/user(s) and doctor(s) over the insecure internet. Therefore, data security, privacy and user authentication are enormously important for accessing important medical data over insecure communication. Recently, many user authentication protocols for TMIS have been proposed in the literature and it has been observed that most of the protocols cannot achieve complete security requirements. In this paper, we have scrutinized two (Mishra et al., Xu et al.) remote user authentication protocols using smart card and explained that both the protocols are suffering against several security weaknesses. We have then presented three-factor user authentication and key agreement protocol usable for TMIS, which fix the security pitfalls of the above mentioned schemes. The informal cryptanalysis makes certain that the proposed protocol provides well security protection on the relevant security attacks. Furthermore, the simulator AVISPA tool confirms that the protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The security functionalities and performance comparison analysis confirm that our protocol not only provide strong protection on security attacks, but it also achieves better complexities along with efficient login and password change phase as well as session key verification property.

  20. An Internet-Based Accounting Information Systems Project

    Science.gov (United States)

    Miller, Louise

    2012-01-01

    This paper describes a student project assignment used in an accounting information systems course. We are now truly immersed in the internet age, and while many required accounting information systems courses and textbooks introduce database design, accounting software development, cloud computing, and internet security, projects involving the…

  1. 78 FR 54588 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound

    Science.gov (United States)

    2013-09-05

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2012-0087] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound AGENCY: Coast Guard, DHS... Security Zone in Commencement Bay, Tacoma, Washington from 6:00 a.m. on September 2, 2013 through 11:59 p.m...

  2. 78 FR 57485 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound

    Science.gov (United States)

    2013-09-19

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2012-0087] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound AGENCY: Coast Guard, DHS... Security Zone in Commencement Bay, Tacoma, Washington from 6 a.m. on September 12, 2013 through 11:59 p.m...

  3. An Examination of Individual’s Perceived Security and Privacy of the Internet in Malaysia and the Influence of This on Their Intention to Use E-Commerce: Using An Extension of the Technology Acceptance Model

    OpenAIRE

    Muniruddeen Lallmahamood

    2007-01-01

    This study explores the impact of perceived security and privacy on the intention to use Internet banking. An extended version of the technology acceptance model (TAM) is used to examine the above perception. A survey was distributed, the 187 responses mainly from the urban cities in Malaysia, hav e generally agreed that security and privacy are still the main concerns while using Internet banking. The research model explains over half of the variance of the intenti...

  4. Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things

    DEFF Research Database (Denmark)

    Mahalle, Parikshit N.; Anggorojati, Bayu; Prasad, Neeli R.

    2013-01-01

    In the last few years the Internet of Things (IoT) has seen widespread application and can be found in each field. Authentication and access control are important and critical functionalities in the context of IoT to enable secure communication between devices. Mobility, dynamic network topology...... and weak physical security of low power devices in IoT networks are possible sources for security vulnerabilities. It is promising to make an authentication and access control attack resistant and lightweight in a resource constrained and distributed IoT environment. This paper presents the Identity...... Authentication and Capability based Access Control (IACAC) model with protocol evaluation and performance analysis. To protect IoT from man-in-the-middle, replay and denial of service (Dos) attacks, the concept of capability for access control is introduced. The novelty of this model is that, it presents...

  5. Validation of Internet Application: Study, Analysis and Evaluation

    OpenAIRE

    Dinesh Kumar

    2012-01-01

    Today, testing applications for Internet (web sites and other applications) is being verified using proprietary test solutions. The Internet Security became a very important and complex field of researches in our present time, especially if we apply this to the discussion of Internet protocols as basic interfaces for exchanging sensitive data over the Internet and finding appropriate and trustworthy algorithms for their validation. Test Competence Centre at Ericsson AB has expertise on tes...

  6. Internet Governance amp Cyber Crimes In UAE

    Directory of Open Access Journals (Sweden)

    Ayesha Al Neyadi

    2015-08-01

    Full Text Available Abstract Most people in UAE dont feel safe while they are use the Internet because most internet users have been a victim for cyber crime. Cyber crime threat rate has increased which has targeted on citizen privacy property and governments also the reputation problems. There are many criminal activities such as indecent acts Copyright issues Terrorist Acts State security and Contempt of religion. Cyber crimes due to several reasons such as they have lack of social intelligence they are being greedy and not being content also some of them have financial troubles these reasons usually exploited by criminals. Thus the decree will be a punishment or criminalizes formally on any person who using any kind of information technology and any others private life to blackmail or to threaten others online. In addition at the present time with the most detailed new cybercrime law that can be used to prove found guilty. As well the author discusses that the new cyber-crime law provides protection of personal information including banking information credit cards and electronic payment information.

  7. ConstitutionalJustice: Cases of Protection of Freedom and Personal Security in Colombia

    Directory of Open Access Journals (Sweden)

    Viridiana Molinares Hassan

    2014-07-01

    Full Text Available In this paper we present the results of an investigation about judicial protection of freedom and personal security granted by the Constitutional Court (cc of Colombia, with a comparative analysis between the period 1992-2001, to which governments have appointed period of postconstitucionales, which coincides with the issuance of the 1991 Constitution, and the creation of constitutional jurisdiction, and the period 2002-2010, during which it ran the Democratic Security Policy (dsp as a government policy proposal by former president Álvaro Uribe, whose aim was to achieve peace through the declaration of war to the guerrilla group Revolutionary Armed Forces of Colombia (farc. Our interest is to show that the protection of freedom and personal security as the basis of the Constitutional (ec finds in the cc his greatest guarantor, even against closing courts in other jurisdictions that are still rooted in the failed legal positivist paradigm, ignoring the postulates of neoconstitutionalism dc sufficiently developed from a process of creative interpretation and decision-making. This coupled with the importance for the branches of power and knowledge associated scope of freedom and personal security developed by the cc in the difficult context of irregular warfare that exists in Colombia, yet it is, for universal constitutionalism, an example of the development of legal guarantor in the context of current constitutionalism.

  8. Risk and Protective Factors of Internet Addiction: A Meta-Analysis of Empirical Studies in Korea

    Science.gov (United States)

    Koo, Hoon Jung

    2014-01-01

    Purpose A meta-analysis of empirical studies performed in Korea was conducted to systematically investigate the associations between the indices of Internet addiction (IA) and psychosocial variables. Materials and Methods Systematic literature searches were carried out using the Korean Studies Information Service System, Research Information Sharing Service, Science Direct, Google Scholar, and references in review articles. The key words were Internet addiction, (Internet) game addiction, and pathological, problematic, and excessive Internet use. Only original research papers using Korean samples published from 1999 to 2012 and officially reviewed by peers were included for analysis. Ninety-five studies meeting the inclusion criteria were identified. Results The magnitude of the overall effect size of the intrapersonal variables associated with internet addiction was significantly higher than that of interpersonal variables. Specifically, IA demonstrated a medium to strong association with "escape from self" and "self-identity" as self-related variables. "Attention problem", "self-control", and "emotional regulation" as control and regulation-relation variables; "addiction and absorption traits" as temperament variables; "anger" and "aggression" as emotion and mood and variables; "negative stress coping" as coping variables were also associated with comparably larger effect sizes. Contrary to our expectation, the magnitude of the correlations between relational ability and quality, parental relationships and family functionality, and IA were found to be small. The strength of the association between IA and the risk and protective factors was found to be higher in younger age groups. Conclusion The findings highlight a need for closer examination of psychosocial factors, especially intrapersonal variables when assessing high-risk individuals and designing intervention strategies for both general IA and Internet game addiction. PMID:25323910

  9. Enc-DNS-HTTP: Utilising DNS Infrastructure to Secure Web Browsing

    Directory of Open Access Journals (Sweden)

    Mohammed Abdulridha Hussain

    2017-01-01

    Full Text Available Online information security is a major concern for both users and companies, since data transferred via the Internet is becoming increasingly sensitive. The World Wide Web uses Hypertext Transfer Protocol (HTTP to transfer information and Secure Sockets Layer (SSL to secure the connection between clients and servers. However, Hypertext Transfer Protocol Secure (HTTPS is vulnerable to attacks that threaten the privacy of information sent between clients and servers. In this paper, we propose Enc-DNS-HTTP for securing client requests, protecting server responses, and withstanding HTTPS attacks. Enc-DNS-HTTP is based on the distribution of a web server public key, which is transferred via a secure communication between client and a Domain Name System (DNS server. This key is used to encrypt client-server communication. The scheme is implemented in the C programming language and tested on a Linux platform. In comparison with Apache HTTPS, this scheme is shown to have more effective resistance to attacks and improved performance since it does not involve a high number of time-consuming operations.

  10. Protecting Commercial Space Systems: A Critical National Security Issue

    Science.gov (United States)

    1999-04-01

    systems. Part two will describe, at the operational level , this author’s theory for space protection and recommend a course of action to work...minimal loss of life. These factors force us to conclude this is a critical national security issue just as many in high- level government positions...Command and Staff College Operational Forces Coursebook (Academic Year 1999), 35. 3 The USCG is not a Title 10 Service, thus Posse Comitatus is not a

  11. Assessment And Testing of Industrial Devices Robustness Against Cyber Security Attacks

    CERN Document Server

    Tilaro, F

    2011-01-01

    CERN (European Organization for Nuclear Research),like any organization, needs to achieve the conflicting objectives of connecting its operational network to Internet while at the same time keeping its industrial control systems secure from external and internal cyber attacks. With this in mind, the ISA-99[0F1] international cyber security standard has been adopted at CERN as a reference model to define a set of guidelines and security robustness criteria applicable to any network device. Devices robustness represents a key link in the defense-in-depth concept as some attacks will inevitably penetrate security boundaries and thus require further protection measures. When assessing the cyber security robustness of devices we have singled out control system-relevant attack patterns derived from the well-known CAPEC[1F2] classification. Once a vulnerability is identified, it needs to be documented, prioritized and reproduced at will in a dedicated test environment for debugging purposes. CERN - in collaboration ...

  12. Explore Awareness of Information Security: Insights from Cognitive Neuromechanism.

    Science.gov (United States)

    Han, Dongmei; Dai, Yonghui; Han, Tianlin; Dai, Xingyun

    2015-01-01

    With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people's awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people's awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG) signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people's cognition of potential risks in online financial payment.

  13. Explore Awareness of Information Security: Insights from Cognitive Neuromechanism

    Directory of Open Access Journals (Sweden)

    Dongmei Han

    2015-01-01

    Full Text Available With the rapid development of the internet and information technology, the increasingly diversified portable mobile terminals, online shopping, and social media have facilitated information exchange, social communication, and financial payment for people more and more than ever before. In the meantime, information security and privacy protection have been meeting with new severe challenges. Although we have taken a variety of information security measures in both management and technology, the actual effectiveness depends firstly on people’s awareness of information security and the cognition of potential risks. In order to explore the new technology for the objective assessment of people’s awareness and cognition on information security, this paper takes the online financial payment as example and conducts an experimental study based on the analysis of electrophysiological signals. Results indicate that left hemisphere and beta rhythms of electroencephalogram (EEG signal are sensitive to the cognitive degree of risks in the awareness of information security, which may be probably considered as the sign to assess people’s cognition of potential risks in online financial payment.

  14. Safety and security of radioactive sources in Taiwan

    International Nuclear Information System (INIS)

    Tsay Yeousong; Guan Channan; Cheng Yungfu

    2008-01-01

    In Taiwan, the safety and security of radioactive sources is a high priority issue. Ionizing Radiation Protection Act (IRPA) and correlating regulations had been in place for effective control of the safety and security of radioactive sources since 2003. For increased control of sealed radioactive sources, Atomic Energy Council (AEC) established in March 2004 an online reporting system through the Internet, assisting source owners in reporting their sources every month. To conform to the Code of Conduct on the Safety and Security of Radioactive Sources and the Categorization of radioactive sources, published by the International Atomic Energy Agency (IAEA), AEC has taken the following actions: 1. Established an inventory of Categories 1 and 2 radioactive sources, and implemented the Import/Export Provisions of the Code. 2. Required that each licensee shall control access to Categories 1 and 2 radioactive sources, and AEC will conduct project inspection on Categories 1 and 2 radioactive sources. 3. Using a new radiation warning symbol by ISO for Categories 1 and 2 radioactive sources. The reinforcement of orphaned source control was implemented as early as 1995. All steel mills have installed radiation detectors to scan incoming metal scrap to prevent accidental smelting of radioactive sources. The results of this effort will be discussed in the paper. The above measures are examples for demonstrating AEC's commitment to reinforced control of radioactive sources. AEC will continue to protect public safety and security, ensuring that Taiwan's regulatory system in radiation protection conforms to international standards. (author)

  15. Dissecting the Security and Protection Issues in Pervasive Computing

    Directory of Open Access Journals (Sweden)

    Qaisar Javaid

    2018-04-01

    Full Text Available Human beings reflect nomadic behaviour as they keep on travelling place to place whole day for personal or organizational purposes. The inception of modern networking technologies and the advent of wide range of applications in terms of services and resources have facilitated the users in many ways. The advancements in numerous areas such as embedded systems, WN (Wireless Networks, mobile and context-aware computing, anticipated pervasive computing dominated the human communication at large. Pervasive computing refers to the environment where information is accessible anywhere and anytime while existing system is invisible to the user. On the other hand, the invisibility of pervasive computing is also a problem in its adoption as users are unaware when and what devices collect their personal data and how it is being used. It has caused new security chaos as the more information about user is collected the more privacy and security concerns it raises, thus, the pervasive computing applications became key concern for user. This paper is aimed at analyzing the security and protection issues that arise while traveling from place to place connected with wireless mobile networks. The paper reviews many existing systems that offer possible security to pervasive users. An easy, precise and relative analysis and evaluation of surveyed pervasive systems are presented and some future directions are highlighted.

  16. A Lightweight Protocol for Secure Video Streaming.

    Science.gov (United States)

    Venčkauskas, Algimantas; Morkevicius, Nerijus; Bagdonas, Kazimieras; Damaševičius, Robertas; Maskeliūnas, Rytis

    2018-05-14

    The Internet of Things (IoT) introduces many new challenges which cannot be solved using traditional cloud and host computing models. A new architecture known as fog computing is emerging to address these technological and security gaps. Traditional security paradigms focused on providing perimeter-based protections and client/server point to point protocols (e.g., Transport Layer Security (TLS)) are no longer the best choices for addressing new security challenges in fog computing end devices, where energy and computational resources are limited. In this paper, we present a lightweight secure streaming protocol for the fog computing "Fog Node-End Device" layer. This protocol is lightweight, connectionless, supports broadcast and multicast operations, and is able to provide data source authentication, data integrity, and confidentiality. The protocol is based on simple and energy efficient cryptographic methods, such as Hash Message Authentication Codes (HMAC) and symmetrical ciphers, and uses modified User Datagram Protocol (UDP) packets to embed authentication data into streaming data. Data redundancy could be added to improve reliability in lossy networks. The experimental results summarized in this paper confirm that the proposed method efficiently uses energy and computational resources and at the same time provides security properties on par with the Datagram TLS (DTLS) standard.

  17. A Method of Signal Scrambling to Secure Data Storage for Healthcare Applications.

    Science.gov (United States)

    Bao, Shu-Di; Chen, Meng; Yang, Guang-Zhong

    2017-11-01

    A body sensor network that consists of wearable and/or implantable biosensors has been an important front-end for collecting personal health records. It is expected that the full integration of outside-hospital personal health information and hospital electronic health records will further promote preventative health services as well as global health. However, the integration and sharing of health information is bound to bring with it security and privacy issues. With extensive development of healthcare applications, security and privacy issues are becoming increasingly important. This paper addresses the potential security risks of healthcare data in Internet-based applications and proposes a method of signal scrambling as an add-on security mechanism in the application layer for a variety of healthcare information, where a piece of tiny data is used to scramble healthcare records. The former is kept locally and the latter, along with security protection, is sent for cloud storage. The tiny data can be derived from a random number generator or even a piece of healthcare data, which makes the method more flexible. The computational complexity and security performance in terms of theoretical and experimental analysis has been investigated to demonstrate the efficiency and effectiveness of the proposed method. The proposed method is applicable to all kinds of data that require extra security protection within complex networks.

  18. THE PROTECTION OF CONSUMER RIGHTS FOR AVIATION SAFETY AND SECURITY IN INDONESIA AND MALAYSIA

    Directory of Open Access Journals (Sweden)

    Annalisa Yahanan

    2017-01-01

    Full Text Available Indonesia and Malaysia have a good potency for cooperation in aviation industry. It can be seen in the establishing two aviation companies namely PT. Indonesia Air Asia and Malindo which both are low-cost carrier. These aviation industries are categorized as low-cost carrier, however safety and security are absolute factors because these are rights for consumers. This article will describe further about safety and security standard; protecting the rights for consumers in connection with safety aviation in Indonesia and Malaysia from the Consumer Protection Law and the Aviation Law. As a result of the research shows that safety standard passenger for air transportation in airport covers information and safety facility in the shape of availability of the emergency safety tools (fires, accidents and natural disasters; information, area and health facility; and healthcare workers. Moreover, safety standards for passenger in an aircraft include information and safety facility in the shape of availability information and the emergency safety tools for passenger in an aircraft. The protection for consumer rights for safety flight in Indonesia as follows: aviation industry has obligation to fulfill minimum standard of safety and security; consumers must be safety from false information which raises concern; aircraft operation which endanger of the passenger; and consumer protection in operating the electronic device which endanger flight. On the other hand, the law of consumer rights in Malaysia relating to aviation are ruled under the Aviation Law as a result of the Warsaw Convention 1929. In conclusion, the verdict of consumer rights related to security aviation begins when the passenger enter to an aircraft, in the aircraft, and by the time they get off the plane.

  19. Robust and Secure Watermarking Using Sparse Information of Watermark for Biometric Data Protection

    Directory of Open Access Journals (Sweden)

    Rohit M Thanki

    2016-08-01

    Full Text Available Biometric based human authentication system is used for security purpose in many organizations in the present world. This biometric authentication system has several vulnerable points. Two of vulnerable points are protection of biometric templates at system database and protection of biometric templates at communication channel between two modules of biometric authentication systems. In this paper proposed a robust watermarking scheme using the sparse information of watermark biometric to secure vulnerable point like protection of biometric templates at the communication channel of biometric authentication systems. A compressive sensing theory procedure is used for generation of sparse information on watermark biometric data using detail wavelet coefficients. Then sparse information of watermark biometric data is embedded into DCT coefficients of host biometric data. This proposed scheme is robust to common signal processing and geometric attacks like JPEG compression, adding noise, filtering, and cropping, histogram equalization. This proposed scheme has more advantages and high quality measures compared to existing schemes in the literature.

  20. 78 FR 39712 - Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait...

    Science.gov (United States)

    2013-07-02

    ... DEPARTMENT OF COMMERCE International Trade Administration Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait Clarification and Amendment AGENCY... cyber-security firms and trade organizations which have not already submitted an application are...

  1. Giving away music to make money: Independent musicians on the Internet

    OpenAIRE

    Pfahl, Michael

    2001-01-01

    No one has felt the impact of music on the Internet more than the independent musician. The recording industry has dominated the production and distribution of music for many years. The big six recording labels are making a push to incorporate the Internet into their distribution process. Standing in their way is the issue of security. It seems that music files on the Internet, no matter how secure they may seem, are susceptible to tampering. This will force a shift in distribution away f...

  2. Faktor Penentu Yang Mempengaruhi Penggunaan Layanan Internet Banking

    OpenAIRE

    Sihotang, Ellen Theresia

    2016-01-01

    This study aims to analysis the important factor that influence the use of internet banking according to Booklet Perbankan Indonesia 2016 and the implication for the marketing of internet banking services. Security has become a determining factor which affecting the use of internet banking services. It is important for the bank to find out how to maintain the customers who have used the internet banking services in order to encounter competition with a variety of banking services distributi...

  3. 14 CFR 193.5 - How may I submit safety or security information and have it protected from disclosure?

    Science.gov (United States)

    2010-01-01

    ... SUBMITTED INFORMATION § 193.5 How may I submit safety or security information and have it protected from... 14 Aeronautics and Space 3 2010-01-01 2010-01-01 false How may I submit safety or security information and have it protected from disclosure? 193.5 Section 193.5 Aeronautics and Space FEDERAL AVIATION...

  4. Marketing and security issues in e-business

    Directory of Open Access Journals (Sweden)

    Mandarić Marija

    2007-01-01

    Full Text Available Unprecedant development of the IT influenced the development of the electronic business and internet. Introducing the electronic business into companies worldwide and accepting the new global media - internet, have enabled the development of the new area of the marketing practice - electronic marketing. Electronic marketing has kept the basics of the traditional marketing, but it has also adapted to the new standards in the business and, together with internet, it has opened up remarkable opportunities for the small and big companies, through the global accessibility of their offers. Electronic business is become the imperative of the modern business under the conditions of today's economic and political globalization, which dictates the rules of conduct among the world market players. The usage of internet has enabled direct, interactive communication, but has also started questions regarding security of that communication and protection of company's or individual's data. It is certain that the area of the electronic business and electronic trade, has unstoppable and unpredictable directions of development and so many potential users, while globalization has unique goal, but many interested masters. How the world will look like in the future, what countries will fit in, and what countries will dictate the tempo of the further development, remains to be seen.

  5. Standards for the secure data interchange in teleradiology put into practice for image and report distribution

    International Nuclear Information System (INIS)

    Eichelberg, M.; Riesmeier, J.; Thiel, A.; Jensch, P.; Emmel, D.; Haderer, A.; Ricke, J.; Stohlmann, L.; Bernarding, J.

    2002-01-01

    The use of telemedicine is becoming indispensable for a continuous and economical delivery of a high quality of care. However, data protection requirements have to be considered. For the selection of solutions, vendor-independent components based on standards are a prerequisite for a seamless integration into the existing, often heterogeneous, IT infrastructure. The ''Internet protocol'' TCP/IP and the DICOM standard with it's new security extensions form the basis for an internationally standardized and accepted procedure for a secure interchange of radiological images beyond platform boundaries. (orig.) [de

  6. Internet Banking integration within the banking system

    OpenAIRE

    Constantin Marian MATEI; Catalin Ionut SILVESTRU; Dragos Stefan SILVESTRU

    2008-01-01

    Internet Banking developed due to increasing demand of online banking transactions. The biggest advantages of Internet Banking consist of complex banking solutions, 24 hours availability, quick and secure access to the back-end application through Internet. These advantages are due to the use of SOA (service-oriented architecture). SOA appeared as a necessity of companies to integrate big and independent portions of applications, in order to obtain an homogeneous functionality of the system....

  7. Internet Usage In The Fresh Produce Supply Chainin China

    Science.gov (United States)

    Xu, Xiaoxiao; Duan, Yanqing; Fu, Zetian; Liu, Xue

    Although effective implementation of the Internet technologies has a great potential for improving efficiency and reducing wastage within the fresh produce supply chain. the situation of the Internet usage by SMEs (small and medium sized enterprises) in the fresh produce supply chain is still unclear in China. As the main players, SMEs haven't been given enough attention from both academics and governments. Therefore, this research attempts to address this issue by, first, investigating the current usage of the Internet and related software by Chinese SMEs in the fresh produce supply chain, and then, by identifying enablers and barriers faced by SMEs to call government's attention. As a part of an EU-Asia IT&C funded project, a survey was carried out with SMEs in this industry from five major cities in China. The results reveal that in the relatively developed areas of China, SMEs in the fresh produce supply chain are rapidly adopting the Internet and software packages, but the level of adoption varies greatly and there is a significant lack of integration among the supply chain partners. Chinese SMEs are keen to embrace emerging technologies and have acted to adopt new software and tools. Given that cost of implementation is not a barrier, their concern over legal protection and online security must be addressed for further development.

  8. VoIP Security

    OpenAIRE

    Fontanini, Piero

    2008-01-01

    VOIP or Voice Over Internet Protocol is a common term for phone service over IP based networks. There are much information about VoIP and some of how VoIP can be secured. There is however no standard for VoIP and no general solution for VoIP Security. The security in VoIP systems today are often non existing or in best case weak and often based on proprietary solutions. This master thesis investigates threats to VoIP system and describes existing alternatives for securing Vo...

  9. The wireless internet explained

    CERN Document Server

    Rhoton, John

    2001-01-01

    The Wireless Internet Explained covers the full spectrum of wireless technologies from a wide range of vendors, including initiatives by Microsoft and Compaq. The Wireless Internet Explained takes a practical look at wireless technology. Rhoton explains the concepts behind the physics, and provides an overview that clarifies the convoluted set of standards heaped together under the umbrella of wireless. It then expands on these technical foundations to give a panorama of the increasingly crowded landscape of wireless product offerings. When it comes to actual implementation the book gives abundant down-to-earth advice on topics ranging from the selection and deployment of mobile devices to the extremely sensitive subject of security.Written by an expert on Internet messaging, the author of Digital Press''s successful Programmer''s Guide to Internet Mail and X.400 and SMTP: Battle of the E-mail Protocols, The Wireless Internet Explained describes and evaluates the current state of the fast-growing and crucial...

  10. Remote secure observing for the Faulkes Telescopes

    Science.gov (United States)

    Smith, Robert J.; Steele, Iain A.; Marchant, Jonathan M.; Fraser, Stephen N.; Mucke-Herzberg, Dorothea

    2004-09-01

    Since the Faulkes Telescopes are to be used by a wide variety of audiences, both powerful engineering level and simple graphical interfaces exist giving complete remote and robotic control of the telescope over the internet. Security is extremely important to protect the health of both humans and equipment. Data integrity must also be carefully guarded for images being delivered directly into the classroom. The adopted network architecture is described along with the variety of security and intrusion detection software. We use a combination of SSL, proxies, IPSec, and both Linux iptables and Cisco IOS firewalls to ensure only authenticated and safe commands are sent to the telescopes. With an eye to a possible future global network of robotic telescopes, the system implemented is capable of scaling linearly to any moderate (of order ten) number of telescopes.

  11. Secure or Insure: An Economic Analysis of Security Interdependencies and Investment Types

    Science.gov (United States)

    Grossklags, Jens

    2009-01-01

    Computer users express a strong desire to prevent attacks, and to reduce the losses from computer and information security breaches. However, despite the widespread availability of various technologies, actual investments in security remain highly variable across the Internet population. As a result, attacks such as distributed denial-of-service…

  12. A Security Checklist for ERP Implementations

    Science.gov (United States)

    Hughes, Joy R.; Beer, Robert

    2007-01-01

    The EDUCAUSE/Internet2 Computer and Network Security Task Force consulted with IT security professionals on campus about concerns with the current state of security in enterprise resource planning (ERP) systems. From these conversations, it was clear that security issues generally fell into one of two areas: (1) It has become extremely difficult…

  13. Final report and documentation for the security enabled programmable switch for protection of distributed internetworked computers LDRD.

    Energy Technology Data Exchange (ETDEWEB)

    Van Randwyk, Jamie A.; Robertson, Perry J.; Durgin, Nancy Ann; Toole, Timothy J.; Kucera, Brent D.; Campbell, Philip LaRoche; Pierson, Lyndon George

    2010-02-01

    An increasing number of corporate security policies make it desirable to push security closer to the desktop. It is not practical or feasible to place security and monitoring software on all computing devices (e.g. printers, personal digital assistants, copy machines, legacy hardware). We have begun to prototype a hardware and software architecture that will enforce security policies by pushing security functions closer to the end user, whether in the office or home, without interfering with users' desktop environments. We are developing a specialized programmable Ethernet network switch to achieve this. Embodied in this device is the ability to detect and mitigate network attacks that would otherwise disable or compromise the end user's computing nodes. We call this device a 'Secure Programmable Switch' (SPS). The SPS is designed with the ability to be securely reprogrammed in real time to counter rapidly evolving threats such as fast moving worms, etc. This ability to remotely update the functionality of the SPS protection device is cryptographically protected from subversion. With this concept, the user cannot turn off or fail to update virus scanning and personal firewall filtering in the SPS device as he/she could if implemented on the end host. The SPS concept also provides protection to simple/dumb devices such as printers, scanners, legacy hardware, etc. This report also describes the development of a cryptographically protected processor and its internal architecture in which the SPS device is implemented. This processor executes code correctly even if an adversary holds the processor. The processor guarantees both the integrity and the confidentiality of the code: the adversary cannot determine the sequence of instructions, nor can the adversary change the instruction sequence in a goal-oriented way.

  14. The Issue of Data Protection and Data Security in the (Pre-Lisbon EU Third Pillar

    Directory of Open Access Journals (Sweden)

    Maria O'Neill

    2010-06-01

    Full Text Available The key functional operability in the pre-Lisbon PJCCM pillar of the EU is the exchange of intelligence and information amongst the law enforcement bodies of the EU. The twin issues of data protection and data security within what was the EU’s third pillar legal framework therefore come to the fore. With the Lisbon Treaty reform of the EU, and the increased role of the Commission in PJCCM policy areas, and the integration of the PJCCM provisions with what have traditionally been the pillar I activities of Frontex, the opportunity for streamlining the data protection and data security provisions of the law enforcement bodies of the post-Lisbon EU arises. This is recognised by the Commission in their drafting of an amending regulation for Frontex , when they say that they would prefer “to return to the question of personal data in the context of the overall strategy for information exchange to be presented later this year and also taking into account the reflection to be carried out on how to further develop cooperation between agencies in the justice and home affairs field as requested by the Stockholm programme.” The focus of the literature published on this topic, has for the most part, been on the data protection provisions in Pillar I, EC. While the focus of research has recently sifted to the previously Pillar III PJCCM provisions on data protection, a more focused analysis of the interlocking issues of data protection and data security needs to be made in the context of the law enforcement bodies, particularly with regard to those which were based in the pre-Lisbon third pillar. This paper will make a contribution to that debate, arguing that a review of both the data protection and security provision post-Lisbon is required, not only in order to reinforce individual rights, but also inter-agency operability in combating cross-border EU crime. The EC’s provisions on data protection, as enshrined by Directive 95/46/EC, do not apply

  15. A structural equation model for evaluating user’s intention to adopt internet banking and intention to recommend technology

    Directory of Open Access Journals (Sweden)

    Samar Rahi

    2018-09-01

    Full Text Available Although several prior research projects have focused on the factors that impact on the adoption of information technology, there are limited empirical research works that simultaneously capture technology factors (UTAUT2 and customer specific factors (perceived technology security and intention to recommend helping users adopt internet banking. Thus, the current study aims to develop an integrated technology adoption model with extended UTAUT model and perceived technology security to predict and explain user’s intention to adopt internet banking and intention to recommend internet banking in social networks. A quantitative approach based survey was conducted to collect the data from 398 internet banking users. For statistical analysis, structural equation model (SEM approach was used. Convergence and divergence with earlier findings were found, confirming that performance expectancy, effort expectancy, social influence, hedonic motivation and perceived technology security had significant influence on user’s intention to adopt internet banking. Additionally, IPMA analysis show that among all constructs hedonic motivation and perceived technology security had the highest impact on user’s intention to adopt internet banking. For researcher, this study provides a basis for further refinement of technology adoption model while for practitioner improving security factor (perceived technology security may turn users towards adoption of internet banking.

  16. The Impact of Information Richness on Information Security Awareness Training Effectiveness

    Science.gov (United States)

    Shaw, R. S.; Chen, Charlie C.; Harris, Albert L.; Huang, Hui-Jou

    2009-01-01

    In recent years, rapid progress in the use of the internet has resulted in huge losses in many organizations due to lax security. As a result, information security awareness is becoming an important issue to anyone using the Internet. To reduce losses, organizations have made information security awareness a top priority. The three main barriers…

  17. Discussion on Consumer Rights and Interests Protection in the Era of Internet Finance%互联网金融领域消费者权益保护问题探讨

    Institute of Scientific and Technical Information of China (English)

    吴朝平

    2015-01-01

    互联网金融领域消费者权益保护方面的挑战,主要集中于信息安全隐患大、资金安全难保障、消费者维权意识淡薄且维权成本高三方面。为不断加大互联网金融领域消费者权益保护力度,需加强信息安全立法,规范准入门槛,在提升风控要求基础上充分发挥市场力量提升市场主体保护消费者权益的自觉性和主动性,唤醒消费者维权意识并降低消费者维权成本。%The challenges for these problems mainly focus on huge hidden risk from information security, the safety of funds hardly to be guaranteed, weak awareness of consumer rights and high cost of rights protection. It’ s neces-sary for constantly enhancing the strength for protecting Internet financial consumer rights and interests to highlight information security legislation, to regulate access thresholds, to exert the role of market forces into full play based on promoting risk control requirement, so as to enhance the consciousness and initiative of market participants in terms of protecting consumer interests and awaken the awareness of consumers to protect their rights and reduce the cost of rights protection.

  18. Internet enlightens

    International Nuclear Information System (INIS)

    Figueiredo, S.

    2008-01-01

    Numerous Internet sites are given in relation with radiotherapy, nuclear activity, radiation protection,radioecology, nuclear laws. To note three sites treat the accident of radiotherapy arisen to Toulouse. (N.C.)

  19. Methodology of the Auditing Measures to Civil Airport Security and Protection

    Directory of Open Access Journals (Sweden)

    Ján Kolesár

    2016-10-01

    Full Text Available Airports similarly to other companies are certified in compliance with the International Standardization Organization (ISO standards of products and services (series of ISO 9000 Standards regarding quality management, to coordinate the technical side of standardizatioon and normalization at an international scale. In order for the airports to meet the norms and the certification requirements as by the ISO they are liable to undergo strict audits of quality, as a rule, conducted by an independent auditing organization. Focus of the audits is primarily on airport operation economics and security. The article is an analysis into the methodology of the airport security audit processes and activities. Within the framework of planning, the sequence of steps is described in line with the principles and procedures of the Security Management System (SMS and starndards established by the International Standardization Organization (ISO. The methodology of conducting airport security audit is developed in compliance with the national programme and international legislation standards (Annex 17 applicable to protection of civil aviation against acts of unlawful interference.

  20. Towards secure name resolution on the internet

    NARCIS (Netherlands)

    Grothoff, C.; Wachs, M.; Ermert, M.; Appelbaum, J.

    2018-01-01

    The Domain Name System (DNS) provides crucial name resolution functions for most Internet services. As a result, DNS traffic provides an important attack vector for spy agencies, as demonstrated by the QUANTUMDNS and MORECOWBELL programs of the NSA. This article reviews how DNS works, and explains

  1. The Future of the Internet

    National Research Council Canada - National Science Library

    Komaroff, Mitchell

    2008-01-01

    .... While the DoD no longer controls Internet decision making, its unique perspective deriving from its multiple roles as Internet user, operator, and research center is important to the development and protection of U.S. national interests...

  2. Compact Extensible Authentication Protocol for the Internet of Things: Enabling Scalable and Efficient Security Commissioning

    Directory of Open Access Journals (Sweden)

    Marcin Piotr Pawlowski

    2015-01-01

    Full Text Available Internet of Things security is one of the most challenging parts of the domain. Combining strong cryptography and lifelong security with highly constrained devices under conditions of limited energy consumption and no maintenance time is extremely difficult task. This paper presents an approach that combines authentication and bootstrapping protocol (TEPANOM with Extensible Authentication Protocol (EAP framework optimized for the IEEE 802.15.4 networks. The solution achieves significant reduction of network resource usage. Additionally, by application of EAP header compacting approach, further network usage savings have been reached. The EAP-TEPANOM solution has achieved substantial reduction of 42% in the number of transferred packets and 35% reduction of the transferred data. By application of EAP header compaction, it has been possible to achieve up to 80% smaller EAP header. That comprises further reduction of transferred data for 3.84% for the EAP-TEPANOM method and 10% for the EAP-TLS-ECDSA based methods. The results have placed the EAP-TEPANOM method as one of the most lightweight EAP methods from ones that have been tested throughout this research, making it feasible for large scale deployments scenarios of IoT.

  3. Cyber Security : Home User's Perspective

    OpenAIRE

    Ikonen, Mikko

    2014-01-01

    Cyber security is important to understand for home users. New technology allows for new cyber threats to emerge and new solutions must be considered to counter them. Nearly every device is connected to the Internet and this opens new possibilities and threats to cyber security. This Bachelor's thesis explores the different aspects of cyber security and suggests solutions to different cyber security issues found. The different aspects of cyber security under research here include personal ...

  4. A Crowd-Based Intelligence Approach for Measurable Security, Privacy, and Dependability in Internet of Automated Vehicles with Vehicular Fog

    Directory of Open Access Journals (Sweden)

    Ashish Rauniyar

    2018-01-01

    Full Text Available With the advent of Internet of things (IoT and cloud computing technologies, we are in the era of automation, device-to-device (D2D and machine-to-machine (M2M communications. Automated vehicles have recently gained a huge attention worldwide, and it has created a new wave of revolution in automobile industries. However, in order to fully establish automated vehicles and their connectivity to the surroundings, security, privacy, and dependability always remain a crucial issue. One cannot deny the fact that such automatic vehicles are highly vulnerable to different kinds of security attacks. Also, today’s such systems are built from generic components. Prior analysis of different attack trends and vulnerabilities enables us to deploy security solutions effectively. Moreover, scientific research has shown that a “group” can perform better than individuals in making decisions and predictions. Therefore, this paper deals with the measurable security, privacy, and dependability of automated vehicles through the crowd-based intelligence approach that is inspired from swarm intelligence. We have studied three use case scenarios of automated vehicles and systems with vehicular fog and have analyzed the security, privacy, and dependability metrics of such systems. Our systematic approaches to measuring efficient system configuration, security, privacy, and dependability of automated vehicles are essential for getting the overall picture of the system such as design patterns, best practices for configuration of system, metrics, and measurements.

  5. How to Protect Children from Internet Predators: A Phenomenological Study

    Science.gov (United States)

    Alexander, Rodney T.

    2012-01-01

    Teenage Internet users are the fastest growing segment in the Internet user population. These teenagers are at risk of sexual assault from Internet predators. This phenomenological study explored teacher and counselors' perceptions of how to prevent this sexual assault. Twenty-five teacher and counselor participants were interviewed. A…

  6. 78 FR 7265 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA

    Science.gov (United States)

    2013-02-01

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2012-0087] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA AGENCY: Coast Guard, DHS... Security Zone in Commencement Bay, Tacoma, Washington from 6 a.m. on February 1, 2013, through 11:59 p.m...

  7. 78 FR 11981 - Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA

    Science.gov (United States)

    2013-02-21

    ... DEPARTMENT OF HOMELAND SECURITY Coast Guard 33 CFR Part 165 [Docket No. USCG-2012-0087] Security Zone; Protection of Military Cargo, Captain of the Port Zone Puget Sound, WA AGENCY: Coast Guard, DHS... Security Zone in Commencement Bay, Tacoma, Washington from 6 a.m. on February 23, 2013, through 11:59 p.m...

  8. The intelligence-security services and national security

    OpenAIRE

    Mijalković, Saša

    2011-01-01

    Since their inception, states have been trying to protect their vital interests and values more effectively, in which they are often impeded by other countries. At the same time, they seek to protect the internal order and security against the so-called internal enemy. Therefore, the states organize (national) security systems within their (state) systems, in which they form some specialized security entities. Among them, however, intelligence and security services are the ones that stand out...

  9. Young adult females' views regarding online privacy protection at two time points.

    Science.gov (United States)

    Moreno, Megan A; Kelleher, Erin; Ameenuddin, Nusheen; Rastogi, Sarah

    2014-09-01

    Risks associated with adolescent Internet use include exposure to inappropriate information and privacy violations. Privacy expectations and policies have changed over time. Recent Facebook security setting changes heighten these risks. The purpose of this study was to investigate views and experiences with Internet safety and privacy protection among older adolescent females at two time points, in 2009 and 2012. Two waves of focus groups were conducted, one in 2009 and the other in 2012. During these focus groups, female university students discussed Internet safety risks and strategies and privacy protection. All focus groups were audio recorded and manually transcribed. Qualitative analysis was conducted at the end of each wave and then reviewed and combined in a separate analysis using the constant comparative method. A total of 48 females participated across the two waves. The themes included (1) abundant urban myths, such as the ability for companies to access private information; (2) the importance of filtering one's displayed information; and (3) maintaining age limits on social media access to avoid younger teens' presence on Facebook. The findings present a complex picture of how adolescents view privacy protection and online safety. Older adolescents may be valuable partners in promoting safe and age-appropriate Internet use for younger teens in the changing landscape of privacy. Copyright © 2014. Published by Elsevier Inc.

  10. Healthcare teams over the Internet: towards a certificate-based approach.

    Science.gov (United States)

    Georgiadis, Christos K; Mavridis, Ioannis K; Pangalos, George I

    2002-01-01

    Healthcare environments are a representative case of collaborative environments since individuals (e.g. doctors) in many cases collaborate in order to provide care to patients in a more proficient way. At the same time modem healthcare institutions are increasingly interested in sharing access of their information resources in the networked environment. Healthcare applications over the Internet offer an attractive communication infrastructure at worldwide level but with a noticeably great factor of risk. Security has therefore become a major concern for healthcare applications over the Internet. However, although an adequate level of security can be relied upon digital certificates, if an appropriate security policy is used, additional security considerations are needed in order to deal efficiently with the above team-work concerns. The already known Hybrid Access Control security model supports and handles efficiently healthcare teams with active security capabilities and is capable to exploit the benefits of certificate technology. In this paper we present the way for encoding the appropriate authoritative information in various types of certificates, as well as the overall operational architecture of the implemented access control system for healthcare collaborative environments over the Internet. A pilot implementation of the proposed methodology in a major Greek hospital has shown the applicability of the proposals and the flexibility of the access control provided.

  11. Ultrabroadband photonic Internet: data mining approach to security aspects

    Science.gov (United States)

    Kalicki, Arkadiusz

    2009-06-01

    Web applications became most popular medium in the Internet. Popularity, easiness of web application frameworks together with careless development results in high number of vulnerabilities and attacks. There are several types of attacks possible because of improper input validation. SQL injection is ability to execute arbitrary SQL queries in a database through an existing application. Cross-site scripting is the vulnerability which allows malicious web users to inject code into the web pages viewed by other users. Cross-Site Request Forgery (CSRF) is an attack that tricks the victim into loading a page that contains malicious request. Web spam in blogs. In order to secure web applications intrusion detection (IDS) and intrusion prevention systems (IPS) are being used. Intrusion detection systems are divided in two groups: misuse detection (traditional IDS) and anomaly detection. Misuse detection systems are signature based, have high accuracy in detecting many kinds of known attacks but cannot detect unknown and emerging attacks. This can be complemented with anomaly based intrusion detection and prevention systems. This paper presents anomaly driven proxy as an IPS and data mining based algorithm which was used to detecting anomalies. The principle of this method is the comparison of the incoming HTTP traffic with a previously built profile that contains a representation of the "normal" or expected web application usage sequence patterns. The frequent sequence patterns are found with GSP algorithm. Some basic tests show that the software catches malicious requests.

  12. Charting a Security Landscape in the Clouds: Data Protection and Collaboration in Cloud Storage

    Science.gov (United States)

    2016-07-01

    strength of specific cryptographic primitives used such as Advanced Encryption Standard ( AES ); protection of keys and key materials beyond the protocol...Advanced Encryption Standard ( AES ) with a 256-bit key instead of a 128-bit key for example, is not a particularly insightful observation. Rather, this... AES Advanced Encryption Standard TLS/SSL Transport Layer Security/Security Socket Layer 35 REFERENCES [1] International Data Corporation

  13. Grid Security

    CERN Multimedia

    CERN. Geneva

    2004-01-01

    The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

  14. Healthcare Blockchain System Using Smart Contracts for Secure Automated Remote Patient Monitoring.

    Science.gov (United States)

    Griggs, Kristen N; Ossipova, Olya; Kohlios, Christopher P; Baccarini, Alessandro N; Howson, Emily A; Hayajneh, Thaier

    2018-06-06

    As Internet of Things (IoT) devices and other remote patient monitoring systems increase in popularity, security concerns about the transfer and logging of data transactions arise. In order to handle the protected health information (PHI) generated by these devices, we propose utilizing blockchain-based smart contracts to facilitate secure analysis and management of medical sensors. Using a private blockchain based on the Ethereum protocol, we created a system where the sensors communicate with a smart device that calls smart contracts and writes records of all events on the blockchain. This smart contract system would support real-time patient monitoring and medical interventions by sending notifications to patients and medical professionals, while also maintaining a secure record of who has initiated these activities. This would resolve many security vulnerabilities associated with remote patient monitoring and automate the delivery of notifications to all involved parties in a HIPAA compliant manner.

  15. Access to CERN from the Internet: termination of the VPN service

    CERN Multimedia

    2007-01-01

    Due to the continued incidents and growing security risks from the service, access to CERN using the VPN (Virtual Private Network) service will be discontinued on Tuesday 29th January 2008. In addition, new registrations will no longer be accepted. Further information is linked from: http://cern.ch/security/vpn Users are requested to stop using VPN immediately and start using the recommended alternative methods for connecting to CERN from the Internet. These are outlined together with a set of FAQs at: http://cern.ch/security/Internet IT Department

  16. CS-DRM: A Cloud-Based SIM DRM Scheme for Mobile Internet

    Directory of Open Access Journals (Sweden)

    Liu Zhang

    2011-01-01

    Full Text Available With the rapid development and growth of the mobile industry, a considerable amount of mobile applications and services are available, which involve Internet scale data collections. Meanwhile, it has a tremendous impact on digital content providers as well as the mobile industry that a large number of digital content have been pirated and illegally distributed. Digital Rights Management (DRM aims at protecting digital contents from being abused through regulating their usage. Unfortunately, to the best of our knowledge, fewer of these DRM schemes are concerned with the cost of the servers in a DRM system when the number of users scales up, and consider benefits of content providers who can be seen as tenants of a content server. In this paper, we propose CS-DRM, a cloud-based SIM DRM scheme, for the mobile Internet. The SIM card is introduced into CS-DRM to both reduce the cost and provide higher security. Also, the characteristics of cloud computing enable CS-DRM to bring benefits for content providers, and well satisfy the performance requirements with low cost when the number of users increases significantly. Furthermore, we have implemented a prototype of our DRM scheme, which demonstrates that CS-DRM is efficient, secure, and practicable.

  17. Designing for the Elderly User: Internet Safety Training

    Science.gov (United States)

    Appelt, Lianne C.

    2016-01-01

    The following qualitative study examines the usability of a custom-designed Internet safety tutorial, targeted at elderly individuals who use the Internet regularly, for effectively conveying critical information regarding online fraud, scams, and other cyber security. The elderly population is especially at risk when it comes to fraudulent…

  18. Robust and Secure Watermarking Using Sparse Information of Watermark for Biometric Data Protection

    OpenAIRE

    Rohit M Thanki; Ved Vyas Dwivedi; Komal Borisagar

    2016-01-01

    Biometric based human authentication system is used for security purpose in many organizations in the present world. This biometric authentication system has several vulnerable points. Two of vulnerable points are protection of biometric templates at system database and protection of biometric templates at communication channel between two modules of biometric authentication systems. In this paper proposed a robust watermarking scheme using the sparse information of watermark biometric to sec...

  19. Analysis of a security protocol in ?CRL

    NARCIS (Netherlands)

    J. Pang

    2002-01-01

    textabstractNeedham-Schroeder public-key protocol; With the growth and commercialization of the Internet, the security of communication between computers becomes a crucial point. A variety of security protocols based on cryptographic primitives are used to establish secure communication over

  20. Integrity protection for code-on-demand mobile agents in e-commerce

    OpenAIRE

    Wang, TH; Guan, SU; Chan, TK

    2002-01-01

    The mobile agent paradigm has been proposed as a promising solution to facilitate distributed computing over open and heterogeneous networks. Mobility, autonomy, and intelligence are identified as key features of mobile agent systems and enabling characteristics for the next-generation smart electronic commerce on the Internet. However, security-related issues, especially integrity protection in mobile agent technology, still hinder the widespread use of software agents: from the agent’s pers...

  1. Role of physical protection and safeguards technology used to Nuclear Material Security

    International Nuclear Information System (INIS)

    Djoko-Irianto, Ign.

    2005-01-01

    The presence of nuclear materials at any nuclear facility must be in secure and must be known as safeguards purpose such as its position, from or type and amount. The clarification of the amount be reported to the national regulatory body and International Atomic Energy Agency (IAEA) as the International regulatory body. The national regulatory body and IAEA will then verify that report. The verification must be done to know there is no difference of the amount, and to give the assurance to the International community that any diversion of safeguarded nuclear material from civil use to a prescribed military purpose would be detected. To carry out verification, several verification techniques such as non-destructive analysis, surveillance, unattended and remote monitoring and environmental sampling are explained to convey the impression how those techniques are implemented. According to the security requirement, the physical protection system including all components of physical protection system have to be effectively designed

  2. 互联网金融消费者权益保护问题研究%The Research on Internet Financial Consumer Rights and Interests Protection

    Institute of Scientific and Technical Information of China (English)

    赵锋

    2015-01-01

    如何在支持互联网金融创新发展的同时,有效保护互联网金融消费者的合法权益,是一个亟待研究的重要课题。本文在总结互联网金融概念、模式的基础上,深入分析了互联网金融消费者权益受侵害的表现形式和当前互联网金融消费者权益保护面临的困境,提出了完善互联网金融消费者权益保护的政策建议。%It is an important subject to be studied how to support the development of Internet financial innovation, and at the same time, protect the lawful rights and interests of the Internet financial consumers effectively. The paper, on the basis of summarizing the concept and mode of the Internet finance, deeply analyzes the forms of the infraction of the Internet financial consumers’ rights and interests and the current plight of the Internet financial consumers' rights and interests protection. Finally, the paper proposes the policy suggestions on perfecting the protection of the rights and interests of the Internet financial consumers.

  3. Information security with M/490 and BSI protection profile for ensuring data security and security of supply; Informationssicherheit mit M/490 und BSI-Schutzprofil zur Sicherstellung von Datenschutz und Versorgungssicherheit

    Energy Technology Data Exchange (ETDEWEB)

    Kiessling, Andreas [MVV Energie AG, Mannheim (Germany)

    2012-07-01

    The progressive distribution of decentralized energy generation plants as well as the necessary system flexibility result in an increased cross-linking of smart system components. The cross-linking of a critical infrastructure as well as the inclusion of communicative end customers in new market mechanisms and services bring new demands to guarantee data privacy and security of supply. Thus, the data privacy should be ensured already in the system design. It is also crucial to design the end-to-end process reliability in the context of complex component interactions and stakeholder interactions. Concepts in the context of the EU Smart Grid Mandate M/490 as well as the German BSI protection profile are dedicated to ensuring information security and data privacy on top-down and bottom-up approaches which indicate the analogies in the utilization of application clusters as a basis for threat analysis. Based on these concepts, a methodology for profiling of communication standards and security standards based on application descriptions and process descriptions within application case clusters as well as communication analysis and threat assessment with assignment of security levels and data protection classes is described.

  4. Research on key technologies of data processing in internet of things

    Science.gov (United States)

    Zhu, Yangqing; Liang, Peiying

    2017-08-01

    The data of Internet of things (IOT) has the characteristics of polymorphism, heterogeneous, large amount and processing real-time. The traditional structured and static batch processing method has not met the requirements of data processing of IOT. This paper studied a middleware that can integrate heterogeneous data of IOT, and integrated different data formats into a unified format. Designed a data processing model of IOT based on the Storm flow calculation architecture, integrated the existing Internet security technology to build the Internet security system of IOT data processing, which provided reference for the efficient transmission and processing of IOT data.

  5. Authentication Protocols for Internet of Things: A Comprehensive Survey

    Directory of Open Access Journals (Sweden)

    Mohamed Amine Ferrag

    2017-01-01

    Full Text Available In this paper, a comprehensive survey of authentication protocols for Internet of Things (IoT is presented. Specifically more than forty authentication protocols developed for or applied in the context of the IoT are selected and examined in detail. These protocols are categorized based on the target environment: (1 Machine to Machine Communications (M2M, (2 Internet of Vehicles (IoV, (3 Internet of Energy (IoE, and (4 Internet of Sensors (IoS. Threat models, countermeasures, and formal security verification techniques used in authentication protocols for the IoT are presented. In addition a taxonomy and comparison of authentication protocols that are developed for the IoT in terms of network model, specific security goals, main processes, computation complexity, and communication overhead are provided. Based on the current survey, open issues are identified and future research directions are proposed.

  6. Identity Management Framework for Internet of Things

    DEFF Research Database (Denmark)

    Mahalle, Parikshit N.

    -configuring capability and is termed as Internet of Things (IoT). The vision of IoT is to connect every object with computing, communication and sensing ability to the Internet. IoT contains varied range of devices from RFID tags, sensor nodes to the even shoes. Thus, IoT enable nomadic collaboration and communication...... between users and devices, between devices themselves and devices to services. Due to rapid technological advancements in the wireless communications, information coming from uncountable applications and services converged on user devices, communication infrastructure and the Internet are integral part...... that are public can be part of the personal space of multiple users at the same time. Secure interaction in and with IoT, secure data management and exchange, authentication, distributed access control and IdM of the devices are the main challenges. The work carried out in the scope of this thesis addresses...

  7. Shopping For Danger: E-commerce techniques applied to collaboration in cyber security

    Energy Technology Data Exchange (ETDEWEB)

    Bruce, Joseph R.; Fink, Glenn A.

    2012-05-24

    Collaboration among cyber security analysts is essential to a successful protection strategy on the Internet today, but it is uncommonly practiced or encouraged in operating environments. Barriers to productive collaboration often include data sensitivity, time and effort to communicate, institutional policy, and protection of domain knowledge. We propose an ambient collaboration framework, Vulcan, designed to remove the barriers of time and effort and mitigate the others. Vulcan automated data collection, collaborative filtering, and asynchronous dissemination, eliminating the effort implied by explicit collaboration among peers. We instrumented two analytic applications and performed a mock analysis session to build a dataset and test the output of the system.

  8. The normative erosion of international refugee protection through UN Security Council practice

    NARCIS (Netherlands)

    Ahlborn, C.

    2011-01-01

    Since the early 1990s, the UN Security Council has used its enforcement measures under Chapter VII of the UN Charter to address different aspects of international refugee protection from the root causes of forced displacement to the search for durable solutions to the refugee problem. At the same

  9. Security Analysis of DTN Architecture and Bundle Protocol Specification for Space-Based Networks

    Science.gov (United States)

    Ivancic, William D.

    2009-01-01

    A Delay-Tolerant Network (DTN) Architecture (Request for Comment, RFC-4838) and Bundle Protocol Specification, RFC-5050, have been proposed for space and terrestrial networks. Additional security specifications have been provided via the Bundle Security Specification (currently a work in progress as an Internet Research Task Force internet-draft) and, for link-layer protocols applicable to Space networks, the Licklider Transport Protocol Security Extensions. This document provides a security analysis of the current DTN RFCs and proposed security related internet drafts with a focus on space-based communication networks, which is a rather restricted subset of DTN networks. Note, the original focus and motivation of DTN work was for the Interplanetary Internet . This document does not address general store-and-forward network overlays, just the current work being done by the Internet Research Task Force (IRTF) and the Consultative Committee for Space Data Systems (CCSDS) Space Internetworking Services Area (SIS) - DTN working group under the DTN and Bundle umbrellas. However, much of the analysis is relevant to general store-and-forward overlays.

  10. Enhancing the Internet with the CONVERGENCE system an information-centric network coupled with a standard middleware

    CERN Document Server

    Andrade, Maria; Melazzi, Nicola; Walker, Richard; Hussmann, Heinrich; Venieris, Iakovos

    2014-01-01

    Convergence proposes the enhancement of the Internet with a novel, content-centric, publish–subscribe service model based on the versatile digital item (VDI): a common container for all kinds of digital content, including digital representations of real-world resources. VDIs will serve the needs of the future Internet, providing a homogeneous method for handling structured information, incorporating security and privacy mechanisms. CONVERGENCE subsumes the following areas of research: ·         definition of the VDI as a new fundamental unit of distribution and transaction; ·         content-centric networking functionality to complement or replace IP-address-based routing; ·         security and privacy protection mechanisms; ·         open-source middleware, including a community dictionary service to enable rich semantic searches; ·         applications, tested under real-life conditions. This book shows how CONVERGENCE allows publishing, searching and subscri...

  11. Security issues in Internet of Things

    OpenAIRE

    Solà Campillo, Oriol

    2017-01-01

    The main idea behind the concept of the Internet of Things (IoT) is to connect all kinds of everyday objects, thus enabling them to communicate to each other and enabling people to communicate to them. IoT is an extensive concept that encompasses a wide range of technologies and applications. This document gives an introduction to what the IoT is, its fundamental characteristics and the enabling technologies that are currently being used. However, the technologies for the IoT are still evolvi...

  12. 77 FR 1971 - Supplemental Security Income and Homeless Individuals

    Science.gov (United States)

    2012-01-12

    ... visit our Internet site, Social Security Online, at http://www.socialsecurity.gov . SUPPLEMENTARY... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2011-0087] Supplemental Security Income and Homeless Individuals AGENCY: Social Security Administration. ACTION: Notice; Request for Comments. SUMMARY...

  13. Extending the Internet of Things to the Future Internet Through IPv6 Support

    Directory of Open Access Journals (Sweden)

    Antonio J. Jara

    2014-01-01

    Full Text Available Emerging Internet of Things (IoT/Machine-to-Machine (M2M systems require a transparent access to information and services through a seamless integration into the Future Internet. This integration exploits infrastructure and services found on the Internet by the IoT. On the one hand, the so-called Web of Things aims for direct Web connectivity by pushing its technology down to devices and smart things. On the other hand, the current and Future Internet offer stable, scalable, extensive, and tested protocols for node and service discovery, mobility, security, and auto-configuration, which are also required for the IoT. In order to integrate the IoT into the Internet, this work adapts, extends, and bridges using IPv6 the existing IoT building blocks (such as solutions from IEEE 802.15.4, BT-LE, RFID while maintaining backwards compatibility with legacy networked embedded systems from building and industrial automation. Specifically, this work presents an extended Internet stack with a set of adaptation layers from non-IP towards the IPv6-based network layer in order to enable homogeneous access for applications and services.

  14. Design, implementation and security of a typical educational laboratory computer network

    Directory of Open Access Journals (Sweden)

    Martin Pokorný

    2013-01-01

    Full Text Available Computer network used for laboratory training and for different types of network and security experiments represents a special environment where hazardous activities take place, which may not affect any production system or network. It is common that students need to have administrator privileges in this case which makes the overall security and maintenance of such a network a difficult task. We present our solution which has proved its usability for more than three years. First of all, four user requirements on the laboratory network are defined (access to educational network devices, to laboratory services, to the Internet, and administrator privileges of the end hosts, and four essential security rules are stipulated (enforceable end host security, controlled network access, level of network access according to the user privilege level, and rules for hazardous experiments, which protect the rest of the laboratory infrastructure as well as the outer university network and the Internet. The main part of the paper is dedicated to a design and implementation of these usability and security rules. We present a physical diagram of a typical laboratory network based on multiple circuits connecting end hosts to different networks, and a layout of rack devices. After that, a topological diagram of the network is described which is based on different VLANs and port-based access control using the IEEE 802.1x/EAP-TLS/RADIUS authentication to achieve defined level of network access. In the second part of the paper, the latest innovation of our network is presented that covers a transition to the system virtualization at the end host devices – inspiration came from a similar solution deployed at the Department of Telecommunications at Brno University of Technology. This improvement enables a greater flexibility in the end hosts maintenance and a simultaneous network access to the educational devices as well as to the Internet. In the end, a vision of a

  15. Energy policy seesaw between security and protecting the environment

    International Nuclear Information System (INIS)

    Finon, D.

    1994-01-01

    It is just the price of oil that causes the energy policies of importing countries to vacillate. Changing perceptions of energy supply factors has had as much to do with transfiguring government action modes since 1973 as has the idea of the legitimacy of that action. The present paper thus draws a parallel between the goal of energy security twenty years ago and that of global environmental protection today, which explains the critical reversion to a view of minimum government action in the energy field - a view that marked the eighties. (author). 20 refs

  16. Three Essays on Information Security Policies

    Science.gov (United States)

    Yang, Yubao

    2011-01-01

    Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

  17. Big Data, Internet of Things and Cloud Convergence--An Architecture for Secure E-Health Applications.

    Science.gov (United States)

    Suciu, George; Suciu, Victor; Martian, Alexandru; Craciunescu, Razvan; Vulpe, Alexandru; Marcu, Ioana; Halunga, Simona; Fratu, Octavian

    2015-11-01

    Big data storage and processing are considered as one of the main applications for cloud computing systems. Furthermore, the development of the Internet of Things (IoT) paradigm has advanced the research on Machine to Machine (M2M) communications and enabled novel tele-monitoring architectures for E-Health applications. However, there is a need for converging current decentralized cloud systems, general software for processing big data and IoT systems. The purpose of this paper is to analyze existing components and methods of securely integrating big data processing with cloud M2M systems based on Remote Telemetry Units (RTUs) and to propose a converged E-Health architecture built on Exalead CloudView, a search based application. Finally, we discuss the main findings of the proposed implementation and future directions.

  18. Internet enlightens

    International Nuclear Information System (INIS)

    Anon.

    2010-01-01

    This part of the issue gives Internet addresses in relation with nuclear energy, safety, radiation protection, legislation, at the national level and European and international level. A special part is devoted to non ionizing radiation. (N.C.)

  19. Security research roadmap; Security-tutkimuksen roadmap

    Energy Technology Data Exchange (ETDEWEB)

    Naumanen, M.; Rouhiainen, V. (eds.)

    2006-02-15

    Requirements for increasing security have arisen in Europe after highly visible and tragic events in Madrid and in London. While responsibility for security rests largely with the national activities, the EU has also started planning a research area .Space and security. as a part of the 7th Framework Programme. As the justification for this research area it has been presented that technology alone can not assure security, but security can not be assured without the support of technology. Furthermore, the justification highlights that security and military research are becoming ever closer. The old separation between civil and military research is decreasing, because it has been noticed that both areas are nowadays utilising the same knowledge. In Finland, there is already now noteworthy entrepreneurship related to security. Although some of the companies are currently only operating in Finland, others are already international leaders in their area. The importance of the security area is increasing and remarkable potential for new growth business areas can already be identified. This however also requires an increase in research efforts. VTT has a broad range of security research ongoing in many technology areas. The main areas have been concentrating on public safety and security, but VTT is participating also in several research projects related to the defence technology. For identifying and defining in more detail the expertise and research goals, the Security research roadmap was developed. The roadmap identified three particularly significant areas related to security. The assurance of critical infrastructure emphasises the protection of energy networks, information networks, water supply, traffic and transport, and obviously also the citizens. For assuring the activities of entrepreneurship, significant areas include the security of production and services, the security of sites and assets, and information security for embedded systems. The most important

  20. Access to CERN from the Internet: termination of the VPN service - Reminder

    CERN Multimedia

    IT Department

    2008-01-01

    Due to the continued incidents and growing security risks associated with the service, access to CERN using the VPN (Virtual Private Network) service will be discontinued as of Tuesday, 29 January 2008. In addition, new registrations are no longer accepted. For further information see: http://cern.ch/security/vpn. Users are requested to stop using VPN immediately and to start to use the recommended alternative methods for connecting to CERN from the Internet. An outline of these methods and a set of FAQs are available at: http://cern.ch/security/Internet IT Department

  1. The protection of educational institutions from cyber crime and cyberbullying: Problems and dilemmas

    Directory of Open Access Journals (Sweden)

    Putnik Nenad

    2013-01-01

    Full Text Available The article analyses the problems that appear in the process of protecting the educational institutions from the security risks in cyber space - cyber crime and cyberbullying. Due to main characteristics and nature of security risks in cyber space, children, adolescents and students are particularly vulnerable category of Internet users. Having this on mind, we can conclude that educational institutions are an important factor in the process of prevention and control of security risks that young people face in cyber space. The authors analyze the legal framework and the actual situation in this domain and propose concrete measures for the reduction of security risks in cyber space, and consider the capacities and importance of building and implementing the unique, functional and pragmatic multi-layer protection model. The first part of the article is dedicated to the analyses of the legal framework for countering cyber crime, with the consideration of the normative legal acts that regulate the protection of children and students from the violence, malestation and neglection in the school environment. The authors also focus on the legal definition of cyberbullying. In the second part of the article, the authors propose the principles and elements for building a model of multi-layer protection and analyze the possibility of its application in educational institutions in the Republic of Serbia, as an efficient tool for the prevention and reduction of security risks in the cyber space.

  2. Anticipatory ethics for a future Internet: analyzing values during the design of an Internet infrastructure.

    Science.gov (United States)

    Shilton, Katie

    2015-02-01

    The technical details of Internet architecture affect social debates about privacy and autonomy, intellectual property, cybersecurity, and the basic performance and reliability of Internet services. This paper explores one method for practicing anticipatory ethics in order to understand how a new infrastructure for the Internet might impact these social debates. This paper systematically examines values expressed by an Internet architecture engineering team-the Named Data Networking project-based on data gathered from publications and internal documents. Networking engineers making technical choices also weigh non-technical values when working on Internet infrastructure. Analysis of the team's documents reveals both values invoked in response to technical constraints and possibilities, such as efficiency and dynamism, as well as values, including privacy, security and anonymity, which stem from a concern for personal liberties. More peripheral communitarian values espoused by the engineers include democratization and trust. The paper considers the contextual and social origins of these values, and then uses them as a method of practicing anticipatory ethics: considering the impact such priorities may have on a future Internet.

  3. Computer Security: the security marathon

    CERN Multimedia

    Computer Security Team

    2014-01-01

    If you believe that “security” is a sprint, that a quick hack is invulnerable, that quick bug fixing is sufficient, that plugging security measures on top of existing structures is good, that once you are secure your life will be easy... then let me convince you otherwise.   An excellent example of this is when the summer students join us at CERN. As the summer period is short, software projects must be accomplished quickly, like a sprint. Rush, rush! But often, this sprint ends with aching muscles. Regularly, these summer students approach us to have their project or web server made visible to the Internet. Regularly, quick security reviews of those web servers diagnose severe underperformance with regards to security: the web applications are flawed or use insecure protocols; the employed software tools, databases or web frameworks are sub-optimal and not adequately chosen for that project; the operating system is non-standard and has never been brought up-to-date; and ...

  4. Computer Security: the security marathon, part 2

    CERN Multimedia

    Computer Security Team

    2014-01-01

    Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

  5. Privacy and Security Issues Surrounding the Protection of Data Generated by Continuous Glucose Monitors.

    Science.gov (United States)

    Britton, Katherine E; Britton-Colonnese, Jennifer D

    2017-03-01

    Being able to track, analyze, and use data from continuous glucose monitors (CGMs) and through platforms and apps that communicate with CGMs helps achieve better outcomes and can advance the understanding of diabetes. The risks to patients' expectation of privacy are great, and their ability to control how their information is collected, stored, and used is virtually nonexistent. Patients' physical security is also at risk if adequate cybersecurity measures are not taken. Currently, data privacy and security protections are not robust enough to address the privacy and security risks and stymies the current and future benefits of CGM and the platforms and apps that communicate with them.

  6. NPP physical protection and information security as necessary conditions for reducing nuclear and radiation accident risks

    International Nuclear Information System (INIS)

    Pogosov, O.Yu.; Derevyanko, O.V.

    2017-01-01

    The paper focuses on the fact that nuclear failures and incidents can lead to radioactive contamination of NPP premises. Nuclear and radiation hazard may be caused by malefactors in technological processes when applying computers or inadequate control in case of insufficient level of information security.The researchers performed analysis of factors for reducing risks of nuclear and radiation accidents at NPPs considering specific conditions related to information security of NPP physical protection systems. The paper considers connection of heterogeneous factors that may increase the risk of NPP accidents, possibilities and ways to improve adequate modelling of security of information with limited access directly related to the functioning of automated set of engineering and technical means for NPP physical protection. Within the overall Hutchinson formalization, it is proposed to include additional functional dependencies on indicators specific for NPPs into analysis algorithms.

  7. Europe’s fragmented approach towards cyber security

    Directory of Open Access Journals (Sweden)

    Karine e Silva

    2013-10-01

    Full Text Available The article proposes a deeper insight into the variety of concepts used to describe the term cyber security and the ways in which it has been used in recent years. It examines the role of three important actors involved in the internet governance arena, namely governments, private sector and civil society, and how they have influenced the debate. To this end, this paper analyses how different organisations, industry and societal actors see cyber security and how their interests influence the way the debate has evolved. The difficult balance between security and fundamental rights, although not new to governments and society, is of great importance for the internet. Citizens have engaged in favour of an open internet. However, little attention has been paid to the demands of citizens and how they may contribute to a concept of cyber security that brings society to its core. The paper states that for cyberspace to be open and supportive of innovation, the practice of cyber security needs to internalise the interests and perspectives of end users. A multistakeholder approach to cyber security asks a more participative environment where the rules of the game are decided with public participation and consultation, giving citizens the means and methods to influence the way cyber security is conceived and implemented. The paper concludes that although a citizen centric approach towards cyber security should be the way forward, this seems to be yet far from being included in the governmental agenda. The methodology applied in the paper was mainly focused on desk research.

  8. THE PROTECTION OF CONSUMER RIGHTS FOR AVIATION SAFETY AND SECURITY IN INDONESIA AND MALAYSIA

    OpenAIRE

    Annalisa Yahanan; Febrian Febrian; Rohani Abdul Rahim

    2017-01-01

    Indonesia and Malaysia have a good potency for cooperation in aviation industry. It can be seen in the establishing two aviation companies namely PT. Indonesia Air Asia and Malindo which both are low-cost carrier. These aviation industries are categorized as low-cost carrier, however safety and security are absolute factors because these are rights for consumers. This article will describe further about safety and security standard; protecting the rights for consumers in connection with safet...

  9. The Protection of Consumer Rights for Aviation Safety and Security in Indonesia and Malaysia

    OpenAIRE

    Yahanan, Annalisa; Febrian, Febrian; Rahim, Rohani Abdul

    2017-01-01

    Indonesia and Malaysia have a good potency for cooperation in aviation industry. It can be seen in the establishing two aviation companies namely PT. Indonesia Air Asia and Malindo which both are low-cost carrier. These aviation industries are categorized as low-cost carrier, however safety and security are absolute factors because these are rights for consumers. This article will describe further about safety and security standard; protecting the rights for consumers in connection with safet...

  10. Data Protection and the Prevention of Cybercrime: The EU as an area of security?

    OpenAIRE

    PORCEDDA, Maria Grazia

    2012-01-01

    (This working paper is a revised version of Ms. Porcedda's EUI LL.M. thesis, 2012.) Cybercrime and cyber-security are attracting increasing attention, both for the relevance of Critical Information Infrastructure to the national economy and security, and the interplay of the policies tackling them with ‘ICT sensitive’ liberties, such as privacy and data protection. This study addresses the subject in two ways. On the one hand, it aims to cast light on the (legal substantive) nature of, ...

  11. Radiological Threat Reduction (RTR) program: implementing physical security to protect large radioactive sources worldwide

    International Nuclear Information System (INIS)

    Lowe, Daniel L.

    2004-01-01

    The U.S. Department of Energy's Radiological Threat Reduction (RTR) Program strives to reduce the threat of a Radiological Dispersion Device (RDD) incident that could affect U.S. interests worldwide. Sandia National Laboratories supports the RTR program on many different levels. Sandia works directly with DOE to develop strategies, including the selection of countries to receive support and the identification of radioactive materials to be protected. Sandia also works with DOE in the development of guidelines and in training DOE project managers in physical protection principles. Other support to DOE includes performing rapid assessments and providing guidance for establishing foreign regulatory and knowledge infrastructure. Sandia works directly with foreign governments to establish cooperative agreements necessary to implement the RTR Program efforts to protect radioactive sources. Once necessary agreements are in place, Sandia works with in-country organizations to implement various security related initiatives, such as installing security systems and searching for (and securing) orphaned radioactive sources. The radioactive materials of interest to the RTR program include Cobalt 60, Cesium 137, Strontium 90, Iridium 192, Radium 226, Plutonium 238, Americium 241, Californium 252, and Others. Security systems are implemented using a standardized approach that provides consistency through out the RTR program efforts at Sandia. The approach incorporates a series of major tasks that overlap in order to provide continuity. The major task sequence is to: Establish in-country contacts - integrators, Obtain material characterizations, Perform site assessments and vulnerability assessments, Develop upgrade plans, Procure and install equipment, Conduct acceptance testing and performance testing, Develop procedures, and Conduct training. Other tasks are incorporated as appropriate and commonly include such as support of reconfiguring infrastructure, and developing security

  12. Hospital security: "protecting the business".

    Science.gov (United States)

    Maas, Jos

    2013-01-01

    Implementing management science into security isn't hard and is more necessary than ever according to the author who presents and illustrates a five point plan that he says will get the security job done easier and with more commitment from the Board.

  13. Get Linked or Get Lost: Marketing Strategy for the Internet.

    Science.gov (United States)

    Aldridge, Alicia; Forcht, Karen; Pierson, Joan

    1997-01-01

    To cultivate an online market share, companies must design marketing strategies specifically for the Internet. This article examines the nature of business on the Internet, highlighting demographics, user control, accessibility, communication, authenticity, competition, and security and proposes a marketing strategy, including targeting and…

  14. Science and Technology Resources on the Internet: Computer Security.

    Science.gov (United States)

    Kinkus, Jane F.

    2002-01-01

    Discusses issues related to computer security, including confidentiality, integrity, and authentication or availability; and presents a selected list of Web sites that cover the basic issues of computer security under subject headings that include ethics, privacy, kids, antivirus, policies, cryptography, operating system security, and biometrics.…

  15. 33 CFR 165.1317 - Security and Safety Zone; Large Passenger Vessel Protection, Puget Sound and adjacent waters...

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security and Safety Zone; Large Passenger Vessel Protection, Puget Sound and adjacent waters, Washington. 165.1317 Section 165.1317 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PORTS AND WATERWAYS...

  16. 33 CFR 165.1318 - Security and Safety Zone Regulations, Large Passenger Vessel Protection, Portland, OR Captain of...

    Science.gov (United States)

    2010-07-01

    ... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security and Safety Zone Regulations, Large Passenger Vessel Protection, Portland, OR Captain of the Port Zone 165.1318 Section 165.1318 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PORTS AND...

  17. Using virtual reality in the training of security staff and evaluation of physical protection barriers in nuclear facilities

    Energy Technology Data Exchange (ETDEWEB)

    Augusto, Silas C.; Mol, Antonio C.A.; Mol, Pedro C.; Sales, Douglas S. [Instituto de Engenharia Nuclear (IEN/CNEN-RJ), Rio de Janeiro, RJ (Brazil); Universidade do Estado do Rio de Janeiro (UERJ), RJ (Brazil)], e-mail: silas@ien.gov.br, e-mail: mol@ien.gov.br, e-mail: pedro98@gmail.com, e-mail: dsales@ien.gov.br

    2009-07-01

    The physical security of facilities containing radioactive objects, an already important matter, now has a new aggravating factor: the existence of groups intending to obtain radioactive materials for the purpose of intentionally induce radioactive contamination incidents, as for example the explosion of dirty bombs in populated regions, damaging both people and environment. In this context, the physical security of such facilities must be reinforced so to reduce the possibilities of such incidents. This paper presents a adapted game engine used as a virtual reality system, enabling the modeling and simulation of scenarios of nuclear facilities containing radioactive objects. In these scenarios, the physical protection barriers, as fences and walls, are simulated along with vigilance screens. Using a computer network, several users can participate simultaneously in the simulation, being represented by avatars. Users can play the roles of both invaders and security staff. The invaders have as objective to surpass the facility's physical protection barriers to steal radioactive objects and flee. The security staff have as objective to prevent and stop the theft of radioactive objects from the facility. The system can be used to analysis simulated scenarios and train vigilance/security staff. A test scenario was already developed and used, and the preliminary tests had satisfactory results, as they enabled the evaluation of the physical protection barriers of the virtual facility, and the training of those who participated in the simulations in the functions of a security staff. (author)

  18. Using virtual reality in the training of security staff and evaluation of physical protection barriers in nuclear facilities

    International Nuclear Information System (INIS)

    Augusto, Silas C.; Mol, Antonio C.A.; Mol, Pedro C.; Sales, Douglas S.

    2009-01-01

    The physical security of facilities containing radioactive objects, an already important matter, now has a new aggravating factor: the existence of groups intending to obtain radioactive materials for the purpose of intentionally induce radioactive contamination incidents, as for example the explosion of dirty bombs in populated regions, damaging both people and environment. In this context, the physical security of such facilities must be reinforced so to reduce the possibilities of such incidents. This paper presents a adapted game engine used as a virtual reality system, enabling the modeling and simulation of scenarios of nuclear facilities containing radioactive objects. In these scenarios, the physical protection barriers, as fences and walls, are simulated along with vigilance screens. Using a computer network, several users can participate simultaneously in the simulation, being represented by avatars. Users can play the roles of both invaders and security staff. The invaders have as objective to surpass the facility's physical protection barriers to steal radioactive objects and flee. The security staff have as objective to prevent and stop the theft of radioactive objects from the facility. The system can be used to analysis simulated scenarios and train vigilance/security staff. A test scenario was already developed and used, and the preliminary tests had satisfactory results, as they enabled the evaluation of the physical protection barriers of the virtual facility, and the training of those who participated in the simulations in the functions of a security staff. (author)

  19. Mathematical and Statistical Opportunities in Cyber Security

    Energy Technology Data Exchange (ETDEWEB)

    Meza, Juan; Campbell, Scott; Bailey, David

    2009-03-23

    The role of mathematics in a complex system such as the Internet has yet to be deeply explored. In this paper, we summarize some of the important and pressing problems in cyber security from the viewpoint of open science environments. We start by posing the question 'What fundamental problems exist within cyber security research that can be helped by advanced mathematics and statistics'? Our first and most important assumption is that access to real-world data is necessary to understand large and complex systems like the Internet. Our second assumption is that many proposed cyber security solutions could critically damage both the openness and the productivity of scientific research. After examining a range of cyber security problems, we come to the conclusion that the field of cyber security poses a rich set of new and exciting research opportunities for the mathematical and statistical sciences.

  20. Privacy and Security in Mobile Health (mHealth) Research.

    Science.gov (United States)

    Arora, Shifali; Yttri, Jennifer; Nilse, Wendy

    2014-01-01

    Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions-some in real time-while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions.