WorldWideScience

Sample records for network security policy

  1. Directed Security Policies: A Stateful Network Implementation

    Directory of Open Access Journals (Sweden)

    Cornelius Diekmann

    2014-05-01

    Full Text Available Large systems are commonly internetworked. A security policy describes the communication relationship between the networked entities. The security policy defines rules, for example that A can connect to B, which results in a directed graph. However, this policy is often implemented in the network, for example by firewalls, such that A can establish a connection to B and all packets belonging to established connections are allowed. This stateful implementation is usually required for the network's functionality, but it introduces the backflow from B to A, which might contradict the security policy. We derive compliance criteria for a policy and its stateful implementation. In particular, we provide a criterion to verify the lack of side effects in linear time. Algorithms to automatically construct a stateful implementation of security policy rules are presented, which narrows the gap between formalization and real-world implementation. The solution scales to large networks, which is confirmed by a large real-world case study. Its correctness is guaranteed by the Isabelle/HOL theorem prover.

  2. Network Security: Policies and Guidelines for Effective Network Management

    Directory of Open Access Journals (Sweden)

    Jonathan Gana KOLO

    2008-12-01

    Full Text Available Network security and management in Information and Communication Technology (ICT is the ability to maintain the integrity of a system or network, its data and its immediate environment. The various innovations and uses to which networks are being put are growing by the day and hence are becoming complex and invariably more difficult to manage by the day. Computers are found in every business such as banking, insurance, hospital, education, manufacturing, etc. The widespread use of these systems implies crime and insecurity on a global scale. In addition, the tremendous benefits brought about by Internet have also widened the scope of crime and insecurity at an alarming rate. Also, ICT has fast become a primary differentiator for institution/organization leaders as it offers effective and convenient means of interaction with each other across the globe. This upsurge in the population of organizations depending on ICT for business transaction has brought with it a growing number of security threats and attacks on poorly managed and secured networks primarily to steal personal data, particularly financial information and password.This paper therefore proposes some policies and guidelines that should be followed by network administrators in organizations to help them ensure effective network management and security of ICT facilities and data.

  3. HTTP Packet Inspection Policy for Improvising Internal Network Security

    Directory of Open Access Journals (Sweden)

    Kuldeep Tomar

    2014-10-01

    Full Text Available Past few years the use of Internet and its applications has increased to a great extent. There is also an enormous growth in the establishment of computer networks by large, medium and small organizations, for data transfer and information exchange. Due to this huge growth, incidents of cyber-attacks and security breaches have also increased. Data on a network is transferred using protocols such as Hyper Text Transfer Protocol, which is very vulnerable. Many types of malicious contents are hidden in packets that are transferred over a network or system, which may can to get it slow, crash or buffer overflow etc. Thus it is very important to secure networks from such types of attacks. There are lots of mechanisms available but still they are not good enough because of dynamic environment. Such kind of attacks can be countered by applying appropriate policies on network edge devices like Adaptive Security Appliance, firewalls, web servers, router etc. Also the packets which are transferred between networks, they should deeply inspect for malicious or any insecure contents. In this paper firstly we would study Network security issues and available mechanism to counter them our focus would be on inspecting the HTTP packets deeply by applying policies on ASA. Finally we would use Graphical Network Simulator (GNS3 to test such a policy.

  4. Network Security: Policies and Guidelines for Effective Network Management

    OpenAIRE

    Jonathan Gana KOLO; Umar Suleiman DAUDA

    2008-01-01

    Network security and management in Information and Communication Technology (ICT) is the ability to maintain the integrity of a system or network, its data and its immediate environment. The various innovations and uses to which networks are being put are growing by the day and hence are becoming complex and invariably more difficult to manage by the day. Computers are found in every business such as banking, insurance, hospital, education, manufacturing, etc. The widespread use of these syst...

  5. Security Policy for a Generic Space Exploration Communication Network Architecture

    Science.gov (United States)

    Ivancic, William D.; Sheehe, Charles J.; Vaden, Karl R.

    2016-01-01

    This document is one of three. It describes various security mechanisms and a security policy profile for a generic space-based communication architecture. Two other documents accompany this document- an Operations Concept (OpsCon) and a communication architecture document. The OpsCon should be read first followed by the security policy profile described by this document and then the architecture document. The overall goal is to design a generic space exploration communication network architecture that is affordable, deployable, maintainable, securable, evolvable, reliable, and adaptable. The architecture should also require limited reconfiguration throughout system development and deployment. System deployment includes subsystem development in a factory setting, system integration in a laboratory setting, launch preparation, launch, and deployment and operation in space.

  6. A Policy Based Scheme for Combined Data Security in Mobile Ad hoc Networks

    Directory of Open Access Journals (Sweden)

    S. K. Srivatsa

    2012-01-01

    Full Text Available Problem statement: In Mobile Ad hoc Networks (MANET routing protocols, we require a network-level or link layer security. Since without appropriate security provisions, the MANETs is subjected to attacks like network traffic, replay transmissions, manipulate packet headers and redirect routing messages. In order to address these needs, a policy based network management system that provides the capability to express network requirements is required. Approach: In this study, we propose a policy based scheme for combined data security which focuses mainly on three policies: Integrity, authentication and Confidentiality. For providing security not only to data, but also for routing information, we calculate the trust indexes of the nodes and the route is selected according to the trust value which improves integrity. Then in order to provide authentication, we propose a Distributed Certificate Authority (DCA technique in which multiple DCA is required to construct a certificate. Next we propose an RSA based novel encryption mechanism in order to provide Confidentiality among the nodes. Thus, the desired level of security is provided by the system based on the policy of the user by executing the corresponding security modules. Results: By simulation results, we show that this scheme provides a combined data security in MANETs and can be used efficiently. Conclusion: Our proposed combined data security policy provides complete protection for the data in MANET communications.

  7. Dynamic Reconfiguration of Security Policies in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Mónica Pinto

    2015-03-01

    Full Text Available Providing security and privacy to wireless sensor nodes (WSNs is very challenging, due to the heterogeneity of sensor nodes and their limited capabilities in terms of energy, processing power and memory. The applications for these systems run in a myriad of sensors with different low-level programming abstractions, limited capabilities and different routing protocols. This means that applications for WSNs need mechanisms for self-adaptation and for self-protection based on the dynamic adaptation of the algorithms used to provide security. Dynamic software product lines (DSPLs allow managing both variability and dynamic software adaptation, so they can be considered a key technology in successfully developing self-protected WSN applications. In this paper, we propose a self-protection solution for WSNs based on the combination of the INTER-TRUST security framework (a solution for the dynamic negotiation and deployment of security policies and the FamiWare middleware (a DSPL approach to automatically configure and reconfigure instances of a middleware for WSNs.We evaluate our approach using a case study from the intelligent transportation system domain.

  8. Managing Cisco network security

    CERN Document Server

    Knipp, Eric

    2002-01-01

    An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

  9. Use of Ontologies for the Definition of Alerts and Policies in a Network Security Platform

    Directory of Open Access Journals (Sweden)

    Jorge E. López de Vergara

    2009-10-01

    Full Text Available A quick and efficient reaction to an attack is important to address the evolution of security incidents in current communication networks. The ReD (Reaction after Detection project’s aim is to design solutions that enhance the detection/reaction security process. This will improve the overall resilience of IP networks to attacks, helping telecommunication and service providers to maintain sufficient quality of service to comply with service level agreements. A main component within this project is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontologybased methodology for the instantiation of these security policies. This approach provides a way to map alerts into attack contexts, which are later used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings. These ontologies are semantic representations of IDMEF alerts and ORBAC policies. Finally, this approach is applied in a Voice over IP use case, illustrating the mapping process.

  10. Network security

    CERN Document Server

    Perez, André

    2014-01-01

    This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring. Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying

  11. Coalition Warfare Program (CWP): secure policy controlled information query and dissemination over a Bices network

    Science.gov (United States)

    Toth, Andrew; Pham, Tien; Karr, Todd; Bent, Graham; Harries, Dominic; Knox, Alan

    2013-05-01

    In 2006, the US Army Research Laboratory (ARL) and the UK Ministry of Defence (MoD) established a collaborative research alliance with academia and industry, called the International Technology Alliance (ITA) to address fundamental issues concerning Network and Information Sciences. Under the ITA research program, a US-UK transition project on "ITA Policy Controlled Information Query and Dissemination" was funded in 2011 by OSD's Coalition Warfare Program (CWP). The goal of this CWP project is to develop an extensible capability of performing distributed federated query and information dissemination across a coalition network of distributed disparate data/information sources with access­ controlled policies. The CWP project is lead by US Army Research Laboratory (ARL) and UK Defence Science Technology Laboratory (Dstl) with software development by IBM UK and IBM US. The CWP project exploits two key technology components developed within the ITA, namely the Gaian Database and integrated Access Policy Decision and Enforcement mechanisms. The Gaian Database (GaianDB) is a Dynamic Distributed Federated Database (DDFD) that addresses a need to share information among coalition members by providing a means for policy-controlled access to data across a network of heterogeneous data sources. GaianDB implements a SQL-compliant Store-Locally-Query-Anywhere (SLQA) approach providing software applications with global access to data from any node in the database network via standard SQL queries. Security policy is stored locally and enforced at the database node level, reducing potential for unauthorized data access and waste of network bandwidth. A key metric of success for a CWP project is the transition of coalition-related technology from TRL-3 or 4 to TRL-6 or higher. Thus, the end goal of this CWP project was to demonstrate the GaianDB and policy technology within an operational environment at the NATO Intelligence Fusion Centre (NIFC) at Molesworth RAF. An initial

  12. Hybrid Security Policies

    Directory of Open Access Journals (Sweden)

    Radu CONSTANTINESCU

    2006-01-01

    Full Text Available Policy is defined as the rules and regulations set by the organization. They are laid down by management in compliance with industry regulations, law and internal decisions. Policies are mandatory. Security policies rules how the information is protected against security vulnerabilities and they are the basis for security awareness, training and vital for security audits. Policies are focused on desired results. The means of achieving the goals are defined on controls, standards and procedures.

  13. Checking Security Policy Compliance

    CERN Document Server

    Gowadia, Vaibhav; Kudo, Michiharu

    2008-01-01

    Ensuring compliance of organizations to federal regulations is a growing concern. This paper presents a framework and methods to verify whether an implemented low-level security policy is compliant to a high-level security policy. Our compliance checking framework is based on organizational and security metadata to support refinement of high-level concepts to implementation specific instances. Our work uses the results of refinement calculus to express valid refinement patterns and their properties. Intuitively, a low-level security policy is compliant to a high-level security policy if there is a valid refinement path from the high-level security policy to the low-level security policy. Our model is capable of detecting violations of security policies, failures to meet obligations, and capability and modal conflicts.

  14. Policy based network management : state of the industry and desired functionality for the enterprise network: security policy / testing technology evaluation.

    Energy Technology Data Exchange (ETDEWEB)

    Morgan, Christine A.; Ernest, Martha J.; Tolendino, Lawrence F.; Klaus, Edward J.; MacAlpine, Timothy L.; Rios, Michael A.; Keliiaa, Curtis M.; Taylor, Jeffrey L.

    2005-02-01

    Policy-based network management (PBNM) uses policy-driven automation to manage complex enterprise and service provider networks. Such management is strongly supported by industry standards, state of the art technologies and vendor product offerings. We present a case for the use of PBNM and related technologies for end-to-end service delivery. We provide a definition of PBNM terms, a discussion of how such management should function and the current state of the industry. We include recommendations for continued work that would allow for PBNM to be put in place over the next five years in the unclassified environment.

  15. Network Security Scanner

    OpenAIRE

    2011-01-01

    Network Security Scanner (NSS) is a tool that allows auditing and monitoring remote network computers for possible vulnerabilities, checks your network for all potential methods that a hacker might use to attack it. Network Security Scanner is a complete networking utilities package that includes a wide range of tools for network security auditing, vulnerability Auditing, scanning, monitoring and more. Network Security Scanner (NSS) is an easy to use, intuitive network security scanner that c...

  16. Computer Network Security- The Challenges of Securing a Computer Network

    Science.gov (United States)

    Scotti, Vincent, Jr.

    2011-01-01

    This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

  17. Efficient Attribute-Based Secure Data Sharing with Hidden Policies and Traceability in Mobile Health Networks

    Directory of Open Access Journals (Sweden)

    Changhee Hahn

    2016-01-01

    Full Text Available Mobile health (also written as mHealth provisions the practice of public health supported by mobile devices. mHealth systems let patients and healthcare providers collect and share sensitive information, such as electronic and personal health records (EHRs at any time, allowing more rapid convergence to optimal treatment. Key to achieving this is securely sharing data by providing enhanced access control and reliability. Typically, such sharing follows policies that depend on patient and physician preferences defined by a set of attributes. In mHealth systems, not only the data but also the policies for sharing it may be sensitive since they directly contain sensitive information which can reveal the underlying data protected by the policy. Also, since the policies usually incur linearly increasing communication costs, mHealth is inapplicable to resource-constrained environments. Lastly, access privileges may be publicly known to users, so a malicious user could illegally share his access privileges without the risk of being traced. In this paper, we propose an efficient attribute-based secure data sharing scheme in mHealth. The proposed scheme guarantees a hidden policy, constant-sized ciphertexts, and traces, with security analyses. The computation cost to the user is reduced by delegating approximately 50% of the decryption operations to the more powerful storage systems.

  18. Wireshark network security

    CERN Document Server

    Verma, Piyush

    2015-01-01

    If you are network administrator or a security analyst with an interest in using Wireshark for security analysis, then this is the book for you. Basic familiarity with common network and application services terms and technologies is assumed.

  19. Untangle network security

    CERN Document Server

    El-Bawab, Abd El-Monem A

    2014-01-01

    If you are a security engineer or a system administrator and want to secure your server infrastructure with the feature-rich Untangle, this book is for you. For individuals who want to start their career in the network security field, this book would serve as a perfect companion to learn the basics of network security and how to implement it using Untangle NGFW.

  20. Policy based Decentralized Group key Security for Mobile Ad-hoc Networks

    Directory of Open Access Journals (Sweden)

    Sugandha Singh

    2010-05-01

    Full Text Available The unique characteristics and constraints of MANET have made the traditional approach to security inadequate. With this view in mind decentralized group key management is taken into consideration. A novel structure of the node is proposed and each entity holds a secret share SSi of each node in cluster is controlled by its cluster head, the policy enforcer decides for the working of intelligent agent, which is assigned to do the management, which allows two or more parties to derive shared key as a function of information associated with the protocol and so no party can predetermine the resulting value. Group membership certificate is used for group authentication and by the use threshold key scheme secret data is transferred. The SSi of each node is calculated by use of Polynomial interpolation and cluster head key by modular arithmetic, and information is carried by the policy based agents named intelligent agents.

  1. Security Economics and European Policy

    Science.gov (United States)

    Anderson, Ross; Böhme, Rainer; Clayton, Richard; Moor, Tyler

    In September 2007, we were awarded a contract by the European Network and Information Security Agency (ENISA) to investigate failures in the market for secure electronic communications within the European Union, and come up with policy recommendations. In the process, we spoke to a large number of stakeholders, and held a consultative meeting in December 2007 in Brussels to present draft proposals, which established most had wide stakeholder support. The formal outcome of our work was a detailed report, “Security Economics and the Internal Market”, published by ENISA in March 2008. This paper presents a much abridged version: in it, we present the recommendations we made, along with a summary of our reasoning.

  2. Securing personal network clusters

    NARCIS (Netherlands)

    Jehangir, Assed; Heemstra de Groot, Sonia M.

    2007-01-01

    A Personal Network is a self-organizing, secure and private network of a user’s devices notwithstanding their geographic location. It aims to utilize pervasive computing to provide users with new and improved services. In this paper we propose a model for securing Personal Network clusters. Clusters

  3. Security Policy Enforcement Through Refinement Process

    CERN Document Server

    Stouls, Nicolas

    2010-01-01

    In the area of networks, a common method to enforce a security policy expressed in a high-level language is based on an ad-hoc and manual rewriting process. We argue that it is possible to build a formal link between concrete and abstract terms, which can be dynamically computed from the environment data. In order to progressively introduce configuration data and then simplify the proof obligations, we use the B refinement process. We present a case study modeling a network monitor. This program, described by refinement following the layers of the TCP/IP suite protocol, has to warn for all observed events which do not respect the security policy. To design this model, we use the event-B method because it is suitable for modeling network concepts. This work has been done within the framework of the POTESTAT project, based on the research of network testing methods from a high-level security policy.

  4. Network Security Using Firewalls

    Directory of Open Access Journals (Sweden)

    Radu Lucaciu

    2008-05-01

    Full Text Available As networks increase in size and complexity, security products are growing in sophistication and security threats are becoming more ingenious. The usage of security solutions has become inevitable for all modern organisations. There is no perfect security, but the idea is to make a network so hard to access, that it doesn’t worth trying. One of the crucial components that contribute to this security are firewalls. It is important to prevent undesired data before it ever gets into the target system. This is the job of firewalls and the article covers this topic.

  5. Security for multihop wireless networks

    CERN Document Server

    Khan, Shafiullah

    2014-01-01

    Security for Multihop Wireless Networks provides broad coverage of the security issues facing multihop wireless networks. Presenting the work of a different group of expert contributors in each chapter, it explores security in mobile ad hoc networks, wireless sensor networks, wireless mesh networks, and personal area networks.Detailing technologies and processes that can help you secure your wireless networks, the book covers cryptographic coprocessors, encryption, authentication, key management, attacks and countermeasures, secure routing, secure medium access control, intrusion detection, ep

  6. Secure Communication and Information Exchange using Authenticated Ciphertext Policy Attribute-Based Encryption in Mobile Ad-hoc Network

    Directory of Open Access Journals (Sweden)

    Samsul Huda

    2016-08-01

    Full Text Available MANETs are considered as suitable for commercial applications such as law enforcement, conference meeting, and sharing information in a student classroom and critical services such as military operations, disaster relief, and rescue operations. Meanwhile, in military operation especially in the battlefield in freely medium which naturally needs high mobility and flexibility. Thus, applying MANETs make these networks vulnerable to various types of attacks such aspacket eavesdropping, data disseminating, message replay, message modification, and especially privacy issue. In this paper, we propose a secure communication and information exchange in MANET with considering secure adhoc routing and secure information exchange. Regarding privacy issue or anonymity, we use a reliable asymmetric encryption which protecting user privacy by utilizing insensitive user attributes as user identity, CP-ABE (Ciphertext-Policy Attribute-Based Encryption cryptographic scheme. We also design protocols to implement the proposed scheme for various battlefied scenarios in real evironment using embedded devices. Our experimental results showed that the additional of HMAC (Keyed-Hash Message Authentication Code and AES (Advanced Encryption standard schemes using processor 1.2GHz only take processing time about 4.452 ms,  we can confirm that our approach by using CP-ABE with added HMAC and AES schemes make low overhead.

  7. Hierarchical Policy Model for Managing Heterogeneous Security Systems

    Science.gov (United States)

    Lee, Dong-Young; Kim, Minsoo

    2007-12-01

    The integrated security management becomes increasingly complex as security manager must take heterogeneous security systems, different networking technologies, and distributed applications into consideration. The task of managing these security systems and applications depends on various systems and vender specific issues. In this paper, we present a hierarchical policy model which are derived from the conceptual policy, and specify means to enforce this behavior. The hierarchical policy model consist of five levels which are conceptual policy level, goal-oriented policy level, target policy level, process policy level and low-level policy.

  8. Network systems security analysis

    Science.gov (United States)

    Yilmaz, Ä.°smail

    2015-05-01

    Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

  9. Security and policy driven computing

    CERN Document Server

    Liu, Lei

    2010-01-01

    Security and Policy Driven Computing covers recent advances in security, storage, parallelization, and computing as well as applications. The author incorporates a wealth of analysis, including studies on intrusion detection and key management, computer storage policy, and transactional management.The book first describes multiple variables and index structure derivation for high dimensional data distribution and applies numeric methods to proposed search methods. It also focuses on discovering relations, logic, and knowledge for policy management. To manage performance, the text discusses con

  10. Computer Network Security: Best Practices for Alberta School Jurisdictions.

    Science.gov (United States)

    Alberta Dept. of Education, Edmonton.

    This paper provides a snapshot of the computer network security industry and addresses specific issues related to network security in public education. The following topics are covered: (1) security policy, including reasons for establishing a policy, risk assessment, areas to consider, audit tools; (2) workstations, including physical security,…

  11. Human factors in network security

    OpenAIRE

    Jones, Francis B.

    1991-01-01

    Human factors, such as ethics and education, are important factors in network information security. This thesis determines which human factors have significant influence on network security. Those factors are examined in relation to current security devices and procedures. Methods are introduced to evaluate security effectiveness by incorporating the appropriate human factors into network security controls

  12. Deny-by-Default Distributed Security Policy Enforcement in Mobile Ad Hoc Networks

    Science.gov (United States)

    Alicherry, Mansoor; Keromytis, Angelos D.; Stavrou, Angelos

    Mobile Ad-hoc Networks (MANETs) are increasingly employed in tactical military and civil rapid-deployment networks, including emergency rescue operations and ad hoc disaster-relief networks. However, this flexibility of MANETs comes at a price, when compared to wired and base station-based wireless networks: MANETs are susceptible to both insider and outsider attacks. This is mainly because of the lack of a well-defined defense perimeter preventing the effective use of wired defenses including firewalls and intrusion detection systems.

  13. Global energy policy and security

    CERN Document Server

    Leal Filho, Walter

    2013-01-01

    This book offers a multidisciplinary perspective on issues about global energy policy and security. It integrates philosophical chapters with technical/modeling chapters and covers issues related to finance, economics, and environmental science.

  14. US-Africa Security Policy

    DEFF Research Database (Denmark)

    Møller, Nicolai Stahlfest

    This paper will discuss the United States security policy towards Africa based on the National Security Strategy from 2006 and the founding of US Africa Command, the new military combatant command that is supposed to unify US military efforts on the African continent. The paper will discuss whether...

  15. Cyber security policy guidebook

    CERN Document Server

    Bayuk, nifer L; Rohmeyer, l; Sachs, cus; Schmidt, frey; Weiss, eph

    2012-01-01

    This book is a taxonomy and thesaurus of current cybersecurity policy issues, including a thorough description of each issue and a corresponding list of pros and cons with respect to identified stances on each issue. It documents policy alternatives for the sake of clarity with respect to policy alone, and dives into organizational implementation issues. Without using technical jargon, the book emphasizes the importance of critical and analytical thinking when making policy decisions.  It also equips the reader with descriptions of the impact of specific policy ch

  16. Introduction to security and network forensics

    CERN Document Server

    Buchanan, William J

    2011-01-01

    Introduction to Security ObjectivesThe Industrial and the Information AgeCIA and AAAProtecting against IntrudersUsers, Systems, and DataServices, Role-Based Security, and Cloud ComputingSecurity and Forensic ComputingISO 27002RisksRisk Management/AvoidanceSecurity PoliciesDefi ning the PolicyExample RisksDefense-in-DepthGateways and DMZ (Demilitarized Zones)Layered Model and SecurityEncryption and a Layered Approach to DefenseSoftware Tutorial-Data Packet CaptureOnline ExercisesNetworkSims ExercisesChapter LectureReferencesIntrusion Detection Systems ObjectivesIntroductionTypes of IntrusionAtt

  17. 政务外网信息安全管理策略初探%Preliminary discussion on security management policy of E-governance external network

    Institute of Scientific and Technical Information of China (English)

    董舟; 谢碧云; 李歆

    2015-01-01

    Maintaining the security of information system is not a technological issue for a long time, the support of the system-atic management policy is more important. On the basis of the analysis of information security status of E-governance external network and its security problems and according to the relative standards of national hierarchical protection of information system, the security guarantee system is designed and the security policy for E-governance external network is explored and the specific management countermeasures are proposed. The relative results provide a general information security management policy for the establishment of an effective information security guarantee system of E-governance external network in China.%维护信息系统安全早已不仅仅是技术上的问题,更需要系统性的管理策略作支撑。在分析政务外网信息安全现状及其安全问题的基础上,根据国家安全等级保护相关标准,设计了政务外网安全保障体系,探索了政务外网信息安全策略及具体的管理对策。研究结论为我国政府机构和企事业单位政务外网构建有效的信息安全管理保障体系提供了一种通用的信息安全管理策略。

  18. Network security risk level

    Directory of Open Access Journals (Sweden)

    Emil BURTESCU

    2006-01-01

    Full Text Available The advantages of the existence of a computers network within any company with pretensions are obvious. But the construction and the existence of a network without meeting some minimum security requirements, although it would be preferable to be optimal, can lead to bad functioning in the performance of the company’s business. The vulnerability of a grouping, such as a network, is given by the weakest point in its competence. The establishing of the risk level of each component of the network, and implicitly of the grouping, is highly necessary

  19. Network Information Security and Protection Policies%网络信息安全及防护对策

    Institute of Scientific and Technical Information of China (English)

    王跃华; 胡梅; 肖洁

    2013-01-01

    随着网络信息技术的进步,网络信息安全问题日益突出,威胁网络信息安全的各种入侵行为也不断增多。通过对网络信息安全的目标和面临的主要威胁进行分析,提出了一些相对应的网络信息防护策略。%With the progress of network information technology, network information security problem is increasingly prominent, and network information security threats of invasion behavior is also growing. This article analyzed the network information safety objectives and main threats, and put forward some corresponding strategies of network information protection.

  20. Networks in social policy problems

    CERN Document Server

    Scotti, marco

    2012-01-01

    Network science is the key to managing social communities, designing the structure of efficient organizations and planning for sustainable development. This book applies network science to contemporary social policy problems. In the first part, tools of diffusion and team design are deployed to challenges in adoption of ideas and the management of creativity. Ideas, unlike information, are generated and adopted in networks of personal ties. Chapters in the second part tackle problems of power and malfeasance in political and business organizations, where mechanisms in accessing and controlling informal networks often outweigh formal processes. The third part uses ideas from biology and physics to understand global economic and financial crises, ecological depletion and challenges to energy security. Ideal for researchers and policy makers involved in social network analysis, business strategy and economic policy, it deals with issues ranging from what makes public advisories effective to how networks influenc...

  1. Security Policy Based on Firewall and Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Hemdeep Kaur Bimbraw

    2014-11-01

    Full Text Available Firewalls are usually the first component of network security. They separate networks in different security levels by utilizing network access control policies. The major function of the firewall is to protect the private network from non-legitimate traffic. The main purpose of a firewall system is to control access to or from a protected network. It implements a network access policy by forcing connections to pass through the firewall, where they can be examined and evaluated. Intrusion detection is the process of monitoring and searching networks of computers and systems for security policy violations. Intrusion Detection Systems (IDSs are software or hardware products that automate this monitoring and analysis process. An IDS inspects all inbound and outbound network activity, system logs and events, and identifies suspicious patterns or events that may indicate a network or system attack from someone attempting to break into or compromise a system. The network security in today’s world is a major concern because of increasing threats from malicious users. Therefore, designing a correct network security policy is a challenging task. To design filtering rules to formulate a sound firewall security policy and implement intrusion detection system to capture network packets and detect attacks to fulfill this gap

  2. Gross anatomy of network security

    Science.gov (United States)

    Siu, Thomas J.

    2002-01-01

    Information security involves many branches of effort, including information assurance, host level security, physical security, and network security. Computer network security methods and implementations are given a top-down description to permit a medically focused audience to anchor this information to their daily practice. The depth of detail of network functionality and security measures, like that of the study of human anatomy, can be highly involved. Presented at the level of major gross anatomical systems, this paper will focus on network backbone implementation and perimeter defenses, then diagnostic tools, and finally the user practices (the human element). Physical security measures, though significant, have been defined as beyond the scope of this presentation.

  3. Towards alignment of architectural domains in security policy specifications

    NARCIS (Netherlands)

    Nunes Leal Franqueira, V.; Eck, van P.A.T.; Parente de Oliveira, J.M.; Westphall, C.B.; Brustoloni, J.C.

    2006-01-01

    Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be mai

  4. Securing Wireless Sensor Networks: Security Architectures

    Directory of Open Access Journals (Sweden)

    David Boyle

    2008-01-01

    Full Text Available Wireless sensor networking remains one of the most exciting and challenging research domains of our time. As technology progresses, so do the capabilities of sensor networks. Limited only by what can be technologically sensed, it is envisaged that wireless sensor networks will play an important part in our daily lives in the foreseeable future. Privy to many types of sensitive information, both sensed and disseminated, there is a critical need for security in a number of applications related to this technology. Resulting from the continuous debate over the most effective means of securing wireless sensor networks, this paper considers a number of the security architectures employed, and proposed, to date, with this goal in sight. They are presented such that the various characteristics of each protocol are easily identifiable to potential network designers, allowing a more informed decision to be made when implementing a security protocol for their intended application. Authentication is the primary focus, as the most malicious attacks on a network are the work of imposters, such as DOS attacks, packet insertion etc. Authentication can be defined as a security mechanism, whereby, the identity of a node in the network can be identified as a valid node of the network. Subsequently, data authenticity can be achieved; once the integrity of the message sender/receiver has been established.

  5. 浅议计算机网络的数据安全策略%Computer Network Data Security Policy Study

    Institute of Scientific and Technical Information of China (English)

    龚凯

    2011-01-01

    With modem technology, the continuous development of computer networks and applications,people enjoy the network of convenient, fast, smart and other advantages,but also face more data security issues.If the computer network data leakage problem,it will seriously affect the user's privacy and property.This article from the perspective of computer network technology, a brief analysis of the factors affecting data security and the specific security policies.%随着现代计算机网络技术的不断发展与应用,人们在享受网络的方便、快捷、智能等优势的同时,也面临了更多的数据安全方面的问题。如果出现计算机网络数据泄漏的问题,将严重影响到用户的隐私与财产安全。本文从计算机网络莓赉箩角摩癌誊,简要分析了影响数毋安全的因素与具体的安全防护策略。

  6. Network perimeter security building defense in-depth

    CERN Document Server

    Riggs, Cliff

    2003-01-01

    PREFACEWho is this Book For?The Path to Network SecurityWho Should Read This Book?MANAGING NETWORK SECURITYThe Big Picture: Security Policies from A to ZAdministrative CountermeasuresPhysical CountermeasuresTechnological CountermeasuresCreating the Security Standards DocumentCreating the Configuration Guide DocumentPulling it All Together: Sample Security Policy CreationProteris Security Standards and ProceduresTHE NETWORK STACK AND SECURITYConnecting the NetworkProtocolsServers and HostsCRYPTOGRAPHY AND VPN TERMINOLOGYKeysCertificatesHashingDigital SignaturesCommon Encryption AlgorithmsSplit

  7. Security Policy Alignment: A Formal Approach

    NARCIS (Netherlands)

    Pieters, W.; Dimkov, T.; Pavlovic, D.

    2012-01-01

    Security policy alignment concerns the matching of security policies specified at different levels in socio-technical systems, and delegated to different agents, technical and human. For example, the policy that sales data should not leave an organization is refined into policies on door locks, fire

  8. Generating WS-SecurityPolicy documents via security model transformation

    DEFF Research Database (Denmark)

    Jensen, Meiko

    2009-01-01

    When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development....

  9. Medical network security and viruses.

    Science.gov (United States)

    Fernandez Del Val, C

    1991-01-01

    Medical network as connecting Hospital Information Systems are needed in order to exchange, compare and make accessible data. The use of OSI standard communication protocols (open-network environment) will allow to interconnect multiple vendor systems and to accommodate a wide range of underlaying of communication technologies. The security of information on a given host may become dependent of the security measures employed by the network and by other hosts. Computer viruses modifies the executable code and thrive in network environment filled with personal computers and third-party software. Most networks and computers, permit users to share files; this, let the viruses to bypass the security mechanisms of almost every commercial operating system. However, computer viruses axes not the only threat to the information in a network environment. Other as deliberate (passive attacks -wire-tapping-) and accidental threat (unauthorized access to the information) are potential risks to the security information. Cryptographic techniques that now are widely used can resolve the external security problems of the network and improve the internal security ones. This paper begins describing the threats to security that arise in an open-network environment, and goes to establish the security requirements of medical communication networks. This is followed by a description of security services as: confidentiality, integrity, authentication, access control, etc., that will be provided to include security mechanisms in such network. The integration of these security mechanisms into the communication protocols allows to implement secure communication systems that not only must provide the adequate security, but also must minimize the impact of security on other features as for example the efficiency. The remainder of the paper describes how the security mechanisms are formed using current cryptographic facilities as algorithms, one-way functions, cryptographic systems (symmetric

  10. Security procedures in wireless networks

    Institute of Scientific and Technical Information of China (English)

    郑光

    2009-01-01

    In the paper, we will introduce the mechanisms and the weaknesses of the Wired Equivalent Privacy (WEP) and 802.1 li security procedures in the wireless networks. After that, the Wi-Fi Protected Access (WPA), a standards-based security mechanism that can eliminate most of 802.11 security problems will be introduced.

  11. Campus network security model study

    Science.gov (United States)

    Zhang, Yong-ku; Song, Li-ren

    2011-12-01

    Campus network security is growing importance, Design a very effective defense hacker attacks, viruses, data theft, and internal defense system, is the focus of the study in this paper. This paper compared the firewall; IDS based on the integrated, then design of a campus network security model, and detail the specific implementation principle.

  12. Networks in Social Policy Problems

    Science.gov (United States)

    Vedres, Balázs; Scotti, Marco

    2012-08-01

    1. Introduction M. Scotti and B. Vedres; Part I. Information, Collaboration, Innovation: The Creative Power of Networks: 2. Dissemination of health information within social networks C. Dhanjal, S. Blanchemanche, S. Clemençon, A. Rona-Tas and F. Rossi; 3. Scientific teams and networks change the face of knowledge creation S. Wuchty, J. Spiro, B. F. Jones and B. Uzzi; 4. Structural folds: the innovative potential of overlapping groups B. Vedres and D. Stark; 5. Team formation and performance on nanoHub: a network selection challenge in scientific communities D. Margolin, K. Ognyanova, M. Huang, Y. Huang and N. Contractor; Part II. Influence, Capture, Corruption: Networks Perspectives on Policy Institutions: 6. Modes of coordination of collective action: what actors in policy making? M. Diani; 7. Why skewed distributions of pay for executives is the cause of much grief: puzzles and few answers so far B. Kogut and J.-S. Yang; 8. Networks of institutional capture: a case of business in the State apparatus E. Lazega and L. Mounier; 9. The social and institutional structure of corruption: some typical network configurations of corruption transactions in Hungary Z. Szántó, I. J. Tóth and S. Varga; Part III. Crisis, Extinction, World System Change: Network Dynamics on a Large Scale: 10. How creative elements help the recovery of networks after crisis: lessons from biology A. Mihalik, A. S. Kaposi, I. A. Kovács, T. Nánási, R. Palotai, Á. Rák, M. S. Szalay-Beko and P. Csermely; 11. Networks and globalization policies D. R. White; 12. Network science in ecology: the structure of ecological communities and the biodiversity question A. Bodini, S. Allesina and C. Bondavalli; 13. Supply security in the European natural gas pipeline network M. Scotti and B. Vedres; 14. Conclusions and outlook A.-L. Barabási; Index.

  13. Security Technologies for Open Networking Environments (STONE)

    Energy Technology Data Exchange (ETDEWEB)

    Muftic, Sead

    2005-03-31

    -domain scenarios is supported by a set of security engines that represent the core of the Federated Identities Management Server, which is also an extension of the Domain Security Server. The Federated Identity Management server allows users to federate their identities or terminate the federation between the service provider and the identity provider. At the service provider web site, the users are offered a list of identity providers to which they can choose to federate their identities. After users federate their identity, they can perform Single Sign-On protocol in an environment of federated domains. The group security system consists of a number of security technologies under a unified architecture, which supports creation of secure groups and execution of secure group transactions and applications in an open networking environment. The system is based on extensions of the GSAKMP standard for group key distribution and management. The Top layer is the Security Infrastructure with the Security Management and Administration System components and protocols that provide security functions common to all secure network applications The Middle layer is the Secure Group Protocols and Applications layer, consisting of the Policy and Group Key Distribution Server and Web-based (thin) Client. The Bottom layer is the supporting Middleware Security Platform, the cryptographic platform already described above. The group security system is designed to perform the functions necessary to create secure groups and enable secure group applications. Specifically, the system can manage group roles, create and disseminate a group security policy, perform authentication and authorization of users using PKI certificates and Web services security, generate group keys, and recover from compromises. In accordance with the GSAKMP standard, the group security system must perform all the required group life-cycle functions: group definition, group establishment, group maintenance, and group removal. The

  14. A game-theoretical approach to multimedia social networks security.

    Science.gov (United States)

    Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

    2014-01-01

    The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders.

  15. Nuclear Cyber Security Issues and Policy Recommendations

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Cheol-Kwon; Lee, Dong-Young [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Lee, Na-Young; Hwang, Young-Soo [Korea Institute of Nuclear Nonproliferation and Control, Daejeon (Korea, Republic of)

    2015-10-15

    The cyber-attack against computer systems causes the loss of function which brings about the big economic loss, and it becomes a national-wide issue. In recent days the cyber threat has occurred in the national critical infrastructure around the world. In the nuclear industry, while discussing responses to various threats against nuclear facilities since 2006, cyber-terrorism was also discussed. But at that time, cyber-attacks against control networks in nuclear facilities were not seriously considered because those networks were isolated from the Internet thoroughly and it was evaluated that cyber penetration would not be possible. However Stuxnet worm virus which attacked Iran's nuclear facilities confirmed that the cyber security problem could occur even in other nuclear facilities. The facilities were isolated from the Internet. After the cyber incident, we began to discuss the topic of NPP cyber security. It is very difficult to predict whether or when or how the cyber-attack will be occurred, which is a characteristic of cyber-attack. They could be always detected only after when an incident had occurred. This paper summarizes the report, 'Nuclear Cyber Security Issues and Policy Recommendations' by issue committee in the Korea Nuclear Society, which reviewed the cyber security framework for nuclear facilities in the Republic of Korea being established to prevent nuclear facilities from cyber-attacks and to respond systematically. As a result this paper proposes several comments to improve the security and furthermore safety of nuclear facilities Digital technology will be used more widely at the national critical infrastructure including nuclear facilities in the future, and moreover wireless technologies and mobile devices will be soon introduced to nuclear industry. It is therefore anticipated that the rapid advance in digital technology will accelerate the opportunity of hacking these facilities.

  16. Advances in network systems architectures, security, and applications

    CERN Document Server

    Awad, Ali; Furtak, Janusz; Legierski, Jarosław

    2017-01-01

    This book provides the reader with a comprehensive selection of cutting–edge algorithms, technologies, and applications. The volume offers new insights into a range of fundamentally important topics in network architectures, network security, and network applications. It serves as a reference for researchers and practitioners by featuring research contributions exemplifying research done in the field of network systems. In addition, the book highlights several key topics in both theoretical and practical aspects of networking. These include wireless sensor networks, performance of TCP connections in mobile networks, photonic data transport networks, security policies, credentials management, data encryption for network transmission, risk management, live TV services, and multicore energy harvesting in distributed systems. .

  17. Honeypot based Secure Network System

    Directory of Open Access Journals (Sweden)

    Yogendra Kumar Jain

    2011-02-01

    Full Text Available A honeypot is a non-production system, design to interact with cyber-attackers to collect intelligence on attack techniques and behaviors. There has been great amount of work done in the field of networkintrusion detection over the past three decades. With networks getting faster and with the increasing dependence on the Internet both at the personal and commercial level, intrusion detection becomes a challenging process. The challenge here is not only to be able to actively monitor large numbers of systems, but also to be able to react quickly to different events. Before deploying a honeypot it is advisable to have a clear idea of what the honeypot should and should not do. There should be clear understandingof the operating systems to be used and services (like a web server, ftp server etc a honeypot will run. The risks involved should be taken into consideration and methods to tackle or reduce these risks should be understood. It is also advisable to have a plan on what to do should the honeypot be compromised. In case of production honeypots, a honeypot policy addressing security issues should be documented. Any legal issues with respect to the honeypots or their functioning should also be taken into consideration. In this paper we explain the relatively new concept of “honeypot.” Honeypots are a computer specifically designed to help learn the motives, skills and techniques of the hacker community and also describes in depth the concepts of honeypots and their contribution to the field of network security. The paper then proposes and designs an intrusion detection tool based on some of the existing intrusion detection techniques and the concept of honeypots.

  18. Security in wireless sensor networks

    CERN Document Server

    Oreku, George S

    2016-01-01

    This monograph covers different aspects of sensor network security including new emerging technologies. The authors present a mathematical approach to the topic and give numerous practical examples as well as case studies to illustrate the theory. The target audience primarily comprises experts and practitioners in the field of sensor network security, but the book may also be beneficial for researchers in academia as well as for graduate students.

  19. Secure positioning in wireless networks

    DEFF Research Database (Denmark)

    Capkun, Srdjan; Hubaux, Jean-Pierre

    2006-01-01

    So far, the problem of positioning in wireless networks has been studied mainly in a non-adversarial settings. In this work, we analyze the resistance of positioning techniques to position and distance spoofing attacks. We propose a mechanism for secure positioning of wireless devices, that we call...... Verifiable Multilateration. We then show how this mechanism can be used to secure positioning in sensor networks. We analyze our system through simulations....

  20. Network Security Is Manageable

    Science.gov (United States)

    Roberts, Gary

    2006-01-01

    An effective systems librarian must understand security vulnerabilities and be proactive in preventing problems. Specifics of future attacks or security challenges cannot possibly be anticipated, but this paper suggests some simple measures that can be taken to make attacks less likely to occur: program the operating system to get automatic…

  1. Effective Security Architecture for Virtualized Data Center Networks

    Directory of Open Access Journals (Sweden)

    Udeze Chidiebele. C

    2012-01-01

    Full Text Available This work presents a candidate scheme for effective security policy that defines the requirements that will facilitate protection of network resources from internal and external security threats. Also, it ensures data privacy and integrity in a virtualized data center network (VDCN. An integration of Open Flow Software Defined Networking (OFSDN with VLAN Virtual Server Security (VVSS architecture is presented to address distinct security issues in virtualized data centers. The OFSDN with VVSS is proposed to create a more secured protection and maintain compliance integrity of servers and applications in the DCN. This proposal though still on the prototype phase, calls for community driven responses.

  2. Generating WS-SecurityPolicy documents via security model transformation

    DEFF Research Database (Denmark)

    Jensen, Meiko

    2009-01-01

    When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriat...... security model definition and transformation approach, targeting the WS-SecurityPolicy and WS-BPEL specifications, in order to enable a Web-Service-based secure business process development.......When SOA-based business processes are to be enhanced with security properties, the model-driven business process development approach enables an easier and more reliable security definition compared to manually crafting the security realizations afterwards. In this paper, we outline an appropriate...

  3. Security Aspects of Sensor Networks

    Directory of Open Access Journals (Sweden)

    Mohd Muntjir

    2013-01-01

    Full Text Available Sensor networks are amassed wireless networks of small, low-cost sensors that collect and propagate environmental data. The emerging field of wireless sensor networks integrates sensing, computation, and communication into a single device. The power of wireless sensor networks verifies in the capability to deploy huge numbers of small nodes that collaborates and configure them. Wireless sensor networks simplify monitoring and handling of physical environments from remote locations with best accuracy. Security protocols associated to sensor network are analyzed in this paper.

  4. Securing underwater wireless communication networks

    OpenAIRE

    Domingo Aladrén, Mari Carmen

    2011-01-01

    Underwater wireless communication networks are particularly vulnerable to malicious attacks due to the high bit error rates, large and variable propagation delays, and low bandwidth of acoustic channels. The unique characteristics of the underwater acoustic communication channel, and the differences between underwater sensor networks and their ground-based counterparts require the development of efficient and reliable security mechanisms. In this article, a compl...

  5. Validity of information security policy models

    Directory of Open Access Journals (Sweden)

    Joshua Onome Imoniana

    Full Text Available Validity is concerned with establishing evidence for the use of a method to be used with a particular set of population. Thus, when we address the issue of application of security policy models, we are concerned with the implementation of a certain policy, taking into consideration the standards required, through attribution of scores to every item in the research instrument. En today's globalized economic scenarios, the implementation of information security policy, in an information technology environment, is a condition sine qua non for the strategic management process of any organization. Regarding this topic, various studies present evidences that, the responsibility for maintaining a policy rests primarily with the Chief Security Officer. The Chief Security Officer, in doing so, strives to enhance the updating of technologies, in order to meet all-inclusive business continuity planning policies. Therefore, for such policy to be effective, it has to be entirely embraced by the Chief Executive Officer. This study was developed with the purpose of validating specific theoretical models, whose designs were based on literature review, by sampling 10 of the Automobile Industries located in the ABC region of Metropolitan São Paulo City. This sampling was based on the representativeness of such industries, particularly with regards to each one's implementation of information technology in the region. The current study concludes, presenting evidence of the discriminating validity of four key dimensions of the security policy, being such: the Physical Security, the Logical Access Security, the Administrative Security, and the Legal & Environmental Security. On analyzing the Alpha of Crombach structure of these security items, results not only attest that the capacity of those industries to implement security policies is indisputable, but also, the items involved, homogeneously correlate to each other.

  6. Wireless network security theories and applications

    CERN Document Server

    Chen, Lei; Zhang, Zihong

    2013-01-01

    Wireless Network Security Theories and Applications discusses the relevant security technologies, vulnerabilities, and potential threats, and introduces the corresponding security standards and protocols, as well as provides solutions to security concerns. Authors of each chapter in this book, mostly top researchers in relevant research fields in the U.S. and China, presented their research findings and results about the security of the following types of wireless networks: Wireless Cellular Networks, Wireless Local Area Networks (WLANs), Wireless Metropolitan Area Networks (WMANs), Bluetooth

  7. Wireless Network Security Using Randomness

    Science.gov (United States)

    2012-06-19

    decision, unless so designated by other documentation. 12. DISTRIBUTION AVAILIBILITY STATEMENT Approved for public release; distribution is unlimited. UU...connectivity with the wireless network and the highly dynamic connections between nodes rule out the use of complex key distribution methods and make...Protected Access ( WPA and WPA2). WEP is a scheme used to secure IEEE 802.11 wireless networks, and is part of the IEEE 802.11 wireless networking standard

  8. Network Infrastructure Security

    CERN Document Server

    Wong, Angus

    2009-01-01

    Attacks to network infrastructure affect large portions of the Internet at a time and create large amounts of service disruption, due to breaches such as IP spoofing, routing table poisoning and routing loops. This book includes conceptual examples that show how network attacks can be run, along with appropriate countermeasures and solutions

  9. Computer network information security and protection policy%计算机网络信息安全及防护策略

    Institute of Scientific and Technical Information of China (English)

    卡斯木江·卡迪尔

    2016-01-01

    网络技术在为人们带来便捷服务的同时,其隐含的网络信息安全问题也威胁到人们的正常生活。以计算机网络信息安全及防护策略为研究课题,结合网络信息安全的内涵,总结网络信息安全所面临的主要威胁,提出保障网络信息安全的防护措施,旨在为解决网络信息安全问题提供思路。%Network technology brings convenience to people, while the implicit network information security issues also threaten people's normal life. Taking the computer network information security and protection strategy as the research subject, combining with the connotation of network information security, the major threats that network information security faced are summarized, and the protective measures for guaranteeing the security of the network information are put forward to provide the solutions for network information security.

  10. The European Security and Defence Policy

    DEFF Research Database (Denmark)

    Adler-Nissen, Rebecca

    2009-01-01

    The European Security and Defence Policy (ESDP), which is the operational military and civilian dimension of the Common Foreign and Security Policy (CFSP), is today one of the most dynamic areas of the European Union. However, it is only recently that the EU has acquired explicit military decision-making...... built its reputation as a ‘soft power'. Despite its rapid development, many still regard the EU as weak and ineffi cient when it comes to security and defence policy. Moreover, the EU struggles with internal divisions and has a strained relationship with NATO. Nonetheless, there are good reasons...

  11. 多校区校园网络安全策略研究%Multi-campus Research Campus Network Security Policy

    Institute of Scientific and Technical Information of China (English)

    雷树梅

    2011-01-01

    In this paper,multi-campus colleges and universities have been expanding the campus network,the characteristics of the rapid increase in Intemet users,consider the case of multi-campus network of the existence of multi-outlet,network viruses,network security vulnerabilities,and system management and other security risks that should be in the physical security,operation of the network security,information security management security and safety measures,which provide a comprehensive security strategy.%本文针对高校多校区校园网络规模不断扩大、网络用户急速增加的特点,考虑多校区情况下网络存在的多出口、网络病毒、网络安全漏洞、及制度管理等安全隐患,指出应在物理安全、网络运行安全、信息安全及安全管理等方面实施安全措施,提出了全面的安全防护策略。

  12. Complex networks: Dynamics and security

    Indian Academy of Sciences (India)

    Ying-Cheng Lai; Adilson Motter; Takashi Nishikawa; Kwangho Park; Liang Zhao

    2005-04-01

    This paper presents a perspective in the study of complex networks by focusing on how dynamics may affect network security under attacks. In particular, we review two related problems: attack-induced cascading breakdown and range-based attacks on links. A cascade in a network means the failure of a substantial fraction of the entire network in a cascading manner, which can be induced by the failure of or attacks on only a few nodes. These have been reported for the internet and for the power grid (e.g., the August 10, 1996 failure of the western United States power grid). We study a mechanism for cascades in complex networks by constructing a model incorporating the flows of information and physical quantities in the network. Using this model we can also show that the cascading phenomenon can be understood as a phase transition in terms of the key parameter characterizing the node capacity. For a parameter value below the phase-transition point, cascading failures can cause the network to disintegrate almost entirely. We will show how to obtain a theoretical estimate for the phase-transition point. The second problem is motivated by the fact that most existing works on the security of complex networks consider attacks on nodes rather than on links. We address attacks on links. Our investigation leads to the finding that many scale-free networks are more sensitive to attacks on short-range than on long-range links. Considering that the small-world phenomenon in complex networks has been identified as being due to the presence of long-range links, i.e., links connecting nodes that would otherwise be separated by a long node-to-node distance, our result, besides its importance concerning network efficiency and security, has the striking implication that the small-world property of scale-free networks is mainly due to short-range links.

  13. Bootstrapping Security Policies for Wearable Apps Using Attributed Structural Graphs.

    Science.gov (United States)

    González-Tablas, Ana I; Tapiador, Juan E

    2016-05-11

    We address the problem of bootstrapping security and privacy policies for newly-deployed apps in wireless body area networks (WBAN) composed of smartphones, sensors and other wearable devices. We introduce a framework to model such a WBAN as an undirected graph whose vertices correspond to devices, apps and app resources, while edges model structural relationships among them. This graph is then augmented with attributes capturing the features of each entity together with user-defined tags. We then adapt available graph-based similarity metrics to find the closest app to a new one to be deployed, with the aim of reusing, and possibly adapting, its security policy. We illustrate our approach through a detailed smartphone ecosystem case study. Our results suggest that the scheme can provide users with a reasonably good policy that is consistent with the user's security preferences implicitly captured by policies already in place.

  14. Bootstrapping Security Policies for Wearable Apps Using Attributed Structural Graphs

    Directory of Open Access Journals (Sweden)

    Ana I. González-Tablas

    2016-05-01

    Full Text Available We address the problem of bootstrapping security and privacy policies for newly-deployed apps in wireless body area networks (WBAN composed of smartphones, sensors and other wearable devices. We introduce a framework to model such a WBAN as an undirected graph whose vertices correspond to devices, apps and app resources, while edges model structural relationships among them. This graph is then augmented with attributes capturing the features of each entity together with user-defined tags. We then adapt available graph-based similarity metrics to find the closest app to a new one to be deployed, with the aim of reusing, and possibly adapting, its security policy. We illustrate our approach through a detailed smartphone ecosystem case study. Our results suggest that the scheme can provide users with a reasonably good policy that is consistent with the user’s security preferences implicitly captured by policies already in place.

  15. Information security policy development for compliance

    CERN Document Server

    Williams, Barry L

    2013-01-01

    Although compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control. Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will he

  16. Security Analysis of Routing Protocols in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Mohammad Sadeghi

    2012-01-01

    Full Text Available In this paper, I describe briefly some of the different types of attacks on wireless sensor networks such as Sybil, HELLO, Wormhole and Sinkhole attacks. Then I describe security analysis of some major routing protocols in wireless sensor network such as Directed Diffusion, TinyOS beaconing, geographic and Rumor routings in term of attacks and security goals. As a result I explain some secure routing protocols for wireless sensor network and is discussed briefly some methods and policy of these protocols to meet their security requirements. At last some simulation results of these protocols that have been done by their designer are mentioned.

  17. Security-Enhanced Autonomous Network Management

    Science.gov (United States)

    Zeng, Hui

    2015-01-01

    Ensuring reliable communication in next-generation space networks requires a novel network management system to support greater levels of autonomy and greater awareness of the environment and assets. Intelligent Automation, Inc., has developed a security-enhanced autonomous network management (SEANM) approach for space networks through cross-layer negotiation and network monitoring, analysis, and adaptation. The underlying technology is bundle-based delay/disruption-tolerant networking (DTN). The SEANM scheme allows a system to adaptively reconfigure its network elements based on awareness of network conditions, policies, and mission requirements. Although SEANM is generically applicable to any radio network, for validation purposes it has been prototyped and evaluated on two specific networks: a commercial off-the-shelf hardware test-bed using Institute of Electrical Engineers (IEEE) 802.11 Wi-Fi devices and a military hardware test-bed using AN/PRC-154 Rifleman Radio platforms. Testing has demonstrated that SEANM provides autonomous network management resulting in reliable communications in delay/disruptive-prone environments.

  18. Introduction to network security

    CERN Document Server

    Jacobson, Douglas

    2008-01-01

    … Students can easily understand how things work thanks to the different figures/definitions … students can see the different steps taken to build a secure environment and avoid most of the usual mistakes. … A website (http://www.dougj.net/textbook) is provided to support the book, where the reader can find additional content, like instructor materials, slides to support the book, on-line tutorials, help to start the programming parts. It is not mandatory at all to understand the book, but it is a really nice addition. … the book is really well written, and easily understandable without lackin

  19. Food Security Policy in a Stochastic World

    OpenAIRE

    Adelman, Irma; Berck, Peter

    1989-01-01

    Food security may be increased by variance-reducing strategies, by food aid, or by development strategies. This paper uses a Korea CGE model, subjected to random fluctuation in world-prices and domestic food productivity, to evaluate these policies. We find that poverty-reducing development strategies are the most effective food-security strategies.

  20. European Security Policy and Earth Observation

    NARCIS (Netherlands)

    Cragg, A.; Buda, D.; Nieuwenhuijs, A.H.

    2009-01-01

    This paper gives an account of the activities of the GMOSS Working Group studying issues and priorities for European security. It draws on the European Security Strategy (ESS) and other major policy documents to provide a summary account for the general reader of the strategic challenges facing the

  1. A security architecture for health information networks.

    Science.gov (United States)

    Kailar, Rajashekar; Muralidhar, Vinod

    2007-10-11

    Health information network security needs to balance exacting security controls with practicality, and ease of implementation in today's healthcare enterprise. Recent work on 'nationwide health information network' architectures has sought to share highly confidential data over insecure networks such as the Internet. Using basic patterns of health network data flow and trust models to support secure communication between network nodes, we abstract network security requirements to a core set to enable secure inter-network data sharing. We propose a minimum set of security controls that can be implemented without needing major new technologies, but yet realize network security and privacy goals of confidentiality, integrity and availability. This framework combines a set of technology mechanisms with environmental controls, and is shown to be sufficient to counter commonly encountered network security threats adequately.

  2. Security Policy and Developments in Central Asia : Security Documents Compared with Security Challenges

    NARCIS (Netherlands)

    Haas, de M.

    2016-01-01

    This article examines the security policy of the Central Asian (CA) states, by comparing theory (security documents) with practice (the actual security challenges). The lack of CA regional (security) cooperation and authoritarian rule puts political and economic stability at stake. The internal and

  3. Security Policy and Developments in Central Asia : Security Documents Compared with Security Challenges

    NARCIS (Netherlands)

    Haas, de M.

    2016-01-01

    This article examines the security policy of the Central Asian (CA) states, by comparing theory (security documents) with practice (the actual security challenges). The lack of CA regional (security) cooperation and authoritarian rule puts political and economic stability at stake. The internal and

  4. The New Policy of Nordic Security

    Directory of Open Access Journals (Sweden)

    Luis M. Mora Fernandez-Rua

    1996-02-01

    Full Text Available During the Cold War period, the security policy of the Nordic countries was based on what Arne Olav Brundtland had called nordic balance. After the fall of the Berlin Wall in 1989 and the end of the East-West confrontation, this concept has been reformulated, among other factors, by the decision taken by Sweden and Finland torenounce their traditional policies of neutrality and their joining the European Union. In this new international context, the Nordic countries have redefined the strategies and the instruments of their security policy with a view to creating a space of multidimensionalcooperation at all levels.

  5. The European Security and Defence Policy

    DEFF Research Database (Denmark)

    Adler-Nissen, Rebecca

    2009-01-01

    The European Security and Defence Policy (ESDP), which is the operational military and civilian dimension of the Common Foreign and Security Policy (CFSP), is today one of the most dynamic areas of the European Union. However, it is only recently that the EU has acquired explicit military decision....... The Union is thus gradually emerging as an important player on the international scene, with a strategic vision, as well as diplomatic, civilian and military crisis-management instruments that complement the existing economic, commercial, humanitarian and development policies on which the EU has hitherto...... built its reputation as a ‘soft power'. Despite its rapid development, many still regard the EU as weak and ineffi cient when it comes to security and defence policy. Moreover, the EU struggles with internal divisions and has a strained relationship with NATO. Nonetheless, there are good reasons...

  6. Impact of Information Security Policies on Email-Virus Propagation

    Institute of Scientific and Technical Information of China (English)

    2005-01-01

    Aimed at tracing out the email-virus propagation rules in communication network, this paper extends the traditional epidemiological model (i. e., SEIR) by taking into account the behavior of email users, such as email checking frequency and anti-virus information security policies, and discusses the factors that affect the email-virus propagation in an organization. With the extended SEIR model, namely E-SEIR, three aspects of information security policies (i. e., immunization, information security training,and user recovery support) are investigated in terms of their impacts on the email virus propagation. The results show that the E-SEIR model is suitable to reflect the propagation pattern of email virus, and may also be used in anti-virus policies simulation and evaluation.

  7. Information security policies for governmental organisations, the minimum criteria

    CSIR Research Space (South Africa)

    Ngobeni, SJ

    2009-07-01

    Full Text Available and access valuable information in an unauthorised way. Information security policies are seen as not only a counterproposal, but also a solution to information security effectiveness. However, a key issue impacting information security policies is what...

  8. Security and the networked society

    CERN Document Server

    Gregory, Mark

    2013-01-01

    This book examines technological and social events during 2011 and 2012, a period that saw the rise of the hacktivist, the move to mobile platforms, and the ubiquity of social networks. It covers key technological issues such as hacking, cyber-crime, cyber-security and cyber-warfare, the internet, smart phones, electronic security, and information privacy. This book traces the rise into prominence of these issues while also exploring the resulting cultural reaction. The authors' analysis forms the basis of a discussion on future technological directions and their potential impact on society. T

  9. Evaluating Secure Cluster Formation in Personal Networks

    NARCIS (Netherlands)

    Jehangir, A.; Heemstra de Groot, S.M.

    2007-01-01

    In this paper we evaluate our previously proposed security architecture for Personal Networks (PNs). Personal Network is a new concept utilizing pervasive and distributed computing to meet the needs of the user. We aim to secure Personal Networks with lightweight security mechanisms that are suitabl

  10. Network Security Policy Study in the New Era%对新时期网络安全策略的研究

    Institute of Scientific and Technical Information of China (English)

    杨优

    2012-01-01

    本文简要介绍了网络安全的概念及新时期我国网络安全的现状,包括其所面临的威胁和挑战,并针对以上存在问题从三个层面分析和探讨了在新时期下解决我国网络安全问题的策略。%This paper introduces the concept and the status of our network security in the new era of network security,including threats and challenges they face and solve the above problems from the three levels of analysis and discussion to solve network security problems in the new era strategy.

  11. Energy security and climate policy. Assessing interactions

    Energy Technology Data Exchange (ETDEWEB)

    NONE

    2007-03-28

    World energy demand is surging. Oil, coal and natural gas still meet most global energy needs, creating serious implications for the environment. One result is that CO2 emissions, the principal cause of global warming, are rising. This new study underlines the close link between efforts to ensure energy security and those to mitigate climate change. Decisions on one side affect the other. To optimise the efficiency of their energy policy, OECD countries must consider energy security and climate change mitigation priorities jointly. The book presents a framework to assess interactions between energy security and climate change policies, combining qualitative and quantitative analyses. The quantitative analysis is based on the development of energy security indicators, tracking the evolution of policy concerns linked to energy resource concentration. The 'indicators' are applied to a reference scenario and CO2 policy cases for five case-study countries: The Czech Republic, France, Italy, the Netherlands, and the United Kingdom. Simultaneously resolving energy security and environmental concerns is a key challenge for policy makers today. This study helps chart the course.

  12. 76 FR 67750 - Homeland Security Information Network Advisory Committee

    Science.gov (United States)

    2011-11-02

    ... SECURITY Homeland Security Information Network Advisory Committee AGENCY: Department of Homeland Security... Applicants for Appointment to Homeland Security Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information...

  13. Windows 2012 Server network security securing your Windows network systems and infrastructure

    CERN Document Server

    Rountree, Derrick

    2013-01-01

    Windows 2012 Server Network Security provides the most in-depth guide to deploying and maintaining a secure Windows network. The book drills down into all the new features of Windows 2012 and provides practical, hands-on methods for securing your Windows systems networks, including: Secure remote access Network vulnerabilities and mitigations DHCP installations configuration MAC filtering DNS server security WINS installation configuration Securing wired and wireless connections Windows personal firewall

  14. Do Policy Networks lead to Network Governing?

    DEFF Research Database (Denmark)

    Damgaard, Bodil

    This paper challenges the notion that creation of local policy networks necessarily leads to network governing. Through actor-centred case studies in the area of municipally implemented employment policy in Denmark it was found that the local governing mode is determined mainly by the municipality...

  15. Statistical network analysis for analyzing policy networks

    DEFF Research Database (Denmark)

    Robins, Garry; Lewis, Jenny; Wang, Peng

    2012-01-01

    and policy network methodology is the development of statistical modeling approaches that can accommodate such dependent data. In this article, we review three network statistical methods commonly used in the current literature: quadratic assignment procedures, exponential random graph models (ERGMs...... has much to offer in analyzing the policy process....

  16. Installing an appropriate information security policy.

    Science.gov (United States)

    Gaunt, N

    1998-03-01

    Security of personal health care is of concern to patients, health care staff and informaticians alike. Nevertheless, their awareness of the appropriate measures for protection of such data have been found wanting. The development and implementation of an information and security policy in the health care environment must therefore take into account the attitudes of staff and their educational needs. The approach adopted in one large District General Hospital was to combine risk analysis with surveys of users attitudes to proposed measures and a participational approach to development of security procedures using an adaptation of the ETHICS soft systems methodology. As a result of several years of effort, a 'security culture' has begun to emerge in the organization. However, this can only be sustained by continual promotion of the policy and a willingness to adapt procedures to suit the operating environment.

  17. Security Policy: Consistency, Adjustments and Restraining Factors

    Institute of Scientific and Technical Information of China (English)

    Yang; Jiemian

    2004-01-01

    In the 2004 U.S. presidential election, despite well-divided domestic opinions and Kerry's appealing slogan of "Reversing the Trend," a slight majority still voted for George W. Bush in the end. It is obvious that, based on the author's analysis, security agenda such as counter-terrorism and Iraqi issue has contributed greatly to the reelection of Mr. Bush. This also indicates that the security policy of Bush's second term will basically be consistent.……

  18. Food security policies in India and China

    DEFF Research Database (Denmark)

    Yu, Wusheng; Elleby, Christian; Zobbe, Henrik

    2015-01-01

    Food insecurity is a much more serious concern in India than China. In addition to income and poverty differences, we argue in this paper that differences in food policies can further explain the different food security outcomes across the two countries. First, India mostly uses price-based input...... dependence on price-based measures causes relatively larger and more volatile fiscal burdens, thereby likely making it more vulnerable in dealing with similar events in the future. These findings have important implications for food policy and food security in the two countries in the future....

  19. Cyber security awareness toolkit for national security: an approach to South Africa's cyber security policy implementation

    CSIR Research Space (South Africa)

    Phahlamohlaka, LJ

    2011-05-01

    Full Text Available The aim of this paper is to propose an approach that South Africa could follow in implementing its proposed cyber security policy. The paper proposes a Cyber Security Awareness Toolkit that is underpinned by key National Security imperatives...

  20. Network model of security system

    Directory of Open Access Journals (Sweden)

    Adamczyk Piotr

    2016-01-01

    Full Text Available The article presents the concept of building a network security model and its application in the process of risk analysis. It indicates the possibility of a new definition of the role of the network models in the safety analysis. Special attention was paid to the development of the use of an algorithm describing the process of identifying the assets, vulnerability and threats in a given context. The aim of the article is to present how this algorithm reduced the complexity of the problem by eliminating from the base model these components that have no links with others component and as a result and it was possible to build a real network model corresponding to reality.

  1. Vehicular ad hoc network security and privacy

    CERN Document Server

    Lin, X

    2015-01-01

    Unlike any other book in this area, this book provides innovative solutions to security issues, making this book a must read for anyone working with or studying security measures. Vehicular Ad Hoc Network Security and Privacy mainly focuses on security and privacy issues related to vehicular communication systems. It begins with a comprehensive introduction to vehicular ad hoc network and its unique security threats and privacy concerns and then illustrates how to address those challenges in highly dynamic and large size wireless network environments from multiple perspectives. This book is richly illustrated with detailed designs and results for approaching security and privacy threats.

  2. Security Policy Enforcement in Cloud Infrastructure

    Directory of Open Access Journals (Sweden)

    Arijit Ukil

    2013-05-01

    Full Text Available Cloud computing is a computing environment consisti ng of different facilitating components like hardware, software, firmware, networking, and servi ces. Internet or a private network provides the required backbone to deliver the cloud services . The benefits of cloud computing like “on- demand, customized resource availability and perfor mance management” are overpowered by the associated security risks to the cloud system, particularly to the cloud users or clients. Existing traditional IT and enterprise security are not adequate to address the cloud security issues. In order to deploy different cloud applicat ions, it is understood that security concerns of cloud computing are to be effectively addressed. Cl oud security is such an area which deals with the concerns and vulnerabilities of cloud comp uting for ensuring safer computing environment. This paper explores the challenges and issues of security concerns of cloud computing through different standard and novel solu tions. This paper proposes architecture for incorporating different security schemes, technique s and protocols for cloud computing, particularly in Infrastructure-as-a-Service (IaaS and Platform-as-a-Service (PaaS systems. The proposed architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and is not coupled with the un derlying backbone. This would facilitate to manage the cloud system more effectively and provid e the administrator to include the specific solution to counter the threat.

  3. Aspects with Program Analysis for Security Policies

    DEFF Research Database (Denmark)

    Yang, Fan

    , small modification of the security requirement might lead to substantial changes in a number of modules within a large mobile distributed system. Indeed, security is a crosscutting concern which can spread to many business modules within a system, and is difficult to be integrated in a modular way......Enforcing security policies to IT systems, especially for a mobile distributed system, is challenging. As society becomes more IT-savvy, our expectations about security and privacy evolve. This is usually followed by changes in regulation in the form of standards and legislation. In many cases......-oriented extension of the process calculus KLAIM that excels at modeling mobile, distributed systems. A novel feature of our approach is that advices are able to analyze the future use of data, which is achieved by using program analysis techniques. We also present AspectK to propose other possible aspect...

  4. FORMATION OF A COMPUTER SECURITY POLICY BOARD

    CERN Multimedia

    2001-01-01

    In view of the increasing number of security incidents at CERN, the Directorate has set up a Computer Security Policy Board. Information about the mandate and the meetings of the Board is linked from http://cern.ch/security which is the entry point for computer security information at CERN. File Services Computing Rule The use of CERN's Computing facilities are governed by Operational Circular No 5 and its subsidiary rules. To protect file servers at CERN from unauthorised use, the Organization has issued a new subsidiary rule related to file services. Details hereof and of the complete set of rules applicable to the use of CERN computing facilities are available at http://cern.ch/ComputingRules

  5. FORMATION OF A COMPUTER SECURITY POLICY BOARD

    CERN Multimedia

    2001-01-01

    In view of the increasing number of security incidents at CERN, the Directorate has set up a Computer Security Policy Board. Information about the mandate and the meetings of the Board is linked from http://cern.ch/security, which is the entry point for computer security information at CERN. FILE SERVICES COMPUTING RULE The use of CERN's Computing facilities are governed by Operational Circular No 5 and its subsidiary rules. To protect file servers at CERN from unauthorised use, the Organization has issued a new subsidiary rule related to file services. Details hereof and of the complete set of rules applicable to the use of CERN computing facilities are available at http://cern.ch/ComputingRules.

  6. Alignment of Organizational Security Policies -- Theory and Practice

    NARCIS (Netherlands)

    Dimkov, T.

    2012-01-01

    To address information security threats, an organization defines security policies that state how to deal with sensitive information. These policies are high-level policies that apply for the whole organization and span the three security domains: physical, digital and social. One example of a

  7. Alignment of organizational security policies : theory and practice

    NARCIS (Netherlands)

    Dimkov, Trajce

    2012-01-01

    To address information security threats, an organization defines security policies that state how to deal with sensitive information. These policies are high-level policies that apply for the whole organization and span the three security domains: physical, digital and social. One example of a high-

  8. Role of Security in Social Networking

    Directory of Open Access Journals (Sweden)

    David Hiatt

    2016-02-01

    Full Text Available In this paper, the concept of security and privacy in social media, or social networking will be discussed. First, a brief history and the concept of social networking will be introduced. Many of the security risks associated with using social media are presented. Also, the issue of privacy and how it relates to security are described. Based on these discussions, some solutions to improve a user’s privacy and security on social networks will be suggested. Our research will help the readers to understand the security and privacy issues for the social network users, and some steps which can be taken by both users and social network organizations to help improve security and privacy.

  9. Networks and network analysis for defence and security

    CERN Document Server

    Masys, Anthony J

    2014-01-01

    Networks and Network Analysis for Defence and Security discusses relevant theoretical frameworks and applications of network analysis in support of the defence and security domains. This book details real world applications of network analysis to support defence and security. Shocks to regional, national and global systems stemming from natural hazards, acts of armed violence, terrorism and serious and organized crime have significant defence and security implications. Today, nations face an uncertain and complex security landscape in which threats impact/target the physical, social, economic

  10. A Policy Model for Secure Information Flow

    Science.gov (United States)

    Adetoye, Adedayo O.; Badii, Atta

    When a computer program requires legitimate access to confidential data, the question arises whether such a program may illegally reveal sensitive information. This paper proposes a policy model to specify what information flow is permitted in a computational system. The security definition, which is based on a general notion of information lattices, allows various representations of information to be used in the enforcement of secure information flow in deterministic or nondeterministic systems. A flexible semantics-based analysis technique is presented, which uses the input-output relational model induced by an attacker’s observational power, to compute the information released by the computational system. An illustrative attacker model demonstrates the use of the technique to develop a termination-sensitive analysis. The technique allows the development of various information flow analyses, parametrised by the attacker’s observational power, which can be used to enforce what declassification policies.

  11. MODERN NETWORK SECURITY: ISSUES AND CHALLENGES

    Directory of Open Access Journals (Sweden)

    SHAILJA PANDEY

    2011-05-01

    Full Text Available Secure Network has now become a need of any organization. The security threats are increasing day by day and making high speed wired/wireless network and internet services, insecure andunreliable. Now – a - days security measures works more importantly towards fulfilling the cutting edge demands of today’s growing industries. The need is also induced in to the areas like defense, where secure and authenticated access of resources are the key issues related to information security. In this paper Author has described the important measures and parameters regarding large industry/organizational requirements for establishing a secure network. Wi-Fi networks are very common in providing wirelessnetwork access to different resources and connecting various devices wirelessly. There are need of different requirements to handle Wi-Fi threats and network hacking attempts. This paper exploresimportant security measures related to different network scenarios, so that a fully secured network environment could be established in an organization. Author also has discussed a case study to illustratethe minimal set of measures required for establishing network security in any organization.

  12. Research, Boundaries, and Policy in Networked Learning

    DEFF Research Database (Denmark)

    This book presents cutting-edge, peer reviewed research on networked learning organized by three themes: policy in networked learning, researching networked learning, and boundaries in networked learning. The "policy in networked learning" section explores networked learning in relation to policy...

  13. The Royal Navy and British Security Policy.

    Science.gov (United States)

    1983-12-01

    SCHOOL December 1983 Author Approved by: Tesis Avisor s" econd R e r Chafrman, Department of National Security Affairs -- and Policy Sciences " Dean of...8217s based on the 14 VULCAN , VICTOR and VALIANT bombers. Although cooperation with the American SAC was envisioned from the begining, the force did...British strategic nuclear deterrent. This responsibility was once the domain of the Royal Air Force and its VULCAN , VICTOR, and VALIANT bombers, but after

  14. An immunity based network security risk estimation

    Institute of Scientific and Technical Information of China (English)

    LI Tao

    2005-01-01

    According to the relationship between the antibody concentration and the pathogen intrusion intensity, here we present an immunity-based model for the network security risk estimation (Insre). In Insre, the concepts and formal definitions of self,nonself, antibody, antigen and lymphocyte in the network security domain are given. Then the mathematical models of the self-tolerance, the clonal selection, the lifecycle of mature lymphocyte, immune memory and immune surveillance are established. Building upon the above models, a quantitative computation model for network security risk estimation,which is based on the calculation of antibody concentration, is thus presented. By using Insre, the types and intensity of network attacks, as well as the risk level of network security, can be calculated quantitatively and in real-time. Our theoretical analysis and experimental results show that Insre is a good solution to real-time risk evaluation for the network security.

  15. 移动云计算领域的网络安全策略研究%Mobile Cloud Computing Research on Network Security Policy

    Institute of Scientific and Technical Information of China (English)

    王琮; 吴帆; 闫莅

    2015-01-01

    移动云计算(Mobile Cloud Computing),作为云计算和移动互联网相互融合的产物,是指通过移动网络以按需、可扩展的模式获取所需的网络、服务器、存储、应用和服务等IT资源的一种交付模式。然而,移动云计算这一新技术的应用,也引发了一系列新的安全问题。本文介绍了移动云计算的基本概念,分析了移动云计算环境中所面临的网络安全挑战,结合“云-管-端”的架构与特点,提出了一套“云层”“终端”和“管道”的分层次的安全策略,以期提供一种移动云计算领域的安全防护思路。%Mobile cloud computing, is a product of cloud computing and mobile Internet integration, is a kind of mode of delivery through the mobile network to on-demand, scalable model for obtaining the required network, servers, storage, applications and services and other IT resources. However, the application of mobile cloud computing is a new technology, has initiated a series of new problems of network security. This paper introduces the basic concept of mobile cloud computing, analyzes the mobile network security challenges facing cloud computing environments, combined with "Cloud - Pipe - End" architecture and features, proposed a "Cloud", "Pipe" and "End" of layered security strategy, in order to provide an idea of mobile cloud computing securityfi eld.

  16. Privacy and Security: Online Social Networking

    Directory of Open Access Journals (Sweden)

    Akriti Verma, Deepak Kshirsagar, Sana Khan

    2013-03-01

    Full Text Available Online Social Networking (OSN sites such asFacebook, Twitter, Google+ attract hundreds andmillions of users. Such social networks have acentralized architecture wherein user's private dataand user generated content are centrally owned by asingle administrative domain that managescommunication between its users. As a result,centralized social networks have gatheredunprecedented amounts of data about the behaviorsand personalities of individuals, raising majorprivacy and security concerns. This has put indemand for a decentralized social networking sitethat addresses the privacy and security issues.

  17. Security and Policy for Group Collaboration

    Energy Technology Data Exchange (ETDEWEB)

    Ian Foster; Carl Kesselman

    2006-07-31

    Security and Policy for Group Collaboration” was a Collaboratory Middleware research project aimed at providing the fundamental security and policy infrastructure required to support the creation and operation of distributed, computationally enabled collaborations. The project developed infrastructure that exploits innovative new techniques to address challenging issues of scale, dynamics, distribution, and role. To reduce greatly the cost of adding new members to a collaboration, we developed and evaluated new techniques for creating and managing credentials based on public key certificates, including support for online certificate generation, online certificate repositories, and support for multiple certificate authorities. To facilitate the integration of new resources into a collaboration, we improved significantly the integration of local security environments. To make it easy to create and change the role and associated privileges of both resources and participants of collaboration, we developed community wide authorization services that provide distributed, scalable means for specifying policy. These services make it possible for the delegation of capability from the community to a specific user, class of user or resource. Finally, we instantiated our research results into a framework that makes it useable to a wide range of collaborative tools. The resulting mechanisms and software have been widely adopted within DOE projects and in many other scientific projects. The widespread adoption of our Globus Toolkit technology has provided, and continues to provide, a natural dissemination and technology transfer vehicle for our results.

  18. Information security policy: contributions from internal marketing for its effectiveness

    Directory of Open Access Journals (Sweden)

    Cristiane Ellwanger

    2012-06-01

    Full Text Available Protecting sources of information has become a great challenge to the organizations, due to the advance of the information technologies, the integration between them and the constant stream of information that flows through the communication networks. The establishment of an Information Security Policy – PSI may resolve a part of the problems related to security, but it cannot totally solve them, since the human resources present in the internal environment of the organizations may spoil the effectiveness of the PSI. Given the importance of the human aspects in the context of the information security, the present work discusses the use of internal marketing as a management strategy in order to obtain or reestablish the commitment of the users to the principles defined in the PSI, and demonstrates, through an experimental research, the impact of using internal marketing techniques to the effectiveness of that policy. The results of this experiment make quantitatively evident how relevant the use of these techniques may be in order to have the procedures described in the PSI actually carried out by the users, and demonstrates a 402,4% increase in the support to the information security policy, considering the procedures indicated in the PSI that were totally executed.

  19. Ubiquitous access control and policy management in personal networks

    DEFF Research Database (Denmark)

    Kyriazanos, Dimitris M.; Stassinopoulos, George I.; Prasad, Neeli R.

    2006-01-01

    In this paper the authors present the challenges for enabling Security Policies Management and subsequent Ubiquitous Access Control on the Personal Network (PN) environment. A solution based on Security Profiles is proposed, supporting both partially distributed architectures-having in this case...

  20. STUDY ON COMPANY SECURITY POLICIES FROM DIGITAL MEDIA

    Directory of Open Access Journals (Sweden)

    CRISTINA-MARIA RĂDULESCU

    2015-12-01

    Full Text Available The Internet development has brought both new opportunities and risks for either retailers or consumers. For example, electronic commerce is much faster and less expensive, but this openness makes it difficult to secure. People are aware of the fact that online businesses collecting, process and distribute enormous amounts of personal data and therefore, are concerned about their unauthorized use or their use in other purposes than intended by third parties in order to gain unauthorized access to them. There are more examples of cyber criminal activities, such as: hacking, software piracy, passwords attack, service prohibition attacks, scamming, etc. Such fears led to the editing of protection policies meant to secure personal data and to develop some mechanisms to ensure the reliability and confidentiality of electronic information. Security measures include access control devices, installation of firewalls and intrusion detection devices, of some security procedures to identify and authenticate authorized users of network systems. Such mechanisms constitute the core of this study. We will also analyze security and confidentiality policy of personal data of Google Inc.

  1. Security for multi-hop wireless networks

    CERN Document Server

    Mahmoud, Mohamed M E A

    2014-01-01

    This Springer Brief discusses efficient security protocols and schemes for multi-hop wireless networks. It presents an overview of security requirements for these networks, explores challenges in securing networks and presents system models. The authors introduce mechanisms to reduce the overhead and identify malicious nodes that drop packets intentionally. Also included is a new, efficient cooperation incentive scheme to stimulate the selfish nodes to relay information packets and enforce fairness. Many examples are provided, along with predictions for future directions of the field. Security

  2. Secure Clustering in Vehicular Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    Zainab Nayyar

    2015-09-01

    Full Text Available A vehicular Ad-hoc network is composed of moving cars as nodes without any infrastructure. Nodes self-organize to form a network over radio links. Security issues are commonly observed in vehicular ad hoc networks; like authentication and authorization issues. Secure Clustering plays a significant role in VANETs. In recent years, various secure clustering techniques with distinguishing feature have been newly proposed. In order to provide a comprehensive understanding of these techniques are designed for VANETs and pave the way for the further research, a survey of the secure clustering techniques is discussed in detail in this paper. Qualitatively, as a result of highlighting various techniques of secure clustering certain conclusions are drawn which will enhance the availability and security of vehicular ad hoc networks. Nodes present in the clusters will work more efficiently and the message passing within the nodes will also get more authenticated from the cluster heads.

  3. International Security, Development, and Human Rights: Policy Conversion or Conflict?

    Directory of Open Access Journals (Sweden)

    Miao-ling Lin Hasenkamp

    2012-04-01

    Full Text Available This article uses an institutional network governance approach to explore the overlapping dimension of the policy fields between security, development, and human rights, reflected in the US and German provincial reconstruction teams (PRTs in Afghanistan. The past two decades have witnessed a gradually changing paradigm in academic and policy debates regarding the questions of the normative basis of world order and possibilities for tackling imminent threats to security and peace (i.e. intra-state armed conflicts, failed states, terrorism, poverty, and deepening inequality. The introduction of concepts such as “human security” and “the right to humanitarian intervention/responsibility to protect (R2P” as well as critical examinations of peace-, nation-, and state-building missions (PNSB have led to a relativist tendency of state sovereignty and a changing attitude regarding how to address the intersection of security, development, and human rights. Despite this shift, the policy commitments to integrating these policy considerations remain puzzling. How have they been redefined, conceptualized, and put into practice? I argue that an integrated conceptual approach has facilitated the redefinition of common policy goals, principles, and the mobilization of resources. At the same time, civil and military cooperation, as demonstrated in the multifunctional work of PRTs, has been Janus-headed—permanently caught in an ongoing tension between the war on terror and short-term stability operation on the one hand and long-term durable peace and development on the other. The misunderstanding of its interim character, the dynamics of Afghan environment, the blurring of policy lines, and the differences between national PRT models have made it difficult to systematically assess the efficiency and legitimacy of each policy frame and program.

  4. Multihost ad-hoc network with the clustered Security networks

    Directory of Open Access Journals (Sweden)

    J.Manikandan,

    2010-03-01

    Full Text Available Security has becomes a primary concern in order to provide protected communication between mobile nodes in a host environment .Unlike the wire line network, the unique characteristics mobile ad-hoc networkpose a collection on autonomous nodes of terminals. Which ommunication with each other by forming multihost radio network and maintaining connectivity in a decentralized manner. Node in Ad-hoc network path is dynamic network topology. These challenges clearly make a case for building multifence security selection that achieve both protection and describe network performance. In this paper we focus on the fundamental security of protection. the multihost network connectivity between mobile nodes in a MANET.we Identify thesecurity issues related to this problem, disuse the challenges to security design and review the security proposals the protect multihost wireless networks. Some security mechanism used in wired network cannot simply is applied to protocol an ad-hoc network. After analyzing various type attacks ad-hoc network, a security for thefamous routing protocol, DSR (Dynamic sources routing is proposed the complete security solutions should cluster nodes and MANET encompass the security components of prevention, detection and reactions.

  5. Usable Security For Named Data Networking

    OpenAIRE

    Yu, Yingdi

    2016-01-01

    Named Data Networking (NDN) is a proposed Internet architecture, which changes the network communication model from “speaking to a host” to “retrieving data from network”. Such data-centric communication model requires a data-centric security model, which secures data directly rather than authenticating the host where data is retrieved from and securing the channel through which data is delivered, so that data can be safely distributed into arbitrary untrusted storage and retrieved over untru...

  6. Game Theory Meets Network Security and Privacy

    OpenAIRE

    Manshaei, Mohammadhossein; Zhu, Quanyan; Alpcan, Tansu; Basar, Tamer; Hubaux, Jean-Pierre

    2012-01-01

    This survey provides a structured and comprehensive overview of the research contributions that analyze and solve security and privacy problems in computer networks by game-theoretic approaches. A selected set of works are presented to highlight the application of game theory in order to address different forms of security and privacy problems in computer networks and mobile applications. The presented works are classified into six main categories based on their topics: security of the physic...

  7. Network Security in Remote Supervisory Control

    Institute of Scientific and Technical Information of China (English)

    黄振国

    2001-01-01

    After an introduction to the implementation of supervisory computer control (SCC) through networks and the relevant security issues, this paper centers on the core of network security design: intelligent front-end processor (FEP), encryption/decryption method and authentication protocol. Some other system-specific security measures are also proposed. Although these are examples only, the techniques discussed can also be used in and provide reference for other remote control systems.

  8. A Survey on Wireless Sensor Network Security

    CERN Document Server

    Sen, Jaydip

    2010-01-01

    Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed nature of these networks and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. This problem is more critical if the network is deployed for some mission-critical applications such as in a tactical battlefield. Random failure of nodes is also very likely in real-life deployment scenarios. Due to resource constraints in the sensor nodes, traditional security mechanisms with large overhead of computation and communication are infeasible in WSNs. Security in sensor networks is, therefore, a particularly challenging task. This paper discusses the current state of the art in security mechanisms for WSNs. Various types of attacks are discussed and their countermeasures presented. A brief discussion on the future direction of research in WSN security is also included.

  9. 75 FR 10507 - Information Security Oversight Office; National Industrial Security Program Policy Advisory...

    Science.gov (United States)

    2010-03-08

    ... RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy... regulation 41 CFR 101-6, announcement is made for a meeting of the National Industrial Security Program Policy Advisory Committee. The meeting will be held to discuss National Industrial Security Program...

  10. On an Interactive Network Security Measure

    Institute of Scientific and Technical Information of China (English)

    LUO Huiqiong; WANG Jiahao; ZHAO Qiang

    2004-01-01

    An interactive network security measure and a description of its function as well as its principle are presented.Based on the existing security loopholes and bugsin operating systems,this measure focuses on the restrictive condition of security and the establishment of configuration files.Under the control and administration of the secure management of configuration files,each system module brings much fiexibility,adaptability and high-level security.The security detecting and managing software used in UNIX based on this measure has obtained good results,achieving the goal of automatically detecting and handling inner and outer system-violation and system abuse.

  11. Towards Secure Delegation with Chinese Wall Security Policy (CWSP

    Directory of Open Access Journals (Sweden)

    Chunxiao Ye

    2011-08-01

    Full Text Available Chinese Wall Security Policy (CWSP is a widely applied access control policy in many fields, especially in commercial world. Delegation is one of the hot topics of access control technologies. Delegation with CWSP means delegation must satisfy not only delegation constrains but CWSP as well. There exist many delegation models, such as RBDM, RDM2000 and PBDM et al, but few focus on it.  This paper proposed an approach of how to delegate permission with the restriction of CWSP.  Although CWSP is part of delegation constraint, it does not mean that existing delegation models can be easy applied to this kind of delegation. In our approach, we first define two types of delegation constraints consisting of CWSP. Then we discussed different types of revocation and found that automatic revocation can make delegation safer than user revocation. Also, we found that there exists security vulnerability in multi-step delegation and gave some feasible solutions. Finally, this paper gave system implementation architecture and some examples to show how our approach works properly in a situation with CWSP.

  12. Hybrid architecture for building secure sensor networks

    Science.gov (United States)

    Owens, Ken R., Jr.; Watkins, Steve E.

    2012-04-01

    Sensor networks have various communication and security architectural concerns. Three approaches are defined to address these concerns for sensor networks. The first area is the utilization of new computing architectures that leverage embedded virtualization software on the sensor. Deploying a small, embedded virtualization operating system on the sensor nodes that is designed to communicate to low-cost cloud computing infrastructure in the network is the foundation to delivering low-cost, secure sensor networks. The second area focuses on securing the sensor. Sensor security components include developing an identification scheme, and leveraging authentication algorithms and protocols that address security assurance within the physical, communication network, and application layers. This function will primarily be accomplished through encrypting the communication channel and integrating sensor network firewall and intrusion detection/prevention components to the sensor network architecture. Hence, sensor networks will be able to maintain high levels of security. The third area addresses the real-time and high priority nature of the data that sensor networks collect. This function requires that a quality-of-service (QoS) definition and algorithm be developed for delivering the right data at the right time. A hybrid architecture is proposed that combines software and hardware features to handle network traffic with diverse QoS requirements.

  13. Security Analysis of Secure Force Algorithm for Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Shujaat Khan

    2014-09-01

    Full Text Available — In Wireless Sensor Networks, the sensor nodes are battery powered small devices designed for long battery life. These devices also lack in terms of processing capability and memory. In order to provide high confidentiality to these resource constrained network nodes, a suitable security algorithm is needed to be deployed that can establish a balance between security level and processing overhead. The objective of this research work is to perform a security analysis and performance evaluation of recently proposed Secure Force algorithm. This paper shows the comparison of Secure Force 64, 128, and 192 bit architecture on the basis of avalanche effect (key sensitivity, entropy change analysis, image histogram, and computational time. Moreover, based on the evaluation results,the paper also suggests the possible solutions for the weaknesses of the SF algorithm.

  14. Security-Enhanced Autonomous Network Management for Space Networking Project

    Data.gov (United States)

    National Aeronautics and Space Administration — Intelligent Automation Inc. (IAI) proposes an innovative Security-Enhanced Autonomous Network Management (SEANM) scheme for reliable communication in space...

  15. BackTrack testing wireless network security

    CERN Document Server

    Cardwell, Kevin

    2013-01-01

    Written in an easy-to-follow step-by-step format, you will be able to get started in next to no time with minimal effort and zero fuss.BackTrack: Testing Wireless Network Security is for anyone who has an interest in security and who wants to know more about wireless networks.All you need is some experience with networks and computers and you will be ready to go.

  16. Penetration Testing: A Roadmap to Network Security

    OpenAIRE

    2009-01-01

    Network penetration testing identifies the exploits and vulnerabilities those exist within computer network infrastructure and help to confirm the security measures. The objective of this paper is to explain methodology and methods behind penetration testing and illustrate remedies over it, which will provide substantial value for network security Penetration testing should model real world attacks as closely as possible. An authorized and scheduled penetration testing will probably detected ...

  17. Securing Information with Complex Optical Encryption Networks

    Science.gov (United States)

    2015-08-11

    Encryption Networks 5a. CONTRACT NUMBER FA2386-13-1-4106 5b. GRANT NUMBER Grant AOARD-134106 5c. PROGRAM ELEMENT NUMBER 61102F 6. AUTHOR(S...configure complex optical encryption networks for securing information. The goal is to study/develop the architectures for a number of complex optical... encryption networks, and to provide effective and reliable solutions for information security. 15. SUBJECT TERMS Optical Encryption

  18. Implementing Security for Active Networks in Internet

    Institute of Scientific and Technical Information of China (English)

    Tang Yin; Wang Weiran

    2003-01-01

    Active networks is primarily a Defense Advanced Research Projects Agency(DARPA)-funded project focusing on the research of mechanisms, applications, and operating systems to develop a reconfigurable network infrastructure. This letter proposes an Secure Active Tracing System (SATS) to implementing security for active networking in Internet. Unlike currently existing schemes, SATS reduces the computational overloads by executing the filtering operation on selected packet streams only when needed.

  19. Cloud Computing Application of Personal Information's Security in Network Sales-channels

    Directory of Open Access Journals (Sweden)

    Sun Qiong

    2013-07-01

    Full Text Available With the promotion of Internet sales, the security of personal information to network users have become increasingly demanding. The existing network of sales channels has personal information security risks, vulnerable to hacker attacking. Taking full advantage of cloud security management strategy, cloud computing security management model is introduced to the network sale of personal information security applications, which is to solve the problem of information leakage. Then we proposed membership-based cloud service provided selection policy. By exploring the prospects of cloud computing in Internet sales, we try to solve the problem of the security of personal information in this channel.

  20. Security Service Technology for Mobile Networks

    Institute of Scientific and Technical Information of China (English)

    Aiqun Hu; Tao Li; Mingfu Xue

    2011-01-01

    As mobile networks become high speed and attain an all-IP structure, more services are possible. This brings about many new security requirements that traditional security programs cannot handle. This paper analyzes security threats and the needs of 3G/4G mobile networks, and then proposes a novel protection scheme for them based on their whole structure. In this scheme, a trusted computing environment is constructed on the mobile terminal side by combining software validity verification with access control. At the security management center, security services such as validity verification and integrity check are provided to mobile terminals. In this way, terminals and the network as a whole are secured to a much greater extent. This paper also highlights problems to be addressed in future research and development.

  1. Privacy policies for health social networking sites.

    Science.gov (United States)

    Li, Jingquan

    2013-01-01

    Health social networking sites (HSNS), virtual communities where users connect with each other around common problems and share relevant health data, have been increasingly adopted by medical professionals and patients. The growing use of HSNS like Sermo and PatientsLikeMe has prompted public concerns about the risks that such online data-sharing platforms pose to the privacy and security of personal health data. This paper articulates a set of privacy risks introduced by social networking in health care and presents a practical example that demonstrates how the risks might be intrinsic to some HSNS. The aim of this study is to identify and sketch the policy implications of using HSNS and how policy makers and stakeholders should elaborate upon them to protect the privacy of online health data.

  2. SEMAN: A Novel Secure Middleware for Mobile Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    Eduardo da Silva

    2016-01-01

    Full Text Available As a consequence of the particularities of Mobile Ad Hoc Networks (MANETs, such as dynamic topology and self-organization, the implementation of complex and flexible applications is a challenge. To enable the deployment of these applications, several middleware solutions were proposed. However, these solutions do not completely consider the security requirements of these networks. Based on the limitations of the existing solutions, this paper presents a new secure middleware, called Secure Middleware for Ad Hoc Networks (SEMAN, which provides a set of basic and secure services to MANETs aiming to facilitate the development of distributed, complex, and flexible applications. SEMAN considers the context of applications and organizes nodes into groups, also based on these contexts. The middleware includes three modules: service, processing, and security. Security module is the main part of the middleware. It has the following components: key management, trust management, and group management. All these components were developed and are described in this paper. They are supported by a cryptographic core and behave according to security rules and policies. The integration of these components provides security guarantees against attacks to the applications that usethe middleware services.

  3. Multilevel security model for ad hoc networks

    Institute of Scientific and Technical Information of China (English)

    Wang Changda; Ju Shiguang

    2008-01-01

    Modern battlefield doctrine is based on mobility, flexibility, and rapid response to changing situations.As is well known, mobile ad hoc network systems are among the best utilities for battlefield activity. Although much research has been done on secure routing, security issues have largely been ignored in applying mobile ad hoc network theory to computer technology. An ad hoc network is usually assumed to be homogeneous, which is an irrational assumption for armies. It is clear that soldiers, commanders, and commanders-in-chief should have different security levels and computation powers as they have access to asymmetric resources. Imitating basic military rank levels in battlefield situations, how multilevel security can be introduced into ad hoc networks is indicated, thereby controlling restricted classified information flows among nodes that have different security levels.

  4. Biometrics for home networks security

    KAUST Repository

    Ansari, Imran Shafique

    2009-01-01

    Hacking crimes committed to the home networks are increasing. Advanced network protection is not always possible for the home networks. In this paper we will study the ability of using biometric systems for authentication in home networks. ©2009 IEEE.

  5. Cyber Security Policy. A methodology for Determining a National Cyber-Security Alert Level

    Directory of Open Access Journals (Sweden)

    Dan Constantin TOFAN

    2012-01-01

    Full Text Available Nowadays, assuring the security of the national cyber-space has become a big issue that can only be tackled through collaborative approaches. Threats cannot be confined to a single computer system just as much as computer systems are rendered useless without being con-nected to a supporting network. The authors of this article propose an innovative architecture of a system designated to help governments collect and analyze data about cyber-security in-cidents, from different organizations, dispersed nationwide, and acting within various economic sectors. The collected data will make us able to determine a national cyber-security alert score that could help policy makers in establishing the best strategies for protecting the national cyber-space.

  6. Mining social networks and security informatics

    CERN Document Server

    Özyer, Tansel; Rokne, Jon; Khoury, Suheil

    2013-01-01

    Crime, terrorism and security are in the forefront of current societal concerns. This edited volume presents research based on social network techniques showing how data from crime and terror networks can be analyzed and how information can be extracted. The topics covered include crime data mining and visualization; organized crime detection; crime network visualization; computational criminology; aspects of terror network analyses and threat prediction including cyberterrorism and the related area of dark web; privacy issues in social networks; security informatics; graph algorithms for soci

  7. Computational social networks security and privacy

    CERN Document Server

    2012-01-01

    Presents the latest advances in security and privacy issues in computational social networks, and illustrates how both organizations and individuals can be protected from real-world threats Discusses the design and use of a wide range of computational tools and software for social network analysis Provides experience reports, survey articles, and intelligence techniques and theories relating to specific problems in network technology

  8. Bayesian networks and food security - An introduction

    NARCIS (Netherlands)

    Stein, A.

    2004-01-01

    This paper gives an introduction to Bayesian networks. Networks are defined and put into a Bayesian context. Directed acyclical graphs play a crucial role here. Two simple examples from food security are addressed. Possible uses of Bayesian networks for implementation and further use in decision sup

  9. On Delay and Security in Network Coding

    Science.gov (United States)

    Dikaliotis, Theodoros K.

    2013-01-01

    In this thesis, delay and security issues in network coding are considered. First, we study the delay incurred in the transmission of a fixed number of packets through acyclic networks comprised of erasure links. The two transmission schemes studied are routing with hop-by-hop retransmissions, where every node in the network simply stores and…

  10. The Political Economy of Carbon Securities and Environmental Policy

    DEFF Research Database (Denmark)

    Polborn, Sarah

    The costs of the current suboptimal carbon abatement policy are likely in the range of 3 to 6 trillion 2005 US dollars. Using methods from the political economy of environmental policy, the paper develops a new carbon abatement policy instrument, carbon securities. A carbon security entitles its...

  11. Idology and Its Applications in Public Security and Network Security

    OpenAIRE

    Su, Shenghui; Zheng, Jianhua; Huang, Zhiqiu; Li, Zhoujun; Tang, Zhenmin; Wang, Jian; Lu, Shuwang

    2016-01-01

    Fraud (swindling money or property by fictional, counterfeit, forged, or imitative things or by impersonating other persons) forms its threats against public security and network security. Anti-fraud is essentially the identification of a person or thing. In this paper, the authors first propose the concept of idology - a systematic and scientific study of identifications of persons and things, and give the definitions of a symmetric identity and an asymmetric identity. Discuss the conversion...

  12. Mosaic: Policy Homomorphic Network Extension

    CERN Document Server

    Li, L Erran; Yang, Y R

    2010-01-01

    With the advent of large-scale cloud computing infrastructure, network extension and migration has emerged as a major challenge in the management of modern enterprise networks. Many enterprises are considering extending or relocating their network components, in whole or in part, to remote, private and public data centers, in order to attain scalability, failure resilience, and cost savings for their network applications. In this paper, we conduct a first rigorous study on the extension and migration of an enterprise network while preserving its performance and security requirements, such as layer 2/layer 3 reachability, and middle-box traversal through load balancer, intrusion detection and ACLs. We formulate this increasingly important problem, present preliminary designs, and conduct experiments to validate the feasibility of our designs.

  13. The Security Research of Digital Library Network

    Science.gov (United States)

    Zhang, Xin; Song, Ding-Li; Yan, Shu

    Digital library is a self-development needs for the modern library to meet the development requirements of the times, changing the way services and so on. digital library from the hardware, technology, management and other aspects to objective analysis of the factors of threats to digital library network security. We should face up the problems of digital library network security: digital library network hardware are "not hard", the technology of digital library is relatively lag, digital library management system is imperfect and other problems; the government should take active measures to ensure that the library funding, to enhance the level of network hardware, to upgrade LAN and prevention technology, to improve network control technology, network monitoring technology; to strengthen safety management concepts, to prefect the safety management system; and to improve the level of security management modernization for digital library.

  14. Network Security Enhancement through Honeypot based Systems

    Directory of Open Access Journals (Sweden)

    S Deepa Lakshmi

    2015-02-01

    Full Text Available Computer Networks and Internet has become very famous nowadays since it satisfies people with varying needs by providing variety of appropriate services. Computer Networks have revolutionized our use of computers. Online bills, shopping, transactions and many other essential activities performed on the go by just a single click from our homes. Though it is a boon in this era, it also has its own risks and weaknesses too. Industries need to tussle to provide security to their networks and indeed not possible to offer a cent per cent security due to the intangible intelligence of hackers intruding into the network. This paper exploits the concept of honeypots for providing security to networks of industries which may not have custom intrusion detection systems or firewalls. The proposed model captures the various techniques used by hackers and creates a log of all hacker activities. Thus using this log, the production network system can be prevented from attackers.

  15. Secure Communication in Stochastic Wireless Networks

    CERN Document Server

    Pinto, Pedro C; Win, Moe Z

    2010-01-01

    Information-theoretic security -- widely accepted as the strictest notion of security -- relies on channel coding techniques that exploit the inherent randomness of the propagation channels to significantly strengthen the security of digital communications systems. Motivated by recent developments in the field, this paper aims at a characterization of the fundamental secrecy limits of wireless networks. Based on a general model in which legitimate nodes and potential eavesdroppers are randomly scattered in space, the intrinsically secure communications graph (iS-graph) is defined from the point of view of information-theoretic security. Conclusive results are provided for the local connectivity of the Poisson iS-graph, in terms of node degrees and isolation probabilities. It is shown how the secure connectivity of the network varies with the wireless propagation effects, the secrecy rate threshold of each link, and the noise powers of legitimate nodes and eavesdroppers. Sectorized transmission and eavesdroppe...

  16. An Overview of Computer Network security and Research Technology

    OpenAIRE

    Rathore, Vandana

    2016-01-01

    The rapid development in the field of computer networks and systems brings both convenience and security threats for users. Security threats include network security and data security. Network security refers to the reliability, confidentiality, integrity and availability of the information in the system. The main objective of network security is to maintain the authenticity, integrity, confidentiality, availability of the network. This paper introduces the details of the technologies used in...

  17. Automatic Security Assessment for Next Generation Wireless Mobile Networks

    Directory of Open Access Journals (Sweden)

    Francesco Palmieri

    2011-01-01

    Full Text Available Wireless networks are more and more popular in our life, but their increasing pervasiveness and widespread coverage raises serious security concerns. Mobile client devices potentially migrate, usually passing through very light access control policies, between numerous and heterogeneous wireless environments, bringing with them software vulnerabilities as well as possibly malicious code. To cope with these new security threats the paper proposes a new active third party authentication, authorization and security assessment strategy in which, once a device enters a new Wi-Fi environment, it is subjected to analysis by the infrastructure, and if it is found to be dangerously insecure, it is immediately taken out from the network and denied further access until its vulnerabilities have been fixed. The security assessment module, that is the fundamental component of the aforementioned strategy, takes advantage from a reliable knowledge base containing semantically-rich information about the mobile node under examination, dynamically provided by network mapping and configuration assessment facilities. It implements a fully automatic security analysis framework, based on AHP, which has been conceived to be flexible and customizable, to provide automated support for real-time execution of complex security/risk evaluation tasks which depends on the results obtained from different kind of analysis tools and methodologies. Encouraging results have been achieved utilizing a proof-of-concept model based on current technology and standard open-source networking tools.

  18. Secure Routing in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Soumyashree Sahoo

    2012-01-01

    Full Text Available Wireless sensor networks is the new concept in the field of networks consists of small, large number of sensing nodes which is having the sensing, computational and transmission power. Due to lack of tamper-resistant infrastructure and the insecure nature of wireless communication channels, these networks are vulnerable to internal and external attacks. Key Management is a major challenge to achieve security in wireless sensor networks. Key management includes the process of key setup, the initial distribution of keys and keys revocation. To provide security and proper routing or communication should be encrypted and authenticated. It is not easy to achieve secure key establishment without public key cryptography. In this thesis, some key management schemes have been purposed which will be valuable for secure routing between different sensor nodes.

  19. Virtual network security: threats, countermeasures, and challenges

    National Research Council Canada - National Science Library

    Bays, Leonardo Richter; Oliveira, Rodrigo Ruas; Barcellos, Marinho Pilla; Gaspary, Luciano Paschoal; Mauro Madeira, Edmundo Roberto

    2015-01-01

    ... for the development and evaluation of new architectures and protocols. Despite the wide applicability of network virtualization, the shared use of routing devices and communication channels leads to a series of security-related concerns...

  20. Current Computer Network Security Issues/Threats

    National Research Council Canada - National Science Library

    Ammar Yassir; Alaa A K Ismaeel

    2016-01-01

    Computer network security has been a subject of concern for a long period. Many efforts have been made to address the existing and emerging threats such as viruses and Trojan among others without any significant success...

  1. Automated Analysis of Security in Networking Systems

    DEFF Research Database (Denmark)

    Buchholtz, Mikael

    2004-01-01

    It has for a long time been a challenge to built secure networking systems. One way to counter this problem is to provide developers of software applications for networking systems with easy-to-use tools that can check security properties before the applications ever reach the marked. These tools...... will both help raise the general level of awareness of the problems and prevent the most basic flaws from occurring. This thesis contributes to the development of such tools. Networking systems typically try to attain secure communication by applying standard cryptographic techniques. In this thesis...... attacks, and attacks launched by insiders. Finally, the perspectives for the application of the analysis techniques are discussed, thereby, coming a small step closer to providing developers with easy- to-use tools for validating the security of networking applications....

  2. A security architecture for personal networks

    NARCIS (Netherlands)

    Jehangir, Assed; Heemstra de Groot, Sonia M.

    2006-01-01

    Abstract Personal Network (PN) is a new concept utilizing pervasive computing to meet the needs of the user. As PNs edge closer towards reality, security becomes an important concern since any vulnerability in the system will limit its practical use. In this paper we introduce a security architectur

  3. A Security Architecture for Personal Networks

    NARCIS (Netherlands)

    Jehangir, A.; Heemstra de Groot, S.M.

    2006-01-01

    Abstract Personal Network (PN) is a new concept utilizing pervasive computing to meet the needs of the user. As PNs edge closer towards reality, security becomes an important concern since any vulnerability in the system will limit its practical use. In this paper we introduce a security

  4. Network security with openSSL cryptography for secure communications

    CERN Document Server

    Viega, John; Chandra, Pravir

    2002-01-01

    Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications.The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. The library is the only free, full-featured SSL implementation for C and C++, and it can be used programmatically or from the command line to secure most TCP-based network protocols.Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library?s advanced features. And, inst...

  5. The Security of Wireless Local Area Network

    Institute of Scientific and Technical Information of China (English)

    林楠; 李翠霞

    2007-01-01

    The Wireless Local Area Network (WLAN) is a new and developing technology and the security problem is always important in all networks; therefore, the security problems will be discussed in this article. The article firstly introduces the history of development of IEEE 802.11 and provides an overview of the Wireless LAN. The architecture of WLAN will be referred in next. Finally, the further of the wireless LAN will be prospected by this article.

  6. Network Policy and Economic Doctrines

    Science.gov (United States)

    Atkinson, Robert D.

    2010-01-01

    For many years, debates over telecommunications network policy were marked by a relative lack of partisan and ideological conflict. In the last decade, this has changed markedly. Today, debates over a whole set of issues, including broadband competition, net neutrality, copyright, privacy, and others, have become more contentious. These…

  7. Security and Network Operations [video

    OpenAIRE

    2012-01-01

    Senior Security Engineer, Matthew Myrick discusses the current cyber threats that we are all facing, the five W's (who, what, when, where, and how) of cyber security, past and present cyber-attack trends, and ways you can help protect yourself and your enterprise from cyber-attack.

  8. Security and Network Operations [video

    OpenAIRE

    Myrick, Matthew

    2012-01-01

    Senior Security Engineer, Matthew Myrick discusses the current cyber threats that we are all facing, the five W's (who, what, when, where, and how) of cyber security, past and present cyber-attack trends, and ways you can help protect yourself and your enterprise from cyber-attack.

  9. Securing Mobile Networks in an Operational Setting

    Science.gov (United States)

    Ivancic, William D.; Stewart, David H.; Bell, Terry L.; Paulsen, Phillip E.; Shell, Dan

    2004-01-01

    This paper describes a network demonstration and three month field trial of mobile networking using mobile-IPv4. The network was implemented as part of the US Coast Guard operational network which is a ".mil" network and requires stringent levels of security. The initial demonstrations took place in November 2002 and a three month field trial took place from July through September of 2003. The mobile network utilized encryptors capable of NSA-approved Type 1 algorithms, mobile router from Cisco Systems and 802.11 and satellite wireless links. This paper also describes a conceptual architecture for wide-scale deployment of secure mobile networking in operational environments where both private and public infrastructure is used. Additional issues presented include link costs, placement of encryptors and running routing protocols over layer-3 encryption devices.

  10. Secure Data Network System (SDNS) network, transport, and message security protocols

    Science.gov (United States)

    Dinkel, C.

    1990-03-01

    The Secure Data Network System (SDNS) project, implements computer to computer communications security for distributed applications. The internationally accepted Open Systems Interconnection (OSI) computer networking architecture provides the framework for SDNS. SDNS uses the layering principles of OSI to implement secure data transfers between computer nodes of local area and wide area networks. Four security protocol documents developed by the National Security Agency (NSA) as output from the SDNS project are included. SDN.301 provides the framework for security at layer 3 of the OSI Model. Cryptographic techniques to provide data protection for transport connections or for connectionless-mode transmission are described in SDN.401. Specifications for message security service and protocol are contained in SDN.701. Directory System Specifications for Message Security Protocol are covered in SDN.702.

  11. Wireless Network Security Vulnerabilities and Concerns

    Science.gov (United States)

    Mushtaq, Ahmad

    The dilemma of cyber communications insecurity has existed all the times since the beginning of the network communications. The problems and concerns of unauthorized access and hacking has existed form the time of introduction of world wide web communication and Internet's expansion for popular use in 1990s, and has remained till present time as one of the most important issues. The wireless network security is no exception. Serious and continuous efforts of investigation, research and development has been going on for the last several decades to achieve the goal of provision of 100 percent or full proof security for all the protocols of networking architectures including the wireless networking. Some very reliable and robust strategies have been developed and deployed which has made network communications more and more secure. However, the most desired goal of complete security has yet to see the light of the day. The latest Cyber War scenario, reported in the media of intrusion and hacking of each other's defense and secret agencies between the two super powers USA and China has further aggravated the situation. This sort of intrusion by hackers between other countries such as India and Pakistan, Israel and Middle East countries has also been going on and reported in the media frequently. The paper reviews and critically examines the strategies already in place, for wired network. Wireless Network Security and also suggests some directions and strategies for more robust aspects to be researched and deployed.

  12. Analyzing security protocols in hierarchical networks

    DEFF Research Database (Denmark)

    Zhang, Ye; Nielson, Hanne Riis

    2006-01-01

    Validating security protocols is a well-known hard problem even in a simple setting of a single global network. But a real network often consists of, besides the public-accessed part, several sub-networks and thereby forms a hierarchical structure. In this paper we first present a process calculus...... capturing the characteristics of hierarchical networks and describe the behavior of protocols on such networks. We then develop a static analysis to automate the validation. Finally we demonstrate how the technique can benefit the protocol development and the design of network systems by presenting a series...

  13. AD SHARING IN SOCIAL NETWORKS : ROLE OF USER DEFINED POLICIES

    Directory of Open Access Journals (Sweden)

    Venkata N Inukollu

    2014-09-01

    Full Text Available Security policies describe the demeanor of a system through specific rules and are becoming an increasingly popular approach for static and dynamic environment applications.Online social networks have become a de facto portal for Internet access for millions of users. Users share different content on social media sometimes which includes personal information.However, users entrust the social network providers with such personal information.Although social networking sites offer privacy controls, the sites provide insufficient controls to restrict data sharing and let users restrict how their data is handled and viewed by other users.To match the privacy demands of an online social network user, we have suggested a new security policy and have tested the policy successfully on various levels

  14. A Cluster- Based Secure Active Network Environment

    Institute of Scientific and Technical Information of China (English)

    CHEN Xiao-lin; ZHOU Jing-yang; DAI Han; LU Sang-lu; CHEN Gui-hai

    2005-01-01

    We introduce a cluster-based secure active network environment (CSANE) which separates the processing of IP packets from that of active packets in active routers. In this environment, the active code authorized or trusted by privileged users is executed in the secure execution environment (EE) of the active router, while others are executed in the secure EE of the nodes in the distributed shared memory (DSM) cluster. With the supports of a multi-process Java virtual machine and KeyNote, untrusted active packets are controlled to securely consume resource. The DSM consistency management makes that active packets can be parallelly processed in the DSM cluster as if they were processed one by one in ANTS (Active Network Transport System). We demonstrate that CSANE has good security and scalability, but imposing little changes on traditional routers.

  15. Security Threats in Wireless Sensor Networks

    DEFF Research Database (Denmark)

    Giannetsos, Athanasios

    2011-01-01

    intrusions forms an important part of an integrated approach to network security. In this work, we start by considering the problem of cooperative intrusion detection in WSNs and develop a lightweight ID system, called LIDeA, which follows an intelligent agent-based architecture. We show how such a system....... Security and privacy are rapidly replacing performance as the first and foremost concern in many sensor networking scenarios. While security prevention is important, it cannot guarantee that attacks will not be launched and that, once launched, they will not be successful. Therefore, detection of malicious...... networks are. Motivated by this unexplored security aspect, we investigate a new set of memory related vulnerabilities for sensor embedded devices that, if exploited, can lead to the execution of software-based attacks. We demonstrate how to execute malware on wireless sensor nodes that are based...

  16. INFORMATION SECURITY IN COMPUTER NETWORKS

    OpenAIRE

    Мехед, Д. Б.

    2016-01-01

    The article deals with computer networks, types of construction, the analysis of the advantages and disadvantages of different types of networks. The basic types of information transmission, highlighted their advantages and disadvantages, losing information and methods of protection.

  17. Networks and Bargaining in Policy Analysis

    DEFF Research Database (Denmark)

    Bogason, Peter

    2006-01-01

    A duscussion of the fight between proponents of rationalistic policy analysis and more political interaction models for policy analysis. The latter group is the foundation for the many network models of policy analysis of today....

  18. Multi-cultural network security

    Energy Technology Data Exchange (ETDEWEB)

    Stevens, D.F.

    1996-04-01

    Education and awareness are widely acknowledged to be among the fundamental issues of Internet security, but only in the sense of making Internet users more security conscious. For the Internet to achieve its promise as an information highway, however, a complementary education effort is needed. If adequate Internet security is to be achieved, we must also increase the awareness of the professional security community of the requirements, attitudes, and habits of the many different cultures that participate in the Internet. Discussions of {open_quotes}the Internet{close_quotes} encourage the misapprehension that there is a single, uniform user community instead of a loose alliance of many cultures that differ in many fundamental aspects. This is true even if we limit our consideration to ethical cultures. At this Workshop alone we have representatives of administrative and military cultures, Governmental and commercial cultures, profit-cultures and non-profit cultures, research and operational cultures. Internet cultures are united in their desire to exploit the connectivity, flexibility, and rapidity of communication provided by the net, but differ greatly in their motivations, their attitudes towards authority, their willingness to cooperate within their own communities, their interest in technical arcana, and the patience with which they will put up with - or the enthusiasm with which they will embrace - the growing list of procedures deemed necessary for acceptable security. They even differ in how they define {open_quotes}acceptable security{close_quotes}.

  19. Networks and Bargaining in Policy Analysis

    DEFF Research Database (Denmark)

    Bogason, Peter

    2006-01-01

    A duscussion of the fight between proponents of rationalistic policy analysis and more political interaction models for policy analysis. The latter group is the foundation for the many network models of policy analysis of today.......A duscussion of the fight between proponents of rationalistic policy analysis and more political interaction models for policy analysis. The latter group is the foundation for the many network models of policy analysis of today....

  20. The citizen security reconfiguration: The security and coexistence policy for football in Colombia

    OpenAIRE

    Diego Felipe Puentes Sánchez

    2015-01-01

    Security policies are passing through a crucial time in which management strategies focused on crime, use of force and increasing clampdown on criminal matters, are inefficient in a scenario that promotes a normative spectrum linked to Human Rights seeking to insert the security as a condition for the construction of universal dignity in what the United Nations has called Human Security. This article is inserted in the current citizen security policy debates, to evidence how concepts such as ...

  1. Delegation Management Modeling in a Security Policy based Environment

    Directory of Open Access Journals (Sweden)

    Sihem Guemara El Fatmi

    2013-07-01

    Full Text Available Security Policies (SP constitute the core of communication networks protection infrastructures. It offers a set of rules allowing differentiating between legitimate actions and prohibited ones and consequently, associates each entity in the network with a set of permissions and privileges. Moreover, in today's technological society and to allow applications perpetuity, communication networks must support the collaboration between entities to face up any unavailability or flinching. This collaboration must be governed by security mechanisms according to the established permissions and privileges. Delegation is a common practice that is used to simplify the sharing of responsibilities and privileges. The delegation process in a SP environment can be implanted through the use of adequate formalisms and modeling. The main contribution of this paper is then, the proposition of a generic and formal modeling of delegation process. This modeling is based on three steps composing the delegation life cycle: negotiation used for delegation initiation, verification of the SP respect while delegating and revocation of an established delegation. Hence, we propose to deal with each step according to the main delegation characteristics and extend them by some new specificities.

  2. China's Education Policy-Making: A Policy Network Perspective

    Science.gov (United States)

    Han, Shuangmiao; Ye, Fugui

    2017-01-01

    Policy network approach has become a broadly accepted and frequently adopted practice in modern state governance, especially in the public sector. The study utilises a broadly defined policy network conceptual frame and categories of reference to trace the evolution of education policy-making in China. The study uses "The Outline of China's…

  3. The university computer network security system

    Institute of Scientific and Technical Information of China (English)

    张丁欣

    2012-01-01

    With the development of the times, advances in technology, computer network technology has been deep into all aspects of people's lives, it plays an increasingly important role, is an important tool for information exchange. Colleges and universities is to cultivate the cradle of new technology and new technology, computer network Yulu nectar to nurture emerging technologies, and so, as institutions of higher learning should pay attention to the construction of computer network security system.

  4. Privacy and Security Research Group workshop on network and distributed system security: Proceedings

    Energy Technology Data Exchange (ETDEWEB)

    1993-05-01

    This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

  5. Globally reasoning about localised security policies in distributed systems

    DEFF Research Database (Denmark)

    Hernandez, Alejandro Mario

    In this report, we aim at establishing proper ways for model checking the global security of distributed systems, which are designed consisting of set of localised security policies that enforce specific issues about the security expected. The systems are formally specified following a syntax, de...

  6. Analysis of Network Security Spasms and Circumvention

    Directory of Open Access Journals (Sweden)

    Sangamithra A

    2016-04-01

    Full Text Available Network is one of the rapid growing technology in today’s world. Network is attached in our life from small things to large things. Everywhere network is spreaded, where people are surrounded by network. We can get more advantage in various fields by using the network. But at the same time there is a lot of things is there to attack the security of the network. In this paper we discuss about the main common attacks in the network , about the causes of the attack and how to recover from that. So this will be helpful for the researcher to come up with the best prevention of the attacks in network.

  7. Penetration Testing: A Roadmap to Network Security

    CERN Document Server

    Naik, Nitin A; Khamitkar, Santosh D; Kalyankar, Namdeo V

    2009-01-01

    Network penetration testing identifies the exploits and vulnerabilities those exist within computer network infrastructure and help to confirm the security measures. The objective of this paper is to explain methodology and methods behind penetration testing and illustrate remedies over it, which will provide substantial value for network security Penetration testing should model real world attacks as closely as possible. An authorized and scheduled penetration testing will probably detected by IDS (Intrusion Detection System). Network penetration testing is done by either or manual automated tools. Penetration test can gather evidence of vulnerability in the network. Successful testing provides indisputable evidence of the problem as well as starting point for prioritizing remediation. Penetration testing focuses on high severity vulnerabilities and there are no false positive.

  8. NETWORK MANAGEMENT WITH SECURED MOBILE AGENT

    Institute of Scientific and Technical Information of China (English)

    迈克尔; 徐良贤

    2002-01-01

    Network management scheme must consider security challenges for the Mobile Agent paradigm to be accepted in the Internet computing world. Techniques to provide security solutions have been proposed and some have achieved good results. For example, it is possible to launch a code with a guarantee that it cannot attack the hosting sites. The main problem remaining, however, is protecting the mobile code against malicious service providers, the host problem. This paper proposed a Mobile Agent management scheme in a hierarchical level that provides to user a reliable and flexible global access to internet/network information services. We further described a protection mechanism to Mobile Agents against malicious hosts. As an effort to address host problems we first identify the kinds of attack that may be performed by malicious hosts, and propose a mechanism to prevent these attacks. At each agent host we introduce a trusted third party entity on each server called Secure Service Station (SSS) to carry out security actions.

  9. Information security policies and procedures a practitioner's reference

    CERN Document Server

    Peltier, Thomas R

    2004-01-01

    INFORMATION SECURITY POLICIES AND PROCEDURES Introduction Corporate Policies Organizationwide (Tier 1) Policies Organizationwide Policy Document Legal Requirements Duty of Loyalty Duty of Care Other Laws and Regulations Business Requirements Where to Begin? Summary Why Manage This Process as a Project? Introduction First Things First: Identify the Sponsor Defining the Scope of Work Time Management Cost Management Planning for Quality Managing Human Resources Creating a Communications Plan Summary Planning and Preparation Introduction Objectives of Policies, Stand

  10. Wireless Network Penetration Testing and Security Auditing

    Directory of Open Access Journals (Sweden)

    Wang Shao-Long

    2016-01-01

    Full Text Available IEEE802.11 wireless wireless networks have security issues that are vulnerable to a variety of attacks. Due to using radio to transport data, attackers can bypass firewalls, sniff sensitive information, intercept packets and send malicious packets. Security auditing and penetration testing is expected to ensure wireless networks security. The contributions of this work are analyzed the vulnerability and types of attacks pertaining to IEEE 802.11 WLAN, performed well known attacks in a laboratory environment to conduct penetration tests to confirm whether our wireless network is hackable or not. WAIDPS is configured as auditing tool to view wireless attacks, such as WEP/WPA/WPA2 cracking, rouge access points, denial of service attack. WAIDPS is designed to detect wireless intrusion with additional features. Penetration testing and auditing will mitigate the risk and threatening to protect WALN.

  11. A improved Network Security Situation Awareness Model

    Directory of Open Access Journals (Sweden)

    Li Fangwei

    2015-08-01

    Full Text Available In order to reflect the situation of network security assessment performance fully and accurately, a new network security situation awareness model based on information fusion was proposed. Network security situation is the result of fusion three aspects evaluation. In terms of attack, to improve the accuracy of evaluation, a situation assessment method of DDoS attack based on the information of data packet was proposed. In terms of vulnerability, a improved Common Vulnerability Scoring System (CVSS was raised and maked the assessment more comprehensive. In terms of node weights, the method of calculating the combined weights and optimizing the result by Sequence Quadratic Program (SQP algorithm which reduced the uncertainty of fusion was raised. To verify the validity and necessity of the method, a testing platform was built and used to test through evaluating 2000 DAPRA data sets. Experiments show that the method can improve the accuracy of evaluation results.

  12. Security Modeling on the Supply Chain Networks

    Directory of Open Access Journals (Sweden)

    Marn-Ling Shing

    2007-10-01

    Full Text Available In order to keep the price down, a purchaser sends out the request for quotation to a group of suppliers in a supply chain network. The purchaser will then choose a supplier with the best combination of price and quality. A potential supplier will try to collect the related information about other suppliers so he/she can offer the best bid to the purchaser. Therefore, confidentiality becomes an important consideration for the design of a supply chain network. Chen et al. have proposed the application of the Bell-LaPadula model in the design of a secured supply chain network. In the Bell-LaPadula model, a subject can be in one of different security clearances and an object can be in one of various security classifications. All the possible combinations of (Security Clearance, Classification pair in the Bell-LaPadula model can be thought as different states in the Markov Chain model. This paper extends the work done by Chen et al., provides more details on the Markov Chain model and illustrates how to use it to monitor the security state transition in the supply chain network.

  13. High Performance Network Security Using NIDS Approach

    Directory of Open Access Journals (Sweden)

    Sutapa Sarkar

    2014-06-01

    Full Text Available Ever increasing demand of good quality communication relies heavily on Network Intrusion Detection System (NIDS. Intrusion detection for network security demands high performance. This paper gives a description of the available approaches for a network intrusion detection system in both software and hardware implementation. This paper gives a description of the structure of Snort rule set which is a very popular software signature and anomaly based Intrusion Detection and prevention system. This paper also discusses the merit of FPGA devices to be used in network intrusion detection system implementation and the approaches used in hardware implementation of NIDS.

  14. Security Threats in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Sushma

    2011-05-01

    Full Text Available Wireless Sensor Network (WSN is an emergingtechnology that shows great promise for variousfuturistic applications both for mass public andmilitary. The sensing technology combined withprocessing power and wireless communication makesit lucrative for being exploited in abundance in future.Wireless sensor networks are characterized byseverely constrained computational and energy resources, and an ad hoc operational environment. Wireless sensor networks (WSN are currently receiving significant attention due to their unlimitedpotential. However, it is still very early in the lifetime of such systems and many research challenges exist. This paper studies the security aspects of these networks.

  15. The research of computer network security and protection strategy

    Science.gov (United States)

    He, Jian

    2017-05-01

    With the widespread popularity of computer network applications, its security is also received a high degree of attention. Factors affecting the safety of network is complex, for to do a good job of network security is a systematic work, has the high challenge. For safety and reliability problems of computer network system, this paper combined with practical work experience, from the threat of network security, security technology, network some Suggestions and measures for the system design principle, in order to make the masses of users in computer networks to enhance safety awareness and master certain network security technology.

  16. 76 FR 67484 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2011-11-01

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office, National Archives and Records... meeting to discuss National Industrial Security Program policy matters. DATES: The meeting will be held on...

  17. 76 FR 28099 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2011-05-13

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office, National Archives and Records... meeting to discuss National Industrial Security Program policy matters. DATES: The meeting will be held on...

  18. 77 FR 12623 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2012-03-01

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy... ] Industrial Security Program policy matters. Dated: February 23, 2012. Mary Ann Hadyka, Committee Management... number of individuals planning to attend must be submitted to the Information Security Oversight Office...

  19. 76 FR 6636 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2011-02-07

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office, National Archives and Records... meeting. To discuss National Industrial Security Program policy matters. DATES: The meeting will be held...

  20. WNN-Based Network Security Situation Quantitative Prediction Method and Its Optimization

    Institute of Scientific and Technical Information of China (English)

    Ji-Bao Lai; Hui-Qiang Wang; Xiao-Wu Liu; Ying Liang; Rui-Juan Zheng; Guo-Sheng Zhao

    2008-01-01

    The accurate and real-time prediction of network security situation is the premise and basis of preventing intrusions and attacks in a large-scale network. In order to predict the security situation more accurately, a quantitative prediction method of network security situation based on Wavelet Neural Network with Genetic Algorithm (GAWNN) is proposed. After analyzing the past and the current network security situation in detail, we build a network security situation prediction model based on wavelet neural network that is optimized by the improved genetic algorithm and then adopt GAWNN to predict the non-linear time series of network security situation. Simulation experiments prove that the proposed method has advantages over Wavelet Neural Network (WNN) method and Back Propagation Neural Network (BPNN) method with the same architecture in convergence speed, functional approximation and prediction accuracy. What is more, system security tendency and laws by which security analyzers and administrators can adjust security policies in near real-time are revealed from the prediction results as early as possible.

  1. Handbook of space security policies, applications and programs

    CERN Document Server

    Hays, Peter; Robinson, Jana; Moura, Denis; Giannopapa, Christina

    2015-01-01

    Space Security involves the use of space (in particular communication, navigation, earth observation, and electronic intelligence satellites) for military and security purposes on earth and also the maintenance of space (in particular the earth orbits) as safe and secure areas for conducting peaceful activities. The two aspects can be summarized as "space for security on earth" and “the safeguarding of space for peaceful endeavors.” The Handbook will provide a sophisticated, cutting-edge resource on the space security policy portfolio and the associated assets, assisting fellow members of the global space community and other interested policy-making and academic audiences in keeping abreast of the current and future directions of this vital dimension of international space policy. The debate on coordinated space security measures, including relevant 'Transparency and Confidence-Building Measures,' remains at a relatively early stage of development. The book offers a comprehensive description of the variou...

  2. The help of formal models for healthcare security policies.

    Science.gov (United States)

    Trouessin, G; Barber, B

    1997-01-01

    This article is a personal contribution (i.e., from a strict security expert point of view) towards the help for specification, validation and/or evaluation of reliable, but also secure, healthcare security policies (HSP). The first part is dedicated to show, according to the various aspects of the security policy concept, that healthcare information systems (HIS) offer such a diversity of particularities and potential security needs, that it is necessary for healthcare security policies to be defined as flexible, but also as robust, as possible. Then the formal modelling approach, a wide area of solutions providing both flexibility (by means of modelling) and robustness (by means of formalization), is presented. The most well-known examples of security models are recalled. All of them try to use formal models as a security policy specification/validation tool, but none of them can be helpfully used in the very demanding context of HIS. Lastly, a new approach for the modelling of healthcare security policies, based on modal logic (i.e., epistemic and/or deontic logic) is proposed. It permits to take into account the flexibility (by means of high expressiveness due to modality) and the robustness (by means of high provability due to modelling) needs.

  3. Keystone Business Models for Network Security Processors

    Directory of Open Access Journals (Sweden)

    Arthur Low

    2013-07-01

    Full Text Available Network security processors are critical components of high-performance systems built for cybersecurity. Development of a network security processor requires multi-domain experience in semiconductors and complex software security applications, and multiple iterations of both software and hardware implementations. Limited by the business models in use today, such an arduous task can be undertaken only by large incumbent companies and government organizations. Neither the “fabless semiconductor” models nor the silicon intellectual-property licensing (“IP-licensing” models allow small technology companies to successfully compete. This article describes an alternative approach that produces an ongoing stream of novel network security processors for niche markets through continuous innovation by both large and small companies. This approach, referred to here as the "business ecosystem model for network security processors", includes a flexible and reconfigurable technology platform, a “keystone” business model for the company that maintains the platform architecture, and an extended ecosystem of companies that both contribute and share in the value created by innovation. New opportunities for business model innovation by participating companies are made possible by the ecosystem model. This ecosystem model builds on: i the lessons learned from the experience of the first author as a senior integrated circuit architect for providers of public-key cryptography solutions and as the owner of a semiconductor startup, and ii the latest scholarly research on technology entrepreneurship, business models, platforms, and business ecosystems. This article will be of interest to all technology entrepreneurs, but it will be of particular interest to owners of small companies that provide security solutions and to specialized security professionals seeking to launch their own companies.

  4. The use of Wireless Sensor Network for increasing airport security

    Directory of Open Access Journals (Sweden)

    Jakub Kraus

    2013-11-01

    Full Text Available This article focuses on the use of wireless sensor networks for airport security, respectively using sensor networks as a replacement or add-on to existing security measures. The article describes the sensor network and its possible application to various airport objects and financial analysis of the perimeter security with wireless sensor network.

  5. Security Issues of Wireless Communication Networks

    OpenAIRE

    Alimul Haque; Sinha, A. K.; Singh, K.M.; N. K. Sing

    2014-01-01

    Wireless Communication Networks have attracted a lot of interest in the research community due to their potential applicability in a wide range of real-world practical applications. However, due to the distributed nature and their deployments in critical applications without human interventions and sensitivity and criticality of data communicated, these networks are vulnerable to numerous security threats that can adversely affect their performance. These issues become even more critical in w...

  6. Three Essays on Information Security Policies

    Science.gov (United States)

    Yang, Yubao

    2011-01-01

    Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

  7. Three Essays on Information Security Policies

    Science.gov (United States)

    Yang, Yubao

    2011-01-01

    Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

  8. Network and Database Security: Regulatory Compliance, Network, and Database Security - A Unified Process and Goal

    Directory of Open Access Journals (Sweden)

    Errol A. Blake

    2007-12-01

    Full Text Available Database security has evolved; data security professionals have developed numerous techniques and approaches to assure data confidentiality, integrity, and availability. This paper will show that the Traditional Database Security, which has focused primarily on creating user accounts and managing user privileges to database objects are not enough to protect data confidentiality, integrity, and availability. This paper is a compilation of different journals, articles and classroom discussions will focus on unifying the process of securing data or information whether it is in use, in storage or being transmitted. Promoting a change in Database Curriculum Development trends may also play a role in helping secure databases. This paper will take the approach that if one make a conscientious effort to unifying the Database Security process, which includes Database Management System (DBMS selection process, following regulatory compliances, analyzing and learning from the mistakes of others, Implementing Networking Security Technologies, and Securing the Database, may prevent database breach.

  9. Russia’s soft security policy: 2000 – 2012

    Directory of Open Access Journals (Sweden)

    Murat Yorulmaz

    2012-12-01

    Full Text Available In the post-Soviet era, Russia has encountered several asymmetric threats which cannot be solved by using conventional forces. Especially after the terrorist attacks of September 11, 2001 in the U.S., Russia has recognized the importance of non-military power to find a powerful place in international system under Vladimir Putin presidency. In that respect, this article seeks to analyse changing Russia’s national security strategy during Putin presidency and need to redefine its national security concept. The article aims to explain Russian soft security policy under Vladimir Putin and examines the basic soft security threats which Russia has encountered and how it fought against these threats in the post-Soviet era. Contrary to the mainstream literature suggesting that Russia has focused exclusively on hard security issues within its national security policies due to its historical background and geo-political factors, the article argues that Russia started to give more importance to soft security besides hard security in its national security policies since Putin’s presidency. Among soft security challenges, Russia prioritizes especially terrorism, transnational organized crime and energy security.

  10. Citizen Involvement in Local Security Networks

    NARCIS (Netherlands)

    Terpstra, J.B.

    2009-01-01

    This paper deals with the involvement of citizens (and local businesspersons) in the prevention and control of crime and disorder. Four models of citizen involvement in local security networks are distinguished. In each of these models the role of citizens concentrates on different functions: (1) p

  11. Laboratory Experiments for Network Security Instruction

    Science.gov (United States)

    Brustoloni, Jose Carlos

    2006-01-01

    We describe a sequence of five experiments on network security that cast students successively in the roles of computer user, programmer, and system administrator. Unlike experiments described in several previous papers, these experiments avoid placing students in the role of attacker. Each experiment starts with an in-class demonstration of an…

  12. Developing a secured social networking site using information security awareness techniques

    Directory of Open Access Journals (Sweden)

    Julius O. Okesola

    2014-03-01

    Full Text Available Background: Ever since social network sites (SNS became a global phenomenon in almost every industry, security has become a major concern to many SNS stakeholders. Several security techniques have been invented towards addressing SNS security, but information security awareness (ISA remains a critical point. Whilst very few users have used social circles and applications because of a lack of users’ awareness, the majority have found it difficult to determine the basis of categorising friends in a meaningful way for privacy and security policies settings. This has confirmed that technical control is just part of the security solutions and not necessarily a total solution. Changing human behaviour on SNSs is essential; hence the need for a privately enhanced ISA SNS.Objective: This article presented sOcialistOnline – a newly developed SNS, duly secured and platform independent with various ISA techniques fully implemented.Method: Following a detailed literature review of the related works, the SNS was developed on the basis of Object Oriented Programming (OOP approach, using PhP as the coding language with the MySQL database engine at the back end.Result: This study addressed the SNS requirements of privacy, security and services, and attributed them as the basis of architectural design for sOcialistOnline. SNS users are more aware of potential risk and the possible consequences of unsecured behaviours.Conclusion: ISA is focussed on the users who are often the greatest security risk on SNSs, regardless of technical securities implemented. Therefore SNSs are required to incorporate effective ISA into their platform and ensure users are motivated to embrace it.

  13. Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

    Science.gov (United States)

    Kraemer, Sara; Carayon, Pascale

    2007-03-01

    This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

  14. Computationally Efficient Neural Network Intrusion Security Awareness

    Energy Technology Data Exchange (ETDEWEB)

    Todd Vollmer; Milos Manic

    2009-08-01

    An enhanced version of an algorithm to provide anomaly based intrusion detection alerts for cyber security state awareness is detailed. A unique aspect is the training of an error back-propagation neural network with intrusion detection rule features to provide a recognition basis. Network packet details are subsequently provided to the trained network to produce a classification. This leverages rule knowledge sets to produce classifications for anomaly based systems. Several test cases executed on ICMP protocol revealed a 60% identification rate of true positives. This rate matched the previous work, but 70% less memory was used and the run time was reduced to less than 1 second from 37 seconds.

  15. Computationally Efficient Neural Network Intrusion Security Awareness

    Energy Technology Data Exchange (ETDEWEB)

    Todd Vollmer; Milos Manic

    2009-08-01

    An enhanced version of an algorithm to provide anomaly based intrusion detection alerts for cyber security state awareness is detailed. A unique aspect is the training of an error back-propagation neural network with intrusion detection rule features to provide a recognition basis. Network packet details are subsequently provided to the trained network to produce a classification. This leverages rule knowledge sets to produce classifications for anomaly based systems. Several test cases executed on ICMP protocol revealed a 60% identification rate of true positives. This rate matched the previous work, but 70% less memory was used and the run time was reduced to less than 1 second from 37 seconds.

  16. Position paper: A generic approach for security policies composition

    DEFF Research Database (Denmark)

    Hernandez, Alejandro Mario; Nielson, Flemming

    2012-01-01

    When modelling access control in distributed systems, the problem of security policies composition arises. Much work has been done on different ways of combining policies, and using different logics to do this. In this paper, we propose a more general approach based on a 4-valued logic, that abst......When modelling access control in distributed systems, the problem of security policies composition arises. Much work has been done on different ways of combining policies, and using different logics to do this. In this paper, we propose a more general approach based on a 4-valued logic...

  17. Protocols for Wireless Sensor Networks and Its Security

    Directory of Open Access Journals (Sweden)

    Dr. Adil Jamil Zaru

    2016-12-01

    Full Text Available This paper proposes a protocol for Wireless Sensor Networks and its security which are characterized by severely constrained computational and energy resources, and an ad hoc operational environment. The paper first introduces sensor networks, and discusses security issues and goals along with security problems, threats, and risks in sensor networks. It describes crippling attacks against all of them and suggests countermeasures and design considerations. It gives a brief introduction of proposed security protocol SPINS whose building blocks are SNEP and μTESLA which overcome all the important security threats and problems and achieves security goals like data confidentiality, freshness, authentication in order to provide a secure Wireless Sensor Network.

  18. Bot armies as threats to network security

    Science.gov (United States)

    Banks, Sheila B.; Stytz, Martin R.

    2007-04-01

    "Botnets", or "bot armies", are large groups of remotely controlled malicious software. Bot armies pose one of the most serious security threats to all networks. Botnets, remotely controlled and operated by botmasters or botherders, can launch massive denial of service attacks, multiple penetration attacks, or any other malicious network activity on a massive scale. While bot army activity has, in the past, been limited to fraud, blackmail, and other forms of criminal activity, their potential for causing large-scale damage to the entire internet; for launching large-scale, coordinated attacks on government computers and networks; and for large-scale, coordinated data gathering from thousands of users and computers on any network has been underestimated. This paper will not discuss how to build bots but the threats they pose. In a "botnet" or "bot army", computers can be used to spread spam, launch denial-of-service attacks against Web sites, conduct fraudulent activities, and prevent authorized network traffic from traversing the network. In this paper we discuss botnets and the technologies that underlie this threat to network and computer security. The first section motivates the need for improved protection against botnets, their technologies, and for further research about botnets. The second contains background information about bot armies and their key underlying technologies. The third section presents a discussion of the types of attacks that botnets can conduct and potential defenses against them. The fourth section contains a summary and suggestions for future research and development.

  19. Security management of next generation telecommunications networks and services

    CERN Document Server

    Jacobs, Stuart

    2014-01-01

    This book will cover network management security issues and currently available security mechanisms by discussing how network architectures have evolved into the contemporary NGNs which support converged services (voice, video, TV, interactive information exchange, and classic data communications). It will also analyze existing security standards and their applicability to securing network management. This book will review 21st century security concepts of authentication, authorization, confidentiality, integrity, nonrepudiation, vulnerabilities, threats, risks, and effective approaches to enc

  20. Identifying the Key Weaknesses in Network Security at Colleges.

    Science.gov (United States)

    Olsen, Florence

    2000-01-01

    A new study identifies and ranks the 10 security gaps responsible for most outsider attacks on college computer networks. The list is intended to help campus system administrators establish priorities as they work to increase security. One network security expert urges that institutions utilize multiple security layers. (DB)

  1. Debating food security policy in two different ideational settings

    DEFF Research Database (Denmark)

    Farsund, Arild Aurvåg; Daugbjerg, Carsten

    2017-01-01

    (agriculture is considered a unique economic sector with special market and production conditions). It is demonstrated in the article how these two opposing institutionalised ideational foundations have influenced the nature of the food security debate in the two countries. In Australia, the debate emphasises......Food security has emerged as a relatively new policy issue in agricultural policy making in developed countries. This policy problem is addressed within an institutional landscape in which agricultural ideas and institutions are well-established. In this article, food security policy making...... in Australia and Norway is compared. In Australia, agricultural normalism (agricultural markets and production are considered to be similar to those of other economic sectors) has been dominant since the mid-1980s, while Norwegian agricultural policy making has been dominated by agricultural exceptionalism...

  2. A study of the security technology and a new security model for WiFi network

    Science.gov (United States)

    Huang, Jing

    2013-07-01

    The WiFi network is one of the most rapidly developing wireless communication networks, which makes wireless office and wireless life possible and greatly expands the application form and scope of the internet. At the same time, the WiFi network security has received wide attention, and this is also the key factor of WiFi network development. This paper makes a systematic introduction to the WiFi network and WiFi network security problems, and the WiFi network security technology are reviewed and compared. In order to solve the security problems in WiFi network, this paper presents a new WiFi network security model and the key exchange algorithm. Experiments are performed to test the performance of the model, the results show that the new security model can withstand external network attack and ensure stable and safe operation of WiFi network.

  3. Collaborative Policy Making: Vertical Integration in The Homeland Security Enterprise

    Science.gov (United States)

    2011-12-01

    National Preparedness: A Case Study in the Development of Public Policy,” Sam Clovis agrees that homeland security is a national issue but...recommends that state and local governments have maximum flexibility in implementing homeland security programs ( Clovis , 2006). He sees the federal...national preparedness ( Clovis , 2006). The author goes on to recommend a framework of “Collaborative Federalism” for homeland security. A review of

  4. Computer network security and cyber ethics

    CERN Document Server

    Kizza, Joseph Migga

    2014-01-01

    In its 4th edition, this book remains focused on increasing public awareness of the nature and motives of cyber vandalism and cybercriminals, the weaknesses inherent in cyberspace infrastructure, and the means available to protect ourselves and our society. This new edition aims to integrate security education and awareness with discussions of morality and ethics. The reader will gain an understanding of how the security of information in general and of computer networks in particular, on which our national critical infrastructure and, indeed, our lives depend, is based squarely on the individ

  5. WLAN Integrated with GPRS Network Securely

    Directory of Open Access Journals (Sweden)

    Mohammed A. Abdalla

    2012-01-01

    Full Text Available In this paper a WLAN network that accesses the Internet through a GPRS network was implemented and tested. The proposed network is managed by the Linux based server. Because of the limited facilities of GPRS such as dynamic IP addressing besides to its limited bandwidth a number of techniques are implemented to overcome these limitations.Dynamic Host Configuration Protocol (DHCP server was added to provide a single central control for all TCP/IP resources. Squid Proxy was added to provide caching of the redundant accessed Web content to reduce the Internet bandwidth usage and speeding up the client’s download time. Network Address Translation (NAT service was configured to share one IP address among several different systems. In order to accomplish a secure channel to exchange data between two network devices, the Secure Shell (SSH protocol was added. The first test shows that the data transfer rate at different time intervals of the day found to be an average of 10.95 Kbps for uploading and 13.7 Kbps for downloading and the second test shows that the network performance improved when squid proxy cache was used. The data rate found to be 143.3 Kbps average for uploading rate and 376.6 Kbps average for downloading rate.

  6. Development and Analysis of Security Policies in Security Enhanced Android

    Science.gov (United States)

    2012-12-01

    daemons. For instance, vold, the volume daemon, which manages the file system and rild, the radio interface link daemon, are started. The next...policy files, all of these files are combined and run through the Linux Gnu m4 macro processor to generate a policy.conf file [61]. The m4 macro...Domains The file defining AVRs for applications is found in app.te. These rules apply to applications that lack a predefined platform UID (system, radio

  7. Security Aspects of an Enterprise-Wide Network Architecture.

    Science.gov (United States)

    Loew, Robert; Stengel, Ingo; Bleimann, Udo; McDonald, Aidan

    1999-01-01

    Presents an overview of two projects that concern local area networks and the common point between networks as they relate to network security. Discusses security architectures based on firewall components, packet filters, application gateways, security-management components, an intranet solution, user registration by Web form, and requests for…

  8. Security Aspects of an Enterprise-Wide Network Architecture.

    Science.gov (United States)

    Loew, Robert; Stengel, Ingo; Bleimann, Udo; McDonald, Aidan

    1999-01-01

    Presents an overview of two projects that concern local area networks and the common point between networks as they relate to network security. Discusses security architectures based on firewall components, packet filters, application gateways, security-management components, an intranet solution, user registration by Web form, and requests for…

  9. Beyond the security paradox: Ten criteria for a socially informed security policy.

    Science.gov (United States)

    Pavone, Vincenzo; Ball, Kirstie; Degli Esposti, Sara; Dibb, Sally; Santiago-Gómez, Elvira

    2017-04-01

    This article investigates the normative and procedural criteria adopted by European citizens to assess the acceptability of surveillance-oriented security technologies. It draws on qualitative data gathered at 12 citizen summits in nine European countries. The analysis identifies 10 criteria, generated by citizens themselves, for a socially informed security policy. These criteria not only reveal the conditions, purposes and operation rules that would make current European security policies and technologies more consistent with citizens' priorities. They also cast light on an interesting paradox: although people feel safe in their daily lives, they believe security could, and should, be improved.

  10. An Integrative Behavioral Model of Information Security Policy Compliance

    Directory of Open Access Journals (Sweden)

    Sang Hoon Kim

    2014-01-01

    Full Text Available The authors found the behavioral factors that influence the organization members’ compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members’ attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1 the study is expected to play a role of the baseline for future research about organization members’ compliance with the information security policy, (2 the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3 the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training

  11. An integrative behavioral model of information security policy compliance.

    Science.gov (United States)

    Kim, Sang Hoon; Yang, Kyung Hoon; Park, Sunyoung

    2014-01-01

    The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members' compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing

  12. Using Mobile Agents and Overlay Networks to Secure Electrical Networks

    Energy Technology Data Exchange (ETDEWEB)

    Dawes, Neal A.; Prosser, Bryan J.; Fulp, Errin W.; McKinnon, Archibald D.

    2013-02-11

    ABSTRACT The use of wandering, mobile agents can provide a robust approach for managing, monitoring, and securing electrical distribution networks. However, the topological structure of electrical networks can affect system performance. For example, if the multi-agent system relies on a regular inspection rate (on average, points of interest are inspected with equal frequency), then locations that are not well connected will on average be inspected less frequently. This paper discusses creation and use of overlay networks that create a virtual grid graph can provide faster coverage and a more uniform average agent sampling rate. Using overlays agents wander a virtual neighborhood consisting of only points of interest that are interconnected in a regular fashion (each point has the same number of neighbors). Experimental results will show that an overlay can often provide better network coverage and a more uniform inspection rate, which can improve cyber security by providing a faster detection of threats.

  13. Quantum photonic network and physical layer security.

    Science.gov (United States)

    Sasaki, Masahide; Endo, Hiroyuki; Fujiwara, Mikio; Kitamura, Mitsuo; Ito, Toshiyuki; Shimizu, Ryosuke; Toyoshima, Morio

    2017-08-06

    Quantum communication and quantum cryptography are expected to enhance the transmission rate and the security (confidentiality of data transmission), respectively. We study a new scheme which can potentially bridge an intermediate region covered by these two schemes, which is referred to as quantum photonic network. The basic framework is information theoretically secure communications in a free space optical (FSO) wiretap channel, in which an eavesdropper has physically limited access to the main channel between the legitimate sender and receiver. We first review a theoretical framework to quantify the optimal balance of the transmission efficiency and the security level under power constraint and at finite code length. We then present experimental results on channel characterization based on 10 MHz on-off keying transmission in a 7.8 km terrestrial FSO wiretap channel.This article is part of the themed issue 'Quantum technology for the 21st century'. © 2017 The Author(s).

  14. Quantum photonic network and physical layer security

    Science.gov (United States)

    Sasaki, Masahide; Endo, Hiroyuki; Fujiwara, Mikio; Kitamura, Mitsuo; Ito, Toshiyuki; Shimizu, Ryosuke; Toyoshima, Morio

    2017-06-01

    Quantum communication and quantum cryptography are expected to enhance the transmission rate and the security (confidentiality of data transmission), respectively. We study a new scheme which can potentially bridge an intermediate region covered by these two schemes, which is referred to as quantum photonic network. The basic framework is information theoretically secure communications in a free space optical (FSO) wiretap channel, in which an eavesdropper has physically limited access to the main channel between the legitimate sender and receiver. We first review a theoretical framework to quantify the optimal balance of the transmission efficiency and the security level under power constraint and at finite code length. We then present experimental results on channel characterization based on 10 MHz on-off keying transmission in a 7.8 km terrestrial FSO wiretap channel. This article is part of the themed issue 'Quantum technology for the 21st century'.

  15. Social networking mining, visualization, and security

    CERN Document Server

    Dehuri, Satchidananda; Wang, Gi-Nam

    2014-01-01

    With the proliferation of social media and on-line communities in networked world a large gamut of data has been collected and stored in databases. The rate at which such data is stored is growing at a phenomenal rate and pushing the classical methods of data analysis to their limits. This book presents an integrated framework of recent empirical and theoretical research on social network analysis based on a wide range of techniques from various disciplines like data mining, social sciences, mathematics, statistics, physics, network science, machine learning with visualization techniques, and security. The book illustrates the potential of multi-disciplinary techniques in various real life problems and intends to motivate researchers in social network analysis to design more effective tools by integrating swarm intelligence and data mining.  

  16. Family Economic Security Policies and Child and Family Health.

    Science.gov (United States)

    Spencer, Rachael A; Komro, Kelli A

    2017-03-01

    In this review, we examine the effects of family economic security policies (i.e., minimum wage, earned income tax credit, unemployment insurance, Temporary Assistance to Needy Families) on child and family health outcomes, summarize policy generosity across states in the USA, and discuss directions and possibilities for future research. This manuscript is an update to a review article that was published in 2014. Millions of Americans are affected by family economic security policies each year, many of whom are the most vulnerable in society. There is increasing evidence that these policies impact health outcomes and behaviors of adults and children. Further, research indicates that, overall, policies which are more restrictive are associated with poorer health behaviors and outcomes; however, the strength of the evidence differs across each of the four policies. There is significant diversity in state-level policies, and it is plausible that these policy variations are contributing to health disparities across and within states. Despite increasing evidence of the relationship between economic policies and health, there continues to be limited attention to this issue. State policy variations offer a valuable opportunity for scientists to conduct natural experiments and contribute to evidence linking social policy effects to family and child well-being. The mounting evidence will help to guide future research and policy making for evolving toward a more nurturing society for family and child health and well-being.

  17. Security and privacy preserving in social networks

    CERN Document Server

    Chbeir, Richard

    2013-01-01

    This volume aims at assessing the current approaches and technologies, as well as to outline the major challenges and future perspectives related to the security and privacy protection of social networks. It provides the reader with an overview of the state-of-the art techniques, studies, and approaches as well as outlining future directions in this field. A wide range of interdisciplinary contributions from various research groups ensures for a balanced and complete perspective.

  18. The Network's Data Security Risk Analysis

    Directory of Open Access Journals (Sweden)

    Emil BURTESCU

    2008-01-01

    Full Text Available Establishing the networks security risk can be a very difficult operation especially for the small companies which, from financial reasons can't appeal at specialist in this domain, or for the medium or large companies that don't have experience. The following method proposes not to use complex financial calculus to determine the loss level and the value of impact making the determination of risk level a lot easier.

  19. Networks as Policy Instruments for Innovation

    Science.gov (United States)

    Beers, Pieter J.; Geerling-Eiff, Florentien

    2014-01-01

    Purpose: The purpose of this article is to compare the effectiveness of facilitated networks to other policy instruments for agricultural innovation. Design/ methodology/ approach: In an exploratory study of the Dutch agricultural policy context, we conducted semi-structured interviews with ten experts on networks and innovation. Policy…

  20. Networks as Policy Instruments for Innovation

    Science.gov (United States)

    Beers, Pieter J.; Geerling-Eiff, Florentien

    2014-01-01

    Purpose: The purpose of this article is to compare the effectiveness of facilitated networks to other policy instruments for agricultural innovation. Design/ methodology/ approach: In an exploratory study of the Dutch agricultural policy context, we conducted semi-structured interviews with ten experts on networks and innovation. Policy…

  1. 高校数字校园网络安全体系的设计与策略分析%Analysis on University Digital Campus Network Security System Design and Policy

    Institute of Scientific and Technical Information of China (English)

    吕绍鑫

    2016-01-01

    当今社会,网络技术已经应用于社会的各行各业。各大高校也积极走在时代的前列,进行各自的校园网建设,推动信息化的进程。但是,校园网络的安全问题,一直是困扰校园信息化工作的一个难题。各种安全隐患和安全威胁给校园网的应用带来了各种不便。文章将分析校园网络安全的各种风险和威胁,针对网络安全体系的设计原则,提出网络安全体系的构建策略,确保校园网络的信息安全。%In today's society, the network technology has been applied to the social from all walks of life. Universities also walk in the forefront of The Times, actively conduct their own campus network construction, promote the process of informatization. But, the campus network security problems, has always been a difficulty in the campus informatization. Various security hidden danger and security threats to the application of campus network has brought all kinds of inconvenience. This article will analyze the campus network security risks and threats, according to the design principle of network security system, put forward the construction strategy of network security system, to ensure the safety of the campus network information.

  2. Secure Authentication in Heterogeneous Wireless Networks

    Directory of Open Access Journals (Sweden)

    Arjan Durresi

    2008-01-01

    Full Text Available The convergence of cellular and IP technologies has pushed the integration of 3G and WLAN networks to the forefront. Gaining secure access to 3G services from 802.11 WLANs is a primary challenge for this new integrated wireless technology. Successful execution of 3G security algorithms can be limited to a specified area by encrypting a user's authentication challenge with spatial data defining his visited WLAN. With limited capacity to determine a user's location only to within a current cell and restrictions on accessing users' location due to privacy, 3G operators must rely on spatial data sent from visited WLANs to implement spatial authentication control. A potential risk is presented to 3G operators since no prior relationship or trust may exist with a WLAN owner. Algorithms to quantify the trust between all parties of 3G-WLAN integrated networks are presented to further secure user authentication. Ad-hoc serving networks and the trust relationships established between mobile users are explored to define stronger algorithms for 3G – WLAN user authentication.

  3. Korea’s Overseas Food Security Policy

    DEFF Research Database (Denmark)

    Müller, Anders Riel

    with the government's other policies that affect the Korean agricultural sector such as domestic economic development priorities and bilateral free trade agreements with large agricultural exporters such as Chile, the EU and the USA. It is observed that these policies all have in common that they to a large extent...

  4. 77 FR 34411 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2012-06-11

    ... RECORDS ADMINISTRATION National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY... made for the following committee meeting. To discuss National Industrial Security Program policy... must be submitted to the Information Security Oversight Office (ISOO) no later than Friday, July 6...

  5. Latvian Security and Defense Policy within the Twenty-First Century Security Environment

    Directory of Open Access Journals (Sweden)

    Rublovskis Raimonds

    2014-12-01

    Full Text Available The aim of this paper is to analyze fundamental factors which form and profoundly shape security and defense policy of the Republic of Latvia. One can argue that historical background, geographical location, common institutional history within the former Soviet Union, the Russia factor, the relative smallness of the territory of state and the population, the ethnic composition of the population, the low density of the population and rather limited financial and manpower resources available for the defense of the Republic of Latvia are the key factors of influence on the state security and defense policy. The core principles of the security and defense policy of Latvia are the membership in powerful global military alliance of NATO and bilateral strategic partnership with the United States. However, security and defense cooperation among the three Baltic States as well as enhanced cooperation within the Baltic-Nordic framework is seen as an important supplementary factor for the increased security of the Republic of Latvia. Latvia has developed a sustainable legal and institutional framework in order to contribute to state security and defense; however, security challenges and significant changes within the global security environment of the twenty-first century will further challenge the ability of the Republic of Latvia to sustain its current legal framework, and more importantly, current institutional structure of Latvian security and defense architecture. Significant internal and external challenges will impact the fundamental pillars of Latvian security and defense policy, such as American strategic shift to the Pacific, and lack of political will to increase defense budgets in European part of NATO. It has to be clear that very independence, security and defense of the Republic of Latvia depend on the ability of NATO to remain an effective organization with timely and efficient decision-making, and the ability of the United States to remain

  6. Security and privacy threats in RFID traceability network

    Institute of Scientific and Technical Information of China (English)

    Chu; Chao-Hsien

    2008-01-01

    To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communication protocol, access permission and privacy preservation. According to the security requirements that are needed in an RFID system, a security model that incorporates security requirements that include privacy of tag data, privacy of ownership, and availability of tag identity is introduced. ...

  7. A Novel Trusted Computing Model for Network Security Authentication

    Directory of Open Access Journals (Sweden)

    Ling Xing

    2014-02-01

    Full Text Available Network information poses great threats from malicious attacks due to the openness and virtuality of network structure. Traditional methods to ensure infor- mation security may fail when both integrity and source authentication for information are required. Based on the security of data broadcast channel, a novel Trusted Com- puting Model (TCM of network security authentication is proposed to enhance the security of network information. In this model, a method of Uniform content locator security Digital Certificate (UDC, which is capable of fully and uniquely index network information, is developed. Standard of MPEG-2 Transport Streams (TS is adopted to pack UDC data. Additionally, a UDC hashing algorithm (UHA512 is designed to compute the integrity and security of data infor- mation . Experimental results show that the proposed model is feasible and effective to network security authentication. 

  8. UGV: security analysis of subsystem control network

    Science.gov (United States)

    Abbott-McCune, Sam; Kobezak, Philip; Tront, Joseph; Marchany, Randy; Wicks, Al

    2013-05-01

    Unmanned Ground vehicles (UGVs) are becoming prolific in the heterogeneous superset of robotic platforms. The sensors which provide odometry, localization, perception, and vehicle diagnostics are fused to give the robotic platform a sense of the environment it is traversing. The automotive industry CAN bus has dominated the industry due to the fault tolerance and the message structure allowing high priority messages to reach the desired node in a real time environment. UGVs are being researched and produced at an accelerated rate to preform arduous, repetitive, and dangerous missions that are associated with a military action in a protracted conflict. The technology and applications of the research will inevitably be turned into dual-use platforms to aid civil agencies in the performance of their various operations. Our motivation is security of the holistic system; however as subsystems are outsourced in the design, the overall security of the system may be diminished. We will focus on the CAN bus topology and the vulnerabilities introduced in UGVs and recognizable security vulnerabilities that are inherent in the communications architecture. We will show how data can be extracted from an add-on CAN bus that can be customized to monitor subsystems. The information can be altered or spoofed to force the vehicle to exhibit unwanted actions or render the UGV unusable for the designed mission. The military relies heavily on technology to maintain information dominance, and the security of the information introduced onto the network by UGVs must be safeguarded from vulnerabilities that can be exploited.

  9. Implantable Medical Devices; Networking Security Survey

    Directory of Open Access Journals (Sweden)

    Siamak Aram

    2016-08-01

    Full Text Available The industry of implantable medical devices (IMDs is constantly evolving, which is dictated by the pressing need to comprehensively address new challenges in the healthcare field. Accordingly, IMDs are becoming more and more sophisticated. Not long ago, the range of IMDs’ technical capacities was expanded, making it possible to establish Internet connection in case of necessity and/or emergency situation for the patient. At the same time, while the web connectivity of today’s implantable devices is rather advanced, the issue of equipping the IMDs with sufficiently strong security system remains unresolved. In fact, IMDs have relatively weak security mechanisms which render them vulnerable to cyber-attacks that compromise the quality of IMDs’ functionalities. This study revolves around the security deficiencies inherent to three types of sensor-based medical devices; biosensors, insulin pump systems and implantable cardioverter defibrillators. Manufacturers of these devices should take into consideration that security and effectiveness of the functionality of implants is highly dependent on the design. In this paper, we present a comprehensive study of IMDs’ architecture and specifically investigate their vulnerabilities at networking interface.

  10. 78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

    Science.gov (United States)

    2013-02-04

    ... SECURITY Homeland Security Information Network Advisory Committee (HSINAC) AGENCY: OPS/OCIO, DHS. ACTION: Committee Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet on February 27th-28th, 2013 in Washington, DC....

  11. Security challenges for energy-harvesting wireless sensor networks

    DEFF Research Database (Denmark)

    Di Mauro, Alessio; Papini, Davide; Dragoni, Nicola

    2012-01-01

    With the recent introduction of Energy-Harvesting nodes, security is gaining more and more importance in sensor networks. By exploiting the ability of scavenging energy from the surrounding environment, the lifespan of a node has drastically increased. This is one of the reason why security needs...... networks. Finally, we present and discuss existing security solutions for EH-WSNs....

  12. Study on Network Security Architecture for Power Systems

    Institute of Scientific and Technical Information of China (English)

    2005-01-01

    The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which protected data and facilities from being attacked by outside users by means of firewall, security monitor and control system. Firewall was basically the first line of defense for the intranet; the security monitoring system was a kind of IDS (Intrusion Detection System), while security control system provided authentication, authorization,data-encrypted transmission and security management. This architecture provides various security services, such as identification, authentication, authorization, data integrity and confidentiality.

  13. Development of an Internet Security Policy for health care establishments.

    Science.gov (United States)

    Ilioudis, C; Pangalos, G

    2000-01-01

    The Internet provides unprecedented opportunities for interaction and data sharing among health care providers, patients and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality and integrity of information. This paper defines the basic security requirements that must be addressed in order to use the Internet to safely transmit patient and/or other sensitive Health Care information. It describes a suitable Internet Security Policy for Health Care Establishments and provides the set of technical measures that are needed for its implementation. The proposed security policy and technical approaches have been based on an extensive study of the related recommendations from the security and standard groups both in EU amid USA and our related work and experience. The results have been utilized in the framework of the Intranet Health Clinic project, where the use of the Internet for the transmission of sensitive Health Care information is of vital importance.

  14. Risk Management as Strategic Change in National Homeland Security Policy

    Science.gov (United States)

    2007-09-01

    organizations. Similar to the previous discussion of conflict biguity in public policy implementation, these factors are the degree of agreement ree of...4. Networking and Collaboration Laurence O’Toole has written of the growing need for and the emergence of networks and collaboration in public...there is no unifying theory about networking in the public sector, Nancy Roberts c 242 Laurence O’Toole, Jr., “Treating Networks Seriously: Practical

  15. Secure Network-Centric Aviation Communication (SNAC)

    Science.gov (United States)

    Nelson, Paul H.; Muha, Mark A.; Sheehe, Charles J.

    2017-01-01

    The existing National Airspace System (NAS) communications capabilities are largely unsecured, are not designed for efficient use of spectrum and collectively are not capable of servicing the future needs of the NAS with the inclusion of new operators in Unmanned Aviation Systems (UAS) or On Demand Mobility (ODM). SNAC will provide a ubiquitous secure, network-based communications architecture that will provide new service capabilities and allow for the migration of current communications to SNAC over time. The necessary change in communication technologies to digital domains will allow for the adoption of security mechanisms, sharing of link technologies, large increase in spectrum utilization, new forms of resilience and redundancy and the possibly of spectrum reuse. SNAC consists of a long term open architectural approach with increasingly capable designs used to steer research and development and enable operating capabilities that run in parallel with current NAS systems.

  16. Security Policy:Consistency,Adjustments and Restraining Factors

    Institute of Scientific and Technical Information of China (English)

    Yang Jiemian

    2004-01-01

    @@ In the 2004 U.S. presidential election, despite well-divided domestic opinions and Kerry's appealing slogan of "Reversing the Trend," a slight majority still voted for George W. Bush in the end. It is obvious that, based on the author's analysis, security agenda such as counter-terrorism and Iraqi issue has contributed greatly to the reelection of Mr. Bush. This also indicates that the security policy of Bush's second term will basically be consistent.

  17. Future Options for Swedish Security Policy

    Science.gov (United States)

    2007-11-02

    14 General European Dogan Harris Kelleher Larrabee Lynn-Jones Murray Roper Asmus Barry Dornbusch Driscoll Feldtstein Flockhart...no. 6 (November/December 1997): 60. 21 Dornbusch , 114-116. 22 Feldstein, 61. 23 Ibid. 24 Ibid., 12. 25 Ham, 531. 26 Ibid. 27 Kelleher, 3...1993): 71-89. Dornbusch , Rudi. ’TEuro Fantasies." Foreign Affairs. Vol. 75, No. 5 (September/October 1996): 110-124 Driscoll, R. F. "European Security

  18. Survey on Security Issues in Vehicular Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    Bassem Mokhtar

    2015-12-01

    Full Text Available Vehicular Ad hoc NETworks are special case of ad hoc networks that, besides lacking infrastructure, communicating entities move with various accelerations. Accordingly, this impedes establishing reliable end-to-end communication paths and having efficient data transfer. Thus, VANETs have different network concerns and security challenges to get the availability of ubiquitous connectivity, secure communications, and reputation management systems which affect the trust in cooperation and negotiation between mobile networking entities. In this survey, we discuss the security features, challenges, and attacks of VANETs, and we classify the security attacks of VANETs due to the different network layers.

  19. Guide to National Security Policy and Strategy

    Science.gov (United States)

    2006-06-01

    to provoke war, but all become caught up in a maze of misperceptions, ambiguous communication, erroneous calculations, and policies of bluff and...were misled not only in the intelligence but misled in the way that the president took us to war,” the Democratic front- runner , Senator John F

  20. Automated Analysis of Security in Networking Systems

    DEFF Research Database (Denmark)

    Buchholtz, Mikael

    2004-01-01

    will both help raise the general level of awareness of the problems and prevent the most basic flaws from occurring. This thesis contributes to the development of such tools. Networking systems typically try to attain secure communication by applying standard cryptographic techniques. In this thesis......-experts users. The feasibility of the techiques is illustrated by a proof-of-concept implementation of a control ow analysis developed for LySa. From a techincal point of view, this implementation also interesting because it encodes in nite sets of algebraic terms, which denote encryption, as a nite number...

  1. Security and trust in online social networks

    CERN Document Server

    Carminati, Barbara; Viviani, Marco; Viviani, Marco; Carminati, Barbara

    2013-01-01

    The enormous success and diffusion that online social networks (OSNs) are encountering nowadays is vastly apparent. Users' social interactions now occur using online social media as communication channels; personal information and activities are easily exchanged both for recreational and business purposes in order to obtain social or economic advantages. In this scenario, OSNs are considered critical applications with respect to the security of users and their resources, for their characteristics alone: the large amount of personal information they manage, big economic upturn connected to thei

  2. Secure quantum network coding for controlled repeater networks

    Science.gov (United States)

    Shang, Tao; Li, Jiao; Liu, Jian-wei

    2016-07-01

    To realize efficient quantum communication based on quantum repeater, we propose a secure quantum network coding scheme for controlled repeater networks, which adds a controller as a trusted party and is able to control the process of EPR-pair distribution. As the key operations of quantum repeater, local operations and quantum communication are designed to adopt quantum one-time pad to enhance the function of identity authentication instead of local operations and classical communication. Scheme analysis shows that the proposed scheme can defend against active attacks for quantum communication and realize long-distance quantum communication with minimal resource consumption.

  3. DEPLOYMENT-DRIVEN SECURITY CONFIGURATION FOR VIRTUAL NETWORKS

    Directory of Open Access Journals (Sweden)

    Ramaswamy Chandramouli

    2014-12-01

    Full Text Available Virtualized Infrastructures are increasingly deployed in many data centers. One of the key components of this virtualized infrastructure is the virtual network – a software-defined communication fabric that links together the various Virtual Machines (VMs to each other and to the physical host on which the VMs reside. Because of its key role in providing connectivity among VMs and the applications hosted on them, Virtual Networks have to be securely configured to provide the foundation for the overall security of the virtualized infrastructure in any deployment scenario. The objective of this paper is to illustrate a deployment-driven methodology for deriving a security configuration for Virtual Networks. The methodology outlines two typical deployment scenarios, identifies use cases and their associated security requirements, the security solutions to meet those requirements, the virtual network security configuration to implement each security solution and then analyzes the pros and cons of each security solution.

  4. Connecting to the Internet Securely; Protecting Home Networks CIAC-2324

    Energy Technology Data Exchange (ETDEWEB)

    Orvis, W J; Krystosek, P; Smith, J

    2002-11-27

    With more and more people working at home and connecting to company networks via the Internet, the risk to company networks to intrusion and theft of sensitive information is growing. Working from home has many positive advantages for both the home worker and the company they work for. However, as companies encourage people to work from home, they need to start considering the interaction of the employee's home network and the company network he connects to. This paper discusses problems and solutions related to protection of home computers from attacks on those computers via the network connection. It does not consider protection of those systems from people who have physical access to the computers nor does it consider company laptops taken on-the-road. Home networks are often targeted by intruders because they are plentiful and they are usually not well secured. While companies have departments of professionals to maintain and secure their networks, home networks are maintained by the employee who may be less knowledgeable about network security matters. The biggest problems with home networks are that: Home networks are not designed to be secure and may use technologies (wireless) that are not secure; The operating systems are not secured when they are installed; The operating systems and applications are not maintained (for security considerations) after they are installed; and The networks are often used for other activities that put them at risk for being compromised. Home networks that are going to be connected to company networks need to be cooperatively secured by the employee and the company so they do not open up the company network to intruders. Securing home networks involves many of the same operations as securing a company network: Patch and maintain systems; Securely configure systems; Eliminate unneeded services; Protect remote logins; Use good passwords; Use current antivirus software; and Moderate your Internet usage habits. Most of these

  5. 75 FR 39582 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2010-07-09

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy... of the National Industrial Security Program Policy Advisory Committee. The meeting will be held to discuss National Industrial Security Program policy matters. DATES: The meeting will be held on July 21...

  6. 78 FR 71631 - Committee Name: Homeland Security Information Network Advisory Committee (HSINAC)

    Science.gov (United States)

    2013-11-29

    ... SECURITY Committee Name: Homeland Security Information Network Advisory Committee (HSINAC) AGENCY... Management; Notice of Federal Advisory Committee Meeting. SUMMARY: The Homeland Security Information Network... Homeland Security Information Network Advisory Committee (HSINAC) is an advisory body to the...

  7. 75 FR 44800 - Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday...

    Science.gov (United States)

    2010-07-29

    ... SECURITY Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday, August... meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSINAC) will meet from... Homeland Security Information Network Advisory Committee is to identify issues and provide to...

  8. Resistance and Security Index of Networks: Structural Information Perspective of Network Security

    Science.gov (United States)

    Li, Angsheng; Hu, Qifu; Liu, Jun; Pan, Yicheng

    2016-06-01

    Recently, Li and Pan defined the metric of the K-dimensional structure entropy of a structured noisy dataset G to be the information that controls the formation of the K-dimensional structure of G that is evolved by the rules, order and laws of G, excluding the random variations that occur in G. Here, we propose the notion of resistance of networks based on the one- and two-dimensional structural information of graphs. Given a graph G, we define the resistance of G, written , as the greatest overall number of bits required to determine the code of the module that is accessible via random walks with stationary distribution in G, from which the random walks cannot escape. We show that the resistance of networks follows the resistance law of networks, that is, for a network G, the resistance of G is , where and are the one- and two-dimensional structure entropies of G, respectively. Based on the resistance law, we define the security index of a network G to be the normalised resistance of G, that is, . We show that the resistance and security index are both well-defined measures for the security of the networks.

  9. Resistance and Security Index of Networks: Structural Information Perspective of Network Security.

    Science.gov (United States)

    Li, Angsheng; Hu, Qifu; Liu, Jun; Pan, Yicheng

    2016-06-03

    Recently, Li and Pan defined the metric of the K-dimensional structure entropy of a structured noisy dataset G to be the information that controls the formation of the K-dimensional structure of G that is evolved by the rules, order and laws of G, excluding the random variations that occur in G. Here, we propose the notion of resistance of networks based on the one- and two-dimensional structural information of graphs. Given a graph G, we define the resistance of G, written , as the greatest overall number of bits required to determine the code of the module that is accessible via random walks with stationary distribution in G, from which the random walks cannot escape. We show that the resistance of networks follows the resistance law of networks, that is, for a network G, the resistance of G is , where and are the one- and two-dimensional structure entropies of G, respectively. Based on the resistance law, we define the security index of a network G to be the normalised resistance of G, that is, . We show that the resistance and security index are both well-defined measures for the security of the networks.

  10. Korea’s Overseas Food Security Policy

    DEFF Research Database (Denmark)

    Müller, Anders Riel

    In the current debate of a global rush for farm land there seems to be an implicit consensus that the drive for resources is driven by increased global competition due to increased demand from emerging economic powerhouses such as China and India but also from resource poor countries such as South...... with the government's other policies that affect the Korean agricultural sector such as domestic economic development priorities and bilateral free trade agreements with large agricultural exporters such as Chile, the EU and the USA. It is observed that these policies all have in common that they to a large extent...... neglect the voices of the domestic agricultural sector consisting primarily of small scale farmers, while protecting and furthering the interests of economically and politically powerful conglomerates. In turn, I point to the historically contentious relationship between left-leaning farmer's movements...

  11. Secure Media Independent Handover Message Transport in Heterogeneous Networks

    OpenAIRE

    Cho Choong-Ho; Leung VictorCM; Won Jeong-Jae; Vadapalli Murahari

    2009-01-01

    The IEEE 802.21 framework for Media Independent Handover (MIH) provides seamless vertical handover support for multimode mobile terminals. MIH messages are exchanged over various wireless media between mobile terminals and access networks to facilitate seamless handover. This calls for the need to secure MIH messages against network security threats in the wireless medium. In this paper, we first analyze IPSec/IKEv2 and DTLS security solution for secure MIH message transport. We show that ha...

  12. Network Architecture, Security Issues, and Hardware Implementation of a Home Area Network for Smart Grid

    Directory of Open Access Journals (Sweden)

    Sergio Saponara

    2012-01-01

    Full Text Available This paper discusses aims, architecture, and security issues of Smart Grid, taking care of the lesson learned at University of Pisa in research projects on smart energy and grid. A key element of Smart Grid is the energy home area network (HAN, for which an implementation is proposed, dealing with its security aspects and showing some solutions for realizing a wireless network based on ZigBee. Possible hardware-software architectures and implementations using COTS (Commercial Off The Shelf components are presented for key building blocks of the energy HAN such as smart power meters and plugs and a home smart information box providing energy management policy and supporting user's energy awareness.

  13. Implementation of Security Facilities in Simple Network Management Protocol (SNMP)

    Institute of Scientific and Technical Information of China (English)

    2000-01-01

    Simple Network Management Protocol (SNMP) is the most widely used network management protocol on TCP/IP-based networks. However, the lack of security features, notably authentication and privacy, is its weakness. To rectify this deficiency, a new version of SNMP, known as SNMPv3, is presented. The principal security facilities defined in SNMPv3 which include timeliness mechanism, authentication, privacy and access control are outlined, and a example on how to implement security features in a practical software system is given.

  14. Wireless networks and security issues, challenges and research trends

    CERN Document Server

    Pathan, Al-Sakib

    2013-01-01

     “Wireless Networks and Security” provides a broad coverage of wireless security issues including cryptographic coprocessors, encryption, authentication, key management, attacks and countermeasures, secure routing, secure medium access control, intrusion detection, epidemics, security performance analysis, security issues in applications. The contributions identify various vulnerabilities in the physical layer, MAC layer, network layer, transport layer, and application layer, and focus on ways of strengthening security mechanisms and services throughout the layers. This carefully edited monograph is targeting  for researchers, post-graduate students in universities, academics, and industry practitioners or professionals.  

  15. Social networking policies in nursing education.

    Science.gov (United States)

    Frazier, Blake; Culley, Joan M; Hein, Laura C; Williams, Amber; Tavakoli, Abbas S

    2014-03-01

    Social networking use has increased exponentially in the past few years. A literature review related to social networking and nursing revealed a research gap between nursing practice and education. Although there was information available on the appropriate use of social networking sites, there was limited research on the use of social networking policies within nursing education. The purpose of this study was to identify current use of social media by faculty and students and a need for policies within nursing education at one institution. A survey was developed and administered to nursing students (n = 273) and nursing faculty (n = 33). Inferential statistics included χ², Fisher exact test, t test, and General Linear Model. Cronbach's α was used to assess internal consistency of social media scales. The χ² result indicates that there were associations with the group and several social media items. t Test results indicate significant differences between student and faculty for average of policies are good (P = .0127), policies and discipline (P = .0315), and policy at the study school (P = .0013). General Linear Model analyses revealed significant differences for "friend" a patient with a bond, unprofessional posts, policy, and nursing with class level. Results showed that students and faculty supported the development of a social networking policy.

  16. Space Shuttle security policies and programs

    Science.gov (United States)

    Keith, E. L.

    1985-01-01

    The Space Shuttle vehicle consists of the orbiter, external tank, and two solid rocket boosters. In dealing with security two major protective categories are considered, taking into account resource protection and information protection. A review is provided of four basic programs which have to be satisfied. Aspects of science and technology transfer are discussed. The restrictions for the transfer of science and technology information are covered under various NASA Management Instructions (NMI's). There were two major events which influenced the protection of sensitive and private information on the Space Shuttle program. The first event was a manned space flight accident, while the second was the enactment of a congressional bill to establish the rights of privacy. Attention is also given to national resource protection and national defense classified operations.

  17. Security Issues and Solutions in 3G Core Network

    Directory of Open Access Journals (Sweden)

    Xuena Peng

    2011-05-01

    Full Text Available Nowadays, the 3G network plays a very important role in mobile communication system. But the security concern of such network, especially the core network, is far from being satisfied. With the continuously development in the security enhancement in RAN, core network would become the future target of attackers. GPRS Tunnel Protocol (GTP, which is one of the key protocols in the core network, is quite vulnerable to attacks in the flat, full IP environment. Therefore solving such problem properly is very urgent and important for the operation of 3G network. In this paper, the security challenges in the 3G core network and the security issues in GTP are discussed, a defense solution for these security threats and an event-based description language are proposed. The experiment result shows the potential of our solution.

  18. Features of modern security policy UK political parties

    Directory of Open Access Journals (Sweden)

    A. V. Stalovierova

    2015-12-01

    Full Text Available The security policy of the British coalition government of D. Cameron (2010-2015 is summarized; it’s been proved that political forces of Tory and Liberal Democrat should have compromised to carry out unanimous course in the scope of national security, and the problems of the security strategy on parliamentary elections in 2015 are analyzed, particularly the comparative analysis of the modern safety strategy of leading British parties is exercised. Under conditions of the appearance of new challenges and threats, transformation of international safety system, the questions of safety policy often become the object of attention of the British community and experts. The absence of cross-party consensus on most terms of safety strategy of the United Kingdom during the election campaign in 2015 makes the discussion about perspectives of the British safety policy still more urgent. During the election campaign there was no unity on any aspect of security subject between parties. First of all, Labourists, Liberal Democrats, Scottish National Party and Green Party made a statement about readiness to develop cooperation with the EU and the Conservatives and the UK Independence Party were on the side of the Eurosceptics. The opinions of the parties were also divided on military operations abroad, financing and force level. In terms of one-party government and presence of majority in the House of Commons, the Conservatives have opportunities to realize their own vision of British safety policy.

  19. ANALYSIS OF SECURITY THREATS IN WIRELESS SENSOR NETWORK

    National Research Council Canada - National Science Library

    Sahabul Alam; Debashis De

    2014-01-01

    .... The inclusion of wireless communication technology also incurs various types of security threats due to unattended installation of sensor nodes as sensor networks may interact with sensitive data...

  20. Reviewing and reforming policy in health enterprise information security

    Science.gov (United States)

    Sostrom, Kristen; Collmann, Jeff R.

    2001-08-01

    Health information management policies usually address the use of paper records with little or no mention of electronic health records. Information Technology (IT) policies often ignore the health care business needs and operational use of the information stored in its systems. Representatives from the Telemedicine & Advanced Technology Research Center, TRICARE and Offices of the Surgeon General of each Military Service, collectively referred to as the Policies, Procedures and Practices Work Group (P3WG), examined military policies and regulations relating to computer-based information systems and medical records management. Using a system of templates and matrices created for the purpose, P3WG identified gaps and discrepancies in DoD and service compliance with the proposed Health Insurance Portability and Accountability Act (HIPAA) Security Standard. P3WG represents an unprecedented attempt to coordinate policy review and revision across all military health services and the Office of Health Affairs. This method of policy reform can identify where changes need to be made to integrate health management policy and IT policy in to an organizational policy that will enable compliance with HIPAA standards. The process models how large enterprises may coordinate policy revision and reform across broad organizational and work domains.

  1. Policy-Based mobility Management for Heterogeneous Networks

    DEFF Research Database (Denmark)

    Mihovska, Albena D.

    2007-01-01

    Next generation communications will be composed of flexible, scalable and context-aware, secure and resilient architectures and technologies that allow full mobility of the user and enable dynamic management policies that ensure end-to-end secure transmission of data and services across heterogen......Next generation communications will be composed of flexible, scalable and context-aware, secure and resilient architectures and technologies that allow full mobility of the user and enable dynamic management policies that ensure end-to-end secure transmission of data and services across...... heterogeneous infrastructures and networks. This paper investigates the policybased mobility management scheme proposed for the WINNER system. The scheme is based on previously developed cooperation radio resource management (RRM) algorithms including mobility management, for the successful interworking...... and on which network, what is the highest and lowest priority traffic, what are the levels in between, and how are they differentiated, how do we guarantee delivery of highest priority traffic (e.g., real-time applications), how can we guarantee the required for the delivery bandwidth, when and which traffic...

  2. The ghost of OPEC in energy security policy

    Energy Technology Data Exchange (ETDEWEB)

    Stagliano, V.A.

    1995-08-01

    Energy security policy continues to be haunted - at least within the halls of government - by fears of OPEC`s potential ability to curb oil supplies to the United States or to unexpectedly raise prices to economy-damaging levels. OPEC continues to exert (mainly psychological) influence in excess of its market role. Becaue OPEC`s continued existence skews the energy policy debate in the United States and in other oil-consuming countries, and because it complicates otherwise constructive relations between the US and the Arab world, the Clinton administration should confront OPEC and America`s energy security concerns directly. In its forthcoming energy-policy plan, the administration could declare the abolition of OPEC to be a goal of US foreign and trade policy. As a countermeasure, US energy policymakers should abandon the inflammatory frame of reference of energy security. No practical purpose has been served domestically or internationally by adherence to a policy that in the end has simply raised the economic cost of a vital commodity.

  3. Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain

    NARCIS (Netherlands)

    Dimkov, T.; Pieters, Wolter; Hartel, Pieter H.

    2009-01-01

    The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining physi

  4. Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain

    NARCIS (Netherlands)

    Dimkov, T.; Pieters, Wolter; Hartel, Pieter H.

    2009-01-01

    The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining

  5. Making Wireless Networks Secure for NASA Mission Critical Applications Using Virtual Private Network (VPN) Technology

    Science.gov (United States)

    Nichols, Kelvin F.; Best, Susan; Schneider, Larry

    2004-01-01

    acceptance. The user computer running the VPN client and the target site that is running the VPN firewall exchange this encryption key and therefore are the only ones that are able to decipher the data. The level of encryption offered by the VPN is making it possible for wireless networks to pass the strict security policies that have kept them from being used in the past. Now people will be able to benefit from the many advantages that wireless networking has to offer in the area of mission critical applications.

  6. Making Wireless Networks Secure for NASA Mission Critical Applications Using Virtual Private Network (VPN) Technology

    Science.gov (United States)

    Nichols, Kelvin F.; Best, Susan; Schneider, Larry

    2004-01-01

    acceptance. The user computer running the VPN client and the target site that is running the VPN firewall exchange this encryption key and therefore are the only ones that are able to decipher the data. The level of encryption offered by the VPN is making it possible for wireless networks to pass the strict security policies that have kept them from being used in the past. Now people will be able to benefit from the many advantages that wireless networking has to offer in the area of mission critical applications.

  7. Policy-based network management with SNMP

    NARCIS (Netherlands)

    Boros, S.

    2000-01-01

    This paper presents a way of managing configuration of network elements via a set of high-level rules or business policies rather than managing device by device. First, there is a need for abstraction of the capabilities of the individual devices, thus switching the control to network level. The ben

  8. The securitisation of pandemic influenza: framing, security and public policy.

    Science.gov (United States)

    Kamradt-Scott, Adam; McInnes, Colin

    2012-01-01

    This article examines how pandemic influenza has been framed as a security issue, threatening the functioning of both state and society, and the policy responses to this framing. Pandemic influenza has long been recognised as a threat to human health. Despite this, for much of the twentieth century it was not recognised as a security threat. In the decade surrounding the new millennium, however, the disease was successfully securitised with profound implications for public policy. This article addresses the construction of pandemic influenza as a threat. Drawing on the work of the Copenhagen School, it examines how it was successfully securitised at the turn of the millennium and with what consequences for public policy.

  9. Implementation of Portion Approach in Distributed Firewall Application for Network Security Framework

    Directory of Open Access Journals (Sweden)

    Harleen Kaur

    2011-11-01

    Full Text Available The stimulate of this research seeks collaboration of firewalls which, could reach to the capability of distributed points of security policy; the front-end entity may much interact by the invaders so the separation between this entity and back-end entity to make the secure domain protection is necessary; collaborative security entity has the various task in the organization and there is a certain security policy to apply in; the entities like DPFF have to be protected from outsiders. Firewalls are utilized typically to be the main layer of security in the network framework. The research is presented the particular segment of the proposed framework that DPFF based on the developed iptable firewall to be the layers of defense, which is protected front and backend of the framework with a dynamic security and policy update to control the frameworks safeguard through proposed portion approach algorithm that utilize to reduce the traffic and efficiency in detection and policy update mechanism. The policy update mechanism for DPFF is given the way of its employment. The complete framework signifies a distributed firewall, where the administrator configures the policy rules set, which could be separately or else from administration nodes side.

  10. The citizen security reconfiguration: The security and coexistence policy for football in Colombia

    Directory of Open Access Journals (Sweden)

    Diego Felipe Puentes Sánchez

    2015-06-01

    Full Text Available Security policies are passing through a crucial time in which management strategies focused on crime, use of force and increasing clampdown on criminal matters, are inefficient in a scenario that promotes a normative spectrum linked to Human Rights seeking to insert the security as a condition for the construction of universal dignity in what the United Nations has called Human Security. This article is inserted in the current citizen security policy debates, to evidence how concepts such as Civic Culture and Culture of Peace are an inexorable prerequisite for the transformation to a Human Security approach, issue that goes through the possibility of promoting such change from perspectives that understand the conflicts in a broader and interdisciplinary manner. In order to this, the policy for security and coexistence for football in Colombia will be analyzed so as to have a practical and concrete example that will allow to evidence the expressed theoretical approaches and also because football has great social importance (economic, political and cultural in Colombia.

  11. Survey of Security Technologies on Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Qiuwei Yang

    2015-01-01

    Full Text Available Because of their low cost and adaptability, wireless sensor networks are widely used in civil, military, and commercial fields and other fields. However, since the sensor node in the calculation of the capacity, battery capacity, and storage capacity are restricted by the limitations and inherent characteristics of the sensor networks, compared to traditional networks, which makes wireless sensor networks face more security threats. This paper summarized research progress of sensor network security issues as three aspects, key management, authentication, and secure routing, analyzed and commented on these results advantages and disadvantages and pointed out the future direction of the hot research field.

  12. Evaluation of a Cyber Security System for Hospital Network.

    Science.gov (United States)

    Faysel, Mohammad A

    2015-01-01

    Most of the cyber security systems use simulated data in evaluating their detection capabilities. The proposed cyber security system utilizes real hospital network connections. It uses a probabilistic data mining algorithm to detect anomalous events and takes appropriate response in real-time. On an evaluation using real-world hospital network data consisting of incoming network connections collected for a 24-hour period, the proposed system detected 15 unusual connections which were undetected by a commercial intrusion prevention system for the same network connections. Evaluation of the proposed system shows a potential to secure protected patient health information on a hospital network.

  13. Globally reasoning about localised security policies in distributed systems

    CERN Document Server

    Hernandez, Alejandro Mario

    2012-01-01

    In this report, we aim at establishing proper ways for model checking the global security of distributed systems, which are designed consisting of set of localised security policies that enforce specific issues about the security expected. The systems are formally specified following a syntax, defined in detail in this report, and their behaviour is clearly established by the Semantics, also defined in detail in this report. The systems include the formal attachment of security policies into their locations, whose intended interactions are trapped by the policies, aiming at taking access control decisions of the system, and the Semantics also takes care of this. Using the Semantics, a Labelled Transition System (LTS) can be induced for every particular system, and over this LTS some model checking tasks could be done. We identify how this LTS is indeed obtained, and propose an alternative way of model checking the not-yet-induced LTS, by using the system design directly. This may lead to over-approximation th...

  14. BASES OF PUBLIC POLICY FORMATION DIRECTED AT ENSURING BUDGET SECURITY

    Directory of Open Access Journals (Sweden)

    S. Onishchenko

    2015-03-01

    Full Text Available In the article the priorities and public policies that can improve the safety level of the budget of Ukraine have been grounded. Attention on the problems of imbalance and deficiency trends accumulation of public debt has been focused. The detailed analysis of the budget deficit of the European community to further research the main problems of fiscal security has been carried out. The formation of the concept of budget policy should include long-term and medium-term priorities of the state priorities areas have been concluded. Budget policy on public debt must deal with interrelated issues of debt bondage and effective use of public credit, promote economic growth with respect safe level and structure of public debt have been emphasized by author. Debt policy as part of fiscal policy under certain conditions can be a powerful tool to intensify investment and innovation processes in society, promote economic and social development. The reorientation of fiscal policy to address current problems through debt and use it as the basis of investment and innovation development provides an effective public debt management is designed to reduce state budget expenditures on its servicing and repayment, optimizing the scope and structure of debt according to economic growth. The role of debt policy in modern terms increases is clearly subordinate to and consistent with long-term goals and priorities of fiscal policy. There is an urgent development and implementation of effective mechanisms for investing borrowed resources, increasing the efficiency of public investment, including the improvement of organizational, financial, legal and controls. Strategically budget security guarantees only competitive economy, which can be constructed only by recovery and accelerated development of promising sectors of the national economy in the presence of a balanced budget policy. Now there is a tendency to implement only measures to stabilize the political and socio

  15. Cost management based security framework in mobile ad hoc networks

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    Security issues are always difficult to deal with in mobile ad hoc networks. People seldom studied the costs of those security schemes respectively and for some security methods designed and adopted beforehand, their effects are often investigated one by one. In fact, when facing certain attacks, different methods would respond individually and result in waste of resources.Making use of the cost management idea, we analyze the costs of security measures in mobile ad hoc networks and introduce a security framework based on security mechanisms cost management. Under the framework, the network system's own tasks can be finished in time and the whole network's security costs can be decreased. We discuss the process of security costs computation at each mobile node and in certain nodes groups. To show how to use the proposed security framework in certain applications, we give examples of DoS attacks and costs computation of defense methods. The results showed that more secure environment can be achieved based on the security framework in mobile ad hoc networks.

  16. Collective Study On Security Threats In VOIP Networks

    Directory of Open Access Journals (Sweden)

    Muhammad Zulkifl Hasan

    2015-08-01

    Full Text Available The Collective study will critically evaluate the voice over internet protocol VOIP Security threats issues amp challenges in the communication over the network the solution provided by different vendors. Authors will be discussing all security issues different protocols but main focus will be on SIP protocol its implementation and vendors VOIP security system.

  17. 计算机网络安全技术%Security Technologies of Computer Network

    Institute of Scientific and Technical Information of China (English)

    罗明宇; 卢锡城; 卢泽新; 韩亚欣

    2000-01-01

    With the development of computer network,requirements of computer network security have been more and more urgent. In tills paper, goals of network security are reviewed. Several network attack methods,such as interruption,interception, modification, fabrication,are studied. Network security technologies,such as security mechan!sm,encryption,security detection,firewall,were discussed.

  18. ECONOMIC SECURITY OF RUSSIA UNDER THE IMPORT SUBSTITUTION POLICY

    Directory of Open Access Journals (Sweden)

    Klimova N. V.

    2016-06-01

    Full Text Available Instability of economic processes and exacerbation of political tensions regarding Russia require measures in foreign trade policy, which are able to increase the economic security of Russia. The import substitution policy is considered one of the main directions nowadays. There have been considered two directions of the state policy for displacement or substitution of imported goods in the domestic market. There has been also reported the structure of the country's merchandise imports during the period from 2013 until 2015, resulting in a detected negative dynamics of imports, which indicates a successful beginning of the importsubstitution policy. Gradation of the main economic activities according to dependence on imports has allowed identifying the most import-dependent activities and the most available ways to form the import substitution. Threshold amount of economic security of the country has been considered to characterize the external economic security of Russia and some other countries of the world. There has been identified the necessity of state aid, which is reflected in the program of support for transport engineering industry for 2016, subsidies from the federal budget to participants of industrial clusters, the elimination of discriminatory relationships between credit financial institutions and industrial enterprises, the provision of state guarantees for loans to strategic enterprises and organizations of the country

  19. Privacy policies for health social networking sites

    OpenAIRE

    2013-01-01

    Health social networking sites (HSNS), virtual communities where users connect with each other around common problems and share relevant health data, have been increasingly adopted by medical professionals and patients. The growing use of HSNS like Sermo and PatientsLikeMe has prompted public concerns about the risks that such online data-sharing platforms pose to the privacy and security of personal health data. This paper articulates a set of privacy risks introduced by social networking in...

  20. Secure Media Independent Handover Message Transport in Heterogeneous Networks

    Directory of Open Access Journals (Sweden)

    Cho Choong-Ho

    2009-01-01

    Full Text Available The IEEE 802.21 framework for Media Independent Handover (MIH provides seamless vertical handover support for multimode mobile terminals. MIH messages are exchanged over various wireless media between mobile terminals and access networks to facilitate seamless handover. This calls for the need to secure MIH messages against network security threats in the wireless medium. In this paper, we first analyze IPSec/IKEv2 and DTLS security solution for secure MIH message transport. We show that handover latency can be an impediment to the use of IPSec and DTLS solutions. To overcome the handover overhead and hence minimize authentication time, a new secure MIH message transport solution, referred as MIHSec in this paper, is proposed. Experimental results are obtained for MIH between WLAN and Ethernet networks and the impacts of MIH message security on the handover latency are evaluated for IPSec, DTLS, and MIHSec security solutions. The effectiveness of MIHSec is demonstrated.

  1. Critical Infrastructure Surveillance Using SecureWireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Michael Niedermeier

    2015-11-01

    Full Text Available In this work, a secure wireless sensor network (WSN for the surveillance, monitoring and protection of critical infrastructures was developed. To guarantee the security of the system, the main focus was the implementation of a unique security concept, which includes both security on the communication level, as well as mechanisms that ensure the functional safety during its operation. While there are many theoretical approaches in various subdomains of WSNs—like network structures, communication protocols and security concepts—the construction, implementation and real-life application of these devices is still rare. This work deals with these aforementioned aspects, including all phases from concept-generation to operation of a secure wireless sensor network. While the key focus of this paper lies on the security and safety features of the WSN, the detection, localization and classification capabilities resulting from the interaction of the nodes’ different sensor types are also described.

  2. Towards Secure and Practical MACs for Body Sensor Networks

    NARCIS (Netherlands)

    Gong, Z.; Hartel, P.H.; Nikova, S.I.; Zhu, Bo

    2009-01-01

    Wireless sensor network (WSN) commonly requires lower level security for public information gathering, whilst body sensor network (BSN) must be secured with strong authenticity to protect personal health information. First in this paper, some practical problems with the Message Authentication Codes

  3. Network Security: What Non-Technical Administrators Must Know

    Science.gov (United States)

    Council, Chip

    2005-01-01

    Now it is increasingly critical that community college leaders become involved in network security and partner with their directors of information technology (IT). Network security involves more than just virus protection software and firewalls. It involves vigilance and requires top executive support. Leaders can help their IT directors to…

  4. A View of Food Security through A Policy Coherent Lens

    DEFF Research Database (Denmark)

    Robertson, Aileen

    2014-01-01

    this. Despite efforts by the international community persistent chronic undernutrition exists and levels are even increasing. Food Security if viewed through a policy coherent lens can successfully fight poverty and promote human rights by considering the following:  Policy Coherence for Develoment...... adresses “food security” and “climate change”. By ensuring nutrition is explicit in their policies the agriculture, health, environment and education sectors can develop more coherent policies to prevent unintentional harm and achieve their goals. For example investing in gender equality can help to reduce...... by increasing availability, affordability and consumption of biodiverse, safe, nutritious foods aligned with dietary recommendations and environmental sustainability.  Given that the number of chronically undernourished (stunted) could double over next 15 years, the Post-2015 Agenda and its Poverty Reduction...

  5. Impact of Trust on Security and Performance in Tactical Networks

    Science.gov (United States)

    2013-06-01

    often scarce in tactical networks such as mobile ad hoc networks ( MANETs ) or wireless sensor networks (WSNs). Finding a balance between burdening the...connectivity, network congestion, and various network layer attacks. Examples of typical tac- tical communication networks include WSNs, MANETs , DTNs, and...system goals such as security and performance. Cho et al. [25] proposed a distributed public key management protocol for MANETs using the composite

  6. A multi-layer network of the sovereign securities market

    OpenAIRE

    Carlos León; Jhonatan Pérez; Luc Renneboog

    2014-01-01

    We study the network of Colombian sovereign securities settlements. With data from the settlement market infrastructure we study financial institutions’ transactions from three different trading and registering individual networks that we combine into a multi-layer network. Examining this network of networks enables us to confirm that (i) studying isolated single-layer trading and registering networks yields a misleading perspective on the relations between and risks induced by participating ...

  7. Seamless and secure communications over heterogeneous wireless networks

    CERN Document Server

    Cao, Jiannong

    2014-01-01

    This brief provides an overview of the requirements, challenges, design issues and major techniques for seamless and secure communications over heterogeneous wireless networks. It summarizes and provides detailed insights into the latest research on handoff management, mobility management, fast authentication and security management to support seamless and secure roaming for mobile clients. The reader will also learn about the challenges in developing relevant technologies and providing ubiquitous Internet access over heterogeneous wireless networks. The authors have extensive experience in im

  8. 浅谈校园网络安全体系%On Campus Network Security System

    Institute of Scientific and Technical Information of China (English)

    刘慧

    2015-01-01

    From all kinds of security threats to computer network, this paper studies the campus network security problem, from two aspects of building security defense system and strengthening the safety management, designs the campus network security policy, establishes the ideas of the P2DR model to establish the campus network security defense system. And it is concluded that the building of a set of effective network security defense system is the necessary way and measures to solve campus network main threats and hidden troubles.%本文从计算机网络面临的各种安全威胁,针对校园网络的安全问题进行研究,从构建安全防御体系和加强安全管理两方面设计了校园网络的安全策略,确立了用P2DR模型的思想来建立校园网的安全防御体系。并得出了构建一套有效的网络安全防御体系是解决校园网主要威胁和隐患的必要途径和措施。

  9. 77 FR 63893 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2012-10-17

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy... Industrial Security Program policy matters. DATES: The meeting will be held on November 14, 2012 from 10:00 a... number of individuals planning to attend must be submitted to the Information Security Oversight Office...

  10. 78 FR 38077 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2013-06-25

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy... Industrial Security Program policy matters. DATES: The meeting will be held on July 17, 2013 from 10:00 a.m... number of individuals planning to attend must be submitted to the Information Security Oversight Office...

  11. 78 FR 64024 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2013-10-25

    ... RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy... Industrial Security Program policy matters. DATES: The meeting will be held on November 14, 2013 from 10:00 a... number of individuals planning to attend must be submitted to the Information Security Oversight Office...

  12. Applying Penetration Tests on a Highly Secured Cooperative Network

    Directory of Open Access Journals (Sweden)

    Qutaiba Ali

    2010-01-01

    Full Text Available Security plays a vital role in the design; development and practical use of the distributed computing environment,for greater availability and access to information in turn imply that distributed systems are more prone to attacks. The need forpractical solutions for secure networked system management is becoming increasingly significant. Any cooperative networkshould be supplied with different security techniques and tools. This paper deals with subjecting a highly secured cooperativenetwork to successive penetration tests. An experimental network is built to represent a typical layout for a cooperativenetwork and it is supplied with a variety of security techniques such as, Virtual Local Area Networks (VLAN, Virtual PrivateNetwork (VPN, Intrusion Detection System (IDS, Authentication, Authorization, and Accounting (AAA server, Secure ShellHeader (SSH, Access Control List (ACL, WLAN security Techniques and Network Address Translation (NAT. Our testsfocus on the evaluation of the importance of each security technique and the effect of their absence on the security level of thenetwork. This work could assist the future introduction of security evaluation matrices.

  13. A Survey of Wireless Sensor Network Security and Routing Techniques

    Directory of Open Access Journals (Sweden)

    Raja Waseem Anwar

    2015-04-01

    Full Text Available The main purpose of the study is to review the evolution of wireless sensor network security and routing techniques. Recent years have seen tremendous growth in Wireless Sensor Networks (WSNs. As WSN’s become more and more crucial to everyday life, their security and trust become a primary concern. However because of the nature of WSNs, security design can be challenging. Trust-aware routing protocols play a vital role in security of Wireless Sensor Networks (WSNs. The review study provides an overview of Wireless Sensor Network (WSN and discusses security issues and the routing techniques for high quality of service and efficient performance in a WSN. In order to identify gaps and propose research directions in WSN security and routing techniques, the study surveys the existing body of literature in this area. The main focus is on trust concepts and trust based approaches for wireless sensor networks. The study also highlights the difference between trust and security in the context of WSNs. The trust and security are interchangeable with each other when we elaborate a secure system and not same. Various surveys conducted about trust and reputation systems in ad hoc and sensor networks are studied and compared. Finally we summarize the different trust aware routing schemes.

  14. Secure and Efficient Vertical Handover in Heterogeneous Wireless Networks

    Directory of Open Access Journals (Sweden)

    Muhammad Waseem Khan

    2013-09-01

    Full Text Available Handover occurs when a wireless node switches from one network to another. One of the main requirements of this process is to make it secure by using reliable security mechanisms, but it can decrease performance as well. So it is very essential to maintain balance between security and performance during handover. Different handover security schemes that can provide reliable security as well as performance to a certain level will be discuss in this paper. The goal of this paper is to know, how to maintain balance between handover security and performance.

  15. Securing Zone Routing Protocol in Ad-Hoc Networks

    Directory of Open Access Journals (Sweden)

    Ibrahim S. I. Abuhaiba

    2012-09-01

    Full Text Available This paper is a contribution in the field of security analysis on mobile ad-hoc networks, and security requirements of applications. Limitations of the mobile nodes have been studied in order to design a secure routing protocol that thwarts different kinds of attacks. Our approach is based on the Zone Routing Protocol (ZRP; the most popular hybrid routing protocol. The importance of the proposed solution lies in the fact that it ensures security as needed by providing a comprehensive architecture of Secure Zone Routing Protocol (SZRP based on efficient key management, secure neighbor discovery, secure routing packets, detection of malicious nodes, and preventing these nodes from destroying the network. In order to fulfill these objectives, both efficient key management and secure neighbor mechanisms have been designed to be performed prior to the functioning of the protocol.To validate the proposed solution, we use the network simulator NS-2 to test the performance of secure protocol and compare it with the conventional zone routing protocol over different number of factors that affect the network. Our results evidently show that our secure version paragons the conventional protocol in the packet delivery ratio while it has a tolerable increase in the routing overhead and average delay. Also, security analysis proves in details that the proposed protocol is robust enough to thwart all classes of ad-hoc attacks.

  16. Semi-automatic Synthesis of Security Policies by Invariant-Guided Abduction

    Science.gov (United States)

    Hurlin, Clément; Kirchner, Hélène

    We present a specification approach of secured systems as transition systems and security policies as constraints that guard the transitions. In this context, security properties are expressed as invariants. Then we propose an abduction algorithm to generate possible security policies for a given transition-based system. Because abduction is guided by invariants, the generated security policies enforce security properties specified by these invariants. In this framework we are able to tune abduction in two ways in order to: (i) filter out bad security policies and (ii) generate additional possible security policies. Invariant-guided abduction helps designing policies and thus allows using formal methods much earlier in the process of building secured systems. This approach is illustrated on role-based access control systems.

  17. Securing Gateways within Clustered Power Centric Network of Nodes

    Directory of Open Access Journals (Sweden)

    Qaisar Javaid

    2016-01-01

    Full Text Available Knowledge Networks are gaining momentum within cyber world. Knowledge leads to innovation and for this reason organizations focus on research and information gathering in order to gain and improve existing knowledge. This of information era, which is primarily based on world wide web technologies, enables significantly expanded networks of people to communicate and collaborate 'virtually' across teams, across entire organizations and across the world, anytime and anywhere. Innovations in computing and telecommunications have transformed the corporations from structured and manageable types to interwoven network of blurred boundaries such as; ad hoc networks and mobile wireless networks, etc. This study explores knowledge networks in Information Technology and security leaks that are found, as well as measures that are taken to counter this menace which is coming up with optimal Secure Clustered Power Centric node network. The paper concludes these measures, evaluating and integrating them to come up with a secured network design.

  18. 网络信息安全问题研究及防护策略设计与研究%Design and research of network information security research and protection policy

    Institute of Scientific and Technical Information of China (English)

    侯佳音; 史淳樵

    2015-01-01

    基于信息技术和网络技术已经广泛地应用到人们的工作与生活当中,但是网络信息安全的问题却依然严重存在的现实背景. 文中从认证策略的角度出发,对构建认证策略为主的安全防护模块进行设计,通过IP-SECURITY协议(IPSec),借助一定的通信信息技术,结论发现这些策略的实施可以确保信息在专用网、局域网、公用的广域网以及Internet上进行传输时的安全.%Based on information technology and network technology has been widely used in people's work and life, but the network information security problem is still severe reality of the existence of the background. In this paper, from the perspective of authentication strategy, strategy for the construction of certification of safety protection module design, through IP-SECURITY agreement (IPSec), with the help of certain communication information technology, the conclusions found that the implementation of these strategies can ensure that the information in the private network, local area network, public wan, and the safety of the transmission on the internet.

  19. Developing security tools of WSN and WBAN networks applications

    CERN Document Server

    A M El-Bendary, Mohsen

    2015-01-01

    This book focuses on two of the most rapidly developing areas in wireless technology (WT) applications, namely, wireless sensors networks (WSNs) and wireless body area networks (WBANs). These networks can be considered smart applications of the recent WT revolutions. The book presents various security tools and scenarios for the proposed enhanced-security of WSNs, which are supplemented with numerous computer simulations. In the computer simulation section, WSN modeling is addressed using MATLAB programming language.

  20. Reviews of computing technology: Securing network applications, Kerberos and RSA

    Energy Technology Data Exchange (ETDEWEB)

    Johnson, S.M.

    1992-06-01

    This paper will focus on the first step in establishing network security, authentication, and describe the basic function of both RSA and Kerberos as used to provide authentication and confidential data transfer services. It will also discuss the Digital Signature Standard and the market acceptance of each. Proper identification of the principals involved in a network dialog is a necessary first step in providing network-wide security comparable to that of stand-alone systems.

  1. Network Security Hacks Tips & Tools for Protecting Your Privacy

    CERN Document Server

    Lockhart, Andrew

    2009-01-01

    This second edition of Network Security Hacks offers 125 concise and practical hacks, including more information for Windows administrators, hacks for wireless networking (such as setting up a captive portal and securing against rogue hotspots), and techniques to ensure privacy and anonymity, including ways to evade network traffic analysis, encrypt email and files, and protect against phishing attacks. System administrators looking for reliable answers will also find concise examples of applied encryption, intrusion detection, logging, trending, and incident response.

  2. Semantic security: specification and enforcement of semantic policies for security-driven collaborations.

    Science.gov (United States)

    Sinnott, R O; Doherty, T; Gray, N; Lusted, J

    2009-01-01

    Collaborative research can often have demands on finer-grained security that go beyond the authentication-only paradigm as typified by many e-Infrastructure/Grid based solutions. Supporting finer-grained access control is often essential for domains where the specification and subsequent enforcement of authorization policies is needed. The clinical domain is one area in particular where this is so. However it is the case that existing security authorization solutions are fragile, inflexible and difficult to establish and maintain. As a result they often do not meet the needs of real world collaborations where robustness and flexibility of policy specification and enforcement, and ease of maintenance are essential. In this paper we present results of the JISC funded Advanced Grid Authorisation through Semantic Technologies (AGAST) project (www.nesc.ac.uk/hub/projects/agast) and show how semantic-based approaches to security policy specification and enforcement can address many of the limitations with existing security solutions. These are demonstrated into the clinical trials domain through the MRC funded Virtual Organisations for Trials and Epidemiological Studies (VOTES) project (www.nesc.ac.uk/hub/projects/votes) and the epidemiological domain through the JISC funded SeeGEO project (www.nesc.ac.uk/hub/projects/seegeo).

  3. The EU’s Security Sector Reform Policies in the Democratic Republic of Congo

    Directory of Open Access Journals (Sweden)

    Stephan Keukeleire

    2010-08-01

    Full Text Available In this article we approach the functioning of bureaucracy in ESDP from a governance perspective that also focuses on informal patterns of interaction between the relevant bureaucratic actors. Following the governance and related network governance approaches, the interplay between formal and informal patterns of interaction can help to overcome deadlock in policy-making and to procure effective problem-solving. This perspective is applied to security sector reform (SSR in the Democratic Republic of Congo (DRC. SSR is one of the major emerging fields of activity within the civilian crisis management dimension of ESDP, that also in the DRC became a focal point in the EU’s new security and defence policy since its inception. However, as the EU involvement in the Congolese security sector reform policies illustrates, coordination and negotiation among European actors to overcome deadlock and produce effective problem-solving is not self-evident or even desirable for all actors. In the case of the EU’s SSR policies in Congo, coordination indeed occurs between the actors that are dependent upon each other in terms of resources and have the willingness to jointly tackle the problems related to the SSR in the DRC. However, it is also often undermined by actors that prefer to engage bilaterally because they possess the resources to do so and the personal relationships with the Congolese authorities to act more efficiently and effectively.

  4. Lack of security of networked medical equipment in radiology.

    Science.gov (United States)

    Moses, Vinu; Korah, Ipeson

    2015-02-01

    OBJECTIVE. There are few articles in the literature describing the security and safety aspects of networked medical equipment in radiology departments. Most radiologists are unaware of the security issues. We review the security of the networked medical equipment of a typical radiology department. MATERIALS AND METHODS. All networked medical equipment in a radiology department was scanned for vulnerabilities with a port scanner and a network vulnerability scanner, and the vulnerabilities were classified using the Common Vulnerability Scoring System. A network sniffer was used to capture and analyze traffic on the radiology network for exposure of confidential patient data. We reviewed the use of antivirus software and firewalls on the networked medical equipment. USB ports and CD and DVD drives in the networked medical equipment were tested to see whether they allowed unauthorized access. Implementation of the virtual private network (VPN) that vendors use to access the radiology network was reviewed. RESULTS. Most of the networked medical equipment in our radiology department used vulnerable software with open ports and services. Of the 144 items scanned, 64 (44%) had at least one critical vulnerability, and 119 (83%) had at least one high-risk vulnerability. Most equipment did not encrypt traffic and allowed capture of confidential patient data. Of the 144 items scanned, two (1%) used antivirus software and three (2%) had a firewall enabled. The USB ports were not secure on 49 of the 58 (84%) items with USB ports, and the CD or DVD drive was not secure on 17 of the 31 (55%) items with a CD or DVD drive. One of three vendors had an insecure implementation of VPN access. CONCLUSION. Radiologists and the medical industry need to urgently review and rectify the security issues in existing networked medical equipment. We hope that the results of our study and this article also raise awareness among radiologists about the security issues of networked medical equipment.

  5. On Using TPM for Secure Identities in Future Home Networks

    Directory of Open Access Journals (Sweden)

    Georg Carle

    2011-01-01

    Full Text Available Security should be integrated into future networks from the beginning, not as an extension. Secure identities and authentication schemes are an important step to fulfill this quest. In this article, we argue that home networks are a natural trust anchor for such schemes. We describe our concept of home networks as a universal point of reference for authentication, trust and access control, and show that our scheme can be applied to any next generation network. As home networks are no safe place, we apply Trusted Computing technology to prevent the abuse of identities, i.e., identity theft.

  6. A Formal Evaluation of the Security Schemes for Wireless Networks

    Directory of Open Access Journals (Sweden)

    Shadi R. Masadeh

    2011-09-01

    Full Text Available Information security is a critical issue in the wireless network, because the transmission media is open (no physical control on the air. Any wireless device equipped with wireless interface can use and share the airwave transmission medium with other users. For protection purposes, several security mechanisms have been developed over years. This paper provides systematic evaluation of different security schemes used in wireless networks: WEP, TKIP, WPA, AES and WPA2. A formal comparison is made between these security algorithms for different settings such as different data types, different packet sizes and traffic loads.

  7. Secrets and lies digital security in a networked world

    CERN Document Server

    Schneier, Bruce

    2000-01-01

    Bestselling author Bruce Schneier offers his expert guidance on achieving security on a networkInternationally recognized computer security expert Bruce Schneier offers a practical, straightforward guide to achieving security throughout computer networks. Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. This practical guide provides readers with a better understanding of why protecting information is harder in the digital world, what they need to know to protect digital information, how to

  8. Secure MAC for Wireless Sensor Networks through RBFNN

    Directory of Open Access Journals (Sweden)

    P.Sankara Rao

    2010-08-01

    Full Text Available This paper discusses an application of a neural network in wireless sensor network security. It presents a Radial Basic Function Neural Network based media access control protocol (MAC to secure a CSMA-based wireless sensor network against the denial-of-service attacks launched by adversaries. The Radial Basic Function Neural Network enhances the security of a WSN by constantly monitoring the parameters that exhibit unusual variations in case of an attack. The RBFN shuts down the MAC layer and the physical layer of the sensor node when the suspicion factor, the output of the MLP, exceeds a preset threshold level. The MLP-guarded secure WSN is implemented using the Prowler simulator. Simulation results show that the MLP helps in extending the lifetime of the WSN.

  9. WRR-Policy Brief 6 : Big data and security policies: serving security, protecting freedom

    NARCIS (Netherlands)

    Broeders, Dennis; Schrijvers, Erik; Hirsch Ballin, Ernst

    2017-01-01

    Big Data analytics in national security, law enforcement and the fight against fraud can reap great benefits for states, citizens and society but require extra safeguards to protect citizens’ fundamental rights. This requires new frameworks: a crucial shift is necessary from regulating the phase of

  10. The Systems Librarian: Implementing Wireless Networks without Compromising Security

    Science.gov (United States)

    Breeding, Marshall

    2005-01-01

    Many libraries are or soon will be offering Wi-Fi, also known as wireless networks. The largest perceived barriers to providing this service are concerns about security. The prime rule when deploying Wi-Fi is segregation, having a clear separation between a public wireless network and the rest of the library?s network. A number of devices can be…

  11. A NOVEL APPROACH FOR INFORMATION SECURITY IN AD HOC NETWORKS THROUGH SECURE KEY MANAGEMENT

    Directory of Open Access Journals (Sweden)

    S. Suma Christal Mary

    2013-01-01

    Full Text Available Ad hoc networks provide flexible and adaptive networks with no fixed infrastructure and dynamic topology. Owe to the vulnerability nature of ad hoc network, there are lots of security threats that diminish the development of ad hoc networks. Therefore, to provide security for information of users and to preserve their privacy, it becomes mandatory to use cryptographic techniques to set up secure mobile ad hoc network. Earlier cryptographic method based on computational complexity ruins with the advent of fast computing computers. In this proposal, we proposed Secure Key Management (SKM framework. We make use of McEliece algorithm embedded with Dispense Key designed for key generation and for the key distribution and it is highly scalable with respect to memory. The experimental result shows that our framework provides a high-performance platform to execute key generation, key distribution scenarios. SKM framework reduces execution time of encryption and decryption by minimizing the number of keys.

  12. Multi-path based secure communication in wireless mesh networks

    Institute of Scientific and Technical Information of China (English)

    Ding Xuyang; Fan Mingyu; Lu Xiaojun; Zhu Dayong; Wang Jiahao

    2007-01-01

    Communication security is a critical aspect of QoS provisioning in wireless mesh network (WMN).Because of the inherent characteristics of WMN, conventional security mechanisms cannot be applied. In order to guarantee the communication security, a novel communication security mechanism is proposed. The mechanism uses a communication encryption scheme to encrypt data packets and employs a risk avoidance scheme to avoid the malicious nodes during communications. Simulation results indicate that the mechanism is able to provide secure communication effectively and reduce the damage of attacks through multiple paths.

  13. A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

    Science.gov (United States)

    Waddell, Stanie Adolphus

    2013-01-01

    Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

  14. Key Management for Secure Multicast over IPv6 Wireless Networks

    Directory of Open Access Journals (Sweden)

    Siddiqi Mohammad Umar

    2006-01-01

    Full Text Available Multicasting is an efficient method for transmission and routing of packets to multiple destinations using fewer network resources. Along with widespread deployment of wireless networks, secure multicast over wireless networks is an important and challenging goal. In this paper, we extend the scope of a recent new key distribution scheme to a security framework that offers a novel solution for secure multicast over IPv6 wireless networks. Our key management framework includes two scenarios for securely distributing the group key and rekey messages for joining and leaving a mobile host in secure multicast group. In addition, we perform the security analysis and provide performance comparisons between our approach and two recently published scenarios. The benefits of our proposed techniques are that they minimize the number of transmissions required to rekey the multicast group and impose minimal storage requirements on the multicast group. In addition, our proposed schemes are also very desirable from the viewpoint of transmission bandwidth savings since an efficient rekeying mechanism is provided for membership changes and they significantly reduce the required bandwidth due to key updating in mobile networks. Moreover, they achieve the security and scalability requirements in wireless networks.

  15. Modelling operations and security of cloud systems using Z-notation and Chinese Wall security policy

    Science.gov (United States)

    Basu, Srijita; Sengupta, Anirban; Mazumdar, Chandan

    2016-11-01

    Enterprises are increasingly using cloud computing for hosting their applications. Availability of fast Internet and cheap bandwidth are causing greater number of people to use cloud-based services. This has the advantage of lower cost and minimum maintenance. However, ensuring security of user data and proper management of cloud infrastructure remain major areas of concern. Existing techniques are either too complex, or fail to properly represent the actual cloud scenario. This article presents a formal cloud model using the constructs of Z-notation. Principles of the Chinese Wall security policy have been applied to design secure cloud-specific operations. The proposed methodology will enable users to safely host their services, as well as process sensitive data, on cloud.

  16. Energy Supply Security and Renewable Energy Policies in Turkey

    Directory of Open Access Journals (Sweden)

    Mustafa Kemal Topcu

    2016-06-01

    Full Text Available As a result of Turkey’s geopolitical position and its related requirements, energy is one of the fi elds where innovation is to be speeded up. However, as a natural consequence of unplanned and incorrect energy policies, Turkey’s rate of dependency on energy has reached 72%. Since the need for energy is increasingly growing, especially as a result of the manufacturing industry in Turkey, and a large part of the consumed energy is imported, dependency seems to continue to increase. Toward this end, this article focuses on studies related to reducing external dependency on energy, while also reviewing and discussing literature survey methodology and making policy recommendations concerning energy supply security. Renewable energy has been attached great importance worldwide as well as nationwide because of providing a reliable energy source that meets economic and environmental requirements. In order to meet the increasing electricity needs of Turkey as a developing country the number on renewable energy facilities has been growing. Domestic production of equipment for renewable energy, and producing and integrating those into the conventional system are of high importance because energy supply is a security factor, sustaining reserves is a major need and reducing foreign dependency is a policy priority.

  17. Security Assessment of Software Design using Neural Network

    Directory of Open Access Journals (Sweden)

    A Adebiyi

    2012-07-01

    Full Text Available Security flaws in software applications today has been attributed mostly to design flaws. With limited budget and time to release software into the market, many developers often consider security as an afterthought. Previous research shows that integrating security into software applications at a later stage of software development lifecycle (SDLC has been found to be more costly than when it is integrated during the early stages. To assist in the integration of security early in the SDLC stages, a new approach for assessing security during the design phase by neural network is investigated in this paper. Our findings show that by training a back propagation neural network to identify attack patterns, possible attacks can be identified from design scenarios presented to it. The result of performance of the neural network is presented in this paper.

  18. Secure Multicast Routing Algorithm for Wireless Mesh Networks

    Directory of Open Access Journals (Sweden)

    Rakesh Matam

    2016-01-01

    Full Text Available Multicast is an indispensable communication technique in wireless mesh network (WMN. Many applications in WMN including multicast TV, audio and video conferencing, and multiplayer social gaming use multicast transmission. On the other hand, security in multicast transmissions is crucial, without which the network services are significantly disrupted. Existing secure routing protocols that address different active attacks are still vulnerable due to subtle nature of flaws in protocol design. Moreover, existing secure routing protocols assume that adversarial nodes cannot share an out-of-band communication channel which rules out the possibility of wormhole attack. In this paper, we propose SEMRAW (SEcure Multicast Routing Algorithm for Wireless mesh network that is resistant against all known active threats including wormhole attack. SEMRAW employs digital signatures to prevent a malicious node from gaining illegitimate access to the message contents. Security of SEMRAW is evaluated using the simulation paradigm approach.

  19. MAC layer security issues in wireless mesh networks

    Science.gov (United States)

    Reddy, K. Ganesh; Thilagam, P. Santhi

    2016-03-01

    Wireless Mesh Networks (WMNs) have emerged as a promising technology for a broad range of applications due to their self-organizing, self-configuring and self-healing capability, in addition to their low cost and easy maintenance. Securing WMNs is more challenging and complex issue due to their inherent characteristics such as shared wireless medium, multi-hop and inter-network communication, highly dynamic network topology and decentralized architecture. These vulnerable features expose the WMNs to several types of attacks in MAC layer. The existing MAC layer standards and implementations are inadequate to secure these features and fail to provide comprehensive security solutions to protect both backbone and client mesh. Hence, there is a need for developing efficient, scalable and integrated security solutions for WMNs. In this paper, we classify the MAC layer attacks and analyze the existing countermeasures. Based on attacks classification and countermeasures analysis, we derive the research directions to enhance the MAC layer security for WMNs.

  20. Security Concerns and Countermeasures in Network Coding Based Communications Systems

    DEFF Research Database (Denmark)

    Talooki, Vahid; Bassoli, Riccardo; Roetter, Daniel Enrique Lucani

    2015-01-01

    This survey paper shows the state of the art in security mechanisms, where a deep review of the current research and the status of this topic is carried out. We start by introducing network coding and its variety applications in enhancing current traditional networks. In particular, we analyze two...... key protocol types, namely, state-aware and stateless protocols, specifying the benefits and disadvantages of each one of them. We also present the key security assumptions of network coding (NC) systems as well as a detailed analysis of the security goals and threats, both passive and active....... This paper also presents a detailed taxonomy and a timeline of the different NC security mechanisms and schemes reported in the literature. Current proposed security mechanisms and schemes for NC in the literature are classified later. Finally a timeline of these mechanism and schemes is presented....

  1. ENERGY EFFICIENT DISTRIBUTED STEGANOGRAPHY FOR SECURE COMMUNICATION IN WIRELESS MULTIMEDIA SENSOR NETWORKS

    Institute of Scientific and Technical Information of China (English)

    Lin Qiaomin; Wang Ruchuan; Ye Ning; Wang Zhongqin

    2013-01-01

    A secure communication mechanism is necessary in the applications of Wireless Multimedia Sensor Networks (WMSNs),which is more vulnerable to security attacks due to the presence of multimedia data.Additionally,given the limited technological resources (in term of energy,computation,bandwidth,and storage) of sensor nodes,security and privacy policies have to be combined with energy-aware algorithms and distributed processing of multimedia contents in WMSNs.To solve these problems in this paper,an energy efficient distributed steganography scheme,which combines steganography technique with the concept of distributed computing,is proposed for secure communication in WMSNs.The simulation results show that the proposed method can achieve considerable energy efficiency while assuring the communication security simultaneously.

  2. Security Risks and Modern Cyber Security Technologies for Corporate Networks

    CERN Document Server

    Gharibi, Wajeb

    2011-01-01

    This article aims to highlight current trends on the market of corporate antivirus solutions. Brief overview of modern security threats that can destroy IT environment is provided as well as a typical structure and features of antivirus suits for corporate users presented on the market. The general requirements for corporate products are determined according to the last report from av-comparatives.org [1]. The detailed analysis of new features is provided based on an overview of products available on the market nowadays. At the end, an enumeration of modern trends in antivirus industry for corporate users completes this article. Finally, the main goal of this article is to stress an attention about new trends suggested by AV vendors in their solutions in order to protect customers against newest security threats.

  3. Cyber security awareness toolkit for national security: An approach to South Africa’s cybersecurity policy implementation

    CSIR Research Space (South Africa)

    Phahlamohlaka, LJ

    2011-05-01

    Full Text Available Presidential policies and structures review on cyber security [17 ] was that the United States nation was at a crossroads. This was so because on the one hand, cyberspace underpins almost every facet of American society, providing critical support... critical disruptions to U.S. systems. There is an international drive by various governments to either develop, or review existing Cybersecurity policies. From the US point of view, the policies include strategies and standards regarding the security...

  4. Security Policy Development: Towards a Life-Cycle and Logic-Based Verification Model

    Directory of Open Access Journals (Sweden)

    Luay A. Wahsheh

    2008-01-01

    Full Text Available Although security plays a major role in the design of software systems, security requirements and policies are usually added to an already existing system, not created in conjunction with the product. As a result, there are often numerous problems with the overall design. In this paper, we discuss the relationship between software engineering, security engineering, and policy engineering and present a security policy life-cycle; an engineering methodology to policy development in high assurance computer systems. The model provides system security managers with a procedural engineering process to develop security policies. We also present an executable Prolog-based model as a formal specification and knowledge representation method using a theorem prover to verify system correctness with respect to security policies in their life-cycle stages.

  5. Collective Study On Security Threats In VOIP Networks

    National Research Council Canada - National Science Library

    Muhammad Zulkifl Hasan; Muhammad Zunnurain Hussain

    2015-01-01

    The Collective study will critically evaluate the voice over internet protocol VOIP Security threats issues amp challenges in the communication over the network the solution provided by different vendors...

  6. SCONES: Secure Content-Oriented Networking for Exploring Space Project

    Data.gov (United States)

    National Aeronautics and Space Administration — We envision a secure content-oriented internetwork as a natural generalization of the cache-and-forward architecture inherent in delay-tolerant networks. Using our...

  7. Security Routing Protocol For The Wireless Mesh Networks (WMNs)

    Institute of Scientific and Technical Information of China (English)

    王五妹; 赵彩丹; 黄联芬; 姚彦

    2008-01-01

    The pretty promising Wireless Mesh Networking technique, which is regarded as the next generation wireless Internet, not only possesses the normal features of wireless networks, but also has the advantages of multi-hop, self-organizing, etc. However, the great strength of the Mesh Networks also lead to a serious problem in the perspective of network security. This paper starts with the security issue of WMN routing and puts forward the corresponding solutions to the two kinds of routings’ security, such as adding the public/private (Pi/Si) key to the AODV to solve the problem of black hole and adding the credit value of nodes to the DSR to improve the security.

  8. Security-aware cooperation in cognitive radio networks

    CERN Document Server

    Zhang, Ning

    2014-01-01

    This brief investigates spectrum efficient and energy efficient strategies, known as cognitive radio networks (CRNs), to ensure secure cooperation between licensed and unlicensed users. The authors address issues of spectrum scarcity, spectrum sensing, transmission performance, trust-aware cooperation, and secure communications. Two security-aware cooperation based spectrum access schemes are presented. The first is a trust-aware cooperative framework for CRNs to improve the throughput or energy efficiency of licensed users and offer transmission opportunities to unlicensed users, taking into

  9. A Secure Communication Suite for Underwater Acoustic Sensor Networks

    OpenAIRE

    Angelica Lo Duca; Gianluca Dini

    2012-01-01

    In this paper we describe a security suite for Underwater Acoustic Sensor Networks comprising both fixed and mobile nodes. The security suite is composed of a secure routing protocol and a set of cryptographic primitives aimed at protecting the confidentiality and the integrity of underwater communication while taking into account the unique characteristics and constraints of the acoustic channel. By means of experiments and simulations based on real data, we show that the suite is suitable f...

  10. U.S. energy security: problems and policies

    Energy Technology Data Exchange (ETDEWEB)

    Toman, M.A

    2002-12-15

    The reemergence of concern about energy security in the wake of the September 2001 terror attacks amplified a theme that was already present in U.S. energy policy debates. Energy security was a central theme in the Bush administration energy policy report released by Vice President Cheney in the spring of 2001. World oil prices rose from about 10 dollar a barrel in 1998 to more than 30 dollar a barrel in late 2000. Prices trended down through most of 2001 to below 20 dollar a barrel, although the combined effect of improving economic conditions, OPEC supply cuts, and Middle East conflict (both actual and potential) have recently brought prices back into the dollar 25 per barrel neighborhood. In 2000 the United States imported almost 60 percent of the petroleum it consumed; imports from the Organization of Petroleum Exporting Countries (OPEC) made up about a quarter of total U.S. consumption. In previous energy security debates in the U.S., most of the attention has been on international oil markets and geopolitics. This time, even before September 11, the energy security debate had a much larger domestic component. The 2001 ''electricity market meltdown'' in California raised large concerns there and nationwide about the causes and consequences of electricity shortages and price volatility. The concerns run so deep that they are likely to have a significant effect on the ongoing debate about restructuring of the power sector though the nature of that effect remains to be determined. Similarly, periods of sharply rising motor fuels prices over the past few years increases well beyond what would be implied just by crude oil price volatility have led to concerns about the effects on households and commerce. All of these concerns are only amplified by worries about attacks on critical energy infrastructure. (author)

  11. The Elements of a Network to Educate for World Security.

    Science.gov (United States)

    Network to Educate for World Security, New York, NY.

    This publication examines efforts to educate for peace and disarmament. A proposal by the Network to Educate for World Security for the establishment of a United Nations sponsored disarmament fund devoted to worldwide peace and security education is presented in Section One. Section Two contains papers that suggest how the traditional way to…

  12. 78 FR 9431 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

    Science.gov (United States)

    2013-02-08

    ... From the Federal Register Online via the Government Publishing Office NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy... Industrial Security Program policy matters. DATES: The meeting will be held on March 20, 2013 from 10:00 a.m...

  13. Considerations for a Shipboard Multilevel Secure Local Area Network

    Science.gov (United States)

    1992-03-01

    fulfillment of the requirements for the degree of MASTER OF SCIENCE IN TELECOMMUNICATIONS SYSTEMS MANAGEMENT from the NAVAL POSTGRADUATE SCHOOL March 1992...Intentions arc to merge the three separate networks into one network, the DISNET. Physicall % unprotected trunks and host access lines on the MILNET are being...Computer Security Press. April 19S2. 13. Computers at Risk: Safe Computing in the Information Ave. System Security Stud% Committee, Computer Science and

  14. COLLABORATIVE NETWORK SECURITY MANAGEMENT SYSTEM BASED ON ASSOCIATION MINING RULE

    Directory of Open Access Journals (Sweden)

    Nisha Mariam Varughese

    2014-07-01

    Full Text Available Security is one of the major challenges in open network. There are so many types of attacks which follow fixed patterns or frequently change their patterns. It is difficult to find the malicious attack which does not have any fixed patterns. The Distributed Denial of Service (DDoS attacks like Botnets are used to slow down the system performance. To address such problems Collaborative Network Security Management System (CNSMS is proposed along with the association mining rule. CNSMS system is consists of collaborative Unified Threat Management (UTM, cloud based security centre and traffic prober. The traffic prober captures the internet traffic and given to the collaborative UTM. Traffic is analysed by the Collaborative UTM, to determine whether it contains any malicious attack or not. If any security event occurs, it will reports to the cloud based security centre. The security centre generates security rules based on association mining rule and distributes to the network. The cloud based security centre is used to store the huge amount of tragic, their logs and the security rule generated. The feedback is evaluated and the invalid rules are eliminated to improve the system efficiency.

  15. The Distributional Impact of Social Security Policy Options.

    Science.gov (United States)

    Couch, Kenneth A; Reznik, Gayle L; Tamborini, Christopher R; Iams, Howard M

    2017-01-01

    Using microsimulation, we estimate the effects of three policy proposals that would alter Social Security's eligibility rules or benefit structure to reflect changes in women's labor force activity, marital patterns, and differential mortality among the aged. First, we estimate a set of options related to the duration of marriage required to receive divorced spouse and survivor benefits. Second, we estimate the effects of an earnings sharing proposal with survivor benefits, in which benefits are based entirely on earned benefits with spouses sharing their earnings during years of marriage. Third, we estimate the effects of adjusting benefits to reflect the increasing differential life expectancy by lifetime earnings. The results advance our understanding of the distributional effects of these alternative policy options on projected benefits and retirement income, including poverty and supplemental poverty status, of divorced and widowed women aged 60 or older in 2030.

  16. Multicenter patient records research: security policies and tools.

    Science.gov (United States)

    Behlen, F M; Johnson, S B

    1999-01-01

    The expanding health information infrastructure offers the promise of new medical knowledge drawn from patient records. Such promise will never be fulfilled, however, unless researchers first address policy issues regarding the rights and interests of both the patients and the institutions who hold their records. In this article, the authors analyze the interests of patients and institutions in light of public policy and institutional needs. They conclude that the multicenter study, with Institutional Review Board approval of each study at each site, protects the interests of both. "Anonymity" is no panacea, since patient records are so rich in information that they can never be truly anonymous. Researchers must earn and respect the trust of the public, as responsible stewards of facts about patients' lives. The authors find that computer security tools are needed to administer multicenter patient records studies and describe simple approaches that can be implemented using commercial database products.

  17. A Survey on Secure Wireless Body Area Networks

    Directory of Open Access Journals (Sweden)

    Shihong Zou

    2017-01-01

    Full Text Available Combining tiny sensors and wireless communication technology, wireless body area network (WBAN is one of the most promising fields. Wearable and implantable sensors are utilized for collecting the physiological data to achieve continuously monitoring of people’s physical conditions. However, due to the openness of wireless environment and the significance and privacy of people’s physiological data, WBAN is vulnerable to various attacks; thus, strict security mechanisms are required to enable a secure WBAN. In this article, we mainly focus on a survey on the security issues in WBAN, including securing internal communication in WBAN and securing communication between WBAN and external users. For each part, we discuss and identify the security goals to be achieved. Meanwhile, relevant security solutions in existing research on WBAN are presented and their applicability is analyzed.

  18. Dynamic Enforcement of Knowledge-based Security Policies

    Science.gov (United States)

    2011-04-05

    probabilistic computation based on sampling. I. INTRODUCTION Facebook, Twitter, Flickr, and other successful on-line ser - vices enable users to easily...work aimed at controlling access to users’ private data has focused on access control policies. For example, Persona [6] users can store personal data...6] R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin, “ Persona : an online social network with user- defined privacy,” in SIGCOMM, 2009

  19. Asia-Pacific Responses to U.S. Security Policies

    Science.gov (United States)

    2003-03-01

    to involve itself). Australia’s Department of Foreign Affairs and Trade ( DFAT ) major policy document, entitled Advancing the National Interest...demonstrates that Indonesia, and Southeast Asia more widely, is threatened by the presence of terrorist cells linked to the al Qaeda network. Yet even...persuaded about the existence of terrorist cells within Indonesia. Although most Indonesians were as horrified by the September 11 attacks, there has

  20. Secure and Fair Cluster Head Selection Protocol for Enhancing Security in Mobile Ad Hoc Networks

    Science.gov (United States)

    Paramasivan, B.; Kaliappan, M.

    2014-01-01

    Mobile ad hoc networks (MANETs) are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP) is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP. PMID:25143986

  1. Secure and fair cluster head selection protocol for enhancing security in mobile ad hoc networks.

    Science.gov (United States)

    Paramasivan, B; Kaliappan, M

    2014-01-01

    Mobile ad hoc networks (MANETs) are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP) is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP.

  2. Secure and Fair Cluster Head Selection Protocol for Enhancing Security in Mobile Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    B. Paramasivan

    2014-01-01

    Full Text Available Mobile ad hoc networks (MANETs are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP.

  3. Empirical Network Performance Evaluation of Security Protocols on Operating Systems

    Directory of Open Access Journals (Sweden)

    Shaneel Narayan

    2012-10-01

    Full Text Available Securing data transmission is currently a widely researched topic. There are numerous facades in data security. Virtual Private Network (VPN is one such strand that provides security for data that is in motion. Performance of a network that has VPN implementation is at the forefront of network design and choice of the operating systems and cryptographic algorithms is critical to enhancing network performance. In this research undertaking, three VPN techniques, namely DES, 3DES and AES, which are commonly used to implement IPSec VPNs, are performance analyzed on test-bed setup. These are implemented on a network with Linux Fedora and a router and Windows desktop operating systems on another node. The VPN algorithms tested show that there may be performance differences when implemented with different operating system combinations.

  4. The Reluctant Atlanticist: France’s Security and Defence Policy in a Transatlantic Context

    DEFF Research Database (Denmark)

    Schmitt, Olivier

    2017-01-01

    This article introduces the key tenets of French foreign and security policy during the Cold War, and illustrates the deep challenges to the French consensus raised by the emergence of a unipolar system. There is a growing gap between the rhetoric of French security policy, emphasizing ‘autonomy’...... as a ‘treason’ from a romanticized Gaullist foreign policy....

  5. Strategy and Management of Network Security at KEK

    Institute of Scientific and Technical Information of China (English)

    KiyoharuHashimoto; TeijiNakamura; 等

    2001-01-01

    Recently the troubles related to the network security have often occurred attacks.It consists of two fundamental thinge;the monitoring and the access control.To monitor the network,we have installed the intrusion detectioin system and have managed it since 1998,For the second thing,we arranged three categories to classify all hosts (about 5000 hosts) at KEK according to their security level.To realize these three categories,we filter the incoming packet from outside KEK whether it has a SYN flag or not.The network monitoring and the access control produced good effects in keeping our security level high.Since 2000 we have started the transiton of LAN from shared-media network to switched network.Now almost part of LAN was re-configured and in this new LAN 10Mbps/100Mbps/1Gbps Ethernet are supported.Currently we are planning further speedup(10Gbps)and redundancy of network.Not only LAN but also WAN,network speed will be upgraded to 10 Gbps thanks to the strong promotion of IT by Japanese government,In this very high speed network,our current strategy will be affected and again the network security becomes a big issue,This paper describes our experiences in practice of the current strategy and management know-how together with the discussion on the new strategy.

  6. Practising EU Security Governance in the Transatlantic Context: A Fragmentation of Power or Networked Hegemony?

    Directory of Open Access Journals (Sweden)

    Benjamin Zyla

    2013-07-01

    Full Text Available Security governance is commonly understood as an answer to the new and constantly changing security environment after the Cold War. In the context of the European Union (EU, the governance approach is believed to understand better the evolving institutional characters, networks, and processes of the EU’s actions in global politics. By employing a neo-Gramscian framework we challenge the 'orthodox view' in the EU governance literature that networks are flexible and hierarchy-immune responses to increasingly global policy challenges. We argue that networks in and of themselves reproduce existing power structures, and discuss the presence and replication of hegemony through these networks by examining the EU’s governance system post the Lisbon Treaty.

  7. A secure communication suite for underwater acoustic sensor networks.

    Science.gov (United States)

    Dini, Gianluca; Lo Duca, Angelica

    2012-01-01

    In this paper we describe a security suite for Underwater Acoustic Sensor Networks comprising both fixed and mobile nodes. The security suite is composed of a secure routing protocol and a set of cryptographic primitives aimed at protecting the confidentiality and the integrity of underwater communication while taking into account the unique characteristics and constraints of the acoustic channel. By means of experiments and simulations based on real data, we show that the suite is suitable for an underwater networking environment as it introduces limited, and sometimes negligible, communication and power consumption overhead.

  8. A New Approach To Enhance Security In Mpls Network

    Directory of Open Access Journals (Sweden)

    S.Veni

    2012-06-01

    Full Text Available As Multiprotocol Label Switching (MPLS is becoming a more widespread technology For providing virtual private network (VPN services, MPLS architecture security is of increasing concern to service providers (SPs and VPN customers. MPLS suffers from a number of security issues as soon as an attacker successfully penetrates the core. This paper provides an approach to enhance security in MPLS network by integrating a new (k,n Threshold Secret Sharing scheme with MPLS in which shares obtained are send over multiple disjoint paths. Our approach is implemented to measure time overhead on secrets packet transmission.

  9. Applying New Network Security Technologies to SCADA Systems.

    Energy Technology Data Exchange (ETDEWEB)

    Hurd, Steven A; Stamp, Jason Edwin; Duggan, David P; Chavez, Adrian R.

    2006-11-01

    Supervisory Control and Data Acquisition (SCADA) systems for automation are very important for critical infrastructure and manufacturing operations. They have been implemented to work in a number of physical environments using a variety of hardware, software, networking protocols, and communications technologies, often before security issues became of paramount concern. To offer solutions to security shortcomings in the short/medium term, this project was to identify technologies used to secure "traditional" IT networks and systems, and then assess their efficacy with respect to SCADA systems. These proposed solutions must be relatively simple to implement, reliable, and acceptable to SCADA owners and operators. 4This page intentionally left blank.

  10. Molecular transport network security using multi-wavelength optical spins.

    Science.gov (United States)

    Tunsiri, Surachai; Thammawongsa, Nopparat; Mitatha, Somsak; Yupapin, Preecha P

    2016-01-01

    Multi-wavelength generation system using an optical spin within the modified add-drop optical filter known as a PANDA ring resonator for molecular transport network security is proposed. By using the dark-bright soliton pair control, the optical capsules can be constructed and applied to securely transport the trapped molecules within the network. The advantage is that the dark and bright soliton pair (components) can securely propagate for long distance without electromagnetic interference. In operation, the optical intensity from PANDA ring resonator is fed into gold nano-antenna, where the surface plasmon oscillation between soliton pair and metallic waveguide is established.

  11. A Secure Communication Suite for Underwater Acoustic Sensor Networks

    Directory of Open Access Journals (Sweden)

    Angelica Lo Duca

    2012-11-01

    Full Text Available In this paper we describe a security suite for Underwater Acoustic Sensor Networks comprising both fixed and mobile nodes. The security suite is composed of a secure routing protocol and a set of cryptographic primitives aimed at protecting the confidentiality and the integrity of underwater communication while taking into account the unique characteristics and constraints of the acoustic channel. By means of experiments and simulations based on real data, we show that the suite is suitable for an underwater networking environment as it introduces limited, and sometimes negligible, communication and power consumption overhead.

  12. Information Systems Security Audit

    Directory of Open Access Journals (Sweden)

    Gheorghe Popescu

    2007-12-01

    Full Text Available The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  13. Information Systems Security Audit

    OpenAIRE

    Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

    2007-01-01

    The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

  14. 32 CFR 2001.50 - Telecommunications automated information systems and network security.

    Science.gov (United States)

    2010-07-01

    ... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically...

  15. Information Security of PHY Layer in Wireless Networks

    Directory of Open Access Journals (Sweden)

    Weidong Fang

    2016-01-01

    Full Text Available Since the characteristics of wireless channel are open and broadcasting, wireless networks are very vulnerable to be attacked via eavesdropping, jamming, and interference. As traditional secure technologies are not suitable for PHY layer of wireless networks, physical-layer security issues become a focus of attention. In this paper, we firstly identify and summarize the threats and vulnerabilities in PHY layer of wireless networks. Then, we give a holistic overview of PHY layer secure schemes, which are divided into three categories: spatial domain-based, time domain-based, and frequency domain-based. Along the way, we analyze the pros and cons of current secure technologies in each category. In addition, we also conclude the techniques and methods used in these categories and point out the open research issues and directions in this area.

  16. Security Shift in Future Network Architectures

    NARCIS (Netherlands)

    Hartog, T.; Schotanus, H.A.; Verkoelen, C.A.A.

    2010-01-01

    In current practice military communication infrastructures are deployed as stand-alone networked information systems. Network-Enabled Capabilities (NEC) and combined military operations lead to new requirements which current communication architectures cannot deliver. This paper informs IT architect

  17. Securing Communication in Ambient Networks for Speech Therapy Systems

    Directory of Open Access Journals (Sweden)

    ZAHARIA, M. H.

    2007-11-01

    Full Text Available One of the most present issues of computer wireless networks is the security. Comparing with their wired counterpart, the wireless networks not only accentuate some of the well-known security vulnerabilities but they are subject of new and specific ones. Among the existing wireless networks the ad hoc ones are the most exposed to attacks and collusions due to the absence of any centralized control. The most efficient way to ensure the communication secrecy, inclusively for ad hoc wireless networks, is the cryptography. From many reasons, following from specific operating conditions, the employment of asymmetric key techniques and Public Key Infrastructure is not a realistic choice. In the networks with a large number of nodes, as wireless sensor networks, a large number of secret keys are involved in order to ensure the communication secrecy. While dynamicity is one of the essential features of mobile wireless networks, when nodes may leave or join the network and in the absence of a centralized control entity, the management of secret keys is crucial. The paper presents the main aspects of mobile wireless networks security and focuses on the key management issue in ad-hoc wireless networks.In this paper the problem of securing mobile devices used in ambient networks for speech therapy is presented. The main target consists in making various mobile devices involved in speech therapy to maintain both the confidentiality of personal data of the patient and also to avoid interference when simultaneous communicate with the control center. Due to non-technical type of user all password management will be made automatic by the control system. As result the mobile device will have a user transparent security layer added. The problem of people from isolated community treatment is also solved by this approach.

  18. MAC Security and Security Overhead Analysis in the IEEE 802.15.4 Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Sethi Sakshi

    2006-01-01

    Full Text Available Sensor networks have many applications. However, with limited resources such as computation capability and memory, they are vulnerable to many kinds of attacks. The IEEE 802.15.4 specification defines medium access control (MAC layer and physical layer for wireless sensor networks. In this paper, we propose a security overhead analysis for the MAC layer in the IEEE 802.15.4 wireless sensor networks. Furthermore, we survey security mechanisms defined in the specification including security objectives, security suites, security modes, encryption, authentication, and so forth. Then, security vulnerabilities and attacks are identified. Some security enhancements are proposed to improve security and to prevent these attacks such as same-nonce attack, denial-of-service attack, reply-protection attack, ACK attack, and so forth. Our results show that, for example, with 128-bit key length and 100 MIPS, encryption overhead is 10.28 s per block, and with 100 MIPS and 1500-byte payload, the encryption overhead is as high as 5782.5 s.

  19. Teaching Network Security in a Virtual Learning Environment

    Science.gov (United States)

    Bergstrom, Laura; Grahn, Kaj J.; Karlstrom, Krister; Pulkkis, Goran; Astrom, Peik

    2004-01-01

    This article presents a virtual course with the topic network security. The course has been produced by Arcada Polytechnic as a part of the production team Computer Networks, Telecommunication and Telecommunication Systems in the Finnish Virtual Polytechnic. The article begins with an introduction to the evolution of the information security…

  20. Smart photonic networks and computer security for image data

    Science.gov (United States)

    Campello, Jorge; Gill, John T.; Morf, Martin; Flynn, Michael J.

    1998-02-01

    Work reported here is part of a larger project on 'Smart Photonic Networks and Computer Security for Image Data', studying the interactions of coding and security, switching architecture simulations, and basic technologies. Coding and security: coding methods that are appropriate for data security in data fusion networks were investigated. These networks have several characteristics that distinguish them form other currently employed networks, such as Ethernet LANs or the Internet. The most significant characteristics are very high maximum data rates; predominance of image data; narrowcasting - transmission of data form one source to a designated set of receivers; data fusion - combining related data from several sources; simple sensor nodes with limited buffering. These characteristics affect both the lower level network design and the higher level coding methods.Data security encompasses privacy, integrity, reliability, and availability. Privacy, integrity, and reliability can be provided through encryption and coding for error detection and correction. Availability is primarily a network issue; network nodes must be protected against failure or routed around in the case of failure. One of the more promising techniques is the use of 'secret sharing'. We consider this method as a special case of our new space-time code diversity based algorithms for secure communication. These algorithms enable us to exploit parallelism and scalable multiplexing schemes to build photonic network architectures. A number of very high-speed switching and routing architectures and their relationships with very high performance processor architectures were studied. Indications are that routers for very high speed photonic networks can be designed using the very robust and distributed TCP/IP protocol, if suitable processor architecture support is available.

  1. Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas.

    Science.gov (United States)

    Wang, Ze; Zhang, Haijuan; Wu, Luqiang; Zhou, Chang

    2015-09-25

    Network security is one of the most important issues in mobile sensor networks (MSNs). Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA) is proposed to resist malicious attacks by using mobile nodes' dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

  2. Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas

    Directory of Open Access Journals (Sweden)

    Ze Wang

    2015-09-01

    Full Text Available Network security is one of the most important issues in mobile sensor networks (MSNs. Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA is proposed to resist malicious attacks by using mobile nodes’ dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

  3. Potential Security Attacks on Wireless Networks and their Countermeasure

    Directory of Open Access Journals (Sweden)

    Sreedhar. C

    2010-10-01

    Full Text Available The security of wireless networks has been a constant topic in the recent years. With the advance ofwireless networks, building reliable and secured communication is becoming extremely important.Wireless security is a mechanism of preventing unauthorized access or damage to computers usingwireless networks. A mobile ad-hoc network (MANET is a self-organizing system of mobile nodes thatcommunicate with each other through wireless links with no fixed infrastructure or centralizedadministration. This paper presents potential security attacks on Ad-hoc On-demand Distance Vector(AODV routing protocol and their countermeasure. IETF standardized AODV and considered as one ofthe most popular and promising on-demand routing protocols because of its lower network overhead andalgorithm complexity. AODV protocol does not store all the routing information in its routing table andthis causes potential security threat to the wireless networks. In this paper, we consider various knownsecurity attacks and in- specific blackhole attack on AODV and propose a countermeasure to thwartblackhole attack.

  4. Applied network security monitoring collection, detection, and analysis

    CERN Document Server

    Sanders, Chris

    2013-01-01

    Applied Network Security Monitoring is the essential guide to becoming an NSM analyst from the ground up. This book takes a fundamental approach to NSM, complete with dozens of real-world examples that teach you the key concepts of NSM. Network security monitoring is based on the principle that prevention eventually fails. In the current threat landscape, no matter how much you try, motivated attackers will eventually find their way into your network. At that point, it is your ability to detect and respond to that intrusion that can be the difference between a small incident and a major di

  5. Security of Mobile Devices and Wi-Fi Networks

    OpenAIRE

    Hong, Zimeng

    2015-01-01

    Along with the progress of times and the development of science and technology, mobile devices have become more and more popular. At the same time, an increasing number of Wi-Fi networks are being built for the demand of mobile devices. Therefore, the security between mobile devices and Wi-Fi networks became a main object in the IT area. The purpose of the thesis is to analyze security threats and give relative advises for all the mobile device and Wi-Fi network users. The thesis mainly ta...

  6. Impact of Population Aging on Military and Security Policy

    Directory of Open Access Journals (Sweden)

    Martina Šimková

    2014-12-01

    Full Text Available Population ageing is among the most important problems of developed European countries and the most frequently discussed social issues. The Czech Republic also faces population ageing and we cannot expect a different trend in the future. Life expectancy has increased due to better health care while current lifestyle often leads to lower natality, resulting in a negative rate of natural increase and a decreasing proportion of young people in population in the future. This problem affects all spheres of life and social and economic development. Population ageing may pose a threat to the security of the population in different ways. The functioning of the security system may be threatened due to decreasing workforce. Population ageing may undercut resources for military budgets. Young recruits represent an important part of military forces and the latter are competing in the labour market with more attractive occupations. Especially ensuring the stability of the personnel needed for securing crisis situations would be a significant problem of near future. This paper presents a demographic perspective on staffing and correct operation of military forces in the context of population ageing. It describes the current situation of human resources in the military policy of the Czech Republic and determines the negative impact of population ageing on recruitment potential. It deals with the sustainability of human resources for security forces.

  7. NETWORK SECURITY ATTACKS. ARP POISONING CASE STUDY

    Directory of Open Access Journals (Sweden)

    Luminiţa DEFTA

    2010-12-01

    Full Text Available Arp poisoning is one of the most common attacks in a switched network. A switch is a network device that limits the ability of attackers that use a packet sniffer to gain access to information from internal network traffic. However, using ARP poisoning the traffic between two computers can be intercepted even in a network that uses switches. This method is known as man in the middle attack. With this type of attack the affected stations from a network will have invalid entries in the ARP table. Thus, it will contain only the correspondence between the IP addresses of the stations from the same network and a single MAC address (the station that initiated the attack. In this paper we present step by step the initiation of such an attack in a network with three computers. We will intercept the traffic between two stations using the third one (the attacker.

  8. Clustered Hierarchy in Sensor Networks: Performance and Security

    Directory of Open Access Journals (Sweden)

    Mohammed Abuhelaleh

    2009-07-01

    Full Text Available Many papers have been proposed in order to increase the wireless sensor networks performance; This kind of network has limited resources, where the energy in each sensor came from a small battery that sometime is hard to be replaced or recharged. Transmission energy is the most concern part where the higher energy consumption takes place. Clustered hierarchy has been proposed in many papers; in most cases, it provides the network with better performance than other protocols. In our paper, first we discuss some of techniques,relates to this protocol, that have been proposed for energy efficiency; some of them were proposed to provide the network with more security level. Our proposal then suggests some modifications to some of these techniques to provide the network with more energy saving that should lead to high performance; also we apply our technique on an existing one that proposed to increase the security level of cluster sensor networks.

  9. Accessing a Network using a Secure Android Application

    Directory of Open Access Journals (Sweden)

    Padmalatha Ragunathan

    2012-07-01

    Full Text Available Security plays a vital role in today’s mobile world. There are security issues like sniffing of data while accessing information through open channel. Proper security measures can help to deal with the common security threats faced by mobile phone users such as data protection, privacy, application and personal information security. Cryptographic techniques play an important role in protecting communication links and data, since access to data can be limited to those who hold the proper key. This paper discusses a method to securely access information in a network by an android mobile application using AES cryptographic technique. The paper describes a new key sharing algorithm, based on the symmetric key management, for faster and efficient encryption of data that is suitable for use in a mobile device.

  10. SECURITY CHALLENGES IN MOBILE AD HOC NETWORKS: A SURVEY

    Directory of Open Access Journals (Sweden)

    Ali Dorri

    2015-02-01

    Full Text Available MANET is a kind of Ad Hoc network with mobile, wireless nodes. Because of its special characteristics like dynamic topology, hop-by-hop communications and easy and quick setup, MANET faced lots of challenges allegorically routing, security and clustering. The security challenges arise due to MANET’s selfconfiguration and self-maintenance capabilities. In this paper, we present an elaborate view of issues in MANET security. Based on MANET’s special characteristics, we define three security parameters for MANET. In addition we divided MANET security into two different aspects and discussed each one in details. A comprehensive analysis in security aspects of MANET and defeating approaches is presented. In addition, defeating approaches against attacks have been evaluated in some important metrics. After analyses and evaluations, future scopes of work have been presented.

  11. Network Security via Biometric Recognition of Patterns of Gene Expression

    Science.gov (United States)

    Shaw, Harry C.

    2016-01-01

    Molecular biology provides the ability to implement forms of information and network security completely outside the bounds of legacy security protocols and algorithms. This paper addresses an approach which instantiates the power of gene expression for security. Molecular biology provides a rich source of gene expression and regulation mechanisms, which can be adopted to use in the information and electronic communication domains. Conventional security protocols are becoming increasingly vulnerable due to more intensive, highly capable attacks on the underlying mathematics of cryptography. Security protocols are being undermined by social engineering and substandard implementations by IT organizations. Molecular biology can provide countermeasures to these weak points with the current security approaches. Future advances in instruments for analyzing assays will also enable this protocol to advance from one of cryptographic algorithms to an integrated system of cryptographic algorithms and real-time expression and assay of gene expression products.

  12. Security System in United Storage Network and Its Implementation

    Institute of Scientific and Technical Information of China (English)

    黄建忠; 谢长生; 韩德志

    2005-01-01

    With development of networked storage and its applications, united storage network (USN) combined with network attached storage (NAS) and storage area network (SAN) has emerged. It has such advantages as high performance, low cost, good connectivity, etc. However the security issue has been complicated because USN responds to block I/O and file I/O requests simultaneously. In this paper, a security system module is developed to prevent many types of atl~cks against USN based on NAS head.The module not only uses effective authentication to prevent unauthorized access to the system data, but also checks the data integrity.Experimental results show that the security module can not only resist remote attacks and attacks from those who has physical access to the USN, but can also be seamlessly integrated into underlying file systems, with little influence on their performance.

  13. FRAMEWORK FOR WIRELESS NETWORK SECURITY USING QUANTUM CRYPTOGRAPHY

    Directory of Open Access Journals (Sweden)

    Priyanka Bhatia

    2014-12-01

    Full Text Available Data that is transient over an unsecured wireless network is always susceptible to being intercepted by anyone within the range of the wireless signal. Hence providing secure communication to keep the user’s information and devices safe when connected wirelessly has become one of the major concerns. Quantum cryptography provides a solution towards absolute communication security over the network by encoding information as polarized photons, which can be sent through the air. This paper explores on the aspect of application of quantum cryptography in wireless networks. In this paper we present a methodology for integrating quantum cryptography and security of IEEE 802.11 wireless networks in terms of distribution of the encryption keys

  14. A Framework for Secure and Survivable Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Mi Chaw Mon THEIN

    2009-01-01

    Full Text Available Wireless sensor networks increasingly become viable solutions tomany challenging problems and will successively be deployed in many areas inthe future. A wireless sensor network (WSN is vulnerable to security attacksdue to the insecure communication channels, limited computational andcommunication capabilities and unattended nature of sensor node devices,limited energy resources and memory. Security and survivability of thesesystems are receiving increasing attention, particularly critical infrastructureprotection. So we need to design a framework that provide both security andsurvivability for WSNs. To meet this goals, we propose a framework for secureand survivable WSNs and we present a key management scheme as a case studyto prevent the sensor networks being compromised by an adversary. This paperalso considers survivability strategies for the sensor network against a variety ofthreats that can lead to the failure of the base station, which represents a centralpoint of failure.

  15. Secured Greedy Perimeter Stateless Routing for Wireless Sensor Networks

    CERN Document Server

    Samundiswary, P; Dananjayan, P

    2010-01-01

    Wireless sensor networks are collections of large number of sensor nodes. The sensor nodes are featured with limited energy, computation and transmission power. Each node in the network coordinates with every other node in forwarding their packets to reach the destination. Since these nodes operate in a physically insecure environment; they are vulnerable to different types of attacks such as selective forwarding and sinkhole. These attacks can inject malicious packets by compromising the node. Geographical routing protocols of wireless sensor networks have been developed without considering the security aspects against these attacks. In this paper, a secure routing protocol named secured greedy perimeter stateless routing protocol (S-GPSR) is proposed for mobile sensor networks by incorporating trust based mechanism in the existing greedy perimeter stateless routing protocol (GPSR). Simulation results prove that S-GPSR outperforms the GPSR by reducing the overhead and improving the delivery ratio of the netw...

  16. ENERGY IN THE CONTEXT OF THE PRESENT CHALLENGES TO THE EUROPEAN COMMON SECURITY AND DEFENCE POLICY

    Directory of Open Access Journals (Sweden)

    Gabriel ANDRUSEAC

    2014-10-01

    Full Text Available The Common Security and Defence Policy is a part of the European Union’s Common Foreign and Security Policy (CFSP and establishes the policy framework for the institutional structures and military instruments which have to deal with the security challenges in Europe’s geopolitical neighborhood. The article aims to identify and analyze the role of energy as one of the present challenges to the European Common Security and Defence Policy in the context of the recent events in the world economy.

  17. A Scalable Policy and SNMP Based Network Management Framework

    Institute of Scientific and Technical Information of China (English)

    LIU Su-ping; DING Yong-sheng

    2009-01-01

    Traditional SNMP-based network management can not deal with the task of managing large-scaled distributed network,while policy-based management is one of the effective solutions in network and distributed systems management. However,cross-vendor hardware compatibility is one of the limitations in policy-based management. Devices existing in current network mostly support SNMP rather than Common Open Policy Service (COPS) protocol. By analyzing traditional network management and policy-based network management, a scalable network management framework is proposed. It is combined with Internet Engineering Task Force (IETF) framework for policybased management and SNMP-based network management. By interpreting and translating policy decision to SNMP message,policy can be executed in traditional SNMP-based device.

  18. End-to-end Information Flow Security Model for Software-Defined Networks

    Directory of Open Access Journals (Sweden)

    D. Ju. Chaly

    2015-01-01

    Full Text Available Software-defined networks (SDN are a novel paradigm of networking which became an enabler technology for many modern applications such as network virtualization, policy-based access control and many others. Software can provide flexibility and fast-paced innovations in the networking; however, it has a complex nature. In this connection there is an increasing necessity of means for assuring its correctness and security. Abstract models for SDN can tackle these challenges. This paper addresses to confidentiality and some integrity properties of SDNs. These are critical properties for multi-tenant SDN environments, since the network management software must ensure that no confidential data of one tenant are leaked to other tenants in spite of using the same physical infrastructure. We define a notion of end-to-end security in context of software-defined networks and propose a semantic model where the reasoning is possible about confidentiality, and we can check that confidential information flows do not interfere with non-confidential ones. We show that the model can be extended in order to reason about networks with secure and insecure links which can arise, for example, in wireless environments.The article is published in the authors’ wording.

  19. Service Oriented Architecture in Network Security - a novel Organisation in Security Systems

    CERN Document Server

    Hilker, Michael

    2008-01-01

    Current network security systems are a collection of various security components, which are directly installed in the operating system. These check the whole node for suspicious behaviour. Armouring intrusions e.g. have the ability to hide themselves from being checked. We present in this paper an alternative organisation of security systems. The node is completely virtualized with current virtualization systems so that the operating system with applications and the security system is distinguished. The security system then checks the node from outside and the right security components are provided through a service oriented architecture. Due to the running in a virtual machine, the infected nodes can be halted, duplicated, and moved to other nodes for further analysis and legal aspects. This organisation is in this article analysed and a preliminary implementation showing promising results are discussed.

  20. High Secure Fingerprint Authentication in Ad hoc Network

    OpenAIRE

    P.Velayutham

    2010-01-01

    In this paper, the methodology proposed is an novel robust approach on secure fingerprint authentication and matching techniques to implement in ad-hoc wireless networks. This is a difficult problem in ad-hoc network, as it involves bootstrapping trust between the devices. This journal would present a solution, which providesfingerprint authentication techniques to share their communication in ad-hoc network. In this approach, devices exchange a corresponding fingerprint with master device fo...

  1. Ethernet-based Mass Volume Train Security Detection Network

    Directory of Open Access Journals (Sweden)

    D. Q. He

    2013-07-01

    Full Text Available As the existing train communication network transmission rate is low, large capacity status and fault diagnosis data, the event log data, passenger information which are stored in different vehicles equipments, it is difficult to realize fault diagnosis and intelligent maintenance efficiently and timely. Based on the train level and vehicle level Ethernet network, this paper will focus on network construction technology and real-time performance of mass volume onboard security detection network. The research results will improve control and network function of train.

  2. ATIP Report: Cyber Security Research in China

    Science.gov (United States)

    2015-06-05

    networks such as telecommunications ( telecom ) carrier backbone networks has improved, but domain name systems remains the weak link concerning security...analysis, cloud security, mobile security, and security of wireless sensor networks in China, and an overview of these research achievements is...provided within. KEYWORDS: Government S&T Policy / Funding, Information Technology / IT, Mathematics, Telecommunications / Networking COUNTRY

  3. School inclusion, support networks and social policies

    Directory of Open Access Journals (Sweden)

    Rosanna Claudia Bendinelli

    2012-03-01

    Full Text Available Special education. Educational policy. Right to education.The education as a right for everybody and its quality are goals that still require huge investments from the government and our society. When it concerns to the people with disabilities, global development disorder and talented / gifted, their access and permanence in the school depends on, most of times, political articulation beyond the educational field. The national legislation and the international recommendations indicate the constitution of support networks. The results presented here focus on the itinerary of São Paulo municipality to implement its special educational policy and highlight the actions towards the support networks. To achieve the goals proposed, documental sources were compiled, semi-structured interviews with special education professionals were conducted; professional characterization forms were filled in; and photographic registers were made. The analysis, using a qualitative approach, compared the set of information to the legislation from which we tried to grasp the advances and aspects to be strengthened in the aforementioned municipal policy. The results shown the undeniable advances in the special education of the municipality during the four-year administration, although the big amount of requests made to the municipal support centers were greater than the necessary implementation and consolidation of the partnership and support networks. It is pointed out that inter-departmental networks were indicated as necessary and they depended on actions of the public government, because this kind of interventions to the hierarchically superior, whether municipal department from the educational or other areas, were beyond the political – administrative status of the centers.

  4. Sensor data security level estimation scheme for wireless sensor networks.

    Science.gov (United States)

    Ramos, Alex; Filho, Raimir Holanda

    2015-01-19

    Due to their increasing dissemination, wireless sensor networks (WSNs) have become the target of more and more sophisticated attacks, even capable of circumventing both attack detection and prevention mechanisms. This may cause WSN users, who totally trust these security mechanisms, to think that a sensor reading is secure, even when an adversary has corrupted it. For that reason, a scheme capable of estimating the security level (SL) that these mechanisms provide to sensor data is needed, so that users can be aware of the actual security state of this data and can make better decisions on its use. However, existing security estimation schemes proposed for WSNs fully ignore detection mechanisms and analyze solely the security provided by prevention mechanisms. In this context, this work presents the sensor data security estimator (SDSE), a new comprehensive security estimation scheme for WSNs. SDSE is designed for estimating the sensor data security level based on security metrics that analyze both attack prevention and detection mechanisms. In order to validate our proposed scheme, we have carried out extensive simulations that show the high accuracy of SDSE estimates.

  5. Sensor Data Security Level Estimation Scheme for Wireless Sensor Networks

    Science.gov (United States)

    Ramos, Alex; Filho, Raimir Holanda

    2015-01-01

    Due to their increasing dissemination, wireless sensor networks (WSNs) have become the target of more and more sophisticated attacks, even capable of circumventing both attack detection and prevention mechanisms. This may cause WSN users, who totally trust these security mechanisms, to think that a sensor reading is secure, even when an adversary has corrupted it. For that reason, a scheme capable of estimating the security level (SL) that these mechanisms provide to sensor data is needed, so that users can be aware of the actual security state of this data and can make better decisions on its use. However, existing security estimation schemes proposed for WSNs fully ignore detection mechanisms and analyze solely the security provided by prevention mechanisms. In this context, this work presents the sensor data security estimator (SDSE), a new comprehensive security estimation scheme for WSNs. SDSE is designed for estimating the sensor data security level based on security metrics that analyze both attack prevention and detection mechanisms. In order to validate our proposed scheme, we have carried out extensive simulations that show the high accuracy of SDSE estimates. PMID:25608215

  6. Trust-Based Security Level Evaluation Using Bayesian Belief Networks

    Science.gov (United States)

    Houmb, Siv Hilde; Ray, Indrakshi; Ray, Indrajit; Chakraborty, Sudip

    Security is not merely about technical solutions and patching vulnerabilities. Security is about trade-offs and adhering to realistic security needs, employed to support core business processes. Also, modern systems are subject to a highly competitive market, often demanding rapid development cycles, short life-time, short time-to-market, and small budgets. Security evaluation standards, such as ISO 14508 Common Criteria and ISO/IEC 27002, are not adequate for evaluating the security of many modern systems for resource limitations, time-to-market, and other constraints. Towards this end, we propose an alternative time and cost effective approach for evaluating the security level of a security solution, system or part thereof. Our approach relies on collecting information from different sources, who are trusted to varying degrees, and on using a trust measure to aggregate available information when deriving security level. Our approach is quantitative and implemented as a Bayesian Belief Network (BBN) topology, allowing us to reason over uncertain information and seemingly aggregating disparate information. We illustrate our approach by deriving the security level of two alternative Denial of Service (DoS) solutions. Our approach can also be used in the context of security solution trade-off analysis.

  7. Security-Enhanced Autonomous Network Management for Space Networking Project

    Data.gov (United States)

    National Aeronautics and Space Administration — NASA's Space Communications and Navigation (SCaN) program is integrating its three current agency networks: Space Network (SN), Deep Space Network (DSN), and Near...

  8. The study on network security based on software engineering

    Science.gov (United States)

    Jia, Shande; Ao, Qian

    2012-04-01

    Developing a SP is a sensitive task because the SP itself can lead to security weaknesses if it is not conform to the security properties. Hence, appropriate techniques are necessary to overcome such problems. These techniques must accompany the policy throughout its deployment phases. The main contribution of this paper is then, the proposition of three of these activities: validation, test and multi-SP conflict management. Our techniques are inspired by the well established techniques of the software engineering for which we have found some similarities with the security domain.

  9. Security of Quantum Repeater Network Operation

    Science.gov (United States)

    2016-10-03

    enumerating differences from classical networks. Quantum networks, of course, depend upon successful creation of high-fidelity entanglement at the link...is equivalent to the classical Internet silently corrupting data somewhere along a network path without the benefit of hop-by-hop error detection...for nodes intended to form a future Quantum Internet be required to support two classes of physically distinct qubits inside the DISTRIBUTION A

  10. A Secure Routing Protocol for Wireless Sensor Networks Considering Secure Data Aggregation

    Directory of Open Access Journals (Sweden)

    Triana Mugia Rahayu

    2015-06-01

    Full Text Available The commonly unattended and hostile deployments of WSNs and their resource-constrained sensor devices have led to an increasing demand for secure energy-efficient protocols. Routing and data aggregation receive the most attention since they are among the daily network routines. With the awareness of such demand, we found that so far there has been no work that lays out a secure routing protocol as the foundation for a secure data aggregation protocol. We argue that the secure routing role would be rendered useless if the data aggregation scheme built on it is not secure. Conversely, the secure data aggregation protocol needs a secure underlying routing protocol as its foundation in order to be effectively optimal. As an attempt for the solution, we devise an energy-aware protocol based on LEACH and ESPDA that combines secure routing protocol and secure data aggregation protocol. We then evaluate its security effectiveness and its energy-efficiency aspects, knowing that there are always trade-off between both.

  11. Security in RFID and sensor networks

    CERN Document Server

    Kitsos, Paris

    2009-01-01

    Security in RFIDMulti-Tag RFID Systems, L. Bolotnyy and G. RobinsAttacking RFID Systems, P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. RibagordaRFID Relay Attacks: System Analysis,Modeling, and Implementation, A. Lima, A. Miri, and M. NevinsPhysical Privacy and Security in RFID Systems, L. Bolotnyy and G. RobinsAuthentication Protocols in RFID Systems, G. Pantelic, S. Bojanic, and V. TomaševicLightweight Cryptography for Low-Cost RFID Tags, P. Peris-Lopez, J.C.

  12. Securing Mobile Ad hoc Networks:Key Management and Routing

    CERN Document Server

    Chauhan, Kamal Kumar; 10.5121/ijans.2012.2207

    2012-01-01

    Secure communication between two nodes in a network depends on reliable key management systems that generate and distribute keys between communicating nodes and a secure routing protocol that establishes a route between them. But due to lack of central server and infrastructure in Mobile Ad hoc Networks (MANETs), this is major problem to manage the keys in the network. Dynamically changes in network's topology causes weak trust relationship among the nodes in the network. In MANETs a mobile node operates as not only end terminal but also as an intermediate router. Therefore, a multi-hop scenario occurs for communication in MANETs; where there may be one or more malicious nodes in between source and destination. A routing protocol is said to be secure that detects the detrimental effects of malicious node(s in the path from source to destination). In this paper, we proposed a key management scheme and a secure routing protocol that secures on demand routing protocol such as DSR and AODV. We assume that MANETs ...

  13. Cyber Security Research Frameworks For Coevolutionary Network Defense

    Energy Technology Data Exchange (ETDEWEB)

    Rush, George D. [Missouri Univ. of Science and Technology, Rolla, MO (United States); Tauritz, Daniel Remy [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

    2015-12-03

    Several architectures have been created for developing and testing systems used in network security, but most are meant to provide a platform for running cyber security experiments as opposed to automating experiment processes. In the first paper, we propose a framework termed Distributed Cyber Security Automation Framework for Experiments (DCAFE) that enables experiment automation and control in a distributed environment. Predictive analysis of adversaries is another thorny issue in cyber security. Game theory can be used to mathematically analyze adversary models, but its scalability limitations restrict its use. Computational game theory allows us to scale classical game theory to larger, more complex systems. In the second paper, we propose a framework termed Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) that can coevolve attacker and defender agent strategies and capabilities and evaluate potential solutions with a custom network defense simulation. The third paper is a continuation of the CANDLES project in which we rewrote key parts of the framework. Attackers and defenders have been redesigned to evolve pure strategy, and a new network security simulation is devised which specifies network architecture and adds a temporal aspect. We also add a hill climber algorithm to evaluate the search space and justify the use of a coevolutionary algorithm.

  14. Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium.

    Science.gov (United States)

    Somasundaram, M; Sivakumar, R

    2015-01-01

    Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security.

  15. File Assignment Policy in Network Storage System

    Institute of Scientific and Technical Information of China (English)

    CaoQiang; XieChang-sheng

    2003-01-01

    Network storage increase capacity and scalability of storage system, data availability and enables the sharing of data among clients. When the developing network technology reduce performance gap between disk and network, however,mismatched policies and access pattern can significantly reduce network storage performance. So the strategy of data place ment in system is an important factor that impacts the performance of overall system. In this paper, the two algorithms of file assignment are presented. One is Greed partition that aims at the load balance across all NADs (Network Attached Disk). The other is Sort partition that tries to minimize variance of service time in each NAD. Moreover, we also compare the performance of our two algorithms in practical environment. Our experimental results show that when the size distribution (load characters) of all assigning files is closer and larger, Sort partition provides consistently better response times than Greedy algorithm. However, when the range of all assigning files is wider, there are more small files and access rate is higher, the Greedy algorithm has superior performance in compared with the Sort partition in off-line.

  16. File Assignment Policy in Network Storage System

    Institute of Scientific and Technical Information of China (English)

    Cao Qiang; Xie Chang-sheng

    2003-01-01

    Network storage increase capacity and scalability of storage system, data availability and enables the sharing of data among clients. When the developing network technology reduce performance gap between disk and network, however, mismatched policies and access pattern can significantly reduce network storage performance. So the strategy of data placement in system is an important factor that impacts the performance of overall system. In this paper, the two algorithms of file assignment are presented. One is Greed partition that aims at the load balance across all NADs (Network Attached Disk). The other is Sort partition that tries to minimize variance of service time in each NAD. Moreover, we also compare the performance of our two algorithms in practical environment. Our experimental results show that when the size distribution (load characters) of all assigning files is closer and larger, Sort partition provides consistently better response times than Greedy algorithm. However, when the range of all assigning files is wider, there are more small files and access rate is higher, the Greedy algorithm has superior performance in compared with the Sort partition in off-line.

  17. Routing in Vehicular Networks: Feasibility, Modeling, and Security

    Directory of Open Access Journals (Sweden)

    Ioannis Broustis

    2008-01-01

    Full Text Available Vehicular networks are sets of surface transportation systems that have the ability to communicate with each other. There are several possible network architectures to organize their in-vehicle computing systems. Potential schemes may include vehicle-to-vehicle ad hoc networks, wired backbone with wireless last hops, or hybrid architectures using vehicle-to-vehicle communications to augment roadside communication infrastructures. Some special properties of these networks, such as high mobility, network partitioning, and constrained topology, differentiate them from other types of wireless networks. We provide an in-depth discussion on the important studies related to architectural design and routing for such networks. Moreover, we discuss the major security concerns appearing in vehicular networks.

  18. Security Implications of Human-Trafficking Networks

    Science.gov (United States)

    2007-06-15

    to those security concerns. Background How is Human Trafficking Carried Out? While trafficking victims are often found in sweatshops , domestic...labor. This type of trafficking is often found in agricultural labor, the production of goods (typically called sweatshops ) and construction labor

  19. Security of Quantum Repeater Network Operation

    Science.gov (United States)

    2016-10-03

    15.  SUBJECT TERMS Quantum Architecture 16.  SECURITY CLASSIFICATION OF: 17.  LIMITATION OF ABSTRACT SAR 18.  NUMBER OF PAGES  5   19a.  NAME OF...22 Rodney Van Meter Associate Professor, Faculty of Environment and Information Studies Keio University, Japan +81-90-8012-3643 rdv@sfc.keio.ac.jp

  20. Collaboration using roles. [in computer network security

    Science.gov (United States)

    Bishop, Matt

    1990-01-01

    Segregation of roles into alternative accounts is a model which provides not only the ability to collaborate but also enables accurate accounting of resources consumed by collaborative projects, protects the resources and objects of such a project, and does not introduce new security vulnerabilities. The implementation presented here does not require users to remember additional passwords and provides a very simple consistent interface.

  1. A Secure Multi-Routing Platform for Ad Hoc Network

    Institute of Scientific and Technical Information of China (English)

    LU She-jie; CHEN Jing; XIONG Zai-hong

    2008-01-01

    In an ad hoc network, it is usually difficult to optimize the assignment of network routing resources using a single type of routing protocol due to the differences in network scale, node moving mode and node distribution. Therefore, it is desirable to have nodes run multiple routing protocols simultaneously so that more than one protocols can be chosen to work jointly. For this purpose,a multiple routing platform for Ad hoc networks is proposed on a higher level of current routing protocols. In order to ensure the security of the platform, a security mechanism and its formal analysis by BAN logic is given. The simulation results of the network performance demonstrate that the proposed multi-routing platform is practicable in some complex applications.

  2. Cloud Computing for Network Security Intrusion Detection System

    Directory of Open Access Journals (Sweden)

    Jin Yang

    2013-01-01

    Full Text Available In recent years, as a new distributed computing model, cloud computing has developed rapidly and become the focus of academia and industry. But now the security issue of cloud computing is a main critical problem of most enterprise customers faced. In the current network environment, that relying on a single terminal to check the Trojan virus is considered increasingly unreliable. This paper analyzes the characteristics of current cloud computing, and then proposes a comprehensive real-time network risk evaluation model for cloud computing based on the correspondence between the artificial immune system antibody and pathogen invasion intensity. The paper also combines assets evaluation system and network integration evaluation system, considering from the application layer, the host layer, network layer may be factors that affect the network risks. The experimental results show that this model improves the ability of intrusion detection and can support for the security of current cloud computing.

  3. NOTICE OF ELECTRICAL CUT - TEST OF THE SECURED NETWORK

    CERN Document Server

    Electrical Service ST/EL

    2001-01-01

    The electrical service ST/EL will test the switching sequence between the secured network and the diesel generators on January 8, 2002. The normal network, general services of the sites Meyrin, Prevessin, SPS, Zone Nord, LHC1 and LHC18 will be cut between 6:00am and 6:10am. The secured network will be resupplied by the diesel generators after approximately 1 minute. The UPS network will not be affected. To facilitate the restart of the electrical network and to minimize the impact of the tests on critical equipment, we would like to ask you to stop any equipment that might suffer major inconveniences during the tests (e.g. computers). For any further information, please do not hesitate to contact the Technical Control Room TCR (72201) or G. Cumer (160592).

  4. Framework for Efficient Secure Steganographic Communication over Network Protocols

    Directory of Open Access Journals (Sweden)

    Jasbir Singh

    2013-12-01

    Full Text Available Security by obscurity has gained attention; as a result steganography is becoming more popular in the network communication. Network steganography describes various methods used for transmitting data over a network without it being detected. Most of the methods proposed for hiding data in a network do not offer an additional protection to the covert data as it is sent as plain text. This paper presents a framework that offers the protection to the covert data by encrypting it and compresses it for gain in efficiency. Several ways of sending covert information through network using TCP/IP protocol are discussed. Also, the communication made more secure and efficient by using compression and encryption techniques. Finally, the performance of the proposed framework is compared with other steganography tools.

  5. Secure and reliable routing in mobile adhoc networks

    CERN Document Server

    Haboub, Rachid

    2012-01-01

    The growing diffusion of wireless-enabled portable devices and the recent advances in Mobile Ad-hoc NETworks (MANETs) open new scenarios where users can benefit from anywhere and at any time for impromptu collaboration. However, energy constrained nodes, low channel bandwidth, node mobility, high channel error rates, channel variability and packet loss are some of the limitations of MANETs. MANETs presents also security challenges. These networks are prone to malicious users attack, because any device within the frequency range can get access to the MANET. There is a need for security mechanisms aware of these challenges. Thus, this work aims to provide a secure MANET by changing the frequency of data transmission. This security approach was tested, and the results shows an interesting decreased of throughput from malicious node when the number of frequency used is increased, that way the MANET will not waste it's resources treating malicious packets. The other contribution of this work is a mobility aware ro...

  6. A Review of Cryptographic Algorithms in Network Security

    Directory of Open Access Journals (Sweden)

    B.Nithya

    2016-02-01

    Full Text Available In the excellent growth of internet environment, there is a challenge to send data in secure. Security means sending information without any modification or hacking done by unauthorized users. The network security has the component of cryptography technique which acts like guard to the information. The general concept of cryptography is encryption and decryption. There are many cryptographic algorithms are used to send the information as cipher text which cannot be understand by the intruders. So experts have taken the existing algorithms to provide security over the network and they want to apply the benefits of those algorithms in the suitable places. First step of getting the help from algorithm is to be studied and compared their parameters. This paper presents a review that comparative study of algorithms taken by many authors.

  7. A security suite for wireless body area networks

    CERN Document Server

    Sampangi, Raghav V; Urs, Shalini R; Sampalli, Srinivas

    2012-01-01

    Wireless Body Area Networks (WBANs) have gained a lot of research attention in recent years since they offer tremendous benefits for remote health monitoring and continuous, real-time patient care. However, as with any wireless communication, data security in WBANs is a challenging design issue. Since such networks consist of small sensors placed on the human body, they impose resource and computational restrictions, thereby making the use of sophisticated and advanced encryption algorithms infeasible. This calls for the design of algorithms with a robust key generation / management scheme, which are reasonably resource optimal. This paper presents a security suite for WBANs, comprised of IAMKeys, an independent and adaptive key management scheme for improving the security of WBANs, and KEMESIS, a key management scheme for security in inter-sensor communication. The novelty of these schemes lies in the use of a randomly generated key for encrypting each data frame that is generated independently at both the s...

  8. Basic security measures for IEEE 802.11 wireless networks

    Directory of Open Access Journals (Sweden)

    Oscar P. Sarmiento

    2010-05-01

    Full Text Available This article presents a tutorial/discussion of three commonly-used IEEE 802.11 wireless network security standards: WEP, WPA and WPA2. A detailed analysis of the RC4 algorithm supporting WEP is presented, including its vulnera-bilities. The WPA and WPA2 encryption protocols’ most relevant aspects and technical characteristics are reviewed for a comparative analysis of the three standards in terms of the security they provide. Special attention has been paid to WEP encryption by using an educational simulation tool written in C++ Builder for facilitating the unders-tanding of this protocol at academic level. Two practical cases of wireless security configurations using Cisco net-working equipment are also presented: configuring and enabling WPA-Personal and WPA2-Personal (these being security options used by TKIP and AES, respectively.

  9. Security Challenges and Attacks in Mobile Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    CH.V. Raghavendran

    2013-09-01

    Full Text Available Mobile Ad hoc Network (MANET is an autonomous collection of mobile nodes that form a temporary network without of any existing network infrastructure or central access point. The popularity of these networks created security challenges as an important issue. The traditional routing protocols perform well with dynamically changing topology but are not designed to defense against security challenges. In this paper we discuss about current challenges in an ad hoc environment which includes the different types of potential attacks that are possible in the Mobile Ad hoc Networks that can harm its working and operation. We have done literature study and gathered information relating to various types of attacks. In our study, we have found that there is no general algorithm that suits well against the most commonly known attacks. But the complete security solution requires the prevention, detection and reaction mechanisms applied in MANET. To develop suitable security solutions for such environments, we must first understand how MANETs can be attacked. This paper provides a comprehensive study of attacks against mobile ad hoc networks. We present a detailed classification of the attacks against MANETs.

  10. A Quick review of Network Security and Steganography

    OpenAIRE

    Gandharba Swain; Saroj Kumar Lanka

    2012-01-01

    In this paper we present a classification of network security techniques such as: secrecy, authentication, non-repudiation and integrity control. The secrecy techniques are two categories: cryptography and steganography. Steganography like cryptography is a very useful technique to achieve secrecy in communication. If both cryptography and steganography are used then the communication becomes two fold secured. All the major techniques on image steganography proposed by different researcher...

  11. Secure Networks for First Responders and Special Forces

    Science.gov (United States)

    2005-01-01

    When NASA needed help better securing its communications with orbiting satellites, the Agency called on Western DataCom Co., Inc., to help develop a prototype Internet Protocol (IP) router. Westlake, Ohio-based Western DataCom designs, develops, and manufactures hardware that secures voice, video, and data transmissions over any IP-based network. The technology that it jointly developed with NASA is now serving as a communications solution in military and first-response situations.

  12. HARDWARE IMPLEMENTATION OF SECURE AODV FOR WIRELESS SENSOR NETWORKS

    Directory of Open Access Journals (Sweden)

    S. Sharmila

    2010-12-01

    Full Text Available Wireless Sensor Networks are extremely vulnerable to any kind of routing attacks due to several factors such as wireless transmission and resource-constrained nodes. In this respect, securing the packets is of great importance when designing the infrastructure and protocols of sensor networks. This paper describes the hardware architecture of secure routing for wireless sensor networks. The routing path is selected using Ad-hoc on demand distance vector routing protocol (AODV. The data packets are converted into digest using hash functions. The functionality of the proposed method is modeled using Verilog HDL in MODELSIM simulator and the performance is compared with various target devices. The results show that the data packets are secured and defend against the routing attacks with minimum energy consumption.

  13. Network Security using Linux Intrusion Detection System / IJORCS

    Directory of Open Access Journals (Sweden)

    Arul Anitha

    2011-12-01

    Full Text Available Attacks on the nation’s computer infrastructures are becoming an increasingly serious problem. Firewalls provide a certain amount of security, but can be fooled at times by attacks like IP spoofing and the so called authorized users. So an intelligent system that can detect attacks and intrusions is required. The tool GRANT (Global Real-time Analysis of Network Traffic being a Linux based Intrusion Detection System(LIDs, takes the advantage of the security of a Linux box and secures the other nodes in the perimeter of the network. It is capable of detecting intrusions and probes as and when they occur and capable of responding to “already” successful attacks, thus causing minimal or no damage to the entire network. For better performance, this Linux Intrusion Detection System should be part of a defense in depth strategy such as Firewall and Intrusion Prevention.

  14. Transmission Network Expansion Planning Considering Desired Generation Security

    Directory of Open Access Journals (Sweden)

    Samaneh GOLESTANI

    2014-02-01

    Full Text Available Transmission Network Expansion Planning (TNEP is an important part of power system planning in both conventional and new structured power market. Its goal is to minimize the network construction and operational cost while satisfying the demand increase, considering technical and economic conditions. Planning algorithm in this paper consisted of two stages. The former specifies highly uncertain lines and probability of congestion, considering desired generation security level (e.g. N-2 generation security level. The latter determines the optimal expansion capacity of existing lines. Splitting required capacity for reinforcement of weak lines due to desired generation security level simplifies the TNEP problem. In addition, it monitors the impact of generation uncertainty on transmission lines. Simulation results of the proposed idea are presented for IEEE-RTS-24bus network.

  15. Secure Routing and Data Transmission in Mobile Ad Hoc Networks

    Directory of Open Access Journals (Sweden)

    Waleed S. Alnumay

    2014-01-01

    Full Text Available In this paper, we present an identity (ID based protocol that secures AODV and TCP so that it can be used in dynamic and attack prone environments of mobile ad hoc networks. The proposed protocol protects AODV using Sequential Aggregate Signatures (SAS based on RSA. It also generates a session key for each pair of source-destination nodes of a MANET for securing the end-to-end transmitted data. Here each node has an ID which is evaluated from its public key and the messages that are sent are authenticated with a signature/ MAC. The proposed scheme does not allow a node to change its ID throughout the network lifetime. Thus it makes the network secure against attacks that target AODV and TCP in MANET. We present performance analysis to validate our claim.

  16. 78 FR 34665 - Homeland Security Information Network Advisory Committee (HSINAC); Meeting

    Science.gov (United States)

    2013-06-10

    ... SECURITY Homeland Security Information Network Advisory Committee (HSINAC); Meeting AGENCY: OPS/OCIO, DHS... Security Information Network Advisory Committee (HSINAC) will meet on Tuesday, June 25th, 2013 from 1 p.m...: http://www.dhs.gov/homeland-security-information-network-advisory-committee . There is a meeting...

  17. USABILITY AND SECURITY ASPECTS OF SOCIAL NETWORK SITES (SNS

    Directory of Open Access Journals (Sweden)

    P. Venkateswari

    2011-10-01

    Full Text Available The rising level of Social Network Sites (SNS is incredible. An SNS is a network system which offers quality services like connecting users and providing a platform to establish communications among the individuals of common interest. The paper aims at providing technical as well as social aspects akin to ‘Security Vs Usability’ in restricted user forums within a Social Network Site (SNS. As per surveys conducted in US, security of data plays a vital role in restricted user groups of SNS. Therefore authentication & security processing techniques become important to protect the data from unauthorized access into an SNS. However, as far as a common user is concerned, when security is given a higher priority by the system, the usability for the user itself is then affected. This has been observed from survey conducted in South India. Conducive user environment is preferred particularly for SNS. The paper presents security features, derived from technical study and usability issues, obtained from Social survey in restricted user forums of a selected SNS that has been experimented and validated. The paper also presents results obtained from social survey study that are based on feedback analysis conducted on security as well as usability issues from user respondents (based on purposive sampling.The results and the findings will be of immense use to SNS designers and researchers.

  18. Management and Security for Grid, Cloud and Cognitive Networks

    Directory of Open Access Journals (Sweden)

    WESTPHALL, C. B

    2011-12-01

    Full Text Available This paper present a number of research initiatives related to innovative and cut-edge technologies for Cloud Computing. These are chiefly in the fields of (i environment security, (ii quality assurance, (iii service composition, and (iv system management. We present technologies for intrusion detection; a SLA perspective in security management; customer security concerns; a Cloud-based solution for eHealth; experimental assessment of routing for grid and cloud; simulator improvements to validate the green cloud computing approach, and; a framework to radio layer operation in cognitive networks.

  19. Secure and Authenticated Data Communication in Wireless Sensor Networks.

    Science.gov (United States)

    Alfandi, Omar; Bochem, Arne; Kellner, Ansgar; Göge, Christian; Hogrefe, Dieter

    2015-01-01

    Securing communications in wireless sensor networks is increasingly important as the diversity of applications increases. However, even today, it is equally important for the measures employed to be energy efficient. For this reason, this publication analyzes the suitability of various cryptographic primitives for use in WSNs according to various criteria and, finally, describes a modular, PKI-based framework for confidential, authenticated, secure communications in which most suitable primitives can be employed. Due to the limited capabilities of common WSN motes, criteria for the selection of primitives are security, power efficiency and memory requirements. The implementation of the framework and the singular components have been tested and benchmarked in our testbed of IRISmotes.

  20. Information Networks Secured by the Laws of Physics

    CERN Document Server

    Kish, Laszlo B

    2011-01-01

    In this paper, we survey the state of the art of the secure key exchange method that is secured by the laws of classical statistical physics, and involves the Kirchhoff's law and the generalized Johnson noise equation, too. We discuss the major characteristics and advantages of these schemes especially in comparison with quantum encryption, and analyze some of the technical challenges of its implementation, too. Finally, we outline some ideas about how to use already existing and currently used wire lines, such as power lines, phone lines, internet lines to implement unconditionally secure information networks.

  1. Using overlays to improve network security

    Science.gov (United States)

    Keromytis, Angelos D.; Misra, Vishal; Rubenstein, Daniel

    2002-07-01

    As we increase our dependency upon networked communication, the incentive to compromise and degrade network performance increases for those who wish to disrupt the flow of information. Attacks that lead to such compromise and degradation can come in a variety of forms, including distributed denial of service (DDoS) attacks, cutting wires, jamming transmissions, and monitoring/eavesdropping. Users can protect themselves from monitoring by applying cryptographic techniques, and the recent work has explored developing networks that react to DDoS attacks by locating the source(s) of the attack. However, there has been little work that addresses preventing the other kinds of attacks as opposed to reacting to them. Here, we discuss how network overlays can be used to complicate the job of an attacker that wishes to prevent communication. To amplify our point, we focus briefly on a study of preventing DDoS attacks by using overlays.

  2. SNR Based Digital Estimation of Security in Wireless Sensor Networks

    Science.gov (United States)

    Ashraf, Adnan; Rajput, Abdulrauf; Mussadiq, Marvie; Chowdhry, Bhawani S.; Hashmani, Manzoor

    Security in wireless sensor networks (WSNs) is usually thought as privacy, auditing, intrusion detection and protection. In general, the quality of signal processing is considered as issue of middleware layers. The higher values of signal to noise ratio (SNR) are vital for target detection and estimation which is the most critical objective of WSN. Despite of the fact that SNR has a significant impact on objectives of WSN, not much investigation is found in literature about SNR and its security impact on such networks. The entire WSN can be rendered as useless due to SNR degradation and therefore, SNR is a prevailing security threat in WSNs. In the light of modern concepts of security, the safety should accompany the availability, scalability, efficiency and the quality parameters of inter-node communication. We show that SNR can identify suspicious activities which can exploit the performance and quality of communication in a sensor network. Also, by varying range of transmission radii and observing its impact on SNR we demonstrate that SNR-values, SNR-variance and pre-defined network threshold of SNR-variance, together can be useful in security assessment of WSN.

  3. A Survey of Game Theory in Wireless Sensor Networks Security

    Directory of Open Access Journals (Sweden)

    Shigen Shen

    2011-03-01

    Full Text Available Wireless Sensor Networks (WSNs are becoming an integral part of our lives. There are not widespread applications of WSNs without ensuring WSNs security. Due to the limited capabilities of sensor nodes in terms of computation, communication, and energy, providing security to WSNs is challenging. In fact, the process of implementing WSNs security is adaptive and dynamic, which evolves continually. The essence of attack-defend in WSNs security can be expressed by mutual strategies of interdependence while game theory can be used for the purpose of accounting for interactions among strategies of rational decision makers. Therefore, studying WSNs security with game theory has higher scientificity and rationality. This paper presents a survey of security approaches based on game theory in WSNs. According to different applications, a taxonomy is proposed, which divides current existing typical game-theoretic approaches for WSNs security into four categories: preventing Denial of Services (DoS attacks, intrusion detection, strengthening security, and coexistence with malicious sensor nodes. The main ideas of each approach are overviewed while advantages and disadvantages of various approaches are discussed. Then, this paper overviews related work and highlights the difference from other surveys, and points out some future research areas for ensuring WSNs security based on game theory, including Base Station (BS credibility, Intrusion Detection System (IDS efficiency, WSNs mobility, WSNs Quality of Service (QoS, real-world applicability, energy consumption, sensor nodes learning, and expanding game theory applications and different games. Thus, a global view of WSNs security approaches based on game theory is provided. To our best knowledge of knowing, it is the first paper centrally focusing on game theory in WSNs security. It will make the researchers a better understanding of game-theoretic solutions to WSNs security and further research directions.

  4. System and Network Security Acronyms and Abbreviations

    Science.gov (United States)

    2009-09-01

    Committee on National Security Systems Instruction CoA care-of address codec coder/ decoder COI conflict of interest COM Component Object Model COOP...ECP Encryption Control Protocol ECPA Electronic Communications Privacy Act EDGE Enhanced Data rates for GSM Evolution EDI electronic data...Generic Routing Encapsulation GRS General Records Schedule GS1 Global Standards One GSA U.S. General Services Administration GSM Global System for

  5. The impact of security and intelligence policy in the era of cyber crimes

    Directory of Open Access Journals (Sweden)

    MSc. Bahri Gashi

    2016-07-01

    Full Text Available Creation of National Cyber Defense Strategy, is the only security and the best protection against cyber-crimes. This is the starting point, from where adequate policies and necessary legal measures begin, aiming the creation of a solid ground and responsible users by implementing comprehensive measures and legal restrictions. The methodology used to achieve the recognition of users with applicable legislation and regulations on the use of the Internet, as well as legal obligations; implementation of procedures to use communication systems; signing and approval by users of their responsibilities; knowledge and information on the risks and threats stemming from the use of communication networks; certification of trained and specialized staff; classification and processing of information in a particular system; identifying unauthorized users who use classified information networks in  public systems and private sector; creating barriers in distance entry networks and information systems, etc. Various Security and Intelligence institutions covering and operating in these areas are responsible for the creation and promotion of National Cyber Defense Strategy, analyzing the risk to implement protective measures for preventing attacks on Cybercrime (Cyber Crimes.

  6. GFI Network Security and PCI Compliance Power Tools

    CERN Document Server

    Posey, Brien

    2008-01-01

    Today all companies, U.S. federal agencies, and non-profit organizations have valuable data on their servers that needs to be secured. One of the challenges for IT experts is learning how to use new products in a time-efficient manner, so that new implementations can go quickly and smoothly. Learning how to set up sophisticated products is time-consuming, and can be confusing. GFI's LANguard Network Security Scanner reports vulnerabilities so that they can be mitigated before unauthorized intruders can wreck havoc on your network. To take advantage of the best things that GFI's LANguard Networ

  7. Assessing the Risk Situation of Network Security for Active Defense

    Institute of Scientific and Technical Information of China (English)

    ZHANG Xiang; YAO Shuping; TANG Chenghua

    2006-01-01

    The risk situation assessment and forecast technique of network security is a basic method of active defense techniques. In order to assess the risk of network security two methods were used to define the index of risk and forecast index in time series, they were analytical hierarchy process (AHP) and support vector regression (SVR). The module framework applied the methods above was also discussed. Experiment results showed the forecast values were so close to actual values and so it proved the approach is correct.

  8. Quantum Secure Direct Communication Network with Two-Step Protocol

    Institute of Scientific and Technical Information of China (English)

    LI Xi-Han; ZHOU Ping; LIANG Yu-Jie; LI Chun-Yan; ZHOU Hong-Yu; DENG Fu-Guo

    2006-01-01

    @@ An efficient quantum secure direct communication network protocol with the two-step scheme is proposed by using the Einstein-Podolsky-Rosen (EPR) pair block as the quantum information carrier. The server, say Alice,prepares and measures the EPR pairs in the quantum communication and the users perform the four local unitary operations to encode their message. Anyone of the legitimate users can communicate another one on the network securely. Since almost all of the instances in this scheme are useful and each EPR pair can carry two bits of information, the efficiency for qubits and the source capacity both approach the maximal values.

  9. AUTOMATED POLICY COMPLIANCE AND CHANGE DETECTION MANAGED SERVICE IN DATA NETWORKS

    Directory of Open Access Journals (Sweden)

    Saeed M. Agbariah

    2013-11-01

    Full Text Available As networks continue to grow in size, speed and complexity, as well as in the diversification of their services, they require many ad-hoc configuration changes. Such changes may lead to potential configuration errors, policy violations, inefficiencies, and vulnerable states. The current Network Management landscape is in a dire need for an automated process to prioritize and manage risk, audit configurations against internal policies or external best practices, and provide centralize reporting for monitoring and regulatory purposes in real time. This paper defines a framework for automated configuration process with a policy compliance and change detection system, which performs automatic and intelligent network configuration audits by using pre-defined configuration templates and library of rules that encompass industry standards for various routing and security related guidelines.System administrators and change initiators will have a real time feedback if any of their configuration changes violate any of the policies set for any given device.

  10. Certificate Based Security Services in Adhoc Sensor Network

    Directory of Open Access Journals (Sweden)

    Shahin Fatima

    2014-10-01

    Full Text Available The paper entitled “CERTIFICATE BASED SECURITY SERVICES IN ADHOC SENSOR NETWORK” proposed an approach in which the aim is to find the method for authentication which is more energy efficient and reduces the transmission time of the network. MANETs are of dynamic topology and have no predefined infrastructure. Due to its dynamic topology this network is prone to various kinds of vulnerable attacks. Sensor networks are battery operated and is a major concern. Methods on ID based Authentication consumes more network bandwidth and increases the computation and transmission time of the network. So for better operation, authentication must be the major factor of concern. In this paper a method for authentication in adhoc sensor network is proposed which is based on certificate based security services. Here we will make use of X.509 certificate format. In this some modification is made to the certificate format such that the transmission time and energy consumption of the network is reduced. Our proposed model will provide authentication among nodes and security in MANET. The proposed work is implemented in MATLAB and the result will show the effectiveness of proposed certificate in MANET. The objective of certificate based authentication is to ensure that messages can be read by authorized person only. It also overcomes the non repudiation attacks thereby minimizing the computation and shows how energy varies by making changes in certificate of node.

  11. Designing, Capturing and Validating History-Sensitive Security Policies for Distributed Systems

    DEFF Research Database (Denmark)

    Hernandez, Alejandro Mario; Nielson, Flemming; Nielson, Hanne Riis

    2011-01-01

    We consider the use of Aspect-oriented techniques as a flexible way to deal with security policies in distributed systems. We follow the approach of attaching security policies to the relevant locations that must be governed by them, and then combining them at runtime according to the interaction...

  12. Expanding Protection Motivation Theory: The Role of Individual Experience in Information Security Policy Compliance

    Science.gov (United States)

    Mutchler, Leigh Ann

    2012-01-01

    The purpose of the present study is to make contributions to the area of behavioral information security in the field of Information Systems and to assist in the improved development of Information Security Policy instructional programs to increase the policy compliance of individuals. The role of an individual's experience in the context of…

  13. Expanding Protection Motivation Theory: The Role of Individual Experience in Information Security Policy Compliance

    Science.gov (United States)

    Mutchler, Leigh Ann

    2012-01-01

    The purpose of the present study is to make contributions to the area of behavioral information security in the field of Information Systems and to assist in the improved development of Information Security Policy instructional programs to increase the policy compliance of individuals. The role of an individual's experience in the context of…

  14. Motives for European Union Common Security and Defense Policy Mission Selection

    Science.gov (United States)

    2011-03-01

    ABBREVIATIONS CDU Christian Democratic Union CFSP Common Foreign and Security Policy CSDP Common Security and Defense Policy DRC Democratic Republic of...rightist party, the Christian Democratic Union ( CDU ), was for it. In France the Union for the Popular Movement (UMP), closely aligned with the former

  15. Security in Wireless Sensor Networks: Key Management Module in SOOAWSN

    Directory of Open Access Journals (Sweden)

    Mohammed A. Abuhelaleh

    2010-10-01

    Full Text Available Due to high restrictions in wireless sensor networks, where the resources are limited, clustering protocolsfor routing organization have been proposed in much research for increasing system throughput,decreasing system delay and saving energy. Even these algorithms have proposed some levels of security,but because of their dynamic nature of communication, most of their security solutions are not suitable. Inthis paper we focus on how to achieve the highest possible level of security by applying new keymanagement technique that can be used during wireless sensor networks communications. For ourproposal to be more effective and applicable to a large number of wireless sensor networks applications,we work on a special kind of architecture that have been proposed to cluster hierarchy of wireless sensornetworks and we pick one of the most interesting protocols that have been proposed for this kind ofarchitecture, which is LEACH. This proposal is a module of a complete solution that we are developing tocover all the aspects of wireless sensor networks communication which is labeled Secure Object OrientedArchitecture for Wireless Sensor Networks (SOOAWSN .

  16. Efficient and Secure Single Sign on Mechanism for Distributed Network

    Directory of Open Access Journals (Sweden)

    Madhavi A. Indalkar

    2014-07-01

    Full Text Available Distributed network act as core part to access the various services which are available in the network. But the security related to distributed network is main concern. In this paper single sign-on SSO mechanism is introduced which gives access to all services by allowing to sign on only once by users. In this mechanism once user logs in to the Trusted Authority Center TAC then application or services which are register to trusted center will automatically verifies the user’s credentials details and these credentials like password or digital signature will be only one for all applications or services. Unlike all other previous mechanisms where in, if user wants to have access multiple services then for every service distinct user credentials (username, password must be required. SSO act as single authentication window to user for admittance multiple service providers in networks. Previously introduced technique based SSO technology proved to be secure over well-designed SSO system, but fails to provide security during communication. So here emphasis is given on authentication as open problem and on to refining the already proposed SSO process. And to do this along with RSA algorithm which was used in previous SSO process, we will be using MAC algorithm, which is intended to provide secured pathway for communication over distributed network.TAC i.e. Trusted Authority Center is used for sending token integrated with private and shared public key to user. Keywords -

  17. Policy Creation Model for Policy-Based Management in Telecommunications Networks

    CERN Document Server

    Astudillo, Carlos A; Calderón, Oscar J

    2011-01-01

    Policy-based management (PBM) is being used as technological solution on the managing and controlling complex networks and systems. One of the most important issues involved in the life-cycle of PBM is the policies creation because the future decisions made by the management system depend on this, and therefore, the network behavior. In this paper we present a novel model for creating management policies in telecommunications networks. We propose a model which includes a Policy Creation Process, Actors, Policy Abstraction Levels and a Procedure for Creating Policies. An implementation of the proposed model over the Technology Division at University of Cauca is included.

  18. Robust Networking Architecture and Secure Communication Scheme for Heterogeneous Wireless Sensor Networks

    Science.gov (United States)

    McNeal, McKenzie, III.

    2012-01-01

    Current networking architectures and communication protocols used for Wireless Sensor Networks (WSNs) have been designed to be energy efficient, low latency, and long network lifetime. One major issue that must be addressed is the security in data communication. Due to the limited capabilities of low cost and small sized sensor nodes, designing…

  19. Robust Networking Architecture and Secure Communication Scheme for Heterogeneous Wireless Sensor Networks

    Science.gov (United States)

    McNeal, McKenzie, III.

    2012-01-01

    Current networking architectures and communication protocols used for Wireless Sensor Networks (WSNs) have been designed to be energy efficient, low latency, and long network lifetime. One major issue that must be addressed is the security in data communication. Due to the limited capabilities of low cost and small sized sensor nodes, designing…

  20. Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

    Science.gov (United States)

    Gilliam, D. P.; Powell, J. D.

    2002-01-01

    This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

  1. Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

    Science.gov (United States)

    Gilliam, D. P.; Powell, J. D.

    2002-01-01

    This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

  2. Using Mobile Agents and Overlay Networks to Secure Electrical Netoworks

    Energy Technology Data Exchange (ETDEWEB)

    Dawes, Neal A.; Prosser, Bryan J.; Fulp, Errin W.; McKinnon, Archibald D.

    2013-04-01

    ABSTRACT The use of wandering, mobile agents can provide a robust approach for managing, monitoring, and securing electrical distribution networks. However, the topological structure of electrical networks can affect system performance. For example, if the multi-agent system relies on a regular inspection rate (on average, points of interest are inspected with equal frequency), then locations that are not well connected will on average be inspected less frequently. This paper discusses creation and use of overlay networks that create a virtual grid graph can provide faster coverage and a more uniform average agent sampling rate. Using overlays agents wander a virtual neighborhood consisting of only points of interest that are interconnected in a regular fashion (each point has the same number of neighbors). Experimental results will show that an overlay can often provide better network coverage and a more uniform inspection rate, which can improve cyber security by providing a faster detection of threats

  3. REDD+ policy networks: exploring actors and power structures in an emerging policy domain

    Directory of Open Access Journals (Sweden)

    Maria Brockhaus

    2014-12-01

    Full Text Available Policy making is often neither rational nor solution-oriented, but driven by negotiations of interests of multiple actors that increasingly tend to take place in policy networks. Such policy networks integrate societal actors beyond the state, which all aim, to different degrees, at influencing ongoing policy processes and outcomes. Reducing Emissions from Deforestation and Forest Degradation (REDD+ can be considered as such an emerging policy domain, in which actors cooperate and conflict in network structures, build coalitions and try to control information and finance flows relevant for REDD+ decision making. This special feature is the result of an extensive comparative research effort to investigate national level REDD+ policy processes and emerging policy networks. This unique collection of seven country cases and a comparative study provides evidence on how power, coalitions, and different interactions among actors in policy networks enable the transformational change required for an effective, efficient, and equitable national REDD+ design. However, as we will see in most of the cases, where the dominant coalitions fail to tackle the drivers of deforestation and forest degradation, they also hinder such major policy reforms required for REDD+. The aim of this editorial serves four purposes: first, we provide an argument about "why" policy network analysis is highly relevant to the study of REDD+ policy processes; second, we explain "how" policy network analysis is used in this special feature to investigate policy processes in this domain; and third, we explore the "so what?" or how a policy network lens helps us understand the political opportunities and challenges for REDD+. Finally, we provide an outlook for the relevance and future research design of policy network analysis when applied to REDD+ and to policy network structures more broadly.

  4. Indirect effect of management support on users' compliance behaviour towards information security policies.

    Science.gov (United States)

    Humaidi, Norshima; Balakrishnan, Vimala

    2017-01-01

    Health information systems are innovative products designed to improve the delivery of effective healthcare, but they are also vulnerable to breaches of information security, including unauthorised access, use, disclosure, disruption, modification or destruction, and duplication of passwords. Greater openness and multi-connectedness between heterogeneous stakeholders within health networks increase the security risk. The focus of this research was on the indirect effects of management support (MS) on user compliance behaviour (UCB) towards information security policies (ISPs) among health professionals in selected Malaysian public hospitals. The aim was to identify significant factors and provide a clearer understanding of the nature of compliance behaviour in the health sector environment. Using a survey design and stratified random sampling method, self-administered questionnaires were distributed to 454 healthcare professionals in three hospitals. Drawing on theories of planned behaviour, perceived behavioural control (self-efficacy (SE) and MS components) and the trust factor, an information system security policies compliance model was developed to test three related constructs (MS, SE and perceived trust (PT)) and their relationship to UCB towards ISPs. Results showed a 52.8% variation in UCB through significant factors. Partial least squares structural equation modelling demonstrated that all factors were significant and that MS had an indirect effect on UCB through both PT and SE among respondents to this study. The research model based on the theory of planned behaviour in combination with other human and organisational factors has made a useful contribution towards explaining compliance behaviour in relation to organisational ISPs, with trust being the most significant factor. In adopting a multidimensional approach to management-user interactions via multidisciplinary concepts and theories to evaluate the association between the integrated management

  5. Iceland and the EU's Foreign, Security and Defense Policy. EU Goals, Icelandic History and Traditions

    OpenAIRE

    Eva Þóra Karlsdóttir 1987

    2011-01-01

    The aim of this thesis is to study how well the EU’s foreign, security and defense policies coincide with Iceland’s foreign policies, particularly in regards to Iceland’s history and traditions. For this purpose, main aspects of Iceland’s foreign policy history are studied, in particular the background to Iceland’s decision to join NATO. Four aspects of the EU’s Common Foreign and Security Policy (CFSP) are then used as case-studies, along with three aspects of the EU’s Common Security and De...

  6. Security and Privacy Challenges in Cognitive Wireless Sensor Networks

    OpenAIRE

    Sen, Jaydip

    2013-01-01

    Wireless sensor networks (WSNs) have attracted a lot of interest in the research community due to their potential applicability in a wide range of real-world practical applications. However, due to the distributed nature and their deployments in critical applications without human interventions and sensitivity and criticality of data communicated, these networks are vulnerable to numerous security and privacy threats that can adversely affect their performance. These issues become even more c...

  7. Application of mobile scanning agent in the network security

    Institute of Scientific and Technical Information of China (English)

    闵君; 冯珊; 唐超; 梅纲

    2004-01-01

    To enhance the security of network systems, puts forward a kind of software agent is put forward, which has the induction ability of network frameworks and the ability of behavior independence. It is mobile scanning agent. More attentions is paid to expound how to design and realize mobile scanning agent. Besides, it is also explained the programs of mobile scanning agent system. In the end, it expects mobile scanning agent.

  8. Taiwan's Information Security Policy Enhancement: an Analysis of Patent Indicators and Patent Documents

    Science.gov (United States)

    Hsu, Nai-Wen; Liang-Shiuan, Jr.; Chen, Yi-Chang

    2007-12-01

    Information security policy in Taiwan stems the gap between expectation and reality. For this, the paper presents an analysis of patent indicators and patent document attempt to conclude the overview of the information security technology development. The paper also identifies the leading countries and cutting-edge areas with potential trends. Finally, several practicable and valuable strategies after this work are generalized to achieve the goals of Taiwan information security policy.

  9. SEADE: Countering the Futility of Network Security

    Science.gov (United States)

    2015-10-01

    USAFR We cannot solve our problems with the same thinking we used when we created them. —Albert Einstein Today’s media is flooded with stories of...adversaries will appear via concentrated denial-of-service attacks as was once the case. Rather, we would be well advised to conclude that such... Mexico ) is the acting chief, Air Force Enterprise Architecture Division, Cyberspace Strategy and Policy Directorate, Secretary of the Air Force

  10. A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks

    Directory of Open Access Journals (Sweden)

    Shibo Luo

    2015-12-01

    Full Text Available Software-Defined Networking-based Mobile Networks (SDN-MNs are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism.

  11. A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks.

    Science.gov (United States)

    Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

    2015-12-17

    Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism.

  12. Policy gaps and technological deficiencies in social networking environments: Implications for information sharing

    Directory of Open Access Journals (Sweden)

    Stephen M. Mutula

    2013-02-01

    Full Text Available Background: With the growing adoption and acceptance of social networking, there are increased concerns about the violation of the users’ legitimate rights such as privacy, confidentiality, trust, security, safety, content ownership, content accuracy, integrity, access and accessibility to computer and digital networks amongst others.Objectives: The study sought to investigate the following research objectives to: (1 describe the types of social networks, (2 examine global penetration of the social networks, (3 outline the users’ legitimate rights that must be protected in the social networking sites (SNS, (4 determine the methods employed by SNS to protect the users’ legitimate rights and (5 identify the policy gaps and technological deficiencies in the protection of the users’ legitimate rights in the SNS.Method: A literature survey and content analysis of the SNS user policies were used to address objective four and objective five respectively.Results: The most actively used sites were Facebook and Twitter. Asian markets were leading in participation and in creating content than any other region. Business, education, politics and governance sectors were actively using social networking sites. Social networking sites relied upon user trust and internet security features which however, were inefficient and inadequate.Conclusion: Whilst SNS were impacting people of varying ages and of various professional persuasions, there were increased concerns about the violation and infringement of the users’ legitimate rights. Reliance on user trust and technological security features SNS to protect the users’ legitimate rights seemed ineffectual and inadequate.

  13. Policy gaps and technological deficiencies in social networking environments: Implications for information sharing

    Directory of Open Access Journals (Sweden)

    Stephen M. Mutula

    2013-06-01

    Full Text Available Background: With the growing adoption and acceptance of social networking, there are increased concerns about the violation of the users’ legitimate rights such as privacy, confidentiality, trust, security, safety, content ownership, content accuracy, integrity, access and accessibility to computer and digital networks amongst others.Objectives: The study sought to investigate the following research objectives to: (1 describe the types of social networks, (2 examine global penetration of the social networks, (3 outline the users’ legitimate rights that must be protected in the social networking sites (SNS, (4 determine the methods employed by SNS to protect the users’ legitimate rights and (5 identify the policy gaps and technological deficiencies in the protection of the users’ legitimate rights in the SNS.Method: A literature survey and content analysis of the SNS user policies were used to address objective four and objective five respectively.Results: The most actively used sites were Facebook and Twitter. Asian markets were leading in participation and in creating content than any other region. Business, education, politics and governance sectors were actively using social networking sites. Social networking sites relied upon user trust and internet security features which however, were inefficient and inadequate.Conclusion: Whilst SNS were impacting people of varying ages and of various professional persuasions, there were increased concerns about the violation and infringement of the users’ legitimate rights. Reliance on user trust and technological security features SNS to protect the users’ legitimate rights seemed ineffectual and inadequate.

  14. A security architecture for personal networks

    NARCIS (Netherlands)

    Jehangir, Assed

    2009-01-01

    The proliferation of personal mobile computing devices such as laptops and mo- bile phones, as well as wearable computing devices such as belt computers, digital bracelets and bio-medical sensors has created an opportunity to create a wireless network to share information and resources amongst perso

  15. Threats and countermeasures for network security

    Science.gov (United States)

    Denning, Peter J.

    1991-01-01

    In the late 1980's, the traditional threat of anonymous break-ins to networked computers was joined by viruses and worms, multiplicative surrogates that carry out the bidding of their authors. Technologies for authentication and secrecy, supplemented by good management practices, are the principal countermeasures. Four articles on these subjects are presented.

  16. A secure network access system for mobile IPv6

    Science.gov (United States)

    Zhang, Hong; Yuan, Man; He, Rui; Jiang, Luliang; Ma, Jian; Qian, Hualin

    2004-03-01

    With the fast development of Internet and wireless and mobile communication technology, the Mobile Internet Age is upcoming. For those providing Mobile Internet services, especially from the view of ISP (Internet Service Provider), current mobile IP protocol is insufficient. Since the Mobile IPv6 protocol will be popular in near future, how to provide a secure mobile IPv6 service is important. A secure mobile IPv6 network access system is highly needed for mobile IPv6 deployment. Current methods and systems are still inadequate, including EAP, PANA, 802.1X, RADIUS, Diameter, etc. In this paper, we describe main security goals for a secure mobile IPv6 access system, and propose a secure network access system to achieve them. This access system consists of access router, attendant and authentication servers. The access procedure is divided into three phases, which are initial phase, authentication and registration phase and termination phase. This system has many advantages, including layer two independent, flexible and extensible, no need to modify current IPv6 address autoconfiguration protocols, binding update optimization, etc. Finally, the security of the protocol in this system is analyzed and proved with Extended BAN logic method, and a brief introduction of system implementation is given.

  17. Security Evaluation of Power Network Information System Based on Analytic Network Process

    Directory of Open Access Journals (Sweden)

    Jianchang Lu

    2013-04-01

    Full Text Available After the building of the power network, many enterprises are faced with a potential information security issue, the unstable factors threaten to the normal operation of the network information system, which is caused by the computer network defects. Aiming at this point, potential security dangers of power network information system were analyzed. Then an index system based on the security evaluation of power network information systems was established. Applying the analytic network process to get the weights of each index, the evaluation process can be accessed by fuzzy comprehensive evaluation method. The weights of each index are decided by ANP, which can remedy the defects of analytic hierarchy process that the interaction among indexes cannot be reflected. Example analysis is performed by the Super Decisions software to verify feasibility and effectiveness of the proposed evaluation model mentioned in the paper.

  18. Design and implementation of a high performance network security processor

    Science.gov (United States)

    Wang, Haixin; Bai, Guoqiang; Chen, Hongyi

    2010-03-01

    The last few years have seen many significant progresses in the field of application-specific processors. One example is network security processors (NSPs) that perform various cryptographic operations specified by network security protocols and help to offload the computation intensive burdens from network processors (NPs). This article presents a high performance NSP system architecture implementation intended for both internet protocol security (IPSec) and secure socket layer (SSL) protocol acceleration, which are widely employed in virtual private network (VPN) and e-commerce applications. The efficient dual one-way pipelined data transfer skeleton and optimised integration scheme of the heterogenous parallel crypto engine arrays lead to a Gbps rate NSP, which is programmable with domain specific descriptor-based instructions. The descriptor-based control flow fragments large data packets and distributes them to the crypto engine arrays, which fully utilises the parallel computation resources and improves the overall system data throughput. A prototyping platform for this NSP design is implemented with a Xilinx XC3S5000 based FPGA chip set. Results show that the design gives a peak throughput for the IPSec ESP tunnel mode of 2.85 Gbps with over 2100 full SSL handshakes per second at a clock rate of 95 MHz.

  19. Applying Real Options Thinking to Information Security in Networked Organizations

    NARCIS (Netherlands)

    Daneva, M.

    2006-01-01

    An information security strategy of an organization participating in a networked business sets out the plans for designing a variety of actions that ensure confidentiality, availability, and integrity of company’s key information assets. The actions are concerned with authentication and nonrepudiati

  20. Security properties in an open peer-to-peer network

    CERN Document Server

    Lalande, Jean-Francois; Toinard, Christian

    2010-01-01

    This paper proposes to address new requirements of confidentiality, integrity and availability properties fitting to peer-to-peer domains of resources. The enforcement of security properties in an open peer-topeer network remains an open problem as the literature have mainly proposed contribution on availability of resources and anonymity of users. That paper proposes a novel architecture that eases the administration of a peer-to-peer network. It considers a network of safe peer-to-peer clients in the sense that it is a commune client software that is shared by all the participants to cope with the sharing of various resources associated with different security requirements. However, our proposal deals with possible malicious peers that attempt to compromise the requested security properties. Despite the safety of an open peer-to-peer network cannot be formally guaranteed, since a end user has privileges on the target host, our solution provides several advanced security enforcement. First, it enables to for...

  1. Security in Wireless Sensor Networks Employing MACGSP6

    Science.gov (United States)

    Nitipaichit, Yuttasart

    2010-01-01

    Wireless Sensor Networks (WSNs) have unique characteristics which constrain them; including small energy stores, limited computation, and short range communication capability. Most traditional security algorithms use cryptographic primitives such as Public-key cryptography and are not optimized for energy usage. Employing these algorithms for the…

  2. Actor Network Procedures as Psi-calculi for Security Ceremonies

    Directory of Open Access Journals (Sweden)

    Cristian Prisacariu

    2014-04-01

    Full Text Available The actor network procedures of Pavlovic and Meadows are a recent graphical formalism developed for describing security ceremonies and for reasoning about their security properties. The present work studies the relations of the actor network procedures (ANP to the recent psi-calculi framework. Psi-calculi is a parametric formalism where calculi like spi- or applied-pi are found as instances. Psi-calculi are operational and largely non-graphical, but have strong foundation based on the theory of nominal sets and process algebras. One purpose of the present work is to give a semantics to ANP through psi-calculi. Another aim was to give a graphical language for a psi-calculus instance for security ceremonies. At the same time, this work provides more insight into the details of the ANPs formalization and the graphical representation.

  3. An Energy-Efficient Secure Scheme in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Kyoungsoo Bok

    2016-01-01

    Full Text Available We propose an energy-efficient security scheme in wireless sensor networks. The proposed scheme converts sensing data using TinyMD5, which is a variation of MD5, a one-way hash function, and can solve the collision problem of hash value that occurs when MD5 is modified. In addition, it strengthens security capabilities by transmitting data through multiple paths after conversion with TinyMD5 and divides the data to make decryption of the original data difficult. To show the superiority of the proposed algorithm, we compare it with the existing schemes through simulations. The performance evaluation results show that the proposed scheme maintains security better than the existing scheme, improving the communication cost and the network lifetime.

  4. Connectivity in Secure Wireless Sensor Networks under Transmission Constraints

    CERN Document Server

    Zhao, Jun; Gligor, Virgil

    2015-01-01

    In wireless sensor networks (WSNs), the Eschenauer-Gligor (EG) key pre-distribution scheme is a widely recognized way to secure communications. Although connectivity properties of secure WSNs with the EG scheme have been extensively investigated, few results address physical transmission constraints. These constraints reflect real-world implementations of WSNs in which two sensors have to be within a certain distance from each other to communicate. In this paper, we present zero-one laws for connectivity in WSNs employing the EG scheme under transmission constraints. These laws help specify the critical transmission ranges for connectivity. Our analytical findings are confirmed via numerical experiments. In addition to secure WSNs, our theoretical results are also applied to frequency hopping in wireless networks.

  5. A Framework for Security Analysis of Mobile Wireless Networks

    DEFF Research Database (Denmark)

    Nanz, Sebastian; Hankin, Chris

    2006-01-01

    We present a framework for specification and security analysis of communication protocols for mobile wireless networks. This setting introduces new challenges which are not being addressed by classical protocol analysis techniques. The main complication stems from the fact that the actions...... processes and the network's connectivity graph, which may change independently from protocol actions. We identify a property characterising an important aspect of security in this setting and express it using behavioural equivalences of the calculus. We complement this approach with a control flow analysis...... of intermediate nodes and their connectivity can no longer be abstracted into a single unstructured adversarial environment as they form an inherent part of the system's security. In order to model this scenario faithfully, we present a broadcast calculus which makes a clear distinction between the protocol...

  6. 支持动态策略的安全核(Security Kernel)机制的研究%Research of Security Kernel Mechanism Supporting Dynamical Policies

    Institute of Scientific and Technical Information of China (English)

    吴新勇; 熊光泽

    2002-01-01

    Security of information system requires a secure operation system. Security kernel meets the requirement and provides a bedrock to security of operation system. This paper extracts the deficiency of traditional security kernel, presents a security kernel mechanism supporting policy flexibility, simplified secure interface. It optimizes the performance by reused policy cache, provids a method to revoke granted permissions and assures the atomicity of revocation permissions and granting new permissions. As a result, all refinements help security kernel to improve its flexibility, extensibility and portability.

  7. Research of Network Security Situational Assessment Quantization Based on Mobile Agent

    Science.gov (United States)

    Xiaorong, Cheng; Su, Lang; Mingxuan, Li

    As the security situational assessment widely applying to the computer network field, scholars have designed and implemented a large number of network security situational assessment methods. However, most works are based on local area network and single host, which is hardly to meet the demand of large-scale network security assessment. In this paper, we based on quantitative hierarchical network security situational assessment model, introduced the mobile agent technology, designed the distributed computing for large-scale network and evaluated the whole network security situation for future prediction.

  8. Multi-level security for computer networking: SAC digital network approach

    Energy Technology Data Exchange (ETDEWEB)

    Griess, W.; Poutre, D.L.

    1983-10-01

    For telecommunications systems simultaneously handling data of different security levels, multilevel secure (MLS) operation permits maximum use of resources by automatically providing protection to users with various clearances and needs-to-know. The strategic air command (SAC) is upgrading the primary record data system used to command and control its strategic forces. The upgrade, called the SAC Digital Network (SACDIN), is designed to provide multilevel security to support users and external interfaces, with allowed accesses ranging from unclassified to top secret. SACDIN implements a security kernel based upon the Bell and Lapadula security model. This study presents an overview of the SACDIN security architecture and describes the basic message flow across the MLS network. 7 references.

  9. Secure Localization and Tracking in Sensor Networks

    Science.gov (United States)

    2008-01-01

    To my parents, Yurng-Der Chang and Shiu-Mei Lee iii Biography Chih-Chieh Geoff Chang was born and raised in a beautiful resort town, Hualien, Taiwan...manufacturing and application needs. Currently, companies like Arch Rock, Crossbow, Dust Networks, Millennial Net, and Moteiv offer various types of sensor...activate one sensor node to make the measurement. This is the beauty of target tracking algorithms. Armed with the known models in (3.1) and (3.2), and

  10. Secure Data Sharing with ABE in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Dayananda RB

    2015-10-01

    Full Text Available  This research paper addresses the issue of secure data sharing for distributed data storage in Wireless Sensor Networks (WSNs. In WSNs, storing data at local sensor nodes or at designated in-network nodes greatly saves the network-wide communication load and has a lot of benefits such as energy-efficiency. However, unattended wireless sensor nodes are very likely subject to strong attacks such as physical compromise. In this sense a storage node in WSNs can be viewed as an untrusted storage since the owner of the WSN may have concerns on data security in mission-critical applications if data are stored without proper protection. A secure data storage and retrieval scheme is required for distributed data storage in WSNs. When previous works focus on data confidentiality and integrity protection or communication security, the issue of fine-grained data access control in WSNs is seldom addressed. In this chapter we address this issue and provides a cryptographic-based access control mechanism with ABE. The main challenge in this work is to make the expensive ABE operations affordable to resource-constrained sensor nodes. We resolve this issue by dividing the lifetime of sensor nodes into phases and then distribute the underlying mathematical operations in ABE over these phases. To minimize the communication and computation load on sensor nodes in case of user revocation, we revise an existing ABE scheme and makes the user revocation complexity on sensor nodes constant. Formal security proof and experimental results shows that our proposed solution is provably secure and affordable to real sensor nodes. To the best of our knowledge, our work is de facto the first that provides a secure mechanism for distributed fine-grained data access control in WSNs.

  11. Security technologies and protocols for Asynchronous Transfer Mode networks

    Energy Technology Data Exchange (ETDEWEB)

    Tarman, T.D.

    1996-06-01

    Asynchronous Transfer Mode (ATM) is a new data communications technology that promises to integrate voice, video, and data traffic into a common network infrastructure. In order to fully utilize ATM`s ability to transfer real-time data at high rates, applications will start to access the ATM layer directly. As a result of this trend, security mechanisms at the ATM layer will be required. A number of research programs are currently in progress which seek to better understand the unique issues associated with ATM security. This paper describes some of these issues, and the approaches taken by various organizations in the design of ATM layer security mechanisms. Efforts within the ATM Forum to address the user communities need for ATM security are also described.

  12. Secure passive optical network based on chaos synchronization.

    Science.gov (United States)

    Jiang, Ning; Zhang, Chongfu; Qiu, Kun

    2012-11-01

    A physical-enhanced secure passive optical network (PON) based on chaos synchronization is proposed and numerically demonstrated. In this scheme, the chaotic output of an external-cavity semiconductor laser is used as the transmission carrier in both downstream and upstream directions, the chaos modulation technology is used to encrypt the downstream data, and the multiplexed subcarrier-modulation technology is adopted for the upstream transmission. Simulation results demonstrate that both the downstream data and the upstream data encrypted into the chaotic carriers can be successfully decrypted; moreover, the security of downstream can be enhanced by properly increasing the bit rate, and the upstream security can be maintained at a high level. The proposed PON affords secure all-optical access at the physical layer.

  13. Secure Tracking in Sensor Networks using Adaptive Extended Kalman Filter

    CERN Document Server

    Fard, Ali P

    2012-01-01

    Location information of sensor nodes has become an essential part of many applications in Wireless Sensor Networks (WSN). The importance of location estimation and object tracking has made them the target of many security attacks. Various methods have tried to provide location information with high accuracy, while lots of them have neglected the fact that WSNs may be deployed in hostile environments. In this paper, we address the problem of securely tracking a Mobile Node (MN) which has been noticed very little previously. A novel secure tracking algorithm is proposed based on Extended Kalman Filter (EKF) that is capable of tracking a Mobile Node (MN) with high resolution in the presence of compromised or colluding malicious beacon nodes. It filters out and identifies the malicious beacon data in the process of tracking. The proposed method considerably outperforms the previously proposed secure algorithms in terms of either detection rate or MSE. The experimental data based on different settings for the netw...

  14. Secure Group Formation Protocol for a Medical Sensor Network Prototype

    DEFF Research Database (Denmark)

    Andersen, Jacob

    2009-01-01

    Designing security mechanisms such as privacy and access control for medical sensor networks is a challenging task; as such systems may be operated very frequently, at a quick pace, and at times in emergency situations. Understandably, clinicians hold extra unproductive tasks in low regard......, and experience from user workshops and observations of clinicians at work on a hospital ward show that if the security mechanisms are not well designed, the technology is either rejected altogether, or they are circumvented leaving the system wide open to attacks. Our work targets the problem of designing...... wireless sensors to be both secure and usable by exploring different solutions on a fully functional prototype platform. In this paper, we present an Elliptic Curve Cryptography (ECC) based protocol, which offers fully secure sensor set-up in a few seconds on standard (Telos) hardware. We evaluate...

  15. Quality of service policy control in virtual private networks

    Science.gov (United States)

    Yu, Yiqing; Wang, Hongbin; Zhou, Zhi; Zhou, Dongru

    2004-04-01

    This paper studies the QoS of VPN in an environment where the public network prices connection-oriented services based on source, destination and grade of service, and advertises these prices to its VPN customers (users). As different QoS technologies can produce different QoS, there are according different traffic classification rules and priority rules. The internet service provider (ISP) may need to build complex mechanisms separately for each node. In order to reduce the burden of network configuration, we need to design policy control technologies. We considers mainly directory server, policy server, policy manager and policy enforcers. Policy decision point (PDP) decide its control according to policy rules. In network, policy enforce point (PEP) decide its network controlled unit. For InterServ and DiffServ, we will adopt different policy control methods as following: (1) In InterServ, traffic uses resource reservation protocol (RSVP) to guarantee the network resource. (2) In DiffServ, policy server controls the DiffServ code points and per hop behavior (PHB), its PDP distributes information to each network node. Policy server will function as following: information searching; decision mechanism; decision delivering; auto-configuration. In order to prove the effectiveness of QoS policy control, we make the corrective simulation.

  16. A Framework for Secure Data Delivery in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Leonidas PERLEPES

    2012-03-01

    Full Text Available Typical sensor nodes are resource constrained devices containing user level applications, operating system components, and device drivers in a single address space, with no form of memory protection. A malicious user could easily capture a node and tamper the applications running on it, in order to perform different types of attacks. In this paper, we propose a 3-layer Security Framework composed by physical security schemes, cryptography of communication channels and live forensics protection techniques that allows for secure WSN deployments. Each of the abovementioned techniques maximizes the security levels leading to a tamper proof sensor node. By applying the proposed security framework, secure communication between nodes is guaranteed, identified captured nodes are silenced and their destructive effect on the rest of the network infrastructure is minimized due to the early measures applied. Our main concern is to propose a framework that balances its attributes between robustness, as long as security is concerned and cost effective implementation as far as resources (energy consumption are concerned.

  17. Security Attacks and its Countermeasures in Wireless Sensor Networks

    Directory of Open Access Journals (Sweden)

    Rajkumar,

    2014-10-01

    Full Text Available Wireless Sensor Networks have come to the forefront of the scientific community recently. Present WSNs typically communicate directly with a centralized controller or satellite. Going on the other hand, a smart WSN consists of a number of sensors spread across a geographical area; each sensor has wireless communication ability and sufficient intelligence for signal processing and networking of the data. This paper surveyed the different types of attacks, security related issues, and it’s Countermeasures with the complete comparison between Layer based Attacks in Wireless Sensor Network.

  18. Secure energy efficient routing protocol for wireless sensor network

    Directory of Open Access Journals (Sweden)

    Das Ayan Kumar

    2016-03-01

    Full Text Available The ease of deployment of economic sensor networks has always been a boon to disaster management applications. However, their vulnerability to a number of security threats makes communication a challenging task. This paper proposes a new routing technique to prevent from both external threats and internal threats like hello flooding, eavesdropping and wormhole attack. In this approach one way hash chain is used to reduce the energy drainage. Level based event driven clustering also helps to save energy. The simulation results show that the proposed scheme extends network lifetime even when the cluster based wireless sensor network is under attack.

  19. AN IMMUNITY-BASED SECURITY ARCHITECTURE FOR MOBILE AD HOC NETWORKS

    Institute of Scientific and Technical Information of China (English)

    2006-01-01

    This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in mobile ad hoc networks. In this approach, the immunity-based agents monitor the situation in the network. These agents can take appropriate actions according to the underlying security policies. Specifically, their activities are coordinated in a hierarchical fashion while sensing,communicating, decision and generating responses. Such an agent can learn and adapt to its environment dynamically and can detect both known and unknown intrusions. The proposed intrusion detection architecture is designed to be flexible, extendible, and adaptable that can perform real-time monitoring. This paper provides the conceptual view and a general framework of the proposed system. In the end, the architecture is illustrated by an example to show it can prevent the attack efficiently.

  20. Competition in the domain of wireless networks security

    Science.gov (United States)

    Bednarczyk, Mariusz

    2017-04-01

    Wireless networks are very popular and have found wide spread usage amongst various segments, also in military environment. The deployment of wireless infrastructures allow to reduce the time it takes to install and dismantle communications networks. With wireless, users are more mobile and can easily get access to the network resources all the time. However, wireless technologies like WiFi or Bluetooth have security issues that hackers have extensively exploited over the years. In the paper several serious security flaws in wireless technologies are presented. Most of them enable to get access to the internal networks and easily carry out man-in-the-middle attacks. Very often, they are used to launch massive denial of service attacks that target the physical infrastructure as well as the RF spectrum. For instance, there are well known instances of Bluetooth connection spoofing in order to steal WiFi password stored in the mobile device. To raise the security awareness and protect wireless networks against an adversary attack, an analysis of attack methods and tools over time is presented in the article. The particular attention is paid to the severity, possible targets as well as the ability to persist in the context of protective measures. Results show that an adversary can take complete control of the victims' mobile device features if the users forget to use simple safety principles.