Secure multi-party communication with quantum key distribution managed by trusted authority

Science.gov (United States)

Nordholt, Jane Elizabeth; Hughes, Richard John; Peterson, Charles Glen

2013-07-09

Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.

Secure multi-party communication with quantum key distribution managed by trusted authority

Science.gov (United States)

Hughes, Richard John; Nordholt, Jane Elizabeth; Peterson, Charles Glen

2017-06-14

Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.

Multi-party Semi-quantum Key Agreement with Delegating Quantum Computation

Science.gov (United States)

Liu, Wen-Jie; Chen, Zhen-Yu; Ji, Sai; Wang, Hai-Bin; Zhang, Jun

2017-10-01

A multi-party semi-quantum key agreement (SQKA) protocol based on delegating quantum computation (DQC) model is proposed by taking Bell states as quantum resources. In the proposed protocol, the participants only need the ability of accessing quantum channel and preparing single photons {|0〉, |1〉, |+〉, |-〉}, while the complicated quantum operations, such as the unitary operations and Bell measurement, will be delegated to the remote quantum center. Compared with previous quantum key agreement protocols, this client-server model is more feasible in the early days of the emergence of quantum computers. In order to prevent the attacks from outside eavesdroppers, inner participants and quantum center, two single photon sequences are randomly inserted into Bell states: the first sequence is used to perform the quantum channel detection, while the second is applied to disorder the positions of message qubits, which guarantees the security of the protocol.

Design and Analysis of a secure multi-party communication protocol

OpenAIRE

Herberth, Klaus

2016-01-01

In the past years digital communication became an important aspect in every day life. Everything is shared and discussed in groups of friends, family or business part- ners without a proper way to protect that information. This master thesis introduces the first secure robust multi-party communication protocol which mimics a physical conversation with the help of a Diffie-Hellman key tree and social behaviours. Robust- ness against offline group members is reached by taking advantage of trans...

Efficient secure two-party protocols

CERN Document Server

Hazay, Carmit

2010-01-01

The authors present a comprehensive study of efficient protocols and techniques for secure two-party computation -- both general constructions that can be used to securely compute any functionality, and protocols for specific problems of interest. The book focuses on techniques for constructing efficient protocols and proving them secure. In addition, the authors study different definitional paradigms and compare the efficiency of protocols achieved under these different definitions.The book opens with a general introduction to secure computation and then presents definitions of security for a

Computer-aided proofs for multiparty computation with active security

DEFF Research Database (Denmark)

Haagh, Helene; Karbyshev, Aleksandr; Oechsner, Sabine

2018-01-01

Secure multi-party computation (MPC) is a general cryptographic technique that allows distrusting parties to compute a function of their individual inputs, while only revealing the output of the function. It has found applications in areas such as auctioning, email filtering, and secure...... teleconference. Given its importance, it is crucial that the protocols are specified and implemented correctly. In the programming language community it has become good practice to use computer proof assistants to verify correctness proofs. In the field of cryptography, EasyCrypt is the state of the art proof...... public-key encryption, signatures, garbled circuits and differential privacy. Here we show for the first time that it can also be used to prove security of MPC against a malicious adversary. We formalize additive and replicated secret sharing schemes and apply them to Maurer's MPC protocol for secure...

Secured Communication for Business Process Outsourcing Using Optimized Arithmetic Cryptography Protocol Based on Virtual Parties

Science.gov (United States)

Pathak, Rohit; Joshi, Satyadhar

Within a span of over a decade, India has become one of the most favored destinations across the world for Business Process Outsourcing (BPO) operations. India has rapidly achieved the status of being the most preferred destination for BPO for companies located in the US and Europe. Security and privacy are the two major issues needed to be addressed by the Indian software industry to have an increased and long-term outsourcing contract from the US. Another important issue is about sharing employee’s information to ensure that data and vital information of an outsourcing company is secured and protected. To ensure that the confidentiality of a client’s information is maintained, BPOs need to implement some data security measures. In this paper, we propose a new protocol for specifically for BPO Secure Multi-Party Computation (SMC). As there are many computations and surveys which involve confidential data from many parties or organizations and the concerned data is property of the organization, preservation and security of this data is of prime importance for such type of computations. Although the computation requires data from all the parties, but none of the associated parties would want to reveal their data to the other parties. We have proposed a new efficient and scalable protocol to perform computation on encrypted information. The information is encrypted in a manner that it does not affect the result of the computation. It uses modifier tokens which are distributed among virtual parties, and finally used in the computation. The computation function uses the acquired data and modifier tokens to compute right result from the encrypted data. Thus without revealing the data, right result can be computed and privacy of the parties is maintained. We have given a probabilistic security analysis of hacking the protocol and shown how zero hacking security can be achieved. Also we have analyzed the specific case of Indian BPO.

Server-Aided Two-Party Computation with Simultaneous Corruption

DEFF Research Database (Denmark)

Cascudo Pueyo, Ignacio; Damgård, Ivan Bjerre; Ranellucci, Samuel

We consider secure two-party computation in the client-server model where there are two adversaries that operate separately but simultaneously, each of them corrupting one of the parties and a restricted subset of servers that they interact with. We model security via the local universal composab......We consider secure two-party computation in the client-server model where there are two adversaries that operate separately but simultaneously, each of them corrupting one of the parties and a restricted subset of servers that they interact with. We model security via the local universal...

A New Approach to Practical Active-Secure Two-Party Computation

DEFF Research Database (Denmark)

Nielsen, Jesper Buus; Nordholt, Peter Sebastian; Orlandi, Claudio

2012-01-01

We propose a new approach to practical two-party computation secure against an active adversary. All prior practical protocols were based on Yao’s garbled circuits. We use an OT-based approach and get efficiency via OT extension in the random oracle model. To get a practical protocol we introduce...... a number of novel techniques for relating the outputs and inputs of OTs in a larger construction....

Secure Multi-Player Protocols

DEFF Research Database (Denmark)

Fehr, Serge

While classically cryptography is concerned with the problem of private communication among two entities, say players, in modern cryptography multi-player protocols play an important role. And among these, it is probably fair to say that secret sharing, and its stronger version verifiable secret...... sharing (VSS), as well as multi-party computation (MPC) belong to the most appealing and/or useful ones. The former two are basic tools to achieve better robustness of cryptographic schemes against malfunction or misuse by “decentralizing” the security from one single to a whole group of individuals...... (captured by the term threshold cryptography). The latter allows—at least in principle—to execute any collaboration among a group of players in a secure way that guarantees the correctness of the outcome but simultaneously respects the privacy of the participants. In this work, we study three aspects...

Insecurity of quantum secure computations

Science.gov (United States)

Lo, Hoi-Kwong

1997-08-01

It had been widely claimed that quantum mechanics can protect private information during public decision in, for example, the so-called two-party secure computation. If this were the case, quantum smart-cards, storing confidential information accessible only to a proper reader, could prevent fake teller machines from learning the PIN (personal identification number) from the customers' input. Although such optimism has been challenged by the recent surprising discovery of the insecurity of the so-called quantum bit commitment, the security of quantum two-party computation itself remains unaddressed. Here I answer this question directly by showing that all one-sided two-party computations (which allow only one of the two parties to learn the result) are necessarily insecure. As corollaries to my results, quantum one-way oblivious password identification and the so-called quantum one-out-of-two oblivious transfer are impossible. I also construct a class of functions that cannot be computed securely in any two-sided two-party computation. Nevertheless, quantum cryptography remains useful in key distribution and can still provide partial security in ``quantum money'' proposed by Wiesner.

A New Approach to Practical Active-Secure Two-Party Computation

DEFF Research Database (Denmark)

Nielsen, Jesper Buus; Nordholt, Peter Sebastian; Orlandi, Claudio

2011-01-01

We propose a new approach to practical two-party computation secure against an active adversary. All prior practical protocols were based on Yao's garbled circuits. We use an OT-based approach and get efficiency via OT extension in the random oracle model. To get a practical protocol we introduce...... a number of novel techniques for relating the outputs and inputs of OTs in a larger construction. We also report on an implementation of this approach, that shows that our protocol is more efficient than any previous one: For big enough circuits, we can evaluate more than 20000 Boolean gates per second...

Sub-linear, Secure Comparison With Two Non-Colluding Parties

DEFF Research Database (Denmark)

Toft, Tomas

2011-01-01

The classic problem in the field of secure computation is Yao’s millionaires’ problem; we consider two new protocols solving a variation of this: a number of parties, P1, . . . , Pn, securely hold two - bit values, x and y – e.g. x and y could be encrypted or secret shared. They wish to obtain...... a bit stating whether x is greater than y using only secure arithmetic; this should be done without revealing any information, even the output should remain secret. The present setting is special in the sense that it is assumed that two specific parties, referred to as Alice and Bob, are non......-colluding. Though this assumption is not satisfied in general, it clearly is for the main example of this work: two-party computation based on Paillier encryption. The first solution requires O(log()(κ + loglog())) secure arithmetic operations in O(log()) rounds, where κ is a correctness parameter. The second...

Students and Taxes: a Privacy-Preserving Study Using Secure Computation

Directory of Open Access Journals (Sweden)

Bogdanov Dan

2016-07-01

Full Text Available We describe the use of secure multi-party computation for performing a large-scale privacy-preserving statistical study on real government data. In 2015, statisticians from the Estonian Center of Applied Research (CentAR conducted a big data study to look for correlations between working during university studies and failing to graduate in time. The study was conducted by linking the database of individual tax payments from the Estonian Tax and Customs Board and the database of higher education events from the Ministry of Education and Research. Data collection, preparation and analysis were conducted using the Share-mind secure multi-party computation system that provided end-to-end cryptographic protection to the analysis. Using ten million tax records and half a million education records in the analysis, this is the largest cryptographically private statistical study ever conducted on real data.

Enabling analytics on sensitive medical data with secure multi-party computation

NARCIS (Netherlands)

M. Veeningen (Meilof); S. Chatterjea (Supriyo); A.Z. Horváth (Anna Zsófia); G. Spindler (Gerald); E. Boersma (Eric); P. van der Spek (Peter); O. van der Galiën (Onno); J. Gutteling (Job); W. Kraaij (Wessel); P.J.M. Veugen (Thijs)

2018-01-01

textabstractWhile there is a clear need to apply data analytics in the healthcare sector, this is often difficult because it requires combining sensitive data from multiple data sources. In this paper, we show how the cryptographic technique of secure multiparty computation can enable such data

Efficient Server-Aided Secure Two-Party Function Evaluation with Applications to Genomic Computation

Directory of Open Access Journals (Sweden)

Blanton Marina

2016-10-01

Full Text Available Computation based on genomic data is becoming increasingly popular today, be it for medical or other purposes. Non-medical uses of genomic data in a computation often take place in a server-mediated setting where the server offers the ability for joint genomic testing between the users. Undeniably, genomic data is highly sensitive, which in contrast to other biometry types, discloses a plethora of information not only about the data owner, but also about his or her relatives. Thus, there is an urgent need to protect genomic data. This is particularly true when the data is used in computation for what we call recreational non-health-related purposes. Towards this goal, in this work we put forward a framework for server-aided secure two-party computation with the security model motivated by genomic applications. One particular security setting that we treat in this work provides stronger security guarantees with respect to malicious users than the traditional malicious model. In particular, we incorporate certified inputs into secure computation based on garbled circuit evaluation to guarantee that a malicious user is unable to modify her inputs in order to learn unauthorized information about the other user’s data. Our solutions are general in the sense that they can be used to securely evaluate arbitrary functions and offer attractive performance compared to the state of the art. We apply the general constructions to three specific types of genomic tests: paternity, genetic compatibility, and ancestry testing and implement the constructions. The results show that all such private tests can be executed within a matter of seconds or less despite the large size of one’s genomic data.

Actively Secure Two-Party Evaluation of Any Quantum Operation

DEFF Research Database (Denmark)

Dupuis, Frédéric; Nielsen, Jesper Buus; Salvail, Louis

2012-01-01

We provide the first two-party protocol allowing Alice and Bob to evaluate privately even against active adversaries any completely positive, trace-preserving map , given as a quantum circuit, upon their joint quantum input state . Our protocol leaks no more to any active adversary than an ideal ...... functionality for provided Alice and Bob have the cryptographic resources for active secure two-party classical computation. Our protocol is constructed from the protocol for the same task secure against specious adversaries presented in [4]....

Secure data structures based on multi-party computation

DEFF Research Database (Denmark)

Toft, Tomas

2011-01-01

to be realized using MPC primitives, however, by focusing on a specific example -- a priority queue -- it is shown that it is possible to achieve much better results than the generic solutions can provide. Moreover, the techniques differ significantly from existing ORAM constructions. Indeed it has recently been...... shown that any information theoretically secure ORAM with n memory locations requires at least log n random bits per read/write to hide the access pattern. In contrast, the present construction achieves security with a completely deterministic access pattern....

Non-adaptive measurement-based quantum computation and multi-party Bell inequalities

International Nuclear Information System (INIS)

Hoban, Matty J; Campbell, Earl T; Browne, Dan E; Loukopoulos, Klearchos

2011-01-01

Quantum correlations exhibit behaviour that cannot be resolved with a local hidden variable picture of the world. In quantum information, they are also used as resources for information processing tasks, such as measurement-based quantum computation (MQC). In MQC, universal quantum computation can be achieved via adaptive measurements on a suitable entangled resource state. In this paper, we look at a version of MQC in which we remove the adaptivity of measurements and aim to understand what computational abilities remain in the resource. We show that there are explicit connections between this model of computation and the question of non-classicality in quantum correlations. We demonstrate this by focusing on deterministic computation of Boolean functions, in which natural generalizations of the Greenberger-Horne-Zeilinger paradox emerge; we then explore probabilistic computation via, which multipartite Bell inequalities can be defined. We use this correspondence to define families of multi-party Bell inequalities, which we show to have a number of interesting contrasting properties.

Non-adaptive measurement-based quantum computation and multi-party Bell inequalities

Energy Technology Data Exchange (ETDEWEB)

Hoban, Matty J; Campbell, Earl T; Browne, Dan E [Department of Physics and Astronomy, University College London, Gower Street, London WC1E 6BT (United Kingdom); Loukopoulos, Klearchos, E-mail: m.hoban@ucl.ac.uk [Department of Materials, Oxford University, Parks Road, Oxford OX1 4PH (United Kingdom)

2011-02-15

Quantum correlations exhibit behaviour that cannot be resolved with a local hidden variable picture of the world. In quantum information, they are also used as resources for information processing tasks, such as measurement-based quantum computation (MQC). In MQC, universal quantum computation can be achieved via adaptive measurements on a suitable entangled resource state. In this paper, we look at a version of MQC in which we remove the adaptivity of measurements and aim to understand what computational abilities remain in the resource. We show that there are explicit connections between this model of computation and the question of non-classicality in quantum correlations. We demonstrate this by focusing on deterministic computation of Boolean functions, in which natural generalizations of the Greenberger-Horne-Zeilinger paradox emerge; we then explore probabilistic computation via, which multipartite Bell inequalities can be defined. We use this correspondence to define families of multi-party Bell inequalities, which we show to have a number of interesting contrasting properties.

Unconditionally Secure Constant-Rounds Multi-party Computation for Equality, Comparison, Bits and Exponentiation

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Nielsen, Jesper Buus; Toft, Tomas

2006-01-01

We show that if a set of players hold shares of a value aFp for some prime p (where the set of shares is written [a] p ), it is possible to compute, in constant rounds and with unconditional security, sharings of the bits of a, i.e., compute sharings [a 0] p , ..., [a ℓ− − 1] p such that ℓ = ⌈ lo...

Organization of the secure distributed computing based on multi-agent system

Science.gov (United States)

Khovanskov, Sergey; Rumyantsev, Konstantin; Khovanskova, Vera

2018-04-01

Nowadays developing methods for distributed computing is received much attention. One of the methods of distributed computing is using of multi-agent systems. The organization of distributed computing based on the conventional network computers can experience security threats performed by computational processes. Authors have developed the unified agent algorithm of control system of computing network nodes operation. Network PCs is used as computing nodes. The proposed multi-agent control system for the implementation of distributed computing allows in a short time to organize using of the processing power of computers any existing network to solve large-task by creating a distributed computing. Agents based on a computer network can: configure a distributed computing system; to distribute the computational load among computers operated agents; perform optimization distributed computing system according to the computing power of computers on the network. The number of computers connected to the network can be increased by connecting computers to the new computer system, which leads to an increase in overall processing power. Adding multi-agent system in the central agent increases the security of distributed computing. This organization of the distributed computing system reduces the problem solving time and increase fault tolerance (vitality) of computing processes in a changing computing environment (dynamic change of the number of computers on the network). Developed a multi-agent system detects cases of falsification of the results of a distributed system, which may lead to wrong decisions. In addition, the system checks and corrects wrong results.

Novel Multi-Party Quantum Key Agreement Protocol with G-Like States and Bell States

Science.gov (United States)

Min, Shi-Qi; Chen, Hua-Ying; Gong, Li-Hua

2018-06-01

A significant aspect of quantum cryptography is quantum key agreement (QKA), which ensures the security of key agreement protocols by quantum information theory. The fairness of an absolute security multi-party quantum key agreement (MQKA) protocol demands that all participants can affect the protocol result equally so as to establish a shared key and that nobody can determine the shared key by himself/herself. We found that it is difficult for the existing multi-party quantum key agreement protocol to withstand the collusion attacks. Put differently, it is possible for several cooperated and untruthful participants to determine the final key without being detected. To address this issue, based on the entanglement swapping between G-like state and Bell states, a new multi-party quantum key agreement protocol is put forward. The proposed protocol makes full use of EPR pairs as quantum resources, and adopts Bell measurement and unitary operation to share a secret key. Besides, the proposed protocol is fair, secure and efficient without involving a third party quantum center. It demonstrates that the protocol is capable of protecting users' privacy and meeting the requirement of fairness. Moreover, it is feasible to carry out the protocol with existing technologies.

Novel Multi-Party Quantum Key Agreement Protocol with G-Like States and Bell States

Science.gov (United States)

Min, Shi-Qi; Chen, Hua-Ying; Gong, Li-Hua

2018-03-01

A significant aspect of quantum cryptography is quantum key agreement (QKA), which ensures the security of key agreement protocols by quantum information theory. The fairness of an absolute security multi-party quantum key agreement (MQKA) protocol demands that all participants can affect the protocol result equally so as to establish a shared key and that nobody can determine the shared key by himself/herself. We found that it is difficult for the existing multi-party quantum key agreement protocol to withstand the collusion attacks. Put differently, it is possible for several cooperated and untruthful participants to determine the final key without being detected. To address this issue, based on the entanglement swapping between G-like state and Bell states, a new multi-party quantum key agreement protocol is put forward. The proposed protocol makes full use of EPR pairs as quantum resources, and adopts Bell measurement and unitary operation to share a secret key. Besides, the proposed protocol is fair, secure and efficient without involving a third party quantum center. It demonstrates that the protocol is capable of protecting users' privacy and meeting the requirement of fairness. Moreover, it is feasible to carry out the protocol with existing technologies.

Multi-party quantum key agreement with five-qubit brown states

Science.gov (United States)

Cai, Tao; Jiang, Min; Cao, Gang

2018-05-01

In this paper, we propose a multi-party quantum key agreement protocol with five-qubit brown states and single-qubit measurements. Our multi-party protocol ensures each participant to contribute equally to the agreement key. Each party performs three single-qubit unitary operations on three qubits of each brown state. Finally, by measuring brown states and decoding the measurement results, all participants can negotiate a shared secret key without classical bits exchange between them. With the analysis of security, our protocol demonstrates that it can resist against both outsider and participant attacks. Compared with other schemes, it also possesses a higher information efficiency. In terms of physical operation, it requires single-qubit measurements only which weakens the hardware requirements of participant and has a better operating flexibility.

Secure multiparty computation with a dishonest majority via quantum means

International Nuclear Information System (INIS)

Loukopoulos, Klearchos; Browne, Daniel E.

2010-01-01

We introduce a scheme for secure multiparty computation utilizing the quantum correlations of entangled states. First we present a scheme for two-party computation, exploiting the correlations of a Greenberger-Horne-Zeilinger state to provide, with the help of a third party, a near-private computation scheme. We then present a variation of this scheme which is passively secure with threshold t=2, in other words, remaining secure when pairs of players conspire together provided they faithfully follow the protocol. Furthermore, we show that the passively secure variant can be modified to be secure when cheating parties are allowed to deviate from the protocol. We show that this can be generalized to computations of n-party polynomials of degree 2 with a threshold of n-1. The threshold achieved is significantly higher than the best known classical threshold, which satisfies the bound t< n/2. Our schemes, each complying with a different definition of security, shed light on which physical assumptions are necessary in order to achieve quantum secure multiparty computation.

Multi-party semi-quantum key distribution-convertible multi-party semi-quantum secret sharing

Science.gov (United States)

Yu, Kun-Fei; Gu, Jun; Hwang, Tzonelih; Gope, Prosanta

2017-08-01

This paper proposes a multi-party semi-quantum secret sharing (MSQSS) protocol which allows a quantum party (manager) to share a secret among several classical parties (agents) based on GHZ-like states. By utilizing the special properties of GHZ-like states, the proposed scheme can easily detect outside eavesdropping attacks and has the highest qubit efficiency among the existing MSQSS protocols. Then, we illustrate an efficient way to convert the proposed MSQSS protocol into a multi-party semi-quantum key distribution (MSQKD) protocol. The proposed approach is even useful to convert all the existing measure-resend type of semi-quantum secret sharing protocols into semi-quantum key distribution protocols.

Fair Secure Computation with Reputation Assumptions in the Mobile Social Networks

Directory of Open Access Journals (Sweden)

Yilei Wang

2015-01-01

Full Text Available With the rapid development of mobile devices and wireless technologies, mobile social networks become increasingly available. People can implement many applications on the basis of mobile social networks. Secure computation, like exchanging information and file sharing, is one of such applications. Fairness in secure computation, which means that either all parties implement the application or none of them does, is deemed as an impossible task in traditional secure computation without mobile social networks. Here we regard the applications in mobile social networks as specific functions and stress on the achievement of fairness on these functions within mobile social networks in the presence of two rational parties. Rational parties value their utilities when they participate in secure computation protocol in mobile social networks. Therefore, we introduce reputation derived from mobile social networks into the utility definition such that rational parties have incentives to implement the applications for a higher utility. To the best of our knowledge, the protocol is the first fair secure computation in mobile social networks. Furthermore, it finishes within constant rounds and allows both parties to know the terminal round.

Multi-party Measurement-Device-Independent Quantum Key Distribution Based on Cluster States

Science.gov (United States)

Liu, Chuanqi; Zhu, Changhua; Ma, Shuquan; Pei, Changxing

2018-03-01

We propose a novel multi-party measurement-device-independent quantum key distribution (MDI-QKD) protocol based on cluster states. A four-photon analyzer which can distinguish all the 16 cluster states serves as the measurement device for four-party MDI-QKD. Any two out of four participants can build secure keys after the analyzers obtains successful outputs and the two participants perform post-processing. We derive a security analysis for the protocol, and analyze the key rates under different values of polarization misalignment. The results show that four-party MDI-QKD is feasible over 280 km in the optical fiber channel when the key rate is about 10- 6 with the polarization misalignment parameter 0.015. Moreover, our work takes an important step toward a quantum communication network.

Computer-Based Testing: Test Site Security.

Science.gov (United States)

Rosen, Gerald A.

Computer-based testing places great burdens on all involved parties to ensure test security. A task analysis of test site security might identify the areas of protecting the test, protecting the data, and protecting the environment as essential issues in test security. Protecting the test involves transmission of the examinations, identifying the…

Features of modern security policy UK political parties

Directory of Open Access Journals (Sweden)

A. V. Stalovierova

2015-12-01

Full Text Available The security policy of the British coalition government of D. Cameron (2010-2015 is summarized; it’s been proved that political forces of Tory and Liberal Democrat should have compromised to carry out unanimous course in the scope of national security, and the problems of the security strategy on parliamentary elections in 2015 are analyzed, particularly the comparative analysis of the modern safety strategy of leading British parties is exercised. Under conditions of the appearance of new challenges and threats, transformation of international safety system, the questions of safety policy often become the object of attention of the British community and experts. The absence of cross-party consensus on most terms of safety strategy of the United Kingdom during the election campaign in 2015 makes the discussion about perspectives of the British safety policy still more urgent. During the election campaign there was no unity on any aspect of security subject between parties. First of all, Labourists, Liberal Democrats, Scottish National Party and Green Party made a statement about readiness to develop cooperation with the EU and the Conservatives and the UK Independence Party were on the side of the Eurosceptics. The opinions of the parties were also divided on military operations abroad, financing and force level. In terms of one-party government and presence of majority in the House of Commons, the Conservatives have opportunities to realize their own vision of British safety policy.

Device-independent two-party cryptography secure against sequential attacks

DEFF Research Database (Denmark)

Kaniewski, Jedrzej; Wehner, Stephanie

2016-01-01

The goal of two-party cryptography is to enable two parties, Alice and Bob, to solve common tasks without the need for mutual trust. Examples of such tasks are private access to a database, and secure identification. Quantum communication enables security for all of these problems in the noisy......-storage model by sending more signals than the adversary can store in a certain time frame. Here, we initiate the study of device-independent (DI) protocols for two-party cryptography in the noisy-storage model. Specifically, we present a relatively easy to implement protocol for a cryptographic building block...... known as weak string erasure and prove its security even if the devices used in the protocol are prepared by the dishonest party. DI two-party cryptography is made challenging by the fact that Alice and Bob do not trust each other, which requires new techniques to establish security. We fully analyse...

Analysis On Security Of Cloud Computing

Directory of Open Access Journals (Sweden)

Muhammad Zunnurain Hussain

2017-01-01

Full Text Available In this paper Author will be discussing the security issues and challenges faced by the industry in securing the cloud computing and how these problems can be tackled. Cloud computing is modern technique of sharing resources like data sharing file sharing basically sharing of resources without launching own infrastructure and using some third party resources to avoid huge investment . It is very challenging these days to secure the communication between two users although people use different encryption techniques 1.

Efficient Server-Aided Secure Two-Party Function Evaluation with Applications to Genomic Computation

Science.gov (United States)

2016-07-14

sense that they can be used to securely evaluate arbitrary functions and offer attrac- tive performance compared to the state of the art . We apply the...seconds. The performance favor- ably compares to the state of the art (as detailed in section 7), in some cases achieving orders of magnitude...148 Table 1. Complexity of constructions in prior and our work. Party Communication Sym. key/hash op . Public key operations Security model [38], A O

Scalable and Unconditionally Secure Multiparty Computation

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Nielsen, Jesper Buus

2007-01-01

We present a multiparty computation protocol that is unconditionally secure against adaptive and active adversaries, with communication complexity O(Cn)k+O(Dn^2)k+poly(nk), where C is the number of gates in the circuit, n is the number of parties, k is the bit-length of the elements of the field...... over which the computation is carried out, D is the multiplicative depth of the circuit, and κ is the security parameter. The corruption threshold is t passive security the corruption threshold is t 

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Science.gov (United States)

2010-01-01

... information for parties; security clearances. 2.905 Section 2.905 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

Cloud Computing Security Latest Issues amp Countermeasures

Directory of Open Access Journals (Sweden)

Shelveen Pandey

2015-08-01

Full Text Available Abstract Cloud computing describes effective computing services provided by a third-party organization known as cloud service provider for organizations to perform different tasks over the internet for a fee. Cloud service providers computing resources are dynamically reallocated per demand and their infrastructure platform and software and other resources are shared by multiple corporate and private clients. With the steady increase in the number of cloud computing subscribers of these shared resources over the years security on the cloud is a growing concern. In this review paper the current cloud security issues and practices are described and a few innovative solutions are proposed that can help improve cloud computing security in the future.

Device-independent two-party cryptography secure against sequential attacks

International Nuclear Information System (INIS)

Kaniewski, Jędrzej; Wehner, Stephanie

2016-01-01

The goal of two-party cryptography is to enable two parties, Alice and Bob, to solve common tasks without the need for mutual trust. Examples of such tasks are private access to a database, and secure identification. Quantum communication enables security for all of these problems in the noisy-storage model by sending more signals than the adversary can store in a certain time frame. Here, we initiate the study of device-independent (DI) protocols for two-party cryptography in the noisy-storage model. Specifically, we present a relatively easy to implement protocol for a cryptographic building block known as weak string erasure and prove its security even if the devices used in the protocol are prepared by the dishonest party. DI two-party cryptography is made challenging by the fact that Alice and Bob do not trust each other, which requires new techniques to establish security. We fully analyse the case of memoryless devices (for which sequential attacks are optimal) and the case of sequential attacks for arbitrary devices. The key ingredient of the proof, which might be of independent interest, is an explicit (and tight) relation between the violation of the Clauser–Horne–Shimony–Holt inequality observed by Alice and Bob and uncertainty generated by Alice against Bob who is forced to measure his system before finding out Alice’s setting (guessing with postmeasurement information). In particular, we show that security is possible for arbitrarily small violation. (paper)

Device-independent two-party cryptography secure against sequential attacks

Science.gov (United States)

Kaniewski, Jędrzej; Wehner, Stephanie

2016-05-01

The goal of two-party cryptography is to enable two parties, Alice and Bob, to solve common tasks without the need for mutual trust. Examples of such tasks are private access to a database, and secure identification. Quantum communication enables security for all of these problems in the noisy-storage model by sending more signals than the adversary can store in a certain time frame. Here, we initiate the study of device-independent (DI) protocols for two-party cryptography in the noisy-storage model. Specifically, we present a relatively easy to implement protocol for a cryptographic building block known as weak string erasure and prove its security even if the devices used in the protocol are prepared by the dishonest party. DI two-party cryptography is made challenging by the fact that Alice and Bob do not trust each other, which requires new techniques to establish security. We fully analyse the case of memoryless devices (for which sequential attacks are optimal) and the case of sequential attacks for arbitrary devices. The key ingredient of the proof, which might be of independent interest, is an explicit (and tight) relation between the violation of the Clauser-Horne-Shimony-Holt inequality observed by Alice and Bob and uncertainty generated by Alice against Bob who is forced to measure his system before finding out Alice’s setting (guessing with postmeasurement information). In particular, we show that security is possible for arbitrarily small violation.

Design of large scale applications of secure multiparty computation : secure linear programming

NARCIS (Netherlands)

Hoogh, de S.J.A.

2012-01-01

Secure multiparty computation is a basic concept of growing interest in modern cryptography. It allows a set of mutually distrusting parties to perform a computation on their private information in such a way that as little as possible is revealed about each private input. The early results of

Design of advanced primitives for secure multiparty computation : special shuffles and integer comparison

NARCIS (Netherlands)

Villegas Bautista, J.A.

2010-01-01

In modern cryptography, the problem of secure multiparty computation is about the cooperation between mutually distrusting parties computing a given function. Each party holds some private information that should remain secret as much as possible throughout the computation. A large body of research

Password-only authenticated three-party key exchange proven secure against insider dictionary attacks.

Science.gov (United States)

Nam, Junghyun; Choo, Kim-Kwang Raymond; Paik, Juryon; Won, Dongho

2014-01-01

While a number of protocols for password-only authenticated key exchange (PAKE) in the 3-party setting have been proposed, it still remains a challenging task to prove the security of a 3-party PAKE protocol against insider dictionary attacks. To the best of our knowledge, there is no 3-party PAKE protocol that carries a formal proof, or even definition, of security against insider dictionary attacks. In this paper, we present the first 3-party PAKE protocol proven secure against both online and offline dictionary attacks as well as insider and outsider dictionary attacks. Our construct can be viewed as a protocol compiler that transforms any 2-party PAKE protocol into a 3-party PAKE protocol with 2 additional rounds of communication. We also present a simple and intuitive approach of formally modelling dictionary attacks in the password-only 3-party setting, which significantly reduces the complexity of proving the security of 3-party PAKE protocols against dictionary attacks. In addition, we investigate the security of the well-known 3-party PAKE protocol, called GPAKE, due to Abdalla et al. (2005, 2006), and demonstrate that the security of GPAKE against online dictionary attacks depends heavily on the composition of its two building blocks, namely a 2-party PAKE protocol and a 3-party key distribution protocol.

Security Problems in Cloud Computing

Directory of Open Access Journals (Sweden)

Rola Motawie

2016-12-01

Full Text Available Cloud is a pool of computing resources which are distributed among cloud users. Cloud computing has many benefits like scalability, flexibility, cost savings, reliability, maintenance and mobile accessibility. Since cloud-computing technology is growing day by day, it comes with many security problems. Securing the data in the cloud environment is most critical challenges which act as a barrier when implementing the cloud. There are many new concepts that cloud introduces, such as resource sharing, multi-tenancy, and outsourcing, create new challenges for the security community. In this work, we provide a comparable study of cloud computing privacy and security concerns. We identify and classify known security threats, cloud vulnerabilities, and attacks.

Privacy-Preserving Self-Helped Medical Diagnosis Scheme Based on Secure Two-Party Computation in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Yi Sun

2014-01-01

Full Text Available With the continuing growth of wireless sensor networks in pervasive medical care, people pay more and more attention to privacy in medical monitoring, diagnosis, treatment, and patient care. On one hand, we expect the public health institutions to provide us with better service. On the other hand, we would not like to leak our personal health information to them. In order to balance this contradiction, in this paper we design a privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks so that patients can privately diagnose themselves by inputting a health card into a self-helped medical diagnosis ATM to obtain a diagnostic report just like drawing money from a bank ATM without revealing patients’ health information and doctors’ diagnostic skill. It makes secure self-helped disease diagnosis feasible and greatly benefits patients as well as relieving the heavy pressure of public health institutions.

Retrospective Analysis of Communication Events - Understanding the Dynamics of Collaborative Multi-Party Discourse

Energy Technology Data Exchange (ETDEWEB)

Cowell, Andrew J.; Haack, Jereme N.; McColgin, Dave W.

2006-06-08

This research is aimed at understanding the dynamics of collaborative multi-party discourse across multiple communication modalities. Before we can truly make sig-nificant strides in devising collaborative communication systems, there is a need to understand how typical users utilize com-putationally supported communications mechanisms such as email, instant mes-saging, video conferencing, chat rooms, etc., both singularly and in conjunction with traditional means of communication such as face-to-face meetings, telephone calls and postal mail. Attempting to un-derstand an individual’s communications profile with access to only a single modal-ity is challenging at best and often futile. Here, we discuss the development of RACE – Retrospective Analysis of Com-munications Events – a test-bed prototype to investigate issues relating to multi-modal multi-party discourse.

Semantic Security: Privacy Definitions Revisited

OpenAIRE

Jinfei Liu; Li Xiong; Jun Luo

2013-01-01

In this paper we illustrate a privacy framework named Indistinguishabley Privacy. Indistinguishable privacy could be deemed as the formalization of the existing privacy definitions in privacy preserving data publishing as well as secure multi-party computation. We introduce three representative privacy notions in the literature, Bayes-optimal privacy for privacy preserving data publishing, differential privacy for statistical data release, and privacy w.r.t. semi-honest behavior in the secure...

Practical Secure Computation with Pre-Processing

DEFF Research Database (Denmark)

Zakarias, Rasmus Winther

Secure Multiparty Computation has been divided between protocols best suited for binary circuits and protocols best suited for arithmetic circuits. With their MiniMac protocol in [DZ13], Damgård and Zakarias take an important step towards bridging these worlds with an arithmetic protocol tuned...... space for pre-processing material than computing the non-linear parts online (depends on the quality of circuit of course). Surprisingly, even for our optimized AES-circuit this is not the case. We further improve the design of the pre-processing material and end up with only 10 megabyes of pre...... a protocol for small field arithmetic to do fast large integer multipli- cations. This is achieved by devising pre-processing material that allows the Toom-Cook multiplication algorithm to run between the parties with linear communication complexity. With this result computation on the CPU by the parties...

Unconditionally Secure Protocols

DEFF Research Database (Denmark)

Meldgaard, Sigurd Torkel

This thesis contains research on the theory of secure multi-party computation (MPC). Especially information theoretically (as opposed to computationally) secure protocols. It contains results from two main lines of work. One line on Information Theoretically Secure Oblivious RAMS, and how....... We construct an oblivious RAM that hides the client's access pattern with information theoretic security with an amortized $\\log^3 N$ query overhead. And how to employ a second server that is guaranteed not to conspire with the first to improve the overhead to $\\log^2 N$, while also avoiding...... they are used to speed up secure computation. An Oblivious RAM is a construction for a client with a small $O(1)$ internal memory to store $N$ pieces of data on a server while revealing nothing more than the size of the memory $N$, and the number of accesses. This specifically includes hiding the access pattern...

Reviews on Security Issues and Challenges in Cloud Computing

Science.gov (United States)

An, Y. Z.; Zaaba, Z. F.; Samsudin, N. F.

2016-11-01

Cloud computing is an Internet-based computing service provided by the third party allowing share of resources and data among devices. It is widely used in many organizations nowadays and becoming more popular because it changes the way of how the Information Technology (IT) of an organization is organized and managed. It provides lots of benefits such as simplicity and lower costs, almost unlimited storage, least maintenance, easy utilization, backup and recovery, continuous availability, quality of service, automated software integration, scalability, flexibility and reliability, easy access to information, elasticity, quick deployment and lower barrier to entry. While there is increasing use of cloud computing service in this new era, the security issues of the cloud computing become a challenges. Cloud computing must be safe and secure enough to ensure the privacy of the users. This paper firstly lists out the architecture of the cloud computing, then discuss the most common security issues of using cloud and some solutions to the security issues since security is one of the most critical aspect in cloud computing due to the sensitivity of user's data.

Multi-agent integrated password management (MIPM) application secured with encryption

Science.gov (United States)

Awang, Norkhushaini; Zukri, Nurul Hidayah Ahmad; Rashid, Nor Aimuni Md; Zulkifli, Zuhri Arafah; Nazri, Nor Afifah Mohd

2017-10-01

Users use weak passwords and reuse them on different websites and applications. Password managers are a solution to store login information for websites and help users log in automatically. This project developed a system that acts as an agent managing passwords. Multi-Agent Integrated Password Management (MIPM) is an application using encryption that provides users with secure storage of their login account information such as their username, emails and passwords. This project was developed on an Android platform with an encryption agent using Java Agent Development Environment (JADE). The purpose of the embedded agents is to act as a third-party software to ease the encryption process, and in the future, the developed encryption agents can form part of the security system. This application can be used by the computer and mobile users. Currently, users log into many applications causing them to use unique passwords to prevent password leaking. The crypto agent handles the encryption process using an Advanced Encryption Standard (AES) 128-bit encryption algorithm. As a whole, MIPM is developed on the Android application to provide a secure platform to store passwords and has high potential to be commercialised for public use.

Diamond High Assurance Security Program: Trusted Computing Exemplar

Science.gov (United States)

2002-09-01

computing component, the Embedded MicroKernel Prototype. A third-party evaluation of the component will be initiated during development (e.g., once...target technologies and larger projects is a topic for future research. Trusted Computing Reference Component – The Embedded MicroKernel Prototype We...Kernel The primary security function of the Embedded MicroKernel will be to enforce process and data-domain separation, while providing primitive

Cloud Computing Security: A Survey

Directory of Open Access Journals (Sweden)

Issa M. Khalil

2014-02-01

Full Text Available Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures.

Application of Blind Quantum Computation to Two-Party Quantum Computation

Science.gov (United States)

Sun, Zhiyuan; Li, Qin; Yu, Fang; Chan, Wai Hong

2018-03-01

Blind quantum computation (BQC) allows a client who has only limited quantum power to achieve quantum computation with the help of a remote quantum server and still keep the client's input, output, and algorithm private. Recently, Kashefi and Wallden extended BQC to achieve two-party quantum computation which allows two parties Alice and Bob to perform a joint unitary transform upon their inputs. However, in their protocol Alice has to prepare rotated single qubits and perform Pauli operations, and Bob needs to have a powerful quantum computer. In this work, we also utilize the idea of BQC to put forward an improved two-party quantum computation protocol in which the operations of both Alice and Bob are simplified since Alice only needs to apply Pauli operations and Bob is just required to prepare and encrypt his input qubits.

Application of Blind Quantum Computation to Two-Party Quantum Computation

Science.gov (United States)

Sun, Zhiyuan; Li, Qin; Yu, Fang; Chan, Wai Hong

2018-06-01

Blind quantum computation (BQC) allows a client who has only limited quantum power to achieve quantum computation with the help of a remote quantum server and still keep the client's input, output, and algorithm private. Recently, Kashefi and Wallden extended BQC to achieve two-party quantum computation which allows two parties Alice and Bob to perform a joint unitary transform upon their inputs. However, in their protocol Alice has to prepare rotated single qubits and perform Pauli operations, and Bob needs to have a powerful quantum computer. In this work, we also utilize the idea of BQC to put forward an improved two-party quantum computation protocol in which the operations of both Alice and Bob are simplified since Alice only needs to apply Pauli operations and Bob is just required to prepare and encrypt his input qubits.

An Empirical Study and some Improvements of the MiniMac Protocol for Secure Computation

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Lauritsen, Rasmus; Toft, Tomas

2014-01-01

Recent developments in Multi-party Computation (MPC) has resulted in very efficient protocols for dishonest majority in the preprocessing model. In particular, two very promising protocols for Boolean circuits have been proposed by Nielsen et al. (nicknamed TinyOT) and by Damg˚ard and Zakarias...... suggest a modification of MiniMac that achieves increased parallelism at no extra communication cost. This gives an asymptotic improvement of the original protocol as well as an 8-fold speed-up of our implementation. We compare the resulting protocol to TinyOT for the case of secure computation in parallel...... of a large number of AES encryptions and find that it performs better than results reported so far on TinyOT, on the same hardware.p...

Cloud Computing Security: A Survey

OpenAIRE

Khalil, Issa; Khreishah, Abdallah; Azeem, Muhammad

2014-01-01

Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing a...

Comment on ''Secure multiparty computation with a dishonest majority via quantum means''

International Nuclear Information System (INIS)

Li Yanbing; Wen Qiaoyan; Qin Sujuan

2011-01-01

In a recent paper [K. Loukopoulos and D. E. Browne, Phys. Rev. A 81, 062336 (2010)], five schemes for secure multiparty computation utilizing the Greenberger-Horne-Zeilinger (GHZ) quantum correlation were presented, which were claimed to be secure in some kinds of security models. However, this study points out that schemes C and D2 could be attacked by corrupted parties replacing photon and exchanging classical information.

Center for computer security: Computer Security Group conference. Summary

Energy Technology Data Exchange (ETDEWEB)

None

1982-06-01

Topics covered include: computer security management; detection and prevention of computer misuse; certification and accreditation; protection of computer security, perspective from a program office; risk analysis; secure accreditation systems; data base security; implementing R and D; key notarization system; DOD computer security center; the Sandia experience; inspector general's report; and backup and contingency planning. (GHT)

Monitoring multi-party contracts for E-business

NARCIS (Netherlands)

Xu, L.

2004-01-01

"Monitoring multi-party contracts for E-business" investigates the issues involved in the performance of econtract monitoring of business automations in business to business e-commerce environment. A pro-active monitoring contract model and monitoring mechanism have been designed and developed. A

CERTIFICATE REVOCATION SCHEME BASED ON WEIGHTED VOTING GAME AND RATIONAL SECURE MULTIPARTY COMPUTING

Directory of Open Access Journals (Sweden)

N Aravinthan

2017-03-01

Full Text Available The Mobile Adhoc Network consists of deployed mobile nodes which lead to the frequent changes in network topology. Due to topology changes, required infrastructure is unavailable for communication. Moreover, malicious nodes present in MANET make use of this modification and can easily launch highly vulnerable attacks on the routing path of the network. Hence, Security issue such as removing misbehaving nodes is the primary issue in MANET. Effective certificate revocation scheme was introduced to identify and eliminate the node with malicious activities in the network based on the weighted voting game (ECR-WVG approach. In this approach, weights and quota were two factors, determined for an effective revocation of malicious nodes certificates. However, security during multiparty transmission was not taken into account in ECR-WVG. In Effective Certificate Revocation Scheme based on Weighted Voting Game and Rational Secure Multi-Party Computing (ECR-WVG-RSMPC method, rational secret sharing scheme is introduced along with ECR-WVG approach for securing multiparty transmission. Performance evaluation can be done between ECR-WVG and ECR-WVG-RSMPC in terms of false revocation, malicious node revocation, normalized time for revocation and revocation accuracy ratio.

Computer Security: drive-bye

CERN Multimedia

Stefan Lueders, Computer Security Team

2016-01-01

Like a lion waiting to ambush gazelles at a waterhole, malware can catch you by surprise.    As some of you might have noticed, the Computer Security Team had to block the news site “20min.ch” a while ago, as it was found to be distributing malware. This block comes after similar incidents at other Swiss organizations. Our blocking is protective in order to safeguard your computers, laptops, tablets and smartphones. Unfortunately, this is not the first time we have seen these so-called drive-by/waterhole attacks: once you have visited an affected website, embedded third-party malicious code is downloaded to your computer and subsequently infects it (if running Windows or Android as well as, less likely, Mac operating systems). Hence the name “drive-by”. As “20min.ch” is a very frequented website among CERN staff members and users, it makes it a perfect source for attacks against CERN (or other Geneva-based organisations): inste...

Secure Data Access Control for Fog Computing Based on Multi-Authority Attribute-Based Signcryption with Computation Outsourcing and Attribute Revocation.

Science.gov (United States)

Xu, Qian; Tan, Chengxiang; Fan, Zhijie; Zhu, Wenye; Xiao, Ya; Cheng, Fujia

2018-05-17

Nowadays, fog computing provides computation, storage, and application services to end users in the Internet of Things. One of the major concerns in fog computing systems is how fine-grained access control can be imposed. As a logical combination of attribute-based encryption and attribute-based signature, Attribute-based Signcryption (ABSC) can provide confidentiality and anonymous authentication for sensitive data and is more efficient than traditional "encrypt-then-sign" or "sign-then-encrypt" strategy. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention recently. However, in many existing ABSC systems, the computation cost required for the end users in signcryption and designcryption is linear with the complexity of signing and encryption access policy. Moreover, only a single authority that is responsible for attribute management and key generation exists in the previous proposed ABSC schemes, whereas in reality, mostly, different authorities monitor different attributes of the user. In this paper, we propose OMDAC-ABSC, a novel data access control scheme based on Ciphertext-Policy ABSC, to provide data confidentiality, fine-grained control, and anonymous authentication in a multi-authority fog computing system. The signcryption and designcryption overhead for the user is significantly reduced by outsourcing the undesirable computation operations to fog nodes. The proposed scheme is proven to be secure in the standard model and can provide attribute revocation and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation.

A security mechanism based on evolutionary game in fog computing

Directory of Open Access Journals (Sweden)

Yan Sun

2018-02-01

Full Text Available Fog computing is a distributed computing paradigm at the edge of the network and requires cooperation of users and sharing of resources. When users in fog computing open their resources, their devices are easily intercepted and attacked because they are accessed through wireless network and present an extensive geographical distribution. In this study, a credible third party was introduced to supervise the behavior of users and protect the security of user cooperation. A fog computing security mechanism based on human nervous system is proposed, and the strategy for a stable system evolution is calculated. The MATLAB simulation results show that the proposed mechanism can reduce the number of attack behaviors effectively and stimulate users to cooperate in application tasks positively.

A security mechanism based on evolutionary game in fog computing.

Science.gov (United States)

Sun, Yan; Lin, Fuhong; Zhang, Nan

2018-02-01

Fog computing is a distributed computing paradigm at the edge of the network and requires cooperation of users and sharing of resources. When users in fog computing open their resources, their devices are easily intercepted and attacked because they are accessed through wireless network and present an extensive geographical distribution. In this study, a credible third party was introduced to supervise the behavior of users and protect the security of user cooperation. A fog computing security mechanism based on human nervous system is proposed, and the strategy for a stable system evolution is calculated. The MATLAB simulation results show that the proposed mechanism can reduce the number of attack behaviors effectively and stimulate users to cooperate in application tasks positively.

A family of multi-party authentication protocols

NARCIS (Netherlands)

Cremers, C.J.F.; Mauw, S.

2006-01-01

We introduce a family of multi-party authentication protocols and discuss six novel protocols, which are members of this family. The first three generalize the well-known Needham-Schroeder-Lowe public-key protocol, the Needham-Schroeder private-key protocol, and the Bilateral Key Exchange protocol.

Measurement study of multi-party video conferencing

NARCIS (Netherlands)

Lu, Y.; Zhao, Y.; Kuipers, F.A.; Van Mieghem, P.

2010-01-01

More and more free multi-party video conferencing applications are readily available over the Internet and both Server-to-Client (S/C) or Peer-to-Peer (P2P) technologies are used. Investigating their mechanisms, analyzing their system performance, and measuring their quality are important objectives

Privacy and Data Security under Cloud Computing Arrangements: The Legal Framework and Practical Do's and Don'ts

Science.gov (United States)

Buckman, Joel; Gold, Stephanie

2012-01-01

This article outlines privacy and data security compliance issues facing postsecondary education institutions when they utilize cloud computing and concludes with a practical list of do's and dont's. Cloud computing does not change an institution's privacy and data security obligations. It does involve reliance on a third party, which requires an…

Computer Security: Cryptography and authentication (2/4)

CERN Multimedia

CERN. Geneva

2012-01-01

Remi Mollon studied computer security at University and he first worked on Grids, with the EGEE project, for a French Bioinformatics institute. Information security being crucial in that field, he developed an encrypted file management system on top of Grid middleware, and he contributed in integrating legacy applications with Grids. Then, he was hired by CERN as a Grid Data Management developer, and he joined the Grid Operational Security Coordination Team. Remi has now moved to CERN Computer Security Team. Remi is involved in the daily security operations, in addition to be responsible to design Team's computer infrastructure, and to participate to several projects, like multi-factor authentication at CERN. With the prevalence of modern information technologies and its increasing integration into our daily live, digital systems become more and more playground for evil people. While in the past, attacks were driven by fame& kudos, nowadays money is the motivating factor. Just the recent months have s...

A Forward-secure Grouping-proof Protocol for Multiple RFID Tags

Directory of Open Access Journals (Sweden)

Liu Ya-li

2012-09-01

Full Text Available Designing secure and robust grouping-proof protocols based on RFID characteristics becomes a hotspot in the research of security in Internet of Things (IOT. The proposed grouping-proof protocols recently have security and/or privacy omission and these schemes afford order-dependence by relaying message among tags through an RFID reader. In consequence, aiming at enhancing the robustness, improving scalability, reducing the computation costs on resource-constrained devices, and meanwhile combing Computational Intelligence (CI with Secure Multi-party Communication (SMC, a Forward-Secure Grouping-Proof Protocol (FSGP for multiple RFID tags based on Shamir's (, secret sharing is proposed. In comparison with the previous grouping-proof protocols, FSGP has the characteristics of forward-security and order-independence addressing the scalability issue by avoiding relaying message. Our protocol provides security enhancement, performance improvement, and meanwhile controls the computation cost, which equilibrates both security and low cost requirements for RFID tags.

Multi-party arbitration in international trade: problems and solutions

DEFF Research Database (Denmark)

Siig, Kristina

2007-01-01

Legal disputes regarding international trade frequently involve more than two parties. This leads to problems, as the preferred means of dispute resolution within international trade - arbitration - tends to be ill-equipped to handle such disputes. The topic of the paper is arbitration as a means...... of dispute resolution in a multy-party set-up. Both the possible legal bases and the problems encountered are considere. It is concluded that arbitration is still the only real option to the parties in international business disputes and that many of the shortcomings  may be contered by skilful drafting...

Reassessing U.S. National Security Strategy: The Kurdistan Worker's Party (PKK)

National Research Council Canada - National Science Library

Clark, Perry

2008-01-01

The Kurdistan Worker's Party (PKK), a terrorist-insurgent group with ties to lucrative transnational criminal organizations throughout Europe, continues to threaten Turkey-Iraq regional stability by attacking Turkish Security Forces...

Password-only authenticated three-party key exchange with provable security in the standard model.

Science.gov (United States)

Nam, Junghyun; Choo, Kim-Kwang Raymond; Kim, Junghwan; Kang, Hyun-Kyu; Kim, Jinsoo; Paik, Juryon; Won, Dongho

2014-01-01

Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model

Directory of Open Access Journals (Sweden)

Junghyun Nam

2014-01-01

Full Text Available Protocols for password-only authenticated key exchange (PAKE in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000, which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

Secure Nearest Neighbor Query on Crowd-Sensing Data

Directory of Open Access Journals (Sweden)

Ke Cheng

2016-09-01

Full Text Available Nearest neighbor queries are fundamental in location-based services, and secure nearest neighbor queries mainly focus on how to securely and quickly retrieve the nearest neighbor in the outsourced cloud server. However, the previous big data system structure has changed because of the crowd-sensing data. On the one hand, sensing data terminals as the data owner are numerous and mistrustful, while, on the other hand, in most cases, the terminals find it difficult to finish many safety operation due to computation and storage capability constraints. In light of they Multi Owners and Multi Users (MOMU situation in the crowd-sensing data cloud environment, this paper presents a secure nearest neighbor query scheme based on the proxy server architecture, which is constructed by protocols of secure two-party computation and secure Voronoi diagram algorithm. It not only preserves the data confidentiality and query privacy but also effectively resists the collusion between the cloud server and the data owners or users. Finally, extensive theoretical and experimental evaluations are presented to show that our proposed scheme achieves a superior balance between the security and query performance compared to other schemes.

Comment on ''Secure multiparty computation with a dishonest majority via quantum means''

Energy Technology Data Exchange (ETDEWEB)

Li Yanbing [State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876 (China); Beijing Electronic Science and Technology Institute, Beijing 100070 (China); Wen Qiaoyan; Qin Sujuan [State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876 (China)

2011-07-15

In a recent paper [K. Loukopoulos and D. E. Browne, Phys. Rev. A 81, 062336 (2010)], five schemes for secure multiparty computation utilizing the Greenberger-Horne-Zeilinger (GHZ) quantum correlation were presented, which were claimed to be secure in some kinds of security models. However, this study points out that schemes C and D2 could be attacked by corrupted parties replacing photon and exchanging classical information.

Study evaluating the status quo and the legal implications of third party liability for the European Security Industry

NARCIS (Netherlands)

Bergkamp, L.; Faure, M.G.; Hinteregger, M.; Philipsen, N.J.

2013-01-01

Third party liability has been identified as an issue that could adversely impact the European security industry. Limitless third party liability for security product and services is believed to have the potential to reduce investments in innovation. In the US, the Safety Act (discussed in this

Multi-Level Secure Local Area Network

OpenAIRE

Naval Postgraduate School (U.S.); Center for Information Systems Studies Security and Research (CISR)

2011-01-01

Multi-Level Secure Local Area Network is a cost effective, multi-level, easy to use office environment leveraging existing high assurance technology. The Department of Defense and U.S. Government have an identified need to securely share information classified at differing security levels. Because there exist no commercial solutions to this problem, NPS is developing a MLS LAN. The MLS LAN extends high assurance capabilities of an evaluated multi-level secure system to commercial personal com...

On Protocol Security in the Cryptographic Model

DEFF Research Database (Denmark)

Nielsen, Jesper Buus

you as possible. This is the general problem of secure multiparty computation. The usual way of formalizing the problem is to say that a number of parties who do not trust each other wish to compute some function of their local inputs, while keeping their inputs as secret as possible and guaranteeing...... the channels by which they communicate. A general solution to the secure multiparty computation problem is a compiler which given any feasible function describes an efficient protocol which allows the parties to compute the function securely on their local inputs over an open network. Over the past twenty...... years the secure multiparty computation problem has been the subject of a large body of research, both research into the models of multiparty computation and research aimed at realizing general secure multiparty computation. The main approach to realizing secure multiparty computation has been based...

A Container-based Trusted Multi-level Security Mechanism

Directory of Open Access Journals (Sweden)

Li Xiao-Yong

2017-01-01

Full Text Available Multi-level security mechanism has been widely applied in the military, government, defense and other domains in which information is required to be divided by security-level. Through this type of security mechanism, users at different security levels are provided with information at corresponding security levels. Traditional multi-level security mechanism which depends on the safety of operating system finally proved to be not practical. We propose a container-based trusted multi-level security mechanism in this paper to improve the applicability of the multi-level mechanism. It guarantees multi-level security of the system through a set of multi-level security policy rules and trusted techniques. The technical feasibility and application scenarios are also discussed. The ease of realization, strong practical significance and low cost of our method will largely expand the application of multi-level security mechanism in real life.

Computationally Secure Pattern Matching in the Presence of Malicious Adversaries

DEFF Research Database (Denmark)

Hazay, Carmit; Toft, Tomas

2014-01-01

for important variations of the secure pattern matching problem that are significantly more efficient than the current state of art solutions: First, we deal with secure pattern matching with wildcards. In this variant the pattern may contain wildcards that match both 0 and 1. Our protocol requires O......We propose a protocol for the problem of secure two-party pattern matching, where Alice holds a text t∈{0,1}∗ of length n, while Bob has a pattern p∈{0,1}∗ of length m. The goal is for Bob to (only) learn where his pattern occurs in Alice’s text, while Alice learns nothing. Private pattern matching...... is an important problem that has many applications in the area of DNA search, computational biology and more. Our construction guarantees full simulation in the presence of malicious, polynomial-time adversaries (assuming the hardness of DDH assumption) and exhibits computation and communication costs of O...

Information Interpretation Code For Providing Secure Data Integrity On Multi-Server Cloud Infrastructure

OpenAIRE

Sathiya Moorthy Srinivsan; Chandrasekar Chaillah

2014-01-01

Data security is one of the biggest concerns in cloud computing environment. Although the advantages of storing data in cloud computing environment is extremely high, there arises a problem related to data missing. CyberLiveApp (CLA) supports secure application development between multiple users, even though cloud users distinguish their vision privileges during storing of data. But CyberLiveApp failed to integrate the system with certain cloud-based computing environments on multi-server. En...

Computer Security: Security operations at CERN (4/4)

CERN Document Server

CERN. Geneva

2012-01-01

Stefan Lueders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and infrastructure control systems against cyber-threats. Subsequently, he joined the CERN Computer Security Incident Response Team and is today heading this team as CERN's Computer Security Officer with the mandate to coordinate all aspects of CERN's computer security --- office computing security, computer centre security, GRID computing security and control system security --- whilst taking into account CERN's operational needs. Dr. Lueders has presented on these topics at many different occasions to international bodies, governments, and companies, and published several articles. With the prevalence of modern information technologies and...

Computer Security Handbook

CERN Document Server

Bosworth, Seymour; Whyne, Eric

2012-01-01

The classic and authoritative reference in the field of computer security, now completely updated and revised With the continued presence of large-scale computers; the proliferation of desktop, laptop, and handheld computers; and the vast international networks that interconnect them, the nature and extent of threats to computer security have grown enormously. Now in its fifth edition, Computer Security Handbook continues to provide authoritative guidance to identify and to eliminate these threats where possible, as well as to lessen any losses attributable to them. With seventy-seven chapter

Security audits of multi-tier virtual infrastructures in public infrastructure clouds

DEFF Research Database (Denmark)

Bleikertz, Sören; Schunter, Matthias; Probst, Christian W.

2010-01-01

Cloud computing has gained remarkable popularity in the recent years by a wide spectrum of consumers, ranging from small start-ups to governments. However, its benefits in terms of flexibility, scalability, and low upfront investments, are shadowed by security challenges which inhibit its adoption....... Managed through a web-services interface, users can configure highly flexible but complex cloud computing environments. Furthermore, users misconfiguring such cloud services poses a severe security risk that can lead to security incidents, e.g., erroneous exposure of services due to faulty network...... security configurations. In this article we present a novel approach in the security assessment of the end-user configuration of multi-tier architectures deployed on infrastructure clouds such as Amazon EC2. In order to perform this assessment for the currently deployed configuration, we automated...

Computer security engineering management

International Nuclear Information System (INIS)

McDonald, G.W.

1988-01-01

For best results, computer security should be engineered into a system during its development rather than being appended later on. This paper addresses the implementation of computer security in eight stages through the life cycle of the system; starting with the definition of security policies and ending with continuing support for the security aspects of the system throughout its operational life cycle. Security policy is addressed relative to successive decomposition of security objectives (through policy, standard, and control stages) into system security requirements. This is followed by a discussion of computer security organization and responsibilities. Next the paper directs itself to analysis and management of security-related risks, followed by discussion of design and development of the system itself. Discussion of security test and evaluation preparations, and approval to operate (certification and accreditation), is followed by discussion of computer security training for users is followed by coverage of life cycle support for the security of the system

On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys

Directory of Open Access Journals (Sweden)

Junghyun Nam

2014-01-01

Full Text Available Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010: (1 the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2 the protocol cannot protect clients’ passwords against an offline dictionary attack; and (3 the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.

8th International Symposium on Intelligent Distributed Computing & Workshop on Cyber Security and Resilience of Large-Scale Systems & 6th International Workshop on Multi-Agent Systems Technology and Semantics

CERN Document Server

Braubach, Lars; Venticinque, Salvatore; Badica, Costin

2015-01-01

This book represents the combined peer-reviewed proceedings of the Eight International Symposium on Intelligent Distributed Computing - IDC'2014, of the Workshop on Cyber Security and Resilience of Large-Scale Systems - WSRL-2014, and of the Sixth International Workshop on Multi-Agent Systems Technology and Semantics- MASTS-2014. All the events were held in Madrid, Spain, during September 3-5, 2014. The 47 contributions published in this book address several topics related to theory and applications of the intelligent distributed computing and multi-agent systems, including: agent-based data processing, ambient intelligence, collaborative systems, cryptography and security, distributed algorithms, grid and cloud computing, information extraction, knowledge management, big data and ontologies, social networks, swarm intelligence or videogames amongst others.

Security and Privacy Assurance Research (SPAR) Pilot Final Report

Science.gov (United States)

2015-11-30

Terms AES Advanced Encryption Standard. Current U.S. standard for symmetric cipher. API Application Program Interface. AWS Amazon Web Services B-tree...solve this problem in theory. Tools such as multi-party computation, homomorphic encryption , and symmetric searchable encryption allow parties to...as multi-party computation [16], fully homomorphic encryption [11], private informa- tion retrieval [8] and symmetric searchable encryption [37] allow

Efficient Solutions to Two-Party and Multiparty Millionaires’ Problem

Directory of Open Access Journals (Sweden)

Xin Liu

2017-01-01

Full Text Available The millionaires’ problem is the basis of secure multiparty computation and has many applications. Using a vectorization method and the Paillier encryption scheme, we first propose a secure two-party solution to the millionaires’ problem, which can determine x=y,  xy in one execution. Subsequently, using the vectorization and secret splitting methods, we propose an information-theoretically secure protocol to solve the multiparty millionaires’ problem (a.k.a. secure sorting problem, and this protocol can resist collusion attacks. We analyze the accuracy and security of our protocols in the semihonest model and compare the computational and communication complexities between the proposed protocols and the existing ones.

New Approaches to Practical Secure Two-Party Computation

DEFF Research Database (Denmark)

Nordholt, Peter Sebastian

all practical protocols with malicious security were based on Yao’s garbled circuits. We report on an implementation of this protocol demonstrating its high efficiency. For larger circuits it evaluates 20000 Boolean gates per second. As an example, evaluating one oblivious AES encryption (around 34000...

10 CFR 2.906 - Obligation of parties to avoid introduction of restricted data or national security information.

Science.gov (United States)

2010-01-01

... data or national security information. 2.906 Section 2.906 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.906 Obligation of parties to avoid introduction of restricted data or national security information. It is the...

Indirection and computer security.

Energy Technology Data Exchange (ETDEWEB)

Berg, Michael J.

2011-09-01

The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyze common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.

Computer security

CERN Document Server

Gollmann, Dieter

2011-01-01

A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing sec

Computer Security: Computer security threats, vulnerabilities and attacks (3/4)

CERN Document Server

CERN. Geneva

2012-01-01

Antonio Perez Perez works in the Computer Security Team doing software development, sysadmin tasks and operations. He is also involved on grid security and does 1st line security support at CERN on ROTA. With the prevalence of modern information technologies and its increasing integration into our daily live, digital systems become more and more playground for evil people. While in the past, attacks were driven by fame& kudos, nowadays money is the motivating factor. Just the recent months have shown several successful attacks against e.g. Sony, PBS, UNESCO, RSAsecurity, Citibank, and others. Credit card information of hundreds of thousands of people got exposed. Affected companies not only lost their assets and data, also their reputation has suffered. Thus, proper computer security measures are essential. Without question, security must even more become an inherent ingredient when developing, deploying, and operating applications, web sites, and computing services. These lectures shall give an ove...

A Portable Computer Security Workshop

Science.gov (United States)

Wagner, Paul J.; Phillips, Andrew T.

2006-01-01

We have developed a computer security workshop designed to instruct post-secondary instructors who want to start a course or laboratory exercise sequence in computer security. This workshop has also been used to provide computer security education to IT professionals and students. It is effective in communicating basic computer security principles…

Attribute based encryption for secure sharing of E-health data

Science.gov (United States)

Charanya, R.; Nithya, S.; Manikandan, N.

2017-11-01

Distributed computing is one of the developing innovations in IT part and information security assumes a real part. It includes sending gathering of remote server and programming that permit the unified information and online access to PC administrations. Distributed computing depends on offering of asset among different clients are additionally progressively reallocated on interest. Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. The reasons for security and protection issues, which rise on the grounds that the health information possessed by distinctive clients are put away in some cloud servers rather than under their own particular control”z. To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed. In this paper, in order to make ehealth data’s more secure we use multi party in cloud computing system. Where the health data is encrypted using attributes and key policy. And the user with a particular attribute and key policy alone will be able to decrypt the health data after it is verified by “key distribution centre” and the “secure data distributor”. This technique can be used in medical field for secure storage of patient details and limiting to particular doctor access. To make data’s scalable secure we need to encrypt the health data before outsourcing.

Evaluation of Secure Computation in a Distributed Healthcare Setting.

Science.gov (United States)

Kimura, Eizen; Hamada, Koki; Kikuchi, Ryo; Chida, Koji; Okamoto, Kazuya; Manabe, Shirou; Kuroda, Tomohiko; Matsumura, Yasushi; Takeda, Toshihiro; Mihara, Naoki

2016-01-01

Issues related to ensuring patient privacy and data ownership in clinical repositories prevent the growth of translational research. Previous studies have used an aggregator agent to obscure clinical repositories from the data user, and to ensure the privacy of output using statistical disclosure control. However, there remain several issues that must be considered. One such issue is that a data breach may occur when multiple nodes conspire. Another is that the agent may eavesdrop on or leak a user's queries and their results. We have implemented a secure computing method so that the data used by each party can be kept confidential even if all of the other parties conspire to crack the data. We deployed our implementation at three geographically distributed nodes connected to a high-speed layer two network. The performance of our method, with respect to processing times, suggests suitability for practical use.

Knowledge-based computer security advisor

International Nuclear Information System (INIS)

Hunteman, W.J.; Squire, M.B.

1991-01-01

The rapid expansion of computer security information and technology has included little support to help the security officer identify the safeguards needed to comply with a policy and to secure a computing system. This paper reports that Los Alamos is developing a knowledge-based computer security system to provide expert knowledge to the security officer. This system includes a model for expressing the complex requirements in computer security policy statements. The model is part of an expert system that allows a security officer to describe a computer system and then determine compliance with the policy. The model contains a generic representation that contains network relationships among the policy concepts to support inferencing based on information represented in the generic policy description

Security Dynamics of Cloud Computing

OpenAIRE

Khan, Khaled M.

2009-01-01

This paper explores various dimensions of cloud computing security. It argues that security concerns of cloud computing need to be addressed from the perspective of individual stakeholder. Security focuses of cloud computing are essentially different in terms of its characteristics and business model. Conventional way of viewing as well as addressing security such as ‘bolting-in’ on the top of cloud computing may not work well. The paper attempts to portray the security spectrum necessary for...

Computer Security: Introduction to information and computer security (1/4)

CERN Multimedia

CERN. Geneva

2012-01-01

Sebastian Lopienski is CERN's Deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support services hosted in the CERN Computer Centre; providing Central CVS Service for software projects at CERN; and development of applications for accelerator controls in Java. He graduated from the University of Warsaw (MSc in Computer Science) in 2002, and earned an MBA degree at the Enterprise Administration Institute in Aix-en-Provence and Haute Ecole de Gestion in Geneva in 2010. His professional interests include software and network security, distributed systems, and Web and mobile technologies. With the prevalence of modern information te...

Secure cloud computing

CERN Document Server

Jajodia, Sushil; Samarati, Pierangela; Singhal, Anoop; Swarup, Vipin; Wang, Cliff

2014-01-01

This book presents a range of cloud computing security challenges and promising solution paths. The first two chapters focus on practical considerations of cloud computing. In Chapter 1, Chandramouli, Iorga, and Chokani describe the evolution of cloud computing and the current state of practice, followed by the challenges of cryptographic key management in the cloud. In Chapter 2, Chen and Sion present a dollar cost model of cloud computing and explore the economic viability of cloud computing with and without security mechanisms involving cryptographic mechanisms. The next two chapters addres

Performance of multi-service system with retrials due to blocking and called-party-busy

DEFF Research Database (Denmark)

Stepanov, S.N.; Kokina, O.A.; Iversen, Villy Bæk

2008-01-01

In this paper we construct a model of a multi-service system with an arbitrary number of bandwidth flow demands, taking into account retrials due to both blocking along the route and to called-party-busy. An approximate algorithm for estimation of key performance measures is proposed, and the pro......In this paper we construct a model of a multi-service system with an arbitrary number of bandwidth flow demands, taking into account retrials due to both blocking along the route and to called-party-busy. An approximate algorithm for estimation of key performance measures is proposed...

Computational Intelligence, Cyber Security and Computational Models

CERN Document Server

Anitha, R; Lekshmi, R; Kumar, M; Bonato, Anthony; Graña, Manuel

2014-01-01

This book contains cutting-edge research material presented by researchers, engineers, developers, and practitioners from academia and industry at the International Conference on Computational Intelligence, Cyber Security and Computational Models (ICC3) organized by PSG College of Technology, Coimbatore, India during December 19–21, 2013. The materials in the book include theory and applications for design, analysis, and modeling of computational intelligence and security. The book will be useful material for students, researchers, professionals, and academicians. It will help in understanding current research trends and findings and future scope of research in computational intelligence, cyber security, and computational models.

Security, Privacy, Threats and Risks in Cloud Computing ― A Vital Review

OpenAIRE

Goyal, Sumit

2016-01-01

Cloud computing is a multi million dollar business. As more and more enterprises are adopting cloud services for their businesses, threat of security has become a big concern for these enterprises and cloud users. This review describes the latest threats and risks associated with cloud computing and suggests techniques for better privacy and security of data in cloud environment. Threats and risks associated with cloud service models (SaaS, PaaS and IaaS) along with cloud deployment models (p...

Secure Block Ciphers - Cryptanalysis and Design

DEFF Research Database (Denmark)

Tiessen, Tyge

be applied to the AES can be transferred to this block cipher, albeit with a higher attack complexity. The second publication introduces a new block cipher family which is targeted for new applications in fully homomorphic encryption and multi-party computation. We demonstrate the soundness of the design...... is encrypted using so-called symmetric ciphers. The security of our digital infrastructure thus rests at its very base on their security. The central topic of this thesis is the security of block ciphers – the most prominent form of symmetric ciphers. This thesis is separated in two parts. The first part...... is an introduction to block ciphers and their cryptanalysis, the second part contains publications written and published during the PhD studies. The first publication evaluates the security of a modification of the AES in which the choice of S-box is unknown to the attacker. We find that some of the attacks that can...

Security in Computer Applications

CERN Multimedia

CERN. Geneva

2004-01-01

Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this. This lecture addresses the following question: how to create secure software? The lecture starts with a definition of computer security and an explanation of why it is so difficult to achieve. It then introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development. The last part of the lecture covers some miscellaneous issues like the use of cryptography, rules for networking applications, and social engineering threats. This lecture was first given on Thursd...

Secure Dynamic access control scheme of PHR in cloud computing.

Science.gov (United States)

Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

2012-12-01

With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access

6 CFR 13.17 - Rights of parties.

Science.gov (United States)

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Rights of parties. 13.17 Section 13.17 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROGRAM FRAUD CIVIL REMEDIES § 13.17 Rights of parties. Except as otherwise limited by this part, all parties may: (a) Be accompanied...

Obfuscatable multi-recipient re-encryption for secure privacy-preserving personal health record services.

Science.gov (United States)

Shi, Yang; Fan, Hongfei; Xiong, Guoyue

2015-01-01

With the rapid development of cloud computing techniques, it is attractive for personal health record (PHR) service providers to deploy their PHR applications and store the personal health data in the cloud. However, there could be a serious privacy leakage if the cloud-based system is intruded by attackers, which makes it necessary for the PHR service provider to encrypt all patients' health data on cloud servers. Existing techniques are insufficiently secure under circumstances where advanced threats are considered, or being inefficient when many recipients are involved. Therefore, the objectives of our solution are (1) providing a secure implementation of re-encryption in white-box attack contexts and (2) assuring the efficiency of the implementation even in multi-recipient cases. We designed the multi-recipient re-encryption functionality by randomness-reusing and protecting the implementation by obfuscation. The proposed solution is secure even in white-box attack contexts. Furthermore, a comparison with other related work shows that the computational cost of the proposed solution is lower. The proposed technique can serve as a building block for supporting secure, efficient and privacy-preserving personal health record service systems.

Security basics for computer architects

CERN Document Server

Lee, Ruby B

2013-01-01

Design for security is an essential aspect of the design of future computers. However, security is not well understood by the computer architecture community. Many important security aspects have evolved over the last several decades in the cryptography, operating systems, and networking communities. This book attempts to introduce the computer architecture student, researcher, or practitioner to the basic concepts of security and threat-based design. Past work in different security communities can inform our thinking and provide a rich set of technologies for building architectural support fo

Review of the Main Security Problems with Multi-Agent Systems used in E-commerce Applications

Directory of Open Access Journals (Sweden)

Alfonso GONZÁLEZ BRIONES

2016-12-01

Full Text Available The ability to connect to the Internet from a wide variety of devices such as smart phones, IoT devices and desktops at anytime and anywhere, produces a large number of e-commerce transactions, such as purchases of clothes, ticket entrances for performances, or banking operations. The increasing number of these transactions has also created an increase in the number of threats and attacks by third parties to access user data banks. It is important to control the access procedure to user data so that the number of threats does not continue to grow. To do so, it is necessary to prevent unauthorized access, theft and fraud in electronic commerce, which is required to ensure the safety of these transactions. Many e-commerce platforms are developed through multi-agent-systems because they include certain advantages to control the product, resource management, task distribution, etc. However, there are a number of threats that can jeopardize the safety of the agents that make up the system. These issues must be taken into account in the development of these multi-agent systems. However, existing methods of development do not cover in depth the issue of security. It is necessary to present and classify the potential security flaws of multi-agent systems. Therefore, the present research presents a review of the main vulnerabilities that occur in multi-agent systems responsible for managing e-commerce applications, as well as the proposed solutions to the major security problems on these platform systems. The main conclusions provided by this research is the need to optimize security measures and enhance the different security solutions applied in e-commerce applications in order to prevent identity theft, access to private data, access control, etc. It is therefore essential to continue to develop the security methods employed in applications such as e-commerce as different types of attacks and threats continue to evolve.

New Mandatory Computer Security Course

CERN Multimedia

CERN Bulletin

2010-01-01

Just like any other organization, CERN is permanently under attack - even right now. Consequently it's important to be vigilant about security risks, protecting CERN's reputation - and your work. The availability, integrity and confidentiality of CERN's computing services and the unhindered operation of its accelerators and experiments come down to the combined efforts of the CERN Security Team and you. In order to remain par with the attack trends, the Security Team regularly reminds CERN users about the computer security risks, and about the rules for using CERN’s computing facilities. Since 2007, newcomers have to follow a dedicated basic computer security course informing them about the “Do’s” and “Dont’s” when using CERNs computing facilities. This course has recently been redesigned. It is now mandatory for all CERN members (users and staff) owning a CERN computer account and must be followed once every three years. Members who...

Computer Security at Nuclear Facilities

International Nuclear Information System (INIS)

Cavina, A.

2013-01-01

This series of slides presents the IAEA policy concerning the development of recommendations and guidelines for computer security at nuclear facilities. A document of the Nuclear Security Series dedicated to this issue is on the final stage prior to publication. This document is the the first existing IAEA document specifically addressing computer security. This document was necessary for 3 mains reasons: first not all national infrastructures have recognized and standardized computer security, secondly existing international guidance is not industry specific and fails to capture some of the key issues, and thirdly the presence of more or less connected digital systems is increasing in the design of nuclear power plants. The security of computer system must be based on a graded approach: the assignment of computer system to different levels and zones should be based on their relevance to safety and security and the risk assessment process should be allowed to feed back into and influence the graded approach

Reminder: Mandatory Computer Security Course

CERN Multimedia

IT Department

2011-01-01

Just like any other organization, CERN is permanently under attack – even right now. Consequently it's important to be vigilant about security risks, protecting CERN's reputation - and your work. The availability, integrity and confidentiality of CERN's computing services and the unhindered operation of its accelerators and experiments come down to the combined efforts of the CERN Security Team and you. In order to remain par with the attack trends, the Security Team regularly reminds CERN users about the computer security risks, and about the rules for using CERN’s computing facilities. Therefore, a new dedicated basic computer security course has been designed informing you about the “Do’s” and “Dont’s” when using CERN's computing facilities. This course is mandatory for all person owning a CERN computer account and must be followed once every three years. Users who have never done the course, or whose course needs to be renewe...

Security enhanced multi-factor biometric authentication scheme using bio-hash function.

Directory of Open Access Journals (Sweden)

Younsung Choi

Full Text Available With the rapid development of personal information and wireless communication technology, user authentication schemes have been crucial to ensure that wireless communications are secure. As such, various authentication schemes with multi-factor authentication have been proposed to improve the security of electronic communications. Multi-factor authentication involves the use of passwords, smart cards, and various biometrics to provide users with the utmost privacy and data protection. Cao and Ge analyzed various authentication schemes and found that Younghwa An's scheme was susceptible to a replay attack where an adversary masquerades as a legal server and a user masquerading attack where user anonymity is not provided, allowing an adversary to execute a password change process by intercepting the user's ID during login. Cao and Ge improved upon Younghwa An's scheme, but various security problems remained. This study demonstrates that Cao and Ge's scheme is susceptible to a biometric recognition error, slow wrong password detection, off-line password attack, user impersonation attack, ID guessing attack, a DoS attack, and that their scheme cannot provide session key agreement. Then, to address all weaknesses identified in Cao and Ge's scheme, this study proposes a security enhanced multi-factor biometric authentication scheme and provides a security analysis and formal analysis using Burrows-Abadi-Needham logic. Finally, the efficiency analysis reveals that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost.

Security enhanced multi-factor biometric authentication scheme using bio-hash function.

Science.gov (United States)

Choi, Younsung; Lee, Youngsook; Moon, Jongho; Won, Dongho

2017-01-01

With the rapid development of personal information and wireless communication technology, user authentication schemes have been crucial to ensure that wireless communications are secure. As such, various authentication schemes with multi-factor authentication have been proposed to improve the security of electronic communications. Multi-factor authentication involves the use of passwords, smart cards, and various biometrics to provide users with the utmost privacy and data protection. Cao and Ge analyzed various authentication schemes and found that Younghwa An's scheme was susceptible to a replay attack where an adversary masquerades as a legal server and a user masquerading attack where user anonymity is not provided, allowing an adversary to execute a password change process by intercepting the user's ID during login. Cao and Ge improved upon Younghwa An's scheme, but various security problems remained. This study demonstrates that Cao and Ge's scheme is susceptible to a biometric recognition error, slow wrong password detection, off-line password attack, user impersonation attack, ID guessing attack, a DoS attack, and that their scheme cannot provide session key agreement. Then, to address all weaknesses identified in Cao and Ge's scheme, this study proposes a security enhanced multi-factor biometric authentication scheme and provides a security analysis and formal analysis using Burrows-Abadi-Needham logic. Finally, the efficiency analysis reveals that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost.

Security enhanced multi-factor biometric authentication scheme using bio-hash function

Science.gov (United States)

Lee, Youngsook; Moon, Jongho

2017-01-01

With the rapid development of personal information and wireless communication technology, user authentication schemes have been crucial to ensure that wireless communications are secure. As such, various authentication schemes with multi-factor authentication have been proposed to improve the security of electronic communications. Multi-factor authentication involves the use of passwords, smart cards, and various biometrics to provide users with the utmost privacy and data protection. Cao and Ge analyzed various authentication schemes and found that Younghwa An’s scheme was susceptible to a replay attack where an adversary masquerades as a legal server and a user masquerading attack where user anonymity is not provided, allowing an adversary to execute a password change process by intercepting the user’s ID during login. Cao and Ge improved upon Younghwa An’s scheme, but various security problems remained. This study demonstrates that Cao and Ge’s scheme is susceptible to a biometric recognition error, slow wrong password detection, off-line password attack, user impersonation attack, ID guessing attack, a DoS attack, and that their scheme cannot provide session key agreement. Then, to address all weaknesses identified in Cao and Ge’s scheme, this study proposes a security enhanced multi-factor biometric authentication scheme and provides a security analysis and formal analysis using Burrows-Abadi-Needham logic. Finally, the efficiency analysis reveals that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost. PMID:28459867

Security in hybrid cloud computing

OpenAIRE

Koudelka, Ondřej

2016-01-01

This bachelor thesis deals with the area of hybrid cloud computing, specifically with its security. The major aim of the thesis is to analyze and compare the chosen hybrid cloud providers. For the minor aim this thesis compares the security challenges of hybrid cloud as opponent to other deployment models. In order to accomplish said aims, this thesis defines the terms cloud computing and hybrid cloud computing in its theoretical part. Furthermore the security challenges for cloud computing a...

6 CFR 13.13 - Parties to the hearing.

Science.gov (United States)

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Parties to the hearing. 13.13 Section 13.13 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROGRAM FRAUD CIVIL REMEDIES § 13.13 Parties to the hearing. (a) The parties to the hearing will be the Defendant and the Authority...

Academic Training Lecture Regular Programme: Computer Security - Introduction to information and computer security (1/4)

CERN Multimedia

2012-01-01

Computer Security: Introduction to information and computer security (1/4), by Sebastian Lopienski (CERN).   Monday, 21 May, 2012 from 11:00 to 12:00 (Europe/Zurich) at CERN ( 31-3-004 - IT Auditorium ) Sebastian Lopienski is CERN's Deputy Computer Security Officer. He works on security strategy and policies; offers internal consultancy and audit services; develops and maintains security tools for vulnerability assessment and intrusion detection; provides training and awareness raising; and does incident investigation and response. During his work at CERN since 2001, Sebastian has had various assignments, including designing and developing software to manage and support services hosted in the CERN Computer Centre; providing Central CVS Service for software projects at CERN; and development of applications for accelerator controls in Java. He graduated from the University of Warsaw (MSc in Computer Science) in 2002, and earned an MBA degree at the Enterprise Administration Institute in Ai...

Performance comparison of secure comparison protocols

NARCIS (Netherlands)

Kerschbaum, F.; Biswas, D.; Hoogh, de S.J.A.

2009-01-01

Secure multiparty computation (SMC) has gained tremendous importance with the growth of the Internet and e-commerce, where mutually untrusted parties need to jointly compute a function of their private inputs. However, SMC protocols usually have very high computational complexities, rendering them

The challenges of multi-layered security governance in Ituri

DEFF Research Database (Denmark)

Hoffmann, Kasper; Vlassenroot, Koen

governance is that the inclusion of local non-state actors in security governance will improve security provision to people because they have more legitimacy. But in reality ‘multi-layered’ security governance is often marked by conflict and competition as much as by collaboration and common solutions......There has been a slow, but growing awareness among external actors that some local non-state security actors should be involved in security governance in conflict-affected situations. Already in 2006, the OECD published a report that called for a ‘multi-layered’ approach to reforming actors...... and institutions that provide security and justice services (Scheye and McLean, 2006). Often these actors consist of local authorities, such as customary chiefs, village elders, or business people working in collaboration with different kinds of self-defense groups. The idea behind ‘multi-layered’ security...

Computer Security: SAHARA - Security As High As Reasonably Achievable

CERN Multimedia

Stefan Lueders, Computer Security Team

2015-01-01

History has shown us time and again that our computer systems, computing services and control systems have digital security deficiencies. Too often we deploy stop-gap solutions and improvised hacks, or we just accept that it is too late to change things.    In my opinion, this blatantly contradicts the professionalism we show in our daily work. Other priorities and time pressure force us to ignore security or to consider it too late to do anything… but we can do better. Just look at how “safety” is dealt with at CERN! “ALARA” (As Low As Reasonably Achievable) is the objective set by the CERN HSE group when considering our individual radiological exposure. Following this paradigm, and shifting it from CERN safety to CERN computer security, would give us “SAHARA”: “Security As High As Reasonably Achievable”. In other words, all possible computer security measures must be applied, so long as ...

On Adaptive vs. Non-adaptive Security of Multiparty Protocols

DEFF Research Database (Denmark)

Canetti, Ran; Damgård, Ivan Bjerre; Dziembowski, Stefan

2001-01-01

highlights of our results are: – - According to the definition of Dodis-Micali-Rogaway (which is set in the information-theoretic model), adaptive and non-adaptive security are equivalent. This holds for both honest-but-curious and Byzantine adversaries, and for any number of parties. – - According......Security analysis of multiparty cryptographic protocols distinguishes between two types of adversarialsettings: In the non-adaptive setting, the set of corrupted parties is chosen in advance, before the interaction begins. In the adaptive setting, the adversary chooses who to corrupt during...... the course of the computation. We study the relations between adaptive security (i.e., security in the adaptive setting) and non-adaptive security, according to two definitions and in several models of computation. While affirming some prevailing beliefs, we also obtain some unexpected results. Some...

About Security Solutions in Fog Computing

Directory of Open Access Journals (Sweden)

Eugen Petac

2016-01-01

Full Text Available The key for improving a system's performance, its security and reliability is to have the dataprocessed locally in remote data centers. Fog computing extends cloud computing through itsservices to devices and users at the edge of the network. Through this paper it is explored the fogcomputing environment. Security issues in this area are also described. Fog computing providesthe improved quality of services to the user by complementing shortages of cloud in IoT (Internet ofThings environment. Our proposal, named Adaptive Fog Computing Node Security Profile(AFCNSP, which is based security Linux solutions, will get an improved security of fog node withrich feature sets.

The importance of trust in computer security

DEFF Research Database (Denmark)

Jensen, Christian D.

2014-01-01

The computer security community has traditionally regarded security as a “hard” property that can be modelled and formally proven under certain simplifying assumptions. Traditional security technologies assume that computer users are either malicious, e.g. hackers or spies, or benevolent, competent...... and well informed about the security policies. Over the past two decades, however, computing has proliferated into all aspects of modern society and the spread of malicious software (malware) like worms, viruses and botnets have become an increasing threat. This development indicates a failure in some...... of the fundamental assumptions that underpin existing computer security technologies and that a new view of computer security is long overdue. In this paper, we examine traditionalmodels, policies and mechanisms of computer security in order to identify areas where the fundamental assumptions may fail. In particular...

An Efficient and Secure Arbitrary N-Party Quantum Key Agreement Protocol Using Bell States

Science.gov (United States)

Liu, Wen-Jie; Xu, Yong; Yang, Ching-Nung; Gao, Pei-Pei; Yu, Wen-Bin

2018-01-01

Two quantum key agreement protocols using Bell states and Bell measurement were recently proposed by Shukla et al. (Quantum Inf. Process. 13(11), 2391-2405, 2014). However, Zhu et al. pointed out that there are some security flaws and proposed an improved version (Quantum Inf. Process. 14(11), 4245-4254, 2015). In this study, we will show Zhu et al.'s improvement still exists some security problems, and its efficiency is not high enough. For solving these problems, we utilize four Pauli operations { I, Z, X, Y} to encode two bits instead of the original two operations { I, X} to encode one bit, and then propose an efficient and secure arbitrary N-party quantum key agreement protocol. In the protocol, the channel checking with decoy single photons is introduced to avoid the eavesdropper's flip attack, and a post-measurement mechanism is used to prevent against the collusion attack. The security analysis shows the present protocol can guarantee the correctness, security, privacy and fairness of quantum key agreement.

Distributed Noise Generation for Density Estimation Based Clustering without Trusted Third Party

Science.gov (United States)

Su, Chunhua; Bao, Feng; Zhou, Jianying; Takagi, Tsuyoshi; Sakurai, Kouichi

The rapid growth of the Internet provides people with tremendous opportunities for data collection, knowledge discovery and cooperative computation. However, it also brings the problem of sensitive information leakage. Both individuals and enterprises may suffer from the massive data collection and the information retrieval by distrusted parties. In this paper, we propose a privacy-preserving protocol for the distributed kernel density estimation-based clustering. Our scheme applies random data perturbation (RDP) technique and the verifiable secret sharing to solve the security problem of distributed kernel density estimation in [4] which assumed a mediate party to help in the computation.

Computers, business, and security the new role for security

CERN Document Server

Schweitzer, James A

1987-01-01

Computers, Business, and Security: The New Role for Security addresses the professional security manager's responsibility to protect all business resources, with operating environments and high technology in mind. This book discusses the technological aspects of the total security programs.Organized into three parts encompassing 10 chapters, this book begins with an overview of how the developing information age is affecting business management, operations, and organization. This text then examines a number of vulnerabilities that arise in the process of using business computing and communicat

Conducting Computer Security Assessments at Nuclear Facilities

International Nuclear Information System (INIS)

2016-06-01

Computer security is increasingly recognized as a key component in nuclear security. As technology advances, it is anticipated that computer and computing systems will be used to an even greater degree in all aspects of plant operations including safety and security systems. A rigorous and comprehensive assessment process can assist in strengthening the effectiveness of the computer security programme. This publication outlines a methodology for conducting computer security assessments at nuclear facilities. The methodology can likewise be easily adapted to provide assessments at facilities with other radioactive materials

Towards a Game Theoretic View of Secure Computation

DEFF Research Database (Denmark)

Asharov, Gilad; Canetti, Ran; Hazay, Carmit

2011-01-01

We demonstrate how Game Theoretic concepts and formalism can be used to capture cryptographic notions of security. In the restricted but indicative case of two-party protocols in the face of malicious fail-stop faults, we first show how the traditional notions of secrecy and correctness of protoc......We demonstrate how Game Theoretic concepts and formalism can be used to capture cryptographic notions of security. In the restricted but indicative case of two-party protocols in the face of malicious fail-stop faults, we first show how the traditional notions of secrecy and correctness...... of protocols can be captured as properties of Nash equilibria in games for rational players. Next, we concentrate on fairness. Here we demonstrate a Game Theoretic notion and two different cryptographic notions that turn out to all be equivalent. In addition, we provide a simulation based notion that implies...

A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing.

Science.gov (United States)

Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

2017-07-24

With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing

Science.gov (United States)

Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

2017-01-01

With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient. PMID:28737733

Computer Security Systems Enable Access.

Science.gov (United States)

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

Security for multi-hop wireless networks

CERN Document Server

Mahmoud, Mohamed M E A

2014-01-01

This Springer Brief discusses efficient security protocols and schemes for multi-hop wireless networks. It presents an overview of security requirements for these networks, explores challenges in securing networks and presents system models. The authors introduce mechanisms to reduce the overhead and identify malicious nodes that drop packets intentionally. Also included is a new, efficient cooperation incentive scheme to stimulate the selfish nodes to relay information packets and enforce fairness. Many examples are provided, along with predictions for future directions of the field. Security

Computer Network Security- The Challenges of Securing a Computer Network

Science.gov (United States)

Scotti, Vincent, Jr.

2011-01-01

This article is intended to give the reader an overall perspective on what it takes to design, implement, enforce and secure a computer network in the federal and corporate world to insure the confidentiality, integrity and availability of information. While we will be giving you an overview of network design and security, this article will concentrate on the technology and human factors of securing a network and the challenges faced by those doing so. It will cover the large number of policies and the limits of technology and physical efforts to enforce such policies.

A secure distributed logistic regression protocol for the detection of rare adverse drug events.

Science.gov (United States)

El Emam, Khaled; Samet, Saeed; Arbuckle, Luk; Tamblyn, Robyn; Earle, Craig; Kantarcioglu, Murat

2013-05-01

There is limited capacity to assess the comparative risks of medications after they enter the market. For rare adverse events, the pooling of data from multiple sources is necessary to have the power and sufficient population heterogeneity to detect differences in safety and effectiveness in genetic, ethnic and clinically defined subpopulations. However, combining datasets from different data custodians or jurisdictions to perform an analysis on the pooled data creates significant privacy concerns that would need to be addressed. Existing protocols for addressing these concerns can result in reduced analysis accuracy and can allow sensitive information to leak. To develop a secure distributed multi-party computation protocol for logistic regression that provides strong privacy guarantees. We developed a secure distributed logistic regression protocol using a single analysis center with multiple sites providing data. A theoretical security analysis demonstrates that the protocol is robust to plausible collusion attacks and does not allow the parties to gain new information from the data that are exchanged among them. The computational performance and accuracy of the protocol were evaluated on simulated datasets. The computational performance scales linearly as the dataset sizes increase. The addition of sites results in an exponential growth in computation time. However, for up to five sites, the time is still short and would not affect practical applications. The model parameters are the same as the results on pooled raw data analyzed in SAS, demonstrating high model accuracy. The proposed protocol and prototype system would allow the development of logistic regression models in a secure manner without requiring the sharing of personal health information. This can alleviate one of the key barriers to the establishment of large-scale post-marketing surveillance programs. We extended the secure protocol to account for correlations among patients within sites through

New computer security campaign

CERN Multimedia

Alizée Dauvergne

2010-01-01

A new campaign is taking shape to promote computer security. The slogan “SEC_RITY is not complete without U!” reminds users of the importance of their contribution. The campaign kicks off on 10 June with a public awareness day in the Council Chamber.   The new campaign, organised by CERN’s computer security team, will focus on prevention and involving the user. “This is an education and awareness-raising campaign for all users at CERN,” explains Stefan Lueders, in charge of computer security. “Every day, we register thousands of computer attacks against CERN: there are attempts to tamper with web pages, hack into user accounts, take over servers, and much more. A successful attack could mean confidential user information being divulged, services being interrupted or data being lost. It could even affect operations at CERN. Another factor is the damage that a successful attack could inflict on the Organization’s reputation. &...

Computer and information security handbook

CERN Document Server

Vacca, John R

2012-01-01

The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. The book is organized into 10 parts comprised of 70 contributed

A Computer Security Course in the Undergraduate Computer Science Curriculum.

Science.gov (United States)

Spillman, Richard

1992-01-01

Discusses the importance of computer security and considers criminal, national security, and personal privacy threats posed by security breakdown. Several examples are given, including incidents involving computer viruses. Objectives, content, instructional strategies, resources, and a sample examination for an experimental undergraduate computer…

Security and Privacy of Sensitive Data in Cloud Computing: A Survey of Recent Developments

OpenAIRE

Gholami, Ali; Laure, Erwin

2016-01-01

Cloud computing is revolutionizing many ecosystems by providing organizations with computing resources featuring easy deployment, connectivity, configuration, automation and scalability. This paradigm shift raises a broad range of security and privacy issues that must be taken into consideration. Multi-tenancy, loss of control, and trust are key challenges in cloud computing environments. This paper reviews the existing technologies and a wide array of both earlier and state-of...

Protecting multi-party privacy in location-aware social point-of-interest recommendation

KAUST Repository

Wang, Weiqi; Liu, An; Li, Zhixu; Zhang, Xiangliang; Li, Qing; Zhou, Xiaofang

2018-01-01

Point-of-interest (POI) recommendation has attracted much interest recently because of its significant business potential. Data used in POI recommendation (e.g., user-location check-in matrix) are much more sparse than that used in traditional item (e.g., book and movie) recommendation, which leads to more serious cold start problem. Social POI recommendation has proved to be an effective solution, but most existing works assume that recommenders have access to all required data. This is very rare in practice because these data are generally owned by different entities who are not willing to share their data with others due to privacy and legal concerns. In this paper, we first propose PLAS, a protocol which enables effective POI recommendation without disclosing the sensitive data of every party getting involved in the recommendation. We formally show PLAS is secure in the semi-honest adversary model. To improve its performance. We then adopt the technique of cloaking area by which expensive distance computation over encrypted data is replaced by cheap operation over plaintext. In addition, we utilize the sparsity of check-ins to selectively publish data, thus reducing encryption cost and avoiding unnecessary computation over ciphertext. Experiments on two real datasets show that our protocol is feasible and can scale to large POI recommendation problems in practice.

Protecting multi-party privacy in location-aware social point-of-interest recommendation

KAUST Repository

Wang, Weiqi

2018-04-04

Point-of-interest (POI) recommendation has attracted much interest recently because of its significant business potential. Data used in POI recommendation (e.g., user-location check-in matrix) are much more sparse than that used in traditional item (e.g., book and movie) recommendation, which leads to more serious cold start problem. Social POI recommendation has proved to be an effective solution, but most existing works assume that recommenders have access to all required data. This is very rare in practice because these data are generally owned by different entities who are not willing to share their data with others due to privacy and legal concerns. In this paper, we first propose PLAS, a protocol which enables effective POI recommendation without disclosing the sensitive data of every party getting involved in the recommendation. We formally show PLAS is secure in the semi-honest adversary model. To improve its performance. We then adopt the technique of cloaking area by which expensive distance computation over encrypted data is replaced by cheap operation over plaintext. In addition, we utilize the sparsity of check-ins to selectively publish data, thus reducing encryption cost and avoiding unnecessary computation over ciphertext. Experiments on two real datasets show that our protocol is feasible and can scale to large POI recommendation problems in practice.

Cloud Computing Security Issue: Survey

Science.gov (United States)

Kamal, Shailza; Kaur, Rajpreet

2011-12-01

Cloud computing is the growing field in IT industry since 2007 proposed by IBM. Another company like Google, Amazon, and Microsoft provides further products to cloud computing. The cloud computing is the internet based computing that shared recourses, information on demand. It provides the services like SaaS, IaaS and PaaS. The services and recourses are shared by virtualization that run multiple operation applications on cloud computing. This discussion gives the survey on the challenges on security issues during cloud computing and describes some standards and protocols that presents how security can be managed.

Computer security at ukrainian nuclear facilities: interface between nuclear safety and security

International Nuclear Information System (INIS)

Chumak, D.; Klevtsov, O.

2015-01-01

Active introduction of information technology, computer instrumentation and control systems (I and C systems) in the nuclear field leads to a greater efficiency and management of technological processes at nuclear facilities. However, this trend brings a number of challenges related to cyber-attacks on the above elements, which violates computer security as well as nuclear safety and security of a nuclear facility. This paper considers regulatory support to computer security at the nuclear facilities in Ukraine. The issue of computer and information security considered in the context of physical protection, because it is an integral component. The paper focuses on the computer security of I and C systems important to nuclear safety. These systems are potentially vulnerable to cyber threats and, in case of cyber-attacks, the potential negative impact on the normal operational processes can lead to a breach of the nuclear facility security. While ensuring nuclear security of I and C systems, it interacts with nuclear safety, therefore, the paper considers an example of an integrated approach to the requirements of nuclear safety and security

Tri-party agreement databases, access mechanism and procedures. Revision 2

International Nuclear Information System (INIS)

Brulotte, P.J.

1996-01-01

This document contains the information required for the Washington State Department of Ecology (Ecology) and the U.S. Environmental Protection Agency (EPA) to access databases related to the Hanford Federal Facility Agreement and Consent Order (Tri-Party Agreement). It identifies the procedure required to obtain access to the Hanford Site computer networks and the Tri-Party Agreement related databases. It addresses security requirements, access methods, database availability dates, database access procedures, and the minimum computer hardware and software configurations required to operate within the Hanford Site networks. This document supersedes any previous agreements including the Administrative Agreement to Provide Computer Access to U.S. Environmental Protection Agency (EPA) and the Administrative Agreement to Provide Computer Access to Washington State Department of Ecology (Ecology), agreements that were signed by the U.S. Department of Energy (DOE), Richland Operations Office (RL) in June 1990, Access approval to EPA and Ecology is extended by RL to include all Tri-Party Agreement relevant databases named in this document via the documented access method and date. Access to databases and systems not listed in this document will be granted as determined necessary and negotiated among Ecology, EPA, and RL through the Tri-Party Agreement Project Managers. The Tri-Party Agreement Project Managers are the primary points of contact for all activities to be carried out under the Tri-Party Agreement. Action Plan. Access to the Tri-Party Agreement related databases and systems does not provide or imply any ownership on behalf of Ecology or EPA whether public or private of either the database or the system. Access to identified systems and databases does not include access to network/system administrative control information, network maps, etc

Security in cloud computing

OpenAIRE

Moreno Martín, Oriol

2016-01-01

Security in Cloud Computing is becoming a challenge for next generation Data Centers. This project will focus on investigating new security strategies for Cloud Computing systems. Cloud Computingisarecent paradigmto deliver services over Internet. Businesses grow drastically because of it. Researchers focus their work on it. The rapid access to exible and low cost IT resources on an on-demand fashion, allows the users to avoid planning ahead for provisioning, and enterprises to save money ...

Cloud Computing Security

OpenAIRE

Ngongang, Guy

2011-01-01

This project aimed to show how possible it is to use a network intrusion detection system in the cloud. The security in the cloud is a concern nowadays and security professionals are still finding means to make cloud computing more secure. First of all the installation of the ESX4.0, vCenter Server and vCenter lab manager in server hardware was successful in building the platform. This allowed the creation and deployment of many virtual servers. Those servers have operating systems and a...

Polytopol computing for multi-core and distributed systems

Science.gov (United States)

Spaanenburg, Henk; Spaanenburg, Lambert; Ranefors, Johan

2009-05-01

Multi-core computing provides new challenges to software engineering. The paper addresses such issues in the general setting of polytopol computing, that takes multi-core problems in such widely differing areas as ambient intelligence sensor networks and cloud computing into account. It argues that the essence lies in a suitable allocation of free moving tasks. Where hardware is ubiquitous and pervasive, the network is virtualized into a connection of software snippets judiciously injected to such hardware that a system function looks as one again. The concept of polytopol computing provides a further formalization in terms of the partitioning of labor between collector and sensor nodes. Collectors provide functions such as a knowledge integrator, awareness collector, situation displayer/reporter, communicator of clues and an inquiry-interface provider. Sensors provide functions such as anomaly detection (only communicating singularities, not continuous observation), they are generally powered or self-powered, amorphous (not on a grid) with generation-and-attrition, field re-programmable, and sensor plug-and-play-able. Together the collector and the sensor are part of the skeleton injector mechanism, added to every node, and give the network the ability to organize itself into some of many topologies. Finally we will discuss a number of applications and indicate how a multi-core architecture supports the security aspects of the skeleton injector.

Multi-server blind quantum computation over collective-noise channels

Science.gov (United States)

Xiao, Min; Liu, Lin; Song, Xiuli

2018-03-01

Blind quantum computation (BQC) enables ordinary clients to securely outsource their computation task to costly quantum servers. Besides two essential properties, namely correctness and blindness, practical BQC protocols also should make clients as classical as possible and tolerate faults from nonideal quantum channel. In this paper, using logical Bell states as quantum resource, we propose multi-server BQC protocols over collective-dephasing noise channel and collective-rotation noise channel, respectively. The proposed protocols permit completely or almost classical client, meet the correctness and blindness requirements of BQC protocol, and are typically practical BQC protocols.

A methodology for performing computer security reviews

International Nuclear Information System (INIS)

Hunteman, W.J.

1991-01-01

DOE Order 5637.1, ''Classified Computer Security,'' requires regular reviews of the computer security activities for an ADP system and for a site. Based on experiences gained in the Los Alamos computer security program through interactions with DOE facilities, we have developed a methodology to aid a site or security officer in performing a comprehensive computer security review. The methodology is designed to aid a reviewer in defining goals of the review (e.g., preparation for inspection), determining security requirements based on DOE policies, determining threats/vulnerabilities based on DOE and local threat guidance, and identifying critical system components to be reviewed. Application of the methodology will result in review procedures and checklists oriented to the review goals, the target system, and DOE policy requirements. The review methodology can be used to prepare for an audit or inspection and as a periodic self-check tool to determine the status of the computer security program for a site or specific ADP system. 1 tab

A methodology for performing computer security reviews

International Nuclear Information System (INIS)

Hunteman, W.J.

1991-01-01

This paper reports on DIE Order 5637.1, Classified Computer Security, which requires regular reviews of the computer security activities for an ADP system and for a site. Based on experiences gained in the Los Alamos computer security program through interactions with DOE facilities, the authors have developed a methodology to aid a site or security officer in performing a comprehensive computer security review. The methodology is designed to aid a reviewer in defining goals of the review (e.g., preparation for inspection), determining security requirements based on DOE policies, determining threats/vulnerabilities based on DOE and local threat guidance, and identifying critical system components to be reviewed. Application of the methodology will result in review procedures and checklists oriented to the review goals, the target system, and DOE policy requirements. The review methodology can be used to prepare for an audit or inspection and as a periodic self-check tool to determine the status of the computer security program for a site or specific ADP system

Computer Security Incident Response Planning at Nuclear Facilities

International Nuclear Information System (INIS)

2016-06-01

The purpose of this publication is to assist Member States in developing comprehensive contingency plans for computer security incidents with the potential to impact nuclear security and/or nuclear safety. It provides an outline and recommendations for establishing a computer security incident response capability as part of a computer security programme, and considers the roles and responsibilities of the system owner, operator, competent authority, and national technical authority in responding to a computer security incident with possible nuclear security repercussions

An Overview of Computer security

OpenAIRE

Annam, Shireesh Reddy

2001-01-01

As more business activities are being automated and an increasing number of computers are being used to store vital and sensitive information the need for secure computer systems becomes more apparent. These systems can be achieved only through systematic design; they cannot be achieved through haphazard seat-of-the-pants methods.This paper introduces some known threats to the computer security, categorizes the threats, and analyses protection mechanisms and techniques for countering the thre...

Secure computing on reconfigurable systems

OpenAIRE

Fernandes Chaves, R.J.

2007-01-01

This thesis proposes a Secure Computing Module (SCM) for reconfigurable computing systems. SC provides a protected and reliable computational environment, where data security and protection against malicious attacks to the system is assured. SC is strongly based on encryption algorithms and on the attestation of the executed functions. The use of SC on reconfigurable devices has the advantage of being highly adaptable to the application and the user requirements, while providing high performa...

48 CFR 952.204-77 - Computer security.

Science.gov (United States)

2010-10-01

... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Computer security. 952.204... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 952.204-77 Computer security. As prescribed in 904.404(d)(7), the following clause shall be included: Computer Security (AUG 2006) (a...

Secure and robust cloud computing for high-throughput forensic microsatellite sequence analysis and databasing.

Science.gov (United States)

Bailey, Sarah F; Scheible, Melissa K; Williams, Christopher; Silva, Deborah S B S; Hoggan, Marina; Eichman, Christopher; Faith, Seth A

2017-11-01

Next-generation Sequencing (NGS) is a rapidly evolving technology with demonstrated benefits for forensic genetic applications, and the strategies to analyze and manage the massive NGS datasets are currently in development. Here, the computing, data storage, connectivity, and security resources of the Cloud were evaluated as a model for forensic laboratory systems that produce NGS data. A complete front-to-end Cloud system was developed to upload, process, and interpret raw NGS data using a web browser dashboard. The system was extensible, demonstrating analysis capabilities of autosomal and Y-STRs from a variety of NGS instrumentation (Illumina MiniSeq and MiSeq, and Oxford Nanopore MinION). NGS data for STRs were concordant with standard reference materials previously characterized with capillary electrophoresis and Sanger sequencing. The computing power of the Cloud was implemented with on-demand auto-scaling to allow multiple file analysis in tandem. The system was designed to store resulting data in a relational database, amenable to downstream sample interpretations and databasing applications following the most recent guidelines in nomenclature for sequenced alleles. Lastly, a multi-layered Cloud security architecture was tested and showed that industry standards for securing data and computing resources were readily applied to the NGS system without disadvantageous effects for bioinformatic analysis, connectivity or data storage/retrieval. The results of this study demonstrate the feasibility of using Cloud-based systems for secured NGS data analysis, storage, databasing, and multi-user distributed connectivity. Copyright © 2017 Elsevier B.V. All rights reserved.

Computer Security: the security marathon, part 2

CERN Multimedia

Computer Security Team

2014-01-01

Do you recall our latest article on the “Security Marathon” (see here) and why it’s wrong to believe that computer security is a sprint, that a quick hack is invulnerable, that quick bug-fixing is sufficient, that plugging security measures on top of existing structures is a good idea, that once you are secure, your life is cosy?   In fact, security is a marathon for us too. Again and again, we have felt comfortable with the security situation at CERN, with dedicated protections deployed on individual hosts, with the security measures deployed by individual service managers, with the attentiveness and vigilance of our users, and with the responsiveness of the Management. Again and again, however, we subsequently detect or receive reports that this is wrong, that protections are incomplete, that security measures are incomplete, that security awareness has dropped. Thus, unfortunately, we often have to go back to square one and address similar issues over and over...

Cognitive Computing for Security.

Energy Technology Data Exchange (ETDEWEB)

Debenedictis, Erik [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Rothganger, Fredrick [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Aimone, James Bradley [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Marinella, Matthew [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Evans, Brian Robert [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Warrender, Christina E. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Mickel, Patrick [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2015-12-01

Final report for Cognitive Computing for Security LDRD 165613. It reports on the development of hybrid of general purpose/ne uromorphic computer architecture, with an emphasis on potential implementation with memristors.

Teaching Computer Security with a Hands-On Component

OpenAIRE

Murthy , Narayan

2011-01-01

Part 2: WISE 7; International audience; To address national needs for computer security education, many universities have incorporated computer and security courses into their undergraduate and graduate curricula. Our department has introduced computer security courses at both the undergraduate and the graduate level. This paper describes our approach, our experiences, and lessons learned in teaching a Computer Security Overview course.There are two key elements in the course: Studying comput...

Efficient privacy preserving K-means clustering in a three-party setting

NARCIS (Netherlands)

Beye, Michael; Erkin, Zekeriya; Erkin, Zekeriya; Lagendijk, Reginald L.

2011-01-01

User clustering is a common operation in online social networks, for example to recommend new friends. In previous work [5], Erkin et al. proposed a privacy-preserving K-means clustering algorithm for the semi-honest model, using homomorphic encryption and multi-party computation. This paper makes

Multi-perspective analysis of China's energy supply security

International Nuclear Information System (INIS)

Geng, Jiang-Bo; Ji, Qiang

2014-01-01

China's energy supply security has faced many challenges such as the drastic change of the international energy environment and the domestic energy situation and so on. This paper constructs a multi-dimensional indicator system for the main risks deriving from four aspects to evaluate the situation of China's energy supply security and analyze its evolution characteristics from 1994 to 2011. The results indicate that the situation of China's energy supply security generally presented a downtrend during 1994–2008, as a result of increasing international energy market monopoly and high volatility of international crude oil prices. After 2008, the overall level of China's energy supply security has improved to the level of 2003, which is attributed to the relatively stable international energy environment as well as the effective implementation of energy policies. - Highlights: • A multi-dimensional index system for energy supply security is constructed. • The dynamic influences of external and internal risks are analyzed. • China's energy supply security presents a downward trend during 1994–2008. • The level of China's energy supply security has improved since 2009

Multi-Level Security Cannot Realise NEC Objectives

NARCIS (Netherlands)

Schotanus, H.A.; Hartog, T.; Verkoelen, C.A.A.

2012-01-01

Multi-Level Security (MLS) is often viewed as the holy grail of information security, especially in those environments where information of different classifications is being processed. In this paper we argue that MLS cannot facilitate the right balance between need-to-protect and duty-to-share as

An efficient three-party password-based key agreement protocol using extended chaotic maps

International Nuclear Information System (INIS)

Shu Jian

2015-01-01

Three-party password-based key agreement protocols allow two users to authenticate each other via a public channel and establish a session key with the aid of a trusted server. Recently, Farash et al. [Farash M S, Attari M A 2014 “An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps”, Nonlinear Dynamics 77(7): 399–411] proposed a three-party key agreement protocol by using the extended chaotic maps. They claimed that their protocol could achieve strong security. In the present paper, we analyze Farash et al.’s protocol and point out that this protocol is vulnerable to off-line password guessing attack and suffers communication burden. To handle the issue, we propose an efficient three-party password-based key agreement protocol using extended chaotic maps, which uses neither symmetric cryptosystems nor the server’s public key. Compared with the relevant schemes, our protocol provides better performance in terms of computation and communication. Therefore, it is suitable for practical applications. (paper)

Securing the Digital Economy

Directory of Open Access Journals (Sweden)

Valentin P. MĂZĂREANU

2010-01-01

Full Text Available The Digital economy has naturally led to thereconfiguration of communication and information processes.These processes are depending on the computer, starting fromthe personal one and reaching to computer networks, whetherlocal, metropolitan or global. These led to the development ofsuch information systems able to communicate information,systems that must also ensure the security of communicationsbetween computers within the company, but also betweencomputers of different parties, outside the company. As thecommunication between computers in the network has evolvedto electronic funds transfer (EFT, digital money andcommunication of personal data, internet banking, etc., theimportance of security issues of data transmitted over thenetwork also has increased. Even more as the network hasevolved into a “wireless” one.

Computer security simulation

International Nuclear Information System (INIS)

Schelonka, E.P.

1979-01-01

Development and application of a series of simulation codes used for computer security analysis and design are described. Boolean relationships for arrays of barriers within functional modules are used to generate composite effectiveness indices. The general case of multiple layers of protection with any specified barrier survival criteria is given. Generalized reduction algorithms provide numerical security indices in selected subcategories and for the system as a whole. 9 figures, 11 tables

Simple multi-party set reconciliation

DEFF Research Database (Denmark)

Mitzenmacher, Michael; Pagh, Rasmus

2017-01-01

 set reconciliation: two parties A1A1 and A2A2 each hold a set of keys, named S1S1 and S2S2 respectively, and the goal is for both parties to obtain S1∪S2S1∪S2. Typically, set reconciliation is interesting algorithmically when sets are large but the set difference |S1−S2|+|S2−S1||S1−S2|+|S2−S1| is small...

Security and policy driven computing

CERN Document Server

Liu, Lei

2010-01-01

Security and Policy Driven Computing covers recent advances in security, storage, parallelization, and computing as well as applications. The author incorporates a wealth of analysis, including studies on intrusion detection and key management, computer storage policy, and transactional management.The book first describes multiple variables and index structure derivation for high dimensional data distribution and applies numeric methods to proposed search methods. It also focuses on discovering relations, logic, and knowledge for policy management. To manage performance, the text discusses con

Secure Cooperative Data Access in Multi-Cloud Environment

Science.gov (United States)

Le, Meixing

2013-01-01

In this dissertation, we discuss the problem of enabling cooperative query execution in a multi-cloud environment where the data is owned and managed by multiple enterprises. Each enterprise maintains its own relational database using a private cloud. In order to implement desired business services, parties need to share selected portion of their…

DATA SECURITY ISSUES IN CLOUD COMPUTING: REVIEW

Directory of Open Access Journals (Sweden)

Hussam Alddin Shihab Ahmed

2016-02-01

Full Text Available Cloud computing is an internet based model that empower on demand ease of access and pay for the usage of each access to shared pool of networks. It is yet another innovation that fulfills a client's necessity for computing resources like systems, stockpiling, servers, administrations and applications. Securing the Data is considered one of the principle significant challenges and concerns for cloud computing. This persistent problem is getting more affective due to the changes in improving cloud computing technology. From the perspective of the Clients, cloud computing is a security hazard especially when it comes to assurance affirmation issues and data security, remain the most basically which backs off for appropriation of Cloud Computing administrations. This paper audits and breaks down the essential issue of cloud computing and depicts the information security and protection of privacy issues in cloud.

Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques

Science.gov (United States)

Bhadauria, Rohit; Sanyal, Sugata

2012-06-01

Cloud Computing holds the potential to eliminate the requirements for setting up of high-cost computing infrastructure for IT-based solutions and services that the industry uses. It promises to provide a flexible IT architecture, accessible through internet for lightweight portable devices. This would allow multi-fold increase in the capacity or capabilities of the existing and new software. In a cloud computing environment, the entire data reside over a set of networked resources, enabling the data to be accessed through virtual machines. Since these data-centers may lie in any corner of the world beyond the reach and control of users, there are multifarious security and privacy challenges that need to be understood and taken care of. Also, one can never deny the possibility of a server breakdown that has been witnessed, rather quite often in the recent times. There are various issues that need to be dealt with respect to security and privacy in a cloud computing scenario. This extensive survey paper aims to elaborate and analyze the numerous unresolved issues threatening the cloud computing adoption and diffusion affecting the various stake-holders linked to it.

Cloud Computing Security Issues and Challenges

OpenAIRE

Kuyoro S. O.; Ibikunle F; Awodele O

2011-01-01

Cloud computing is a set of IT services that are provided to a customer over a network on a leased basis and with the ability to scale up or down their service requirements. Usually cloud computing services are delivered by a third party provider who owns the infrastructure. It advantages to mention but a few include scalability, resilience, flexibility, efficiency and outsourcing non-core activities. Cloud computing offers an innovative business model for organizations to adopt IT services w...

Cloud Computing Security Latest Issues amp Countermeasures

OpenAIRE

Shelveen Pandey; Mohammed Farik

2015-01-01

Abstract Cloud computing describes effective computing services provided by a third-party organization known as cloud service provider for organizations to perform different tasks over the internet for a fee. Cloud service providers computing resources are dynamically reallocated per demand and their infrastructure platform and software and other resources are shared by multiple corporate and private clients. With the steady increase in the number of cloud computing subscribers of these shar...

Secure Multiparty Quantum Computation for Summation and Multiplication.

Science.gov (United States)

Shi, Run-hua; Mu, Yi; Zhong, Hong; Cui, Jie; Zhang, Shun

2016-01-21

As a fundamental primitive, Secure Multiparty Summation and Multiplication can be used to build complex secure protocols for other multiparty computations, specially, numerical computations. However, there is still lack of systematical and efficient quantum methods to compute Secure Multiparty Summation and Multiplication. In this paper, we present a novel and efficient quantum approach to securely compute the summation and multiplication of multiparty private inputs, respectively. Compared to classical solutions, our proposed approach can ensure the unconditional security and the perfect privacy protection based on the physical principle of quantum mechanics.

Calling Out Cheaters : Covert Security with Public VerifiabilitySecurity

DEFF Research Database (Denmark)

Asharov, Gilad; Orlandi, Claudio

2012-01-01

We introduce the notion of covert security with public verifiability, building on the covert security model introduced by Aumann and Lindell (TCC 2007). Protocols that satisfy covert security guarantee that the honest parties involved in the protocol will notice any cheating attempt with some...... constant probability ε. The idea behind the model is that the fear of being caught cheating will be enough of a deterrent to prevent any cheating attempt. However, in the basic covert security model, the honest parties are not able to persuade any third party (say, a judge) that a cheating occurred. We...... propose (and formally define) an extension of the model where, when an honest party detects cheating, it also receives a certificate that can be published and used to persuade other parties, without revealing any information about the honest party’s input. In addition, malicious parties cannot create fake...

Challenges and Security in Cloud Computing

Science.gov (United States)

Chang, Hyokyung; Choi, Euiin

People who live in this world want to solve any problems as they happen then. An IT technology called Ubiquitous computing should help the situations easier and we call a technology which makes it even better and powerful cloud computing. Cloud computing, however, is at the stage of the beginning to implement and use and it faces a lot of challenges in technical matters and security issues. This paper looks at the cloud computing security.

Peer-to-peer computing for secure high performance data copying

International Nuclear Information System (INIS)

Hanushevsky, A.; Trunov, A.; Cottrell, L.

2001-01-01

The BaBar Copy Program (bbcp) is an excellent representative of peer-to-peer (P2P) computing. It is also a pioneering application of its type in the P2P arena. Built upon the foundation of its predecessor, Secure Fast Copy (sfcp), bbcp incorporates significant improvements performance and usability. As with sfcp, bbcp uses ssh for authentication; providing an elegant and simple working model--if you can ssh to a location, you can copy files to or from that location. To fully support this notion, bbcp transparently supports 3rd party copy operations. The program also incorporates several mechanism to deal with firewall security; the bane of P2P computing. To achieve high performance in a wide area network, bbcp allows a user to independently specify, the number of parallel network streams, tcp window size, and the file I/O blocking factor. Using these parameters, data is pipelined from source to target to provide a uniform traffic pattern that maximizes router efficiency. For improved recoverability, bbcp also keeps track of copy operations so that an operation can be restarted from the point of failure at a later time; minimizing the amount of network traffic in the event of a copy failure. Here, the authors present the bbcp architecture, it's various features, and the reasons for their inclusion

Peer-to-Peer Computing for Secure High Performance Data Copying

International Nuclear Information System (INIS)

2002-01-01

The BaBar Copy Program (bbcp) is an excellent representative of peer-to-peer (P2P) computing. It is also a pioneering application of its type in the P2P arena. Built upon the foundation of its predecessor, Secure Fast Copy (sfcp), bbcp incorporates significant improvements performance and usability. As with sfcp, bbcp uses ssh for authentication; providing an elegant and simple working model -- if you can ssh to a location, you can copy files to or from that location. To fully support this notion, bbcp transparently supports 3rd party copy operations. The program also incorporates several mechanism to deal with firewall security; the bane of P2P computing. To achieve high performance in a wide area network, bbcp allows a user to independently specify, the number of parallel network streams, tcp window size, and the file I/O blocking factor. Using these parameters, data is pipelined from source to target to provide a uniform traffic pattern that maximizes router efficiency. For improved recoverability, bbcp also keeps track of copy operations so that an operation can be restarted from the point of failure at a later time; minimizing the amount of network traffic in the event of a copy failure. Here, we preset the bbcp architecture, it's various features, and the reasons for their inclusion

Advanced topics in security computer system design

International Nuclear Information System (INIS)

Stachniak, D.E.; Lamb, W.R.

1989-01-01

The capability, performance, and speed of contemporary computer processors, plus the associated performance capability of the operating systems accommodating the processors, have enormously expanded the scope of possibilities for designers of nuclear power plant security computer systems. This paper addresses the choices that could be made by a designer of security computer systems working with contemporary computers and describes the improvement in functionality of contemporary security computer systems based on an optimally chosen design. Primary initial considerations concern the selection of (a) the computer hardware and (b) the operating system. Considerations for hardware selection concern processor and memory word length, memory capacity, and numerous processor features

Visualization Tools for Teaching Computer Security

Science.gov (United States)

Yuan, Xiaohong; Vega, Percy; Qadah, Yaseen; Archer, Ricky; Yu, Huiming; Xu, Jinsheng

2010-01-01

Using animated visualization tools has been an important teaching approach in computer science education. We have developed three visualization and animation tools that demonstrate various information security concepts and actively engage learners. The information security concepts illustrated include: packet sniffer and related computer network…

Network security

CERN Document Server

Perez, André

2014-01-01

This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring. Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying

Secure communication based on multi-input multi-output chaotic system with large message amplitude

International Nuclear Information System (INIS)

Zheng, G.; Boutat, D.; Floquet, T.; Barbot, J.P.

2009-01-01

This paper deals with the problem of secure communication based on multi-input multi-output (MIMO) chaotic systems. Single input secure communication based on chaos can be easily extended to multiple ones by some combinations technologies, however all the combined inputs possess the same risk to be broken. In order to reduce this risk, a new secure communication scheme based on chaos with MIMO is discussed in this paper. Moreover, since the amplitude of messages in traditional schemes is limited because it would affect the quality of synchronization, the proposed scheme is also improved into an amplitude-independent one.

Secure equality and greater-than tests with sublinear online complexity

DEFF Research Database (Denmark)

Lipmaa, Helger; Toft, Tomas

2013-01-01

Secure multiparty computation (MPC) allows multiple parties to evaluate functions without disclosing the private inputs. Secure comparisons (testing equality and greater-than) are important primitives required by many MPC applications. We propose two equality tests for ℓ-bit values with O(1) online...

Security Management Model in Cloud Computing Environment

OpenAIRE

Ahmadpanah, Seyed Hossein

2016-01-01

In the cloud computing environment, cloud virtual machine (VM) will be more and more the number of virtual machine security and management faced giant Challenge. In order to address security issues cloud computing virtualization environment, this paper presents a virtual machine based on efficient and dynamic deployment VM security management model state migration and scheduling, study of which virtual machine security architecture, based on AHP (Analytic Hierarchy Process) virtual machine de...

Efficient Secure Multiparty Subset Computation

Directory of Open Access Journals (Sweden)

Sufang Zhou

2017-01-01

Full Text Available Secure subset problem is important in secure multiparty computation, which is a vital field in cryptography. Most of the existing protocols for this problem can only keep the elements of one set private, while leaking the elements of the other set. In other words, they cannot solve the secure subset problem perfectly. While a few studies have addressed actual secure subsets, these protocols were mainly based on the oblivious polynomial evaluations with inefficient computation. In this study, we first design an efficient secure subset protocol for sets whose elements are drawn from a known set based on a new encoding method and homomorphic encryption scheme. If the elements of the sets are taken from a large domain, the existing protocol is inefficient. Using the Bloom filter and homomorphic encryption scheme, we further present an efficient protocol with linear computational complexity in the cardinality of the large set, and this is considered to be practical for inputs consisting of a large number of data. However, the second protocol that we design may yield a false positive. This probability can be rapidly decreased by reexecuting the protocol with different hash functions. Furthermore, we present the experimental performance analyses of these protocols.

Securing the Cloud Cloud Computer Security Techniques and Tactics

CERN Document Server

Winkler, Vic (JR)

2011-01-01

As companies turn to cloud computing technology to streamline and save money, security is a fundamental concern. Loss of certain control and lack of trust make this transition difficult unless you know how to handle it. Securing the Cloud discusses making the move to the cloud while securing your peice of it! The cloud offers felxibility, adaptability, scalability, and in the case of security-resilience. This book details the strengths and weaknesses of securing your company's information with different cloud approaches. Attacks can focus on your infrastructure, communications network, data, o

Security and Privacy in Fog Computing: Challenges

OpenAIRE

Mukherjee, Mithun; Matam, Rakesh; Shu, Lei; Maglaras, Leandros; Ferrag, Mohamed Amine; Choudhry, Nikumani; Kumar, Vikas

2017-01-01

open access article Fog computing paradigm extends the storage, networking, and computing facilities of the cloud computing toward the edge of the networks while offloading the cloud data centers and reducing service latency to the end users. However, the characteristics of fog computing arise new security and privacy challenges. The existing security and privacy measurements for cloud computing cannot be directly applied to the fog computing due to its features, such as mobility, heteroge...

Cloud Computing Security Issues - Challenges and Opportunities

OpenAIRE

Vaikunth, Pai T.; Aithal, P. S.

2017-01-01

Cloud computing services enabled through information communication technology delivered to a customer as services over the Internet on a leased basis have the capability to extend up or down their service requirements or needs. In this model, the infrastructure is owned by a third party vendor and the cloud computing services are delivered to the requested customers. Cloud computing model has many advantages including scalability, flexibility, elasticity, efficiency, and supports outsourcing ...

Implementation of two-party protocols in the noisy-storage model

International Nuclear Information System (INIS)

Wehner, Stephanie; Curty, Marcos; Schaffner, Christian; Lo, Hoi-Kwong

2010-01-01

The noisy-storage model allows the implementation of secure two-party protocols under the sole assumption that no large-scale reliable quantum storage is available to the cheating party. No quantum storage is thereby required for the honest parties. Examples of such protocols include bit commitment, oblivious transfer, and secure identification. Here, we provide a guideline for the practical implementation of such protocols. In particular, we analyze security in a practical setting where the honest parties themselves are unable to perform perfect operations and need to deal with practical problems such as errors during transmission and detector inefficiencies. We provide explicit security parameters for two different experimental setups using weak coherent, and parametric down-conversion sources. In addition, we analyze a modification of the protocols based on decoy states.

Guidelines for computer security in general practice.

Science.gov (United States)

Schattner, Peter; Pleteshner, Catherine; Bhend, Heinz; Brouns, Johan

2007-01-01

As general practice becomes increasingly computerised, data security becomes increasingly important for both patient health and the efficient operation of the practice. To develop guidelines for computer security in general practice based on a literature review, an analysis of available information on current practice and a series of key stakeholder interviews. While the guideline was produced in the context of Australian general practice, we have developed a template that is also relevant for other countries. Current data on computer security measures was sought from Australian divisions of general practice. Semi-structured interviews were conducted with general practitioners (GPs), the medical software industry, senior managers within government responsible for health IT (information technology) initiatives, technical IT experts, divisions of general practice and a member of a health information consumer group. The respondents were asked to assess both the likelihood and the consequences of potential risks in computer security being breached. The study suggested that the most important computer security issues in general practice were: the need for a nominated IT security coordinator; having written IT policies, including a practice disaster recovery plan; controlling access to different levels of electronic data; doing and testing backups; protecting against viruses and other malicious codes; installing firewalls; undertaking routine maintenance of hardware and software; and securing electronic communication, for example via encryption. This information led to the production of computer security guidelines, including a one-page summary checklist, which were subsequently distributed to all GPs in Australia. This paper maps out a process for developing computer security guidelines for general practice. The specific content will vary in different countries according to their levels of adoption of IT, and cultural, technical and other health service factors. Making

Computer security of NPP instrumentation and control systems: categorization

International Nuclear Information System (INIS)

Klevtsov, A.L.; Simonov, A.A.; Trubchaninov, S.A.

2016-01-01

The paper is devoted to studying categorization of NPP instrumentation and control (I&C) systems from the point of view of computer security and to consideration of the computer security levels and zones used by the International Atomic Energy Agency (IAEA). The paper also describes the computer security degrees and zones regulated by the International Electrotechnical Commission (IEC) standard. The computer security categorization of the systems used by the U.S. Nuclear Regulatory Commission (NRC) is presented. The experts analyzed the main differences in I&C systems computer security categorization accepted by the IAEA, IEC and U.S. NRC. The approaches to categorization that should be advisably used in Ukraine during the development of regulation on NPP I&C systems computer security are proposed in the paper

Towards Information Security Metrics Framework for Cloud Computing

OpenAIRE

Muhammad Imran Tariq

2012-01-01

Cloud computing has recently emerged as new computing paradigm which basically aims to provide customized, reliable, dynamic services over the internet.  Cost and security are influential issues to deploy cloud computing in large enterprise.  Privacy and security are very important issues in terms of user trust and legal compliance. Information Security (IS) metrics are best tool used to measure the efficiency, performance, effectiveness and impact of the security constraints. It is very hard...

A Formal Model of Trust Chain based on Multi-level Security Policy

OpenAIRE

Kong Xiangying

2013-01-01

Trust chain is the core technology of trusted computing. A formal model of trust chain based on finite state automata theory is proposed. We use communicating sequential processes to describe the system state transition in trust chain and by combining with multi-level security strategy give the definition of trust system and trust decision theorem of trust chain transfer which is proved meantime. Finally, a prototype system is given to show the efficiency of the model.

OSE inspection of computer security: Review

International Nuclear Information System (INIS)

Jaehne, E.M.

1987-01-01

The inspection process within the Department of Energy (DOE) serves the function of analyzing and reporting on the performance of security measures and controls in specific areas at sites throughout DOE. Three aspects of this process are discussed based on experience in computer security: Policy basis of performance inspections; Role and form of standards and criteria in inspections; and Conducting an inspection using the standards and criteria. Inspections are based on DOE and other applicable policy in each area. These policy statements have a compliance orientation in which the paper trail is often more clearly discernible than the security intention. The relationship of policy to performance inspections is discussed. To facilitate bridging the gap between the paper trail and the security intention defined by policy, standards and criteria were developed in each area. The consensus process and structure of the resulting product for computer security are discussed. Standards and criteria are inspection tools that support the site in preparing for an inspection and the inspector in conducting one. They form a systematic approach that facilitates consistency in the analysis and reporting of inspection results. Experience using the computer security standards and criteria is discussed

Security for small computer systems a practical guide for users

CERN Document Server

Saddington, Tricia

1988-01-01

Security for Small Computer Systems: A Practical Guide for Users is a guidebook for security concerns for small computers. The book provides security advice for the end-users of small computers in different aspects of computing security. Chapter 1 discusses the security and threats, and Chapter 2 covers the physical aspect of computer security. The text also talks about the protection of data, and then deals with the defenses against fraud. Survival planning and risk assessment are also encompassed. The last chapter tackles security management from an organizational perspective. The bo

STFTP: Secure TFTP Protocol for Embedded Multi-Agent Systems Communication

Directory of Open Access Journals (Sweden)

ZAGAR, D.

2013-05-01

Full Text Available Today's embedded systems have evolved into multipurpose devices moving towards an embedded multi-agent system (MAS infrastructure. With the involvement of MAS in embedded systems, one remaining issues is establishing communication between agents in low computational power and low memory embedded systems without present Embedded Operating System (EOS. One solution is the extension of an outdated Trivial File Transfer Protocol (TFTP. The main advantage of using TFTP in embedded systems is the easy implementation. However, the problem at hand is the overall lack of security mechanisms in TFTP. This paper proposes an extension to the existing TFTP in a form of added security mechanisms: STFTP. The authentication is proposed using Digest Access Authentication process whereas the data encryption can be performed by various cryptographic algorithms. The proposal is experimentally tested using two embedded systems based on micro-controller architecture. Communication is analyzed for authentication, data rate and transfer time versus various data encryption ciphers and files sizes. STFTP results in an expected drop in performance, which is in the range of similar encryption algorithms. The system could be improved by using embedded systems of higher computational power or by the use of hardware encryption modules.

A Complex Systems Approach to More Resilient Multi-Layered Security Systems

Energy Technology Data Exchange (ETDEWEB)

Brown, Nathanael J. K. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Jones, Katherine A. [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Bandlow, Alisa [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Nozick, Linda Karen [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Waddell, Lucas [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Levin, Drew [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Whetzel, Jonathan [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2016-09-01

In July 2012, protestors cut through security fences and gained access to the Y-12 National Security Complex. This was believed to be a highly reliable, multi-layered security system. This report documents the results of a Laboratory Directed Research and Development (LDRD) project that created a consistent, robust mathematical framework using complex systems analysis algorithms and techniques to better understand the emergent behavior, vulnerabilities and resiliency of multi-layered security systems subject to budget constraints and competing security priorities. Because there are several dimensions to security system performance and a range of attacks that might occur, the framework is multi-objective for a performance frontier to be estimated. This research explicitly uses probability of intruder interruption given detection (P_I) as the primary resilience metric. We demonstrate the utility of this framework with both notional as well as real-world examples of Physical Protection Systems (PPSs) and validate using a well-established force-on-force simulation tool, Umbra.

Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

Science.gov (United States)

Caruso, Ronald D

2003-01-01

Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort. Copyright RSNA, 2003

Nigeria's Multi-Agency Security Sector: The Paradox of a House ...

African Journals Online (AJOL)

The Nigerian state operates a multi-track security system in order to checkmate internal security threats and repel external aggression. The expected symbiotic inter-agency relationships among security agencies -military, law enforcement and intelligence- has been implied in the composition of the National Security Council ...

Hybrid-secure MPC 

DEFF Research Database (Denmark)

Lucas, Christoph; Raub, Dominik; Maurer, Ueli

2010-01-01

of the adversary, without being aware of the actual adversarial setting. Thus, hybrid-secure MPC protocols allow for graceful degradation of security. We present a hybrid-secure MPC protocol that provides an optimal trade-off between IT robustness and computational privacy: For any robustness parameter ρ ... obtain one MPC protocol that is simultaneously IT secure with robustness for up to t ≤ ρ actively corrupted parties, IT secure with fairness (no robustness) for up to t ... in the universal composability (UC) framework (based on a network of secure channels, a broadcast channel, and a common reference string). It achieves the bound on the trade-off between robustness and privacy shown by Ishai et al. [CRYPTO'06] and Katz [STOC'07], the bound on fairness shown by Cleve [STOC'86...

Cloud Computing Security in Openstack Architecture: General Overview

Directory of Open Access Journals (Sweden)

Gleb Igorevich Shakulo

2015-10-01

Full Text Available The subject of article is cloud computing security. Article begins with author analyzing cloud computing advantages and disadvantages, factors of growth, both positive and negative. Among latter, security is deemed one of the most prominent. Furthermore, author takes architecture of OpenStack project as an example for study: describes its essential components and their interconnection. As conclusion, author raises series of questions as possible areas of further research to resolve security concerns, thus making cloud computing more secure technology.

A Novel Cloud Computing Algorithm of Security and Privacy

Directory of Open Access Journals (Sweden)

Chih-Yung Chen

2013-01-01

Full Text Available The emergence of cloud computing has simplified the flow of large-scale deployment distributed system of software suppliers; when issuing respective application programs in a sharing clouds service to different user, the management of material becomes more complex. Therefore, in multitype clouds service of trust environment, when enterprises face cloud computing, what most worries is the issue of security, but individual users are worried whether the privacy material will have an outflow risk. This research has mainly analyzed several different construction patterns of cloud computing, and quite relevant case in the deployment construction security of cloud computing by fit and unfit quality, and proposed finally an optimization safe deployment construction of cloud computing and security mechanism of material protection calculating method, namely, Global Authentication Register System (GARS, to reduce cloud material outflow risk. We implemented a system simulation to test the GARS algorithm of availability, security and performance. By experimental data analysis, the solutions of cloud computing security, and privacy derived from the research can be effective protection in cloud information security. Moreover, we have proposed cloud computing in the information security-related proposals that would provide related units for the development of cloud computing security practice.

Homomorphic encryption and secure comparison

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Geisler, Martin; Krøigaard, Mikkel

2008-01-01

Computation (MPC). We show how our comparison protocol can be used to improve security of online auctions, and demonstrate that it is efficient enough to be used in practice. For comparison of 16 bits numbers with security based on 1024 bits RSA (executed by two parties), our implementation takes 0.28 sec......We propose a protocol for secure comparison of integers based on homomorphic encryption.We also propose a homomorphic encryption scheme that can be used in our protocol, makes it more efficient than previous solutions, and can also be used as the basis of efficient and general secure Multiparty...

Intelligent cloud computing security using genetic algorithm as a computational tools

Science.gov (United States)

Razuky AL-Shaikhly, Mazin H.

2018-05-01

An essential change had occurred in the field of Information Technology which represented with cloud computing, cloud giving virtual assets by means of web yet awesome difficulties in the field of information security and security assurance. Currently main problem with cloud computing is how to improve privacy and security for cloud “cloud is critical security”. This paper attempts to solve cloud security by using intelligent system with genetic algorithm as wall to provide cloud data secure, all services provided by cloud must detect who receive and register it to create list of users (trusted or un-trusted) depend on behavior. The execution of present proposal has shown great outcome.

The myth of secure computing.

Science.gov (United States)

Austin, Robert D; Darby, Christopher A

2003-06-01

Few senior executives pay a whole lot of attention to computer security. They either hand off responsibility to their technical people or bring in consultants. But given the stakes involved, an arm's-length approach is extremely unwise. According to industry estimates, security breaches affect 90% of all businesses every year and cost some $17 billion. Fortunately, the authors say, senior executives don't need to learn about the more arcane aspects of their company's IT systems in order to take a hands-on approach. Instead, they should focus on the familiar task of managing risk. Their role should be to assess the business value of their information assets, determine the likelihood that those assets will be compromised, and then tailor a set of risk abatement processes to their company's particular vulnerabilities. This approach, which views computer security as an operational rather than a technical challenge, is akin to a classic quality assurance program in that it attempts to avoid problems rather than fix them and involves all employees, not just IT staffers. The goal is not to make computer systems completely secure--that's impossible--but to reduce the business risk to an acceptable level. This article looks at the types of threats a company is apt to face. It also examines the processes a general manager should spearhead to lessen the likelihood of a successful attack. The authors recommend eight processes in all, ranging from deciding how much protection each digital asset deserves to insisting on secure software to rehearsing a response to a security breach. The important thing to realize, they emphasize, is that decisions about digital security are not much different from other cost-benefit decisions. The tools general managers bring to bear on other areas of the business are good models for what they need to do in this technical space.

Implementation of computer security at nuclear facilities in Germany

Energy Technology Data Exchange (ETDEWEB)

Lochthofen, Andre; Sommer, Dagmar [Gesellschaft fuer Anlagen- und Reaktorsicherheit mbH (GRS), Koeln (Germany)

2013-07-01

In recent years, electrical and I and C components in nuclear power plants (NPPs) were replaced by software-based components. Due to the increased number of software-based systems also the threat of malevolent interferences and cyber-attacks on NPPs has increased. In order to maintain nuclear security, conventional physical protection measures and protection measures in the field of computer security have to be implemented. Therefore, the existing security management process of the NPPs has to be expanded to computer security aspects. In this paper, we give an overview of computer security requirements for German NPPs. Furthermore, some examples for the implementation of computer security projects based on a GRS-best-practice-approach are shown. (orig.)

Implementation of computer security at nuclear facilities in Germany

International Nuclear Information System (INIS)

Lochthofen, Andre; Sommer, Dagmar

2013-01-01

In recent years, electrical and I and C components in nuclear power plants (NPPs) were replaced by software-based components. Due to the increased number of software-based systems also the threat of malevolent interferences and cyber-attacks on NPPs has increased. In order to maintain nuclear security, conventional physical protection measures and protection measures in the field of computer security have to be implemented. Therefore, the existing security management process of the NPPs has to be expanded to computer security aspects. In this paper, we give an overview of computer security requirements for German NPPs. Furthermore, some examples for the implementation of computer security projects based on a GRS-best-practice-approach are shown. (orig.)

International Conference on Computational Intelligence, Cyber Security, and Computational Models

CERN Document Server

Ramasamy, Vijayalakshmi; Sheen, Shina; Veeramani, C; Bonato, Anthony; Batten, Lynn

2016-01-01

This book aims at promoting high-quality research by researchers and practitioners from academia and industry at the International Conference on Computational Intelligence, Cyber Security, and Computational Models ICC3 2015 organized by PSG College of Technology, Coimbatore, India during December 17 – 19, 2015. This book enriches with innovations in broad areas of research like computational modeling, computational intelligence and cyber security. These emerging inter disciplinary research areas have helped to solve multifaceted problems and gained lot of attention in recent years. This encompasses theory and applications, to provide design, analysis and modeling of the aforementioned key areas.

Security Implications of Typical Grid Computing Usage Scenarios

International Nuclear Information System (INIS)

Humphrey, Marty; Thompson, Mary R.

2001-01-01

A Computational Grid is a collection of heterogeneous computers and resources spread across multiple administrative domains with the intent of providing users uniform access to these resources. There are many ways to access the resources of a Computational Grid, each with unique security requirements and implications for both the resource user and the resource provider. A comprehensive set of Grid usage scenarios are presented and analyzed with regard to security requirements such as authentication, authorization, integrity, and confidentiality. The main value of these scenarios and the associated security discussions are to provide a library of situations against which an application designer can match, thereby facilitating security-aware application use and development from the initial stages of the application design and invocation. A broader goal of these scenarios are to increase the awareness of security issues in Grid Computing

Security Implications of Typical Grid Computing Usage Scenarios

Energy Technology Data Exchange (ETDEWEB)

Humphrey, Marty; Thompson, Mary R.

2001-06-05

A Computational Grid is a collection of heterogeneous computers and resources spread across multiple administrative domains with the intent of providing users uniform access to these resources. There are many ways to access the resources of a Computational Grid, each with unique security requirements and implications for both the resource user and the resource provider. A comprehensive set of Grid usage scenarios are presented and analyzed with regard to security requirements such as authentication, authorization, integrity, and confidentiality. The main value of these scenarios and the associated security discussions are to provide a library of situations against which an application designer can match, thereby facilitating security-aware application use and development from the initial stages of the application design and invocation. A broader goal of these scenarios are to increase the awareness of security issues in Grid Computing.

CLOUD COMPUTING SECURITY ISSUES

Directory of Open Access Journals (Sweden)

Florin OGIGAU-NEAMTIU

2012-01-01

Full Text Available The term “cloud computing” has been in the spotlights of IT specialists the last years because of its potential to transform this industry. The promised benefits have determined companies to invest great sums of money in researching and developing this domain and great steps have been made towards implementing this technology. Managers have traditionally viewed IT as difficult and expensive and the promise of cloud computing leads many to think that IT will now be easy and cheap. The reality is that cloud computing has simplified some technical aspects of building computer systems, but the myriad challenges facing IT environment still remain. Organizations which consider adopting cloud based services must also understand the many major problems of information policy, including issues of privacy, security, reliability, access, and regulation. The goal of this article is to identify the main security issues and to draw the attention of both decision makers and users to the potential risks of moving data into “the cloud”.

Computer Security: Mac security – nothing for old versions

CERN Multimedia

Stefan Lueders, Computer Security Team

2016-01-01

A fundamental pillar of computer security is the regular maintenance of your code, operating system and application software – or, in computer lingo: patching, patching, patching.   Only software which is up-to-date should be free from any known vulnerabilities and thus provide you with a basic level of computer security. Neglecting regular updates is putting your computer at risk – and consequently your account, your password, your data, your photos, your videos and your money. Therefore, prompt and automatic patching is paramount. But the Microsofts, Googles and Apples of this world do not always help… Software vendors handle their update policy in different ways. While Android is a disaster – not because of Google, but due to the slow adaptation of many smartphone vendors (see “Android’s Armageddon”) – Microsoft provides updates for their Windows 7, Windows 8 and Windows 10 operating systems through their &ldq...

Review your Computer Security Now and Frequently!

CERN Multimedia

IT Department

2009-01-01

The start-up of LHC is foreseen to take place in the autumn and we will be in the public spotlight again. This increases the necessity to be vigilant with respect to computer security and the defacement of an experiment’s Web page in September last year shows that we should be particularly attentive. Attackers are permanently probing CERN and so we must all do the maximum to reduce future risks. Security is a hierarchical responsibility and requires to balance the allocation of resources between making systems work and making them secure. Thus all of us, whether users, developers, system experts, administrators, or managers are responsible for securing our computing assets. These include computers, software applications, documents, accounts and passwords. There is no "silver bullet" for securing systems, which can only be achieved by a painstaking search for all possible vulnerabilities followed by their mitigation. Additional advice on particular topics can be obtained from the relevant I...

Multi-thread Parallel Speech Recognition for Mobile Applications

Directory of Open Access Journals (Sweden)

LOJKA Martin

2014-05-01

Full Text Available In this paper, the server based solution of the multi-thread large vocabulary automatic speech recognition engine is described along with the Android OS and HTML5 practical application examples. The basic idea was to bring speech recognition available for full variety of applications for computers and especially for mobile devices. The speech recognition engine should be independent of commercial products and services (where the dictionary could not be modified. Using of third-party services could be also a security and privacy problem in specific applications, when the unsecured audio data could not be sent to uncontrolled environments (voice data transferred to servers around the globe. Using our experience with speech recognition applications, we have been able to construct a multi-thread speech recognition serverbased solution designed for simple applications interface (API to speech recognition engine modified to specific needs of particular application.

Data Security and Privacy in Cloud Computing

OpenAIRE

Yunchuan Sun; Junsheng Zhang; Yongping Xiong; Guangyu Zhu

2014-01-01

Data security has consistently been a major issue in information technology. In the cloud computing environment, it becomes particularly serious because the data is located in different places even in all the globe. Data security and privacy protection are the two main factors of user’s concerns about the cloud technology. Though many techniques on the topics in cloud computing have been investigated in both academics and industries, data security and privacy protection are becoming more impo...

Analysis on the security of cloud computing

Science.gov (United States)

He, Zhonglin; He, Yuhua

2011-02-01

Cloud computing is a new technology, which is the fusion of computer technology and Internet development. It will lead the revolution of IT and information field. However, in cloud computing data and application software is stored at large data centers, and the management of data and service is not completely trustable, resulting in safety problems, which is the difficult point to improve the quality of cloud service. This paper briefly introduces the concept of cloud computing. Considering the characteristics of cloud computing, it constructs the security architecture of cloud computing. At the same time, with an eye toward the security threats cloud computing faces, several corresponding strategies are provided from the aspect of cloud computing users and service providers.

Computer Security: Competing Concepts

OpenAIRE

Nissenbaum, Helen; Friedman, Batya; Felten, Edward

2001-01-01

This paper focuses on a tension we discovered in the philosophical part of our multidisciplinary project on values in web-browser security. Our project draws on the methods and perspectives of empirical social science, computer science, and philosophy to identify values embodied in existing web-browser security and also to prescribe changes to existing systems (in particular, Mozilla) so that values relevant to web-browser systems are better served than presently they are. The tension, which ...

Why SCADA security is NOT like Computer Centre Security

CERN Multimedia

CERN. Geneva

2014-01-01

Today, the industralized world lives in symbiosis with control systems (aka SCADA systems): it depends on power distribution, oil production, public transport, automatic production lines. While the convenience is at hand, still too many control systems are designed without any security in mind, lack basic security protections, and are not even robust enough to withstand basic attacks. The Stuxnet worm attacking Siemens PLCs in 2010 was another close call. Attackers currently enjoy hacking control systems, and aim to switch lights off. This presentation shall recap the current situation and discuss the differences (or not) between computer center cyber-security and control system cyber-security.

Role of political parties in the formation of civil society in Uzbekistan

Directory of Open Access Journals (Sweden)

Сирожжон Насипкулович Бердикулов

2015-06-01

Full Text Available The article considers the role of political parties in the development of civil society and the rule of law, as well as issues of political parties differ from other public organizations, the concept of a multi-party system, the importance of a multi-party system in ensuring political pluralism, inter-party competition, constructive opposition, the expression of the interests of the electorate, the space of political parties in parliament and local councils (soviets

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

Science.gov (United States)

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

INFORMATION SECURITY IN LOGISTICS COOPERATION

Directory of Open Access Journals (Sweden)

Tomasz Małkus

2015-03-01

Full Text Available Cooperation of suppliers of raw materials, semi-finished products, finished products, wholesalers, retailers in the form of the supply chain, as well as outsourcing of specialized logistics service require ensuring adequate support of information. It concerns the use of appropriate computer tools. The security of information in such conditions of collaboration becomes the important problem for parties of contract. The objective of the paper is to characterize main issues relating to security of information in logistics cooperation.

FAA computer security : recommendations to address continuing weaknesses

Science.gov (United States)

2000-12-01

In September, testimony before the Committee on Science, House of Representatives, focused on the Federal Aviation Administration's (FAA) computer security program. In brief, we reported that FAA's agency-wide computer security program has serious, p...

FROM THE MULTI-PARTY PROCESS OF CLASS ACTIONS TO THE COLLECTIVE PROCESS OF REPETITIVE CASES: MODELS OF COLLECTIVE TUTELAGE IN BRAZILIAN LAW

Directory of Open Access Journals (Sweden)

Graziela Argenta

2017-05-01

Full Text Available The article deals with the models of multi-party litigation established in Brazilian law, considering the class action model and the model systematized by the Civil Procedure Code of 2015 consisting of repetitive case judgments. It exposes the evolution, influences and consolidation of multi-party litigation in the Brazilian legal system, identifies the collective actions microsystem and deals with its relationship with the Civil Procedure Codes of 1973 and 2015, under a constitutional perspective. It presents characteristics of the incident of resolution of repetitive demands and the repetitive extraordinary and special appeals, with comparisons with the model of class actions. It discusses, from a comparative law perspective, the three great models of collective tutelage (American, European, and Brazilian in their relationship with the holders of individual rights. Finally, it brings forward considerations about the due process of law, presenting a doctrinal vision based on the need to evaluate the conflict and the complexity of the litigation to adapt the forms of multi-party conflicts resolution.

The research of computer network security and protection strategy

Science.gov (United States)

He, Jian

2017-05-01

With the widespread popularity of computer network applications, its security is also received a high degree of attention. Factors affecting the safety of network is complex, for to do a good job of network security is a systematic work, has the high challenge. For safety and reliability problems of computer network system, this paper combined with practical work experience, from the threat of network security, security technology, network some Suggestions and measures for the system design principle, in order to make the masses of users in computer networks to enhance safety awareness and master certain network security technology.

Security Architecture of Cloud Computing

OpenAIRE

V.KRISHNA REDDY; Dr. L.S.S.REDDY

2011-01-01

The Cloud Computing offers service over internet with dynamically scalable resources. Cloud Computing services provides benefits to the users in terms of cost and ease of use. Cloud Computing services need to address the security during the transmission of sensitive data and critical applications to shared and public cloud environments. The cloud environments are scaling large for data processing and storage needs. Cloud computing environment have various advantages as well as disadvantages o...

Quantum solution to a class of two-party private summation problems

Science.gov (United States)

Shi, Run-Hua; Zhang, Shun

2017-09-01

In this paper, we define a class of special two-party private summation (S2PPS) problems and present a common quantum solution to S2PPS problems. Compared to related classical solutions, our solution has advantages of higher security and lower communication complexity, and especially it can ensure the fairness of two parties without the help of a third party. Furthermore, we investigate the practical applications of our proposed S2PPS protocol in many privacy-preserving settings with big data sets, including private similarity decision, anonymous authentication, social networks, secure trade negotiation, secure data mining.

MULTI TENANCY SECURITY IN CLOUD COMPUTING

OpenAIRE

Manjinder Singh*, Charanjit Singh

2017-01-01

The word Cloud is used as a metaphor for the internet, based on standardised use of a cloud like shape to denote a network. Cloud Computing is advanced technology for resource sharing through network with less cost as compare to other technologies. Cloud infrastructure supports various models IAAS, SAAS, PAAS. The term virtualization in cloud computing is very useful today. With the help of virtualization, more than one operating system is supported with all resources on single H/W. We can al...

Analyzing the security of an existing computer system

Science.gov (United States)

Bishop, M.

1986-01-01

Most work concerning secure computer systems has dealt with the design, verification, and implementation of provably secure computer systems, or has explored ways of making existing computer systems more secure. The problem of locating security holes in existing systems has received considerably less attention; methods generally rely on thought experiments as a critical step in the procedure. The difficulty is that such experiments require that a large amount of information be available in a format that makes correlating the details of various programs straightforward. This paper describes a method of providing such a basis for the thought experiment by writing a special manual for parts of the operating system, system programs, and library subroutines.

Motivating Contributions for Home Computer Security

Science.gov (United States)

Wash, Richard L.

2009-01-01

Recently, malicious computer users have been compromising computers en masse and combining them to form coordinated botnets. The rise of botnets has brought the problem of home computers to the forefront of security. Home computer users commonly have insecure systems; these users do not have the knowledge, experience, and skills necessary to…

SecurityCom: A Multi-Player Game for Researching and Teaching Information Security Teams

Directory of Open Access Journals (Sweden)

Douglas P. Twitchell

2007-12-01

Full Text Available A major portion of government and business organizations’ attempts to counteract information security threats is teams of security personnel.  These teams often consist of personnel of diverse backgrounds in specific specialties such as network administration, application development, and business administration, resulting in possible conflicts between security, functionality, and availability.  This paper discusses the use of games to teach and research information security teams and outlines research to design and build a simple, team-oriented, configurable, information security game. It will be used to study how information security teams work together to defend against attacks using a multi-player game, and to study the use of games in training security teams.  Studying how information security teams work, especially considering the topic of shared-situational awareness, could lead to better ways of forming, managing, and training teams.  Studying the effectiveness of the game as a training tool could lead to better training for security teams. 

SEED: A Suite of Instructional Laboratories for Computer Security Education

Science.gov (United States)

Du, Wenliang; Wang, Ronghua

2008-01-01

The security and assurance of our computing infrastructure has become a national priority. To address this priority, higher education has gradually incorporated the principles of computer and information security into the mainstream undergraduate and graduate computer science curricula. To achieve effective education, learning security principles…

Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users

Science.gov (United States)

Edwards, Keith

2015-01-01

Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the…

A security model for saas in cloud computing

International Nuclear Information System (INIS)

Abbas, R.; Farooq, A.

2016-01-01

Cloud computing is a type of computing that relies on sharing computing resources rather than having local servers or personal devices to handle applications. It has many service modes like Software as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS). In SaaS model, service providers install and activate the applications in cloud and cloud customers access the software from cloud. So, the user does not have the need to purchase and install a particular software on his/her machine. While using SaaS model, there are multiple security issues and problems like Data security, Data breaches, Network security, Authentication and authorization, Data integrity, Availability, Web application security and Backup which are faced by users. Many researchers minimize these security problems by putting in hard work. A large work has been done to resolve these problems but there are a lot of issues that persist and need to overcome. In this research work, we have developed a security model that improves the security of data according to the desire of the End-user. The proposed model for different data security options can be helpful to increase the data security through which trade-off between functionalities can be optimized for private and public data. (author)

Device-independence for two-party cryptography and position verification

DEFF Research Database (Denmark)

Ribeiro, Jeremy; Thinh, Le Phuc; Kaniewski, Jedrzej

Quantum communication has demonstrated its usefulness for quantum cryptography far beyond quantum key distribution. One domain is two-party cryptography, whose goal is to allow two parties who may not trust each other to solve joint tasks. Another interesting application is position......-based cryptography whose goal is to use the geographical location of an entity as its only identifying credential. Unfortunately, security of these protocols is not possible against an all powerful adversary. However, if we impose some realistic physical constraints on the adversary, there exist protocols for which...... security can be proven, but these so far relied on the knowledge of the quantum operations performed during the protocols. In this work we give device-independent security proofs of two-party cryptography and Position Verification for memoryless devices under different physical constraints on the adversary...

Science and Technology Resources on the Internet: Computer Security.

Science.gov (United States)

Kinkus, Jane F.

2002-01-01

Discusses issues related to computer security, including confidentiality, integrity, and authentication or availability; and presents a selected list of Web sites that cover the basic issues of computer security under subject headings that include ethics, privacy, kids, antivirus, policies, cryptography, operating system security, and biometrics.…

Artificial immune system applications in computer security

CERN Document Server

Tan, Ying

2016-01-01

This book provides state-of-the-art information on the use, design, and development of the Artificial Immune System (AIS) and AIS-based solutions to computer security issues. Artificial Immune System: Applications in Computer Security focuses on the technologies and applications of AIS in malware detection proposed in recent years by the Computational Intelligence Laboratory of Peking University (CIL@PKU). It offers a theoretical perspective as well as practical solutions for readers interested in AIS, machine learning, pattern recognition and computer security. The book begins by introducing the basic concepts, typical algorithms, important features, and some applications of AIS. The second chapter introduces malware and its detection methods, especially for immune-based malware detection approaches. Successive chapters present a variety of advanced detection approaches for malware, including Virus Detection System, K-Nearest Neighbour (KNN), RBF networ s, and Support Vector Machines (SVM), Danger theory, ...

Computer security incident response team effectiveness : A needs assessment

NARCIS (Netherlands)

Kleij, R. van der; Kleinhuis, G.; Young, H.J.

2017-01-01

Computer security incident response teams (CSIRTs) respond to a computer security incident when the need arises. Failure of these teams can have far-reaching effects for the economy and national security. CSIRTs often have to work on an ad-hoc basis, in close cooperation with other teams, and in

Deployment Models: Towards Eliminating Security Concerns From Cloud Computing

OpenAIRE

Zhao, Gansen; Chunming, Rong; Jaatun, Martin Gilje; Sandnes, Frode Eika

2010-01-01

Cloud computing has become a popular choice as an alternative to investing new IT systems. When making decisions on adopting cloud computing related solutions, security has always been a major concern. This article summarizes security concerns in cloud computing and proposes five service deployment models to ease these concerns. The proposed models provide different security related features to address different requirements and scenarios and can serve as reference models for deployment. D...

SECURITY AND PRIVACY ISSUES IN CLOUD COMPUTING

Directory of Open Access Journals (Sweden)

Amina AIT OUAHMAN

2014-10-01

Full Text Available Today, cloud computing is defined and talked about across the ICT industry under different contexts and with different definitions attached to it. It is a new paradigm in the evolution of Information Technology, as it is one of the biggest revolutions in this field to have taken place in recent times. According to the National Institute for Standards and Technology (NIST, “cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services that can be rapidly provisioned and released with minimal management effort or service provider interaction” [1]. The importance of Cloud Computing is increasing and it is receiving a growing attention in the scientific and industrial communities. A study by Gartner [2] considered Cloud Computing as the first among the top 10 most important technologies and with a better prospect in successive years by companies and organizations. Clouds bring out tremendous benefits for both individuals and enterprises. Clouds support economic savings, outsourcing mechanisms, resource sharing, any-where any-time accessibility, on-demand scalability, and service flexibility. Clouds minimize the need for user involvement by masking technical details such as software upgrades, licenses, and maintenance from its customers. Clouds could also offer better security advantages over individual server deployments. Since a cloud aggregates resources, cloud providers charter expert security personnel while typical companies could be limited with a network administrator who might not be well versed in cyber security issues. The new concepts introduced by the clouds, such as computation outsourcing, resource sharing, and external data warehousing, increase the security and privacy concerns and create new security challenges. Moreover, the large scale of the clouds, the proliferation of mobile access devices (e

Cloud Computing Security in Openstack Architecture: General Overview

OpenAIRE

Gleb Igorevich Shakulo

2015-01-01

The subject of article is cloud computing security. Article begins with author analyzing cloud computing advantages and disadvantages, factors of growth, both positive and negative. Among latter, security is deemed one of the most prominent. Furthermore, author takes architecture of OpenStack project as an example for study: describes its essential components and their interconnection. As conclusion, author raises series of questions as possible areas of further research to resolve security c...

Computer Security Day

CERN Multimedia

CERN Bulletin

2010-01-01

  Viruses, phishing, malware and cyber-criminals can all threaten your computer and your data, even at CERN! Experts will share their experience with you and offer solutions to keep your computer secure. Thursday, 10 June 2010, 9.30, Council Chamber Make a note in your diary! Presentations in French and English: How do hackers break into your computer? Quels sont les enjeux et conséquences des attaques informatiques contre le CERN ? How so criminals steal your money on the Internet? Comment utiliser votre ordinateur de manière sécurisée ? and a quiz: test your knowledge and win one of the many prizes that will be on offer! For more information and to follow the day's events via a live webcast go to: http://cern.ch/SecDay.  

OT-Combiners Via Secure Computation

DEFF Research Database (Denmark)

Harnik, Danny; Ishai, Yuval; Kushilevitz, Eyal

2008-01-01

of faulty candidates (t = Ω(n)). Previous OT-combiners required either ω(n) or poly(k) calls to the n candidates, where k is a security parameter, and produced only a single secure OT. We demonstrate the usefulness of the latter result by presenting several applications that are of independent interest......An OT-combiner implements a secure oblivious transfer (OT) protocol using oracle access to n OT-candidates of which at most t may be faulty. We introduce a new general approach for combining OTs by making a simple and modular use of protocols for secure computation. Specifically, we obtain an OT......, strengthen the security, and improve the efficiency of previous OT-combiners. In particular, we obtain the first constant-rate OT-combiners in which the number of secure OTs being produced is a constant fraction of the total number of calls to the OT-candidates, while still tolerating a constant fraction...

A Novel Computer Virus Propagation Model under Security Classification

Directory of Open Access Journals (Sweden)

Qingyi Zhu

2017-01-01

Full Text Available In reality, some computers have specific security classification. For the sake of safety and cost, the security level of computers will be upgraded with increasing of threats in networks. Here we assume that there exists a threshold value which determines when countermeasures should be taken to level up the security of a fraction of computers with low security level. And in some specific realistic environments the propagation network can be regarded as fully interconnected. Inspired by these facts, this paper presents a novel computer virus dynamics model considering the impact brought by security classification in full interconnection network. By using the theory of dynamic stability, the existence of equilibria and stability conditions is analysed and proved. And the above optimal threshold value is given analytically. Then, some numerical experiments are made to justify the model. Besides, some discussions and antivirus measures are given.

Secure Multi-Keyword Search with User/Owner-side Efficiency in the Cloud

Directory of Open Access Journals (Sweden)

LEE, Y.

2016-05-01

Full Text Available As the amount of data in the cloud grows, ranked search system, the similarity of a query to data is ranked, are of significant importance. on the other hand, to protect privacy, searchable encryption system are being actively studied. In this paper, we present a new similarity-based multi-keyword search scheme for encrypted data. This scheme provides high flexibility in the pre- and post-processing of encrypted data, including splitting stem/suffix and computing from the encrypted index-term matrix, demonstrated to support Latent Semantic Indexing(LSI. On the client side, the computation and communication costs are one to two orders of magnitude lower than those of previous methods, as demonstrated in the experimental results. we also provide a security analysis of the proposed scheme.

Security personnel training using a computer-based game

International Nuclear Information System (INIS)

Ralph, J.; Bickner, L.

1987-01-01

Security personnel training is an integral part of a total physical security program, and is essential in enabling security personnel to perform their function effectively. Several training tools are currently available for use by security supervisors, including: textbook study, classroom instruction, and live simulations. However, due to shortcomings inherent in each of these tools, a need exists for the development of low-cost alternative training methods. This paper discusses one such alternative: a computer-based, game-type security training system. This system would be based on a personal computer with high-resolution graphics. Key features of this system include: a high degree of realism; flexibility in use and maintenance; high trainee motivation; and low cost

Computer Security: Virus Highlights Need for Improved Internet Management

Science.gov (United States)

1989-06-01

Kingdom. Page 47 GAO/IMTEC-89-57 Internet Computer Virus Appendix III Major Contributors to This Report Information Management and Technology ...resources; disrupts the intended use of the Internet ; or wastes resources, destroys the integrity of computer -based information , or compromises users...and information from the other party in order to assist in preparation for trial. Page 32 GAO/IMTEC-89-57 Internet Computer Virus Chapter 3 Factors

Security in Service Level Agreements for Cloud Computing

OpenAIRE

Bernsmed, Karin; JAATUN, Martin Gilje; Undheim, Astrid

2011-01-01

The Cloud computing paradigm promises reliable services, accessible from anywhere in the world, in an on-demand manner. Insufficient security has been identified as a major obstacle to adopting Cloud services. To deal with the risks associated with outsourcing data and applications to the Cloud, new methods for security assurance are urgently needed. This paper presents a framework for security in Service Level Agreements for Cloud computing. The purpose is twofold; to help potential Cloud cu...

Call for participation first ACM workshop on education in computer security

OpenAIRE

Irvine, Cynthia; Orman, Hilarie

1997-01-01

Taken from the NPS website. The security of information systems and networks is a growing concern. Experts are needed to design and organize the protection mechanisms for these systems. Both government and industry increasingly seek individuals with knowledge and skills in computer security. In the past, most traditional computer science curricula bypassed formal studies in computer security altogether. An understanding of computer security was achieved largely through on-the-job ...

Cheater detection in SPDZ multiparty computation

NARCIS (Netherlands)

G. Spini (Gabriele); S. Fehr (Serge); A. Nascimento; P. Barreto

2016-01-01

textabstractIn this work we revisit the SPDZ multiparty computation protocol by Damgård et al. for securely computing a function in the presence of an unbounded number of dishonest parties. The SPDZ protocol is distinguished by its fast performance. A downside of the SPDZ protocol is that one single

New computer security measures

CERN Multimedia

IT Department

2008-01-01

As a part of the long-term strategy to improve computer security at CERN, and especially given the attention focused to CERN by the start-up of the LHC, two additional security measures concerning DNS and Tor will shortly be introduced. These are described in the following texts and will affect only a small number of users. "PHISHING" ATTACKS CONTINUE CERN computer users continue to be subjected to attacks by people trying to infect our machines and obtain passwords and other confidential information by social engineering trickery. Recent examples include an e-mail message sent from "La Poste" entitled "Colis Postal" on 21 August, a fake mail sent from web and mail services on 8 September, and an e-mail purporting to come from Hallmark Cards announcing the arrival of an electronic postcard. However, there are many other examples and there are reports of compromised mail accounts being used for more realistic site-specific phishing attempts. Given the increased publicity rela...

Auditing cloud computing a security and privacy guide

CERN Document Server

Halpert, Ben

2011-01-01

The auditor's guide to ensuring correct security and privacy practices in a cloud computing environment Many organizations are reporting or projecting a significant cost savings through the use of cloud computing-utilizing shared computing resources to provide ubiquitous access for organizations and end users. Just as many organizations, however, are expressing concern with security and privacy issues for their organization's data in the "cloud." Auditing Cloud Computing provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among othe

Restricted access processor - An application of computer security technology

Science.gov (United States)

Mcmahon, E. M.

1985-01-01

This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

Handbook for the Computer Security Certification of Trusted Systems

National Research Council Canada - National Science Library

Weissman, Clark

1995-01-01

Penetration testing is required for National Computer Security Center (NCSC) security evaluations of systems and products for the B2, B3, and A1 class ratings of the Trusted Computer System Evaluation Criteria (TCSEC...

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

Science.gov (United States)

Muller, George; Perkins, Casey J.; Lancaster, Mary J.; MacDonald, Douglas G.; Clements, Samuel L.; Hutton, William J.; Patrick, Scott W.; Key, Bradley Robert

2015-07-28

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversing at least one of the areas in the physical domain and at least one of the areas in the cyber domain, and using results of the executing, providing information regarding a security risk of the facility with respect to the target.

An efficient two-party quantum private comparison protocol with decoy photons and two-photon entanglement

International Nuclear Information System (INIS)

Yang Yuguang; Wen Qiaoyan

2009-01-01

Following some ideas of the quantum secret sharing (QSS) protocol (2008, Phys. Lett. A 372, 1957), we propose an efficient quantum private comparison (QPC) protocol for comparing information of equality with the help of a third party (TP). The protocol can ensure fairness, efficiency and security. The protocol is fair, which means that one party knows the sound result of the comparison if and only if the other one knows the result. The protocol is efficient with the help of the TP for calculating. However, the TP cannot learn any information about the players' respective private inputs and even about the comparison result and cannot collude with any player. The protocol is secure for the two players, that is, any information about their respective secret inputs will not leak except the final computation result. A precise proof of security of the protocol is presented. Applications of this protocol may include private bidding and auctions, secret ballot elections, commercial business, identification in a number of scenarios and so on

Third party liability cover for nuclear damage and related problems

International Nuclear Information System (INIS)

Carbone, Ferdinando; Gambardella, Elio.

1974-06-01

This paper analyses the financial security and cover for third party liability for nuclear damage as provided for by Act No. 1860 of 31 December 1962 on the peaceful uses of nuclear energy. The relevant Sections of the Act are quoted and explained, as are the nuclear operator's obligation to furnish financial security for his liability. Different possible types of security and cover are described, also with reference to other national legislation. Finally, the author mentions the Paris Convention which provides the basis for Italian nuclear third party liability legislation. (NEA) [fr

Nuclear operators' third party liability amounts and financial security limits (Last updated: December 2017)

International Nuclear Information System (INIS)

2017-12-01

This table aims to gather information on the amounts available to compensate potential victims of a nuclear incident in countries and economies having nuclear power plants and/or having ratified at least one of the international conventions on nuclear third party liability. In the table: Public funds correspond to the amounts provided from public funds beyond the Operator's Liability Amount to be made available by the States parties to the BSC or CSC according to such conventions, or by any public authority pursuant to applicable laws and regulations. International funds correspond to public funds contributed jointly by all the States parties to the BSC or CSC according to a pre-determined formula provided in the respective conventions. The amount provided in the table corresponds to the total amount of the international funds calculated the day the table was updated. For the CSC international fund, an on-line calculator is available at https://ola.iaea.org/ola/CSCND/index.html Under Article V, subparagraph 1 of the Vienna Convention, 'The liability of the operator may be limited by the Installation State to not less than US $5 million for any one nuclear incident'. Subparagraph 3 of the same article further provides that 'The United States dollar referred to in this Convention is a unit of account equivalent to the value of the United States dollar in terms of gold on 29 April 1963, that is to say US $35 per one troy ounce of fine gold'. Therefore, in this table (1963: USD 5 million) means that a country applies the Operator's Liability Amount as provided under the Vienna Convention. With regard to the BSC, in 1992 the OECD Council issued a recommendation [C(92)166/FINAL] that the contracting parties to the BSC shall not invoke Article 3 (b)(i) of the BSC in cases where the amount of the insurance or other financial security of the operator is higher than SDR 175 million per incident (i.e. public funds tier) of the BSC. As a

Two-Round Password-Only Authenticated Key Exchange in the Three-Party Setting

Directory of Open Access Journals (Sweden)

Junghyun Nam

2015-01-01

Full Text Available We present the first provably-secure three-party password-only authenticated key exchange (PAKE protocol that can run in only two communication rounds. Our protocol is generic in the sense that it can be constructed from any two-party PAKE protocol. The protocol is proven secure in a variant of the widely-accepted model of Bellare, Pointcheval and Rogaway (2000 without any idealized assumptions on the cryptographic primitives used. We also investigate the security of the two-round, three-party PAKE protocol of Wang, Hu and Li (2010 and demonstrate that this protocol cannot achieve implicit key authentication in the presence of an active adversary.

On the Complexity of Computing Optimal Private Park-and-Ride Plans

DEFF Research Database (Denmark)

Olsen, Martin

2013-01-01

or size of the parties inputs. This is despite the fact that in many cases the size of a party’s input can be confidential. The reason for this omission seems to have been the folklore belief that, as with encryption, it is impossible to carry out non-trivial secure computation while hiding the size...... that the folklore belief may not be fully accurate. In this work, we initiate a theoretical study of input-size hiding secure computation, and focus on the two-party case. We present definitions for this task, and deal with the subtleties that arise in the setting where there is no a priori polynomial bound...

Modelling Engagement in Multi-Party Conversations : Data-Driven Approaches to Understanding Human-Human Communication Patterns for Use in Human-Robot Interactions

OpenAIRE

Oertel, Catharine

2016-01-01

The aim of this thesis is to study human-human interaction in order to provide virtual agents and robots with the capability to engage into multi-party-conversations in a human-like-manner. The focus lies with the modelling of conversational dynamics and the appropriate realization of multi-modal feedback behaviour. For such an undertaking, it is important to understand how human-human communication unfolds in varying contexts and constellations over time. To this end, multi-modal human-human...

Multiparty Computation for Dishonest Majority

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Orlandi, Claudio

2010-01-01

Multiparty computation protocols have been known for more than twenty years now, but due to their lack of efficiency their use is still limited in real-world applications: the goal of this paper is the design of efficient two and multi party computation protocols aimed to fill the gap between the...

Teaching introductory computer security at a Department of Defense university

OpenAIRE

Irvine, Cynthia E.

1997-01-01

The Naval Postgraduate School Center for Information Systems Security (INFOSEC) Studies and Research (NPS CISR) has developed an instructional program in computer security. Its objective is to insure that students not only understand practical aspects of computer security associated with current technology, but also learn the fundamental principles that can be applied to the development of systems for which high confidence in policy enforcement can be achieved. Introduction to Computer Sec...

Incorporating lab experience into computer security courses

NARCIS (Netherlands)

Ben Othmane, L.; Bhuse, V.; Lilien, L.T.

2013-01-01

We describe our experience with teaching computer security labs at two different universities. We report on the hardware and software lab setups, summarize lab assignments, present the challenges encountered, and discuss the lessons learned. We agree with and emphasize the viewpoint that security

National Computer Security Conference Proceedings (10th): Computer Security--From Principles to Practices, 21-24 September 1987

Science.gov (United States)

1987-09-24

conference ; heme -- Computer Securitj,." From Principles to Practices -- reflects the growth of computer security awareness and a maturation of the...Limited. current (North American) systems do not check whether de- clared functions are well-defined. An clemeitary example of an ill- defint -d function is

16th Department of Energy Computer Security Group Training Conference: Proceedings

Energy Technology Data Exchange (ETDEWEB)

1994-04-01

Various topic on computer security are presented. Integrity standards, smartcard systems, network firewalls, encryption systems, cryptography, computer security programs, multilevel security guards, electronic mail privacy, the central intelligence agency, internet security, and high-speed ATM networking are typical examples of discussed topics. Individual papers are indexed separately.

Guidelines for development of NASA (National Aeronautics and Space Administration) computer security training programs

Science.gov (United States)

Tompkins, F. G.

1983-01-01

The report presents guidance for the NASA Computer Security Program Manager and the NASA Center Computer Security Officials as they develop training requirements and implement computer security training programs. NASA audiences are categorized based on the computer security knowledge required to accomplish identified job functions. Training requirements, in terms of training subject areas, are presented for both computer security program management personnel and computer resource providers and users. Sources of computer security training are identified.

A Polynomial Subset-Based Efficient Multi-Party Key Management System for Lightweight Device Networks.

Science.gov (United States)

Mahmood, Zahid; Ning, Huansheng; Ghafoor, AtaUllah

2017-03-24

Wireless Sensor Networks (WSNs) consist of lightweight devices to measure sensitive data that are highly vulnerable to security attacks due to their constrained resources. In a similar manner, the internet-based lightweight devices used in the Internet of Things (IoT) are facing severe security and privacy issues because of the direct accessibility of devices due to their connection to the internet. Complex and resource-intensive security schemes are infeasible and reduce the network lifetime. In this regard, we have explored the polynomial distribution-based key establishment schemes and identified an issue that the resultant polynomial value is either storage intensive or infeasible when large values are multiplied. It becomes more costly when these polynomials are regenerated dynamically after each node join or leave operation and whenever key is refreshed. To reduce the computation, we have proposed an Efficient Key Management (EKM) scheme for multiparty communication-based scenarios. The proposed session key management protocol is established by applying a symmetric polynomial for group members, and the group head acts as a responsible node. The polynomial generation method uses security credentials and secure hash function. Symmetric cryptographic parameters are efficient in computation, communication, and the storage required. The security justification of the proposed scheme has been completed by using Rubin logic, which guarantees that the protocol attains mutual validation and session key agreement property strongly among the participating entities. Simulation scenarios are performed using NS 2.35 to validate the results for storage, communication, latency, energy, and polynomial calculation costs during authentication, session key generation, node migration, secure joining, and leaving phases. EKM is efficient regarding storage, computation, and communication overhead and can protect WSN-based IoT infrastructure.

Practical m-k-Anonymization for Collaborative Data Publishing without Trusted Third Party

Directory of Open Access Journals (Sweden)

Jingyu Hua

2017-01-01

Full Text Available In collaborative data publishing (CDP, an m-adversary attack refers to a scenario where up to m malicious data providers collude to infer data records contributed by other providers. Existing solutions either rely on a trusted third party (TTP or introduce expensive computation and communication overheads. In this paper, we present a practical distributed k-anonymization scheme, m-k-anonymization, designed to defend against m-adversary attacks without relying on any TTPs. We then prove its security in the semihonest adversary model and demonstrate how an extension of the scheme can also be proven secure in a stronger adversary model. We also evaluate its efficiency using a commonly used dataset.

78 FR 57839 - Request for Information on Computer Security Incident Coordination (CSIC)

Science.gov (United States)

2013-09-20

...-02] Request for Information on Computer Security Incident Coordination (CSIC) AGENCY: National... Computer Security Incident Coordination. NIST experienced technical difficulties with receiving email... Technology (NIST) announced that it was soliciting comments relating to Computer Security Incident...

Computer Security: professionalism in security, too

CERN Multimedia

Stefan Lueders, Computer Security Team

2015-01-01

At CERN, we apply a great deal of dedication and professionalism to all the work we do. This is necessary because of the complexity and sophistication of the devices we deal with. However, when it comes to computer security, we can all agree that there is room for improvement.   In some cases, we’ve observed devices that are connected to our Intranet networks without the adequate level of protection. Also, in order to allow it to be disseminated easily with peers, information is often disclosed on public webpages, sometimes without appropriate consideration of important security-related aspects. Program code is lost due to a lack of proper version control or the use of central storage systems. Systems are brought down by “finger trouble”, confusing the right and wrong IP addresses. Software or system development is done directly on production devices, impinging on their proper operation up to the point where the system grinds to a halt. Applications full of useful fe...

CLOUD COMPUTING SECURITY

Directory of Open Access Journals (Sweden)

Ştefan IOVAN

2016-05-01

Full Text Available Cloud computing reprentes the software applications offered as a service online, but also the software and hardware components from the data center.In the case of wide offerd services for any type of client, we are dealing with a public cloud. In the other case, in wich a cloud is exclusively available for an organization and is not available to the open public, this is consider a private cloud [1]. There is also a third type, called hibrid in which case an user or an organization might use both services available in the public and private cloud. One of the main challenges of cloud computing are to build the trust and ofer information privacy in every aspect of service offerd by cloud computingle. The variety of existing standards, just like the lack of clarity in sustenability certificationis not a real help in building trust. Also appear some questions marks regarding the efficiency of traditionsecurity means that are applied in the cloud domain. Beside the economic and technology advantages offered by cloud, also are some advantages in security area if the information is migrated to cloud. Shared resources available in cloud includes the survey, use of the "best practices" and technology for advance security level, above all the solutions offered by the majority of medium and small businesses, big companies and even some guvermental organizations [2].

Molecular transport network security using multi-wavelength optical spins.

Science.gov (United States)

Tunsiri, Surachai; Thammawongsa, Nopparat; Mitatha, Somsak; Yupapin, Preecha P

2016-01-01

Multi-wavelength generation system using an optical spin within the modified add-drop optical filter known as a PANDA ring resonator for molecular transport network security is proposed. By using the dark-bright soliton pair control, the optical capsules can be constructed and applied to securely transport the trapped molecules within the network. The advantage is that the dark and bright soliton pair (components) can securely propagate for long distance without electromagnetic interference. In operation, the optical intensity from PANDA ring resonator is fed into gold nano-antenna, where the surface plasmon oscillation between soliton pair and metallic waveguide is established.

Leveraging multi-channel x-ray detector technology to improve quality metrics for industrial and security applications

Science.gov (United States)

Jimenez, Edward S.; Thompson, Kyle R.; Stohn, Adriana; Goodner, Ryan N.

2017-09-01

Sandia National Laboratories has recently developed the capability to acquire multi-channel radio- graphs for multiple research and development applications in industry and security. This capability allows for the acquisition of x-ray radiographs or sinogram data to be acquired at up to 300 keV with up to 128 channels per pixel. This work will investigate whether multiple quality metrics for computed tomography can actually benefit from binned projection data compared to traditionally acquired grayscale sinogram data. Features and metrics to be evaluated include the ability to dis- tinguish between two different materials with similar absorption properties, artifact reduction, and signal-to-noise for both raw data and reconstructed volumetric data. The impact of this technology to non-destructive evaluation, national security, and industry is wide-ranging and has to potential to improve upon many inspection methods such as dual-energy methods, material identification, object segmentation, and computer vision on radiographs.

Guns, guards, gates and geeks: Romania strengthens computer security at nuclear installations

International Nuclear Information System (INIS)

Gil, Laura

2016-01-01

A cyberattack could swipe all the information stored on your computer or even prevent it from working. That’s bad enough. But a cyberattack on a nuclear power plant could lead to sabotage or theft of nuclear material. Computer security, concerned with the protection of digital data and the defence of systems and networks against malicious acts, is a critical component of nuclear security. “The advance of computers and their use in all aspects of nuclear operations has changed the security paradigm,” said Donald Dudenhoeffer, Information Technology Security Officer at the IAEA. “Information and computer security must be considered as components in the overall nuclear security plan.”

Software For Computer-Security Audits

Science.gov (United States)

Arndt, Kate; Lonsford, Emily

1994-01-01

Information relevant to potential breaches of security gathered efficiently. Automated Auditing Tools for VAX/VMS program includes following automated software tools performing noted tasks: Privileged ID Identification, program identifies users and their privileges to circumvent existing computer security measures; Critical File Protection, critical files not properly protected identified; Inactive ID Identification, identifications of users no longer in use found; Password Lifetime Review, maximum lifetimes of passwords of all identifications determined; and Password Length Review, minimum allowed length of passwords of all identifications determined. Written in DEC VAX DCL language.

Extreme Scale Computing to Secure the Nation

Energy Technology Data Exchange (ETDEWEB)

Brown, D L; McGraw, J R; Johnson, J R; Frincke, D

2009-11-10

Since the dawn of modern electronic computing in the mid 1940's, U.S. national security programs have been dominant users of every new generation of high-performance computer. Indeed, the first general-purpose electronic computer, ENIAC (the Electronic Numerical Integrator and Computer), was used to calculate the expected explosive yield of early thermonuclear weapons designs. Even the U. S. numerical weather prediction program, another early application for high-performance computing, was initially funded jointly by sponsors that included the U.S. Air Force and Navy, agencies interested in accurate weather predictions to support U.S. military operations. For the decades of the cold war, national security requirements continued to drive the development of high performance computing (HPC), including advancement of the computing hardware and development of sophisticated simulation codes to support weapons and military aircraft design, numerical weather prediction as well as data-intensive applications such as cryptography and cybersecurity U.S. national security concerns continue to drive the development of high-performance computers and software in the U.S. and in fact, events following the end of the cold war have driven an increase in the growth rate of computer performance at the high-end of the market. This mainly derives from our nation's observance of a moratorium on underground nuclear testing beginning in 1992, followed by our voluntary adherence to the Comprehensive Test Ban Treaty (CTBT) beginning in 1995. The CTBT prohibits further underground nuclear tests, which in the past had been a key component of the nation's science-based program for assuring the reliability, performance and safety of U.S. nuclear weapons. In response to this change, the U.S. Department of Energy (DOE) initiated the Science-Based Stockpile Stewardship (SBSS) program in response to the Fiscal Year 1994 National Defense Authorization Act, which requires, 'in the

Supporting multi-state collaboration on privacy and security to foster health IT and health information exchange.

Science.gov (United States)

Banger, Alison K; Alakoye, Amoke O; Rizk, Stephanie C

2008-11-06

As part of the HHS funded contract, Health Information Security and Privacy Collaboration, 41 states and territories have proposed collaborative projects to address cross-state privacy and security challenges related to health IT and health information exchange. Multi-state collaboration on privacy and security issues remains complicated, and resources to support collaboration around these topics are essential to the success of such collaboration. The resources outlined here offer an example of how to support multi-stakeholder, multi-state projects.

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems.

Science.gov (United States)

Wu, Jun; Su, Zhou; Wang, Shen; Li, Jianhua

2017-07-30

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on "friend" relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems.

An Overview of Computer Network security and Research Technology

OpenAIRE

Rathore, Vandana

2016-01-01

The rapid development in the field of computer networks and systems brings both convenience and security threats for users. Security threats include network security and data security. Network security refers to the reliability, confidentiality, integrity and availability of the information in the system. The main objective of network security is to maintain the authenticity, integrity, confidentiality, availability of the network. This paper introduces the details of the technologies used in...

A Design Methodology for Computer Security Testing

OpenAIRE

Ramilli, Marco

2013-01-01

The field of "computer security" is often considered something in between Art and Science. This is partly due to the lack of widely agreed and standardized methodologies to evaluate the degree of the security of a system. This dissertation intends to contribute to this area by investigating the most common security testing strategies applied nowadays and by proposing an enhanced methodology that may be effectively applied to different threat scenarios with the same degree of effectiveness. ...

The Development of Computer Policies in Government, Political Parties, and Trade Unions in Norway 1961-1983

Science.gov (United States)

Elgsaas, Knut; Hegna, Håvard

A “Council for Government Electronic Data Processing” was established in 1961. This was the start of development of a common policy for computers and data within the public administration. In 1969-70, computers got on the agenda of political parties and the trade unions. In the course of the seventies and the beginning of the eighties the government, the political parties, and the trade unions established a more comprehensive view of data political questions that we will designate by the term data policy. This paper puts some light on the causes and forces that drove the evolvement of a data policy within these central sectors in Norway. We will also show how various actors of research, trade and industry, and political life influenced the development of data policy and present links between the actors that indicate that they mutually influenced each other.

Strengthening Capacity to Respond to Computer Security Incidents ...

International Development Research Centre (IDRC) Digital Library (Canada)

... in the form of spam, improper access to confidential data and cyber theft. ... These teams are usually known as computer security incident response teams ... regional capacity for preventing and responding to cyber security incidents in Latin ...

Secure multiparty computation goes live

NARCIS (Netherlands)

Bogetoft, P.; Christensen, D.L.; Damgard, Ivan; Geisler, M.; Jakobsen, T.; Kroigaard, M.; Nielsen, J.D.; Nielsen, J.B.; Nielsen, K.; Pagter, J.; Schwartzbach, M.; Toft, T.; Dingledine, R.; Golle, Ph.

2009-01-01

In this note, we report on the first large-scale and practical application of secure multiparty computation, which took place in January 2008. We also report on the novel cryptographic protocols that were used. This work was supported by the Danish Strategic Research Council and the European

Secure multiparty computation goes live

DEFF Research Database (Denmark)

Bogetoft, Peter; Christensen, Dan Lund; Damgård, Ivan Bjerre

2009-01-01

In this note, we report on the first large-scale and practical application of secure multiparty computation, which took place in January 2008. We also report on the novel cryptographic protocols that were used. This work was supported by the Danish Strategic Research Council and the European...

Lock It Up! Computer Security.

Science.gov (United States)

Wodarz, Nan

1997-01-01

The data contained on desktop computer systems and networks pose security issues for virtually every district. Sensitive information can be protected by educating users, altering the physical layout, using password protection, designating access levels, backing up data, reformatting floppy disks, using antivirus software, and installing encryption…

Optical fibre multi-parameter sensing with secure cloud based signal capture and processing

Science.gov (United States)

Newe, Thomas; O'Connell, Eoin; Meere, Damien; Yuan, Hongwei; Leen, Gabriel; O'Keeffe, Sinead; Lewis, Elfed

2016-05-01

Recent advancements in cloud computing technologies in the context of optical and optical fibre based systems are reported. The proliferation of real time and multi-channel based sensor systems represents significant growth in data volume. This coupled with a growing need for security presents many challenges and presents a huge opportunity for an evolutionary step in the widespread application of these sensing technologies. A tiered infrastructural system approach is adopted that is designed to facilitate the delivery of Optical Fibre-based "SENsing as a Service- SENaaS". Within this infrastructure, novel optical sensing platforms, deployed within different environments, are interfaced with a Cloud-based backbone infrastructure which facilitates the secure collection, storage and analysis of real-time data. Feedback systems, which harness this data to affect a change within the monitored location/environment/condition, are also discussed. The cloud based system presented here can also be used with chemical and physical sensors that require real-time data analysis, processing and feedback.

A Secure Authenticate Framework for Cloud Computing Environment

OpenAIRE

Nitin Nagar; Pradeep k. Jatav

2014-01-01

Cloud computing has an important aspect for the companies to build and deploy their infrastructure and application. Data Storage service in the cloud computing is easy as compare to the other data storage services. At the same time, cloud security in the cloud environment is challenging task. Security issues ranging from missing system configuration, lack of proper updates, or unwise user actions from remote data storage. It can expose user’s private data and information to unwanted access. i...

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems

Directory of Open Access Journals (Sweden)

Jun Wu

2017-07-01

Full Text Available Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on “friend” relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems.

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems

Science.gov (United States)

Wu, Jun; Su, Zhou; Li, Jianhua

2017-01-01

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on “friend” relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems. PMID:28758943

Secure Authentication of Cloud Data Mining API

OpenAIRE

Bhadauria, Rohit; Borgohain, Rajdeep; Biswas, Abirlal; Sanyal, Sugata

2013-01-01

Cloud computing is a revolutionary concept that has brought a paradigm shift in the IT world. This has made it possible to manage and run businesses without even setting up an IT infrastructure. It offers multi-fold benefits to the users moving to a cloud, while posing unknown security and privacy issues. User authentication is one such growing concern and is greatly needed in order to ensure privacy and security in a cloud computing environment. This paper discusses the security at different...

Proposal for a security management in cloud computing for health care.

Science.gov (United States)

Haufe, Knut; Dzombeta, Srdan; Brandis, Knud

2014-01-01

Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

Proposal for a Security Management in Cloud Computing for Health Care

Directory of Open Access Journals (Sweden)

Knut Haufe

2014-01-01

Full Text Available Cloud computing is actually one of the most popular themes of information systems research. Considering the nature of the processed information especially health care organizations need to assess and treat specific risks according to cloud computing in their information security management system. Therefore, in this paper we propose a framework that includes the most important security processes regarding cloud computing in the health care sector. Starting with a framework of general information security management processes derived from standards of the ISO 27000 family the most important information security processes for health care organizations using cloud computing will be identified considering the main risks regarding cloud computing and the type of information processed. The identified processes will help a health care organization using cloud computing to focus on the most important ISMS processes and establish and operate them at an appropriate level of maturity considering limited resources.

Enhancing Security by System-Level Virtualization in Cloud Computing Environments

Science.gov (United States)

Sun, Dawei; Chang, Guiran; Tan, Chunguang; Wang, Xingwei

Many trends are opening up the era of cloud computing, which will reshape the IT industry. Virtualization techniques have become an indispensable ingredient for almost all cloud computing system. By the virtual environments, cloud provider is able to run varieties of operating systems as needed by each cloud user. Virtualization can improve reliability, security, and availability of applications by using consolidation, isolation, and fault tolerance. In addition, it is possible to balance the workloads by using live migration techniques. In this paper, the definition of cloud computing is given; and then the service and deployment models are introduced. An analysis of security issues and challenges in implementation of cloud computing is identified. Moreover, a system-level virtualization case is established to enhance the security of cloud computing environments.

Computer-Aided Sensor Development Focused on Security Issues.

Science.gov (United States)

Bialas, Andrzej

2016-05-26

The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research.

Multiparty Computation from Threshold Homomorphic Encryption

DEFF Research Database (Denmark)

Cramer, Ronald; Damgård, Ivan Bjerre; Nielsen, Jesper Buus

2001-01-01

We introduce a new approach to multiparty computation (MPC) basing it on homomorphic threshold crypto-systems. We show that given keys for any sufficiently efficient system of this type, general MPC protocols for n parties can be devised which are secure against an active adversary that corrupts...

Computer Security at Nuclear Facilities (French Edition)

International Nuclear Information System (INIS)

2013-01-01

category of the IAEA Nuclear Security Series, and deals with computer security at nuclear facilities. It is based on national experience and practices as well as publications in the fields of computer security and nuclear security. The guidance is provided for consideration by States, competent authorities and operators. The preparation of this publication in the IAEA Nuclear Security Series has been made possible by the contributions of a large number of experts from Member States. An extensive consultation process with all Member States included consultants meetings and open-ended technical meetings. The draft was then circulated to all Member States for 120 days to solicit further comments and suggestions. The comments received from Member States were reviewed and considered in the final version of the publication.

Two-Cloud-Servers-Assisted Secure Outsourcing Multiparty Computation

Science.gov (United States)

Wen, Qiaoyan; Zhang, Hua; Jin, Zhengping; Li, Wenmin

2014-01-01

We focus on how to securely outsource computation task to the cloud and propose a secure outsourcing multiparty computation protocol on lattice-based encrypted data in two-cloud-servers scenario. Our main idea is to transform the outsourced data respectively encrypted by different users' public keys to the ones that are encrypted by the same two private keys of the two assisted servers so that it is feasible to operate on the transformed ciphertexts to compute an encrypted result following the function to be computed. In order to keep the privacy of the result, the two servers cooperatively produce a custom-made result for each user that is authorized to get the result so that all authorized users can recover the desired result while other unauthorized ones including the two servers cannot. Compared with previous research, our protocol is completely noninteractive between any users, and both of the computation and the communication complexities of each user in our solution are independent of the computing function. PMID:24982949

Two-cloud-servers-assisted secure outsourcing multiparty computation.

Science.gov (United States)

Sun, Yi; Wen, Qiaoyan; Zhang, Yudong; Zhang, Hua; Jin, Zhengping; Li, Wenmin

2014-01-01

We focus on how to securely outsource computation task to the cloud and propose a secure outsourcing multiparty computation protocol on lattice-based encrypted data in two-cloud-servers scenario. Our main idea is to transform the outsourced data respectively encrypted by different users' public keys to the ones that are encrypted by the same two private keys of the two assisted servers so that it is feasible to operate on the transformed ciphertexts to compute an encrypted result following the function to be computed. In order to keep the privacy of the result, the two servers cooperatively produce a custom-made result for each user that is authorized to get the result so that all authorized users can recover the desired result while other unauthorized ones including the two servers cannot. Compared with previous research, our protocol is completely noninteractive between any users, and both of the computation and the communication complexities of each user in our solution are independent of the computing function.

Verifier-based three-party authentication schemes using extended chaotic maps for data exchange in telecare medicine information systems.

Science.gov (United States)

Lee, Tian-Fu

2014-12-01

Telecare medicine information systems provide a communicating platform for accessing remote medical resources through public networks, and help health care workers and medical personnel to rapidly making correct clinical decisions and treatments. An authentication scheme for data exchange in telecare medicine information systems enables legal users in hospitals and medical institutes to establish a secure channel and exchange electronic medical records or electronic health records securely and efficiently. This investigation develops an efficient and secure verified-based three-party authentication scheme by using extended chaotic maps for data exchange in telecare medicine information systems. The proposed scheme does not require server's public keys and avoids time-consuming modular exponential computations and scalar multiplications on elliptic curve used in previous related approaches. Additionally, the proposed scheme is proven secure in the random oracle model, and realizes the lower bounds of messages and rounds in communications. Compared to related verified-based approaches, the proposed scheme not only possesses higher security, but also has lower computational cost and fewer transmissions. Copyright © 2014 Elsevier Ireland Ltd. All rights reserved.

Distributed public key schemes secure against continual leakage

DEFF Research Database (Denmark)

Akavia, Adi; Goldwasser, Shafi; Hazay, Carmit

2012-01-01

-secure against continual memory leakage. Our DPKE scheme also implies a secure storage system on leaky devices, where a value s can be secretely stored on devices that continually leak information about their internal state to an external attacker. The devices go through a periodic refresh protocol......In this work we study distributed public key schemes secure against continual memory leakage. The secret key will be shared among two computing devices communicating over a public channel, and the decryption operation will be computed by a simple 2-party protocol between the devices. Similarly...... against continual memory leakage, under the Bilinear Decisional Diffie-Hellman and $2$-linear assumptions. Our schemes have the following properties: 1. Our DPKE and DIBE schemes tolerate leakage at all times, including during refresh. During refresh the tolerated leakage is a (1/2-o (1),1)-fraction...

Security Techniques for protecting data in Cloud Computing

OpenAIRE

Maddineni, Venkata Sravan Kumar; Ragi, Shivashanker

2012-01-01

Context: From the past few years, there has been a rapid progress in Cloud Computing. With the increasing number of companies resorting to use resources in the Cloud, there is a necessity for protecting the data of various users using centralized resources. Some major challenges that are being faced by Cloud Computing are to secure, protect and process the data which is the property of the user. Aims and Objectives: The main aim of this research is to understand the security threats and ident...

Efficient and Secure Comparison for On-Line Auctions

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Krøigaard, Mikkel; Geisler, Martin Joakim

2007-01-01

We propose a protocol for secure comparison of integers based on homomorphic encryption. We also propose a homomorphic encryption scheme that can be used in our protocol and makes it more efficient than previous solutions. Our protocol is well-suited for application in on-line auctions, both...... with respect to functionality and performance. It minimizes the amount of information bidders need to send, and for comparison of 16 bit numbers with security based on 1024 bit RSA (executed by two parties), our implementation takes 0.28 seconds including all computation and communication. Using precomputation...

Multilevel classification of security concerns in cloud computing

Directory of Open Access Journals (Sweden)

Syed Asad Hussain

2017-01-01

Full Text Available Threats jeopardize some basic security requirements in a cloud. These threats generally constitute privacy breach, data leakage and unauthorized data access at different cloud layers. This paper presents a novel multilevel classification model of different security attacks across different cloud services at each layer. It also identifies attack types and risk levels associated with different cloud services at these layers. The risks are ranked as low, medium and high. The intensity of these risk levels depends upon the position of cloud layers. The attacks get more severe for lower layers where infrastructure and platform are involved. The intensity of these risk levels is also associated with security requirements of data encryption, multi-tenancy, data privacy, authentication and authorization for different cloud services. The multilevel classification model leads to the provision of dynamic security contract for each cloud layer that dynamically decides about security requirements for cloud consumer and provider.

Characterizing and Implementing Efficient Primitives for Privacy-Preserving Computation

Science.gov (United States)

2015-07-01

UNLIMITED 136 Glossary of Terminology  AES : Advanced Encryption Standard Blackbox: A means of viewing a cryptographic protocol such that it can be...improvements and remaining challenges. 15. SUBJECT TERMS Garbled Circuit, Cell Phone, Encryption , Cryptography, Mobile Devices, Secure Multi-party...MAC prior to execution and re‐ encrypted using a one‐time pad prior to release

A Computational Model and Multi-Agent Simulation for Information Assurance

Science.gov (United States)

2002-06-01

Podell , Information Security: an Integrated Collection of Essays, IEEE Computer Society Press, Los Alamitos, CA, 1994. Brinkley, D. L. and Schell, R...R., “What is There to Worry About? An Introduction to the Computer Security Problem,” ed. Abrams and Jajodia and Podell , Information Security: an

A Secure Framework for Location Verification in Pervasive Computing

Science.gov (United States)

Liu, Dawei; Lee, Moon-Chuen; Wu, Dan

The way people use computing devices has been changed in some way by the relatively new pervasive computing paradigm. For example, a person can use a mobile device to obtain its location information at anytime and anywhere. There are several security issues concerning whether this information is reliable in a pervasive environment. For example, a malicious user may disable the localization system by broadcasting a forged location, and it may impersonate other users by eavesdropping their locations. In this paper, we address the verification of location information in a secure manner. We first present the design challenges for location verification, and then propose a two-layer framework VerPer for secure location verification in a pervasive computing environment. Real world GPS-based wireless sensor network experiments confirm the effectiveness of the proposed framework.

Computer access security code system

Science.gov (United States)

Collins, Earl R., Jr. (Inventor)

1990-01-01

A security code system for controlling access to computer and computer-controlled entry situations comprises a plurality of subsets of alpha-numeric characters disposed in random order in matrices of at least two dimensions forming theoretical rectangles, cubes, etc., such that when access is desired, at least one pair of previously unused character subsets not found in the same row or column of the matrix is chosen at random and transmitted by the computer. The proper response to gain access is transmittal of subsets which complete the rectangle, and/or a parallelepiped whose opposite corners were defined by first groups of code. Once used, subsets are not used again to absolutely defeat unauthorized access by eavesdropping, and the like.

Discussion on the Technology and Method of Computer Network Security Management

Science.gov (United States)

Zhou, Jianlei

2017-09-01

With the rapid development of information technology, the application of computer network technology has penetrated all aspects of society, changed people's way of life work to a certain extent, brought great convenience to people. But computer network technology is not a panacea, it can promote the function of social development, but also can cause damage to the community and the country. Due to computer network’ openness, easiness of sharing and other characteristics, it had a very negative impact on the computer network security, especially the loopholes in the technical aspects can cause damage on the network information. Based on this, this paper will do a brief analysis on the computer network security management problems and security measures.

Dissecting the Security and Protection Issues in Pervasive Computing

Directory of Open Access Journals (Sweden)

Qaisar Javaid

2018-04-01

Full Text Available Human beings reflect nomadic behaviour as they keep on travelling place to place whole day for personal or organizational purposes. The inception of modern networking technologies and the advent of wide range of applications in terms of services and resources have facilitated the users in many ways. The advancements in numerous areas such as embedded systems, WN (Wireless Networks, mobile and context-aware computing, anticipated pervasive computing dominated the human communication at large. Pervasive computing refers to the environment where information is accessible anywhere and anytime while existing system is invisible to the user. On the other hand, the invisibility of pervasive computing is also a problem in its adoption as users are unaware when and what devices collect their personal data and how it is being used. It has caused new security chaos as the more information about user is collected the more privacy and security concerns it raises, thus, the pervasive computing applications became key concern for user. This paper is aimed at analyzing the security and protection issues that arise while traveling from place to place connected with wireless mobile networks. The paper reviews many existing systems that offer possible security to pervasive users. An easy, precise and relative analysis and evaluation of surveyed pervasive systems are presented and some future directions are highlighted.

Computer-Aided Sensor Development Focused on Security Issues

Directory of Open Access Journals (Sweden)

Andrzej Bialas

2016-05-01

Full Text Available The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advantages, because the most difficult and most laborious activities are software-supported and the design reusability is growing. The paper includes a short introduction to the Common Criteria methodology and its sensor-related applications. In the experimental section the computer-supported and patterns-based IT security development process is presented using the example of an intelligent methane detection sensor. This process is supported by an ontology-based tool for security modeling and analyses. The verified and justified models are transferred straight to the security target specification representing security requirements for the IT product. The novelty of the paper is to provide a patterns-based and computer-aided methodology for the sensors development with a view to achieving their IT security assurance. The paper summarizes the validation experiment focused on this methodology adapted for the sensors system development, and presents directions of future research.

Computer-based multi-channel analyzer based on internet

International Nuclear Information System (INIS)

Zhou Xinzhi; Ning Jiaoxian

2001-01-01

Combined the technology of Internet with computer-based multi-channel analyzer, a new kind of computer-based multi-channel analyzer system which is based on browser is presented. Its framework and principle as well as its implementation are discussed

Provably-Secure Authenticated Group Diffie-Hellman KeyExchange

Energy Technology Data Exchange (ETDEWEB)

Bresson, Emmanuel; Chevassut, Olivier; Pointcheval, David

2007-01-01

Authenticated key exchange protocols allow two participantsA and B, communicating over a public network and each holding anauthentication means, to exchange a shared secret value. Methods designedto deal with this cryptographic problem ensure A (resp. B) that no otherparticipants aside from B (resp. A) can learn any information about theagreed value, and often also ensure A and B that their respective partnerhas actually computed this value. A natural extension to thiscryptographic method is to consider a pool of participants exchanging ashared secret value and to provide a formal treatment for it. Startingfrom the famous 2-party Diffie-Hellman (DH) key exchange protocol, andfrom its authenticated variants, security experts have extended it to themulti-party setting for over a decade and completed a formal analysis inthe framework of modern cryptography in the past few years. The presentpaper synthesizes this body of work on the provably-secure authenticatedgroup DH key exchange.

Brief analysis of Jiangsu grid security and stability based on multi-infeed DC index in power system

Science.gov (United States)

Zhang, Wenjia; Wang, Quanquan; Ge, Yi; Huang, Junhui; Chen, Zhengfang

2018-02-01

The impact of Multi-infeed HVDC has gradually increased to security and stability operating in Jiangsu power grid. In this paper, an appraisal method of Multi-infeed HVDC power grid security and stability is raised with Multi-Infeed Effective Short Circuit Ratio, Multi-Infeed Interaction Factor and Commutation Failure Immunity Index. These indices are adopted in security and stability simulating calculation of Jiangsu Multi-infeed HVDC system. The simulation results indicate that Jiangsu power grid is operating with a strong DC system. It has high level of power grid security and stability, and meet the safety running requirements. Jinpin-Suzhou DC system is located in the receiving end with huge capacity, which is easily leading to commutation failure of the transmission line. In order to resolve this problem, dynamic reactive power compensation can be applied in power grid near Jinpin-Suzhou DC system. Simulation result shows this method is feasible to commutation failure.

TOWARD HIGHLY SECURE AND AUTONOMIC COMPUTING SYSTEMS: A HIERARCHICAL APPROACH

Energy Technology Data Exchange (ETDEWEB)

Lee, Hsien-Hsin S

2010-05-11

The overall objective of this research project is to develop novel architectural techniques as well as system software to achieve a highly secure and intrusion-tolerant computing system. Such system will be autonomous, self-adapting, introspective, with self-healing capability under the circumstances of improper operations, abnormal workloads, and malicious attacks. The scope of this research includes: (1) System-wide, unified introspection techniques for autonomic systems, (2) Secure information-flow microarchitecture, (3) Memory-centric security architecture, (4) Authentication control and its implication to security, (5) Digital right management, (5) Microarchitectural denial-of-service attacks on shared resources. During the period of the project, we developed several architectural techniques and system software for achieving a robust, secure, and reliable computing system toward our goal.

Preaching What We Practice: Teaching Ethical Decision-Making to Computer Security Professionals

Science.gov (United States)

Fleischmann, Kenneth R.

The biggest challenge facing computer security researchers and professionals is not learning how to make ethical decisions; rather it is learning how to recognize ethical decisions. All too often, technology development suffers from what Langdon Winner terms technological somnambulism - we sleepwalk through our technology design, following past precedents without a second thought, and fail to consider the perspectives of other stakeholders [1]. Computer security research and practice involves a number of opportunities for ethical decisions. For example, decisions about whether or not to automatically provide security updates involve tradeoffs related to caring versus user autonomy. Decisions about online voting include tradeoffs between convenience and security. Finally, decisions about routinely screening e-mails for spam involve tradeoffs of efficiency and privacy. It is critical that these and other decisions facing computer security researchers and professionals are confronted head on as value-laden design decisions, and that computer security researchers and professionals consider the perspectives of various stakeholders in making these decisions.

Individual versus Organizational Computer Security and Privacy Concerns in Journalism

Directory of Open Access Journals (Sweden)

McGregor Susan E.

2016-10-01

Full Text Available A free and open press is a critical piece of the civil-society infrastructure that supports both established and emerging democracies. However, as the professional activities of reporting and publishing are increasingly conducted by digital means, computer security and privacy risks threaten free and independent journalism around the globe. Through interviews with 15 practicing journalists and 14 organizational stakeholders (supervising editors and technologists, we reveal the distinct - and sometimes conflicting-computer security concerns and priorities of different stakeholder groups within journalistic institutions, as well as unique issues in journalism compared to other types of organizations. As these concerns have not been deeply studied by those designing computer security practices or technologies that may benefit journalism, this research offers insight into some of the practical and cultural constraints that can limit the computer security and privacy practices of the journalism community as a whole. Based on these findings, we suggest paths for future research and development that can bridge these gaps through new tools and practices.

Computer security threats faced by small businesses in Australia

OpenAIRE

Hutchings, Alice

2012-01-01

In this paper, an overview is provided of computer security threats faced by small businesses. Having identified the threats, the implications for small business owners are described, along with countermeasures that can be adopted to prevent incidents from occurring. The results of the Australian Business Assessment of Computer User Security (ABACUS) survey, commissioned by the Australian Institute of Criminology (AIC), are drawn upon to identify key risks (Challice 2009; Richards 2009). Addi...

Computer network security and cyber ethics

CERN Document Server

Kizza, Joseph Migga

2014-01-01

In its 4th edition, this book remains focused on increasing public awareness of the nature and motives of cyber vandalism and cybercriminals, the weaknesses inherent in cyberspace infrastructure, and the means available to protect ourselves and our society. This new edition aims to integrate security education and awareness with discussions of morality and ethics. The reader will gain an understanding of how the security of information in general and of computer networks in particular, on which our national critical infrastructure and, indeed, our lives depend, is based squarely on the individ

Selection of security system design via games of imperfect information and multi-objective genetic algorithm

International Nuclear Information System (INIS)

Lins, Isis Didier; Rêgo, Leandro Chaves; Moura, Márcio das Chagas

2013-01-01

This work analyzes the strategic interaction between a defender and an intelligent attacker by means of a game and reliability framework involving a multi-objective approach and imperfect information so as to support decision-makers in choosing efficiently designed security systems. A multi-objective genetic algorithm is used to determine the optimal security system's configurations representing the tradeoff between the probability of a successful defense and the acquisition and operational costs. Games with imperfect information are considered, in which the attacker has limited knowledge about the actual security system. The types of security alternatives are readily observable, but the number of redundancies actually implemented in each security subsystem is not known. The proposed methodology is applied to an illustrative example considering power transmission lines in the Northeast of Brazil, which are often targets for attackers who aims at selling the aluminum conductors. The empirical results show that the framework succeeds in handling this sort of strategic interaction. -- Highlights: ► Security components must have feasible costs and must be reliable. ► The optimal design of security systems considers a multi-objective approach. ► Games of imperfect information enable the choice of non-dominated configurations. ► MOGA, reliability and games support the entire defender's decision process. ► The selection of effective security systems may discourage attacker's actions

CompGC: Efficient Offline/Online Sem i-honest Two-party Computation

Science.gov (United States)

2016-04-22

in Cryptology – EUROCRYPT 2007 ( Barcelona , Spain, May 20–24, 2007), M. Naor, Ed., vol. 4515 of Lecture Notes in Computer Science, Springer...low depth circuits. In FC 2013: 17th International Conference on Financial Cryptography and Data Security (Okinawa, Japan, Apr. 1–5, 2013), A.-R

Two-Cloud-Servers-Assisted Secure Outsourcing Multiparty Computation

Directory of Open Access Journals (Sweden)

Yi Sun

2014-01-01

Full Text Available We focus on how to securely outsource computation task to the cloud and propose a secure outsourcing multiparty computation protocol on lattice-based encrypted data in two-cloud-servers scenario. Our main idea is to transform the outsourced data respectively encrypted by different users’ public keys to the ones that are encrypted by the same two private keys of the two assisted servers so that it is feasible to operate on the transformed ciphertexts to compute an encrypted result following the function to be computed. In order to keep the privacy of the result, the two servers cooperatively produce a custom-made result for each user that is authorized to get the result so that all authorized users can recover the desired result while other unauthorized ones including the two servers cannot. Compared with previous research, our protocol is completely noninteractive between any users, and both of the computation and the communication complexities of each user in our solution are independent of the computing function.

Use of computer programs to evaluate effectiveness of security systems

International Nuclear Information System (INIS)

Harris, L. Jr.; Goldman, L.A.; Mc Daniel, T.L.

1987-01-01

Thirty or more computer programs for security vulnerability analysis were developed from 1975 through 1980. Most of these programs are intended for evaluating security system effectiveness against outsider threats, but at least six programs are primarily oriented to insider threats. Some strengths and weaknesses of these programs are described. Six of these programs, four for outsider threats and two for insider threats, have been revised and adapted for use with IBM personal computers. The vulnerability analysis process is discussed with emphasis on data collection. The difference between design data and operational data is described. For performance-type operational data, such as detection probabilities and barrier delay times, the difference between unstressed and stressed performance data is discussed. Stressed performance data correspond to situations where an adversary attempts to weaken a security system by mitigating certain security measures. Suggestions are made on the combined use of manual analysis and computer analysis

Scanning technology with multi-slice helical CT in security inspection domain

International Nuclear Information System (INIS)

Wang Jue; Wang Fuquan; Jiang Zenghui

2008-01-01

The paper analyzes the technology conditions of security inspection in home and abroad, and expatiates technology of spiral CT and how to define CT value etc, with studying on the key technology of spiral CT scanning way (X-RAY, detector, technology of pulley etc) and mutual relation. By comparing the present products of security inspection, the conclusion was drawn that it is inevitable to develop the tendency of security inspection area with the checking and discerning the substance by using the technology of multi-layer spiral CT. (authors)

Information Security

NARCIS (Netherlands)

Hartel, Pieter H.; Suryana Herman, Nanna; Leukfeldt, E.R.; Stol, W.Ph.

2012-01-01

Information security is all about the protection of digital assets, such as digital content, personal health records, state secrets etc. These assets can be handled by a party who is authorised to access and control the asset or a party who is not authorised to do so. Authorisation determines who is

A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs

Science.gov (United States)

Elahi, Golnaz; Yu, Eric

In designing software systems, security is typically only one design objective among many. It may compete with other objectives such as functionality, usability, and performance. Too often, security mechanisms such as firewalls, access control, or encryption are adopted without explicit recognition of competing design objectives and their origins in stakeholder interests. Recently, there is increasing acknowledgement that security is ultimately about trade-offs. One can only aim for "good enough" security, given the competing demands from many parties. In this paper, we examine how conceptual modeling can provide explicit and systematic support for analyzing security trade-offs. After considering the desirable criteria for conceptual modeling methods, we examine several existing approaches for dealing with security trade-offs. From analyzing the limitations of existing methods, we propose an extension to the i* framework for security trade-off analysis, taking advantage of its multi-agent and goal orientation. The method was applied to several case studies used to exemplify existing approaches.

A multi-layered network of the (Colombian) sovereign securities market

NARCIS (Netherlands)

Renneboog, Luc; Leon Rincon, Carlos; Pérez, Jhonatan; Alexandrova-Kabadjova, Bilana; Diehl, Martin; Heuver, Richard; Martinez-Jaramillo, Serafín

2015-01-01

We study the network of Colombian sovereign securities settlements. With data from the settlement market infrastructure we study financial institutions’ transactions from three different trading and registering individual networks that we combine into a multi-layer network. Examining this network of

Implementing AES via an Actively/Covertly Secure Dishonest-Majority MPC Protocol

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Keller, Marcel; Keller, Enrique

2012-01-01

, but produces significant performance enhancements; the second enables us to perform bit-wise operations in characteristic two fields. As a bench mark application we present the evaluation of the AES cipher, a now standard bench marking example for multi-party computation. We need examine two different...

Data security and risk assessment in cloud computing

Directory of Open Access Journals (Sweden)

Li Jing

2018-01-01

Full Text Available Cloud computing has attracted more and more attention as it reduces the cost of IT infrastructure of organizations. In our country, business Cloud services, such as Alibaba Cloud, Huawei Cloud, QingCloud, UCloud and so on are gaining more and more uses, especially small or median organizations. In the cloud service scenario, the program and data are migrating into cloud, resulting the lack of trust between customers and cloud service providers. However, the recent study on Cloud computing is mainly focused on the service side, while the data security and trust have not been sufficiently studied yet. This paper investigates into the data security issues from data life cycle which includes five steps when an organization uses Cloud computing. A data management framework is given out, including not only the data classification but also the risk management framework. Concretely, the data is divided into two varieties, business and personal information. And then, four classification levels (high, medium, low, normal according to the different extent of the potential adverse effect is introduced. With the help of classification, the administrators can identify the application or data to implement corresponding security controls. At last, the administrators conduct the risk assessment to alleviate the risk of data security. The trust between customers and cloud service providers will be strengthen through this way.

m2-ABKS: Attribute-Based Multi-Keyword Search over Encrypted Personal Health Records in Multi-Owner Setting.

Science.gov (United States)

Miao, Yinbin; Ma, Jianfeng; Liu, Ximeng; Wei, Fushan; Liu, Zhiquan; Wang, Xu An

2016-11-01

Online personal health record (PHR) is more inclined to shift data storage and search operations to cloud server so as to enjoy the elastic resources and lessen computational burden in cloud storage. As multiple patients' data is always stored in the cloud server simultaneously, it is a challenge to guarantee the confidentiality of PHR data and allow data users to search encrypted data in an efficient and privacy-preserving way. To this end, we design a secure cryptographic primitive called as attribute-based multi-keyword search over encrypted personal health records in multi-owner setting to support both fine-grained access control and multi-keyword search via Ciphertext-Policy Attribute-Based Encryption. Formal security analysis proves our scheme is selectively secure against chosen-keyword attack. As a further contribution, we conduct empirical experiments over real-world dataset to show its feasibility and practicality in a broad range of actual scenarios without incurring additional computational burden.

Toward Confirming a Framework for Securing the Virtual Machine Image in Cloud Computing

Directory of Open Access Journals (Sweden)

Raid Khalid Hussein

2017-04-01

Full Text Available The concept of cloud computing has arisen thanks to academic work in the fields of utility computing, distributed computing, virtualisation, and web services. By using cloud computing, which can be accessed from anywhere, newly-launched businesses can minimise their start-up costs. Among the most important notions when it comes to the construction of cloud computing is virtualisation. While this concept brings its own security risks, these risks are not necessarily related to the cloud. The main disadvantage of using cloud computing is linked to safety and security. This is because anybody which chooses to employ cloud computing will use someone else’s hard disk and CPU in order to sort and store data. In cloud environments, a great deal of importance is placed on guaranteeing that the virtual machine image is safe and secure. Indeed, a previous study has put forth a framework with which to protect the virtual machine image in cloud computing. As such, the present study is primarily concerned with confirming this theoretical framework so as to ultimately secure the virtual machine image in cloud computing. This will be achieved by carrying out interviews with experts in the field of cloud security.

Security analysis of cyber-physical system

Science.gov (United States)

Li, Bo; Zhang, Lichen

2017-05-01

In recent years, Cyber-Physical System (CPS) has become an important research direction of academic circles and scientific and technological circles at home and abroad, is considered to be following the third wave of world information technology after the computer, the Internet. PS is a multi-dimensional, heterogeneous, deep integration of open systems, Involving the computer, communication, control and other disciplines of knowledge. As the various disciplines in the research theory and methods are significantly different, so the application of CPS has brought great challenges. This paper introduces the definition and characteristics of CPS, analyzes the current situation of CPS, analyzes the security threats faced by CPS, and gives the security solution for security threats. It also discusses CPS-specific security technology, to promote the healthy development of CPS in information security.

Device independence for two-party cryptography and position verification with memoryless devices

Science.gov (United States)

Ribeiro, Jérémy; Thinh, Le Phuc; Kaniewski, Jedrzej; Helsen, Jonas; Wehner, Stephanie

2018-06-01

Quantum communication has demonstrated its usefulness for quantum cryptography far beyond quantum key distribution. One domain is two-party cryptography, whose goal is to allow two parties who may not trust each other to solve joint tasks. Another interesting application is position-based cryptography whose goal is to use the geographical location of an entity as its only identifying credential. Unfortunately, security of these protocols is not possible against an all powerful adversary. However, if we impose some realistic physical constraints on the adversary, there exist protocols for which security can be proven, but these so far relied on the knowledge of the quantum operations performed during the protocols. In this work we improve the device-independent security proofs of Kaniewski and Wehner [New J. Phys. 18, 055004 (2016), 10.1088/1367-2630/18/5/055004] for two-party cryptography (with memoryless devices) and we add a security proof for device-independent position verification (also memoryless devices) under different physical constraints on the adversary. We assess the quality of the devices by observing a Bell violation, and, as for Kaniewski and Wehner [New J. Phys. 18, 055004 (2016), 10.1088/1367-2630/18/5/055004], security can be attained for any violation of the Clauser-Holt-Shimony-Horne inequality.

Tracing the territorial dynamics of party fragmentation in Mexico (1991-2015

Directory of Open Access Journals (Sweden)

Willibald SONNLEITNER

2017-06-01

Full Text Available Over the past decades, Mexican politics evolved from a closed, corporative and hegemonic-party authoritarianism, towards a more plural and competitive multi-party system. In the nineties, three relevant parties structured electoral politics. But this system soon fragmented and reached an average of 5.6 effective parties in 2015. What causes and drives political and partisan fragmentation in Mexico? Which have been the main temporal and territorial dynamics? How did they reshape Mexico’s electoral geography?

Secure quantum private comparison

International Nuclear Information System (INIS)

Yang Yuguang; Cao Weifeng; Wen Qiaoyan

2009-01-01

We propose a two-party quantum private comparison protocol using single photons, in which two distrustful parties can compare whether their secrets are equal with the help of a third party (TP). Any information about the values of their respective secrets will not be leaked out even with a compromised TP. Security is also discussed.

Secure quantum private comparison

Energy Technology Data Exchange (ETDEWEB)

Yang Yuguang [College of Computer Science and Technology, Beijing University of Technology, Beijing 100124 (China); Cao Weifeng [College of Electric and Information Engineering, Zhengzhou University of Light Industry, Zhengzhou 450002 (China); Wen Qiaoyan [State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876 (China)], E-mail: yangyang7357@bjut.edu.cn

2009-12-15

We propose a two-party quantum private comparison protocol using single photons, in which two distrustful parties can compare whether their secrets are equal with the help of a third party (TP). Any information about the values of their respective secrets will not be leaked out even with a compromised TP. Security is also discussed.

Rational Multiparty Computation

OpenAIRE

Wallrabenstein, John Ross

2014-01-01

The field of rational cryptography considers the design of cryptographic protocols in the presence of rational agents seeking to maximize local utility functions. This departs from the standard secure multiparty computation setting, where players are assumed to be either honest or malicious. ^ We detail the construction of both a two-party and a multiparty game theoretic framework for constructing rational cryptographic protocols. Our framework specifies the utility function assumptions neces...

Controlled quantum secure direct communication using a non-symmetric quantum channel with quantum superdense coding

International Nuclear Information System (INIS)

Xia, Yan; Song, He-Shan

2007-01-01

We present a controlled quantum secure direct communication protocol that uses a 2-dimensional Greenberger-Horne-Zeilinger (GHZ) entangled state and a 3-dimensional Bell-basis state and employs the high-dimensional quantum superdense coding, local collective unitary operations and entanglement swapping. The proposed protocol is secure and of high source capacity. It can effectively protect the communication against a destroying-travel-qubit-type attack. With this protocol, the information transmission is greatly increased. This protocol can also be modified, so that it can be used in a multi-party control system

Secure data exchange between intelligent devices and computing centers

Science.gov (United States)

Naqvi, Syed; Riguidel, Michel

2005-03-01

The advent of reliable spontaneous networking technologies (commonly known as wireless ad-hoc networks) has ostensibly raised stakes for the conception of computing intensive environments using intelligent devices as their interface with the external world. These smart devices are used as data gateways for the computing units. These devices are employed in highly volatile environments where the secure exchange of data between these devices and their computing centers is of paramount importance. Moreover, their mission critical applications require dependable measures against the attacks like denial of service (DoS), eavesdropping, masquerading, etc. In this paper, we propose a mechanism to assure reliable data exchange between an intelligent environment composed of smart devices and distributed computing units collectively called 'computational grid'. The notion of infosphere is used to define a digital space made up of a persistent and a volatile asset in an often indefinite geographical space. We study different infospheres and present general evolutions and issues in the security of such technology-rich and intelligent environments. It is beyond any doubt that these environments will likely face a proliferation of users, applications, networked devices, and their interactions on a scale never experienced before. It would be better to build in the ability to uniformly deal with these systems. As a solution, we propose a concept of virtualization of security services. We try to solve the difficult problems of implementation and maintenance of trust on the one hand, and those of security management in heterogeneous infrastructure on the other hand.

Identity based Encryption and Biometric Authentication Scheme for Secure Data Access in Cloud Computing

DEFF Research Database (Denmark)

Cheng, Hongbing; Rong, Chunming; Tan, Zheng-Hua

2012-01-01

Cloud computing will be a main information infrastructure in the future; it consists of many large datacenters which are usually geographically distributed and heterogeneous. How to design a secure data access for cloud computing platform is a big challenge. In this paper, we propose a secure data...... access scheme based on identity-based encryption and biometric authentication for cloud computing. Firstly, we describe the security concern of cloud computing and then propose an integrated data access scheme for cloud computing, the procedure of the proposed scheme include parameter setup, key...... distribution, feature template creation, cloud data processing and secure data access control. Finally, we compare the proposed scheme with other schemes through comprehensive analysis and simulation. The results show that the proposed data access scheme is feasible and secure for cloud computing....

Autonomic computing meets SCADA security

OpenAIRE

Nazir, S; Patel, S; Patel, D

2017-01-01

© 2017 IEEE. National assets such as transportation networks, large manufacturing, business and health facilities, power generation, and distribution networks are critical infrastructures. The cyber threats to these infrastructures have increasingly become more sophisticated, extensive and numerous. Cyber security conventional measures have proved useful in the past but increasing sophistication of attacks dictates the need for newer measures. The autonomic computing paradigm mimics the auton...

Security Awareness in Software-Defined Multi-Domain 5G Networks

Directory of Open Access Journals (Sweden)

Jani Suomalainen

2018-03-01

Full Text Available Fifth generation (5G technologies will boost the capacity and ease the management of mobile networks. Emerging virtualization and softwarization technologies enable more flexible customization of network services and facilitate cooperation between different actors. However, solutions are needed to enable users, operators, and service providers to gain an up-to-date awareness of the security and trustworthiness of 5G systems. We describe a novel framework and enablers for security monitoring, inferencing, and trust measuring. The framework leverages software-defined networking and big data technologies to customize monitoring for different applications. We present an approach for sharing security measurements across administrative domains. We describe scenarios where the correlation of multi-domain information improves the accuracy of security measures with respect to two threats: end-user location tracking and Internet of things (IoT authentication storms. We explore the security characteristics of data flows in software networks dedicated to different applications with a mobile network testbed.

Security in cloud computing and virtual environments

OpenAIRE

Aarseth, Raymond

2015-01-01

Cloud computing is a big buzzwords today. Just watch the commercials on TV and I can promise that you will hear the word cloud service at least once. With the growth of cloud technology steadily rising, and everything from cellphones to cars connected to the cloud, how secure is cloud technology? What are the caveats of using cloud technology? And how does it all work? This thesis will discuss cloud security and the underlying technology called Virtualization to ...

Multi- factor volatility of security at Charles Schwab Corporation ...

African Journals Online (AJOL)

This paper examined the rate of returns required by investors who invested at Charles Schwab (Discount Brokerage firm) from 30th September, 1987 to 29th August, 1997. The methodology adapted involved the use of a multi-factor stochastic model; APT. The study shows a low systematic risk of the security. There was ...

TRUSTED CLOUD COMPUTING FRAMEWORK FOR HEALTHCARE SECTOR

OpenAIRE

Mervat Adib Bamiah; Sarfraz Nawaz Brohi; Suriayati Chuprat; Jamalul-lail Ab Manan

2014-01-01

Cloud computing is rapidly evolving due to its efficient characteristics such as cost-effectiveness, availability and elasticity. Healthcare organizations and consumers lose control when they outsource their sensitive data and computing resources to a third party Cloud Service Provider (CSP), which may raise security and privacy concerns related to data loss and misuse appealing threats. Lack of consumers’ knowledge about their data storage location may lead to violating rules and r...

Improving computer security by health smart card.

Science.gov (United States)

Nisand, Gabriel; Allaert, François-André; Brézillon, Régine; Isphording, Wilhem; Roeslin, Norbert

2003-01-01

The University hospitals of Strasbourg have worked for several years on the computer security of the medical data and have of this fact be the first to use the Health Care Professional Smart Card (CPS). This new tool must provide security to the information processing systems and especially to the medical data exchanges between the partners who collaborate to the care of the Beyond the purely data-processing aspects of the functions of safety offered by the CPS, safety depends above all on the practices on the users, their knowledge concerning the legislation, the risks and the stakes, of their adhesion to the procedures and protections installations. The aim of this study is to evaluate this level of knowledge, the practices and the feelings of the users concerning the computer security of the medical data, to check the relevance of the step taken, and if required, to try to improve it. The survey by questionnaires involved 648 users. The practices of users in terms of data security are clearly improved by the implementation of the security server and the use of the CPS system, but security breaches due to bad practices are not however completely eliminated. That confirms that is illusory to believe that data security is first and foremost a technical issue. Technical measures are of course indispensable, but the greatest efforts are required after their implementation and consist in making the key players [2], i.e. users, aware and responsible. However, it must be stressed that the user-friendliness of the security interface has a major effect on the results observed. For instance, it is highly probable that the bad practices continued or introduced upon the implementation of the security server and CPS scheme are due to the complicated nature or functional defects of the proposed solution, which must therefore be improved. Besides, this is only the pilot phase and card holders can be expected to become more responsible as time goes by, along with the gradual

Secure Enclaves: An Isolation-centric Approach for Creating Secure High Performance Computing Environments

Energy Technology Data Exchange (ETDEWEB)

Aderholdt, Ferrol [Tennessee Technological Univ., Cookeville, TN (United States); Caldwell, Blake A. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Hicks, Susan Elaine [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Koch, Scott M. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Naughton, III, Thomas J. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Pelfrey, Daniel S. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Pogge, James R [Tennessee Technological Univ., Cookeville, TN (United States); Scott, Stephen L [Tennessee Technological Univ., Cookeville, TN (United States); Shipman, Galen M. [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States); Sorrillo, Lawrence [Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)

2017-01-01

High performance computing environments are often used for a wide variety of workloads ranging from simulation, data transformation and analysis, and complex workflows to name just a few. These systems may process data at various security levels but in so doing are often enclaved at the highest security posture. This approach places significant restrictions on the users of the system even when processing data at a lower security level and exposes data at higher levels of confidentiality to a much broader population than otherwise necessary. The traditional approach of isolation, while effective in establishing security enclaves poses significant challenges for the use of shared infrastructure in HPC environments. This report details current state-of-the-art in virtualization, reconfigurable network enclaving via Software Defined Networking (SDN), and storage architectures and bridging techniques for creating secure enclaves in HPC environments.

Balancing platform control and external contribution in third-party development: the boundary resources model

DEFF Research Database (Denmark)

Ghazawneh, Ahmad; Henfridsson, Ola

2013-01-01

Prior research documents the significance of using platform boundary resources (e.g. application programming interfaces) for cultivating platform ecosystems through third-party development. However, there are few, if any, theoretical accounts of this relationship. To this end, this paper proposes......-party development: self-resourcing, regulation-based securing, diversity resourcing and sovereignty securing. Our research extends and complements existing platform literature and contributes new knowledge about an alternative form of system development...

19 CFR 10.589 - Certification for goods exported to a Party.

Science.gov (United States)

2010-04-01

... such other medium or format approved by the Party's customs authority for that purpose) to CBP upon... 19 Customs Duties 1 2010-04-01 2010-04-01 false Certification for goods exported to a Party. 10.589 Section 10.589 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY...

Toward Practical Secure Stable Matching

Directory of Open Access Journals (Sweden)

Riazi M. Sadegh

2017-01-01

Full Text Available The Stable Matching (SM algorithm has been deployed in many real-world scenarios including the National Residency Matching Program (NRMP and financial applications such as matching of suppliers and consumers in capital markets. Since these applications typically involve highly sensitive information such as the underlying preference lists, their current implementations rely on trusted third parties. This paper introduces the first provably secure and scalable implementation of SM based on Yao’s garbled circuit protocol and Oblivious RAM (ORAM. Our scheme can securely compute a stable match for 8k pairs four orders of magnitude faster than the previously best known method. We achieve this by introducing a compact and efficient sub-linear size circuit. We even further decrease the computation cost by three orders of magnitude by proposing a novel technique to avoid unnecessary iterations in the SM algorithm. We evaluate our implementation for several problem sizes and plan to publish it as open-source.

Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users

OpenAIRE

Vladislav D. Veksler; Norbou Buchler; Blaine E. Hoffman; Daniel N. Cassenti; Char Sample; Shridat Sugrim

2018-01-01

Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision li...

R3D3 in the Wild: Using A Robot for Turn Management in Multi-Party Interaction with a Virtual Human

NARCIS (Netherlands)

Theune, Mariet; Wiltenburg, Daan; Bode, Max; Linssen, Jeroen

R3D3 is a combination of a virtual human with a non-speaking robot capable of head gestures and emotive gaze behaviour. We use the robot to implement various turn management functions for use in multi-party interaction with R3D3, and present the results of a field study investigating their effects

CERN Technical Training: new courses on computer security

CERN Multimedia

HR Department

2009-01-01

Two new trainings are available at CERN concerning computer security. • How to create secure software? The "Developing secure software" course (3.5 hours) is designed for software programmers, both for regular software and Web applications. It covers main aspects of security in different phases of the software development lifecycle. The last, optional hour discusses security issues of Web application developers. This course, although not hands-on, is interactive and full of real-life examples. The first session of this course will take place, in English, on 21 April in the CERN Technical Training Centre. More sessions will be scheduled in 2009. • How to safely navigate and send mails? The "Secure e-mail and Web browsing" course is an entry-level 1.5-hour course designed to show how to detect and avoid typical security pitfalls encountered when e-mailing and browsing the Web. It is designed for non-technical users of Internet Explorer and Outlook. The first sessions ...

CERN Technical Training: new courses on computer security

CERN Multimedia

HR Department

2009-01-01

Two new trainings are available at CERN concerning computer security. • How to create secure software? The "Developing secure software" course (3.5 hours) is designed for software programmers, both for regular software and Web applications. It covers main aspects of security in different phases of the software development lifecycle. The last, optional hour discusses security issues of Web application developers. This course, although not hands-on, is interactive and full of real-life examples. The first session of this course will take place, in English, on 21 April in the CERN Technical Training Centre. More sessions will be scheduled in 2009. • How to safely navigate and send mails? The "Secure e-mail and Web browsing" course is an entry-level 1.5-hour course designed to show how to detect and avoid typical security pitfalls encountered when e-mailing and browsing the Web. It is designed for non-technical users of Internet Explorer and Outlook. The first sessions o...

CERN Technical Training: new courses on computer security

CERN Multimedia

HR Department

2009-01-01

Two new trainings are available at CERN concerning computer security. • How to create secure software? The "Developing secure software" course (3.5 hours) is designed for software programmers, both for regular software and Web applications. It covers main aspects of security in different phases of the software development lifecycle. The last, optional hour discusses security issues of Web application developers. This course, although not hands-on, is interactive and full of real-life examples. The first session of this course will take place, in English, on 21 April in the CERN Technical Training Center. More sessions will be scheduled in 2009. • How to safely navigate and send mails? The "Secure e-mail and Web browsing" course is an entry-level 1.5-hour training aimed to show how to detect and avoid typical security pitfalls encountered when e-mailing and browsing the Web. It is designed for non-technical users of Internet Explorer and Outlook. The first sessions o...

A Trust-Based Model for Security Cooperating in Vehicular Cloud Computing

Directory of Open Access Journals (Sweden)

Zhipeng Tang

2016-01-01

Full Text Available VCC is a computing paradigm which consists of vehicles cooperating with each other to realize a lot of practical applications, such as delivering packages. Security cooperation is a fundamental research topic in Vehicular Cloud Computing (VCC. Because of the existence of malicious vehicles, the security cooperation has become a challenging issue in VCC. In this paper, a trust-based model for security cooperating, named DBTEC, is proposed to promote vehicles’ security cooperation in VCC. DBTEC combines the indirect trust estimation in Public board and the direct trust estimation in Private board to compute the trust value of vehicles when choosing cooperative partners; a trustworthy cooperation path generating scheme is proposed to ensure the safety of cooperation and increase the cooperation completion rates in VCC. Extensive experiments show that our scheme improves the overall cooperation completion rates by 6~7%.

Dynamic Security Assessment Of Computer Networks In Siem-Systems

Directory of Open Access Journals (Sweden)

Elena Vladimirovna Doynikova

2015-10-01

Full Text Available The paper suggests an approach to the security assessment of computer networks. The approach is based on attack graphs and intended for Security Information and Events Management systems (SIEM-systems. Key feature of the approach consists in the application of the multilevel security metrics taxonomy. The taxonomy allows definition of the system profile according to the input data used for the metrics calculation and techniques of security metrics calculation. This allows specification of the security assessment in near real time, identification of previous and future attacker steps, identification of attackers goals and characteristics. A security assessment system prototype is implemented for the suggested approach. Analysis of its operation is conducted for several attack scenarios.

On Secure Two-Party Integer Division

DEFF Research Database (Denmark)

Dahl, Morten; Ning, Chao; Toft, Tomas

2012-01-01

{\\mathcal{O}}(\\ell)$ arithmetic operations on encrypted values (secure addition and multiplication) in $\\ensuremath{\\mathcal{O}}(1)$ rounds. This is the most efficient constant-rounds solution to date. The second protocol requires only $\\ensuremath{\\mathcal{O}} \\left( (\\log^2 \\ell)(\\kappa + \\operatorname{loglog} \\ell) \\right......We consider the problem of secure integer division: given two Paillier encryptions of ℓ-bit values n and d, determine an encryption of $\\lfloor \\frac{n}{d}\\rfloor$ without leaking any information about n or d. We propose two new protocols solving this problem. The first requires $\\ensuremath......)$ arithmetic operations in $\\ensuremath{\\mathcal{O}}(\\log^2 \\ell)$ rounds, where κ is a correctness parameter. Theoretically, this is the most efficient solution to date as all previous solutions have required Ω(ℓ) operations. Indeed, the fact that an o(ℓ) solution is possible at all is highly surprising....

Tolerance in multi-religious society for national security: the Nigerian ...

African Journals Online (AJOL)

The study employed both primary and secondary sources of data. The primary source includes the Bible and the Qur'an while the secondary source includes books, journal articles and the Internet. The data collected were analysed using sociological approach. Keywords: National Security, Multi-Religious, Tolerance, ...

A Compute Environment of ABC95 Array Computer Based on Multi-FPGA Chip

Institute of Scientific and Technical Information of China (English)

无

2000-01-01

ABC95 array computer is a multi-function network's computer based on FPGA technology, The multi-function network supports processors conflict-free access data from memory and supports processors access data from processors based on enhanced MESH network.ABC95 instruction's system includes control instructions, scalar instructions, vectors instructions.Mostly net-work instructions are introduced.A programming environment of ABC95 array computer assemble language is designed.A programming environment of ABC95 array computer for VC++ is advanced.It includes load function of ABC95 array computer program and data, store function, run function and so on.Specially, The data type of ABC95 array computer conflict-free access is defined.The results show that these technologies can develop programmer of ABC95 array computer effectively.

Computer Security: How to succeed in software deployment

CERN Multimedia

Computer Security Team

2014-01-01

The summer student period has ended and we would like to congratulate all those who successfully accomplished their project! In particular, well done to those who managed to develop and deploy sophisticated web applications in the short summer season. Unfortunately, not all web applications made the final cut, moved into production and became visible on the Internet. We had to reject some... let me explain why.   Making a web application visible on the Internet requires an opening in the CERN outer perimeter firewall. Such a request is usually made through the CERN WebReq web interface. As standard procedure, the CERN Computer Security team reviews every request and performs a security assessment. This is where you, your supervisee and the Computer Security team all start to get frustrated. Many summer students delivered awesome web applications with great new functions and a good “look and feel” following precise use cases, using modern web technologies, dashboards, integr...

A compressive sensing based secure watermark detection and privacy preserving storage framework.

Science.gov (United States)

Qia Wang; Wenjun Zeng; Jun Tian

2014-03-01

Privacy is a critical issue when the data owners outsource data storage or processing to a third party computing service, such as the cloud. In this paper, we identify a cloud computing application scenario that requires simultaneously performing secure watermark detection and privacy preserving multimedia data storage. We then propose a compressive sensing (CS)-based framework using secure multiparty computation (MPC) protocols to address such a requirement. In our framework, the multimedia data and secret watermark pattern are presented to the cloud for secure watermark detection in a CS domain to protect the privacy. During CS transformation, the privacy of the CS matrix and the watermark pattern is protected by the MPC protocols under the semi-honest security model. We derive the expected watermark detection performance in the CS domain, given the target image, watermark pattern, and the size of the CS matrix (but without the CS matrix itself). The correctness of the derived performance has been validated by our experiments. Our theoretical analysis and experimental results show that secure watermark detection in the CS domain is feasible. Our framework can also be extended to other collaborative secure signal processing and data-mining applications in the cloud.

Securing Embedded Smart Cameras with Trusted Computing

Directory of Open Access Journals (Sweden)

Winkler Thomas

2011-01-01

Full Text Available Camera systems are used in many applications including video surveillance for crime prevention and investigation, traffic monitoring on highways or building monitoring and automation. With the shift from analog towards digital systems, the capabilities of cameras are constantly increasing. Today's smart camera systems come with considerable computing power, large memory, and wired or wireless communication interfaces. With onboard image processing and analysis capabilities, cameras not only open new possibilities but also raise new challenges. Often overlooked are potential security issues of the camera system. The increasing amount of software running on the cameras turns them into attractive targets for attackers. Therefore, the protection of camera devices and delivered data is of critical importance. In this work we present an embedded camera prototype that uses Trusted Computing to provide security guarantees for streamed videos. With a hardware-based security solution, we ensure integrity, authenticity, and confidentiality of videos. Furthermore, we incorporate image timestamping, detection of platform reboots, and reporting of the system status. This work is not limited to theoretical considerations but also describes the implementation of a prototype system. Extensive evaluation results illustrate the practical feasibility of the approach.

Computer Security Issues in Online Banking: An Assessment from the Context of Usable Security

Science.gov (United States)

Mahmadi, FN; Zaaba, ZF; Osman, A.

2016-11-01

Today's online banking is a convenient mode of finance management. Despite the ease of doing online banking, there are people that still sceptical in utilizing it due to perception and its security. This paper highlights the subject of online banking security in Malaysia, especially from the perspective of the end-users. The study is done by assessing human computer interaction, usability and security. An online survey utilising 137 participants was previously conducted to gain preliminary insights on security issues of online banking in Malaysia. Following from those results, 37 participants were interviewed to gauge deeper understanding about end-users perception on online banking within the context of usable security. The results suggested that most of the end-users are continuingly experiencing significant difficulties especially in relation to the technical terminologies, security features and other technical issues. Although the security features are provided to provide a shield or protection, users are still incapable to cope with the technical aspects of such implementation.

Information Security in the Age of Cloud Computing

Science.gov (United States)

Sims, J. Eric

2012-01-01

Information security has been a particularly hot topic since the enhanced internal control requirements of Sarbanes-Oxley (SOX) were introduced in 2002. At about this same time, cloud computing started its explosive growth. Outsourcing of mission-critical functions has always been a gamble for managers, but the advantages of cloud computing are…

Adaptive security protocol selection for mobile computing

NARCIS (Netherlands)

Pontes Soares Rocha, B.; Costa, D.N.O.; Moreira, R.A.; Rezende, C.G.; Loureiro, A.A.F.; Boukerche, A.

2010-01-01

The mobile computing paradigm has introduced new problems for application developers. Challenges include heterogeneity of hardware, software, and communication protocols, variability of resource limitations and varying wireless channel quality. In this scenario, security becomes a major concern for

Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety

Science.gov (United States)

1998-05-01

Given the paramount importance of computer security of Air Traffic Control (ATC) systems, Congress asked the General Accounting Office to determine (1) whether the Fedcral Aviation Administration (FAA) is effectively managing physical security at ATC...

Image matrix processor for fast multi-dimensional computations

Science.gov (United States)

Roberson, George P.; Skeate, Michael F.

1996-01-01

An apparatus for multi-dimensional computation which comprises a computation engine, including a plurality of processing modules. The processing modules are configured in parallel and compute respective contributions to a computed multi-dimensional image of respective two dimensional data sets. A high-speed, parallel access storage system is provided which stores the multi-dimensional data sets, and a switching circuit routes the data among the processing modules in the computation engine and the storage system. A data acquisition port receives the two dimensional data sets representing projections through an image, for reconstruction algorithms such as encountered in computerized tomography. The processing modules include a programmable local host, by which they may be configured to execute a plurality of different types of multi-dimensional algorithms. The processing modules thus include an image manipulation processor, which includes a source cache, a target cache, a coefficient table, and control software for executing image transformation routines using data in the source cache and the coefficient table and loading resulting data in the target cache. The local host processor operates to load the source cache with a two dimensional data set, loads the coefficient table, and transfers resulting data out of the target cache to the storage system, or to another destination.

Towards quantum computation with multi-particle interference

Energy Technology Data Exchange (ETDEWEB)

Tamma, Vincenzo; Schleich, Wolfgang P. [Institut fuer Quantenphysik, Universitaet Ulm (Germany); Shih, Yanhua [Univ. of Maryland, Baltimore County, Baltimore, MD (Germany). Dept. of Physics

2012-07-01

One of the main challenges in quantum computation is the realization of entangled states with a large number of particles. We have experimentally demonstrated a novel factoring algorithm which relies only on optical multi-path interference and on the periodicity properties of Gauss sums with continuous arguments. An interesting implementation of such a method can, in principle, take advantage of matter-wave interferometers characterized by long-time evolution of a BEC in microgravity. A more recent approach to factorization aims to achieve an exponential speed-up without entanglement by exploiting multi-particle m-order interference. In this case, the basic requirement for quantum computation is interference of an exponentially large number of multi-particle amplitudes.

Computer Security: Hacking CERN - a win-win for all

CERN Multimedia

Stefan Lueders, Computer Security Team

2015-01-01

The first round of the CERN WhiteHat Challenge has finished (see here). At the end of March, CERN was "attacked" by a dozen students from the St. Pölten University of Applied Sciences, Austria.   These attacks were part of their Master's degree in computer science and computer security, where they study penetration testing and vulnerability scanning, i.e. finding weaknesses in computing systems: techniques, tools, approaches and ethics. Usually, such studies are done against mock-ups like “Google Gruyere”, the “Damn Vulnerable Web Application” or OWASP’s “WebGoat” and “Hackademic”. However, while those mock-ups are in principle useful, they rarely resemble the operational reality of the Internet. CERN has offered computer security professors an alternative: the opportunity to use CERN’s web-ecosystem and all other systems open to th...

Distributed Scheme to Authenticate Data Storage Security in Cloud Computing

OpenAIRE

B. Rakesh; K. Lalitha; M. Ismail; H. Parveen Sultana

2017-01-01

Cloud Computing is the revolution in current generation IT enterprise. Cloud computing displaces database and application software to the large data centres, where the management of services and data may not be predictable, where as the conventional solutions, for IT services are under proper logical, physical and personal controls. This aspect attribute, however comprises different security challenges which have not been well understood. It concentrates on cloud data storage security which h...

Chaotic maps and biometrics-based anonymous three-party authenticated key exchange protocol without using passwords

International Nuclear Information System (INIS)

Xie Qi; Hu Bin; Chen Ke-Fei; Liu Wen-Hao; Tan Xiao

2015-01-01

In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password-based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well-organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency. (paper)

A Game-Theoretical Approach to Multimedia Social Networks Security

Science.gov (United States)

Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

2014-01-01

The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders. PMID:24977226

Investigation of a Markov Model for Computer System Security Threats

Directory of Open Access Journals (Sweden)

Alexey A. A. Magazev

2017-01-01

Full Text Available In this work, a model for computer system security threats formulated in terms of Markov processes is investigated. In the framework of this model the functioning of the computer system is considered as a sequence of failures and recovery actions which appear as results of information security threats acting on the system. We provide a detailed description of the model: the explicit analytical formulas for the probabilities of computer system states at any arbitrary moment of time are derived, some limiting cases are discussed, and the long-run dynamics of the system is analysed. The dependence of the security state probability (i.e. the state for which threats are absent on the probabilities of threats is separately investigated. In particular, it is shown that this dependence is qualitatively different for odd and even moments of time. For instance, in the case of one threat the security state probability demonstrates non-monotonic dependence on the probability of threat at even moments of time; this function admits at least one local minimum in its domain of definition. It is believed that the mentioned feature is important because it allows to locate the most dangerous areas of threats where the security state probability can be lower then the permissible level. Finally, we introduce an important characteristic of the model, called the relaxation time, by means of which we construct the permitting domain of the security parameters. Also the prospects of the received results application to the problem of finding the optimal values of the security parameters is discussed.

Bibliography for computer security, integrity, and safety

Science.gov (United States)

Bown, Rodney L.

1991-01-01

A bibliography of computer security, integrity, and safety issues is given. The bibliography is divided into the following sections: recent national publications; books; journal, magazine articles, and miscellaneous reports; conferences, proceedings, and tutorials; and government documents and contractor reports.

Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

Energy Technology Data Exchange (ETDEWEB)

Hadley, Mark D.; Clements, Samuel L.

2009-01-01

Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

Ethical Guidelines for Computer Security Researchers: "Be Reasonable"

Science.gov (United States)

Sassaman, Len

For most of its existence, the field of computer science has been lucky enough to avoid ethical dilemmas by virtue of its relatively benign nature. The subdisciplines of programming methodology research, microprocessor design, and so forth have little room for the greater questions of human harm. Other, more recently developed sub-disciplines, such as data mining, social network analysis, behavioral profiling, and general computer security, however, open the door to abuse of users by practitioners and researchers. It is therefore the duty of the men and women who chart the course of these fields to set rules for themselves regarding what sorts of actions on their part are to be considered acceptable and what should be avoided or handled with caution out of ethical concerns. This paper deals solely with the issues faced by computer security researchers, be they vulnerability analysts, privacy system designers, malware experts, or reverse engineers.

Semi-Homomorphic Encryption and Multiparty Computation

DEFF Research Database (Denmark)

Bendlin, Rikke; Damgård, Ivan Bjerre; Orlandi, Claudio

2011-01-01

allow us to construct an efficient multiparty computation protocol for arithmetic circuits, UC-secure against a dishonest majority. The protocol consists of a preprocessing phase and an online phase. Neither the inputs nor the function to be computed have to be known during preprocessing. Moreover......, the online phase is extremely efficient as it requires no cryptographic operations: the parties only need to exchange additive shares and verify information theoretic MACs. Our contribution is therefore twofold: from a theoretical point of view, we can base multiparty computation on a variety of different...

Smart Push, Smart Pull, Sensor to Shooter in a Multi-Level Secure/Safe (MLS) Infrastructure

Science.gov (United States)

2006-05-04

Communication Periods Processing Resource Sanitization Minimum Interrupt Servicing Semaphores Multi-Core Synchronization Primitives Timers And nothing else...Communities of Interest Secure Configuration of all Nodes in Enclave Bandwidth provisioning & partitioning Secure Clock Synchronization Suppression of

Securing MDSplus in a multi-organisation environment

Energy Technology Data Exchange (ETDEWEB)

Castro, R., E-mail: rodrigo.castro@ciemat.e [Asociacion EURATOM/CIEMAT para Fusion, Avda. Complutense, 22, 28040 Madrid (Spain); Vega, J. [Asociacion EURATOM/CIEMAT para Fusion, Avda. Complutense, 22, 28040 Madrid (Spain); Fredian, T. [MIT Plasma Science and Fusion Center, Massachusetts Institute of Technology, NW17-268, 175 Albany Street, Cambridge, MA 02494 (United States); Purahoo, K. [EURATOM/UKAEA Fusion Association, Culham Science Centre, Abingdon OX14 3DB (United Kingdom); Pereira, A.; Portas, A. [Asociacion EURATOM/CIEMAT para Fusion, Avda. Complutense, 22, 28040 Madrid (Spain)

2010-07-15

MDSplus has become the de facto standard data access method in the fusion community. Based on this, it was a priority for EFDA Federation to integrate this technology as a new service for federated users, providing secure access mechanisms to MDSplus compatible applications. To achieve this, it has been necessary to upgrade MDSplus and make it compatible with PAPI technology, which is currently used as security infrastructure in the EFDA Federation. Additionally, the included modifications are useful for future integrations in other federation technologies such as Shibboleth . The integration of MDSplus into a federated structure has several benefits. From the service management point of view, there is a simplification of the installation of new MDSplus services in fusion community and its corresponding security management. From the user point of view, the integration of MDSplus into a federated structure has several advantages. The first one is user mobility, which is the possibility of accessing data independently of his client IP address. The second one is a multi-organisation infrastructure, so the user can access data from different organisations that implement MDSplus interface. Finally, single sign on PAPI feature enables users to access to different MDSplus data sources, and other federated services, with just one authentication.

The New Trend of Security in Cloud Computing

OpenAIRE

Xiangdong Li

2012-01-01

The use of services of cloud computing has been growing widely in industry, organizations and institutions recently, due to its tempting benefits, for example, the scalability, efficiency, flexibility and lower cost. The security issues have been studied and analyzed extensively. In order to understand the risk issues existing in today’s cloud, we discuss the new trend of security of cloud in this paper. The preventing methods are also discussed.

Secure authentication mechanisms for the management interface in cloud computing environments

OpenAIRE

Soares, Liliana Filipa Baptista

2013-01-01

For a handful of years, cloud computing has been a hot catchphrase. The industry has massively adopted it and the academia is focusing on improving the technology, which has been evolving at a quick pace. The cloud computing paradigm consists in adopting solutions provisioned by some cloud providers that are hosted on data centers. Customers are therefore tied to those third-party entities, since they becomes involved in their businesses for being responsible for the Information Technologi...

Cloud Computing Application of Personal Information's Security in Network Sales-channels

OpenAIRE

Sun Qiong; Min Liu; Shiming Pang

2013-01-01

With the promotion of Internet sales, the security of personal information to network users have become increasingly demanding. The existing network of sales channels has personal information security risks, vulnerable to hacker attacking. Taking full advantage of cloud security management strategy, cloud computing security management model is introduced to the network sale of personal information security applications, which is to solve the problem of information leakage. Then we proposed me...