Security-based rescheduling of transactions in a deregulated power system

International Nuclear Information System (INIS)

David, A.K.; Fang, R.S.

1999-01-01

The paper studies security-driven rescheduling in the context of electricity supply industry restructuring. Given that price-based operation is encouraged in an open-market system and that bilateral and pool contracts may coexist within this system, a mathematical methodology to reschedule these transactions, when required for security-related reasons, is developed. The post-contingency corrective capability of each transaction is considered and an attempt is made to achieve optimal rescheduling both for preventive and for post-contingency control. The computational results are helpful for providing an insight into the security challenges faced by an independent system operator in the emerging market structures. (author)

Knowledge-based computer security advisor

International Nuclear Information System (INIS)

Hunteman, W.J.; Squire, M.B.

1991-01-01

The rapid expansion of computer security information and technology has included little support to help the security officer identify the safeguards needed to comply with a policy and to secure a computing system. This paper reports that Los Alamos is developing a knowledge-based computer security system to provide expert knowledge to the security officer. This system includes a model for expressing the complex requirements in computer security policy statements. The model is part of an expert system that allows a security officer to describe a computer system and then determine compliance with the policy. The model contains a generic representation that contains network relationships among the policy concepts to support inferencing based on information represented in the generic policy description

Design and implementation of a secure workflow system based on PKI/PMI

Science.gov (United States)

Yan, Kai; Jiang, Chao-hui

2013-03-01

As the traditional workflow system in privilege management has the following weaknesses: low privilege management efficiency, overburdened for administrator, lack of trust authority etc. A secure workflow model based on PKI/PMI is proposed after studying security requirements of the workflow systems in-depth. This model can achieve static and dynamic authorization after verifying user's ID through PKC and validating user's privilege information by using AC in workflow system. Practice shows that this system can meet the security requirements of WfMS. Moreover, it can not only improve system security, but also ensures integrity, confidentiality, availability and non-repudiation of the data in the system.

FlySec: a risk-based airport security management system based on security as a service concept

Science.gov (United States)

Kyriazanos, Dimitris M.; Segou, Olga E.; Zalonis, Andreas; Thomopoulos, Stelios C. A.

2016-05-01

Complementing the ACI/IATA efforts, the FLYSEC European H2020 Research and Innovation project (http://www.fly-sec.eu/) aims to develop and demonstrate an innovative, integrated and end-to-end airport security process for passengers, enabling a guided and streamlined procedure from the landside to airside and into the boarding gates, and offering for an operationally validated innovative concept for end-to-end aviation security. FLYSEC ambition turns through a well-structured work plan into: (i) innovative processes facilitating risk-based screening; (ii) deployment and integration of new technologies and repurposing existing solutions towards a risk-based Security paradigm shift; (iii) improvement of passenger facilitation and customer service, bringing security as a real service in the airport of tomorrow;(iv) achievement of measurable throughput improvement and a whole new level of Quality of Service; and (v) validation of the results through advanced "in-vitro" simulation and "in-vivo" pilots. On the technical side, FLYSEC achieves its ambitious goals by integrating new technologies on video surveillance, intelligent remote image processing and biometrics combined with big data analysis, open-source intelligence and crowdsourcing. Repurposing existing technologies is also in the FLYSEC objectives, such as mobile application technologies for improved passenger experience and positive boarding applications (i.e. services to facilitate boarding and landside/airside way finding) as well as RFID for carry-on luggage tracking and quick unattended luggage handling. In this paper, the authors will describe the risk based airport security management system which powers FLYSEC intelligence and serves as the backend on top of which FLYSEC's front end technologies reside for security services management, behaviour and risk analysis.

Security analysis of communication system based on the synchronization of different order chaotic systems

International Nuclear Information System (INIS)

Alvarez, Gonzalo; Hernandez, Luis; Munoz, Jaime; Montoya, Fausto; Li Shujun

2005-01-01

This Letter analyzes the security weakness of a recently proposed communication method based on chaotic modulation and masking using synchronization of two chaotic systems with different orders. It is shown that its application to secure communication is unsafe, because it can be broken in two different ways, by high-pass filtering and by reduced order system synchronization, without knowing neither the system parameter values nor the system key

Modeling and Security Threat Assessments of Data Processed in Cloud Based Information Systems

Directory of Open Access Journals (Sweden)

Darya Sergeevna Simonenkova

2016-03-01

Full Text Available The subject of the research is modeling and security threat assessments of data processed in cloud based information systems (CBIS. This method allow to determine the current security threats of CBIS, state of the system in which vulnerabilities exists, level of possible violators, security properties and to generate recommendations for neutralizing security threats of CBIS.

Conceptual Design Approach to Implementing Hardware-based Security Controls in Data Communication Systems

International Nuclear Information System (INIS)

Ibrahim, Ahmad Salah; Jung, Jaecheon

2016-01-01

In the Korean Advanced Power Reactor (APR1400), safety control systems network is electrically isolated and physically separated from non-safety systems data network. Unidirectional gateways, include data diode fiber-optic cabling and computer-based servers, transmit the plant safety critical parameters to the main control room (MCR) for control and monitoring processes. The data transmission is only one-way from safety to non-safety. Reverse communication is blocked so that safety systems network is protected from potential cyberattacks or intrusions from non-safety side. Most of commercials off-the-shelf (COTS) security devices are software-based solutions that require operating systems and processors to perform its functions. Field Programmable Gate Arrays (FPGAs) offer digital hardware solutions to implement security controls such as data packet filtering and deep data packet inspection. This paper presents a conceptual design to implement hardware-based network security controls for maintaining the availability of gateway servers. A conceptual design of hardware-based network security controls was discussed in this paper. The proposed design is aiming at utilizing the hardware-based capabilities of FPGAs together with filtering and DPI functions of COTS software-based firewalls and intrusion detection and prevention systems (IDPS). The proposed design implemented a network security perimeter between the DCN-I zone and gateway servers zone. Security control functions are to protect the gateway servers from potential DoS attacks that could affect the data availability and integrity

Conceptual Design Approach to Implementing Hardware-based Security Controls in Data Communication Systems

Energy Technology Data Exchange (ETDEWEB)

Ibrahim, Ahmad Salah; Jung, Jaecheon [KEPCO International Nuclear Graduate School, Ulsan (Korea, Republic of)

2016-10-15

In the Korean Advanced Power Reactor (APR1400), safety control systems network is electrically isolated and physically separated from non-safety systems data network. Unidirectional gateways, include data diode fiber-optic cabling and computer-based servers, transmit the plant safety critical parameters to the main control room (MCR) for control and monitoring processes. The data transmission is only one-way from safety to non-safety. Reverse communication is blocked so that safety systems network is protected from potential cyberattacks or intrusions from non-safety side. Most of commercials off-the-shelf (COTS) security devices are software-based solutions that require operating systems and processors to perform its functions. Field Programmable Gate Arrays (FPGAs) offer digital hardware solutions to implement security controls such as data packet filtering and deep data packet inspection. This paper presents a conceptual design to implement hardware-based network security controls for maintaining the availability of gateway servers. A conceptual design of hardware-based network security controls was discussed in this paper. The proposed design is aiming at utilizing the hardware-based capabilities of FPGAs together with filtering and DPI functions of COTS software-based firewalls and intrusion detection and prevention systems (IDPS). The proposed design implemented a network security perimeter between the DCN-I zone and gateway servers zone. Security control functions are to protect the gateway servers from potential DoS attacks that could affect the data availability and integrity.

A MEMS-based, wireless, biometric-like security system

Science.gov (United States)

Cross, Joshua D.; Schneiter, John L.; Leiby, Grant A.; McCarter, Steven; Smith, Jeremiah; Budka, Thomas P.

2010-04-01

We present a system for secure identification applications that is based upon biometric-like MEMS chips. The MEMS chips have unique frequency signatures resulting from fabrication process variations. The MEMS chips possess something analogous to a "voiceprint". The chips are vacuum encapsulated, rugged, and suitable for low-cost, highvolume mass production. Furthermore, the fabrication process is fully integrated with standard CMOS fabrication methods. One is able to operate the MEMS-based identification system similarly to a conventional RFID system: the reader (essentially a custom network analyzer) detects the power reflected across a frequency spectrum from a MEMS chip in its vicinity. We demonstrate prototype "tags" - MEMS chips placed on a credit card-like substrate - to show how the system could be used in standard identification or authentication applications. We have integrated power scavenging to provide DC bias for the MEMS chips through the use of a 915 MHz source in the reader and a RF-DC conversion circuit on the tag. The system enables a high level of protection against typical RFID hacking attacks. There is no need for signal encryption, so back-end infrastructure is minimal. We believe this system would make a viable low-cost, high-security system for a variety of identification and authentication applications.

E-commerce System Security Assessment based on Bayesian Network Algorithm Research

OpenAIRE

Ting Li; Xin Li

2013-01-01

Evaluation of e-commerce network security is based on assessment method Bayesian networks, and it first defines the vulnerability status of e-commerce system evaluation index and the vulnerability of the state model of e-commerce systems, and after the principle of the Bayesian network reliability of e-commerce system and the criticality of the vulnerabilities were analyzed, experiments show that the change method is a good evaluation of the security of e-commerce systems.

A Chaos-Based Secure Direct-Sequence/Spread-Spectrum Communication System

Directory of Open Access Journals (Sweden)

Nguyen Xuan Quyen

2013-01-01

Full Text Available This paper proposes a chaos-based secure direct-sequence/spread-spectrum (DS/SS communication system which is based on a novel combination of the conventional DS/SS and chaos techniques. In the proposed system, bit duration is varied according to a chaotic behavior but is always equal to a multiple of the fixed chip duration in the communication process. Data bits with variable duration are spectrum-spread by multiplying directly with a pseudonoise (PN sequence and then modulated onto a sinusoidal carrier by means of binary phase-shift keying (BPSK. To recover exactly the data bits, the receiver needs an identical regeneration of not only the PN sequence but also the chaotic behavior, and hence data security is improved significantly. Structure and operation of the proposed system are analyzed in detail. Theoretical evaluation of bit-error rate (BER performance in presence of additive white Gaussian noise (AWGN is provided. Parameter choice for different cases of simulation is also considered. Simulation and theoretical results are shown to verify the reliability and feasibility of the proposed system. Security of the proposed system is also discussed.

System Security Management in SNMP

OpenAIRE

P. Deivendran; Dr. R. Dhanapal Ph.D

2010-01-01

We present a framework for managing system security, based on a SNMP Management Information Base (MIB), namely the System Security MIB (SSEC MIB), We have defined managed objects and completed the ASN.1 description of the MIB that embeds them. The related security management functions are mainly focused on monitoring external script execution for system security scanning and access control. The main goal of this work is to introduce the semantics and a standard interface that will allow the r...

The method of a joint intraday security check system based on cloud computing

Science.gov (United States)

Dong, Wei; Feng, Changyou; Zhou, Caiqi; Cai, Zhi; Dan, Xu; Dai, Sai; Zhang, Chuancheng

2017-01-01

The intraday security check is the core application in the dispatching control system. The existing security check calculation only uses the dispatch center’s local model and data as the functional margin. This paper introduces the design of all-grid intraday joint security check system based on cloud computing and its implementation. To reduce the effect of subarea bad data on the all-grid security check, a new power flow algorithm basing on comparison and adjustment with inter-provincial tie-line plan is presented. And the numerical example illustrated the effectiveness and feasibility of the proposed method.

Security analysis of chaotic communication systems based on Volterra-Wiener-Korenberg model

International Nuclear Information System (INIS)

Lei Min; Meng Guang; Feng Zhengjin

2006-01-01

Pseudo-randomicity is an important cryptological characteristic for proof of encryption algorithms. This paper proposes a nonlinear detecting method based on Volterra-Wiener-Korenberg model and suggests an autocorrelation function to analyze the pseudo-randomicity of chaotic secure systems under different sampling interval. The results show that: (1) the increase of the order of the chaotic transmitter will not necessarily result in a high degree of security; (2) chaotic secure systems have higher and stronger pseudo-randomicity at sparse sampling interval due to the similarity of chaotic time series to the noise; (3) Volterra-Wiener-Korenberg method can also give a further appropriate sparse sampling interval for improving the security of chaotic secure communication systems. For unmasking chaotic communication systems, the Volterra-Wiener-Korenberg technique can be applied to analyze the chaotic time series with surrogate data

Attack tree based cyber security analysis of nuclear digital instrumentation and control systems

International Nuclear Information System (INIS)

Khand, P.A.

2009-01-01

To maintain the cyber security, nuclear digital Instrumentation and Control (I and C) systems must be analyzed for security risks because a single security breach due to a cyber attack can cause system failure, which can have catastrophic consequences on the environment and staff of a Nuclear Power Plant (NPP). Attack trees have been widely used to analyze the cyber security of digital systems due to their ability to capture system specific as well as attacker specific details. Therefore, a methodology based on attack trees has been proposed to analyze the cyber security of the systems. The methodology has been applied for the Cyber Security Analysis (CSA) of a Bistable Processor (BP) of a Reactor Protection System (RPS). Threats have been described according to their source. Attack scenarios have been generated using the attack tree and possible counter measures according to the Security Risk Level (SRL) of each scenario have been suggested. Moreover, cyber Security Requirements (SRs) have been elicited, and suitability of the requirements has been checked. (author)

Development of Food Security Information System Based on Business Intelligence in Food Security Agency, Ministry of Agriculture, Indonesia

OpenAIRE

Hendrawaty, Manise; Harisno, Harisno

2014-01-01

Food is the main basic need of human, because of that fulfillment of human need of food has to be fulfilled. So it can fulfill that need, then government institution, Food Security Agency (BKP) is formed so it can monitor fulfillment of food need of society. The goals of this writing are to develop food security information system that provides dashboard facility based on business intelligence, to develop food security information system that can give fast, precise and real time information a...

Security Information System Digital Simulation

OpenAIRE

Tao Kuang; Shanhong Zhu

2015-01-01

The study built a simulation model for the study of food security information system relay protection. MATLAB-based simulation technology can support the analysis and design of food security information systems. As an example, the food security information system fault simulation, zero-sequence current protection simulation and transformer differential protection simulation are presented in this study. The case studies show that the simulation of food security information system relay protect...

Analysis of appraisal tool of system security engineering capability maturity based on component

International Nuclear Information System (INIS)

Liu Zhenghai; Yang Xiaohua; Zou Shuliang; Liu Yachun; Xiao Jiantian; Liu Zhiming

2012-01-01

Spent Fuel Reprocessing is a part of nuclear fuel cycle and is the inevitably choice of nuclear power sustainable development. Reprocessing needs to face with radiological, criticality, chemical hazards. Besides using the tradition appraisal methods based on the security goals, it is a beneficial supplement that using the appraisal method of system security engineering capability maturity model based on the process. Experts should check and approve large numbers of documents during the appraisal based on system security engineering capability maturity model, so it is necessary that developing a tool to assist the expert to complete the appraisal. The method of developing software based on component is highly effective, nimble and reliable. Component technology is analyzed, the methods of extraction model domain components and general components is introduced, and the appraisal system is developed based on component technology. (authors)

Drivers of forests and tree-based systems for food security and nutrition

DEFF Research Database (Denmark)

Kleinschmit, Daniela; Sijapati Basnett, Bimbika; Martin, Adrian

2015-01-01

In the context of this chapter, drivers are considered to be natural or anthropogenic developments affecting forests and tree-based systems for food security and nutrition. They can improve and contribute to food security and nutrition, but they can also lead to food insecurity and malnutrition. ...... consumption, income and livelihood; or through both. These drivers are interrelated and can have different consequences depending on the social structure; for example, they can support food security for elite groups but can increase the vulnerability of other groups.......In the context of this chapter, drivers are considered to be natural or anthropogenic developments affecting forests and tree-based systems for food security and nutrition. They can improve and contribute to food security and nutrition, but they can also lead to food insecurity and malnutrition......, commercialisation of agriculture, industrialisation of forest resources, gender imbalances, conflicts, formalisation of tenure rights, rising food prices and increasing per capita income) were identified within these four categories. They affect food security and nutrition through land use and management; through...

Authorization & security aspects in the middleware-based healthcare information system.

Science.gov (United States)

Andany, J; Bjorkendal, C; Ferrara, F M; Scherrer, J R; Spahni, S

1999-01-01

The integration and evolution of existing systems represents one of the most urgent priorities of health care information systems in order to allow the whole organisation to meet the increasing clinical organisational and managerial needs. The CEN ENV 12967-1 'Healthcare Information Systems Architecture'(HISA) standard defines an architectural approach based on a middleware of business-specific common services, enabling all parts of the local and geographical system to operate on the common information heritage of the organisation and on exploiting a set of common business-oriented functionality. After an overview on the key aspects of HISA, this paper discusses the positioning of the authorization and security aspects in the overall architecture. A global security framework is finally proposed.

Security extension for the Canetti-Krawczyk model in identity-based systems

Institute of Scientific and Technical Information of China (English)

LI Xinghua; MA Jianfeng; SangJae Moon

2005-01-01

The Canetti-Krawczyk (CK) model is a formalism for the analysis of keyexchange protocols, which can guarantee many security properties for the protocols proved secure by this model. But we find this model lacks the ability to guarantee key generation center (KGC) forward secrecy, which is an important security property for key-agreement protocols based on Identity. The essential reason leading to this weakness is that it does not fully consider the attacker's capabilities. In this paper, the CK model is accordingly extended with a new additional attacker's capability of the KGC corruption in Identity-based systems, which enables it to support KGC forward secrecy.

MODEL-BASED SECURITY ENGINEERING OF SOA SYSTEM USING SECURITY INTENT DSL

OpenAIRE

Muhammad Qaiser Saleem; Jafreezal Jaafar; Mohd Fadzil Hassan

2011-01-01

Currently most of the enterprises are using SOA and web services technologies to build their web information system. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of development and left onto developer. Properly configuring security requirements in SOA applications is...

Multi-Agent System based Event-Triggered Hybrid Controls for High-Security Hybrid Energy Generation Systems

DEFF Research Database (Denmark)

Dou, Chun-Xia; Yue, Dong; Guerrero, Josep M.

2017-01-01

This paper proposes multi-agent system based event- triggered hybrid controls for guaranteeing energy supply of a hybrid energy generation system with high security. First, a mul-ti-agent system is constituted by an upper-level central coordi-nated control agent combined with several lower......-level unit agents. Each lower-level unit agent is responsible for dealing with internal switching control and distributed dynamic regula-tion for its unit system. The upper-level agent implements coor-dinated switching control to guarantee the power supply of over-all system with high security. The internal...

Model-based security testing

OpenAIRE

Schieferdecker, Ina; Großmann, Jürgen; Schneider, Martin

2012-01-01

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security...

A Development Framework for Software Security in Nuclear Safety Systems: Integrating Secure Development and System Security Activities

Energy Technology Data Exchange (ETDEWEB)

Park, Jaekwan; Suh, Yongsuk [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

2014-02-15

The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.

A Survey of Public Key Infrastructure-Based Security for Mobile Communication Systems

Directory of Open Access Journals (Sweden)

Mohammed Ramadan

2016-08-01

Full Text Available Mobile communication security techniques are employed to guard the communication between the network entities. Mobile communication cellular systems have become one of the most important communication systems in recent times and are used by millions of people around the world. Since the 1990s, considerable efforts have been taken to improve both the communication and security features of the mobile communications systems. However, these improvements divide the mobile communications field into different generations according to the communication and security techniques such as A3, A5 and A8 algorithms for 2G-GSM cellular system, 3G-authentication and key agreement (AKA, evolved packet system-authentication and key agreement (EPS-AKA, and long term evolution-authentication and key agreement (LTE-AKA algorithms for 3rd generation partnership project (3GPP systems. Furthermore, these generations have many vulnerabilities, and huge security work is involved to solve such problems. Some of them are in the field of the public key cryptography (PKC which requires a high computational cost and more network flexibility to be achieved. As such, the public key infrastructure (PKI is more compatible with the modern generations due to the superior communications features. This paper surveys the latest proposed works on the security of GSM, CDMA, and LTE cellular systems using PKI. Firstly, we present the security issues for each generation of mobile communication systems, then we study and analyze the latest proposed schemes and give some comparisons. Finally, we introduce some new directions for the future scope. This paper classifies the mobile communication security schemes according to the techniques used for each cellular system and covers some of the PKI-based security techniques such as authentication, key agreement, and privacy preserving.

Novel online security system based on rare-earth-doped glass microbeads

Science.gov (United States)

Officer, Simon; Prabhu, G. R.; Pollard, Pat; Hunter, Catherine; Ross, Gary A.

2004-06-01

A novel fluorescent security label has been produced that could replace numerous conventional fluorescent dyes in document security. This label utilizes rare earth ions doped in a borosilicate glass matrix to produce sharp spectral fluorescence peaks with characteristic long lifetimes due to the rare earth ions. These are subsequently detected by an online detection system based on fluorescence and the long lifetimes to avoid any interference from other fluorophores present in the background. Security is further enhanced by the interaction of the rare earth ions with each other and the effect of the host on the emission spectra and therefore the number of permutations that could be produced. This creates a very secure label with various applications for the security market.

A Security Audit Framework to Manage Information System Security

Science.gov (United States)

Pereira, Teresa; Santos, Henrique

The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

IEC-based neutron generator for security inspection system

International Nuclear Information System (INIS)

Miley, G.H.; Wu, L.; Kim, H.J.

2005-01-01

Use of a combined X-ray and neutron source for security inspections based on Inertial Electrostatic Confinement (IEC) fusion is discussed. Current inspection systems typically use X-ray techniques, but thermal neutron analysis (TNA) and fast neutron analysis (FNA), allow expanded detection of certain types of explosives. The integrated unit proposed here uses three separate IEC sources producing 14 and 2.45 MeV neutrons plus soft X-rays. This combination allows multiple detection methods with the composite signal analysis being done by a fuzzy logic system, significantly reducing false signals. (author)

Network systems security analysis

Science.gov (United States)

Yilmaz, Ä.°smail

2015-05-01

Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

A coherency-based method to increase dynamic security in power systems

Energy Technology Data Exchange (ETDEWEB)

De Tuglie, E. [Dipartimento di Ingegneria dell' Ambiente e per lo Sviluppo Sostenibile - DIASS, Politecnico di Bari, Viale del Turismo 8, 74100 Taranto (Italy); Iannone, S.M.; Torelli, F. [Dipartimento di Elettrotecnica ed Elettronica - DEE, Politecnico di Bari, Via Re David 200, 70125 Bari (Italy)

2008-08-15

Dynamic security analysis is the evaluation of the ability of a system to withstand contingencies by surviving transient conditions to acceptable steady-state operative states. When potential instability due to contingency is detected, preventive action may be desired to improve the system security. This is very important in the on-line operation of a power system, especially when the system is stability-limited. The method proposed in this paper is based on the idea that increasing coherency between generators in the transient behaviour following a system perturbation gives rise to a more stable system. In this paper, we suggest the use of the ''input-output feedback-linearization'' with a reference trajectory obtained using a system dynamic equivalent based on the centre of inertia. To quantify coherency levels a new coherency indicator has been assumed for the given reference trajectory. The result is an increasing level in coherency, critical clearing time and system stability. The method is tested on the IEEE 30 bus test system. (author)

Risk assessment of security systems based on entropy theory and the Neyman–Pearson criterion

International Nuclear Information System (INIS)

Lv, Haitao; Yin, Chao; Cui, Zongmin; Zhan, Qin; Zhou, Hongbo

2015-01-01

For a security system, the risk assessment is an important method to verdict whether its protection effectiveness is good or not. In this paper, a security system is regarded abstractly as a network by the name of a security network. A security network is made up of security nodes that are abstract functional units with the ability of detecting, delaying and responding. By the use of risk entropy and the Neyman–Pearson criterion, we construct a model to computer the protection probability of any position in the area where a security network is deployed. We provide a solution to find the most vulnerable path of a security network and the protection probability on the path is considered as the risk measure. Finally, we study the effect of some parameters on the risk and the breach protection probability of a security network. Ultimately, we can gain insight about the risk assessment of a security system. - Highlights: • A security system is regarded abstractly as a network made up of security nodes. • We construct a model to computer the protection probability provided by a security network. • We provide a better solution to find the most vulnerable path of a security network. • We build a risk assessment model for a security network based on the most vulnerable path

Security System Software

Science.gov (United States)

1993-01-01

C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.

An Improved Constraint-Based System for the Verification of Security Protocols

NARCIS (Netherlands)

Corin, R.J.; Etalle, Sandro

We propose a constraint-based system for the verification of security protocols that improves upon the one developed by Millen and Shmatikov [30]. Our system features (1) a significantly more efficient implementation, (2) a monotonic behavior, which also allows to detect flaws associated to partial

An Improved Constraint-based system for the verification of security protocols

NARCIS (Netherlands)

Corin, R.J.; Etalle, Sandro; Hermenegildo, Manuel V.; Puebla, German

We propose a constraint-based system for the verification of security protocols that improves upon the one developed by Millen and Shmatikov. Our system features (1) a significantly more efficient implementation, (2) a monotonic behavior, which also allows to detect aws associated to partial runs

Scalable Security and Accounting Services for Content-Based Publish/Subscribe Systems

OpenAIRE

Himanshu Khurana; Radostina K. Koleva

2006-01-01

Content-based publish/subscribe systems offer an interaction scheme that is appropriate for a variety of large-scale dynamic applications. However, widespread use of these systems is hindered by a lack of suitable security services. In this paper, we present scalable solutions for confidentiality, integrity, and authentication for these systems. We also provide verifiable usage-based accounting services, which are required for e-commerce and e-business applications that use publish/subscribe ...

Information security system based on virtual-optics imaging methodology and public key infrastructure

Science.gov (United States)

Peng, Xiang; Zhang, Peng; Cai, Lilong

In this paper, we present a virtual-optical based information security system model with the aid of public-key-infrastructure (PKI) techniques. The proposed model employs a hybrid architecture in which our previously published encryption algorithm based on virtual-optics imaging methodology (VOIM) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). For an asymmetric system, given an encryption key, it is computationally infeasible to determine the decryption key and vice versa. The whole information security model is run under the framework of PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOIM security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network.

A Novel Secure IoT-Based Smart Home Automation System Using a Wireless Sensor Network

Science.gov (United States)

Pirbhulal, Sandeep; Zhang, Heye; E Alahi, Md Eshrat; Ghayvat, Hemant; Mukhopadhyay, Subhas Chandra; Zhang, Yuan-Ting; Wu, Wanqing

2016-01-01

Wireless sensor networks (WSNs) provide noteworthy benefits over traditional approaches for several applications, including smart homes, healthcare, environmental monitoring, and homeland security. WSNs are integrated with the Internet Protocol (IP) to develop the Internet of Things (IoT) for connecting everyday life objects to the internet. Hence, major challenges of WSNs include: (i) how to efficiently utilize small size and low-power nodes to implement security during data transmission among several sensor nodes; (ii) how to resolve security issues associated with the harsh and complex environmental conditions during data transmission over a long coverage range. In this study, a secure IoT-based smart home automation system was developed. To facilitate energy-efficient data encryption, a method namely Triangle Based Security Algorithm (TBSA) based on efficient key generation mechanism was proposed. The proposed TBSA in integration of the low power Wi-Fi were included in WSNs with the Internet to develop a novel IoT-based smart home which could provide secure data transmission among several associated sensor nodes in the network over a long converge range. The developed IoT based system has outstanding performance by fulfilling all the necessary security requirements. The experimental results showed that the proposed TBSA algorithm consumed less energy in comparison with some existing methods. PMID:28042831

A Novel Secure IoT-Based Smart Home Automation System Using a Wireless Sensor Network.

Science.gov (United States)

Pirbhulal, Sandeep; Zhang, Heye; E Alahi, Md Eshrat; Ghayvat, Hemant; Mukhopadhyay, Subhas Chandra; Zhang, Yuan-Ting; Wu, Wanqing

2016-12-30

Wireless sensor networks (WSNs) provide noteworthy benefits over traditional approaches for several applications, including smart homes, healthcare, environmental monitoring, and homeland security. WSNs are integrated with the Internet Protocol (IP) to develop the Internet of Things (IoT) for connecting everyday life objects to the internet. Hence, major challenges of WSNs include: (i) how to efficiently utilize small size and low-power nodes to implement security during data transmission among several sensor nodes; (ii) how to resolve security issues associated with the harsh and complex environmental conditions during data transmission over a long coverage range. In this study, a secure IoT-based smart home automation system was developed. To facilitate energy-efficient data encryption, a method namely Triangle Based Security Algorithm (TBSA) based on efficient key generation mechanism was proposed. The proposed TBSA in integration of the low power Wi-Fi were included in WSNs with the Internet to develop a novel IoT-based smart home which could provide secure data transmission among several associated sensor nodes in the network over a long converge range. The developed IoT based system has outstanding performance by fulfilling all the necessary security requirements. The experimental results showed that the proposed TBSA algorithm consumed less energy in comparison with some existing methods.

A Novel Secure IoT-Based Smart Home Automation System Using a Wireless Sensor Network

Directory of Open Access Journals (Sweden)

Sandeep Pirbhulal

2016-12-01

Full Text Available Wireless sensor networks (WSNs provide noteworthy benefits over traditional approaches for several applications, including smart homes, healthcare, environmental monitoring, and homeland security. WSNs are integrated with the Internet Protocol (IP to develop the Internet of Things (IoT for connecting everyday life objects to the internet. Hence, major challenges of WSNs include: (i how to efficiently utilize small size and low-power nodes to implement security during data transmission among several sensor nodes; (ii how to resolve security issues associated with the harsh and complex environmental conditions during data transmission over a long coverage range. In this study, a secure IoT-based smart home automation system was developed. To facilitate energy-efficient data encryption, a method namely Triangle Based Security Algorithm (TBSA based on efficient key generation mechanism was proposed. The proposed TBSA in integration of the low power Wi-Fi were included in WSNs with the Internet to develop a novel IoT-based smart home which could provide secure data transmission among several associated sensor nodes in the network over a long converge range. The developed IoT based system has outstanding performance by fulfilling all the necessary security requirements. The experimental results showed that the proposed TBSA algorithm consumed less energy in comparison with some existing methods.

OpenID connect as a security service in Cloud-based diagnostic imaging systems

Science.gov (United States)

Ma, Weina; Sartipi, Kamran; Sharghi, Hassan; Koff, David; Bak, Peter

2015-03-01

The evolution of cloud computing is driving the next generation of diagnostic imaging (DI) systems. Cloud-based DI systems are able to deliver better services to patients without constraining to their own physical facilities. However, privacy and security concerns have been consistently regarded as the major obstacle for adoption of cloud computing by healthcare domains. Furthermore, traditional computing models and interfaces employed by DI systems are not ready for accessing diagnostic images through mobile devices. RESTful is an ideal technology for provisioning both mobile services and cloud computing. OpenID Connect, combining OpenID and OAuth together, is an emerging REST-based federated identity solution. It is one of the most perspective open standards to potentially become the de-facto standard for securing cloud computing and mobile applications, which has ever been regarded as "Kerberos of Cloud". We introduce OpenID Connect as an identity and authentication service in cloud-based DI systems and propose enhancements that allow for incorporating this technology within distributed enterprise environment. The objective of this study is to offer solutions for secure radiology image sharing among DI-r (Diagnostic Imaging Repository) and heterogeneous PACS (Picture Archiving and Communication Systems) as well as mobile clients in the cloud ecosystem. Through using OpenID Connect as an open-source identity and authentication service, deploying DI-r and PACS to private or community clouds should obtain equivalent security level to traditional computing model.

Security of public key encryption technique based on multiple chaotic systems

International Nuclear Information System (INIS)

Wang Kai; Pei Wenjiang; Zou Liuhua; Cheung Yiuming; He Zhenya

2006-01-01

Recently, a new public key encryption technique based on multiple chaotic systems has been proposed [B. Ranjan, Phys. Rev. Lett. 95 (2005) 098702]. This scheme employs m-chaotic systems and a set of linear functions for key exchange over an insecure channel. Security of the proposed algorithm grows as (NP) m , where N, P are the size of the key and the computational complexity of the linear functions respectively. In this Letter, the fundamental weakness of the cryptosystem is pointed out and a successful attack is described. Given the public keys and the initial vector, one can calculate the secret key based on Parseval's theorem. Both theoretical and experimental results show that the attacker can access to the secret key without difficulty. The lack of security discourages the use of such algorithm for practical applications

OpenID Connect as a security service in cloud-based medical imaging systems.

Science.gov (United States)

Ma, Weina; Sartipi, Kamran; Sharghigoorabi, Hassan; Koff, David; Bak, Peter

2016-04-01

The evolution of cloud computing is driving the next generation of medical imaging systems. However, privacy and security concerns have been consistently regarded as the major obstacles for adoption of cloud computing by healthcare domains. OpenID Connect, combining OpenID and OAuth together, is an emerging representational state transfer-based federated identity solution. It is one of the most adopted open standards to potentially become the de facto standard for securing cloud computing and mobile applications, which is also regarded as "Kerberos of cloud." We introduce OpenID Connect as an authentication and authorization service in cloud-based diagnostic imaging (DI) systems, and propose enhancements that allow for incorporating this technology within distributed enterprise environments. The objective of this study is to offer solutions for secure sharing of medical images among diagnostic imaging repository (DI-r) and heterogeneous picture archiving and communication systems (PACS) as well as Web-based and mobile clients in the cloud ecosystem. The main objective is to use OpenID Connect open-source single sign-on and authorization service and in a user-centric manner, while deploying DI-r and PACS to private or community clouds should provide equivalent security levels to traditional computing model.

Drivers of forests and tree-based systems for food security and nutrition

DEFF Research Database (Denmark)

Kleinschmit, Daniela; Sijapati Basnett, Bimbika; Martin, Adrian

2015-01-01

In the context of this chapter, drivers are considered to be natural or anthropogenic developments affecting forests and tree-based systems for food security and nutrition. They can improve and contribute to food security and nutrition, but they can also lead to food insecurity and malnutrition......, commercialisation of agriculture, industrialisation of forest resources, gender imbalances, conflicts, formalisation of tenure rights, rising food prices and increasing per capita income) were identified within these four categories. They affect food security and nutrition through land use and management; through...

Model-Based Security Testing

Directory of Open Access Journals (Sweden)

Ina Schieferdecker

2012-02-01

Full Text Available Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.

Prototype system of secure VOD

Science.gov (United States)

Minemura, Harumi; Yamaguchi, Tomohisa

1997-12-01

Secure digital contents delivery systems are to realize copyright protection and charging mechanism, and aim at secure delivery service of digital contents. Encrypted contents delivery and history (log) management are means to accomplish this purpose. Our final target is to realize a video-on-demand (VOD) system that can prevent illegal usage of video data and manage user history data to achieve a secure video delivery system on the Internet or Intranet. By now, mainly targeting client-server systems connected with enterprise LAN, we have implemented and evaluated a prototype system based on the investigation into the delivery method of encrypted video contents.

Security-aware design for cyber-physical systems a platform-based approach

CERN Document Server

Lin, Chung-Wei

2017-01-01

Addressing the rising security issues during the design stages of cyber-physical systems, this book develops a systematic approach to address security at early design stages together with all other design constraints. Cyber-attacks become more threatening as systems are becoming more connected with the surrounding environment, infrastructures, and other systems. Security mechanisms can be designed to protect against attacks and meet security requirements, but there are many challenges of applying security mechanisms to cyber-physical systems including open environments, limited resources, strict timing requirements, and large number of devices. Designed for researchers and professionals, this book is valuable for individuals working in network systems, security mechanisms, and system design. It is also suitable for advanced-level students of computer science. .

A security and privacy preserving e-prescription system based on smart cards.

Science.gov (United States)

Hsu, Chien-Lung; Lu, Chung-Fu

2012-12-01

In 2002, Ateniese and Medeiros proposed an e-prescription system, in which the patient can store e-prescription and related information using smart card. Latter, Yang et al. proposed a novel smart-card based e-prescription system based on Ateniese and Medeiros's system in 2004. Yang et al. considered the privacy issues of prescription data and adopted the concept of a group signature to provide patient's privacy protection. To make the e-prescription system more realistic, they further applied a proxy signature to allow a patient to delegate his signing capability to other people. This paper proposed a novel security and privacy preserving e-prescription system model based on smart cards. A new role, chemist, is included in the system model for settling the medicine dispute. We further presented a concrete identity-based (ID-based) group signature scheme and an ID-based proxy signature scheme to realize the proposed model. Main property of an ID-based system is that public key is simple user's identity and can be verified without extra public key certificates. Our ID-based group signature scheme can allow doctors to sign e-prescription anonymously. In a case of a medical dispute, identities of the doctors can be identified. The proposed ID-based proxy signature scheme can improve signing delegation and allows a delegation chain. The proposed e-prescription system based on our proposed two cryptographic schemes is more practical and efficient than Yang et al.'s system in terms of security, communication overheads, computational costs, practical considerations.

Adaptive fuzzy observer based synchronization design and secure communications of chaotic systems

International Nuclear Information System (INIS)

Hyun, Chang-Ho; Kim, Jae-Hun; Kim, Euntai; Park, Mignon

2006-01-01

This paper proposes a synchronization design scheme based on an alternative indirect adaptive fuzzy observer and its application to secure communication of chaotic systems. It is assumed that their states are unmeasurable and their parameters are unknown. Chaotic systems and the structure of the fuzzy observer are represented by the Takagi-Sugeno fuzzy model. Using Lyapunov stability theory, an adaptive law is derived to estimate the unknown parameters and the stability of the proposed system is guaranteed. Through this process, the asymptotic synchronization of chaotic systems is achieved. The proposed observer is applied to secure communications of chaotic systems and some numerical simulation results show the validity of theoretical derivations and the performance of the proposed observer

Secure Web-based Ground System User Interfaces over the Open Internet

Science.gov (United States)

Langston, James H.; Murray, Henry L.; Hunt, Gary R.

1998-01-01

A prototype has been developed which makes use of commercially available products in conjunction with the Java programming language to provide a secure user interface for command and control over the open Internet. This paper reports successful demonstration of: (1) Security over the Internet, including encryption and certification; (2) Integration of Java applets with a COTS command and control product; (3) Remote spacecraft commanding using the Internet. The Java-based Spacecraft Web Interface to Telemetry and Command Handling (Jswitch) ground system prototype provides these capabilities. This activity demonstrates the use and integration of current technologies to enable a spacecraft engineer or flight operator to monitor and control a spacecraft from a user interface communicating over the open Internet using standard World Wide Web (WWW) protocols and commercial off-the-shelf (COTS) products. The core command and control functions are provided by the COTS Epoch 2000 product. The standard WWW tools and browsers are used in conjunction with the Java programming technology. Security is provided with the current encryption and certification technology. This system prototype is a step in the direction of giving scientist and flight operators Web-based access to instrument, payload, and spacecraft data.

Secure communication based on multi-input multi-output chaotic system with large message amplitude

International Nuclear Information System (INIS)

Zheng, G.; Boutat, D.; Floquet, T.; Barbot, J.P.

2009-01-01

This paper deals with the problem of secure communication based on multi-input multi-output (MIMO) chaotic systems. Single input secure communication based on chaos can be easily extended to multiple ones by some combinations technologies, however all the combined inputs possess the same risk to be broken. In order to reduce this risk, a new secure communication scheme based on chaos with MIMO is discussed in this paper. Moreover, since the amplitude of messages in traditional schemes is limited because it would affect the quality of synchronization, the proposed scheme is also improved into an amplitude-independent one.

A Secure Mobile-Based Authentication System for e-Banking

Science.gov (United States)

Rifà-Pous, Helena

Financial information is extremely sensitive. Hence, electronic banking must provide a robust system to authenticate its customers and let them access their data remotely. On the other hand, such system must be usable, affordable, and portable. We propose a challenge-response based one-time password (OTP) scheme that uses symmetric cryptography in combination with a hardware security module. The proposed protocol safeguards passwords from keyloggers and phishing attacks. Besides, this solution provides convenient mobility for users who want to bank online anytime and anywhere, not just from their own trusted computers.

Arc Security System Based on Harmonics Detection for the TS ICRH Transmitter

International Nuclear Information System (INIS)

Berger-by, G.; Beaumont, B.; Lombard, G.; Millon, L.; Mollard, P.; Volpe, D.

2006-01-01

Since 1999 and with the help of I.P.P. (Institut fuer Plasmaphysik) Garching, we have tested in the Tore Supra (T.S.) ICRH transmitter, arcs security systems based on harmonics detection in a frequency band lower than the generator frequency. These systems have been designed for ASDEX in order to discriminate between the arcs and the ELMS mismatches during H-mode plasmas; they have been supplied to T.S. by a loan contract by I.P.P. The first tests done in T.S. were very successful and have permitted in 2000 to build a prototype matching T.S. technical requirements. These systems have some advantages in comparison with traditional securities which are based on use of a level on the V r /V f (Reflected to Forward voltage ratio) calculation . They do not use calculation, calibration with frequency or level. They can use RF signals from directional couplers or probes, so they are fully independent of the measurement systems. The detection bandwidth (4 MHz-35 MHz on TS) is independent of the antennae working frequencies. The detection principle is therefore insensitive to the crosstalk between the antennae and to the antennae coupling variations. The RF arc security box is installed in the generator hall which can be located far from the torus hall and the antennae (about 50 m on T.S.) a feature which is very relevant for the ITER transmitters. In 2001 we have built 3 systems based on our prototype in order to improve the protection of the 3 ICRH generators and antennae. These systems use industrial pass-band filters and a very sensitive linear detection (- 60 dBm) in order to facilitate the adjustment. Optical fibbers are used to transfer, with a very high immunity, the trip information to the generator electronic pilot. To guarantee safe operation, a checking test of the entire security chain is performed with a 10 MHz RF oscillator before each plasma start. The RF principle used on T.S. ICRH transmitter and its electronic interactions with the VME command control of

A Cost Effective Security Technology Integrated with RFID Based Automated Toll Collection System

Directory of Open Access Journals (Sweden)

Rafiya Hossain

2017-09-01

Full Text Available Crime statistics and research on criminology show that under similar circumstances,crimes are more likely to occur in developing countries than in developed countries due to their lack ofsecurity measures. Transport crimes on highways and bridges are one of the most common crimes in the developing nations. Automation of various systems like the toll collection system is being introduced in the developing countries to avoid corruption in the collection of toll, decrease cost and increase operational efficiency. The goal of this research is to find an integrated solution that enhances security along with the advantage of automated toll collection. Inspired by the availability of many security systems, this research presents a system that can block a specific vehicle or a particular type of vehicles at the toll booths based on directives from the law enforcement agencies. The heart of the system is based on RFID (Radio Frequency Identification technology. In this system, by sending a text message the law enforcement agency or the authority that controls the toll booths can prevent the barrier from being liftedeven after deduction of the toll charge if the passing vehicle has a security issue. The designed system should help the effort of reducing transport crimes on highways and bridges of developing countries.

Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium.

Science.gov (United States)

Somasundaram, M; Sivakumar, R

2015-01-01

Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security.

Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium

Science.gov (United States)

Somasundaram, M.; Sivakumar, R.

2015-01-01

Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security. PMID:26759829

A Dynamic Security Framework for Ambient Intelligent Systems: A Smart-Home Based eHealth Application

Science.gov (United States)

Compagna, Luca; El Khoury, Paul; Massacci, Fabio; Saidane, Ayda

Providing context-dependent security services is an important challenge for ambient intelligent systems. The complexity and the unbounded nature of such systems make it difficult even for the most experienced and knowledgeable security engineers, to foresee all possible situations and interactions when developing the system. In order to solve this problem context based self- diagnosis and reconfiguration at runtime should be provided.

Design and Implementation of GSM Based Automated Home Security System

Directory of Open Access Journals (Sweden)

Love Aggarwal

2014-05-01

Full Text Available The Automated Home Security System aims at building a security system for common households using GSM modem, sensors and microcontroller. Since many years, impeccable security system has been the prime need of every man who owns a house. The increasing crime rate has further pressed the need for it. Our system is an initiative in this direction. The system provides security function by monitoring the surroundings at home for intruders, fire, gas leakages etc. using sensors and issue alerts to the owners and local authorities by using GSM via SMS. It provides the automation function as it can control (On/Off the various home appliances while the owners are away via SMS. Thus the Automated Home Security System is self-sufficient and can be relied upon undoubtedly. Also, it is capable of establishing two way communication with its owner so that he/she can keep a watch on his/her home via sensor information or live video streaming. A camera can be installed for continuous monitoring of the system and its surroundings. The system consists of two main parts: hardware and software. Hardware consists of Microcontroller, Sensors, Buzzer and GSM modem while software is implemented by tools using Embedded ‘C’.

Operating System Security

CERN Document Server

Jaeger, Trent

2008-01-01

Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "secure" operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to

Asynchronous error-correcting secure communication scheme based on fractional-order shifting chaotic system

Science.gov (United States)

Chao, Luo

2015-11-01

In this paper, a novel digital secure communication scheme is firstly proposed. Different from the usual secure communication schemes based on chaotic synchronization, the proposed scheme employs asynchronous communication which avoids the weakness of synchronous systems and is susceptible to environmental interference. Moreover, as to the transmission errors and data loss in the process of communication, the proposed scheme has the ability to be error-checking and error-correcting in real time. In order to guarantee security, the fractional-order complex chaotic system with the shifting of order is utilized to modulate the transmitted signal, which has high nonlinearity and complexity in both frequency and time domains. The corresponding numerical simulations demonstrate the effectiveness and feasibility of the scheme.

A Secure and Robust Object-Based Video Authentication System

Directory of Open Access Journals (Sweden)

He Dajun

2004-01-01

Full Text Available An object-based video authentication system, which combines watermarking, error correction coding (ECC, and digital signature techniques, is presented for protecting the authenticity between video objects and their associated backgrounds. In this system, a set of angular radial transformation (ART coefficients is selected as the feature to represent the video object and the background, respectively. ECC and cryptographic hashing are applied to those selected coefficients to generate the robust authentication watermark. This content-based, semifragile watermark is then embedded into the objects frame by frame before MPEG4 coding. In watermark embedding and extraction, groups of discrete Fourier transform (DFT coefficients are randomly selected, and their energy relationships are employed to hide and extract the watermark. The experimental results demonstrate that our system is robust to MPEG4 compression, object segmentation errors, and some common object-based video processing such as object translation, rotation, and scaling while securely preventing malicious object modifications. The proposed solution can be further incorporated into public key infrastructure (PKI.

Primer Control System Cyber Security Framework and Technical Metrics

Energy Technology Data Exchange (ETDEWEB)

Wayne F. Boyer; Miles A. McQueen

2008-05-01

The Department of Homeland Security National Cyber Security Division supported development of a control system cyber security framework and a set of technical metrics to aid owner-operators in tracking control systems security. The framework defines seven relevant cyber security dimensions and provides the foundation for thinking about control system security. Based on the developed security framework, a set of ten technical metrics are recommended that allow control systems owner-operators to track improvements or degradations in their individual control systems security posture.

Dynamic Security Assessment of Danish Power System Based on Decision Trees: Today and Tomorrow

DEFF Research Database (Denmark)

Rather, Zakir Hussain; Liu, Leo; Chen, Zhe

2013-01-01

The research work presented in this paper analyzes the impact of wind energy, phasing out of central power plants and cross border power exchange on dynamic security of Danish Power System. Contingency based decision tree (DT) approach is used to assess the dynamic security of present and future...

Towards the Security Evaluation of Biometric Authentication Systems

OpenAIRE

El-Abed , Mohamad; Giot , Romain; Hemery , Baptiste; Rosenberger , Christophe; Schwartzmann , Jean-Jacques

2011-01-01

International audience; Despite the obvious advantages of biometric authentication systems over traditional security ones (based on tokens or passwords), they are vulnerable to attacks which may considerably decrease their security. In order to contribute in resolving such problematic, we propose a modality-independent evaluation methodology for the security evaluation of biometric systems. It is based on the use of a database of common threats and vulnerabilities of biometric systems, and th...

Intelligent Security IT System for Detecting Intruders Based on Received Signal Strength Indicators

Directory of Open Access Journals (Sweden)

Yunsick Sung

2016-10-01

Full Text Available Given that entropy-based IT technology has been applied in homes, office buildings and elsewhere for IT security systems, diverse kinds of intelligent services are currently provided. In particular, IT security systems have become more robust and varied. However, access control systems still depend on tags held by building entrants. Since tags can be obtained by intruders, an approach to counter the disadvantages of tags is required. For example, it is possible to track the movement of tags in intelligent buildings in order to detect intruders. Therefore, each tag owner can be judged by analyzing the movements of their tags. This paper proposes a security approach based on the received signal strength indicators (RSSIs of beacon-based tags to detect intruders. The normal RSSI patterns of moving entrants are obtained and analyzed. Intruders can be detected when abnormal RSSIs are measured in comparison to normal RSSI patterns. In the experiments, one normal and one abnormal scenario are defined for collecting the RSSIs of a Bluetooth-based beacon in order to validate the proposed method. When the RSSIs of both scenarios are compared to pre-collected RSSIs, the RSSIs of the abnormal scenario are about 61% more different compared to the RSSIs of the normal scenario. Therefore, intruders in buildings can be detected by considering RSSI differences.

Concepts for a standard based cross-organisational information security management system in the context of a nationwide EHR.

Science.gov (United States)

Mense, Alexander; Hoheiser-Pförtner, Franz; Schmid, Martin; Wahl, Harald

2013-01-01

Working with health related data necessitates appropriate levels of security and privacy. Information security, meaning ensuring confidentiality, integrity, and availability, is more organizational, than technical in nature. It includes many organizational and management measures, is based on well-defined security roles, processes, and documents, and needs permanent adaption of security policies, continuously monitoring, and measures assessment. This big challenge for any organization leads to implementation of an information security management system (ISMS). In the context of establishing a regional or national electronic health record for integrated care (ICEHR), the situation is worse. Changing the medical information exchange from on-demand peer-to-peer connections to health information networks requires all organizations participating in the EHR system to have consistent security levels and to follow the same security guidelines and rules. Also, the implementation must be monitored and audited, establishing cross-organizational information security management systems (ISMS) based on international standards. This paper evaluates requirements and defines basic concepts for an ISO 27000 series-based cross-organizational ISMS in the healthcare domain and especially for the implementation of the nationwide electronic health record in Austria (ELGA).

Security personnel training using a computer-based game

International Nuclear Information System (INIS)

Ralph, J.; Bickner, L.

1987-01-01

Security personnel training is an integral part of a total physical security program, and is essential in enabling security personnel to perform their function effectively. Several training tools are currently available for use by security supervisors, including: textbook study, classroom instruction, and live simulations. However, due to shortcomings inherent in each of these tools, a need exists for the development of low-cost alternative training methods. This paper discusses one such alternative: a computer-based, game-type security training system. This system would be based on a personal computer with high-resolution graphics. Key features of this system include: a high degree of realism; flexibility in use and maintenance; high trainee motivation; and low cost

Organization of the secure distributed computing based on multi-agent system

Science.gov (United States)

Khovanskov, Sergey; Rumyantsev, Konstantin; Khovanskova, Vera

2018-04-01

Nowadays developing methods for distributed computing is received much attention. One of the methods of distributed computing is using of multi-agent systems. The organization of distributed computing based on the conventional network computers can experience security threats performed by computational processes. Authors have developed the unified agent algorithm of control system of computing network nodes operation. Network PCs is used as computing nodes. The proposed multi-agent control system for the implementation of distributed computing allows in a short time to organize using of the processing power of computers any existing network to solve large-task by creating a distributed computing. Agents based on a computer network can: configure a distributed computing system; to distribute the computational load among computers operated agents; perform optimization distributed computing system according to the computing power of computers on the network. The number of computers connected to the network can be increased by connecting computers to the new computer system, which leads to an increase in overall processing power. Adding multi-agent system in the central agent increases the security of distributed computing. This organization of the distributed computing system reduces the problem solving time and increase fault tolerance (vitality) of computing processes in a changing computing environment (dynamic change of the number of computers on the network). Developed a multi-agent system detects cases of falsification of the results of a distributed system, which may lead to wrong decisions. In addition, the system checks and corrects wrong results.

Model-based security analysis of the German health card architecture.

Science.gov (United States)

Jürjens, J; Rumm, R

2008-01-01

Health-care information systems are particularly security-critical. In order to make these applications secure, the security analysis has to be an integral part of the system design and IT management process for such systems. This work presents the experiences and results from the security analysis of the system architecture of the German Health Card, by making use of an approach to model-based security engineering that is based on the UML extension UMLsec. The focus lies on the security mechanisms and security policies of the smart-card-based architecture which were analyzed using the UMLsec method and tools. Main results of the paper include a report on the employment of the UMLsec method in an industrial health information systems context as well as indications of its benefits and limitations. In particular, two potential security weaknesses were detected and countermeasures discussed. The results indicate that it can be feasible to apply a model-based security analysis using UMLsec to an industrial health information system like the German Health Card architecture, and that doing so can have concrete benefits (such as discovering potential weaknesses, and an increased confidence that no further vulnerabilities of the kind that were considered are present).

Security Controls for NPP I and C Systems

International Nuclear Information System (INIS)

Kim, Y. M.; Jeong, C. H.; Kim, T. H.

2014-01-01

In Korea, regulatory body have required cyber security plan for nuclear I and C system. Also, all I and C systems and equipment must be classified according to cyber security level and technical, operational and managerial security controls must be provided based on each level. It is necessary to determine the best set of security controls for NPP I and C system. In our research, selection, implementation and verification process of security controls which can be used for I and C systems has developed. For establishing the cyber security of the nuclear I and C system, special cyber security system which consider the difference between general IT system and nuclear I and C system is needed. This research, we developed security improvement methodology for NPP I and C system through establishing security control, applying and verifying activity. Also, the cyber security activities which are needed during development are defined. It is expected that the methodology which has been developed by this research can be used for establish, implement, evaluate the security controls for protecting nuclear I and C system from cyber-attacks

Security Controls for NPP I and C Systems

Energy Technology Data Exchange (ETDEWEB)

Kim, Y. M.; Jeong, C. H. [Korea Institute of Nuclear Safety, Daejeon (Korea, Republic of); Kim, T. H. [Formal Works Inc., Seoul (Korea, Republic of)

2014-05-15

In Korea, regulatory body have required cyber security plan for nuclear I and C system. Also, all I and C systems and equipment must be classified according to cyber security level and technical, operational and managerial security controls must be provided based on each level. It is necessary to determine the best set of security controls for NPP I and C system. In our research, selection, implementation and verification process of security controls which can be used for I and C systems has developed. For establishing the cyber security of the nuclear I and C system, special cyber security system which consider the difference between general IT system and nuclear I and C system is needed. This research, we developed security improvement methodology for NPP I and C system through establishing security control, applying and verifying activity. Also, the cyber security activities which are needed during development are defined. It is expected that the methodology which has been developed by this research can be used for establish, implement, evaluate the security controls for protecting nuclear I and C system from cyber-attacks.

Information Systems Security Audit

OpenAIRE

Gheorghe Popescu; Veronica Adriana Popescu; Cristina Raluca Popescu

2007-01-01

The article covers:Defining an information system; benefits obtained by introducing new information technologies; IT management;Defining prerequisites, analysis, design, implementation of IS; Information security management system; aspects regarding IS security policy; Conceptual model of a security system; Auditing information security systems and network infrastructure security.

INFORMATION SYSTEM SECURITY (CYBER SECURITY

Directory of Open Access Journals (Sweden)

Muhammad Siddique Ansari

2016-03-01

Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

Intelligent Model for Video Survillance Security System

Directory of Open Access Journals (Sweden)

J. Vidhya

2013-12-01

Full Text Available Video surveillance system senses and trails out all the threatening issues in the real time environment. It prevents from security threats with the help of visual devices which gather the information related to videos like CCTV’S and IP (Internet Protocol cameras. Video surveillance system has become a key for addressing problems in the public security. They are mostly deployed on the IP based network. So, all the possible security threats exist in the IP based application might also be the threats available for the reliable application which is available for video surveillance. In result, it may increase cybercrime, illegal video access, mishandling videos and so on. Hence, in this paper an intelligent model is used to propose security for video surveillance system which ensures safety and it provides secured access on video.

A secure effective dynamic group password-based authenticated key agreement scheme for the integrated EPR information system

Directory of Open Access Journals (Sweden)

Vanga Odelu

2016-01-01

Full Text Available With the rapid growth of the Internet, a lot of electronic patient records (EPRs have been developed for e-medicine systems. The security and privacy issues of EPRs are important for the patients in order to understand how the hospitals control the use of their personal information, such as name, address, e-mail, medical records, etc. of a particular patient. Recently, Lee et al. proposed a simple group password-based authenticated key agreement protocol for the integrated EPR information system (SGPAKE. However, in this paper, we show that Lee et al.’s protocol is vulnerable to the off-line weak password guessing attack and as a result, their scheme does not provide users’ privacy. To withstand this security weakness found in Lee et al.’s scheme, we aim to propose an effective dynamic group password-based authenticated key exchange scheme for the integrated EPR information system, which retains the original merits of Lee et al.’s scheme. Through the informal and formal security analysis, we show that our scheme provides users’ privacy, perfect forward security and known-key security, and also protects online and offline password guessing attacks. Furthermore, our scheme efficiently supports the dynamic group password-based authenticated key agreement for the integrated EPR information system. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications tool and show that our scheme is secure against passive and active attacks.

A Multifactor Secure Authentication System for Wireless Payment

Science.gov (United States)

Sanyal, Sugata; Tiwari, Ayu; Sanyal, Sudip

Organizations are deploying wireless based online payment applications to expand their business globally, it increases the growing need of regulatory requirements for the protection of confidential data, and especially in internet based financial areas. Existing internet based authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. The vulnerability is that access is based on only single factor authentication which is not secure to protect user data, there is a need of multifactor authentication. This paper proposes a new protocol based on multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce another security level with the traditional Login/password system. The system provides a highly secure environment that is simple to use and deploy with in a limited resources that does not require any change in infrastructure or underline protocol of wireless network. This Protocol for Wireless Payment is extended as a two way authentications system to satisfy the emerging market need of mutual authentication and also supports secure B2B communication which increases faith of the user and business organizations on wireless financial transaction using mobile devices.

Towards second-generation smart card-based authentication in health information systems: the secure server model.

Science.gov (United States)

Hallberg, J; Hallberg, N; Timpka, T

2001-01-01

Conventional smart card-based authentication systems used in health care alleviate some of the security issues in user and system authentication. Existing models still do not cover all security aspects. To enable new protective measures to be developed, an extended model of the authentication process is presented. This model includes a new entity referred to as secure server. Assuming a secure server, a method where the smart card is aware of the status of the terminal integrity verification becomes feasible. The card can then act upon this knowledge and restrict the exposure of sensitive information to the terminal as required in order to minimize the risks. The secure server model can be used to illuminate the weaknesses of current approaches and the need for extensions which alleviate the resulting risks.

A Secured Cognitive Agent based Multi-strategic Intelligent Search System

Directory of Open Access Journals (Sweden)

Neha Gulati

2018-04-01

Full Text Available Search Engine (SE is the most preferred information retrieval tool ubiquitously used. In spite of vast scale involvement of users in SE’s, their limited capabilities to understand the user/searcher context and emotions places high cognitive, perceptual and learning load on the user to maintain the search momentum. In this regard, the present work discusses a Cognitive Agent (CA based approach to support the user in Web-based search process. The work suggests a framework called Secured Cognitive Agent based Multi-strategic Intelligent Search System (CAbMsISS to assist the user in search process. It helps to reduce the contextual and emotional mismatch between the SE’s and user. After implementation of the proposed framework, performance analysis shows that CAbMsISS framework improves Query Retrieval Time (QRT and effectiveness for retrieving relevant results as compared to Present Search Engine (PSE. Supplementary to this, it also provides search suggestions when user accesses a resource previously tagged with negative emotions. Overall, the goal of the system is to enhance the search experience for keeping the user motivated. The framework provides suggestions through the search log that tracks the queries searched, resources accessed and emotions experienced during the search. The implemented framework also considers user security. Keywords: BDI model, Cognitive Agent, Emotion, Information retrieval, Intelligent search, Search Engine

Improving industrial process control systems security

CERN Document Server

Epting, U; CERN. Geneva. TS Department

2004-01-01

System providers are today creating process control systems based on remote connectivity using internet technology, effectively exposing these systems to the same threats as corporate computers. It is becoming increasingly difficult and costly to patch/maintain the technical infrastructure monitoring and control systems to remove these vulnerabilities. A strategy including risk assessment, security policy issues, service level agreements between the IT department and the controls engineering groups must be defined. In addition an increased awareness of IT security in the controls system engineering domain is needed. As consequence of these new factors the control system architectures have to take into account security requirements, that often have an impact on both operational aspects as well as on the project and maintenance cost. Manufacturers of industrial control system equipment do however also propose progressively security related solutions that can be used for our active projects. The paper discusses ...

Secure computing on reconfigurable systems

OpenAIRE

Fernandes Chaves, R.J.

2007-01-01

This thesis proposes a Secure Computing Module (SCM) for reconfigurable computing systems. SC provides a protected and reliable computational environment, where data security and protection against malicious attacks to the system is assured. SC is strongly based on encryption algorithms and on the attestation of the executed functions. The use of SC on reconfigurable devices has the advantage of being highly adaptable to the application and the user requirements, while providing high performa...

An RFID-based luggage and passenger tracking system for airport security control applications

Science.gov (United States)

Vastianos, George E.; Kyriazanos, Dimitris M.; Kountouriotis, Vassilios I.; Thomopoulos, Stelios C. A.

2014-06-01

Market analysis studies of recent years have shown a steady and significant increase in the usage of RFID technology. Key factors for this growth were the decreased costs of passive RFIDs and their improved performance compared to the other identification technologies. Besides the benefits of RFID technologies into the supply chains, warehousing, traditional inventory and asset management applications, RFID has proven itself worth exploiting on experimental, as well as on commercial level in other sectors, such as healthcare, transport and security. In security sector, airport security is one of the biggest challenges. Airports are extremely busy public places and thus prime targets for terrorism, with aircraft, passengers, crew and airport infrastructure all subject to terrorist attacks. Inside this labyrinth of security challenges, the long range detection capability of the UHF passive RFID technology can be turned into a very important tracking tool that may outperform all the limitations of the barcode tracking inside the current airport security control chain. The Integrated Systems Lab of NCSR Demokritos has developed an RFID based Luggage and Passenger tracking system within the TASS (FP7-SEC-2010-241905) EU research project. This paper describes application scenarios of the system categorized according to the structured nature of the environment, the system architecture and presents evaluation results extracted from measurements with a group of different massive production GEN2 UHF RFID tags that are widely available in the world market.

Implementation and Optimization of GPU-Based Static State Security Analysis in Power Systems

Directory of Open Access Journals (Sweden)

Yong Chen

2017-01-01

Full Text Available Static state security analysis (SSSA is one of the most important computations to check whether a power system is in normal and secure operating state. It is a challenge to satisfy real-time requirements with CPU-based concurrent methods due to the intensive computations. A sensitivity analysis-based method with Graphics processing unit (GPU is proposed for power systems, which can reduce calculation time by 40% compared to the execution on a 4-core CPU. The proposed method involves load flow analysis and sensitivity analysis. In load flow analysis, a multifrontal method for sparse LU factorization is explored on GPU through dynamic frontal task scheduling between CPU and GPU. The varying matrix operations during sensitivity analysis on GPU are highly optimized in this study. The results of performance evaluations show that the proposed GPU-based SSSA with optimized matrix operations can achieve a significant reduction in computation time.

Image-based surveillance and security systems using personal computers for device aiming and digital image comparison

International Nuclear Information System (INIS)

Quiett, S.; Axtell, L.H.

1987-01-01

A detection-type security system using enhanced capability cameras or other imaging devices can aid in maintaining security from long distance and/or for large areas. To do so requires that the imaging device(s) be repeatedly and accurately positioned so that no areas are overlooked. Digital control using personal computers is the simplest method of achieving positional accuracy. The monitoring of large areas and/or a large number of areas also requires that a substantial quantity of visual information be catalogued and evaluated for potential security problems. While security personnel alone are typically used for such monitoring, as the quantity of visual information increases, the likelihood that potential security threats will be missed also increases. The ability of an image-based security system to detect potential security problems can be further increased with the use of selected image processing techniques. Utilizing personal computers for both imaging device position control as well as image processing, surveillance of large areas can be performed by a limited number of individuals with a high level of system confidence

Wi-Fi and GSM Based Motion Sensor for Home Security System Apllication

Science.gov (United States)

Huzaimy Jusoh, Mohamad; Jamali, Muhammad Firdaus Bin; Zainal Abidin, Ahmad Faizal bin; Asari Sulaiman, Ahmad; Fahmi Hussin, Mohamad

2015-11-01

The Wi-Fi and GSM based home security system is a system designed to reduce the high rates of crimes in most personal housing. The overall project consists of three major parts; the input part that consists of sensors, the software part that operates the entire hardware structure, and the output part, which consists of camera, alarm system, and micro secure digital (SD) data storage card. It is based on the principle of infrared radiation generated by a human body heat which trigger the passive infrared (PIR) sensor. The microcontroller processes the received signal, then trigger the buzzer alarm, camera and alerts the home owner through an SMS. Once triggered, the camera will capture the image of the intruder and the image will be saved in SD card. As alert to the user (away), the Global System for Mobile Communication (GSM) will send the Short Message Service (SMS) from the device to the user's mobile phone. The image will be sent to Dropbox data cloud storage via Wi-Fi for further clarification. The prototype was successfully developed, tested and has been installed at residential area in Taman Cahaya Alam, Section U12, Shah Alam, Malaysia.

On the security flaws in ID-based password authentication schemes for telecare medical information systems.

Science.gov (United States)

Mishra, Dheerendra

2015-01-01

Telecare medical information systems (TMIS) enable healthcare delivery services. However, access of these services via public channel raises security and privacy issues. In recent years, several smart card based authentication schemes have been introduced to ensure secure and authorized communication between remote entities over the public channel for the (TMIS). We analyze the security of some of the recently proposed authentication schemes of Lin, Xie et al., Cao and Zhai, and Wu and Xu's for TMIS. Unfortunately, we identify that these schemes failed to satisfy desirable security attributes. In this article we briefly discuss four dynamic ID-based authentication schemes and demonstrate their failure to satisfy desirable security attributes. The study is aimed to demonstrate how inefficient password change phase can lead to denial of server scenario for an authorized user, and how an inefficient login phase causes the communication and computational overhead and decrease the performance of the system. Moreover, we show the vulnerability of Cao and Zhai's scheme to known session specific temporary information attack, vulnerability of Wu and Xu's scheme to off-line password guessing attack, and vulnerability of Xie et al.'s scheme to untraceable on-line password guessing attack.

Design of security scheme of the radiotherapy planning administration system based on the hospital information system

International Nuclear Information System (INIS)

Zhuang Yongzhi; Zhao Jinzao

2010-01-01

Objective: To design a security scheme of radiotherapy planning administration system. Methods: Power Builder 9i language was used to program the system through the model of client-server machine. Oracle 9i was used as the database server. Results In this system, user registration management, user login management, application-level functions of control, database access control, and audit trail were designed to provide system security. Conclusions: As a prototype for the security analysis and protection of this scheme provides security of the system, application system, important data and message, which ensures the system work normally. (authors)

Adaptive security systems -- Combining expert systems with adaptive technologies

International Nuclear Information System (INIS)

Argo, P.; Loveland, R.; Anderson, K.

1997-01-01

The Adaptive Multisensor Integrated Security System (AMISS) uses a variety of computational intelligence techniques to reason from raw sensor data through an array of processing layers to arrive at an assessment for alarm/alert conditions based on human behavior within a secure facility. In this paper, the authors give an overview of the system and briefly describe some of the major components of the system. This system is currently under development and testing in a realistic facility setting

An Overview of DRAM-Based Security Primitives

Directory of Open Access Journals (Sweden)

Nikolaos Athanasios Anagnostopoulos

2018-03-01

Full Text Available Recent developments have increased the demand for adequate security solutions, based on primitives that cannot be easily manipulated or altered, such as hardware-based primitives. Security primitives based on Dynamic Random Access Memory (DRAM can provide cost-efficient and practical security solutions, especially for resource-constrained devices, such as hardware used in the Internet of Things (IoT, as DRAMs are an intrinsic part of most contemporary computer systems. In this work, we present a comprehensive overview of the literature regarding DRAM-based security primitives and an extended classification of it, based on a number of different criteria. In particular, first, we demonstrate the way in which DRAMs work and present the characteristics being exploited for the implementation of security primitives. Then, we introduce the primitives that can be implemented using DRAM, namely Physical Unclonable Functions (PUFs and True Random Number Generators (TRNGs, and present the applications of each of the two types of DRAM-based security primitives. We additionally proceed to assess the security such primitives can provide, by discussing potential attacks and defences, as well as the proposed security metrics. Subsequently, we also compare these primitives to other hardware-based security primitives, noting their advantages and shortcomings, and proceed to demonstrate their potential for commercial adoption. Finally, we analyse our classification methodology, by reviewing the criteria employed in our classification and examining their significance.

Analysis of Vehicle-Based Security Operations

Energy Technology Data Exchange (ETDEWEB)

Carter, Jason M [ORNL; Paul, Nate R [ORNL

2015-01-01

Vehicle-to-vehicle (V2V) communications promises to increase roadway safety by providing each vehicle with 360 degree situational awareness of other vehicles in proximity, and by complementing onboard sensors such as radar or camera in detecting imminent crash scenarios. In the United States, approximately three hundred million automobiles could participate in a fully deployed V2V system if Dedicated Short-Range Communication (DSRC) device use becomes mandatory. The system s reliance on continuous communication, however, provides a potential means for unscrupulous persons to transmit false data in an attempt to cause crashes, create traffic congestion, or simply render the system useless. V2V communications must be highly scalable while retaining robust security and privacy preserving features to meet the intra-vehicle and vehicle-to-infrastructure communication requirements for a growing vehicle population. Oakridge National Research Laboratory is investigating a Vehicle-Based Security System (VBSS) to provide security and privacy for a fully deployed V2V and V2I system. In the VBSS an On-board Unit (OBU) generates short-term certificates and signs Basic Safety Messages (BSM) to preserve privacy and enhance security. This work outlines a potential VBSS structure and its operational concepts; it examines how a vehicle-based system might feasibly provide security and privacy, highlights remaining challenges, and explores potential mitigations to address those challenges. Certificate management alternatives that attempt to meet V2V security and privacy requirements have been examined previously by the research community including privacy-preserving group certificates, shared certificates, and functional encryption. Due to real-world operational constraints, adopting one of these approaches for VBSS V2V communication is difficult. Timely misbehavior detection and revocation are still open problems for any V2V system. We explore the alternative approaches that may be

Fiber-optic perimeter security system based on WDM technology

Science.gov (United States)

Polyakov, Alexandre V.

2017-10-01

Intelligent underground fiber optic perimeter security system is presented. Their structure, operation, software and hardware with neural networks elements are described. System allows not only to establish the fact of violation of the perimeter, but also to locate violations. This is achieved through the use of WDM-technology division spectral information channels. As used quasi-distributed optoelectronic recirculation system as a discrete sensor. The principle of operation is based on registration of the recirculation period change in the closed optoelectronic circuit at different wavelengths under microstrain exposed optical fiber. As a result microstrain fiber having additional power loss in a fiber optical propagating pulse, which causes a time delay as a result of switching moments of the threshold device. To separate the signals generated by intruder noise and interference, the signal analyzer is used, based on the principle of a neural network. The system detects walking, running or crawling intruder, as well as undermining attempts to register under the perimeter line. These alarm systems can be used to protect the perimeters of facilities such as airports, nuclear reactors, power plants, warehouses, and other extended territory.

An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System.

Science.gov (United States)

Li, Chun-Ta; Wu, Tsu-Yang; Chen, Chin-Ling; Lee, Cheng-Chi; Chen, Chien-Ming

2017-06-23

In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients' physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu-Chung's scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.

Analysis of Security Protocols in Embedded Systems

DEFF Research Database (Denmark)

Bruni, Alessandro

Embedded real-time systems have been adopted in a wide range of safety-critical applications—including automotive, avionics, and train control systems—where the focus has long been on safety (i.e., protecting the external world from the potential damage caused by the system) rather than security (i.......e., protecting the system from the external world). With increased connectivity of these systems to external networks the attack surface has grown, and consequently there is a need for securing the system from external attacks. Introducing security protocols in safety critical systems requires careful...... in this direction is to extend saturation-based techniques so that enough state information can be modelled and analysed. Finally, we present a methodology for proving the same security properties in the computational model, by means of typing protocol implementations....

Information security management system planning for CBRN facilities

Energy Technology Data Exchange (ETDEWEB)

Lenaeu, Joseph D. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); O' Neil, Lori Ross [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Leitch, Rosalyn M. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Glantz, Clifford S. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Landine, Guy P. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Bryant, Janet L. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States); Lewis, John [National Nuclear Lab., Workington (United Kingdom); Mathers, Gemma [National Nuclear Lab., Workington (United Kingdom); Rodger, Robert [National Nuclear Lab., Workington (United Kingdom); Johnson, Christopher [National Nuclear Lab., Workington (United Kingdom)

2015-12-01

The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

Information security management system planning for CBRN facilities

International Nuclear Information System (INIS)

Lenaeu, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

2015-01-01

The focus of this document is to provide guidance for the development of information security management system planning documents at chemical, biological, radiological, or nuclear (CBRN) facilities. It describes a risk-based approach for planning information security programs based on the sensitivity of the data developed, processed, communicated, and stored on facility information systems.

Authenticated Secure Container System (ASCS)

International Nuclear Information System (INIS)

1991-01-01

Sandia National Laboratories developed an Authenticated Secure Container System (ASCS) for the International Atomic Energy Agency (IAEA). Agency standard weights and safeguards samples can be stored in the ASCS to provide continuity of knowledge. The ASCS consists of an optically clear cover, a base containing the Authenticated Item Monitoring System (AIMS) transmitter, and the AIMS receiver unit for data collection. The ASCS will provide the Inspector with information concerning the status of the system, during a surveillance period, such as state of health, tampering attempts, and movement of the container system. The secure container is located inside a Glove Box with the receiver located remotely from the Glove Box. AIMS technology uses rf transmission from the secure container to the receiver to provide a record of state of health and tampering. The data is stored in the receiver for analysis by the Inspector during a future inspection visit. 2 refs

Internetting tactical security sensor systems

Science.gov (United States)

Gage, Douglas W.; Bryan, W. D.; Nguyen, Hoa G.

1998-08-01

The Multipurpose Surveillance and Security Mission Platform (MSSMP) is a distributed network of remote sensing packages and control stations, designed to provide a rapidly deployable, extended-range surveillance capability for a wide variety of military security operations and other tactical missions. The baseline MSSMP sensor suite consists of a pan/tilt unit with video and FLIR cameras and laser rangefinder. With an additional radio transceiver, MSSMP can also function as a gateway between existing security/surveillance sensor systems such as TASS, TRSS, and IREMBASS, and IP-based networks, to support the timely distribution of both threat detection and threat assessment information. The MSSMP system makes maximum use of Commercial Off The Shelf (COTS) components for sensing, processing, and communications, and of both established and emerging standard communications networking protocols and system integration techniques. Its use of IP-based protocols allows it to freely interoperate with the Internet -- providing geographic transparency, facilitating development, and allowing fully distributed demonstration capability -- and prepares it for integration with the IP-based tactical radio networks that will evolve in the next decade. Unfortunately, the Internet's standard Transport layer protocol, TCP, is poorly matched to the requirements of security sensors and other quasi- autonomous systems in being oriented to conveying a continuous data stream, rather than discrete messages. Also, its canonical 'socket' interface both conceals short losses of communications connectivity and simply gives up and forces the Application layer software to deal with longer losses. For MSSMP, a software applique is being developed that will run on top of User Datagram Protocol (UDP) to provide a reliable message-based Transport service. In addition, a Session layer protocol is being developed to support the effective transfer of control of multiple platforms among multiple control

System for critical infrastructure security based on multispectral observation-detection module

Science.gov (United States)

Trzaskawka, Piotr; Kastek, Mariusz; Życzkowski, Marek; Dulski, Rafał; Szustakowski, Mieczysław; Ciurapiński, Wiesław; Bareła, Jarosław

2013-10-01

Recent terrorist attacks and possibilities of such actions in future have forced to develop security systems for critical infrastructures that embrace sensors technologies and technical organization of systems. The used till now perimeter protection of stationary objects, based on construction of a ring with two-zone fencing, visual cameras with illumination are efficiently displaced by the systems of the multisensor technology that consists of: visible technology - day/night cameras registering optical contrast of a scene, thermal technology - cheap bolometric cameras recording thermal contrast of a scene and active ground radars - microwave and millimetre wavelengths that record and detect reflected radiation. Merging of these three different technologies into one system requires methodology for selection of technical conditions of installation and parameters of sensors. This procedure enables us to construct a system with correlated range, resolution, field of view and object identification. Important technical problem connected with the multispectral system is its software, which helps couple the radar with the cameras. This software can be used for automatic focusing of cameras, automatic guiding cameras to an object detected by the radar, tracking of the object and localization of the object on the digital map as well as target identification and alerting. Based on "plug and play" architecture, this system provides unmatched flexibility and simplistic integration of sensors and devices in TCP/IP networks. Using a graphical user interface it is possible to control sensors and monitor streaming video and other data over the network, visualize the results of data fusion process and obtain detailed information about detected intruders over a digital map. System provide high-level applications and operator workload reduction with features such as sensor to sensor cueing from detection devices, automatic e-mail notification and alarm triggering. The paper presents

Advanced topics in security computer system design

International Nuclear Information System (INIS)

Stachniak, D.E.; Lamb, W.R.

1989-01-01

The capability, performance, and speed of contemporary computer processors, plus the associated performance capability of the operating systems accommodating the processors, have enormously expanded the scope of possibilities for designers of nuclear power plant security computer systems. This paper addresses the choices that could be made by a designer of security computer systems working with contemporary computers and describes the improvement in functionality of contemporary security computer systems based on an optimally chosen design. Primary initial considerations concern the selection of (a) the computer hardware and (b) the operating system. Considerations for hardware selection concern processor and memory word length, memory capacity, and numerous processor features

APPROACHES TO THE SECURITY SYSTEM AT THE MS SHAREPOINT

Directory of Open Access Journals (Sweden)

Iryna V. Zolotarenko

2010-10-01

Full Text Available Relevance of the material contained in the article is conditioned by pressing needs of society in creating secure information systems, facilitating the introduction of advanced information technologies in the education department. Security is important for the reliability and efficiency of such systems. One way of solving the security problem is the distribution of categories of users and granting their rights at different levels. The paper analyzes general approaches to organize groups and permission levels of users in information systems developed based on MS SharePoint. The main design decisions on security in information system planning research at the National Academy of Pedagogical Sciences of Ukraine based on the Internet use the conceptual results of this article.

The Flask Security Architecture: System Support for Diverse Security Policies

Science.gov (United States)

2006-01-01

Flask microkernel -based operating sys­ tem, that successfully overcomes these obstacles to pol- icy flexibility. The cleaner separation of mechanism and...other object managers in the system to en- force those access control decisions. Although the pro­ totype system is microkernel -based, the security...mecha­ nisms do not depend on a microkernel architecture and will easily generalize beyond it. The resulting system provides policy flexibility. It sup

Prototipe Critting Badot (Car Security System Monitoring Based On STNK)

OpenAIRE

Nasruloh, Agan; Kurniawan, Deny; Subekti, Massus

2017-01-01

The crime of burglary vehicle accompanied also by forgery vehicle registration certificate of vehicle number.For it, needed CRITING BADOT (Car Security System Monitoring Based On Stnk), an apparatus capable of preventing motor vehicle theft by means of technology RFID and SMS Gateway, blends the ignition and vehicle registration into a single entity, change the key of the car being contact id card, capable of being on the monitoring of the position the car.This tool requires the driver to be ...

Supervision functions - Secure operation of sustainable power systems

DEFF Research Database (Denmark)

Morais, Hugo; Zhang, Xinxin; Lind, Morten

2013-01-01

of power systems operation control. The use of PMUs allows more penetration of DG mainly, with technologies based on renewable resources with intermittent and unpredictable operation such a wind power. This paper introduces the Secure Operation of Sustainable Power Systems (SOSPO) project. The SOSPO...... project tries to respond to the question "How to ensure a secure operation of the future power system where the operating point is heavily is fluctuating?" focusing in the Supervision module architecture and in the power system operation states. The main goal of Supervision module is to determine...... the power system operation state based on new stability and security parameters derived from PMUs measurement and coordinate the use of automatic and manual control actions. The coordination of the control action is based not only in the static indicators but also in the performance evaluation of control...

An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System

Science.gov (United States)

Wu, Tsu-Yang; Chen, Chin-Ling; Lee, Cheng-Chi; Chen, Chien-Ming

2017-01-01

In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients’ physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu–Chung’s scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP. PMID:28644381

Integrated security systems design a complete reference for building enterprise-wide digital security systems

CERN Document Server

Norman, Thomas L

2014-01-01

Integrated Security Systems Design, 2nd Edition, is recognized as the industry-leading book on the subject of security systems design. It explains how to design a fully integrated security system that ties together numerous subsystems into one complete, highly coordinated, and highly functional system. With a flexible and scalable enterprise-level system, security decision makers can make better informed decisions when incidents occur and improve their operational efficiencies in ways never before possible. The revised edition covers why designing an integrated security system is essential a

Feature-based alert correlation in security systems using self organizing maps

Science.gov (United States)

Kumar, Munesh; Siddique, Shoaib; Noor, Humera

2009-04-01

The security of the networks has been an important concern for any organization. This is especially important for the defense sector as to get unauthorized access to the sensitive information of an organization has been the prime desire for cyber criminals. Many network security techniques like Firewall, VPN Concentrator etc. are deployed at the perimeter of network to deal with attack(s) that occur(s) from exterior of network. But any vulnerability that causes to penetrate the network's perimeter of defense, can exploit the entire network. To deal with such vulnerabilities a system has been evolved with the purpose of generating an alert for any malicious activity triggered against the network and its resources, termed as Intrusion Detection System (IDS). The traditional IDS have still some deficiencies like generating large number of alerts, containing both true and false one etc. By automatically classifying (correlating) various alerts, the high-level analysis of the security status of network can be identified and the job of network security administrator becomes much easier. In this paper we propose to utilize Self Organizing Maps (SOM); an Artificial Neural Network for correlating large amount of logged intrusion alerts based on generic features such as Source/Destination IP Addresses, Port No, Signature ID etc. The different ways in which alerts can be correlated by Artificial Intelligence techniques are also discussed. . We've shown that the strategy described in the paper improves the efficiency of IDS by better correlating the alerts, leading to reduced false positives and increased competence of network administrator.

Research and realization of info-net security controlling system

Science.gov (United States)

Xu, Tao; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-03-01

The thesis introduces some relative concepts about Network Cybernetics, and we design and realize a new info-net security controlling system based on Network Cybernetics. The system can control the endpoints, safely save files, encrypt communication, supervise actions of users and show security conditions, in order to realize full-scale security management. At last, we simulate the functions of the system. The results show, the system can ensure the controllability of users and devices, and supervise them real-time. The system can maximize the security of the network and users.

Security of practical quantum key distribution systems

Energy Technology Data Exchange (ETDEWEB)

Jain, Nitin

2015-02-24

This thesis deals with practical security aspects of quantum key distribution (QKD) systems. At the heart of the theoretical model of any QKD system lies a quantum-mechanical security proof that guarantees perfect secrecy of messages - based on certain assumptions. However, in practice, deviations between the theoretical model and the physical implementation could be exploited by an attacker to break the security of the system. These deviations may arise from technical limitations and operational imperfections in the physical implementation and/or unrealistic assumptions and insufficient constraints in the theoretical model. In this thesis, we experimentally investigate in depth several such deviations. We demonstrate the resultant vulnerabilities via proof-of-principle attacks on a commercial QKD system from ID Quantique. We also propose countermeasures against the investigated loopholes to secure both existing and future QKD implementations.

The Security Email Based on Smart Card

Science.gov (United States)

Lina, Zhang; Jiang, Meng Hai.

Email has become one of the most important communication tools in modern internet society, and its security is an important issue that can't be ignored. The security requirements of Email can be summarized as confidentiality, integrity, authentication and non-repudiation. Recently many researches on IBE (identify based encrypt) have been carried out to solve these security problems. However, because of IBE's fatal flaws and great advantages of PKI (Public Key Infrastructure), PKI is found to be still irreplaceable especially in the applications based on smart card. In this paper, a construction of security Email is presented, then the design of relatively cryptography algorithms and the configuration of certificates are elaborated, and finally the security for the proposed system is discussed.

Design concept of CSRAS (Cyber Security Risk Analysis and Assessment System) for digital I and C systems

International Nuclear Information System (INIS)

Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K.

2012-01-01

The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases

Design concept of CSRAS (Cyber Security Risk Analysis and Assessment System) for digital I and C systems

Energy Technology Data Exchange (ETDEWEB)

Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K. [KAERI, Daejeon (Korea, Republic of)

2012-10-15

The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases.

THRIVE: threshold homomorphic encryption based secure and privacy preserving biometric verification system

Science.gov (United States)

Karabat, Cagatay; Kiraz, Mehmet Sabir; Erdogan, Hakan; Savas, Erkay

2015-12-01

In this paper, we introduce a new biometric verification and template protection system which we call THRIVE. The system includes novel enrollment and authentication protocols based on threshold homomorphic encryption where a private key is shared between a user and a verifier. In the THRIVE system, only encrypted binary biometric templates are stored in a database and verification is performed via homomorphically randomized templates, thus, original templates are never revealed during authentication. Due to the underlying threshold homomorphic encryption scheme, a malicious database owner cannot perform full decryption on encrypted templates of the users in the database. In addition, security of the THRIVE system is enhanced using a two-factor authentication scheme involving user's private key and biometric data. Using simulation-based techniques, the proposed system is proven secure in the malicious model. The proposed system is suitable for applications where the user does not want to reveal her biometrics to the verifier in plain form, but needs to prove her identity by using biometrics. The system can be used with any biometric modality where a feature extraction method yields a fixed size binary template and a query template is verified when its Hamming distance to the database template is less than a threshold. The overall connection time for the proposed THRIVE system is estimated to be 336 ms on average for 256-bit biometric templates on a desktop PC running with quad core 3.2 GHz CPUs at 10 Mbit/s up/down link connection speed. Consequently, the proposed system can be efficiently used in real-life applications.

Dynamic Security Assessment Of Computer Networks In Siem-Systems

Directory of Open Access Journals (Sweden)

Elena Vladimirovna Doynikova

2015-10-01

Full Text Available The paper suggests an approach to the security assessment of computer networks. The approach is based on attack graphs and intended for Security Information and Events Management systems (SIEM-systems. Key feature of the approach consists in the application of the multilevel security metrics taxonomy. The taxonomy allows definition of the system profile according to the input data used for the metrics calculation and techniques of security metrics calculation. This allows specification of the security assessment in near real time, identification of previous and future attacker steps, identification of attackers goals and characteristics. A security assessment system prototype is implemented for the suggested approach. Analysis of its operation is conducted for several attack scenarios.

Review on security issues in RFID systems

Directory of Open Access Journals (Sweden)

Mohamed El Beqqal

2017-12-01

Full Text Available Radio frequency Identification (RFID is currently considered as one of the most used technologies for an automatic identification of objects or people. Based on a combination of tags and readers, RFID technology has widely been applied in various areas including supply chain, production and traffic control systems. However, despite of its numerous advantages, the technology brings out many challenges and concerns still not being attracting more and more researchers especially the security and privacy issues. In this paper, we review some of the recent research works using RFID solutions and dealing with security and privacy issues, we define our specific parameters and requirements allowing us to classify for each work which part of the RFID system is being secured, the solutions and the techniques used besides the conformity to RFID standards. Finally, we present briefly a solution that consists of combining RFID with smartcard based biometric to enhance security especially in access control scenarios. Hence the result of our study aims to give a clear vision of available solutions and techniques used to prevent and secure the RFID system from specific threats and attacks.

A Container-based Trusted Multi-level Security Mechanism

Directory of Open Access Journals (Sweden)

Li Xiao-Yong

2017-01-01

Full Text Available Multi-level security mechanism has been widely applied in the military, government, defense and other domains in which information is required to be divided by security-level. Through this type of security mechanism, users at different security levels are provided with information at corresponding security levels. Traditional multi-level security mechanism which depends on the safety of operating system finally proved to be not practical. We propose a container-based trusted multi-level security mechanism in this paper to improve the applicability of the multi-level mechanism. It guarantees multi-level security of the system through a set of multi-level security policy rules and trusted techniques. The technical feasibility and application scenarios are also discussed. The ease of realization, strong practical significance and low cost of our method will largely expand the application of multi-level security mechanism in real life.

Secure ADS-B authentication system and method

Science.gov (United States)

Viggiano, Marc J (Inventor); Valovage, Edward M (Inventor); Samuelson, Kenneth B (Inventor); Hall, Dana L (Inventor)

2010-01-01

A secure system for authenticating the identity of ADS-B systems, including: an authenticator, including a unique id generator and a transmitter transmitting the unique id to one or more ADS-B transmitters; one or more ADS-B transmitters, including a receiver receiving the unique id, one or more secure processing stages merging the unique id with the ADS-B transmitter's identification, data and secret key and generating a secure code identification and a transmitter transmitting a response containing the secure code and ADSB transmitter's data to the authenticator; the authenticator including means for independently determining each ADS-B transmitter's secret key, a receiver receiving each ADS-B transmitter's response, one or more secure processing stages merging the unique id, ADS-B transmitter's identification and data and generating a secure code, and comparison processing comparing the authenticator-generated secure code and the ADS-B transmitter-generated secure code and providing an authentication signal based on the comparison result.

Information security in SCADA systems in nuclear power plants

International Nuclear Information System (INIS)

Satyamurty, S.A.V.

2013-01-01

Few decades back most of the I and C systems are Hardwired based. With the developments in digital electronics, micro processors and micro controllers, the I and C systems are becoming more and more Computer based. Though it brought convenience to the designer, comfort to the operator in the form of better GUI, it also brought many challenges in the form of information security. The talk covers the typical I and C design using SCADA systems, the challenges, typical problems faced and the need for information security. The talk illustrates various security measures to be implemented in the design, development and testing stages. These security measures have to be taken both in the development environment and deployment environment. Verification and validation of computer based system is very important. Configuration change management is very essential for smooth running of the plant. The talk illustrates the various measures need to be taken. (author)

Physical layer approaches for securing wireless communication systems

CERN Document Server

Wen, Hong

2013-01-01

This book surveys the outstanding work of physical-layer (PHY) security, including  the recent achievements of confidentiality and authentication for wireless communication systems by channel identification. A practical approach to building unconditional confidentiality for Wireless Communication security by feedback and error correcting code is introduced and a framework of PHY security based on space time block code (STBC) MIMO system is demonstrated.  Also discussed is a scheme which combines cryptographic techniques implemented in the higher layer with the physical layer security approach

Security infrastructures: towards the INDECT system security

OpenAIRE

Stoianov, Nikolai; Urueña, Manuel; Niemiec, Marcin; Machník, Petr; Maestro, Gema

2012-01-01

This paper provides an overview of the security infrastructures being deployed inside the INDECT project. These security infrastructures can be organized in five main areas: Public Key Infrastructure, Communication security, Cryptography security, Application security and Access control, based on certificates and smartcards. This paper presents the new ideas and deployed testbeds for these five areas. In particular, it explains the hierarchical architecture of the INDECT PKI...

On projective synchronization of hyperchaotic complex nonlinear systems based on passive theory for secure communications

International Nuclear Information System (INIS)

Mahmoud, Gamal M; Mahmoud, Emad E; Arafa, Ayman A

2013-01-01

In this paper we deal with the projective synchronization (PS) of hyperchaotic complex nonlinear systems and its application in secure communications based on passive theory. The unpredictability of the scaling factor in PS can additionally enhance the security of communications. In this paper, a scheme for secure message transmission is proposed, and we try to transmit more than one large or bounded message from the transmitter to the receiver. The new hyperchaotic complex Lorenz system is employed to encrypt these messages. In the transmitter, the original messages are modulated into its parameter. In the receiver, we assume that the parameter of the receiver system is uncertain. The controllers and corresponding parameter update law are constructed to achieve PS between the transmitter and receiver system with an uncertain parameter, and identify the unknown parameter via passive theory. The original messages can be recovered successfully through some simple operations by the estimated parameter. Numerical results have verified the effectiveness and feasibility of the presented method. (paper)

Measurable Control System Security through Ideal Driven Technical Metrics

Energy Technology Data Exchange (ETDEWEB)

Miles McQueen; Wayne Boyer; Sean McBride; Marie Farrar; Zachary Tudor

2008-01-01

The Department of Homeland Security National Cyber Security Division supported development of a small set of security ideals as a framework to establish measurable control systems security. Based on these ideals, a draft set of proposed technical metrics was developed to allow control systems owner-operators to track improvements or degradations in their individual control systems security posture. The technical metrics development effort included review and evaluation of over thirty metrics-related documents. On the bases of complexity, ambiguity, or misleading and distorting effects the metrics identified during the reviews were determined to be weaker than necessary to aid defense against the myriad threats posed by cyber-terrorism to human safety, as well as to economic prosperity. Using the results of our metrics review and the set of security ideals as a starting point for metrics development, we identified thirteen potential technical metrics - with at least one metric supporting each ideal. Two case study applications of the ideals and thirteen metrics to control systems were then performed to establish potential difficulties in applying both the ideals and the metrics. The case studies resulted in no changes to the ideals, and only a few deletions and refinements to the thirteen potential metrics. This led to a final proposed set of ten core technical metrics. To further validate the security ideals, the modifications made to the original thirteen potential metrics, and the final proposed set of ten core metrics, seven separate control systems security assessments performed over the past three years were reviewed for findings and recommended mitigations. These findings and mitigations were then mapped to the security ideals and metrics to assess gaps in their coverage. The mappings indicated that there are no gaps in the security ideals and that the ten core technical metrics provide significant coverage of standard security issues with 87% coverage. Based

76 FR 42395 - Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based Swap...

Science.gov (United States)

2011-07-18

... Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based Swap Participants...-11] RIN 3235-AL10 Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based...'') relating to external business conduct standards for security-based swap dealers (``SBS Dealers'') and major...

A Novel Multifactor Authentication System Ensuring Usability and Security

OpenAIRE

Mathew, Gloriya; Thomas, Shiney

2013-01-01

User authentication is one of the most important part of information security. Computer security most commonly depends on passwords to authenticate human users. Password authentication systems will be either been usable but not secure, or secure but not usable. While there are different types of authentication systems available alphanumeric password is the most commonly used authentication mechanism. But this method has significant drawbacks. An alternative solution to the text based authenti...

Health Information System Role-Based Access Control Current Security Trends and Challenges.

Science.gov (United States)

de Carvalho Junior, Marcelo Antonio; Bandiera-Paiva, Paulo

2018-01-01

This article objective is to highlight implementation characteristics, concerns, or limitations over role-based access control (RBAC) use on health information system (HIS) using industry-focused literature review of current publishing for that purpose. Based on the findings, assessment for indication of RBAC is obsolete considering HIS authorization control needs. We have selected articles related to our investigation theme "RBAC trends and limitations" in 4 different sources related to health informatics or to the engineering technical field. To do so, we have applied the following search query string: "Role-Based Access Control" OR "RBAC" AND "Health information System" OR "EHR" AND "Trends" OR "Challenges" OR "Security" OR "Authorization" OR "Attacks" OR "Permission Assignment" OR "Permission Relation" OR "Permission Mapping" OR "Constraint". We followed PRISMA applicable flow and general methodology used on software engineering for systematic review. 20 articles were selected after applying inclusion and exclusion criteria resulting contributions from 10 different countries. 17 articles advocate RBAC adaptations. The main security trends and limitations mapped were related to emergency access, grant delegation, and interdomain access control. Several publishing proposed RBAC adaptations and enhancements in order to cope current HIS use characteristics. Most of the existent RBAC studies are not related to health informatics industry though. There is no clear indication of RBAC obsolescence for HIS use.

Smart Security System For Home Appliances Control Based On Internet Of Things

Directory of Open Access Journals (Sweden)

Su Zin Zin Win

2015-08-01

Full Text Available Technology is always evolves. Home security is essential for occupants convenience and protection. Security systems are being preferred over manual system. With the rapid increase in the number of users of internet over the past decade has made Internet a part and parcel of life and IoTs is the latest and emerging internet technology. Home Appliances Control of Smart Security System using IoTs uses computers or mobile devices to control basic home functions and features through internet from anywhere around the world. This security system differs from other system by allowing the user to operate the system from anywhere around the world through internet connection. With the implementation of Arduino Mega microcontroller as an Embedded device security system design was constructed with many sensors and web server database. The Arduino Ethernet shield is used to eliminate the use of a personal computer PC. The motion sensing circuit temperature and humidity sensing circuit smoke or gas sensing circuit door lock sensing circuit light onoff circuit were designed to be connected with Arduino Mega microcontroller and Ethernet shield. This system can monitor the temperature and humidity values and the state of some sensors for intruder detection. It can also control the electric appliances like lights and door at home. Real time result was displayed on web server page via the internet.

Recent advances in systems safety and security

CERN Document Server

Stamatescu, Grigore

2016-01-01

This book represents a timely overview of advances in systems safety and security, based on selected, revised and extended contributions from the 2nd and 3rd editions of the International Workshop on Systems Safety and Security – IWSSS, held in 2014 and 2015, respectively, in Bucharest, Romania. It includes 14 chapters, co-authored by 34 researchers from 7 countries. The book provides an useful reference from both theoretical and applied perspectives in what concerns recent progress in this area of critical interest. Contributions, broadly grouped by core topic, address challenges related to information theoretic methods for assuring systems safety and security, cloud-based solutions, image processing approaches, distributed sensor networks and legal or risk analysis viewpoints. These are mostly accompanied by associated case studies providing additional practical value and underlying the broad relevance and impact of the field.

Security Concerns and Countermeasures in Network Coding Based Communications Systems

DEFF Research Database (Denmark)

Talooki, Vahid; Bassoli, Riccardo; Roetter, Daniel Enrique Lucani

2015-01-01

key protocol types, namely, state-aware and stateless protocols, specifying the benefits and disadvantages of each one of them. We also present the key security assumptions of network coding (NC) systems as well as a detailed analysis of the security goals and threats, both passive and active......This survey paper shows the state of the art in security mechanisms, where a deep review of the current research and the status of this topic is carried out. We start by introducing network coding and its variety applications in enhancing current traditional networks. In particular, we analyze two....... This paper also presents a detailed taxonomy and a timeline of the different NC security mechanisms and schemes reported in the literature. Current proposed security mechanisms and schemes for NC in the literature are classified later. Finally a timeline of these mechanism and schemes is presented....

Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

Science.gov (United States)

Johnson, C. W.; Atencia Yepez, A.

2012-01-01

Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

Virtual-optical information security system based on public key infrastructure

Science.gov (United States)

Peng, Xiang; Zhang, Peng; Cai, Lilong; Niu, Hanben

2005-01-01

A virtual-optical based encryption model with the aid of public key infrastructure (PKI) is presented in this paper. The proposed model employs a hybrid architecture in which our previously published encryption method based on virtual-optics scheme (VOS) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). The whole information security model is run under the framework of international standard ITU-T X.509 PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOS security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network. Numerical experiments prove the effectiveness of the method. The security of proposed model is briefly analyzed by examining some possible attacks from the viewpoint of a cryptanalysis.

Cyber Security Analysis by Attack Trees for a Reactor Protection System

International Nuclear Information System (INIS)

Park, Gee-Yong; Lee, Cheol Kwon; Choi, Jong Gyun; Kim, Dong Hoon; Lee, Young Jun; Kwon, Kee-Choon

2008-01-01

As nuclear facilities are introducing digital systems, the cyber security becomes an emerging topic to be analyzed and resolved. The domestic and other nation's regulatory bodies notice this topic and are preparing an appropriate guidance. The nuclear industry where new construction or upgrade of I and C systems is planned is analyzing and establishing a cyber security. A risk-based analysis for the cyber security has been performed in the KNICS (Korea Nuclear I and C Systems) project where the cyber security analysis has been applied to a reactor protection system (RPS). In this paper, the cyber security analysis based on the attack trees is proposed for the KNICS RPS

Cryptanalyzing a discrete-time chaos synchronization secure communication system

International Nuclear Information System (INIS)

Alvarez, G.; Montoya, F.; Romera, M.; Pastor, G.

2004-01-01

This paper describes the security weakness of a recently proposed secure communication method based on discrete-time chaos synchronization. We show that the security is compromised even without precise knowledge of the chaotic system used. We also make many suggestions to improve its security in future versions

Integrated security system definition

International Nuclear Information System (INIS)

Campbell, G.K.; Hall, J.R. II

1985-01-01

The objectives of an integrated security system are to detect intruders and unauthorized activities with a high degree of reliability and the to deter and delay them until effective response/engagement can be accomplished. Definition of an effective integrated security system requires proper application of a system engineering methodology. This paper summarizes a methodology and describes its application to the problem of integrated security system definition. This process includes requirements identification and analysis, allocation of identified system requirements to the subsystem level and provides a basis for identification of synergistic subsystem elements and for synthesis into an integrated system. The paper discusses how this is accomplished, emphasizing at each step how system integration and subsystem synergism is considered. The paper concludes with the product of the process: implementation of an integrated security system

Network Security Risk Assessment System Based on Attack Graph and Markov Chain

Science.gov (United States)

Sun, Fuxiong; Pi, Juntao; Lv, Jin; Cao, Tian

2017-10-01

Network security risk assessment technology can be found in advance of the network problems and related vulnerabilities, it has become an important means to solve the problem of network security. Based on attack graph and Markov chain, this paper provides a Network Security Risk Assessment Model (NSRAM). Based on the network infiltration tests, NSRAM generates the attack graph by the breadth traversal algorithm. Combines with the international standard CVSS, the attack probability of atomic nodes are counted, and then the attack transition probabilities of ones are calculated by Markov chain. NSRAM selects the optimal attack path after comprehensive measurement to assessment network security risk. The simulation results show that NSRAM can reflect the actual situation of network security objectively.

Security Considerations and Recommendations in Computer-Based Testing

Directory of Open Access Journals (Sweden)

Saleh M. Al-Saleem

2014-01-01

Full Text Available Many organizations and institutions around the globe are moving or planning to move their paper-and-pencil based testing to computer-based testing (CBT. However, this conversion will not be the best option for all kinds of exams and it will require significant resources. These resources may include the preparation of item banks, methods for test delivery, procedures for test administration, and last but not least test security. Security aspects may include but are not limited to the identification and authentication of examinee, the risks that are associated with cheating on the exam, and the procedures related to test delivery to the examinee. This paper will mainly investigate the security considerations associated with CBT and will provide some recommendations for the security of these kinds of tests. We will also propose a palm-based biometric authentication system incorporated with basic authentication system (username/password in order to check the identity and authenticity of the examinee.

Security considerations and recommendations in computer-based testing.

Science.gov (United States)

Al-Saleem, Saleh M; Ullah, Hanif

2014-01-01

Many organizations and institutions around the globe are moving or planning to move their paper-and-pencil based testing to computer-based testing (CBT). However, this conversion will not be the best option for all kinds of exams and it will require significant resources. These resources may include the preparation of item banks, methods for test delivery, procedures for test administration, and last but not least test security. Security aspects may include but are not limited to the identification and authentication of examinee, the risks that are associated with cheating on the exam, and the procedures related to test delivery to the examinee. This paper will mainly investigate the security considerations associated with CBT and will provide some recommendations for the security of these kinds of tests. We will also propose a palm-based biometric authentication system incorporated with basic authentication system (username/password) in order to check the identity and authenticity of the examinee.

A Secure Dynamic Identity and Chaotic Maps Based User Authentication and Key Agreement Scheme for e-Healthcare Systems.

Science.gov (United States)

Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao; Chen, Song-Jhih

2016-11-01

Secure user authentication schemes in many e-Healthcare applications try to prevent unauthorized users from intruding the e-Healthcare systems and a remote user and a medical server can establish session keys for securing the subsequent communications. However, many schemes does not mask the users' identity information while constructing a login session between two or more parties, even though personal privacy of users is a significant topic for e-Healthcare systems. In order to preserve personal privacy of users, dynamic identity based authentication schemes are hiding user's real identity during the process of network communications and only the medical server knows login user's identity. In addition, most of the existing dynamic identity based authentication schemes ignore the inputs verification during login condition and this flaw may subject to inefficiency in the case of incorrect inputs in the login phase. Regarding the use of secure authentication mechanisms for e-Healthcare systems, this paper presents a new dynamic identity and chaotic maps based authentication scheme and a secure data protection approach is employed in every session to prevent illegal intrusions. The proposed scheme can not only quickly detect incorrect inputs during the phases of login and password change but also can invalidate the future use of a lost/stolen smart card. Compared the functionality and efficiency with other authentication schemes recently, the proposed scheme satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for e-Healthcare systems.

Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

Energy Technology Data Exchange (ETDEWEB)

Robert P. Evans

2005-09-01

requirements listed in the Framework and in the various industry standards are due, in part, to differences in the level and purpose of the standards. While the requirements in the Framework are fairly specific, many of the industry standard requirements are more general in nature. Additionally, the Framework requirements, derived from the ''Common Criteria for Information Technology Security Evaluation'', are component-based, while most of the industry standards are system-based. The findings of this study will allow the CSSC Framework Team and the standards organizations responsible for the reviewed standards to quickly grasp the relationship between their requirements and the Framework, as well as the relationship between their standard and other industry sectors. This will help identify areas for future work in developing improved security standards.

Information security system quality assessment through the intelligent tools

Science.gov (United States)

Trapeznikov, E. V.

2018-04-01

The technology development has shown the automated system information security comprehensive analysis necessity. The subject area analysis indicates the study relevance. The research objective is to develop the information security system quality assessment methodology based on the intelligent tools. The basis of the methodology is the information security assessment model in the information system through the neural network. The paper presents the security assessment model, its algorithm. The methodology practical implementation results in the form of the software flow diagram are represented. The practical significance of the model being developed is noted in conclusions.

Security of Dependable Systems

DEFF Research Database (Denmark)

Ahmed, Naveed; Jensen, Christian D.

2011-01-01

Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very...... much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security...... in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions....

Energy systems security

CERN Document Server

Voeller, John G

2014-01-01

Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

Artificial immune system applications in computer security

CERN Document Server

Tan, Ying

2016-01-01

This book provides state-of-the-art information on the use, design, and development of the Artificial Immune System (AIS) and AIS-based solutions to computer security issues. Artificial Immune System: Applications in Computer Security focuses on the technologies and applications of AIS in malware detection proposed in recent years by the Computational Intelligence Laboratory of Peking University (CIL@PKU). It offers a theoretical perspective as well as practical solutions for readers interested in AIS, machine learning, pattern recognition and computer security. The book begins by introducing the basic concepts, typical algorithms, important features, and some applications of AIS. The second chapter introduces malware and its detection methods, especially for immune-based malware detection approaches. Successive chapters present a variety of advanced detection approaches for malware, including Virus Detection System, K-Nearest Neighbour (KNN), RBF networ s, and Support Vector Machines (SVM), Danger theory, ...

INFORMATION SECURITY IN MOBILE MODULAR MEASURING SYSTEMS

Directory of Open Access Journals (Sweden)

A. N. Tkhishev

2017-01-01

Full Text Available A special aspect of aircraft test is carrying out both flight evaluation and ground operation evaluation in a structure of flying aids and special tools equipment. The specific of flight and sea tests involve metering in offshore zone, which excludes the possibility of fixed geodetically related measuring tools. In this regard, the specific role is acquired by shipbased measurement systems, in particular the mobile modular measuring systems. Information processed in the mobile modular measurement systems is a critical resource having a high level of confidentiality. When carrying out their functions, it should be implemented a proper information control of the mobile modular measurement systems to ensure their protection from the risk of data leakage, modification or loss, i.e. to ensure a certain level of information security. Due to the specific of their application it is difficult to solve the problems of information security in such complexes. The intruder model, the threat model, the security requirements generated for fixed informatization objects are not applicable to mobile systems. It was concluded that the advanced mobile modular measuring systems designed for flight experiments monitoring and control should be created due to necessary information protection measures and means. The article contains a diagram of security requirements formation, starting with the data envelopment analysis and ending with the practical implementation. The information security probabilistic model applied to mobile modular measurement systems is developed. The list of current security threats based on the environment and specific of the mobile measurement system functioning is examined. The probabilistic model of the information security evaluation is given. The problems of vulnerabilities transformation of designed information system into the security targets with the subsequent formation of the functional and trust requirements list are examined.

Development of building security integration system using sensors, microcontroller and GPS (Global Positioning System) based android smartphone

Science.gov (United States)

Sihombing, P.; Siregar, Y. M.; Tarigan, J. T.; Jaya, I.; Turnip, A.

2018-03-01

Security system is one of the common problems to protect an environment such as personal house or a warehouse. There are numerous methods and technologies that can be used as part of a security system. In this paper, we present a security system that offers a better efficiency. The purpose of this study is to build a system that can monitor home security at any time in particular fire and theft. Through sensors, the system will be able to provide warning information of hazard conditions via LCD monitor, sound, and alarm. This information will be sent automatically to the home owner’s smartphone as well as to the corresponding to the security agency. Thus the prevention of theft and fire hazards can be immediately anticipated by the police and firefighters. The system will also notify the position of the coordinates of the location of the building (the house) by a link to the Google map in order to make it easier to get the location quickly.

Computer Security Systems Enable Access.

Science.gov (United States)

Riggen, Gary

1989-01-01

A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

Cyber Security Analysis by Attack Trees for a Reactor Protection System

Energy Technology Data Exchange (ETDEWEB)

Park, Gee-Yong; Lee, Cheol Kwon; Choi, Jong Gyun; Kim, Dong Hoon; Lee, Young Jun; Kwon, Kee-Choon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

2008-10-15

As nuclear facilities are introducing digital systems, the cyber security becomes an emerging topic to be analyzed and resolved. The domestic and other nation's regulatory bodies notice this topic and are preparing an appropriate guidance. The nuclear industry where new construction or upgrade of I and C systems is planned is analyzing and establishing a cyber security. A risk-based analysis for the cyber security has been performed in the KNICS (Korea Nuclear I and C Systems) project where the cyber security analysis has been applied to a reactor protection system (RPS). In this paper, the cyber security analysis based on the attack trees is proposed for the KNICS RPS.

Image-based electronic patient records for secured collaborative medical applications.

Science.gov (United States)

Zhang, Jianguo; Sun, Jianyong; Yang, Yuanyuan; Liang, Chenwen; Yao, Yihong; Cai, Weihua; Jin, Jin; Zhang, Guozhen; Sun, Kun

2005-01-01

We developed a Web-based system to interactively display image-based electronic patient records (EPR) for secured intranet and Internet collaborative medical applications. The system consists of four major components: EPR DICOM gateway (EPR-GW), Image-based EPR repository server (EPR-Server), Web Server and EPR DICOM viewer (EPR-Viewer). In the EPR-GW and EPR-Viewer, the security modules of Digital Signature and Authentication are integrated to perform the security processing on the EPR data with integrity and authenticity. The privacy of EPR in data communication and exchanging is provided by SSL/TLS-based secure communication. This presentation gave a new approach to create and manage image-based EPR from actual patient records, and also presented a way to use Web technology and DICOM standard to build an open architecture for collaborative medical applications.

Process Control/SCADA system vendor security awareness and security posture.

NARCIS (Netherlands)

Luiijf, H.A.M.; Lüders, S.

2009-01-01

A starting point for the adequate security of process control/SCADA systems is the security awareness and security posture by the manufacturers, vendors, system integrators, and service organisations. The results of a short set of questions indicate that major security improvements are required in

A secure smart-card based authentication and key agreement scheme for telecare medicine information systems.

Science.gov (United States)

Lee, Tian-Fu; Liu, Chuan-Ming

2013-06-01

A smart-card based authentication scheme for telecare medicine information systems enables patients, doctors, nurses, health visitors and the medicine information systems to establish a secure communication platform through public networks. Zhu recently presented an improved authentication scheme in order to solve the weakness of the authentication scheme of Wei et al., where the off-line password guessing attacks cannot be resisted. This investigation indicates that the improved scheme of Zhu has some faults such that the authentication scheme cannot execute correctly and is vulnerable to the attack of parallel sessions. Additionally, an enhanced authentication scheme based on the scheme of Zhu is proposed. The enhanced scheme not only avoids the weakness in the original scheme, but also provides users' anonymity and authenticated key agreements for secure data communications.

Multimedia Security System for Security and Medical Applications

Science.gov (United States)

Zhou, Yicong

2010-01-01

This dissertation introduces a new multimedia security system for the performance of object recognition and multimedia encryption in security and medical applications. The system embeds an enhancement and multimedia encryption process into the traditional recognition system in order to improve the efficiency and accuracy of object detection and…

Knowledge Base for an Intelligent System in order to Identify Security Requirements for Government Agencies Software Projects

Directory of Open Access Journals (Sweden)

Adán Beltrán G.

2016-01-01

Full Text Available It has been evidenced that one of the most common causes in the failure of software security is the lack of identification and specification of requirements for information security, it is an activity with an insufficient importance in the software development or software acquisition We propose the knowledge base of CIBERREQ. CIBERREQ is an intelligent knowledge-based system used for the identification and specification of security requirements in the software development cycle or in the software acquisition. CIBERREQ receives functional software requirements written in natural language and produces non-functional security requirements through a semi-automatic process of risk management. The knowledge base built is formed by an ontology developed collaboratively by experts in information security. In this process has been identified six types of assets: electronic data, physical data, hardware, software, person and service; as well as six types of risk: competitive disadvantage, loss of credibility, economic risks, strategic risks, operational risks and legal sanctions. In addition there are defined 95 vulnerabilities, 24 threats, 230 controls, and 515 associations between concepts. Additionally, automatic expansion was used with Wikipedia for the asset types Software and Hardware, obtaining 7125 and 5894 software and hardware subtypes respectively, achieving thereby an improvement of 10% in the identification of the information assets candidates, one of the most important phases of the proposed system.

THE MODEL FOR RISK ASSESSMENT ERP-SYSTEMS INFORMATION SECURITY

Directory of Open Access Journals (Sweden)

V. S. Oladko

2016-12-01

Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.

A novel wireless local positioning system for airport (indoor) security

Science.gov (United States)

Zekavat, Seyed A.; Tong, Hui; Tan, Jindong

2004-09-01

A novel wireless local positioning system (WLPS) for airport (or indoor) security is introduced. This system is used by airport (indoor) security guards to locate all of, or a group of airport employees or passengers within the airport area. WLPS consists of two main parts: (1) a base station that is carried by security personnel; hence, introducing dynamic base station (DBS), and (2) a transponder (TRX) that is mounted on all people (including security personnel) present at the airport; thus, introducing them as active targets. In this paper, we (a) draw a futuristic view of the airport security systems, and the flow of information at the airports, (b) investigate the techniques of extending WLPS coverage area beyond the line-of-sight (LoS), and (c) study the performance of this system via standard transceivers, and direct sequence code division multiple access (DS-CDMA) systems with and without antenna arrays and conventional beamforming (BF).

Obsessive-Compulsive Homeland Security: Insights from the Neurobiological Security Motivation System

Science.gov (United States)

2018-03-01

HOMELAND SECURITY: INSIGHTS FROM THE NEUROBIOLOGICAL SECURITY MOTIVATION SYSTEM by Marissa D. Madrigal March 2018 Thesis Advisor...FROM THE NEUROBIOLOGICAL SECURITY MOTIVATION SYSTEM 5. FUNDING NUMBERS 6. AUTHOR(S) Marissa D. Madrigal 7. PERFORMING ORGANIZATION NAME(S) AND...how activation of the neurobiological security- motivation system can lead to securitization in response to a security speech act. It explores the model

A secure and robust password-based remote user authentication scheme using smart cards for the integrated EPR information system.

Science.gov (United States)

Das, Ashok Kumar

2015-03-01

An integrated EPR (Electronic Patient Record) information system of all the patients provides the medical institutions and the academia with most of the patients' information in details for them to make corrective decisions and clinical decisions in order to maintain and analyze patients' health. In such system, the illegal access must be restricted and the information from theft during transmission over the insecure Internet must be prevented. Lee et al. proposed an efficient password-based remote user authentication scheme using smart card for the integrated EPR information system. Their scheme is very efficient due to usage of one-way hash function and bitwise exclusive-or (XOR) operations. However, in this paper, we show that though their scheme is very efficient, their scheme has three security weaknesses such as (1) it has design flaws in password change phase, (2) it fails to protect privileged insider attack and (3) it lacks the formal security verification. We also find that another recently proposed Wen's scheme has the same security drawbacks as in Lee at al.'s scheme. In order to remedy these security weaknesses found in Lee et al.'s scheme and Wen's scheme, we propose a secure and efficient password-based remote user authentication scheme using smart cards for the integrated EPR information system. We show that our scheme is also efficient as compared to Lee et al.'s scheme and Wen's scheme as our scheme only uses one-way hash function and bitwise exclusive-or (XOR) operations. Through the security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks.

Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems.

Science.gov (United States)

Sutrala, Anil Kumar; Das, Ashok Kumar; Odelu, Vanga; Wazid, Mohammad; Kumari, Saru

2016-10-01

Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home. Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin-Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed, which overcomes the security pitfalls of Amin-Biswas's scheme and also preserves user anonymity property. The careful formal security analysis using the two widely accepted Burrows-Abadi-Needham (BAN) logic and the random oracle models is done. Moreover, the informal security analysis of the scheme is also done. These security analyses show the robustness of our new scheme against the various known attacks as well as attacks found in Amin-Biswas's scheme. The simulation of the proposed scheme using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done. We present a new user authentication and session key agreement scheme for TMIS, which fixes the mentioned security pitfalls found in Amin-Biswas's scheme, and we also show that the proposed scheme provides better security than other existing schemes through the rigorous security analysis and verification tool. Furthermore, we present the formal security

Windows XP Operating System Security Analysis

National Research Council Canada - National Science Library

Goktepe, Meftun

2002-01-01

.... The purpose of this research is to determine if Windows XP, when used as a workstation operating system in domain- based networks, provides adequate security policy enforcement for organizations...

Use of Attack Graphs in Security Systems

Directory of Open Access Journals (Sweden)

Vivek Shandilya

2014-01-01

Full Text Available Attack graphs have been used to model the vulnerabilities of the systems and their potential exploits. The successful exploits leading to the partial/total failure of the systems are subject of keen security interest. Considerable effort has been expended in exhaustive modeling, analyses, detection, and mitigation of attacks. One prominent methodology involves constructing attack graphs of the pertinent system for analysis and response strategies. This not only gives the simplified representation of the system, but also allows prioritizing the security properties whose violations are of greater concern, for both detection and repair. We present a survey and critical study of state-of-the-art technologies in attack graph generation and use in security system. Based on our research, we identify the potential, challenges, and direction of the current research in using attack graphs.

Evaluating pay-as-you-go social security systems

OpenAIRE

Bachmann, Andreas; Wüthrich, Kaspar

2013-01-01

This paper proposes a new method for welfare analysis of unfunded social security systems. Based on an overlapping generations model with endogenous labor supply, we derive a formula for the evaluation of existing pay-as-you-go social security systems that depends on impulse response functions and projected growth rates only. We propose an implementation strategy based on reduced form estimates of a VAR model that is valid under weak assumptions about the deep structure of the model. Our meth...

An autonomic security monitor for distributed operating systems

OpenAIRE

Arenas, A.; Aziz, Benjamin; Maj, S.; Matthews, B.

2011-01-01

This paper presents an autonomic system for the monitoring of security-relevant information in a Grid-based operating system. The system implements rule-based policies using Java Drools. Policies are capable of controlling the system environment based on changes in levels of CPU/memory usage, accesses to system resources, detection of abnormal behaviour such as DDos attacks.

Addressing security, collaboration, and usability with tactical edge mobile devices and strategic cloud-based systems

Science.gov (United States)

Graham, Christopher J.

2012-05-01

Success in the future battle space is increasingly dependent on rapid access to the right information. Faced with a shrinking budget, the Government has a mandate to improve intelligence productivity, quality, and reliability. To achieve increased ISR effectiveness, leverage of tactical edge mobile devices via integration with strategic cloud-based infrastructure is the single, most likely candidate area for dramatic near-term impact. This paper discusses security, collaboration, and usability components of this evolving space. These three paramount tenets outlined below, embody how mission information is exchanged securely, efficiently, with social media cooperativeness. Tenet 1: Complete security, privacy, and data integrity, must be ensured within the net-centric battle space. This paper discusses data security on a mobile device, data at rest on a cloud-based system, authorization and access control, and securing data transport between entities. Tenet 2: Lack of collaborative information sharing and content reliability jeopardizes mission objectives and limits the end user capability. This paper discusses cooperative pairing of mobile devices and cloud systems, enabling social media style interaction via tagging, meta-data refinement, and sharing of pertinent data. Tenet 3: Fielded mobile solutions must address usability and complexity. Simplicity is a powerful paradigm on mobile platforms, where complex applications are not utilized, and simple, yet powerful, applications flourish. This paper discusses strategies for ensuring mobile applications are streamlined and usable at the tactical edge through focused features sets, leveraging the power of the back-end cloud, minimization of differing HMI concepts, and directed end-user feedback.teInput=

Security region-based small signal stability analysis of power systems with FSIG based wind farm

Science.gov (United States)

Qin, Chao; Zeng, Yuan; Yang, Yang; Cui, Xiaodan; Xu, Xialing; Li, Yong

2018-02-01

Based on the Security Region approach, the impact of fixed-speed induction generator based wind farm on the small signal stability of power systems is analyzed. Firstly, the key factors of wind farm on the small signal stability of power systems are analyzed and the parameter space for small signal stability region is formed. Secondly, the small signal stability region of power systems with wind power is established. Thirdly, the corresponding relation between the boundary of SSSR and the dominant oscillation mode is further studied. Results show that the integration of fixed-speed induction generator based wind farm will cause the low frequency oscillation stability of the power system deteriorate. When the output of wind power is high, the oscillation stability of the power system is mainly concerned with the inter-area oscillation mode caused by the integration of the wind farm. Both the active power output and the capacity of reactive power compensation of the wind farm have a significant influence on the SSSR. To improve the oscillation stability of power systems with wind power, it is suggested to reasonably set the reactive power compensation capacity for the wind farm through SSSR.

Congestion management considering voltage security of power systems

International Nuclear Information System (INIS)

Esmaili, Masoud; Shayanfar, Heidar Ali; Amjady, Nima

2009-01-01

Congestion in a power network is turned up due to system operating limits. To relieve congestion in a deregulated power market, the system operator pays to market participants, GENCOs and DISCOs, to alter their active powers considering their bids. After performing congestion management, the network may be operated with a low security level because of hitting some flows their upper limit and some voltages their lower limit. In this paper, a novel congestion management method based on the voltage stability margin sensitivities is introduced. Using the proposed method, the system operator so alleviates the congestion that the network can more retain its security. The proposed method not only makes the system more secure after congestion management than other methods already presented for this purpose but also its cost of providing security is lower than the earlier methods. Test results of the proposed method along with the earlier ones on the New-England test system elaborate the efficiency of the proposed method from the viewpoint of providing a better voltage stability margin and voltage profile as well as a lower security cost. (author)

Cost and performance analysis of physical security systems

International Nuclear Information System (INIS)

Hicks, M.J.; Yates, D.; Jago, W.H.

1997-01-01

CPA - Cost and Performance Analysis - is a prototype integration of existing PC-based cost and performance analysis tools: ACEIT (Automated Cost Estimating Integrated Tools) and ASSESS (Analytic System and Software for Evaluating Safeguards and Security). ACE is an existing DOD PC-based tool that supports cost analysis over the full life cycle of a system; that is, the cost to procure, operate, maintain and retire the system and all of its components. ASSESS is an existing DOE PC-based tool for analysis of performance of physical protection systems. Through CPA, the cost and performance data are collected into Excel workbooks, making the data readily available to analysts and decision makers in both tabular and graphical formats and at both the system and subsystem levels. The structure of the cost spreadsheets incorporates an activity-based approach to cost estimation. Activity-based costing (ABC) is an accounting philosophy used by industry to trace direct and indirect costs to the products or services of a business unit. By tracing costs through security sensors and procedures and then mapping the contributions of the various sensors and procedures to system effectiveness, the CPA architecture can provide security managers with information critical for both operational and strategic decisions. The architecture, features and applications of the CPA prototype are presented. 5 refs., 3 figs

Cognitive Security of Wireless Communication Systems in the Physical Layer

Directory of Open Access Journals (Sweden)

Mustafa Harun Yılmaz

2017-01-01

Full Text Available While the wireless communication systems provide the means of connectivity nearly everywhere and all the time, communication security requires more attention. Even though current efforts provide solutions to specific problems under given circumstances, these methods are neither adaptive nor flexible enough to provide security under the dynamic conditions which make the security breaches an important concern. In this paper, a cognitive security (CS concept for wireless communication systems in the physical layer is proposed with the aim of providing a comprehensive solution to wireless security problems. The proposed method will enable the comprehensive security to ensure a robust and reliable communication in the existence of adversaries by providing adaptive security solutions in the communication systems by exploiting the physical layer security from different perspective. The adaptiveness relies on the fact that radio adapts its propagation characteristics to satisfy secure communication based on specific conditions which are given as user density, application specific adaptation, and location within CS concept. Thus, instead of providing any type of new security mechanism, it is proposed that radio can take the necessary precautions based on these conditions before the attacks occur. Various access scenarios are investigated to enable the CS while considering these conditions.

Security analysis - from analytical methods to intelligent systems

Energy Technology Data Exchange (ETDEWEB)

Lambert-Torres, G; Silva, A.P. Alves da; Ferreira, C [Escola Federal de Engenharia de Itajuba, MG (Brazil); Mattos dos Reis, L O [Taubate Univ., SP (Brazil)

1994-12-31

This paper presents an alternative approach to Security Analysis based on Artificial Neural Network (ANN) techniques. This new technique tries to imitate the human brain and is based on neurons and synopses. A critical review of the ANN used in Power System Operation problem solving is made, while structures to solve the Security Analysis problems are proposed. (author) 7 refs., 4 figs.

POLICE OFFICE MODEL IMPROVEMENT FOR SECURITY OF SWARM ROBOTIC SYSTEMS

Directory of Open Access Journals (Sweden)

I. A. Zikratov

2014-09-01

Full Text Available This paper focuses on aspects of information security for group of mobile robotic systems with swarm intellect. The ways for hidden attacks realization by the opposing party on swarm algorithm are discussed. We have fulfilled numerical modeling of potentially destructive information influence on the ant shortest path algorithm. We have demonstrated the consequences of attacks on the ant algorithm with different concentration in a swarm of subversive robots. Approaches are suggested for information security mechanisms in swarm robotic systems, based on the principles of centralized security management for mobile agents. We have developed the method of forming a self-organizing information security management system for robotic agents in swarm groups implementing POM (Police Office Model – a security model based on police offices, to provide information security in multi-agent systems. The method is based on the usage of police station network in the graph nodes, which have functions of identification and authentication of agents, identifying subversive robots by both their formal characteristics and their behavior in the swarm. We have suggested a list of software and hardware components for police stations, consisting of: communication channels between the robots in police office, nodes register, a database of robotic agents, a database of encryption and decryption module. We have suggested the variants of logic for the mechanism of information security in swarm systems with different temporary diagrams of data communication between police stations. We present comparative analysis of implementation of protected swarm systems depending on the functioning logic of police offices, integrated in swarm system. It is shown that the security model saves the ability to operate in noisy environments, when the duration of the interference is comparable to the time necessary for the agent to overcome the path between police stations.

Cyber-Physical Systems Security: a Systematic Mapping Study

OpenAIRE

Lun, Yuriy Zacchia; D'Innocenzo, Alessandro; Malavolta, Ivano; Di Benedetto, Maria Domenica

2016-01-01

Cyber-physical systems are integrations of computation, networking, and physical processes. Due to the tight cyber-physical coupling and to the potentially disrupting consequences of failures, security here is one of the primary concerns. Our systematic mapping study sheds some light on how security is actually addressed when dealing with cyber-physical systems. The provided systematic map of 118 selected studies is based on, for instance, application fields, various system components, relate...

Security, privacy and trust in cloud systems

CERN Document Server

Nepal, Surya

2013-01-01

The book compiles technologies for enhancing and provisioning security, privacy and trust in cloud systems based on Quality of Service requirements. It is a timely contribution to a field that is gaining considerable research interest, momentum, and provides a comprehensive coverage of technologies related to cloud security, privacy and trust. In particular, the book includes - Cloud security fundamentals and related technologies to-date, with a comprehensive coverage of evolution, current landscape, and future roadmap. - A smooth organization with introductory, advanced and specialist content

Security information and event management systems: benefits and inefficiencies

OpenAIRE

Κάτσαρης, Δημήτριος Σ.

2014-01-01

In this Master’s thesis, the new trend in computer and information security industry called Security Information and Event Management systems will be covered. The evolution, advantages and weaknesses of these systems will be described, as well as a home-based implementation with open source tools will be proposed and implemented.

Army Secure Operating System: Information Security for Real Time Systems

National Research Council Canada - National Science Library

Anderson, Eric

1984-01-01

The Army Secure Operating System (ASOS) project, under the management of the U.S. Army CECOM organization, will provide real time systems software necessary for fielding modern Battlefield Automation Systems...

The Design and Realization of Household Intelligent Security System

Directory of Open Access Journals (Sweden)

Huang Sheng-Bo

2016-01-01

Full Text Available It is known that Smart home has brought great convenience to the lives of humans. However, we have attached quantities of interest in its security as the development of technology goes on. According to the security requirements at the moment, we introduce the scheme of smart home security system based on ZigBee, and design system hardware and software process. By applying a STC89C52 microcontroller, our system is able to accurately detect and give alarms automatically to house fire, harmful gases and thefts.

Security analysis of a chaotic map-based authentication scheme for telecare medicine information systems.

Science.gov (United States)

Yau, Wei-Chuen; Phan, Raphael C-W

2013-12-01

Many authentication schemes have been proposed for telecare medicine information systems (TMIS) to ensure the privacy, integrity, and availability of patient records. These schemes are crucial for TMIS systems because otherwise patients' medical records become susceptible to tampering thus hampering diagnosis or private medical conditions of patients could be disclosed to parties who do not have a right to access such information. Very recently, Hao et al. proposed a chaotic map-based authentication scheme for telecare medicine information systems in a recent issue of Journal of Medical Systems. They claimed that the authentication scheme can withstand various attacks and it is secure to be used in TMIS. In this paper, we show that this authentication scheme is vulnerable to key-compromise impersonation attacks, off-line password guessing attacks upon compromising of a smart card, and parallel session attacks. We also exploit weaknesses in the password change phase of the scheme to mount a denial-of-service attack. Our results show that this scheme cannot be used to provide security in a telecare medicine information system.

Systems analysis of a security alarm system

International Nuclear Information System (INIS)

Schiff, A.

1975-01-01

When the Lawrence Livermore Laboratory found that its security alarm system was causing more false alarms and maintenance costs than LLL felt was tolerable, a systems analysis was undertaken to determine what should be done about the situation. This report contains an analysis of security alarm systems in general and ends with a review of the existing Security Alarm Control Console (SACC) and recommendations for its improvement, growth and change. (U.S.)

Audit for Information Systems Security

Directory of Open Access Journals (Sweden)

Ana-Maria SUDUC

2010-01-01

Full Text Available The information and communication technologies advances made available enormous and vast amounts of information. This availability generates also significant risks to computer systems, information and to the critical operations and infrastructures they support. In spite of significant advances in the information security area many information systems are still vulnerable to inside or outside attacks. The existence of an internal audit for information system security increases the probability of adopting adequate security measures and preventing these attacks or lowering the negative consequences. The paper presents an exploratory study on informatics audit for information systems security.

Error-Based Accidents and Security Incidents in Nuclear Materials Management

International Nuclear Information System (INIS)

Pond, Daniel J.; Greitzer, Frank L.

2005-01-01

Hazard and risk assessments, along with human error analysis and mitigation techniques, have long been mainstays of effective safety programs. These tools have revealed that worker errors contributing to or resulting in accidents are often the consequence of ineffective system conditions, process features, or individual employee characteristics. At Los Alamos National Laboratory (LANL), security, safety, human error, and organizational analysts determined that the system-induced human errors that make accidents more likely also are contributing to security incidents. A similar set of system conditions has been found to underlie deliberate, non-malevolent deviations from proper security practices - termed breaches - that also can result in a security incident. In fiscal-year (FY) 2002, LANL's Security Division therefore established the ESTHER (Enhanced Security Through Human Error Reduction) program to identify and reduce the influence of the factors that underlie employee errors and breaches and, in turn, security incidents. Recognizing the potential benefits of this program and approach, in FY2004 the Department of Energy (DOE) Office of Security Policy (DOE-SO) funded an expansion of ESTHER implementation to the causal assessment and reporting of security incidents at other DOE sites. This presentation will focus on three applications of error/breach assessment and mitigation techniques. One use is proactive, accomplished through the elimination of contributors to error, whereas two are reactive, implemented in response to accidents or security incidents as well as to near misses, to prevent recurrence. The human performance and safety bases of these techniques will be detailed. Associated tools - including computer-based assessment training and web-based incident reporting modules developed by Pacific Northwest National Laboratory - will be discussed

On Building Secure Communication Systems

DEFF Research Database (Denmark)

Carvalho Quaresma, Jose Nuno

This thesis presents the Guided System Development (GSD) framework, which aims at supporting the development of secure communication systems. A communication system is specified in a language similar to the Alice and Bob notation, a simple and intuitive language used to describe the global...... the verification and implementation of the system. The translation is semi-automatic because the developer has the option of choosing which implementation to use in order to achieve the specified security requirements. The implementation options are given by plugins defined in the framework. The framework......’s flexibility allows for the addition of constructs that model new security properties as well as new plugins that implement the security properties. In order to provide higher security assurances, the system specification can be verified by formal methods tools such as the Beliefs and Knowledge (BAK) tool...

Analysis of the security and privacy requirements of cloud-based electronic health records systems.

Science.gov (United States)

Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

2013-08-21

The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access

A secure communication scheme based generalized function projective synchronization of a new 5D hyperchaotic system

International Nuclear Information System (INIS)

Wu, Xiangjun; Fu, Zhengye; Kurths, Jürgen

2015-01-01

In this paper, a new five-dimensional hyperchaotic system is proposed based on the Lü hyperchaotic system. Some of its basic dynamical properties, such as equilibria, Lyapunov exponents, bifurcations and various attractors are investigated. Furthermore, a new secure communication scheme based on generalized function projective synchronization (GFPS) of this hyperchaotic system with an uncertain parameter is presented. The communication scheme is composed of the modulation, the chaotic receiver, the chaotic transmitter and the demodulation. The modulation mechanism is to modulate the message signal into the system parameter. Then the chaotic signals are sent to the receiver via a public channel. In the receiver end, by designing the controllers and the parameter update rule, GFPS between the transmitter and receiver systems is achieved and the unknown parameter is estimated simultaneously. The message signal can be finally recovered by the identified parameter and the corresponding demodulation method. There is no any limitation on the message size. Numerical simulations are performed to show the validity and feasibility of the presented secure communication scheme. (paper)

Model-based security engineering for the internet of things

OpenAIRE

NEISSE RICARDO; STERI GARY; NAI FOVINO Igor; BALDINI Gianmarco; VAN HOESEL Lodewijk

2015-01-01

We propose in this chapter a Model-based Security Toolkit (SecKit) and methodology to address the control and protection of user data in the deployment of the Internet of Things (IoT). This toolkit takes a more general approach for security engineering including risk analysis, establishment of aspect-specific trust relationships, and enforceable security policies. We describe the integrated metamodels used in the toolkit and the accompanying security engineering methodology for IoT systems...

Security Systems Commissioning: An Old Trick for Your New Dog

Science.gov (United States)

Black, James R.

2009-01-01

Sophisticated, software-based security systems can provide powerful tools to support campus security. By nature, such systems are flexible, with many capabilities that can help manage the process of physical protection. However, the full potential of these systems can be overlooked because of unfamiliarity with the products, weaknesses in security…

Information technology security system engineering methodology

Science.gov (United States)

Childs, D.

2003-01-01

A methodology is described for system engineering security into large information technology systems under development. The methodology is an integration of a risk management process and a generic system development life cycle process. The methodology is to be used by Security System Engineers to effectively engineer and integrate information technology security into a target system as it progresses through the development life cycle. The methodology can also be used to re-engineer security into a legacy system.

Systems Security Engineering

Science.gov (United States)

2010-08-22

environment that contains network- borne cybersecurity threats, an argument may be made that the firewall increases overall system functionality by reserving...the number of administered devices. This approach to security analysis is at once old and new. In the early days of eCommerce , security

Service Oriented Architecture in Network Security - a novel Organisation in Security Systems

OpenAIRE

Hilker, Michael; Schommer, Christoph

2008-01-01

Current network security systems are a collection of various security components, which are directly installed in the operating system. These check the whole node for suspicious behaviour. Armouring intrusions e.g. have the ability to hide themselves from being checked. We present in this paper an alternative organisation of security systems. The node is completely virtualized with current virtualization systems so that the operating system with applications and the security system is disting...

A MAS-Based Cloud Service Brokering System to Respond Security Needs of Cloud Customers

Directory of Open Access Journals (Sweden)

Jamal Talbi

2017-03-01

Full Text Available Cloud computing is becoming a key factor in computer science and an important technology for many organizations to deliver different types of services. The companies which provide services to customers are called as cloud service providers. The cloud users (CUs increase and require secure, reliable and trustworthy cloud service providers (CSPs from the market. So, it’s a challenge for a new customer to choose the highly secure provider. This paper presents a cloud service brokering system in order to analyze and rank the secured cloud service provider among the available providers list. This model uses an autonomous and flexible agent in multi-agent system (MASs that have an intelligent behavior and suitable tools for helping the brokering system to assess the security risks for the group of cloud providers which make decision of the more secured provider and justify the business needs of users in terms of security and reliability.

A Cluster- Based Secure Active Network Environment

Institute of Scientific and Technical Information of China (English)

CHEN Xiao-lin; ZHOU Jing-yang; DAI Han; LU Sang-lu; CHEN Gui-hai

2005-01-01

We introduce a cluster-based secure active network environment (CSANE) which separates the processing of IP packets from that of active packets in active routers. In this environment, the active code authorized or trusted by privileged users is executed in the secure execution environment (EE) of the active router, while others are executed in the secure EE of the nodes in the distributed shared memory (DSM) cluster. With the supports of a multi-process Java virtual machine and KeyNote, untrusted active packets are controlled to securely consume resource. The DSM consistency management makes that active packets can be parallelly processed in the DSM cluster as if they were processed one by one in ANTS (Active Network Transport System). We demonstrate that CSANE has good security and scalability, but imposing little changes on traditional routers.

An evaluation index system of water security in China based on macroeconomic data from 2000 to 2012

Science.gov (United States)

Li, X. S.; Peng, Z. Y.; Li, T. T.

2016-08-01

This paper establishes an evaluation index system of water security. The index system employs 5 subsystems (water circulation security, water environment security, water ecology security, water society security and water economy security) and has 39 indicators. Using the AHP method, each indicator is given a relative weight to integrate within the whole system. With macroeconomic data from 2000 to 2012, a model of water security evaluation is applied to assess the state of water security in China. The results show an improving trend in the overall state of China's water security. In particular, the cycle of water security is at a high and low fluctuation. Water environment security presents an upward trend on the whole; however, this trend is unsteady and has shown a descending tendency in some years. Yet, water ecology security, water society security, and water economy security are basically on the rise. However, the degree of coordination of China's water security system remains in need of consolidation.

Training programs for the systems approach to nuclear security

International Nuclear Information System (INIS)

Ellis, D.

2005-01-01

Full text: In support of United States Government (USG) and International Atomic Energy Agency (IAEA) nuclear security programs, Sandia National Laboratories (SNL) has advocated and practiced a risk-based, systematic approach to nuclear security. The risk equation has been developed and implemented as the basis for a performance-based methodology for the design and evaluation of physical protection systems against a design basis threat (DBT) for theft and sabotage of nuclear and/or radiological materials. Integrated systems must include technology, people, and the man-machine interface. A critical aspect of the human element is training on the systems-approach for all the stakeholders in nuclear security. Current training courses and workshops have been very beneficial but are still rather limited in scope. SNL has developed two primary international classes - the international training course on the physical protection of nuclear facilities and materials, and the design basis threat methodology workshop. SNL is also completing the development of three new courses that will be offered and presented in the near term. They are vital area identification methodology focused on nuclear power plants to aid in their protection against radiological sabotage, insider threat analysis methodology and protection schemes, and security foundations for competent authority and facility operator stakeholders who are not security professionals. In the long term, we envision a comprehensive nuclear security curriculum that spans policy and technology, regulators and operators, introductory and expert levels, classroom and laboratory/field, and local and offsite training options. This training curriculum will be developed in concert with a nuclear security series of guidance documents that is expected to be forthcoming from the IAEA. It is important to note that while appropriate implementation of systems based on such training and documentation can improve the risk reduction, such a

Security enhancement mechanism based on contextual authentication and role analysis for 2G-RFID systems.

Science.gov (United States)

Tang, Wan; Chen, Min; Ni, Jin; Yang, Ximin

2011-01-01

The traditional Radio Frequency Identification (RFID) system, in which the information maintained in tags is passive and static, has no intelligent decision-making ability to suit application and environment dynamics. The Second-Generation RFID (2G-RFID) system, referred as 2G-RFID-sys, is an evolution of the traditional RFID system to ensure better quality of service in future networks. Due to the openness of the active mobile codes in the 2G-RFID system, the realization of conveying intelligence brings a critical issue: how can we make sure the backend system will interpret and execute mobile codes in the right way without misuse so as to avoid malicious attacks? To address this issue, this paper expands the concept of Role-Based Access Control (RBAC) by introducing context-aware computing, and then designs a secure middleware for backend systems, named Two-Level Security Enhancement Mechanism or 2L-SEM, in order to ensure the usability and validity of the mobile code through contextual authentication and role analysis. According to the given contextual restrictions, 2L-SEM can filtrate the illegal and invalid mobile codes contained in tags. Finally, a reference architecture and its typical application are given to illustrate the implementation of 2L-SEM in a 2G-RFID system, along with the simulation results to evaluate how the proposed mechanism can guarantee secure execution of mobile codes for the system.

Security Enhancement Mechanism Based on Contextual Authentication and Role Analysis for 2G-RFID Systems

Directory of Open Access Journals (Sweden)

Ximin Yang

2011-06-01

Full Text Available The traditional Radio Frequency Identification (RFID system, in which the information maintained in tags is passive and static, has no intelligent decision-making ability to suit application and environment dynamics. The Second-Generation RFID (2G-RFID system, referred as 2G-RFID-sys, is an evolution of the traditional RFID system to ensure better quality of service in future networks. Due to the openness of the active mobile codes in the 2G-RFID system, the realization of conveying intelligence brings a critical issue: how can we make sure the backend system will interpret and execute mobile codes in the right way without misuse so as to avoid malicious attacks? To address this issue, this paper expands the concept of Role-Based Access Control (RBAC by introducing context-aware computing, and then designs a secure middleware for backend systems, named Two-Level Security Enhancement Mechanism or 2L-SEM, in order to ensure the usability and validity of the mobile code through contextual authentication and role analysis. According to the given contextual restrictions, 2L-SEM can filtrate the illegal and invalid mobile codes contained in tags. Finally, a reference architecture and its typical application are given to illustrate the implementation of 2L-SEM in a 2G-RFID system, along with the simulation results to evaluate how the proposed mechanism can guarantee secure execution of mobile codes for the system.

Information Security and Integrity Systems

Science.gov (United States)

1990-01-01

Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

Research on Lightweight Information Security System of the Internet of Things

OpenAIRE

Ying Li; Li Ping Du; JianWei Guo; Xin Zhao

2013-01-01

In order to improve the security of information transmitted in the internet of things, this study designs an information security system architecture of internet of things based on a lightweight cryptography. In this security system, an authentication protocol, encryption/decryption protocol and signature verification protocol are proposed and implemented. All these security protocol are used to verify the legality of access device and to protect the confidentiality and integrity of transform...

Agent-Based Model of Information Security System: Architecture and Formal Framework for Coordinated Intelligent Agents Behavior Specification

National Research Council Canada - National Science Library

Gorodetski, Vladimir

2001-01-01

The contractor will research and further develop the technology supporting an agent-based architecture for an information security system and a formal framework to specify a model of distributed knowledge...

Secure Server Login by Using Third Party and Chaotic System

Science.gov (United States)

Abdulatif, Firas A.; zuhiar, Maan

2018-05-01

Server is popular among all companies and it used by most of them but due to the security threat on the server make this companies are concerned when using it so that in this paper we will design a secure system based on one time password and third parity authentication (smart phone). The proposed system make security to the login process of server by using one time password to authenticate person how have permission to login and third parity device (smart phone) as other level of security.

Control system security in nuclear power plant

International Nuclear Information System (INIS)

Li Jianghai; Huang Xiaojin

2012-01-01

The digitalization and networking of control systems in nuclear power plants has brought significant improvements in system control, operation and maintenance. However, the highly digitalized control system also introduces additional security vulnerabilities. Moreover, the replacement of conventional proprietary systems with common protocols, software and devices makes these vulnerabilities easy to be exploited. Through the interaction between control systems and the physical world, security issues in control systems impose high risks on health, safety and environment. These security issues may even cause damages of critical infrastructures and threaten national security. The importance of control system security by reviewing several control system security incidents that happened in nuclear power plants was showed in recent years. Several key difficulties in addressing these security issues were described. Finally, existing researches on control system security and propose several promising research directions were reviewed. (authors)

Parental attachment style: examination of links with parent secure base provision and adolescent secure base use.

Science.gov (United States)

Jones, Jason D; Cassidy, Jude

2014-01-01

The secure base construct represents one of attachment theory's most important contributions to our understanding of parent-child relationships and child development. The present study represents the first examination of how parents' self-reported attachment styles relate to parental secure base provision and adolescent (mean age = 16.6 years, SE = .59) secure base use during an observed parent-adolescent interaction. Further, the present study is the first to examine how fathers', as well as mothers', attachment styles relate to observed behavior in a parent-child interaction. At the bivariate level, maternal avoidance, but not anxiety, was negatively associated with observed adolescent secure base use. In addition, path analysis revealed that maternal avoidance was indirectly related to less adolescent secure base use through mothers' self-reported hostile behavior toward their adolescents and through adolescents' less positive perceptions of their mothers. Further, paternal anxiety, but not avoidance, was indirectly related to less adolescent secure base use through fathers' self-reported hostile behavior toward their adolescents. No significant findings emerged in relation to parental secure base provision. We discuss these results in the context of attachment theory and suggest directions for future research.

Security Assessment of Web Based Distributed Applications

Directory of Open Access Journals (Sweden)

Catalin BOJA

2010-01-01

Full Text Available This paper presents an overview about the evaluation of risks and vulnerabilities in a web based distributed application by emphasizing aspects concerning the process of security assessment with regards to the audit field. In the audit process, an important activity is dedicated to the measurement of the characteristics taken into consideration for evaluation. From this point of view, the quality of the audit process depends on the quality of assessment methods and techniques. By doing a review of the fields involved in the research process, the approach wants to reflect the main concerns that address the web based distributed applications using exploratory research techniques. The results show that many are the aspects which must carefully be worked with, across a distributed system and they can be revealed by doing a depth introspective analyze upon the information flow and internal processes that are part of the system. This paper reveals the limitations of a non-existing unified security risk assessment model that could prevent such risks and vulnerabilities debated. Based on such standardize models, secure web based distributed applications can be easily audited and many vulnerabilities which can appear due to the lack of access to information can be avoided.

Audit Characteristics for Information System Security

OpenAIRE

Marius POPA; Mihai DOINEA

2007-01-01

The paper presents the main aspects regarding the development of the information security and assurance of their security. The information systems, standards and audit processes definitions are offered. There are presented the most important security standards used in information system security assessment

Fuzzy Logic Based Anomaly Detection for Embedded Network Security Cyber Sensor

Energy Technology Data Exchange (ETDEWEB)

Ondrej Linda; Todd Vollmer; Jason Wright; Milos Manic

2011-04-01

Resiliency and security in critical infrastructure control systems in the modern world of cyber terrorism constitute a relevant concern. Developing a network security system specifically tailored to the requirements of such critical assets is of a primary importance. This paper proposes a novel learning algorithm for anomaly based network security cyber sensor together with its hardware implementation. The presented learning algorithm constructs a fuzzy logic rule based model of normal network behavior. Individual fuzzy rules are extracted directly from the stream of incoming packets using an online clustering algorithm. This learning algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental test-bed mimicking the environment of a critical infrastructure control system.

Secure integrated circuits and systems

CERN Document Server

Verbauwhede, Ingrid MR

2010-01-01

On any advanced integrated circuit or 'system-on-chip' there is a need for security. In many applications the actual implementation has become the weakest link in security rather than the algorithms or protocols. The purpose of the book is to give the integrated circuits and systems designer an insight into the basics of security and cryptography from the implementation point of view. As a designer of integrated circuits and systems it is important to know both the state-of-the-art attacks as well as the countermeasures. Optimizing for security is different from optimizations for speed, area,

An efficient and provable secure revocable identity-based encryption scheme.

Directory of Open Access Journals (Sweden)

Changji Wang

Full Text Available Revocation functionality is necessary and crucial to identity-based cryptosystems. Revocable identity-based encryption (RIBE has attracted a lot of attention in recent years, many RIBE schemes have been proposed in the literature but shown to be either insecure or inefficient. In this paper, we propose a new scalable RIBE scheme with decryption key exposure resilience by combining Lewko and Waters' identity-based encryption scheme and complete subtree method, and prove our RIBE scheme to be semantically secure using dual system encryption methodology. Compared to existing scalable and semantically secure RIBE schemes, our proposed RIBE scheme is more efficient in term of ciphertext size, public parameters size and decryption cost at price of a little looser security reduction. To the best of our knowledge, this is the first construction of scalable and semantically secure RIBE scheme with constant size public system parameters.

Security systems engineering overview

Science.gov (United States)

Steele, Basil J.

1997-01-01

Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at 70 billion dollars in direct costs and up to 300 billion dollars in indirect costs. Health insurance fraud alone is estimated to cost American businesses 100 billion dollars. Theft, warranty fraud, and counterfeiting of computer hardware totaled 3 billion dollars in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies; industrial espionage detection and prevention; security barrier technology.

Security features of a nuclear material accounting system

International Nuclear Information System (INIS)

Erkkila, B.H.

1988-01-01

The Los Alamos Nuclear Material Accounting and Safeguards System (MASS) is a near-real-time accountability system for bulk materials, discrete items, and materials undergoing dynamic processing. MASS has evolved from a 80-column, card-based process control system to a very sophisticated computer system. Recently, the computer hardware was upgraded to a modern transaction oriented central computer system designed to accommodate extensive growth in the foreseeable future. The security of the MASS computer system is provided through various access controls. There are two kinds of access controls to be addressed. They are physical access control to the hardware which make up the system and access control to the software. There are many features which provide a measure of security to the hardware that are discussed. Access to the software is controlled by a security password. Access to various transaction activities in the system is controlled through the level of MASS under privilege. Details of MASS user privilege are discussed

Cyber Security and Resilient Systems

Energy Technology Data Exchange (ETDEWEB)

Robert S. Anderson

2009-07-01

The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

Cyber Security and Resilient Systems

International Nuclear Information System (INIS)

Anderson, Robert S.

2009-01-01

The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation's cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested - both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the

Developing Scalable Information Security Systems

Directory of Open Access Journals (Sweden)

Valery Konstantinovich Ablekov

2013-06-01

Full Text Available Existing physical security systems has wide range of lacks, including: high cost, a large number of vulnerabilities, problems of modification and support system. This paper covers an actual problem of developing systems without this list of drawbacks. The paper presents the architecture of the information security system, which operates through the network protocol TCP/IP, including the ability to connect different types of devices and integration with existing security systems. The main advantage is a significant increase in system reliability, scalability, both vertically and horizontally, with minimal cost of both financial and time resources.

33 CFR 127.705 - Security systems.

Science.gov (United States)

2010-07-01

... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security systems. 127.705 Section 127.705 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED... Waterfront Facilities Handling Liquefied Natural Gas Security § 127.705 Security systems. The operator shall...

Secure information transfer based on computing reservoir

Energy Technology Data Exchange (ETDEWEB)

Szmoski, R.M.; Ferrari, F.A.S. [Department of Physics, Universidade Estadual de Ponta Grossa, 84030-900, Ponta Grossa (Brazil); Pinto, S.E. de S, E-mail: desouzapinto@pq.cnpq.br [Department of Physics, Universidade Estadual de Ponta Grossa, 84030-900, Ponta Grossa (Brazil); Baptista, M.S. [Institute for Complex Systems and Mathematical Biology, SUPA, University of Aberdeen, Aberdeen (United Kingdom); Viana, R.L. [Department of Physics, Universidade Federal do Parana, 81531-990, Curitiba, Parana (Brazil)

2013-04-01

There is a broad area of research to ensure that information is transmitted securely. Within this scope, chaos-based cryptography takes a prominent role due to its nonlinear properties. Using these properties, we propose a secure mechanism for transmitting data that relies on chaotic networks. We use a nonlinear on–off device to cipher the message, and the transfer entropy to retrieve it. We analyze the system capability for sending messages, and we obtain expressions for the operating time. We demonstrate the system efficiency for a wide range of parameters. We find similarities between our method and the reservoir computing.

Testing Challenges of Maritime Safety and Security Systems-of-Systems

NARCIS (Netherlands)

Gonzalez, A.; Piel, E.; Gross, H.G.

2008-01-01

Preprint of paper published in: TAIC PART 2008: Testing: Academic & Industrial Conference, Practice and Research Techniques, 29-31 August 2008; doi:10.1109/TAIC-PART.2008.14 Maritime Safety and Security systems represent a novel kind of large-scale distributed component-based systems in which the

Secure method for biometric-based recognition with integrated cryptographic functions.

Science.gov (United States)

Chiou, Shin-Yan

2013-01-01

Biometric systems refer to biometric technologies which can be used to achieve authentication. Unlike cryptography-based technologies, the ratio for certification in biometric systems needs not to achieve 100% accuracy. However, biometric data can only be directly compared through proximal access to the scanning device and cannot be combined with cryptographic techniques. Moreover, repeated use, improper storage, or transmission leaks may compromise security. Prior studies have attempted to combine cryptography and biometrics, but these methods require the synchronization of internal systems and are vulnerable to power analysis attacks, fault-based cryptanalysis, and replay attacks. This paper presents a new secure cryptographic authentication method using biometric features. The proposed system combines the advantages of biometric identification and cryptographic techniques. By adding a subsystem to existing biometric recognition systems, we can simultaneously achieve the security of cryptographic technology and the error tolerance of biometric recognition. This method can be used for biometric data encryption, signatures, and other types of cryptographic computation. The method offers a high degree of security with protection against power analysis attacks, fault-based cryptanalysis, and replay attacks. Moreover, it can be used to improve the confidentiality of biological data storage and biodata identification processes. Remote biometric authentication can also be safely applied.

Secure Method for Biometric-Based Recognition with Integrated Cryptographic Functions

Directory of Open Access Journals (Sweden)

Shin-Yan Chiou

2013-01-01

Full Text Available Biometric systems refer to biometric technologies which can be used to achieve authentication. Unlike cryptography-based technologies, the ratio for certification in biometric systems needs not to achieve 100% accuracy. However, biometric data can only be directly compared through proximal access to the scanning device and cannot be combined with cryptographic techniques. Moreover, repeated use, improper storage, or transmission leaks may compromise security. Prior studies have attempted to combine cryptography and biometrics, but these methods require the synchronization of internal systems and are vulnerable to power analysis attacks, fault-based cryptanalysis, and replay attacks. This paper presents a new secure cryptographic authentication method using biometric features. The proposed system combines the advantages of biometric identification and cryptographic techniques. By adding a subsystem to existing biometric recognition systems, we can simultaneously achieve the security of cryptographic technology and the error tolerance of biometric recognition. This method can be used for biometric data encryption, signatures, and other types of cryptographic computation. The method offers a high degree of security with protection against power analysis attacks, fault-based cryptanalysis, and replay attacks. Moreover, it can be used to improve the confidentiality of biological data storage and biodata identification processes. Remote biometric authentication can also be safely applied.

Infrared: A Key Technology for Security Systems

OpenAIRE

Corsi, Carlo

2012-01-01

Infrared science and technology has been, since the first applications, mainly dedicated to security and surveillance especially in military field, besides specialized techniques in thermal imaging for medical diagnostic and building structures and recently in energy savings and aerospace context. Till recently the security applications were mainly based on thermal imaging as surveillance and warning military systems. In all these applications the advent of room temperature, more reliable due...

Data security in Intelligent Transport Systems

Directory of Open Access Journals (Sweden)

Tomas Zelinka

2012-10-01

Full Text Available Intelligent Transport Services expect availability of the secure seamless communications solutions typically covering widely spread areas. Different ITS solutions require different portfolio of telecommunications service quality. These parameters have to correspond with ITS service performance parameters required by specific service. Even though quite extensive range of public wireless data services with reasonable coverage are provided, most of them are provided with no guaranteed quality and security. ITS requirements can be in most parameters easier reached if multi-path communications systems are applied core solution is combined with both public as well as private ones where and when it is needed. Such solution requires implementation of relevant flexible system architecture supported by the efficient decision processes. This paper is concentrated the telecommunications security issues relevant to the ITS wide area networking. Expected level of security varies in dependence on relevant ITS service requirements. Data volumes transferred both in private data vehicle on board networks as well as between vehicles and infrastructure (C2I or other vehicles (C2C progressively grow. Such trend upsurges the fatal problems appearance probability in case security of the wide area networks is not relevantly treated. That is reason why relevant communications security treatment becomes crucial part of the ITS solution. Besides of available "off shelf" security tools we present solution based on non-public universal identifier with dynamical extension (time and position dependency as an autonomous variables and data selection according to actor role or category. Presented results were obtained within projects e-Ident1, DOTEK2 and SRATVU3.

Hybrid algorithm for rotor angle security assessment in power systems

Directory of Open Access Journals (Sweden)

D. Prasad Wadduwage

2015-08-01

Full Text Available Transient rotor angle stability assessment and oscillatory rotor angle stability assessment subsequent to a contingency are integral components of dynamic security assessment (DSA in power systems. This study proposes a hybrid algorithm to determine whether the post-fault power system is secure due to both transient rotor angle stability and oscillatory rotor angle stability subsequent to a set of known contingencies. The hybrid algorithm first uses a new security measure developed based on the concept of Lyapunov exponents (LEs to determine the transient security of the post-fault power system. Later, the transient secure power swing curves are analysed using an improved Prony algorithm which extracts the dominant oscillatory modes and estimates their damping ratios. The damping ratio is a security measure about the oscillatory security of the post-fault power system subsequent to the contingency. The suitability of the proposed hybrid algorithm for DSA in power systems is illustrated using different contingencies of a 16-generator 68-bus test system and a 50-generator 470-bus test system. The accuracy of the stability conclusions and the acceptable computational burden indicate that the proposed hybrid algorithm is suitable for real-time security assessment with respect to both transient rotor angle stability and oscillatory rotor angle stability under multiple contingencies of the power system.

A secure and efficient password-based user authentication scheme using smart cards for the integrated EPR information system.

Science.gov (United States)

Lee, Tian-Fu; Chang, I-Pin; Lin, Tsung-Hung; Wang, Ching-Cheng

2013-06-01

The integrated EPR information system supports convenient and rapid e-medicine services. A secure and efficient authentication scheme for the integrated EPR information system provides safeguarding patients' electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Wu et al. proposed an efficient password-based user authentication scheme using smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various malicious attacks. However, their scheme is still vulnerable to lost smart card and stolen verifier attacks. This investigation discusses these weaknesses and proposes a secure and efficient authentication scheme for the integrated EPR information system as alternative. Compared with related approaches, the proposed scheme not only retains a lower computational cost and does not require verifier tables for storing users' secrets, but also solves the security problems in previous schemes and withstands possible attacks.

Physical and data-link security techniques for future communication systems

CERN Document Server

Tomasin, Stefano

2016-01-01

 This book focuses on techniques that can be applied at the physical and data-link layers of communication systems in order to secure transmissions against eavesdroppers. Topics ranging from information theory-based security to coding for security and cryptography are discussed, with presentation of cutting-edge research and innovative results from leading researchers. The characteristic feature of all the contributions is their relevance for practical embodiments: detailed consideration is given to applications of security principles to a variety of widely used communication techniques such as multiantenna systems, ultra-wide band communication systems, power line communications, and quantum key distribution techniques. A further distinctive aspect is the attention paid to both unconditional and computational security techniques, providing a bridge between two usually distinct worlds. The book comprises extended versions of contributions delivered at the Workshop on Communication Security, held in Ancona, I...

Internet security information system implement method

International Nuclear Information System (INIS)

Liu Baoxu; Mei Jie; Xu Rongsheng; An Dehai; Yu Mingjian; Chen Xiangyang; Zheng Peng

1999-01-01

On the basis of analysis of the key elements that will affect the Internet Security Information System, the author takes UNIX Operating System as an example, and provides the important stages that must be considered when implementing the Internet Security Information System. An implemental model of the Internet Security Information System is given

A secure EHR system based on hybrid clouds.

Science.gov (United States)

Chen, Yu-Yi; Lu, Jun-Chao; Jan, Jinn-Ke

2012-10-01

Consequently, application services rendering remote medical services and electronic health record (EHR) have become a hot topic and stimulating increased interest in studying this subject in recent years. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. Sharing EHR information can provide professional medical programs with consultancy, evaluation, and tracing services can certainly improve accessibility to the public receiving medical services or medical information at remote sites. With the widespread use of EHR, building a secure EHR sharing environment has attracted a lot of attention in both healthcare industry and academic community. Cloud computing paradigm is one of the popular healthIT infrastructures for facilitating EHR sharing and EHR integration. In this paper, we propose an EHR sharing and integration system in healthcare clouds and analyze the arising security and privacy issues in access and management of EHRs.

The Design and Analysis of a Secure Personal Healthcare System Based on Certificates

Directory of Open Access Journals (Sweden)

Jungho Kang

2016-11-01

Full Text Available Due to the development of information technology (IT, it has been applied to various fields such as the smart home, medicine, healthcare, and the smart car. For these fields, IT has been providing continuous prevention and management, including health conditions beyond the mere prevention of disease, improving the quality of life. e-Healthcare is a health management and medical service to provide prevention, diagnosis, treatment, and the follow-up management of diseases at any time and place in connection with information communication technology, without requiring patients to visit hospitals. However, e-Healthcare has been exposed to eavesdropping, manipulation, and the forgery of information that is personal, biological, medical, etc., and is a security threat from malicious attackers. This study suggests a security service model to exchange personal health records (PHRs for e-Healthcare environments. To be specific, this study suggests a scheme in which communicators are able to securely authorize and establish security channels by constituting the infrastructure each organization relies on. In addition, the possibility of establishing a security service model is indicated by suggesting an e-Healthcare system for a secure e-Healthcare environment as a secure personal health record system. This is anticipated to provide securer communication in e-Healthcare environments in the future through the scheme suggested in this study.

Near field communication (NFC) model for arduino uno based security systems office system

Science.gov (United States)

Chairunnas, A.; Abdurrasyid, I.

2018-03-01

Currently, many offices or companies that start growing rapidly in a company or office should have a very limited room to enter only people entitled to enter the room and use the facilities contained in it, for example, Files in it must have many files and documents very important because to reduce the abuse of files and irresponsible person. Because it will be made room door security system by using Near Field Communication on android smartphone. Software used is Arduino IDE. The tools used in this system are Arduino Uno R3, NFC shield, pear sensor, bell, led, servo, 16 × 2 LCD, and Near Field Communication (NFC) in android smartphone. This system runs based on 2 inputs of a new technology that is Near Field Communication (NFC) in android smartphone. And also use pear sensor to detect unauthorized person entering the room. If the correct password is entered then the door will open and the pear sensor will light off if wrong then the bell will light up.

Porous TiO₂-Based Gas Sensors for Cyber Chemical Systems to Provide Security and Medical Diagnosis.

Science.gov (United States)

Galstyan, Vardan

2017-12-19

Gas sensors play an important role in our life, providing control and security of technical processes, environment, transportation and healthcare. Consequently, the development of high performance gas sensor devices is the subject of intense research. TiO₂, with its excellent physical and chemical properties, is a very attractive material for the fabrication of chemical sensors. Meanwhile, the emerging technologies are focused on the fabrication of more flexible and smart systems for precise monitoring and diagnosis in real-time. The proposed cyber chemical systems in this paper are based on the integration of cyber elements with the chemical sensor devices. These systems may have a crucial effect on the environmental and industrial safety, control of carriage of dangerous goods and medicine. This review highlights the recent developments on fabrication of porous TiO₂-based chemical gas sensors for their application in cyber chemical system showing the convenience and feasibility of such a model to provide the security and to perform the diagnostics. The most of reports have demonstrated that the fabrication of doped, mixed and composite structures based on porous TiO₂ may drastically improve its sensing performance. In addition, each component has its unique effect on the sensing properties of material.

Emerging Security Mechanisms for Medical Cyber Physical Systems.

Science.gov (United States)

Kocabas, Ovunc; Soyata, Tolga; Aktas, Mehmet K

2016-01-01

The following decade will witness a surge in remote health-monitoring systems that are based on body-worn monitoring devices. These Medical Cyber Physical Systems (MCPS) will be capable of transmitting the acquired data to a private or public cloud for storage and processing. Machine learning algorithms running in the cloud and processing this data can provide decision support to healthcare professionals. There is no doubt that the security and privacy of the medical data is one of the most important concerns in designing an MCPS. In this paper, we depict the general architecture of an MCPS consisting of four layers: data acquisition, data aggregation, cloud processing, and action. Due to the differences in hardware and communication capabilities of each layer, different encryption schemes must be used to guarantee data privacy within that layer. We survey conventional and emerging encryption schemes based on their ability to provide secure storage, data sharing, and secure computation. Our detailed experimental evaluation of each scheme shows that while the emerging encryption schemes enable exciting new features such as secure sharing and secure computation, they introduce several orders-of-magnitude computational and storage overhead. We conclude our paper by outlining future research directions to improve the usability of the emerging encryption schemes in an MCPS.

HITACHI security concept for industrial control systems

International Nuclear Information System (INIS)

Endoh, H.; Yamada, T.; Okubo, S.; Nakano, T.

2012-01-01

Security is a necessary factor for the safe and efficient operation of today's control systems. To ensure safe operation of control systems throughout their lifetime, security measures must be carefully planned in the development phase and then maintained continuously during the operation phase and other following phases. To ensure operation within the system's safe states, Hitachi proposes security concept processes (1) to derive security measures rationally and (2) to maintain the security model over the system life cycle. Hitachi also proposes security development programs which support the integration of standards-compliant systems and development of robust control equipment. (author)

Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium

OpenAIRE

Somasundaram, M.; Sivakumar, R.

2015-01-01

Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient’s life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body fu...

Human engineering considerations in designing a computerized controlled access security system

International Nuclear Information System (INIS)

Moore, J.W.; Banks, W.W.

1988-01-01

This paper describes a human engineering effort in the design of a major security system upgrade at Lawrence Livermore National Laboratory. This upgrade was to be accomplished by replacing obsolete and difficult-to-man (i.e., multiple operator task actions required) security equipment and systems with a new, automated, computer-based access control system. The initial task was to assist the electronic and mechanical engineering staff in designing a computerized security access system too functionally and ergonomically accommodate 100% of the Laboratory user population. The new computerized access system was intended to control entry into sensitive exclusion areas by requiring personnel to use an entry booth-based system and/or a remote access control panel system. The primary user interface with the system was through a control panel containing a magnetic card reader, function buttons, LCD display, and push-button keypad

SMS security system for smart home detectors

OpenAIRE

Cekova, Katerina; Gelev, Saso

2016-01-01

Security has always been an important problem everywhere. Home security has been a major issue where crime is increasing and everybody wants home security to protect the home. Safety from theft and flame are the most important requirements of a home security system for people. A remote home security system offers many benefits from keeping homeowners, and their property safe. This paper present controlling of the home security system remotely from Android Application. Owners can turn on or...

Alternatives of Cross-Border Securities Settlement System in East Asia

Directory of Open Access Journals (Sweden)

Hee-Yul Chai

2005-12-01

Full Text Available The establishment of cross-border securities settlement system is a very important element of regional capital market integration. Despite its importance, relatively few arguments, both theoretical and practical, have been advanced on the subject. This paper aims to examine the alternatives of cross-border securities settlement system in East Asia, and analyse the feasibility and the advantages and disadvantages of each alternative. The paper underlines the need to develop a multi-currency DVP securities settlement system. The conceivable alternatives of East Asia's cross-border securities settlement system can be divided into decentralized system and centralized system. It is possible to consider a large array of institutional settings according to the depository/settlement methods. The comparison of the alternatives is based on economic efficiency, feasibility and institutional location of settlement system. In view of these criteria, it is argued that a 'big-bang' approach toward imperfectly cenralized system is the most desirable alternative.

49 CFR 659.23 - System security plan: contents.

Science.gov (United States)

2010-10-01

... 49 Transportation 7 2010-10-01 2010-10-01 false System security plan: contents. 659.23 Section 659... State Oversight Agency § 659.23 System security plan: contents. The system security plan must, at a... system security plan; and (e) Document the rail transit agency's process for making its system security...

Cyber secure systems approach for NPP digital control systems

Energy Technology Data Exchange (ETDEWEB)

McCreary, T. J.; Hsu, A. [HF Controls Corporation, 16650 Westgrove Drive, Addison, TX 75001 (United States)

2006-07-01

Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant and distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from

Cyber secure systems approach for NPP digital control systems

International Nuclear Information System (INIS)

McCreary, T. J.; Hsu, A.

2006-01-01

Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant and distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from an intruder attempting to

76 FR 46668 - Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based Swap...

Science.gov (United States)

2011-08-03

... SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 [Release No. 34-64766; File No. S7-25-11] RIN 3235-AL10 Business Conduct Standards for Security-Based Swap Dealers and Major Security-Based Swap Participants Correction In proposed rule document number 2011-16758, appearing on pages 42396-42455 in the...

Security systems engineering overview

International Nuclear Information System (INIS)

Steele, B.J.

1996-01-01

Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, and counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.)

MAST – A Mobile Agent-based Security Tool

Directory of Open Access Journals (Sweden)

Marco Carvalho

2004-08-01

Full Text Available One of the chief computer security problems is not the long list of viruses and other potential vulnerabilities, but the vast number of systems that continue to be easy prey, as their system administrators or owners simply are not able to keep up with all of the available patches, updates, or needed configuration changes in order to protect them from those known vulnerabilities. Even up-to-date systems could become vulnerable to attacks, due to inappropriate configuration or combined used of applications and services. Our mobile agent-based security tool (MAST is designed to bridge this gap, and provide automated methods to make sure that all of the systems in a specific domain or network are secured and up-to-date with all patches and updates. The tool is also designed to check systems for misconfigurations that make them vulnerable. Additionally, this user interface is presented in a domain knowledge model known as a Concept Map that provides a continuous learning experience for the system administrator.

Physical security technology base programs for physical security

International Nuclear Information System (INIS)

Jacobs, J.

1986-01-01

Sandia National Laboratories is the US Department of Energy's lead laboratory for physical security research and development (R and D). In support of this mission, Sandia has maintained for several years an R and D program in each of the following technology areas: Intrusion Detection, Entry Control, CCTV Assessment, Access Delay, Alarm Display, and Guard Equipment and Training. The purpose of the technology base programs is to maintain cognizance of the capabilities of the commercial market, identify improvements and transfer technology to industry and facilities. The output of these programs supports the development of new equipment and advanced system concepts, demonstrations of proof-of-principles and system implementation. This paper will review the status of current developments and discuss trends in new technologies which are being explored for future applications, i.e., artificial intelligence, expert systems, robotics, and more automated systems

PLC-based search and secure interlock system for the personnel safety in folded tandem ion accelerator

International Nuclear Information System (INIS)

Padmakumar, Sapna; Subramanyum, N.B.V.; Bhatt, Jignesh P.; Ware, Shailaja V.; Kansara, M.J.; Gupta, S.K.; Singh, P.

2006-01-01

Safety of the personnel is one of the key issues addressed in any accelerator project. The FOTIA facility at BARC is capable of operating under standard operation conditions without any radiation hazard. Even then for a safe and reliable operation of FOTIA a PLC (Programmable logic controller) based interlock system has been implemented. This interlocking system is compact, modular, flexible, robust and easy for troubleshooting. These advantages led to the popularity of PLC rather than using a relay-based system. This paper highlights the salient features of the search and secure interlock for the personal safety of FOTIA. (author)

Breaking a chaos-noise-based secure communication scheme

Science.gov (United States)

Li, Shujun; Álvarez, Gonzalo; Chen, Guanrong; Mou, Xuanqin

2005-03-01

This paper studies the security of a secure communication scheme based on two discrete-time intermittently chaotic systems synchronized via a common random driving signal. Some security defects of the scheme are revealed: 1) The key space can be remarkably reduced; 2) the decryption is insensitive to the mismatch of the secret key; 3) the key-generation process is insecure against known/chosen-plaintext attacks. The first two defects mean that the scheme is not secure enough against brute-force attacks, and the third one means that an attacker can easily break the cryptosystem by approximately estimating the secret key once he has a chance to access a fragment of the generated keystream. Yet it remains to be clarified if intermittent chaos could be used for designing secure chaotic cryptosystems.

An Application of Chaotic Chua's System for Secure Chaotic Communication Based on Sliding Mode observer

Science.gov (United States)

Kemih, K.; Halimi, M.; Ghanes, M.; Zhang, G.

2011-12-01

In this paper, we study the design and implementation of analog secure communication systems via synchronized chaotic Chua's circuit with sliding mode observer. For this, we adopt an approach based on an inclusion of the message in the transmitter and in the receiver; we use a sliding mode observer with un-known input in order to recover the information. Finally, an analog electronic circuit with Multisim software is designed to physically realize the complete system (transmitter-receiver).

A transportation security system applying RFID and GPS

Directory of Open Access Journals (Sweden)

Ruijian Zhang

2013-03-01

Full Text Available Purpose: This paper is about developing a centralized, internet based security tool which utilizes RFID and GPS technology to identify drivers and track the load integrity. Design/methodology/approach: The system will accomplish the security testing in real-time using the internet and the U.S. Customs’ database (ACE. A central database and the interfaces and communication between the database and ACE will be established. After the vehicle is loaded, all openings of the tanker are sealed with disposable RFID tag seals. Findings/value: An RFID reader and GPS tracker wirelessly connected with the databases will serve as testing grounds for the implementation of security measures that can help prevent future terrorist attacks and help in ensuring that the goods and products are not compromised while in transit. The system will also reduce the labor work of security check to its minimum. 

Intelligent data analysis for e-learning enhancing security and trustworthiness in online learning systems

CERN Document Server

Miguel, Jorge; Xhafa, Fatos

2016-01-01

Intelligent Data Analysis for e-Learning: Enhancing Security and Trustworthiness in Online Learning Systems addresses information security within e-Learning based on trustworthiness assessment and prediction. Over the past decade, many learning management systems have appeared in the education market. Security in these systems is essential for protecting against unfair and dishonest conduct-most notably cheating-however, e-Learning services are often designed and implemented without considering security requirements. This book provides functional approaches of trustworthiness analysis, modeling, assessment, and prediction for stronger security and support in online learning, highlighting the security deficiencies found in most online collaborative learning systems. The book explores trustworthiness methodologies based on collective intelligence than can overcome these deficiencies. It examines trustworthiness analysis that utilizes the large amounts of data-learning activities generate. In addition, as proc...

[Development of operation patient security detection system].

Science.gov (United States)

Geng, Shu-Qin; Tao, Ren-Hai; Zhao, Chao; Wei, Qun

2008-11-01

This paper describes a patient security detection system developed with two dimensional bar codes, wireless communication and removal storage technique. Based on the system, nurses and correlative personnel check code wait operation patient to prevent the defaults. The tests show the system is effective. Its objectivity and currency are more scientific and sophisticated than current traditional method in domestic hospital.

A security architecture for interconnecting health information systems.

Science.gov (United States)

Gritzalis, Dimitris; Lambrinoudakis, Costas

2004-03-31

Several hereditary and other chronic diseases necessitate continuous and complicated health care procedures, typically offered in different, often distant, health care units. Inevitably, the medical records of patients suffering from such diseases become complex, grow in size very fast and are scattered all over the units involved in the care process, hindering communication of information between health care professionals. Web-based electronic medical records have been recently proposed as the solution to the above problem, facilitating the interconnection of the health care units in the sense that health care professionals can now access the complete medical record of the patient, even if it is distributed in several remote units. However, by allowing users to access information from virtually anywhere, the universe of ineligible people who may attempt to harm the system is dramatically expanded, thus severely complicating the design and implementation of a secure environment. This paper presents a security architecture that has been mainly designed for providing authentication and authorization services in web-based distributed systems. The architecture has been based on a role-based access scheme and on the implementation of an intelligent security agent per site (i.e. health care unit). This intelligent security agent: (a). authenticates the users, local or remote, that can access the local resources; (b). assigns, through temporary certificates, access privileges to the authenticated users in accordance to their role; and (c). communicates to other sites (through the respective security agents) information about the local users that may need to access information stored in other sites, as well as about local resources that can be accessed remotely.

A Common Criteria-Based Team Project for High Assurance Secure Systems

Science.gov (United States)

2005-01-01

experience in the FHM, full system documentation, and plenty of time. The students had little experience and little time. The MINIX operating... MINIX is a very appropriate target for student enhancements. Since the principle objective of Secure Systems is to teach the concepts of...to construct a system when one of the developmental threats is subversion. Because students were studying MINIX in a prerequisite operating systems

PECULIARITIES OF CONSTRUCTION PROFILES OF SECURITY SYSTEMS OF INFORMATION SYSTEMS

Directory of Open Access Journals (Sweden)

Olga V. Lukinova

2015-01-01

Full Text Available Examines the specific issues of building functional and technological profiles of the security systems to ensure the safety of information systems in the paradigm of functional standardization; shows a view of the system of protection based on the model of OSE/RM; studied the composition and structure of the concept of "defense mechanism" for the purpose of profiling third instalment correction representation of the system of protection.

Network security system for health and medical information using smart IC card

Science.gov (United States)

Kanai, Yoichi; Yachida, Masuyoshi; Yoshikawa, Hiroharu; Yamaguchi, Masahiro; Ohyama, Nagaaki

1998-07-01

A new network security protocol that uses smart IC cards has been designed to assure the integrity and privacy of medical information in communication over a non-secure network. Secure communication software has been implemented as a library based on this protocol, which is called the Integrated Secure Communication Layer (ISCL), and has been incorporated into information systems of the National Cancer Center Hospitals and the Health Service Center of the Tokyo Institute of Technology. Both systems have succeeded in communicating digital medical information securely.

A GIS-based decision support system for regional eco-security assessment and its application on the Tibetan Plateau.

Science.gov (United States)

Xiaodan, Wang; Xianghao, Zhong; Pan, Gao

2010-10-01

Regional eco-security assessment is an intricate, challenging task. In previous studies, the integration of eco-environmental models and geographical information systems (GIS) usually takes two approaches: loose coupling and tight coupling. However, the present study used a full coupling approach to develop a GIS-based regional eco-security assessment decision support system (ESDSS). This was achieved by merging the pressure-state-response (PSR) model and the analytic hierarchy process (AHP) into ArcGIS 9 as a dynamic link library (DLL) using ArcObjects in ArcGIS and Visual Basic for Applications. Such an approach makes it easy to capitalize on the GIS visualization and spatial analysis functions, thereby significantly supporting the dynamic estimation of regional eco-security. A case study is presented for the Tibetan Plateau, known as the world's "third pole" after the Arctic and Antarctic. Results verified the usefulness and feasibility of the developed method. As a useful tool, the ESDSS can also help local managers to make scientifically-based and effective decisions about Tibetan eco-environmental protection and land use. Copyright (c) 2010 Elsevier Ltd. All rights reserved.

A Student Information Management System Based on Fingerprint Identification and Data Security Transmission

Directory of Open Access Journals (Sweden)

Pengtao Yang

2017-01-01

Full Text Available A new type of student information management system is designed to implement student information identification and management based on fingerprint identification. In order to ensure the security of data transmission, this paper proposes a data encryption method based on an improved AES algorithm. A new S-box is cleverly designed, which can significantly reduce the encryption time by improving ByteSub, ShiftRow, and MixColumn in the round transformation of the traditional AES algorithm with the process of look-up table. Experimental results show that the proposed algorithm can significantly improve the encryption time compared with the traditional AES algorithm.

An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems.

Science.gov (United States)

Chen, Hung-Ming; Lo, Jung-Wen; Yeh, Chang-Kuo

2012-12-01

The rapidly increased availability of always-on broadband telecommunication environments and lower-cost vital signs monitoring devices bring the advantages of telemedicine directly into the patient's home. Hence, the control of access to remote medical servers' resources has become a crucial challenge. A secure authentication scheme between the medical server and remote users is therefore needed to safeguard data integrity, confidentiality and to ensure availability. Recently, many authentication schemes that use low-cost mobile devices have been proposed to meet these requirements. In contrast to previous schemes, Khan et al. proposed a dynamic ID-based remote user authentication scheme that reduces computational complexity and includes features such as a provision for the revocation of lost or stolen smart cards and a time expiry check for the authentication process. However, Khan et al.'s scheme has some security drawbacks. To remedy theses, this study proposes an enhanced authentication scheme that overcomes the weaknesses inherent in Khan et al.'s scheme and demonstrated this scheme is more secure and robust for use in a telecare medical information system.

Secure system design and trustable computing

CERN Document Server

Potkonjak, Miodrag

2016-01-01

This book provides the foundations for understanding hardware security and trust, which have become major concerns for national security over the past decade.  Coverage includes issues related to security and trust in a variety of electronic devices and systems related to the security of hardware, firmware and software, spanning system applications, online transactions, and networking services.  This serves as an invaluable reference to the state-of-the-art research that is of critical significance to the security of, and trust in, modern society’s microelectronic-supported infrastructures.

Training programs for the systems approach to nuclear security

International Nuclear Information System (INIS)

Ellis, Doris E.

2005-01-01

In support of the US Government and the International Atomic Energy Agency (IAEA) Nuclear Security Programmes, Sandia National Laboratories (SNL) has advocated and practiced a risk-based, systematic approach to nuclear security. The risk equation has been implemented as the basis for a performance methodology for the design and evaluation of Physical Protection Systems against a Design Basis Threat (DBT) for theft or sabotage of nuclear and/or radiological materials. Since integrated systems must include people as well as technology and the man-machine interface, a critical aspect of the human element is to train all stakeholders in nuclear security on the systems approach. Current training courses have been beneficial but are still limited in scope. SNL has developed two primary international courses and is completing development of three new courses that will be offered and presented in the near term. In the long-term, SNL envisions establishing a comprehensive nuclear security training curriculum that will be developed along with a series of forthcoming IAEA Nuclear Security Series guidance documents.

Advanced I and C system of security level for nuclear power station

International Nuclear Information System (INIS)

Liu Yanyang

2001-01-01

Advanced I and C system of security level using for PWR developed by Framatome and Schneider collective, SPINLINE3, are introduced. The technology is used to outside reactor nuclear measurement system in Qinshan II period. It's succeed benefits by Framatome and Schneider's more years development experience in nuclear power station digitallization security level I and C system field, which improve security and reliability of PWR, and, easy operation and maintains. SPINLINE3 based on digitallization and modularization technical proposal, and covered entireness reactor protect system and correlative control system. The paper also introduce CLARISSE (computer aided design aid) and SCADE (embedded software aid) for developing SPINLINE3. SPINLINE3 fills correlative IS and rule, based on software and hardware unit which certificate and launch into operation. After brief review of Framatome and Schneider's experience, the paper are introducing design guideline, application technology and how to fill demand of security level I and C system

Comparison of Routable Control System Security Approaches

Energy Technology Data Exchange (ETDEWEB)

Edgar, Thomas W.; Hadley, Mark D.; Carroll, Thomas E.; Manz, David O.; Winn, Jennifer D.

2011-06-01

This document is an supplement to the 'Secure and Efficient Routable Control Systems.' It addressed security in routable control system communication. The control system environment that monitors and manages the power grid historically has utilized serial communication mechanisms. Leased-line serial communication environments operating at 1200 to 9600 baud rates are common. However, recent trends show that communication media such as fiber, optical carrier 3 (OC-3) speeds, mesh-based high-speed wireless, and the Internet are becoming the media of choice. In addition, a dichotomy has developed between the electrical transmission and distribution environments, with more modern communication infrastructures deployed by transmission utilities. The preceding diagram represents a typical control system. The Communication Links cloud supports all of the communication mechanisms a utility might deploy between the control center and devices in the field. Current methodologies used for security implementations are primarily led by single vendors or standards bodies. However, these entities tend to focus on individual protocols. The result is an environment that contains a mixture of security solutions that may only address some communication protocols at an increasing operational burden for the utility. A single approach is needed that meets operational requirements, is simple to operate, and provides the necessary level of security for all control system communication. The solution should be application independent (e.g., Distributed Network Protocol/Internet Protocol [DNP/IP], International Electrotechnical Commission [IEC] C37.118, Object Linking and Embedding for Process Control [OPC], etc.) and focus on the transport layer. In an ideal setting, a well-designed suite of standards for control system communication will be used for vendor implementation and compliance testing. An expected outcome of this effort is an international standard.

Enhanced ATM Security using Biometric Authentication and Wavelet Based AES

Directory of Open Access Journals (Sweden)

Sreedharan Ajish

2016-01-01

Full Text Available The traditional ATM terminal customer recognition systems rely only on bank cards, passwords and such identity verification methods are not perfect and functions are too single. Biometrics-based authentication offers several advantages over other authentication methods, there has been a significant surge in the use of biometrics for user authentication in recent years. This paper presents a highly secured ATM banking system using biometric authentication and wavelet based Advanced Encryption Standard (AES algorithm. Two levels of security are provided in this proposed design. Firstly we consider the security level at the client side by providing biometric authentication scheme along with a password of 4-digit long. Biometric authentication is achieved by considering the fingerprint image of the client. Secondly we ensure a secured communication link between the client machine to the bank server using an optimized energy efficient and wavelet based AES processor. The fingerprint image is the data for encryption process and 4-digit long password is the symmetric key for the encryption process. The performance of ATM machine depends on ultra-high-speed encryption, very low power consumption, and algorithmic integrity. To get a low power consuming and ultra-high speed encryption at the ATM machine, an optimized and wavelet based AES algorithm is proposed. In this system biometric and cryptography techniques are used together for personal identity authentication to improve the security level. The design of the wavelet based AES processor is simulated and the design of the energy efficient AES processor is simulated in Quartus-II software. Simulation results ensure its proper functionality. A comparison among other research works proves its superiority.

Capturing security requirements for software systems.

Science.gov (United States)

El-Hadary, Hassan; El-Kassas, Sherif

2014-07-01

Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

Capturing security requirements for software systems

Directory of Open Access Journals (Sweden)

Hassan El-Hadary

2014-07-01

Full Text Available Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.

Capturing security requirements for software systems

Science.gov (United States)

El-Hadary, Hassan; El-Kassas, Sherif

2014-01-01

Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way. PMID:25685514

A Non-symmetric Digital Image Secure Communication Scheme Based on Generalized Chaos Synchronization System

International Nuclear Information System (INIS)

Zhang Xiaohong; Min Lequan

2005-01-01

Based on a generalized chaos synchronization system and a discrete Sinai map, a non-symmetric true color (RGB) digital image secure communication scheme is proposed. The scheme first changes an ordinary RGB digital image with 8 bits into unrecognizable disorder codes and then transforms the disorder codes into an RGB digital image with 16 bits for transmitting. A receiver uses a non-symmetric key to verify the authentication of the received data origin, and decrypts the ciphertext. The scheme can encrypt and decrypt most formatted digital RGB images recognized by computers, and recover the plaintext almost without any errors. The scheme is suitable to be applied in network image communications. The analysis of the key space, sensitivity of key parameters, and correlation of encrypted images imply that this scheme has sound security.

Adversary characterization for security system evaluation

International Nuclear Information System (INIS)

Suber, L.A. Jr.

1976-04-01

Evaluation of security systems effectiveness requires a definition of adversary capabilities, but an objective basis for such a definition has been lacking. A system of adversary attributes is proposed in which any desired adversary may be synthesized by selection of the appropriate level of capability from each attribute or category. In use, the synthesized adversaries will be pitted against a security system in an evaluation model, thus allowing comparison of other adversary or security system configurations

Constructing Secure Mobile Agent Systems Using the Agent Operating System

NARCIS (Netherlands)

van t Noordende, G.J.; Overeinder, B.J.; Timmer, R.J.; Brazier, F.M.; Tanenbaum, A.S.

2009-01-01

Designing a secure and reliable mobile agent system is a difficult task. The agent operating system (AOS) is a building block that simplifies this task. AOS provides common primitives required by most mobile agent middleware systems, such as primitives for secure communication, secure and

Improved Asymmetric Cipher Based on Matrix Power Function with Provable Security

Directory of Open Access Journals (Sweden)

Eligijus Sakalauskas

2017-01-01

Full Text Available The improved version of the author’s previously declared asymmetric cipher protocol based on matrix power function (MPF is presented. Proposed modification avoids discrete logarithm attack (DLA which could be applied to the previously declared protocol. This attack allows us to transform the initial system of MPF equations to so-called matrix multivariate quadratic (MMQ system of equations, which is a system representing a subclass of multivariate quadratic (MQ systems of equations. We are making a conjecture that avoidance of DLA in protocol, presented here, should increase its security, since an attempt to solve the initial system of MPF equations would appear to be no less complex than solving the system of MMQ equations. No algorithms are known to solve such a system of equations. Security parameters and their secure values are defined. Security analysis against chosen plaintext attack (CPA and chosen ciphertext attack (CCA is presented. Measures taken to prevent DLA attack increase the security of this protocol with respect to the previously declated protocol.

Securing military information systems on public infrastructure

CSIR Research Space (South Africa)

Botha, P

2015-03-01

Full Text Available to set up in time for scenarios which require real time information. This may force communications to utilise public infrastructure. Securing communications for military mobile and Web based systems over public networks poses a greater challenge compared...

Cyber security with radio frequency interferences mitigation study for satellite systems

Science.gov (United States)

Wang, Gang; Wei, Sixiao; Chen, Genshe; Tian, Xin; Shen, Dan; Pham, Khanh; Nguyen, Tien M.; Blasch, Erik

2016-05-01

Satellite systems including the Global Navigation Satellite System (GNSS) and the satellite communications (SATCOM) system provide great convenience and utility to human life including emergency response, wide area efficient communications, and effective transportation. Elements of satellite systems incorporate technologies such as navigation with the global positioning system (GPS), satellite digital video broadcasting, and information transmission with a very small aperture terminal (VSAT), etc. The satellite systems importance is growing in prominence with end users' requirement for globally high data rate transmissions; the cost reduction of launching satellites; development of smaller sized satellites including cubesat, nanosat, picosat, and femtosat; and integrating internet services with satellite networks. However, with the promising benefits, challenges remain to fully develop secure and robust satellite systems with pervasive computing and communications. In this paper, we investigate both cyber security and radio frequency (RF) interferences mitigation for satellite systems, and demonstrate that they are not isolated. The action space for both cyber security and RF interferences are firstly summarized for satellite systems, based on which the mitigation schemes for both cyber security and RF interferences are given. A multi-layered satellite systems structure is provided with cross-layer design considering multi-path routing and channel coding, to provide great security and diversity gains for secure and robust satellite systems.

Verification of Security Policy Enforcement in Enterprise Systems

Science.gov (United States)

Gupta, Puneet; Stoller, Scott D.

Many security requirements for enterprise systems can be expressed in a natural way as high-level access control policies. A high-level policy may refer to abstract information resources, independent of where the information is stored; it controls both direct and indirect accesses to the information; it may refer to the context of a request, i.e., the request’s path through the system; and its enforcement point and enforcement mechanism may be unspecified. Enforcement of a high-level policy may depend on the system architecture and the configurations of a variety of security mechanisms, such as firewalls, host login permissions, file permissions, DBMS access control, and application-specific security mechanisms. This paper presents a framework in which all of these can be conveniently and formally expressed, a method to verify that a high-level policy is enforced, and an algorithm to determine a trusted computing base for each resource.

Porous TiO2-Based Gas Sensors for Cyber Chemical Systems to Provide Security and Medical Diagnosis

Science.gov (United States)

2017-01-01

Gas sensors play an important role in our life, providing control and security of technical processes, environment, transportation and healthcare. Consequently, the development of high performance gas sensor devices is the subject of intense research. TiO2, with its excellent physical and chemical properties, is a very attractive material for the fabrication of chemical sensors. Meanwhile, the emerging technologies are focused on the fabrication of more flexible and smart systems for precise monitoring and diagnosis in real-time. The proposed cyber chemical systems in this paper are based on the integration of cyber elements with the chemical sensor devices. These systems may have a crucial effect on the environmental and industrial safety, control of carriage of dangerous goods and medicine. This review highlights the recent developments on fabrication of porous TiO2-based chemical gas sensors for their application in cyber chemical system showing the convenience and feasibility of such a model to provide the security and to perform the diagnostics. The most of reports have demonstrated that the fabrication of doped, mixed and composite structures based on porous TiO2 may drastically improve its sensing performance. In addition, each component has its unique effect on the sensing properties of material. PMID:29257076

SAFCM: A Security-Aware Feedback Control Mechanism for Distributed Real-Time Embedded Systems

DEFF Research Database (Denmark)

Ma, Yue; Jiang, Wei; Sang, Nan

2012-01-01

Distributed Real-time Embedded (DRE) systems are facing great challenges in networked, unpredictable and especially unsecured environments. In such systems, there is a strong need to enforce security on distributed computing nodes in order to guard against potential threats, while satisfying......-time systems, a multi-input multi-output feedback loop is designed and a model predictive controller is deployed based on an equation model that describes the dynamic behavior of the DRE systems. This control loop uses security level scaling to globally control the CPU utilization and security performance...... for the whole system. We propose a "security level" metric based on an evolution of cryptography algorithms used in embedded systems. Experimental results demonstrate that SAFCM not only has the excellent adaptivity compared to open-loop mechanism, but also has a better overall performance than PID control...

Efficient and Provable Secure Pairing-Free Security-Mediated Identity-Based Identification Schemes

Directory of Open Access Journals (Sweden)

Ji-Jian Chin

2014-01-01

Full Text Available Security-mediated cryptography was first introduced by Boneh et al. in 2001. The main motivation behind security-mediated cryptography was the capability to allow instant revocation of a user’s secret key by necessitating the cooperation of a security mediator in any given transaction. Subsequently in 2003, Boneh et al. showed how to convert a RSA-based security-mediated encryption scheme from a traditional public key setting to an identity-based one, where certificates would no longer be required. Following these two pioneering papers, other cryptographic primitives that utilize a security-mediated approach began to surface. However, the security-mediated identity-based identification scheme (SM-IBI was not introduced until Chin et al. in 2013 with a scheme built on bilinear pairings. In this paper, we improve on the efficiency results for SM-IBI schemes by proposing two schemes that are pairing-free and are based on well-studied complexity assumptions: the RSA and discrete logarithm assumptions.

Efficient and provable secure pairing-free security-mediated identity-based identification schemes.

Science.gov (United States)

Chin, Ji-Jian; Tan, Syh-Yuan; Heng, Swee-Huay; Phan, Raphael C-W

2014-01-01

Security-mediated cryptography was first introduced by Boneh et al. in 2001. The main motivation behind security-mediated cryptography was the capability to allow instant revocation of a user's secret key by necessitating the cooperation of a security mediator in any given transaction. Subsequently in 2003, Boneh et al. showed how to convert a RSA-based security-mediated encryption scheme from a traditional public key setting to an identity-based one, where certificates would no longer be required. Following these two pioneering papers, other cryptographic primitives that utilize a security-mediated approach began to surface. However, the security-mediated identity-based identification scheme (SM-IBI) was not introduced until Chin et al. in 2013 with a scheme built on bilinear pairings. In this paper, we improve on the efficiency results for SM-IBI schemes by proposing two schemes that are pairing-free and are based on well-studied complexity assumptions: the RSA and discrete logarithm assumptions.

Blockchain-based Public Key Infrastructure for Inter-Domain Secure Routing

OpenAIRE

de la Rocha Gómez-Arevalillo , Alfonso; Papadimitratos , Panos

2017-01-01

International audience; A gamut of secure inter-domain routing protocols has been proposed in the literature. They use traditional PGP-like and centralized Public Key Infrastructures for trust management. In this paper, we propose our alternative approach for managing security associations, Secure Blockchain Trust Management (SBTM), a trust management system that instantiates a blockchain-based PKI for the operation of securerouting protocols. A main motivation for SBTM is to facilitate gradu...

75 FR 65881 - Ownership Limitations and Governance Requirements for Security-Based Swap Clearing Agencies...

Science.gov (United States)

2010-10-26

... it determines they are necessary or appropriate to improve the governance of, or to mitigate systemic... Part IV Securities and Exchange Commission 17 CFR Part 242 Ownership Limitations and Governance... Ownership Limitations and Governance Requirements for Security- Based Swap Clearing Agencies, Security-Based...

Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security (Self-Securing Devices)

National Research Council Canada - National Science Library

Ganger, Gregory R

2007-01-01

This report summarizes the results of the work on the AFOSR's Critical Infrastructure Protection Program project, entitled Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security...

Security in a Web 2.0+ World A Standards Based Approach

CERN Document Server

Solari , Carlos Curtis

2010-01-01

Discover how technology is affecting your business, and why typical security mechanisms are failing to address the issue of risk and trust. Security for a Web 2.0+ World looks at the perplexing issues of cyber security, and will be of interest to those who need to know how to make effective security policy decisions to engineers who design ICT systems - a guide to information security and standards in the Web 2.0+ era. It provides an understanding of IT security in the converged world of communications technology based on the Internet Protocol. Many companies are currently applying security mo

DeviceGuard: External Device-Assisted System And Data Security

OpenAIRE

Deng, Yipan

2011-01-01

This thesis addresses the threat that personal computer faced from malware when the personal computer is connected to the Internet. Traditional host-based security approaches, such as anti-virus scanning protect the host from virus, worms, Trojans and other malwares. One of the issues of the host-based security approaches is that when the operating system is compromised by the malware, the antivirus software also becomes vulnerable. In this thesis, we present a novel approach through usin...

76 FR 81359 - National Security Personnel System

Science.gov (United States)

2011-12-28

... Security Personnel System AGENCY: Department of Defense; Office of Personnel Management. ACTION: Final rule... concerning the National Security Personnel System (NSPS). Section 1113 of the National Defense Authorization... National Security Personnel System (NSPS) in regulations jointly prescribed by DOD and OPM (Office of...

Security aspects of database systems implementation

OpenAIRE

Pokorný, Tomáš

2009-01-01

The aim of this thesis is to provide a comprehensive overview of database systems security. Reader is introduced into the basis of information security and its development. Following chapter defines a concept of database system security using ISO/IEC 27000 Standard. The findings from this chapter form a complex list of requirements on database security. One chapter also deals with legal aspects of this domain. Second part of this thesis offers a comparison of four object-relational database s...

Agency Secure Image And Storage Tracking System (ASIST)

Data.gov (United States)

US Agency for International Development — Agency Secure Image and Storage Tracking System (Missions): is a Documentum-based user interface developed and maintained by the USAID OCIO (formerly IRM) to improve...

Energy efficient security in MANETs: a comparison of cryptographic and artificial immune systems

International Nuclear Information System (INIS)

Mazhar, N.

2010-01-01

MANET is characterized by a set of mobile nodes in an inherently insecure environment, having limited battery capacities. Provisioning of energy efficient security in MANETs is, therefore, an open problem for which a number of solutions have been proposed. In this paper, we present an overview and comparison of the MANET security at routing layer by using the cryptographic and Artificial Immune System (AIS) approaches. The BeeAdHoc protocol, which is a Bio-inspired MANET routing protocol based on the foraging principles of honey bee colony, is taken as case study. We carry out an analysis of the three security frameworks that we have proposed earlier for securing BeeAdHoc protocol; one based on asymmetric key encryption, i.e BeeSec, and the other two using the AIS approach, i.e BeeAIS based on self non-self discrimination from adaptive immune system and BeeAIS-DC based on Dendritic Cell (DC) behavior from innate immune system. We extensively evaluate the performance of the three protocols through network simulations in ns-2 and compare with BeeAdHoc, the base protocol, as well as with state-of-the-art MANET routing protocols DSR and AODV. Our results clearly indicate that AIS based systems provide security at much lower cost to energy as compared with the cryptographic systems. Moreover, the use of dendritic cells and danger signals instead of the classical self non-self discrimination allows to detect the non-self antigens with greater accuracy. Based on the results of this investigation, we also propose a composite AIS model for BeeAdHoc security by combining the concepts from both the adaptive and the innate immune systems by modelling the attributes and behavior of the B-cells and DCs. (author)

Security threat assessment of an Internet security system using attack tree and vague sets.

Science.gov (United States)

Chang, Kuei-Hu

2014-01-01

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete--the traditional approach for calculating reliability--is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods.

A Security Monitoring Framework For Virtualization Based HEP Infrastructures

Science.gov (United States)

Gomez Ramirez, A.; Martinez Pedreira, M.; Grigoras, C.; Betev, L.; Lara, C.; Kebschull, U.; ALICE Collaboration

2017-10-01

High Energy Physics (HEP) distributed computing infrastructures require automatic tools to monitor, analyze and react to potential security incidents. These tools should collect and inspect data such as resource consumption, logs and sequence of system calls for detecting anomalies that indicate the presence of a malicious agent. They should also be able to perform automated reactions to attacks without administrator intervention. We describe a novel framework that accomplishes these requirements, with a proof of concept implementation for the ALICE experiment at CERN. We show how we achieve a fully virtualized environment that improves the security by isolating services and Jobs without a significant performance impact. We also describe a collected dataset for Machine Learning based Intrusion Prevention and Detection Systems on Grid computing. This dataset is composed of resource consumption measurements (such as CPU, RAM and network traffic), logfiles from operating system services, and system call data collected from production Jobs running in an ALICE Grid test site and a big set of malware samples. This malware set was collected from security research sites. Based on this dataset, we will proceed to develop Machine Learning algorithms able to detect malicious Jobs.

Teaching RFID Information Systems Security

Science.gov (United States)

Thompson, Dale R.; Di, Jia; Daugherty, Michael K.

2014-01-01

The future cyber security workforce needs radio frequency identification (RFID) information systems security (INFOSEC) and threat modeling educational materials. A complete RFID security course with new learning materials and teaching strategies is presented here. A new RFID Reference Model is used in the course to organize discussion of RFID,…

Chaotic secure content-based hidden transmission of biometric templates

International Nuclear Information System (INIS)

Khan, Muhammad Khurram; Zhang Jiashu; Tian Lei

2007-01-01

The large-scale proliferation of biometric verification systems creates a demand for effective and reliable security and privacy of its data. Like passwords and PIN codes, biometric data is also not secret and if it is compromised, the integrity of the whole verification system could be at high risk. To address these issues, this paper presents a novel chaotic secure content-based hidden transmission scheme of biometric data. Encryption and data hiding techniques are used to improve the security and secrecy of the transmitted templates. Secret keys are generated by the biometric image and used as the parameter value and initial condition of the chaotic map, and each transaction session has different secret keys to protect from the attacks. Two chaotic maps are incorporated for the encryption to resolve the finite word length effect and to improve the system's resistance against attacks. Encryption is applied on the biometric templates before hiding into the cover/host images to make them secure, and then templates are hidden into the cover image. Experimental results show that the security, performance, and accuracy of the presented scheme are encouraging comparable with other methods found in the current literature

Chaotic secure content-based hidden transmission of biometric templates

Energy Technology Data Exchange (ETDEWEB)

Khan, Muhammad Khurram [Research Group for Biometrics and Security, Sichuan Province Key Lab of Signal and Information Processing, Southwest Jiaotong University, Chengdu 610031, Sichuan (China)]. E-mail: khurram.khan@scientist.com; Zhang Jiashu [Research Group for Biometrics and Security, Sichuan Province Key Lab of Signal and Information Processing, Southwest Jiaotong University, Chengdu 610031, Sichuan (China); Tian Lei [Research Group for Biometrics and Security, Sichuan Province Key Lab of Signal and Information Processing, Southwest Jiaotong University, Chengdu 610031, Sichuan (China)

2007-06-15

The large-scale proliferation of biometric verification systems creates a demand for effective and reliable security and privacy of its data. Like passwords and PIN codes, biometric data is also not secret and if it is compromised, the integrity of the whole verification system could be at high risk. To address these issues, this paper presents a novel chaotic secure content-based hidden transmission scheme of biometric data. Encryption and data hiding techniques are used to improve the security and secrecy of the transmitted templates. Secret keys are generated by the biometric image and used as the parameter value and initial condition of the chaotic map, and each transaction session has different secret keys to protect from the attacks. Two chaotic maps are incorporated for the encryption to resolve the finite word length effect and to improve the system's resistance against attacks. Encryption is applied on the biometric templates before hiding into the cover/host images to make them secure, and then templates are hidden into the cover image. Experimental results show that the security, performance, and accuracy of the presented scheme are encouraging comparable with other methods found in the current literature.

Security Research on Engineering Database System

Institute of Scientific and Technical Information of China (English)

无

2002-01-01

Engine engineering database system is an oriented C AD applied database management system that has the capability managing distributed data. The paper discusses the security issue of the engine engineering database management system (EDBMS). Through studying and analyzing the database security, to draw a series of securi ty rules, which reach B1, level security standard. Which includes discretionary access control (DAC), mandatory access control (MAC) and audit. The EDBMS implem ents functions of DAC, ...

Proposal of secure camera-based radiation warning system for nuclear detection

International Nuclear Information System (INIS)

Tsuchiya, Ken'ichi; Kurosawa, Kenji; Akiba, Norimitsu; Kakuda, Hidetoshi; Imoto, Daisuke; Hirabayashi, Manato; Kuroki, Kenro

2016-01-01

Counter-terrorisms against radiological and nuclear threat are significant issues toward Tokyo 2020 Olympic and Paralympic Games. In terms of cost benefit, it is not easy to build a warning system for nuclear detection to prevent a Dirty Bomb attack (dispersion of radioactive materials using a conventional explosive) or a Silent Source attack (hidden radioactive materials) from occurring. We propose a nuclear detection system using the installed secure cameras. We describe a method to estimate radiation dose from noise pattern in CCD images caused by radiation. Some dosimeters under neutron and gamma-ray irradiations (0.1mSv-100mSv) were taken in CCD video camera. We confirmed amount of noise in CCD images increased in radiation exposure. The radiation detection using CMOS in secure cameras or cell phones has been implemented. However, in this presentation, we propose a warning system including neutron detection to search shielded nuclear materials or radiation exposure devices using criticality. (author)

Information Security Policy Modeling for Network Security Systems

Directory of Open Access Journals (Sweden)

Dmitry Sergeevich Chernyavskiy

2014-12-01

Full Text Available Policy management for network security systems (NSSs is one of the most topical issues of network security management. Incorrect configurations of NSSs lead to system outages and appearance of vulnerabilities. Moreover, policy management process is a time-consuming task, which includes significant amount of manual work. These factors reduce efficiency of NSSs’ utilization. The paper discusses peculiarities of policy management process and existing approaches to policy modeling, presents a model aimed to formalize policies for NSSs independently on NSSs’ platforms and select the most effective NSSs for implementation of the policies.

A systematic approach for analysis and design of secure health information systems.

Science.gov (United States)

Blobel, B; Roger-France, F

2001-06-01

A toolset using object-oriented techniques including the nowadays popular unified modelling language (UML) approach has been developed to facilitate the different users' views for security analysis and design of health care information systems. Paradigm and concepts used are based on the component architecture of information systems and on a general layered security model. The toolset was developed in 1996/1997 within the ISHTAR project funded by the European Commission as well as through international standardisation activities. Analysing and systematising real health care scenarios, only six and nine use case types could be found in the health and the security-related view, respectively. By combining these use case types, the analysis and design of any thinkable system architecture can be simplified significantly. Based on generic schemes, the environment needed for both communication and application security can be established by appropriate sets of security services and mechanisms. Because of the importance and the basic character of electronic health care record (EHCR) systems, the understanding of the approach is facilitated by (incomplete) examples for this application.

Designing a Secure Point-of-Sale System

DEFF Research Database (Denmark)

Sharp, Robin; Pedersen, Allan; Hedegaard, Anders

2006-01-01

This paper describes some experiences with using the ''Common Criteria for Information Security Evaluation'' as the basis for a design methodology when designing secure systems. As an example, the design process for a Point-of-Sale (POS) system is described.......This paper describes some experiences with using the ''Common Criteria for Information Security Evaluation'' as the basis for a design methodology when designing secure systems. As an example, the design process for a Point-of-Sale (POS) system is described....

Advanced Approach to Information Security Management System Model for Industrial Control System

Directory of Open Access Journals (Sweden)

Sanghyun Park

2014-01-01

Full Text Available Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS. ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

Advanced approach to information security management system model for industrial control system.

Science.gov (United States)

Park, Sanghyun; Lee, Kyungho

2014-01-01

Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

Advanced Approach to Information Security Management System Model for Industrial Control System

Science.gov (United States)

2014-01-01

Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS. PMID:25136659

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems.

Science.gov (United States)

Wu, Jun; Su, Zhou; Wang, Shen; Li, Jianhua

2017-07-30

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on "friend" relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems.

Security problems for a pseudorandom sequence generator based on the Chen chaotic system

Science.gov (United States)

Özkaynak, Fatih; Yavuz, Sırma

2013-09-01

Recently, a novel pseudorandom number generator scheme based on the Chen chaotic system was proposed. In this study, we analyze the security weaknesses of the proposed generator. By applying a brute force attack on a reduced key space, we show that 66% of the generated pseudorandom number sequences can be revealed. Executable C# code is given for the proposed attack. The computational complexity of this attack is O(n), where n is the sequence length. Both mathematical proofs and experimental results are presented to support the proposed attack.

SecureCPS: Defending a nanosatellite cyber-physical system

Science.gov (United States)

Forbes, Lance; Vu, Huy; Udrea, Bogdan; Hagar, Hamilton; Koutsoukos, Xenofon D.; Yampolskiy, Mark

2014-06-01

Recent inexpensive nanosatellite designs employ maneuvering thrusters, much as large satellites have done for decades. However, because a maneuvering nanosatellite can threaten HVAs on-­orbit, it must provide a level of security typically reserved for HVAs. Securing nanosatellites with maneuvering capability is challenging due to extreme cost, size, and power constraints. While still in the design process, our low-­cost SecureCPS architecture promises to dramatically improve security, to include preempting unknown binaries and detecting abnormal behavior. SecureCPS also applies to a broad class of cyber-­physical systems (CPS), such as aircraft, cars, and trains. This paper focuses on Embry-­Riddle's ARAPAIMA nanosatellite architecture, where we assume any off-­the-­shelf component could be compromised by a supply chain attack.1 Based on these assumptions, we have used Vanderbilt's Cyber Physical -­ Attack Description Language (CP-­ADL) to represent realistic attacks, analyze how these attacks propagate in the ARAPAIMA architecture, and how to defeat them using the combination of a low-­cost Root of Trust (RoT) Module, Global InfoTek's Advanced Malware Analysis System (GAMAS), and Anomaly Detection by Machine Learning (ADML).2 Our most recent efforts focus on refining and validating the design of SecureCPS.

Design And Implementation Of Bank Locker Security System Based On Fingerprint Sensing Circuit And RFID Reader

Directory of Open Access Journals (Sweden)

Khaing Mar Htwe

2015-07-01

Full Text Available Abstract The main goal of this system is to design a locker security system using RFID and Fingerprint. In this system only authenticated person can open the door. A security system is implemented containing door locking system using passive type of RFID which can activate authenticate and validate the user and unlock the door in real time for secure access. The advantage of using passive RFID is that it functions without a battery and passive tags are lighter and are less expensive than the active tags. This system consists of fingerprint reader microcontroller RFID reader and PC. The RFID reader reads the id number from passive. The fingerprint sensor will check incoming image with enrolled data and it will send confirming signal for C program. If both RFID check and fingerprint image confirmation are matched the microcontroller will drive door motor according to sensors at door edges. This system is more secure than other systems because two codes protection method used.

Modelling the System of Ensuring the Investment Security

Directory of Open Access Journals (Sweden)

Moroz Maxim O.

2017-11-01

Full Text Available The article explores approaches to modelling the system of ensuring the investment security. Necessity of observance of investment security of Ukraine has been substantiated. The author’s own vision of the modelling essentials has been provided. The eligibility for consideration of the system of ensuring the investment security of Ukraine in the functional, structural, process, formative, and factor aspects has been proved. The target setting and tasks of a functional model of the system of ensuring the investment security have been defined. The functions, subjects, organizational-economic mechanisms of the system of ensuring the investment security of Ukraine have been characterized. A structural model of the system of ensuring the investment security has been presented. Special attention has been given to the definition of objects of direct and indirect influence, control and controlled subsystems, aggregate of indicators, safe levels, principles of formation of the investment security system. The process and formative models of the system of ensuring the investment security, as well as the algorithm of the complex assessment of the level of investment security, were analyzed in detail. Measures to ensure the investment security of Ukraine have been defined.

Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce.

Science.gov (United States)

Mishra, Dheerendra; Mukhopadhyay, Sourav; Kumari, Saru; Khan, Muhammad Khurram; Chaturvedi, Ankita

2014-05-01

Telecare medicine information systems (TMIS) present the platform to deliver clinical service door to door. The technological advances in mobile computing are enhancing the quality of healthcare and a user can access these services using its mobile device. However, user and Telecare system communicate via public channels in these online services which increase the security risk. Therefore, it is required to ensure that only authorized user is accessing the system and user is interacting with the correct system. The mutual authentication provides the way to achieve this. Although existing schemes are either vulnerable to attacks or they have higher computational cost while an scalable authentication scheme for mobile devices should be secure and efficient. Recently, Awasthi and Srivastava presented a biometric based authentication scheme for TMIS with nonce. Their scheme only requires the computation of the hash and XOR functions.pagebreak Thus, this scheme fits for TMIS. However, we observe that Awasthi and Srivastava's scheme does not achieve efficient password change phase. Moreover, their scheme does not resist off-line password guessing attack. Further, we propose an improvement of Awasthi and Srivastava's scheme with the aim to remove the drawbacks of their scheme.

An Enhanced Erasure Code-Based Security Mechanism for Cloud Storage

Directory of Open Access Journals (Sweden)

Wenfeng Wang

2014-01-01

Full Text Available Cloud computing offers a wide range of luxuries, such as high performance, rapid elasticity, on-demand self-service, and low cost. However, data security continues to be a significant impediment in the promotion and popularization of cloud computing. To address the problem of data leakage caused by unreliable service providers and external cyber attacks, an enhanced erasure code-based security mechanism is proposed and elaborated in terms of four aspects: data encoding, data transmission, data placement, and data reconstruction, which ensure data security throughout the whole traversing into cloud storage. Based on the mechanism, we implement a secure cloud storage system (SCSS. The key design issues, including data division, construction of generator matrix, data encoding, fragment naming, and data decoding, are also described in detail. Finally, we conduct an analysis of data availability and security and performance evaluation. Experimental results and analysis demonstrate that SCSS achieves high availability, strong security, and excellent performance.

Attacks on Heartbeat-Based Security Using Remote Photoplethysmography.

Science.gov (United States)

Seepers, Robert Mark; Wang, Wenjin; de Haan, Gerard; Sourdis, Ioannis; Strydis, Christos

2018-05-01

The time interval between consecutive heartbeats (interpulse interval, IPI) has previously been suggested for securing mobile-health solutions. This time interval is known to contain a degree of randomness, permitting the generation of a time- and person-specific identifier. It is commonly assumed that only devices trusted by a person can make physical contact with him/her, and that this physical contact allows each device to generate a similar identifier based on its own cardiac recordings. Under these conditions, the identifiers generated by different trusted devices can facilitate secure authentication. Recently, a wide range of techniques have been proposed for measuring heartbeats remotely, a prominent example of which is remote photoplethysmography (rPPG). These techniques may pose a significant threat to heartbeat-based security, as an adversary may pretend to be a trusted device by generating a similar identifier without physical contact, thus bypassing one of the core security conditions. In this paper, we assess the feasibility of such remote attacks using state-of-the-art rPPG methods. Our evaluation shows that rPPG has similar accuracy as contact PPG and, thus, forms a substantial threat to heartbeat-based-security systems that permit trusted devices to obtain their identifiers from contact PPG recordings. Conversely, rPPG cannot obtain an accurate representation of an identifier generated from electrical cardiac signals, making the latter invulnerable to state-of-the-art remote attacks.

Security technology discussion for emergency command system of nuclear power plant

International Nuclear Information System (INIS)

Liu Zhenjun

2014-01-01

Nuclear power plant emergency command system can provide valuable data for emergency personnel, such as the unit data, weather data, environmental radiation data. In the course of emergency response, the emergency command system provides decision support to quickly and effectively control and mitigate the consequences of the nuclear accident, to avoid and reduce the dose received by staff and the public, to protect the environment and the public. There are high performance requirements on the security of the system and the data transmission. Based on the previous project and new demand after the Fukushima incident, the security technology design of emergency system in nuclear power plant was discussed. The results show that the introduction of information security technology can effectively ensure the security of emergency systems, and enhance the capacity of nuclear power plant to deal with nuclear accidents. (author)

Distributed security in closed distributed systems

DEFF Research Database (Denmark)

Hernandez, Alejandro Mario

properties. This is also restricted to distributed systems in which the set of locations is known a priori. All this follows techniques borrowed from both the model checking and the static analysis communities. In the end, we reach a step towards solving the problem of enforcing security in distributed...... systems. We achieve the goal of showing how this can be done, though we restrict ourselves to closed systems and with a limited set of enforceable security policies. In this setting, our approach proves to be efficient. Finally, we achieve all this by bringing together several fields of Computer Science......The goal of the present thesis is to discuss, argue and conclude about ways to provide security to the information travelling around computer systems consisting of several known locations. When developing software systems, security of the information managed by these plays an important role...

Dynamic Security Assessment of Western Danish Power System Based on Ensemble Decision Trees

DEFF Research Database (Denmark)

Liu, Leo; Bak, Claus Leth; Chen, Zhe

2014-01-01

With the increasing penetration of renewable energy resources and other forms of dispersed generation, more and more uncertainties will be brought to the dynamic security assessment (DSA) of power systems. This paper proposes an approach that uses ensemble decision trees (EDT) for online DSA. Fed...... with online wide-area measurement data, it is capable of not only predicting the security states of current operating conditions (OC) with high accuracy, but also indicating the confidence of the security states 1 minute ahead of the real time by an outlier identification method. The results of EDT together...

The electronic security partnership of safety/security and information systems departments.

Science.gov (United States)

Yow, J Art

2012-01-01

The ever-changing world of security electronics is reviewed in this article. The author focuses on its usage in a hospital setting and the need for safety/security and information systems departments to work together to protect and get full value from IP systems.

NOSArmor: Building a Secure Network Operating System

Directory of Open Access Journals (Sweden)

Hyeonseong Jo

2018-01-01

Full Text Available Software-Defined Networking (SDN, controlling underlying network devices (i.e., data plane in a logically centralized manner, is now actively adopted in many real world networking environments. It is clear that a network administrator can easily understand and manage his networking environments with the help of SDN. In SDN, a network operating system (NOS, also known as an SDN controller, is the most critical component because it should be involved in all transactions for controlling network devices, and thus the security of NOS cannot be highly exaggerated. However, in spite of its importance, no previous works have thoroughly investigated the security of NOS. In this work, to address this problem, we present the NOSArmor, which integrates several security mechanisms, named as security building block (SBB, into a consolidated SDN controller. NOSArmor consists of eight SBBs and each of them addresses different security principles of network assets. For example, while role-based authorization focuses on securing confidentiality of internal storage from malicious applications, OpenFlow protocol verifier protects availability of core service in the controller from malformed control messages received from switches. In addition, NOSArmor shows competitive performance compared to existing other controllers (i.e., ONOS, Floodlight with secureness of network assets.

Windows 2012 Server network security securing your Windows network systems and infrastructure

CERN Document Server

Rountree, Derrick

2013-01-01

Windows 2012 Server Network Security provides the most in-depth guide to deploying and maintaining a secure Windows network. The book drills down into all the new features of Windows 2012 and provides practical, hands-on methods for securing your Windows systems networks, including: Secure remote access Network vulnerabilities and mitigations DHCP installations configuration MAC filtering DNS server security WINS installation configuration Securing wired and wireless connections Windows personal firewall

Power system security enhancement with unified power flow controller under multi-event contingency conditions

Directory of Open Access Journals (Sweden)

S. Ravindra

2017-03-01

Full Text Available Power system security analysis plays key role in enhancing the system security and to avoid the system collapse condition. In this paper, a novel severity function is formulated using transmission line loadings and bus voltage magnitude deviations. The proposed severity function and generation fuel cost objectives are analyzed under transmission line(s and/or generator(s contingency conditions. The system security under contingency conditions is analyzed using optimal power flow problem. An improved teaching learning based optimization (ITLBO algorithm has been presented. To enhance the system security under contingency conditions in the presence of unified power flow controller (UPFC, it is necessary to identify an optimal location to install this device. Voltage source based power injection model of UPFC, incorporation procedure and optimal location identification strategy based on line overload sensitivity indexes are proposed. The entire proposed methodology is tested on standard IEEE-30 bus test system with supporting numerical and graphical results.

Moving ERP Systems to the Cloud - Data Security Issues

Directory of Open Access Journals (Sweden)

Pablo Saa

2017-08-01

Full Text Available This paper brings to light data security issues and concerns for organizations by moving their Enterprise Resource Planning (ERP systems to the cloud. Cloud computing has become the new trend of how organizations conduct business and has enabled them to innovate and compete in a dynamic environment through new and innovative business models. The growing popularity and success of the cloud has led to the emergence of cloud-based Software-as-a-Service (SaaS ERP systems, a new alternative approach to traditional on-premise ERP systems. Cloud-based ERP has a myriad of benefits for organizations. However, infrastructure engineers need to address data security issues before moving their enterprise applications to the cloud. Cloud-based ERP raises specific concerns about the confidentiality and integrity of the data stored in the cloud. Such concerns that affect the adoption of cloud-based ERP are based on the size of the organization. Small to medium enterprises (SMEs gain the maximum benefits from cloud-based ERP as many of the concerns around data security are not relevant to them. On the contrary, larger organizations are more cautious in moving their mission critical enterprise applications to the cloud. A hybrid solution where organizations can choose to keep their sensitive applications on-premise while leveraging the benefits of the cloud is proposed in this paper as an effective solution that is gaining momentum and popularity for large organizations.

Center for computer security: Computer Security Group conference. Summary

Energy Technology Data Exchange (ETDEWEB)

None

1982-06-01

Topics covered include: computer security management; detection and prevention of computer misuse; certification and accreditation; protection of computer security, perspective from a program office; risk analysis; secure accreditation systems; data base security; implementing R and D; key notarization system; DOD computer security center; the Sandia experience; inspector general's report; and backup and contingency planning. (GHT)

Choice of optical system is critical for the security of double random phase encryption systems

Science.gov (United States)

Muniraj, Inbarasan; Guo, Changliang; Malallah, Ra'ed; Cassidy, Derek; Zhao, Liang; Ryle, James P.; Healy, John J.; Sheridan, John T.

2017-06-01

The linear canonical transform (LCT) is used in modeling a coherent light-field propagation through first-order optical systems. Recently, a generic optical system, known as the quadratic phase encoding system (QPES), for encrypting a two-dimensional image has been reported. In such systems, two random phase keys and the individual LCT parameters (α,β,γ) serve as secret keys of the cryptosystem. It is important that such encryption systems also satisfy some dynamic security properties. We, therefore, examine such systems using two cryptographic evaluation methods, the avalanche effect and bit independence criterion, which indicate the degree of security of the cryptographic algorithms using QPES. We compared our simulation results with the conventional Fourier and the Fresnel transform-based double random phase encryption (DRPE) systems. The results show that the LCT-based DRPE has an excellent avalanche and bit independence characteristics compared to the conventional Fourier and Fresnel-based encryption systems.

Information Systems Security: Whose Responsibility? | Senzige ...

African Journals Online (AJOL)

... compounded by the increasingly international nature of information systems, this responsibility still rests with managers only. This paper looks at security concerns related to information systems, identifies the threats and suggests how the security of information systems should be handled. African Journal of Finance and ...

The Development of a Scientific Evaluation System of Force-on-Force (FOF) Exercise for Performance-based Regulation in Nuclear Security

Energy Technology Data Exchange (ETDEWEB)

Koh, Moonsung; Jung, Myungtak [Korea Institute of Nuclear Nonproliferation and Control, Daejeon (Korea, Republic of)

2015-05-15

A terrorist attack or sabotage at a nuclear facility could lead result in a great amount of loss of life and social chaos, in addition to serious radiological damage. As threats have been evolved more intelligent, divergent, advanced, the international societies including IAEA encourage for all member states to establish the performance-based regulation using Forceon- Force (FOF) exercise, computer simulation. Consequently, the performance evaluation for physical protection at nuclear facilities should focus on properly reacting to threat scenarios. Physical protection should also include detecting, blocking, delaying, interrupting including the human and technical factors the adversary having malicious intention of the realistic main threat element before he accomplishes the goal based on Design Basis Threat (DBT). After the completion of the FOF evaluation system, KINAC will evaluate, and later strengthen its overall security program in response to changes in the threat environment, technological advancements, and lessons learned. As a result, substantial improvements to a nuclear facility security can be predicted. These improvements will focus on a plant security force, physical barriers, intrusion detection systems, surveillance systems, and access controls. Through the building a Force-on-Force scientific evaluation system, KINAC will establish an efficient physical protection implementation system for nuclear energy facilities.

The Development of a Scientific Evaluation System of Force-on-Force (FOF) Exercise for Performance-based Regulation in Nuclear Security

International Nuclear Information System (INIS)

Koh, Moonsung; Jung, Myungtak

2015-01-01

A terrorist attack or sabotage at a nuclear facility could lead result in a great amount of loss of life and social chaos, in addition to serious radiological damage. As threats have been evolved more intelligent, divergent, advanced, the international societies including IAEA encourage for all member states to establish the performance-based regulation using Forceon- Force (FOF) exercise, computer simulation. Consequently, the performance evaluation for physical protection at nuclear facilities should focus on properly reacting to threat scenarios. Physical protection should also include detecting, blocking, delaying, interrupting including the human and technical factors the adversary having malicious intention of the realistic main threat element before he accomplishes the goal based on Design Basis Threat (DBT). After the completion of the FOF evaluation system, KINAC will evaluate, and later strengthen its overall security program in response to changes in the threat environment, technological advancements, and lessons learned. As a result, substantial improvements to a nuclear facility security can be predicted. These improvements will focus on a plant security force, physical barriers, intrusion detection systems, surveillance systems, and access controls. Through the building a Force-on-Force scientific evaluation system, KINAC will establish an efficient physical protection implementation system for nuclear energy facilities

8 CFR 103.34 - Security of records systems.

Science.gov (United States)

2010-01-01

... 8 Aliens and Nationality 1 2010-01-01 2010-01-01 false Security of records systems. 103.34 Section 103.34 Aliens and Nationality DEPARTMENT OF HOMELAND SECURITY IMMIGRATION REGULATIONS POWERS AND DUTIES; AVAILABILITY OF RECORDS § 103.34 Security of records systems. The security of records systems...

Rapidly Deployable Security System Final Report CRADA No. TC-2030-01

Energy Technology Data Exchange (ETDEWEB)

Kohlhepp, V. [Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States); Whiteman, B. [Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States); McKibben, M. T. [Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)

2017-09-28

The ultimate objective of the LEADER and LLNL strategic partnership was to develop and commercialize_a security-based system product and platform for the use in protecting the substantial physical and economic assets of the government and commerce of the United States. The primary goal of this project was to integrate video surveillance hardware developed by LLNL with a security software backbone developed by LEADER. Upon completion of the project, a prototype hardware/software security system that is highly scalable was to be demonstrated.

Analysis of costs-benefits tradeoffs of complex security systems

International Nuclear Information System (INIS)

Hicks, M.J.

1996-01-01

Essential to a systems approach to design of security systems is an analysis of the cost effectiveness of alternative designs. While the concept of analysis of costs and benefits is straightforward, implementation can be at the least tedious and, for complex designs and alternatives, can become nearly intractable without the help of structured analysis tools. PACAIT--Performance and Cost Analysis Integrated Tools--is a prototype tool. The performance side of the analysis collates and reduces data from ASSESS, and existing DOE PC-based security systems performance analysis tool. The costs side of the analysis uses ACE, an existing DOD PC-based costs analysis tool. Costs are reported over the full life-cycle of the system, that is, the costs to procure, operate, maintain and retire the system and all of its components. Results are collected in Microsoft reg-sign Excel workbooks and are readily available to analysts and decision makers in both tabular and graphical formats and at both the system and path-element levels

Cyber Security Testing and Training Programs for Industrial Control Systems

Energy Technology Data Exchange (ETDEWEB)

Daniel Noyes

2012-03-01

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

Carboy Security Testing and Training Programs for Industrial Control Systems

International Nuclear Information System (INIS)

Noyes, Daniel

2012-01-01

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These training vary from web-based cyber security training for control systems engineers to more advanced hands-on training that culminates with a Red Team/Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors

Cyber Security Testing and Training Programs for Industrial Control Systems

International Nuclear Information System (INIS)

Noyes, Daniel

2012-01-01

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

Carboy Security Testing and Training Programs for Industrial Control Systems

Energy Technology Data Exchange (ETDEWEB)

Noyes, Daniel [Idaho National Laboratory, Idaho (United States)

2012-03-15

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These training vary from web-based cyber security training for control systems engineers to more advanced hands-on training that culminates with a Red Team/Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

Polish Security Printing Works in the system of public and economic security

OpenAIRE

Remigiusz Lewandowski

2013-01-01

The article raises the issue of placing PWPW in the system of economic and public security. Two particular categories of security connected with PWPW business activity, i.e. identification and transactional security, have been defined and discussed in the article. The most essential factors affecting the above security categories as well as relations between identification/transactional security and economic/public security. The article indicates that PWPW plays an important role in the state...

Securing Real-Time Sessions in an IMS-Based Architecture

Science.gov (United States)

Cennamo, Paolo; Fresa, Antonio; Longo, Maurizio; Postiglione, Fabio; Robustelli, Anton Luca; Toro, Francesco

The emerging all-IP mobile network infrastructures based on 3rd Generation IP Multimedia Subsystem philosophy are characterised by radio access technology independence and ubiquitous connectivity for mobile users. Currently, great focus is being devoted to security issues since most of the security threats presently affecting the public Internet domain, and the upcoming ones as well, are going to be suffered by mobile users in the years to come. While a great deal of research activity, together with standardisation efforts and experimentations, is carried out on mechanisms for signalling protection, very few integrated frameworks for real-time multimedia data protection have been proposed in a context of IP Multimedia Subsystem, and even fewer experimental results based on testbeds are available. In this paper, after a general overview of the security issues arising in an advanced IP Multimedia Subsystem scenario, a comprehensive infrastructure for real-time multimedia data protection, based on the adoption of the Secure Real-Time Protocol, is proposed; then, the development of a testbed incorporating such functionalities, including mechanisms for key management and cryptographic context transfer, and allowing the setup of Secure Real-Time Protocol sessions is presented; finally, experimental results are provided together with quantitative assessments and comparisons of system performances for audio sessions with and without the adoption of the Secure Real-Time Protocol framework.

Research on mobile electronic commerce security technology based on WPKI

Science.gov (United States)

Zhang, Bo

2013-07-01

Through the in-depth study on the existing mobile e-commerce and WAP protocols, this paper presents a security solution of e-commerce system based on WPKI, and describes its implementation process and specific implementation details. This solution uniformly distributes the key used by the various participating entities , to fully ensure the confidentiality, authentication, fairness and integrity of mobile e-commerce payments, therefore has some pract ical value for improving the security of e-commerce system.

Security of the data transmission in the industrial control system

Directory of Open Access Journals (Sweden)

Marcin Bednarek

2015-12-01

Full Text Available The theme of this paper is to present the data transmission security system between the stations of the industrial control system. The possible options for secure communications between process stations, as well as between process and operator station are described. Transmission security mechanism is based on algorithms for symmetric and asymmetric encryption. The authentication process uses a software token algorithm and a one-way hash function. The algorithm for establishing a secured connection between the stations, including the authentication process and encryption of data transmission is given. The process of securing the transmission consists of 4 sub-processes: (I authentication; (II asymmetric, public keys transmission; (III symmetric key transmission; (IV data transmission. The presented process of securing the transmission was realized in the industrial controller and emulator. For this purpose, programming languages in accordance with EN 61131 were used. The functions were implemented as user function blocks. This allows us to include a mixed code in the structure of the block (both: ST and FBD. Available function categories: support of the asymmetric encryption; asymmetric encryption utility functions; support of the symmetric encryption; symmetric encryption utility functions; support of the hash value calculations; utility functions of conversion.[b]Keywords[/b]: transmission security, encryption, authentication, industrial control system

A SCHEME FOR TEMPLATE SECURITY AT FEATURE FUSION LEVEL IN MULTIMODAL BIOMETRIC SYSTEM

OpenAIRE

Arvind Selwal; Sunil Kumar Gupta; Surender Kumar

2016-01-01

Biometric is the science of human recognition based upon using their biological, chemical or behavioural traits. These systems are used in many real life applications simply from biometric based attendance system to providing security at very sophisticated level. A biometric system deals with raw data captured using a sensor and feature template extracted from raw image. One of the challenges being faced by designers of these systems is to secure template data extracted from the biometric mod...

Healthcare Blockchain System Using Smart Contracts for Secure Automated Remote Patient Monitoring.

Science.gov (United States)

Griggs, Kristen N; Ossipova, Olya; Kohlios, Christopher P; Baccarini, Alessandro N; Howson, Emily A; Hayajneh, Thaier

2018-06-06

As Internet of Things (IoT) devices and other remote patient monitoring systems increase in popularity, security concerns about the transfer and logging of data transactions arise. In order to handle the protected health information (PHI) generated by these devices, we propose utilizing blockchain-based smart contracts to facilitate secure analysis and management of medical sensors. Using a private blockchain based on the Ethereum protocol, we created a system where the sensors communicate with a smart device that calls smart contracts and writes records of all events on the blockchain. This smart contract system would support real-time patient monitoring and medical interventions by sending notifications to patients and medical professionals, while also maintaining a secure record of who has initiated these activities. This would resolve many security vulnerabilities associated with remote patient monitoring and automate the delivery of notifications to all involved parties in a HIPAA compliant manner.

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems

Directory of Open Access Journals (Sweden)

Jun Wu

2017-07-01

Full Text Available Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on “friend” relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems.

Crowd Sensing-Enabling Security Service Recommendation for Social Fog Computing Systems

Science.gov (United States)

Wu, Jun; Su, Zhou; Li, Jianhua

2017-01-01

Fog computing, shifting intelligence and resources from the remote cloud to edge networks, has the potential of providing low-latency for the communication from sensing data sources to users. For the objects from the Internet of Things (IoT) to the cloud, it is a new trend that the objects establish social-like relationships with each other, which efficiently brings the benefits of developed sociality to a complex environment. As fog service become more sophisticated, it will become more convenient for fog users to share their own services, resources, and data via social networks. Meanwhile, the efficient social organization can enable more flexible, secure, and collaborative networking. Aforementioned advantages make the social network a potential architecture for fog computing systems. In this paper, we design an architecture for social fog computing, in which the services of fog are provisioned based on “friend” relationships. To the best of our knowledge, this is the first attempt at an organized fog computing system-based social model. Meanwhile, social networking enhances the complexity and security risks of fog computing services, creating difficulties of security service recommendations in social fog computing. To address this, we propose a novel crowd sensing-enabling security service provisioning method to recommend security services accurately in social fog computing systems. Simulation results show the feasibilities and efficiency of the crowd sensing-enabling security service recommendation method for social fog computing systems. PMID:28758943

Shared Electronic Health Record Systems: Key Legal and Security Challenges.

Science.gov (United States)

Christiansen, Ellen K; Skipenes, Eva; Hausken, Marie F; Skeie, Svein; Østbye, Truls; Iversen, Marjolein M

2017-11-01

Use of shared electronic health records opens a whole range of new possibilities for flexible and fruitful cooperation among health personnel in different health institutions, to the benefit of the patients. There are, however, unsolved legal and security challenges. The overall aim of this article is to highlight legal and security challenges that should be considered before using shared electronic cooperation platforms and health record systems to avoid legal and security "surprises" subsequent to the implementation. Practical lessons learned from the use of a web-based ulcer record system involving patients, community nurses, GPs, and hospital nurses and doctors in specialist health care are used to illustrate challenges we faced. Discussion of possible legal and security challenges is critical for successful implementation of shared electronic collaboration systems. Key challenges include (1) allocation of responsibility, (2) documentation routines, (3) and integrated or federated access control. We discuss and suggest how challenges of legal and security aspects can be handled. This discussion may be useful for both current and future users, as well as policy makers.

Security Threat Assessment of an Internet Security System Using Attack Tree and Vague Sets

OpenAIRE

Kuei-Hu Chang

2014-01-01

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system’s elementary event are incomplete—the traditional approach for ca...