Search results for: security critical application

Authors: Gang Liu, Huimin Song, Can Wang, Runnan Zhang, Lu Fang

Abstract:

Currently, resource sharing and system security are critical issues. This paper proposes a POL module composed of PRIV ILEGE attribute (PA), obligation and log which improves attribute based access control (ABAC) model in dynamically granting authorizations and revoking authorizations. The following describes the new model termed PABAC in terms of the POL module structure, attribute definitions, policy formulation and authorization architecture, which demonstrate the advantages of it. The POL module addresses the problems which are not predicted before and not described by access control policy. It can be one of the subject attributes or resource attributes according to the practical application, which enhances the flexibility of the model compared with ABAC. A scenario that illustrates how this model is applied to the real world is provided.

Keywords: access control, attribute based access control, granting authorizations, privilege, revoking authorizations, system security

Procedia PDF Downloads 335

Authors: Ritsuko Kawasaki, Takeshi Hiromatsu

Abstract:

Management is required to understand all information security risks within an organization, and to make decisions on which information security risks should be treated in what level by allocating how much amount of cost. However, such decision-making is not usually easy, because various measures for risk treatment must be selected with the suitable application levels. In addition, some measures may have objectives conflicting with each other. It also makes the selection difficult. Therefore, this paper provides a model which supports the selection of measures by applying multi-objective analysis to find an optimal solution. Additionally, a list of measures is also provided to make the selection easier and more effective without any leakage of measures.

Keywords: information security risk treatment, selection of risk measures, risk acceptance, multi-objective optimization

Procedia PDF Downloads 351

Authors: Farheen Tabassum, Shoab Ahmed Khan

Abstract:

The brutality of attacks on networks and decisive infrastructures are on the climb over recent years and appears to continue to do so. Distributed Denial of service attack is the most prevalent and easy attack on the availability of a service due to the easy availability of large botnet computers at cheap price and the general lack of protection against these attacks. Application layer DDoS attack is DDoS attack that is targeted on wed server, application server or database server. These types of attacks are much more sophisticated and challenging as they get around most conventional network security devices because attack traffic often impersonate normal traffic and cannot be recognized by network layer anomalies. Conventional techniques of single-hosted security systems are becoming gradually less effective in the face of such complicated and synchronized multi-front attacks. In order to protect from such attacks and intrusion, corporation among all network devices is essential. To overcome this issue, a collaborative intrusion detection system (CIDS) is proposed in which multiple network devices share valuable information to identify attacks, as a single device might not be capable to sense any malevolent action on its own. So it helps us to take decision after analyzing the information collected from different sources. This novel attack detection technique helps to detect seemingly benign packets that target the availability of the critical infrastructure, and the proposed solution methodology shall enable the incident response teams to detect and react to DDoS attacks at the earliest stage to ensure that the uptime of the service remain unaffected. Experimental evaluation shows that the proposed collaborative detection approach is much more effective and efficient than the previous approaches.

Keywords: Distributed Denial-of-Service (DDoS), Collaborative Intrusion Detection System (CIDS), Slowloris, OSSIM (Open Source Security Information Management tool), OSSEC HIDS

Procedia PDF Downloads 337

Authors: Hala A. Alrumaih

Abstract:

It is widely believed that mobile device is a promising technology for lending the opportunity for the third wave of electronic commerce. Mobile devices have changed the way companies do business. Many applications are under development or being incorporated into business processes. In this day, mobile applications are a vital component of any industry strategy. One of the greatest benefits of selling merchandise and providing services on a mobile application is that it widens a company’s customer base significantly. Mobile applications are accessible to interested customers across regional and international borders in different electronic business (e-business) area. But there is a dark side to this success story. The security risks associated with mobile devices and applications are very significant. This paper introduces a broad risk analysis for the various threats, vulnerabilities, and risks in mobile e-business applications and presents some important risk mitigation approaches. It reviews and compares two different frameworks for security assurance in mobile e-business applications. Based on the comparison, the paper suggests some recommendations for applications developers and business owners in mobile e-business application development process.

Keywords: e-business, mobile applications, risk mitigations, security assurance

Procedia PDF Downloads 271

Authors: Mehdi Ghaemi

Abstract:

In principle, foreign investment security is enshrined in International Investment Agreements (IIAs) and Bilateral Investment Treaties (BITs) in the form of protection standards such as the Full Protection and Security Standard (FPS). Accordingly, the host countries undertake to provide the necessary security for the economic activities of foreign investment. With the outbreak of coronavirus, the international community called COVID-19 a threat to international peace security, as well as to the public interest and national security of nations; and to deal with, they proposed several solutions, generally including quarantine, creating social distances, and restricting businesses. This article first studies the security of foreign investment in international investment law. In the following, it analyzes the consequences of the COVID-19 pandemic for foreign investment security so that if there is a threat to that security, solutions could be offered to reduce it.

Keywords: foreign investment, FPS standard, host country, public health, COVID-19

Procedia PDF Downloads 74

Authors: Prashansa Singh, Manjot Kaur, Rohit Bajaj

Abstract:

The proliferation of wireless sensor networks and Internet of Things (IoT) devices in the quickly changing digital landscape has highlighted the urgent need for strong security solutions that can handle these systems’ limited resources. A key solution to this problem is the emergence of ultralightweight security protocols, which provide strong security features while respecting the strict computational, energy, and memory constraints imposed on these kinds of devices. This in-depth analysis explores the field of ultralightweight security protocols, offering a thorough examination of their evolution, salient features, and the particular security issues they resolve. We carefully examine and contrast different protocols, pointing out their advantages and disadvantages as well as the compromises between resource limitations and security resilience. We also study these protocols’ application domains, including the Internet of Things, RFID systems, and wireless sensor networks, to name a few. In addition, the review highlights recent developments and advancements in the field, pointing out new trends and possible avenues for future research. This paper aims to be a useful resource for researchers, practitioners, and developers, guiding the design and implementation of safe, effective, and scalable systems in the Internet of Things era by providing a comprehensive overview of ultralightweight security protocols.

Keywords: wireless sensor network, machine-to-machine, MQTT broker, server, ultralightweight, TCP/IP

Procedia PDF Downloads 35

Authors: Trevor Kroeger, Hayden Williams, Edward Holzinger, David Coleman, Brian Haberman

Abstract:

The network connectivity of medical devices is increasing at a rapid rate. Many medical devices, such as vital sign monitors, share information via wireless or wired connections. However, these connectivity options suffer from a variety of well-known limitations. Wireless connectivity, especially in the unlicensed radio frequency bands, can be disrupted. Such disruption could be due to benign reasons, such as a crowded spectrum, or to malicious intent. While wired connections are less susceptible to interference, they inhibit the mobility of the medical devices, which could be critical in a variety of scenarios. This work explores the application of Light Fidelity (Li-Fi) communication to enhance the security, performance, and mobility of medical devices in connected healthcare scenarios. A simple bridge for connected devices serves as an avenue to connect traditional medical devices to the Li-Fi network. This bridge was utilized to conduct bandwidth tests on a small Li-Fi network installed into a Mock-ICU setting with a backend enterprise network similar to that of a hospital. Mobile and stationary tests were conducted to replicate various different situations that might occur within a hospital setting. Results show that in room Li-Fi connectivity provides reasonable bandwidth and latency within a hospital like setting.

Keywords: hospital, light fidelity, Li-Fi, medical devices, security

Procedia PDF Downloads 78

Authors: John Ayoade

Abstract:

Cloud computing is a model that enables the delivery of on-demand computing resources such as networks, servers, storage, applications and services over the internet. Cloud Computing is a relatively growing concept that presents a good number of benefits for its users; however, it also raises some security challenges which may slow down its use. In this paper, we identify some of those security issues that can serve as barriers to realizing the full benefits that cloud computing can bring. One of the key security problems is security trust. A security trust model is proposed that can enhance the confidence that users need to fully trust the use of public and mobile cloud computing and maximize the potential benefits that they offer.

Keywords: cloud computing, trust, security, certificate authority, PKI

Procedia PDF Downloads 457

Authors: Muhammad R. Ahmed, Mohammed Aseeri

Abstract:

Wireless Sensor Network (WSN) consists of low-cost and multi functional resources constrain nodes that communicate at short distances through wireless links. It is open media and underpinned by an application driven technology for information gathering and processing. It can be used for many different applications range from military implementation in the battlefield, environmental monitoring, health sector as well as emergency response of surveillance. With its nature and application scenario, security of WSN had drawn a great attention. It is known to be valuable to variety of attacks for the construction of nodes and distributed network infrastructure. In order to ensure its functionality especially in malicious environments, security mechanisms are essential. Malicious or internal attacker has gained prominence and poses the most challenging attacks to WSN. Many works have been done to secure WSN from internal attacks but most of it relay on either training data set or predefined threshold. Without a fixed security infrastructure a WSN needs to find the internal attacks is a challenge. In this paper we present an internal attack detection method based on maximum entropy model. The final experimental works showed that the proposed algorithm does work well at the designed level.

Keywords: internal attack, wireless sensor network, network security, entropy

Procedia PDF Downloads 432

Authors: Kalpana Jamdhade, Anita Chorey, Bharti Tijare, V. M. Bhale

Abstract:

A field experiment was conducted during summer season of 2011 at Agronomy research farm, Dr. PDKV, Akola, to study the effect of irrigation regime and nitrogen levels on growth and productivity of summer sesame. The experiment was laid out in split plot Design in which three irrigation scheduling on the basis of IW/CPE ratio viz., irrigation at 0.6, 0.8 and 1.0 IW/CPE ratios (I1, I2 and I3, respectively) and one irrigation scheduling based on critical growth stages of sesame (I4), in main plot and three nitrogen levels 0, 30 and 60 kg N ha-1 (N0, N1 and N2, respectively) in subplot. The result showed that plant height, number of leaves plant-1, leaf area and dry matter accumulation were maximum in irrigation scheduling at 1.0 IW/CPE ratio, which significantly superior over 0.6 IW/CPE ratio and irrigation at critical growth stages but were statistically at par with irrigation at 0.8 IW/CPE ratio. Nitrogen levels, application of 60 kg N ha-1 was recorded significantly superior all growth parameters over treatment 30 kg N ha-1 and 0 kg N ha-1. In case of yield attributes viz., No. of capsules plant-1, Test wt., grain yield and Stalk yield (qha-1) were maximum in irrigation scheduling at 1.0 IW/CPE ratio and were significantly superior over 0.8 IW/CPE ratio, 0.6 IW/CPE ratio and irrigation at critical growth stages. Application of 60 kg N ha-1 increased all yield attributing characters over application of 30 and 0 kg N ha-1. In case of economics of crop same trend was found and the highest B:C ration was obtained in irrigation scheduling at 1.0 IW/CPE ratio. Whereas, application of 30 kg N ha-1 was recorded highest B:C ration over application of 60 and 0 kg N ha-1. Interaction effect of irrigation and nitrogen levels were found to be non significant in summer season.

Keywords: irrigation regimes, nitrogen levels, summer sesame, agricultural technology

Procedia PDF Downloads 338

Authors: Hind Bouami, Patrick Millot

Abstract:

Medication dispensing system is a life-critical system whose failure may result in preventable adverse events leading to longer patient stays in hospitals or patient death. Automation has led to great improvements in life-critical systems as it increased safety, efficiency, and comfort. However, critical risks related to medical organization complexity and automated solutions integration can threaten drug dispensing security and performance. Knowledge about the system’s complexity aspects and human machine parameters to control for automated equipment’s security and performance will help operators to secure their automation process and to optimize their system’s reliability. In this context, this study aims to document the operator’s situation awareness about automation risks and parameters involved in automation security and performance. Our risk management approach has been deployed in the North Luxembourg hospital center’s pharmacy, which is equipped with automated drug dispensing systems since 2009. With more than 4 million euros of gains generated, North Luxembourg hospital center’s success story was enabled by the management commitment, pharmacy’s involvement in the implementation and improvement of the automation project, and the close collaboration between the pharmacy and Sinteco’s firm to implement the necessary innovation and organizational actions for automated solutions integration security and performance. An analysis of the actions implemented by the hospital and the parameters involved in automated equipment’s integration security and performance has been made. The parameters to control for automated equipment’s integration security and performance are human aspects (6.25%), technical aspects (50%), and human-machine interaction (43.75%). The implementation of an anthropocentric analysis system before automation would have prevented and optimized the control of risks related to automation.

Keywords: Automated drug delivery systems, Hospitals, Human-centered automated system, Risk management

Procedia PDF Downloads 111

Authors: Andrew John Zeller, Artjoms Formulevics

Abstract:

Banking and financial services are rapidly transitioning from being monolithic structures focusing merely on their own financial offerings to becoming integrated players in multiple customer journeys and supply chains. Banks themselves are refocusing on being liquidity providers and underwriters in these networks, while the general concept of ‘embeddedness’ builds on the market readily available API (Application Programming Interface) architectures to flexibly deliver services to various requestors, i.e., online retailers who need finance and insurance products to better serve their customers, respectively. With this new flexibility come new requirements for enhanced cybersecurity. API structures are more decentralized and inherently prone to change. Unfortunately, this has not been comprehensively addressed in the literature. This paper tries to fill this gap by looking at security approaches and technologies relevant to API architectures found in embedded finance. After presenting the research methodology applied and introducing the major bodies of knowledge involved, the paper will discuss six dominating technology trends shaping high-level financial services architectures. Subsequently, embedded finance and the respective usage of API strategies will be described. Building on this, security considerations for APIs in financial and insurance services will be elaborated on before concluding with some ideas for possible further research.

Keywords: embedded finance, embedded banking strategy, cybersecurity, API management, data security, cybersecurity, IT management

Procedia PDF Downloads 7

Authors: Hanan Fayez Hussein

Abstract:

‘Due to increasing environmental challenges and security problems in the world such as global warming, storms, and terrorism’, humans have discovered new technologies and new materials in order to program daily life. As providing physical and psychological security is one of the primary functions of architecture, so in order to provide security, building must prevents unauthorized entry and harm to occupant and reduce the threat of attack by making building less attractive targets by new technologies such as; Nanotechnology, which has emerged as a major science and technology focus of the 21st century and will be the next industrial revolution. Nanotechnology is control of the properties of matter, and it deals with structures of the size 100 nanometers or smaller in at least one dimension and has wide application in various fields. The construction and architecture sectors were among the first to be identified as a promising application area for nanotechnology. The advantages of using nanomaterials in construction are enormous, and promises heighten building security by utilizing the strength of building materials to make our buildings more secure and get smart home. Access barriers such as wall and windows could incorporate stronger materials benefiting from nano-reinforcement utilizing nanotubes and nano composites to act as protective cover. Carbon nanotubes, as one of nanotechnology application, can be designed up to 250 times stronger than steel. Nano-enabled devices and materials offer both enhanced and, in some cases, completely new defence systems. In the addition, the small amount of carbon nanoparticles to the construction materials such as; cement, concrete, wood, glass, gypson, and steel can make these materials act as defence elements. This paper highlights the fact that nanotechnology can impact the future global security and how building’s envelop can act as a defensive cover for the building and can be resistance to any threats can attack it. Then focus on its effect on construction materials such as; Concrete can obtain by nanoadditives excellent mechanical, chemical, and physical properties with less material, which can acts as a precautionary shield to the building.

Keywords: nanomaterial, global warming, building security, smart homes

Procedia PDF Downloads 49

Authors: Amani A. Saad, Ahmed A. El-Farag, El-Sayed A. Helali

Abstract:

Cloud computing is an important and promising field in the recent decade. Cloud computing allows sharing resources, services and information among the people of the whole world. Although the advantages of using clouds are great, but there are many risks in a cloud. The data security is the most important and critical problem of cloud computing. In this research a new security model for cloud computing is proposed for ensuring secure communication system, hiding information from other users and saving the user's times. In this proposed model Blowfish encryption algorithm is used for exchanging information or data, and SHA-2 cryptographic hash algorithm is used for data integrity. For user authentication process a user-name and password is used, the password uses SHA-2 for one way encryption. The proposed system shows an improvement of the processing time of uploading and downloading files on the cloud in secure form.

Keywords: cloud Ccomputing, data security, SAAS, PAAS, IAAS, Blowfish

Procedia PDF Downloads 452

Authors: Vishnu Pratap Singh Kirar

Abstract:

In the cloud computing hierarchy IaaS is the lowest layer, all other layers are built over it. Thus it is the most important layer of cloud and requisite more importance. Along with advantages IaaS faces some serious security related issue. Mainly Security focuses on Integrity, confidentiality and availability. Cloud computing facilitate to share the resources inside as well as outside of the cloud. On the other hand, cloud still not in the state to provide surety to 100% data security. Cloud provider must ensure that end user/client get a Quality of Service. In this report we describe possible aspects of cloud related security.

Keywords: cloud computing, cloud networking, IaaS, PaaS, SaaS, cloud security

Procedia PDF Downloads 503

Authors: Safiyya A. Abba, Shehu U. R. Aliyu

Abstract:

This paper deals with Islamic social security: a discourse explores the meaning and nature of Islamic social security system. The paper reviews the social security framework and operations during the early period. The paper further identifies the instruments of Islamic social security discusses its principles and objectives. The paper discovers that Islamic social security is a personification of a comprehensive welfare approach in view of its varied instruments that are deeply rooted in the Islamic law, unique principles and realistic and achievable objectives. Furthermore, the Islamic social security system has far reaching socioeconomic implications; social justice, cohesion, equity, a catalyst for poverty eradication, income redistribution, economic growth and development.

Keywords: Islamic social security, basic needs, zakat, socioeconomic justice, equity

Procedia PDF Downloads 410

Authors: Pratama R. Yunia, Firmansyah, I., Ariani, Ulfa R. Maharani, Fikri M. Al

Abstract:

Nowadays, notwithstanding that the role of SMS as a means of communication has been largely replaced by online applications such as WhatsApp, Telegram, and others, the fact that SMS is still used for certain and important communication needs is indisputable. Among them is for sending one time password (OTP) as an authentication media for various online applications ranging from chatting, shopping to online banking applications. However, the usage of SMS does not pretty much guarantee the security of transmitted messages. As a matter of fact, the transmitted messages between BTS is still in the form of plaintext, making it extremely vulnerable to eavesdropping, especially if the message is confidential, for instance, the OTP. One solution to overcome this problem is to use an SMS application which provides security services for each transmitted message. Responding to this problem, in this study, an automatic key SMS encryption scheme was designed as a means to secure SMS communication. The proposed scheme allows SMS sending, which is automatically encrypted with keys that are constantly changing (automatic key update), automatic key exchange, and automatic key generation. In terms of the security method, the proposed scheme applies cryptographic techniques with a hybrid cryptosystem mechanism. Proofing the proposed scheme, a client to client SMS encryption application was developed using Java platform with AES-256 as encryption algorithm, RSA-768 as public and private key generator and SHA-256 for message hashing function. The result of this study is a secure automatic key SMS encryption scheme using hybrid cryptosystem which can guarantee the security of every transmitted message, so as to become a reliable solution in sending confidential messages through SMS although it still has weaknesses in terms of processing time.

Keywords: encryption scheme, hybrid cryptosystem, one time password, SMS security

Procedia PDF Downloads 106

Authors: Cara Williams

Abstract:

In 2006, the UK Labour government published a Green Paper introducing Employment and Support Allowance (ESA) as a replacement for Incapacity Benefit (IB), as well as a new Work Capability Assessment (WCA); signalling a controversial political and economic shift in disability welfare policy. In 2016, the Conservative government published Improving Lives: The Work, Health, and Disability Green Paper, as part of their social reform agenda, evidently to address the ‘injustice’ of the ‘disability employment gap’. This paper contextualises ESA in the wider ideology and rhetoric of ‘welfare to work’, ‘dependency’ and ‘responsibility’. Using the British ‘social model of disability’ as a theoretical framework, the study engages in a critical discourse analysis of these two Green Papers. By uncovering the medicalised conceptions embedded in the texts, the analysis has revealed ESA is linked with late capitalisms concern with the ‘disability category’.

Keywords: disability, employment, social security, welfare

Procedia PDF Downloads 144

Authors: Yuhang Wang

Abstract:

As energy is vital to industrial productivity and human existence, ensuring energy security becomes a critical government responsibility. The Chinese government has implemented the energy transition to safeguard China’s energy security. Throughout this progression, the Chinese government has faced numerous obstacles. This article seeks to describe the causes of China’s energy transition barriers and the steps taken by the Chinese government to overcome them.

Keywords: energy transition, energy market, fragmentation, path dependency

Procedia PDF Downloads 64

Authors: Amanuel Hadera Gebreyesus

Abstract:

In the literature, the study of tenure and food security has largely involved separate lines of inquiry. In effect, the nexus among these has received little attention; and the underinvestment in research related to the relationship between tenure and food security deters generation of tenure-related knowledge and policy guidance for improving food and nutrition security. Drawing from this motivation, we study the relationship among tenure security, agricultural diversity and food security and dietary diversity. We employ IV approaches to examine the effect of tenure security and agricultural diversity on food security and dietary diversity. We find tenure security is inversely related with food insecurity as shown by its negative association with hunger scale, hunger index and hunger category. On the other hand, results suggest that tenure security improves minimum dietary diversity of women while we find no association with child dietary diversity. Moreover, agricultural diversity is positively related with minimum dietary diversity of women, which may point to higher accessibility and consumption of dietary food groups by women. Also, findings suggest that farmers use their human (knowledge and skills) and resource (land) endowments to improve food security and dietary diversity. An implication from this is the importance of not only improving access to land but also long-term tenure security to promote agricultural diversity, food security and dietary diversity.

Keywords: tenure security, food security, agricultural diversity, dietary diversity, women

Procedia PDF Downloads 166

Authors: Chenhui Wang, Chwee Beng Lee

Abstract:

The practice of critical pedagogy is challenged by resistance from teachers. This study presents a discussion on teachers' resistance to critical pedagogy and previous practical frameworks for assessing critical thinking in formative assessment in the classroom through a critical review of the related literature. The authors found out that the main issue of teachers' resistance is not whether teachers should possess theoretical knowledge of critical thinking but how they apply that knowledge in their classroom teaching. In addition, critical thinking in formative assessment may provide teachers with a comprehensive understanding of critical pedagogical planning, implementing, and reflecting. Therefore, this paper intends to discuss a practical step-by-step framework for critical thinking formative assessment to address this resistance. Such discussion is based on a thorough examination of the related theories and frameworks. This review paper will benefit teachers in understanding and reducing their resistance to critical pedagogy as well as in implementing critical pedagogy.

Keywords: critical thinking, critical pedagogy, critical thinking formative assessment framework, teachers resistance

Procedia PDF Downloads 86

Authors: Pardeep Singh, N. S. Johal

Abstract:

In this research paper the level of subjectivity and objectivity adopted by journalists of different newspapers of the two provinces of the Jammu and Kashmir state has been analysed. This research paper emphasized upon the professionalism of the journalists of two provinces in catering to readers of particular province. In this study it was found that Kashmir based reporters are subjective in their reporting while covering Kashmir sentiments and use hard language against New Delhi, whereas Jammu based reporters are subjective only when it comes to defend security forces and are also bitterly critical of Pakistan, accusing it of being a sponsor of violence in Kashmir.

Keywords: conflict, Jammu and Kashmir, print media, reporter, critical, violence

Procedia PDF Downloads 269

Authors: Howard Prosser

Abstract:

This paper examines how critical thinking is framed, especially for primary-school students, in the recently established Australian Curriculum: History. Critical thinking is one of the curriculum’s 'general capabilities.' History provides numerous opportunities for critical thinking’s application in everyday life. The so-called 'history wars' that took place just prior to the curriculum’s introduction in 2014 sought to bring to light the limits of a singular historical narrative and reveal that which had been repressed. Consequently, the Australian history curriculum reflects this shifting mindset. Teachers are presented with opportunities to treat history in the classroom as a repository of social possibility, especially related to democratic potential, beyond hackneyed and jingoistic tales of Australian nationhood. Yet such opportunities are not explicit within the document and are up against pre-existing pedagogic practices. Drawing on political thinker Cornelius Castoriadis’s rendering of the 'social-historical' and 'paidea,' as well as his mobilisation of psychoanalysis, the study outlines how the curriculum’s critical-thinking component opens up possibilities for students and teachers to revise assumptions about how history is understood. This ontological shift is ultimately creative: the teachers’ imaginations connect the students’ imaginations, and vice versa, to the analysis that is at the heart of historical thinking. The implications of this social imagination add to the current discussions about historical consciousness among scholars like Peter Seixas. But, importantly, it has practical application in the primary-school classroom where history becomes creative acts, like play, that is indeterminate and social rather than fixed and individual.

Keywords: Australia, Castoriadis, critical thinking, history, imagination

Procedia PDF Downloads 285

Authors: Andrei Bogdan Stanescu, Robert Stana

Abstract:

Creating private and secure communication channels between employees has become a critical aspect in order to ensure organizational integrity and avoid leaks of sensitive information. With the widespread use of modern methods of disrupting communication between users, real use-cases of advanced encryption mechanisms have emerged to avoid cyber-attackers that are willing to intercept private conversations between critical employees in an organization. This paper aims to present a custom implementation of a messaging application named “Whisper” that uses end-to-end encryption (E2EE) mechanisms and blockchain-related components to protect sensitive conversations and mitigate the risks of information breaches inside organizations. The results of this research paper aim to expand the areas of applicability of E2EE algorithms and integrations with private blockchains in chat applications as a viable method of enhancing intra-organizational communication privacy.

Keywords: end-to-end encryption, mobile communication, cryptography, communication security, data privacy

Procedia PDF Downloads 55

Authors: Majid Azarniush, Soroush Mokallaei

Abstract:

Although robust security software, including anti-viruses, anti spy wares, anti-spam and firewalls, are amalgamated with new technologies such as Safe Zone, Hybrid Cloud, Sand Box etc., and it can be said that they have managed to prepare highest level of security against viruses, spy wares and other malwares in 2012, but in fact hackers' attacks to websites are increasingly becoming more and more complicated. Because of security matters and developments, it can be said that it was expected to happen so. Here in this work, we try to point out to some functional and vital notes to enhance security on the web enabling the user to browse safely in no limit web world and to use virtual space securely.

Keywords: firewalls, security, web services, software

Procedia PDF Downloads 459

Authors: Gampel Alexander, Mazzuchi Thomas, Sarkani Shahram

Abstract:

The cybersecurity landscape is constantly evolving, and organizations must adapt to the changing threat environment to protect their assets. The implementation of the NIST Risk Management Framework (RMF) has become critical in ensuring the security and safety of industrial control and automation systems. However, cybersecurity professionals are facing challenges in implementing RMF, leading to systems operating without authorization and being non-compliant with regulations. The current approach to RMF implementation based on business practices is limited and insufficient, leaving organizations vulnerable to cyberattacks resulting in the loss of personal consumer data and critical infrastructure details. To address these challenges, this research proposes a Model-Based Systems Engineering (MBSE) approach to implementing cybersecurity controls and assessing risk through the RMF process. The study emphasizes the need to shift to a modeling approach, which can streamline the RMF process and eliminate bloated structures that make it difficult to receive an Authorization-To-Operate (ATO). The study focuses on the practical application of MBSE in industrial control and automation systems to improve the security and safety of operations. It is concluded that MBSE can be used to solve the implementation challenges of the NIST RMF process and improve the security of industrial control and automation systems. The research suggests that MBSE provides a more effective and efficient method for implementing cybersecurity controls and assessing risk through the RMF process. The future work for this research involves exploring the broader applicability of MBSE in different industries and domains. The study suggests that the MBSE approach can be applied to other domains beyond industrial control and automation systems.

Keywords: authorization-to-operate (ATO), industrial control systems (ICS), model-based system’s engineering (MBSE), risk management framework (RMF)

Procedia PDF Downloads 58

Authors: Nahid Tavakoli, Asghar Ehteshami, Akbar Hassanzadeh, Fatemeh Amini

Abstract:

Introduction: The Information security incident management guidelines was been developed to help hospitals to meet their information security event and incident management requirements. The purpose of this Study was to investigate on Information Security Incident Management in Isfahan’s educational hospitals in accordance to ISO/IEC 27002 standards. Methods: This was a cross-sectional study to investigate on Information Security Incident Management of educational hospitals in 2014. Based on ISO/IEC 27002 standards, two checklists were applied to check the compliance with standards on Reporting Information Security Events and Weakness and Management of Information Security Incidents and Improvements. One inspector was trained to carry out the assessments in the hospitals. The data was analyzed by SPSS. Findings: In general the score of compliance Information Security Incident Management requirements in two steps; Reporting Information Security Events and Weakness and Management of Information Security Incidents and Improvements was %60. There was the significant difference in various compliance levels among the hospitals (p-valueKeywords: information security incident management, information security management, standards, hospitals

Procedia PDF Downloads 550

Authors: Kuan-Chou Chen

Abstract:

This paper will demonstrate a simulation model of an information security system by using the systems dynamic approach. The relationships in the system model are designed to be simple and functional and do not necessarily represent any particular information security environments. The purpose of the paper aims to develop a generic system dynamic information security system model with implications on information security research. The interrelated and interdependent relationships of five primary sectors in the system dynamic model will be presented in this paper. The integrated information security systems model will include (1) information security characteristics, (2) users, (3) technology, (4) business functions, and (5) policy and management. Environments, attacks, government and social culture will be defined as the external sector. The interactions within each of these sectors will be depicted by system loop map as well. The proposed system dynamic model will not only provide a conceptual framework for information security analysts and designers but also allow information security managers to remove the incongruity between the management of risk incidents and the management of knowledge and further support information security managers and decision makers the foundation for managerial actions and policy decisions.

Keywords: system thinking, information security systems, security management, simulation

Procedia PDF Downloads 401

Authors: Rashid Mahmood

Abstract:

The network as a service (NaaS) usage has been well-known from the last few years in the many applications, like mission critical applications. In the NaaS, prevention method is not adequate as the security concerned, so the detection method should be added to the security issues in NaaS. The authentication and encryption are considered the first solution of the NaaS problem whereas now these are not sufficient as NaaS use is increasing. In this paper, we are going to present the concept of intrusion detection and then survey some of major intrusion detection techniques in NaaS and aim to compare in some important fields.

Keywords: IDS, cloud, naas, detection

Procedia PDF Downloads 286

Authors: Nipuli Gajanayake

Abstract:

The Russian military role beyond its national frontier has become a debatable hot topic in the international political arena. It’s advanced, and strategic responses in combating regional and international security problems have always been a factor to debate and criticize. Under such critical circumstances, Russia is attentive to play its military role according to the provisions of the Military Doctrine of the Russian Federation. Most importantly, the legal basis of the doctrine has also consisted with the generally recognized principles and norms of international law. Therefore, Russian international military assistances are pledged to accomplish international peace and security. The expansion of Russian military participation in the United Nations Peacekeeping operations, and military- political, and technical cooperation have largely evident the great effort of Russia in maintaining and restoring international peace and security. Moreover, the conflict management diplomacy and the development of dialogue with nation states to confront military risks and threats can also identify as a part of preserving international peace and security. In addition, Russia strives to strengthen the system of collective security with regional and international organizations through the legal framework of the Collective Security Treaty Organization (CSTO). Maintaining cooperative ties with the Commonwealth of Independent States (CIS), the Organization for Security and Cooperation in Europe (OSCE) and the Shanghai Cooperation Organization (SCO) have highlighted the Russian deliberation on maintaining regional peace and security. Nevertheless, the extension of cordial relations with nation states and providing of military assistances during tensions and conflicts on their territories can also underscore as Russians commitments on maintaining international peace and security. Observing and recognizing the disparity between the West portrayed terms like ‘illegal Russian interventions’ and the comprehensive reality behind the ‘Russian military assistances’ are important to understand. However, a lopsided vision or a perspective towards the Russian international military role would not present a clear understanding about its valued and also dedicated hard work on maintaining international peace and security.

Keywords: collective security, diplomacy, international military role of Russia, international peace and security

Procedia PDF Downloads 277