Search results for: Adequate Security
923 Hybrid Authentication Scheme for Graphical Password Using QR Code and Integrated Sound Signature
Authors: Salim Istyaq, Mohammad Sarosh Umar
Abstract:
Today, the mankind is in the stage of development, every day comes with new proposal of technology, in order to secure these types of technology, we also prepare high yielding security modules to conserve these resources. The capacity of human brain to recognize anything is far more than any species; this is all due to our developing cycle of curiosity. In this paper, we proposed a scheme based on graphical password using QR Code which provides more security to the recent online system. It also contains a supportive sound signature. In this system, authentication is done using sequence of images in QR code form. Users select one click-point per image with the help of QR scanner or recognizer. The encoded phrase in a QR code emphasizes the minimum probability of attacking via shoulder surfing or other attacks.
Keywords: Graphical password, QR code, sound signature, image authentication, cued click point.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 772922 Many-Sided Self Risk Analysis Model for Information Asset to Secure Stability of the Information and Communication Service
Authors: Jin-Tae Lee, Jung-Hoon Suh, Sang-Soo Jang, Jae-Il Lee
Abstract:
Information and communication service providers (ICSP) that are significant in size and provide Internet-based services take administrative, technical, and physical protection measures via the information security check service (ISCS). These protection measures are the minimum action necessary to secure the stability and continuity of the information and communication services (ICS) that they provide. Thus, information assets are essential to providing ICS, and deciding the relative importance of target assets for protection is a critical procedure. The risk analysis model designed to decide the relative importance of information assets, which is described in this study, evaluates information assets from many angles, in order to choose which ones should be given priority when it comes to protection. Many-sided risk analysis (MSRS) grades the importance of information assets, based on evaluation of major security check items, evaluation of the dependency on the information and communication facility (ICF) and influence on potential incidents, and evaluation of major items according to their service classification, in order to identify the ISCS target. MSRS could be an efficient risk analysis model to help ICSPs to identify their core information assets and take information protection measures first, so that stability of the ICS can be ensured.Keywords: Information Asset, Information CommunicationFacility, Evaluation, ISCS (Information Security Check Service), Evaluation, Grade.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1448921 Role-based Access Control Model in Home Network Environments
Authors: Do-Woo Kim, Geon Woo Kim, Jun-Ho Lee, Jong-Wook Han
Abstract:
The home in these days has not one computer connected to the Internet but rather a network of many devices within the home, and that network might be connected to the Internet. In such an environment, the potential for attacks is greatly increased. The general security technology can not apply because of the use of various wired and wireless network, middleware and protocol in digital home environment and a restricted system resource of home information appliances. To offer secure home services home network environments have need of access control for various home devices and information when users want to access. Therefore home network access control for user authorization is a very important issue. In this paper we propose access control model using RBAC in home network environments to provide home users with secure home services.
Keywords: Home network, access control, RBAC, security.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1911920 Internet Governance based on Multiple-Stakeholders: Opportunities, Issues and Developments
Authors: Martin Hans Knahl
Abstract:
The Internet is the global data communications infrastructure based on the interconnection of both public and private networks using protocols that implement Internetworking on a global scale. Hence the control of protocol and infrastructure development, resource allocation and network operation are crucial and interlinked aspects. Internet Governance is the hotly debated and contentious subject that refers to the global control and operation of key Internet infrastructure such as domain name servers and resources such as domain names. It is impossible to separate technical and political positions as they are interlinked. Furthermore the existence of a global market, transparency and competition impact upon Internet Governance and related topics such as network neutrality and security. Current trends and developments regarding Internet governance with a focus on the policy-making process, security and control have been observed to evaluate current and future implications on the Internet. The multi stakeholder approach to Internet Governance discussed in this paper presents a number of opportunities, issues and developments that will affect the future direction of the Internet. Internet operation, maintenance and advisory organisations such as the Internet Corporation for Assigned Names and Numbers (ICANN) or the Internet Governance Forum (IGF) are currently in the process of formulating policies for future Internet Governance. Given the controversial nature of the issues at stake and the current lack of agreement it is predicted that institutional as well as market governance will remain present for the network access and content.Keywords: Internet Governance, ICANN, Democracy, Security
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1869919 GridNtru: High Performance PKCS
Authors: Narasimham Challa, Jayaram Pradhan
Abstract:
Cryptographic algorithms play a crucial role in the information society by providing protection from unauthorized access to sensitive data. It is clear that information technology will become increasingly pervasive, Hence we can expect the emergence of ubiquitous or pervasive computing, ambient intelligence. These new environments and applications will present new security challenges, and there is no doubt that cryptographic algorithms and protocols will form a part of the solution. The efficiency of a public key cryptosystem is mainly measured in computational overheads, key size and bandwidth. In particular the RSA algorithm is used in many applications for providing the security. Although the security of RSA is beyond doubt, the evolution in computing power has caused a growth in the necessary key length. The fact that most chips on smart cards can-t process key extending 1024 bit shows that there is need for alternative. NTRU is such an alternative and it is a collection of mathematical algorithm based on manipulating lists of very small integers and polynomials. This allows NTRU to high speeds with the use of minimal computing power. NTRU (Nth degree Truncated Polynomial Ring Unit) is the first secure public key cryptosystem not based on factorization or discrete logarithm problem. This means that given sufficient computational resources and time, an adversary, should not be able to break the key. The multi-party communication and requirement of optimal resource utilization necessitated the need for the present day demand of applications that need security enforcement technique .and can be enhanced with high-end computing. This has promoted us to develop high-performance NTRU schemes using approaches such as the use of high-end computing hardware. Peer-to-peer (P2P) or enterprise grids are proven as one of the approaches for developing high-end computing systems. By utilizing them one can improve the performance of NTRU through parallel execution. In this paper we propose and develop an application for NTRU using enterprise grid middleware called Alchemi. An analysis and comparison of its performance for various text files is presented.Keywords: Alchemi, GridNtru, Ntru, PKCS.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1692918 Back Bone Node Based Black Hole Detection Mechanism in Mobile Ad Hoc Networks
Authors: Nidhi Gupta, Sanjoy Das, Khushal Singh
Abstract:
Mobile Ad hoc Network is a set of self-governing nodes which communicate through wireless links. Dynamic topology MANETs makes routing a challenging task. Various routing protocols are there, but due to various fundamental characteristic open medium, changing topology, distributed collaboration and constrained capability, these protocols are tend to various types of security attacks. Black hole is one among them. In this attack, malicious node represents itself as having the shortest path to the destination but that path not even exists. In this paper, we aim to develop a routing protocol for detection and prevention of black hole attack by modifying AODV routing protocol. This protocol is able to detect and prevent the black hole attack. Simulation is done using NS-2, which shows the improvement in network performance.Keywords: Ad hoc, AODV, Back Bone, routing, Security.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2160917 Study on Network-Based Technology for Detecting Potentially Malicious Websites
Authors: Byung-Ik Kim, Hong-Koo Kang, Tae-Jin Lee, Hae-Ryong Park
Abstract:
Cyber terrors against specific enterprises or countries have been increasing recently. Such attacks against specific targets are called advanced persistent threat (APT), and they are giving rise to serious social problems. The malicious behaviors of APT attacks mostly affect websites and penetrate enterprise networks to perform malevolent acts. Although many enterprises invest heavily in security to defend against such APT threats, they recognize the APT attacks only after the latter are already in action. This paper discusses the characteristics of APT attacks at each step as well as the strengths and weaknesses of existing malicious code detection technologies to check their suitability for detecting APT attacks. It then proposes a network-based malicious behavior detection algorithm to protect the enterprise or national networks.
Keywords: Advanced Persistent Threat, Malware, Network Security, Network Packet, Exploit Kits.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1569916 Understanding Success Factors of an Information Security Management System Plan Phase Self-Implementation
Authors: Nurazean Maarop, Noorjan Mohd Mustapha, Rasimah Yusoff, Roslina Ibrahim, Norziha Megat Mohd Zainuddin
Abstract:
The goal of this study is to identify success factors that could influence the ISMS self-implementation in government sector from qualitative perspective. This study is based on a case study in one of the Malaysian government agency. Semi-structured interviews involving five key informants were conducted to examine factors addressed in the conceptual framework. Subsequently, thematic analysis was executed to describe the influence of each factor on the success implementation of ISMS. The result of this study indicates that management commitment, implementer commitment and implementer competency are part of the success factors for ISMS self-implementation in Malaysian Government Sector.
Keywords: ISMS Success Factors, IT Project Management, IS Success, Information Security.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 4274915 Taxonomy of Threats and Vulnerabilities in Smart Grid Networks
Authors: Faisal Al Yahmadi, Muhammad R. Ahmed
Abstract:
Electric power is a fundamental necessity in the 21st century. Consequently, any break in electric power is probably going to affect the general activity. To make the power supply smooth and efficient, a smart grid network is introduced which uses communication technology. In any communication network, security is essential. It has been observed from several recent incidents that adversary causes an interruption to the operation of networks. In order to resolve the issues, it is vital to understand the threats and vulnerabilities associated with the smart grid networks. In this paper, we have investigated the threats and vulnerabilities in Smart Grid Networks (SGN) and the few solutions in the literature. Proposed solutions showed developments in electricity theft countermeasures, Denial of services attacks (DoS) and malicious injection attacks detection model, as well as malicious nodes detection using watchdog like techniques and other solutions.
Keywords: Smart grid network, security, threats, vulnerabilities.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 597914 Nutritional Potential and Traditional Uses of High Altitude Wild Edible Plants in Eastern Himalayas, India
Authors: Hui Tag, Jambey Tsering, Pallabi Kalita Hui, Baikuntha Jyoti Gogoi, Vijay Veer
Abstract:
The food security issues and its relevance in High Mountain regions of the world have been often neglected. Wild edible plants have been playing a major role in livelihood security among the tribal Communities of East Himalayan Region of the world since time immemorial. The Eastern Himalayan Region of India is one of the mega diverse regions of world and rated as top 12th Global Biodiversity Hotspots by IUCN and recognized as one of the 200 significant eco-regions of the Globe. The region supports one of the world’s richest alpine floras and about one-third of them are endemic to the region. There are at least 7,500 flowering plants, 700 orchids, 58 bamboo species, 64 citrus species, 28 conifers, 500 mosses, 700 ferns and 728 lichens. The region is the home of more than three hundred different ethnic communities having diverse knowledge on traditional uses of flora and fauna as food, medicine and beverages. Monpa, Memba and Khamba are among the local communities residing in high altitude region of Eastern Himalaya with rich traditional knowledge related to utilization of wild edible plants. The Monpas, Memba and Khamba are the followers Mahayana sect of Himalayan Buddhism and they are mostly agrarian by primary occupation and also heavily relaying on wild edible plants for their livelihood security during famine since millennia. In the present study, we have reported traditional uses of 40 wild edible plant species and out of which 6 species were analyzed at biochemical level for nutrients contents and free radical scavenging activities. The results have shown significant free radical scavenging (antioxidant) activity and nutritional potential of the selected 6 wild edible plants used by the local communities of Eastern Himalayan Region of India.
Keywords: East Himalaya, Local community, Wild edible plants, Nutrition, Food security.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 4065913 Hardware Prototyping of an Efficient Encryption Engine
Authors: Muhammad I. Ibrahimy, Mamun B.I. Reaz, Khandaker Asaduzzaman, Sazzad Hussain
Abstract:
An approach to develop the FPGA of a flexible key RSA encryption engine that can be used as a standard device in the secured communication system is presented. The VHDL modeling of this RSA encryption engine has the unique characteristics of supporting multiple key sizes, thus can easily be fit into the systems that require different levels of security. A simple nested loop addition and subtraction have been used in order to implement the RSA operation. This has made the processing time faster and used comparatively smaller amount of space in the FPGA. The hardware design is targeted on Altera STRATIX II device and determined that the flexible key RSA encryption engine can be best suited in the device named EP2S30F484C3. The RSA encryption implementation has made use of 13,779 units of logic elements and achieved a clock frequency of 17.77MHz. It has been verified that this RSA encryption engine can perform 32-bit, 256-bit and 1024-bit encryption operation in less than 41.585us, 531.515us and 790.61us respectively.Keywords: RSA, FPGA, Communication, Security, VHDL.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1451912 Review of Trust Models in Wireless Sensor Networks
Authors: V. Uma Rani, K. Soma Sundaram
Abstract:
The major challenge faced by wireless sensor networks is security. Because of dynamic and collaborative nature of sensor networks the connected sensor devices makes the network unusable. To solve this issue, a trust model is required to find malicious, selfish and compromised insiders by evaluating trust worthiness sensors from the network. It supports the decision making processes in wireless sensor networks such as pre key-distribution, cluster head selection, data aggregation, routing and self reconfiguration of sensor nodes. This paper discussed the kinds of trust model, trust metrics used to address attacks by monitoring certain behavior of network. It describes the major design issues and their countermeasures of building trust model. It also discusses existing trust models used in various decision making process of wireless sensor networks.
Keywords: Attacks, Security, Trust, Trust model, Wireless sensor network.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 4567911 W-CAS: A Central Users Authentication and Authorization System for Enterprise Wide Web Applications
Authors: Sharil Tumin, Sylvia Encheva
Abstract:
Centrally controlled authentication and authorization services can provide enterprise with an increase in security, more flexible access control solutions and an increased users' trust. By using redirections, users of all Web-based applications within an organization are authenticated at a single well known and secure Web site and using secure communication protocol. Users are first authenticated at the central server using their domain wide credentials before being redirected to a particular Web-based application. The central authentication server will then provide others with pertinence authorization related particulars and credentials of the authenticated user to the specific application. The trust between the clients and the server hosts is established by secure session keys exchange. Case- studies are provided to demonstrate the usefulness and flexibility of the proposed solution.
Keywords: Authentication, Authorization, Security, Protected Web-based Applications
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1552910 An Optimal Steganalysis Based Approach for Embedding Information in Image Cover Media with Security
Authors: Ahlem Fatnassi, Hamza Gharsellaoui, Sadok Bouamama
Abstract:
This paper deals with the study of interest in the fields of Steganography and Steganalysis. Steganography involves hiding information in a cover media to obtain the stego media in such a way that the cover media is perceived not to have any embedded message for its unintended recipients. Steganalysis is the mechanism of detecting the presence of hidden information in the stego media and it can lead to the prevention of disastrous security incidents. In this paper, we provide a critical review of the steganalysis algorithms available to analyze the characteristics of an image stego media against the corresponding cover media and understand the process of embedding the information and its detection. We anticipate that this paper can also give a clear picture of the current trends in steganography so that we can develop and improvise appropriate steganalysis algorithms.Keywords: Optimization, heuristics and metaheuristics algorithms, embedded systems, low-power consumption, Steganalysis Heuristic approach.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1184909 A Robust Image Watermarking Scheme using Image Moment Normalization
Authors: Latha Parameswaran, K. Anbumani
Abstract:
Multimedia security is an incredibly significant area of concern. A number of papers on robust digital watermarking have been presented, but there are no standards that have been defined so far. Thus multimedia security is still a posing problem. The aim of this paper is to design a robust image-watermarking scheme, which can withstand a different set of attacks. The proposed scheme provides a robust solution integrating image moment normalization, content dependent watermark and discrete wavelet transformation. Moment normalization is useful to recover the watermark even in case of geometrical attacks. Content dependent watermarks are a powerful means of authentication as the data is watermarked with its own features. Discrete wavelet transforms have been used as they describe image features in a better manner. The proposed scheme finds its place in validating identification cards and financial instruments.Keywords: Watermarking, moments, wavelets, content-based, benchmarking.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1548908 An Enhanced Associativity Based Routing with Fuzzy Based Trust to Mitigate Network Attacks
Authors: K. Geetha, P. Thangaraj
Abstract:
Mobile Ad Hoc Networks (MANETs) is a collection of mobile devices forming a communication network without infrastructure. MANET is vulnerable to security threats due to network’s limited security, dynamic topology, scalability and the lack of central management. The Quality of Service (QoS) routing in such networks is limited by network breakage caused by node mobility or nodes energy depletions. The impact of node mobility on trust establishment is considered and its use to propagate trust through a network is investigated in this paper. This work proposes an enhanced Associativity Based Routing (ABR) with Fuzzy based Trust (Fuzzy- ABR) routing protocol for MANET to improve QoS and to mitigate network attacks.Keywords: Mobile Ad hoc Networks (MANET), Associativity Based Routing (ABR), Fuzzy based Computed Trust.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2554907 A Robust Method for Encrypted Data Hiding Technique Based on Neighborhood Pixels Information
Authors: Ali Shariq Imran, M. Younus Javed, Naveed Sarfraz Khattak
Abstract:
This paper presents a novel method for data hiding based on neighborhood pixels information to calculate the number of bits that can be used for substitution and modified Least Significant Bits technique for data embedding. The modified solution is independent of the nature of the data to be hidden and gives correct results along with un-noticeable image degradation. The technique, to find the number of bits that can be used for data hiding, uses the green component of the image as it is less sensitive to human eye and thus it is totally impossible for human eye to predict whether the image is encrypted or not. The application further encrypts the data using a custom designed algorithm before embedding bits into image for further security. The overall process consists of three main modules namely embedding, encryption and extraction cm.
Keywords: Data hiding, image processing, information security, stagonography.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2341906 Occupational Safety Need Analysis for Turkey and Europe
Authors: Ismail Muratoglu, Ahmet Meyveci, Abdurrahman Tuncer, Erkan Demirci
Abstract:
This study is dedicated to the analysis of the problems of occupational safety in Turkey, Italy and Poland. The need analysis was applied to three different countries which are Turkey; 4, Poland; 1, Italy; 1 state. The number of the subjects is 891 in Turkey. The number of the subjects is 26 in Italy and the number of the subjects is 19 in Poland. The total number of samples of study is 936. Four different forms (Job Security Experts Form, Student Form, Teacher Form and Company Form) were applied. Results of experts of job security forms are rate of 7.1%. Then, the students’ forms are rate of 34.3%, teacher or instructor forms are rate of 9.9%. The last corporation forms are rate of 48.7%.Keywords: Europe, need analysis, occupational safety, Turkey, vocational education.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1412905 A New Approach to Steganography using Sinc-Convolution Method
Authors: Ahmad R. Naghsh-Nilchi, Latifeh Pourmohammadbagher
Abstract:
Both image steganography and image encryption have advantages and disadvantages. Steganograhy allows us to hide a desired image containing confidential information in a covered or host image while image encryption is decomposing the desired image to a non-readable, non-comprehended manner. The encryption methods are usually much more robust than the steganographic ones. However, they have a high visibility and would provoke the attackers easily since it usually is obvious from an encrypted image that something is hidden! The combination of steganography and encryption will cover both of their weaknesses and therefore, it increases the security. In this paper an image encryption method based on sinc-convolution along with using an encryption key of 128 bit length is introduced. Then, the encrypted image is covered by a host image using a modified version of JSteg steganography algorithm. This method could be applied to almost all image formats including TIF, BMP, GIF and JPEG. The experiment results show that our method is able to hide a desired image with high security and low visibility.Keywords: Sinc Approximation, Image Encryption, Sincconvolution, Image Steganography, JSTEG.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1828904 New Analysis Methods on Strict Avalanche Criterion of S-Boxes
Authors: Phyu Phyu Mar, Khin Maung Latt
Abstract:
S-boxes (Substitution boxes) are keystones of modern symmetric cryptosystems (block ciphers, as well as stream ciphers). S-boxes bring nonlinearity to cryptosystems and strengthen their cryptographic security. They are used for confusion in data security An S-box satisfies the strict avalanche criterion (SAC), if and only if for any single input bit of the S-box, the inversion of it changes each output bit with probability one half. If a function (cryptographic transformation) is complete, then each output bit depends on all of the input bits. Thus, if it were possible to find the simplest Boolean expression for each output bit in terms of the input bits, each of these expressions would have to contain all of the input bits if the function is complete. From some important properties of S-box, the most interesting property SAC (Strict Avalanche Criterion) is presented and to analyze this property three analysis methods are proposed.Keywords: S-boxes, cryptosystems, strict avalanche criterion, function, analysis methods.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 3921903 Performance Analysis of Flooding Attack Prevention Algorithm in MANETs
Authors: Revathi Venkataraman, M. Pushpalatha, T. Rama Rao
Abstract:
The lack of any centralized infrastructure in mobile ad hoc networks (MANET) is one of the greatest security concerns in the deployment of wireless networks. Thus communication in MANET functions properly only if the participating nodes cooperate in routing without any malicious intention. However, some of the nodes may be malicious in their behavior, by indulging in flooding attacks on their neighbors. Some others may act malicious by launching active security attacks like denial of service. This paper addresses few related works done on trust evaluation and establishment in ad hoc networks. Related works on flooding attack prevention are reviewed. A new trust approach based on the extent of friendship between the nodes is proposed which makes the nodes to co-operate and prevent flooding attacks in an ad hoc environment. The performance of the trust algorithm is tested in an ad hoc network implementing the Ad hoc On-demand Distance Vector (AODV) protocol.Keywords: AODV, Flooding, MANETs, trust estimation
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2387902 Anti-Counterfeiting Solution Employing Mobile RFID Environment
Abstract:
EPC Class-1 Generation-2 UHF tags, one of Radio frequency identification or RFID tag types, is expected that most companies are planning to use it in the supply chain in the short term and in consumer packaging in the long term due to its inexpensive cost. Because of the very cost, however, its resources are extremely scarce and it is hard to have any valuable security algorithms in it. It causes security vulnerabilities, in particular cloning the tags for counterfeits. In this paper, we propose a product authentication solution for anti-counterfeiting at application level in the supply chain and mobile RFID environment. It aims to become aware of distribution of spurious products with fake RFID tags and to provide a product authentication service to general consumers with mobile RFID devices like mobile phone or PDA which has a mobile RFID reader. We will discuss anti-counterfeiting mechanisms which are required to our proposed solution and address requirements that the mechanisms should have.Keywords: EPC, RFID, Anti-Counterfeiting, Mobile RFIDenvironment.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2131901 A Goal-Driven Crime Scripting Framework
Authors: Hashem Dehghanniri
Abstract:
Crime scripting is a simple and effective crime modeling technique that aims to improve understanding of security analysts about security and crime incidents. Low-quality scripts provide a wrong, incomplete, or sophisticated understanding of the crime commission process, which oppose the purpose of their application, e.g., identifying effective and cost-efficient situational crime prevention (SCP) measures. One important and overlooked factor in generating quality scripts is the crime scripting method. This study investigates the problems within the existing crime scripting practices and proposes a crime scripting approach that contributes to generating quality crime scripts. It was validated by experienced crime scripters. This framework helps analysts develop better crime scripts and contributes to their effective application, e.g., SCP measures identification or policy-making.
Keywords: Attack modeling, crime commission process, crime script, situational crime prevention.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 711900 A Reasoning Method of Cyber-Attack Attribution Based on Threat Intelligence
Authors: Li Qiang, Yang Ze-Ming, Liu Bao-Xu, Jiang Zheng-Wei
Abstract:
With the increasing complexity of cyberspace security, the cyber-attack attribution has become an important challenge of the security protection systems. The difficult points of cyber-attack attribution were forced on the problems of huge data handling and key data missing. According to this situation, this paper presented a reasoning method of cyber-attack attribution based on threat intelligence. The method utilizes the intrusion kill chain model and Bayesian network to build attack chain and evidence chain of cyber-attack on threat intelligence platform through data calculation, analysis and reasoning. Then, we used a number of cyber-attack events which we have observed and analyzed to test the reasoning method and demo system, the result of testing indicates that the reasoning method can provide certain help in cyber-attack attribution.
Keywords: Reasoning, Bayesian networks, cyber-attack attribution, kill chain, threat intelligence.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2674899 Implementation of a Virtual Testbed for Secure IoT Firmware Update Using Blockchain
Authors: Tarun Chand, Michael Jurczyk
Abstract:
With the increasing need and popularity of IoT devices and how integrated they are becoming in our daily lives and industries; these devices make for a very lucrative target for malicious actors. And since these devices have such limited resources, the implementation of robust security features is a tradeoff to be made for the actual functionality the device was intended for. This makes them an easy target with high returns. Several frameworks for the secure firmware update of these devices have been recently proposed in the literature. They focus on methods such as blockchains and distributed file systems to secure firmware updates, but do not go into the details of the actual implementation of these frameworks and the lower-level interactions among these methods used. This work integrates some of these security measures into one overall framework and details the actual lower-level implementation of this framework in a virtual dockerized testbed running on AWS.
Keywords: Blockchain, Ethereum, Geth, IPFS, secure IoT-firmware update, virtual testbed development
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 71898 A Blockchain-Based Privacy-Preserving Physical Delivery System
Authors: Shahin Zanbaghi, Saeed Samet
Abstract:
The internet has transformed the way we shop. Previously, most of our purchases came in the form of shopping trips to a nearby store. Now, it is as easy as clicking a mouse. We have to be constantly vigilant about our personal information. In this work, our proposed approach is to encrypt the information printed on the physical packages, which include personal information in plain text using a symmetric encryption algorithm; then, we store that encrypted information into a Blockchain network rather than storing them in companies or corporations centralized databases. We present, implement and assess a blockchain-based system using Ethereum smart contracts. We present detailed algorithms that explain the details of our smart contract. We present the security, cost and performance analysis of the proposed method. Our work indicates that the proposed solution is economically attainable and provides data integrity, security, transparency and data traceability.
Keywords: Blockchain, Ethereum, smart contract, commit-reveal scheme.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 471897 Color View Synthesis for Animated Depth Security X-ray Imaging
Authors: O. Abusaeeda, J. P. O Evans, D. Downes
Abstract:
We demonstrate the synthesis of intermediary views within a sequence of color encoded, materials discriminating, X-ray images that exhibit animated depth in a visual display. During the image acquisition process, the requirement for a linear X-ray detector array is replaced by synthetic image. Scale Invariant Feature Transform, SIFT, in combination with material segmented morphing is employed to produce synthetic imagery. A quantitative analysis of the feature matching performance of the SIFT is presented along with a comparative study of the synthetic imagery. We show that the total number of matches produced by SIFT reduces as the angular separation between the generating views increases. This effect is accompanied by an increase in the total number of synthetic pixel errors. The trends observed are obtained from 15 different luggage items. This programme of research is in collaboration with the UK Home Office and the US Dept. of Homeland Security.Keywords: X-ray, kinetic depth, view synthesis, KDE
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1662896 Judicial Review of Indonesia's Position as the First Archipelagic State to implement the Traffic Separation Scheme to Establish Maritime Safety and Security
Authors: Rosmini Yanti, Safira Aviolita, Marsetio
Abstract:
Indonesia has several straits that are very important as a shipping lane, including the Sunda Strait and the Lombok Strait, which are the part of the Indonesian Archipelagic Sea Lane (IASL). An increase in traffic on the Marine Archipelago makes the task of monitoring sea routes increasingly difficult. Indonesia has proposed the establishment of a Traffic Separation Scheme (TSS) in the Sunda Strait and the Lombok Strait and the country now has the right to be able to conceptualize the TSS as well as the obligation to regulate it. Indonesia has the right to maintain national safety and sovereignty. In setting the TSS, Indonesia needs to issue national regulations that are in accordance with international law and the general provisions of the IMO (International Maritime Organization) can then be used as guidelines for maritime safety and security in the Sunda Strait and the Lombok Strait. The research method used is a qualitative method with the concept of linguistic and visual data collection. The source of the data is the analysis of documents and regulations. The results show that the determination of TSS was justified by International Law, in accordance with article 22, article 41, and article 53 of the United Nations Convention on the Law of the Sea (UNCLOS) 1982. The determination of TSS by the Indonesian government would be in accordance with COLREG (International Convention on Preventing Collisions at Sea) 10, which has been designed to follow IASL. Thus, TSS can provide a function as a safety and monitoring medium to minimize ship accidents or collisions, including the warship and aircraft of other countries that cross the IASL.
Keywords: Archipelago State, maritime law, maritime security, traffic separation scheme.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 747895 An Efficient Key Management Scheme for Secure SCADA Communication
Authors: Sungjin Lee, Donghyun Choi, Choonsik Park, Seungjoo Kim
Abstract:
A SCADA (Supervisory Control And Data Acquisition) system is an industrial control and monitoring system for national infrastructures. The SCADA systems were used in a closed environment without considering about security functionality in the past. As communication technology develops, they try to connect the SCADA systems to an open network. Therefore, the security of the SCADA systems has been an issue. The study of key management for SCADA system also has been performed. However, existing key management schemes for SCADA system such as SKE(Key establishment for SCADA systems) and SKMA(Key management scheme for SCADA systems) cannot support broadcasting communication. To solve this problem, an Advanced Key Management Architecture for Secure SCADA Communication has been proposed by Choi et al.. Choi et al.-s scheme also has a problem that it requires lots of computational cost for multicasting communication. In this paper, we propose an enhanced scheme which improving computational cost for multicasting communication with considering the number of keys to be stored in a low power communication device (RTU).Keywords: SCADA system, SCADA communication, Key management, Distributed networks.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2288894 Trust Managementfor Pervasive Computing Environments
Authors: Denis Trcek
Abstract:
Trust is essential for further and wider acceptance of contemporary e-services. It was first addressed almost thirty years ago in Trusted Computer System Evaluation Criteria standard by the US DoD. But this and other proposed approaches of that period were actually solving security. Roughly some ten years ago, methodologies followed that addressed trust phenomenon at its core, and they were based on Bayesian statistics and its derivatives, while some approaches were based on game theory. However, trust is a manifestation of judgment and reasoning processes. It has to be dealt with in accordance with this fact and adequately supported in cyber environment. On the basis of the results in the field of psychology and our own findings, a methodology called qualitative algebra has been developed, which deals with so far overlooked elements of trust phenomenon. It complements existing methodologies and provides a basis for a practical technical solution that supports management of trust in contemporary computing environments. Such solution is also presented at the end of this paper.Keywords: internet security, trust management, multi-agent systems, reasoning and judgment, modeling and simulation, qualitativealgebra
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1582