Search results for: Information Security agreement
4979 RUPSec: An Extension on RUP for Developing Secure Systems - Requirements Discipline
Authors: Mohammad Reza Ayatollahzadeh Shirazi, Pooya Jaferian, Golnaz Elahi, Hamid Baghi, Babak Sadeghian
Abstract:
The world is moving rapidly toward the deployment of information and communication systems. Nowadays, computing systems with their fast growth are found everywhere and one of the main challenges for these systems is increasing attacks and security threats against them. Thus, capturing, analyzing and verifying security requirements becomes a very important activity in development process of computing systems, specially in developing systems such as banking, military and e-business systems. For developing every system, a process model which includes a process, methods and tools is chosen. The Rational Unified Process (RUP) is one of the most popular and complete process models which is used by developers in recent years. This process model should be extended to be used in developing secure software systems. In this paper, the Requirement Discipline of RUP is extended to improve RUP for developing secure software systems. These proposed extensions are adding and integrating a number of Activities, Roles, and Artifacts to RUP in order to capture, document and model threats and security requirements of system. These extensions introduce a group of clear and stepwise activities to developers. By following these activities, developers assure that security requirements are captured and modeled. These models are used in design, implementation and test activitie Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 28104978 A Mixed Approach to Assess Information System Risk, Operational Risk, and Congolese Microfinance Institutions Performance
Authors: Alfred Kamate Siviri, Angelus Mafikiri Tsongo, Jean Robert Kala Kamdjoug
Abstract:
Well organized digitalization and information systems have been selected as relevant measures to mitigate operational risks within organizations. Unfortunately, information system comes with new threats that can cause severe damage and quick organization lockout. This study aims to measure perceived information system risks and their effects on operational risks within the microfinance institution in D.R. Congo. Also, the factors influencing the operational risk are to be identified, and the link between operational risk with other risks and performance is to be assessed. The study proposes a research model drawn on the combination of Resources-Based-View, dynamic capabilities, the agency theory, the Information System Security Model, and social theories of risk. Therefore, we suggest adopting a mixed methods research with the sole aim of increasing the literature that already exists on perceived operational risk assessment and its link with other risk and performance, with a focus on information system risks.
Keywords: information system risk, operational risk, microfinance performance, DR Congo
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 6134977 Privacy of RFID Systems: Security of Personal Data for End-Users
Authors: Firoz Khan
Abstract:
Privacy of RFID systems is receiving increasing attention in the RFID community. RFID privacy is important as the RFID tags will be attached to all kinds of products and physical objects including people. The possible abuse or excessive use of RFID tracking capability by malicious users can lead to potential privacy violations. In this paper, we will discuss how the different industries use RFID and the potential privacy and security issues while RFID is implemented in these industries. Although RFID technology offers interesting services to customer and retailers, it could also endanger the privacy of end-users. Personal data can be leaked if a protection mechanism is not deployed in the RFID systems. The paper summarizes many different solutions for implementing privacy and security while deploying RFID systems.Keywords: RFID, privacy, security, encryption.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 9754976 Partnering with Stakeholders to Secure Digitization of Water
Authors: Sindhu Govardhan, Kenneth G. Crowther
Abstract:
Modernisation of the water sector is leading to increased connectivity and integration of emerging technologies with traditional ones, leading to new security risks. The convergence of Information Technology (IT) with Operation Technology (OT) results in solutions that are spread across larger geographic areas, increasingly consist of interconnected Industrial Internet of Things (IIOT) devices and software, rely on the integration of legacy with modern technologies, use of complex supply chain components leading to complex architectures and communication paths. The result is that multiple parties collectively own and operate these emergent technologies, threat actors find new paths to exploit, and traditional cybersecurity controls are inadequate. Our approach is to explicitly identify and draw data flows that cross trust boundaries between owners and operators of various aspects of these emerging and interconnected technologies. On these data flows, we layer potential attack vectors to create a frame of reference for evaluating possible risks against connected technologies. Finally, we identify where existing controls, mitigations, and other remediations exist across industry partners (e.g., suppliers, product vendors, integrators, water utilities, and regulators). From these, we are able to understand potential gaps in security, the roles in the supply chain that are most likely to effectively remediate those security gaps, and test cases to evaluate and strengthen security across these partners. This informs a “shared responsibility” solution that recognises that security is multi-layered and requires collaboration to be successful. This shared responsibility security framework improves visibility, understanding, and control across the entire supply chain, and particularly for those water utilities that are accountable for safe and continuous operations.
Keywords: Cyber security, shared responsibility, IIOT, threat modelling.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1684975 A Worst Case Estimation of the Inspection Rate by a Berthing Policy in a Container Terminal
Authors: K.H. Yang
Abstract:
After the terrorist attack on September 11, 2001 in U.S., the container security issue got high attention, especially by U.S. government, which deployed a lot of measures to promote or improve security systems. U.S. government not only enhances its national security system, but allies with other countries against the potential terrorist attacks in the future. For example CSI (Container Security Initiative), it encourages foreign ports outside U.S. to become CSI ports as a part of U.S. anti-terrorism network. Although promotion of the security could partly reach the goal of anti-terrorism, that will influence the efficiency of container supply chain, which is the main concern when implementing the inspection measurements. This paper proposes a quick estimation methodology for an inspection service rate by a berth allocation heuristic such that the inspection activities will not affect the original container supply chain. Theoretical and simulation results show this approach is effective.Keywords: Berth allocation, Container, Heuristic, Inspection.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 14104974 Regional Security Issue: Central Asian Countries and NATO Cooperation (On the Example of Kazakhstan)
Authors: Karakulov Y., Baizakova K.
Abstract:
Kazakhstan attaches the great importance to cooperation with European countries within the framework of multilateral security organizations such as NATO. Cooperation of Kazakhstan with the NATO is a prominent aspect of strengthening of regional security of republic. It covers a wide spectrum of areas, such as reform of sector of defense and security, military operative compatibility of armed forces of NATO member-countries and Kazakhstan, civil emergency planning and scientific cooperation. The cooperation between Kazakhstan and NATO is based on the mutual interests of neighboring republics in the region so that the existing forms of cooperation between Kazakhstan and NATO will not be negatively perceived both in Asia as well as among CIS countries. Kazakhstan tailors its participation in the PfP programme through an annual Individual Partnership Programme, selecting those activities that will help achieve the goals it has set in the IPAP. Level of cooperation within the limits of PfP essentially differs on each republic. Cooperation with Kazakhstan progressed most of all since has been signed IPAP from the NATOKeywords: Central Asia, Kazakhstan, NATO cooperation, regional security
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 21684973 AES and ECC Mixed for ZigBee Wireless Sensor Security
Authors: Saif Al-alak, Zuriati Ahmed, Azizol Abdullah, Shamala Subramiam
Abstract:
In this paper, we argue the security protocols of ZigBee wireless sensor network in MAC layer. AES 128-bit encryption algorithm in CCM* mode is secure transferred data; however, AES-s secret key will be break within nearest future. Efficient public key algorithm, ECC has been mixed with AES to rescue the ZigBee wireless sensor from cipher text and replay attack. Also, the proposed protocol can parallelize the integrity function to increase system performance.Keywords: AES, ECC, Multi-level security, ZigBee
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 33804972 Implicit Authorization Mechanism of Object-Oriented Database
Authors: Haibo Hu, Hong Xiang
Abstract:
Due to its special data structure and manipulative principle, Object-Oriented Database (OODB) has a particular security protection and authorization methods. This paper first introduces the features of security mechanism about OODB, and then talked about authorization checking process of OODB. Implicit authorization mechanism is based on the subject hierarchies, object hierarchies and access hierarchies of the security authorization modes, and simplifies the authorization mode. In addition, to combine with other authorization mechanisms, implicit authorization can make protection on the authorization of OODB expediently and effectively.
Keywords: Object-oriented database(OODB), security protection, authorization mechanism, implicit authorization, authorization check.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 17214971 XML based Safe and Scalable Multi-Agent Development Framework
Authors: Rinkaj Goyal, Pravin Chandra, Yogesh Singh
Abstract:
In this paper we describe our efforts to design and implement an agent development framework that has the potential to scale to the size of any underlying network suitable for various ECommerce activities. The main novelty in our framework is it-s capability to allow the development of sophisticated, secured agents which are simple enough to be practical. We have adopted FIPA agent platform reference Model as backbone for implementation along with XML for agent Communication and Java Cryptographic Extension and architecture to realize the security of communication information between agents. The advantage of our architecture is its support of agents development in different languages and Communicating with each other using a more open standard i.e. XMLKeywords: Agent, Agent Development Framework, Agent Coordination, Security
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 16204970 Enhancing Security and Privacy Protocols in Telehealth: A Comprehensive Approach across IoT/Fog/Cloud Environments
Authors: Yunyong Guo, Man Wang, Bryan Guo, Nathan Guo
Abstract:
This paper presents an advanced security and privacy model tailored for Telehealth systems, emphasizing end-to-end protection across IoT, Fog, and Cloud components. The proposed model integrates encryption, key management, intrusion detection, and privacy-preserving measures to safeguard patient data. A comprehensive simulation study evaluates the model's effectiveness in scenarios such as unauthorized access, physical breaches, and insider threats. Results indicate notable success in detecting and mitigating threats yet underscore areas for refinement. The study contributes insights into the intricate balance between security and usability in Telehealth environments, setting the stage for continued advancements.
Keywords: Cloud, enhancing security, Fog, IoT, telehealth.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 614969 A Practice of Zero Trust Architecture in Financial Transactions
Authors: L. Wang, Y. Chen, T. Wu, S. Hu
Abstract:
In order to enhance the security of critical financial infrastructure, this study carries out a transformation of the architecture of a financial trading terminal to a zero trust architecture (ZTA), constructs an active defense system for the cybersecurity, improves the security level of trading services in the Internet environment, enhances the ability to prevent network attacks and unknown risks, and reduces the industry and security risks brought about by cybersecurity risks. This study introduces Software Defined Perimeter (SDP) technology of ZTA, adapts and applies it to a financial trading terminal to achieve security optimization and fine-grained business grading control. The upgraded architecture of the trading terminal moves security protection forward to the user access layer, replaces VPN to optimize remote access and significantly improves the security protection capability of Internet transactions. The study achieves: 1. deep integration with the access control architecture of the transaction system; 2. no impact on the performance of terminals and gateways, and no perception of application system upgrades; 3. customized checklist and policy configuration; 4. introduction of industry-leading security technology such as single-packet authorization (SPA) and secondary authentication. This study carries out a successful application of ZTA in the field of financial trading, and provides transformation ideas for other similar systems while improving the security level of financial transaction services in the Internet environment.
Keywords: Zero trust, trading terminal, architecture, network security, cybersecurity.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2224968 Nuclear Safety and Security in France in the 1970s: A Turning Point for the Media
Authors: Jandot Aurélia
Abstract:
In France, in the main media, the concern about nuclear safety and security has not really appeared before the beginning of the 1970s. The gradual changes in its perception are studied here through the arguments given in the main French news magazines, linked with several parameters. As this represents a considerable amount of copies and thus of information, are selected here the main articles as well as the main “mental images” aiming to persuade the readers and which have led the public awareness to evolve. Indeed, in the 1970s, in France, these evolutions were not made in one day. Indeed, over the period, many articles were still in favor of nuclear power plants and promoted the technological advances that were made in this field. They had to be taken into account. But, gradually, grew up arguments and mental images discrediting the perception of nuclear technology. Among these were the environmental impacts of this industry, as the question of pollution progressively appeared. So, between 1970 and 1979, the language has changed, as the perceptible objectives of the communication, allowing to discern the deepest intentions of the editorial staffs of the French news magazines. This is all these changes that are emphasized here, over a period when the safety and security concern linked to the nuclear technology, to there a field for specialists, has become progressively a social issue seemingly open to all.
Keywords: French media discourse, nuclear safety and security, public awareness, persuasion.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 12484967 Efficient and Timely Mutual Authentication Scheme for RFID Systems
Authors: Hesham A. El Zouka, Mustafa M. Hosni
Abstract:
The Radio Frequency Identification (RFID) technology has a diverse base of applications, but it is also prone to security threats. There are different types of security attacks which limit the range of the RFID applications. For example, deploying the RFID networks in insecure environments could make the RFID system vulnerable to many types of attacks such as spoofing attack, location traceability attack, physical attack and many more. Therefore, security is often an important requirement for RFID systems. In this paper, RFID mutual authentication protocol is implemented based on mobile agent technology and timestamp, which are used to provide strong authentication and integrity assurances to both the RFID readers and their corresponding RFID tags. The integration of mobile agent technology and timestamp provides promising results towards achieving this goal and towards reducing the security threats in RFID systems.Keywords: RFID, security, authentication protocols, privacy, agent-based architecture, time-stamp, digital signature.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 17894966 A Security Analysis for Home Gateway Architectures
Authors: Pierre Parrend, Stephane Frenot
Abstract:
Providing Services at Home has become over the last few years a very dynamic and promising technological domain. It is likely to enable wide dissemination of secure and automated living environments. We propose a methodology for identifying threats to Services at Home Delivery systems, as well as a threat analysis of a multi-provider Home Gateway architecture. This methodology is based on a dichotomous positive/preventive study of the target system: it aims at identifying both what the system must do, and what it must not do. This approach completes existing methods with a synthetic view of potential security flaws, thus enabling suitable measures to be taken into account. Security implications of the evolution of a given system become easier to deal with. A prototype is built based on the conclusions of this analysis.Keywords: Security requirements, Connected Home, OSGi, Sofware Components.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 16074965 Agreement Options in Multi-person Decision on Optimizing High-Rise Building Columns
Authors: Christiono Utomo, Arazi Idrus, Madzlan Napiah, Mohd. Faris Khamidi
Abstract:
This paper presents a conceptual model of agreement options for negotiation support in multi-person decision on optimizing high-rise building columns. The decision is complicated since many parties involved in choosing a single alternative from a set of solutions. There are different concern caused by differing preferences, experiences, and background. Such building columns as alternatives are referred to as agreement options which are determined by identifying the possible decision maker group, followed by determining the optimal solution for each group. The group in this paper is based on three-decision makers preferences that are designer, programmer, and construction manager. Decision techniques applied to determine the relative value of the alternative solutions for performing the function. Analytical Hierarchy Process (AHP) was applied for decision process and game theory based agent system for coalition formation. An n-person cooperative game is represented by the set of all players. The proposed coalition formation model enables each agent to select individually its allies or coalition. It further emphasizes the importance of performance evaluation in the design process and value-based decision.Keywords: Agreement options, coalition, group choice, game theory, building columns selection.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 16244964 A Fuzzy Swarm Optimized Approach for Piece Selection in Bit Torrent Like Peer to Peer Network
Authors: M. Padmavathi, R. M. Suresh
Abstract:
Every machine plays roles of client and server simultaneously in a peer-to-peer (P2P) network. Though a P2P network has many advantages over traditional client-server models regarding efficiency and fault-tolerance, it also faces additional security threats. Users/IT administrators should be aware of risks from malicious code propagation, downloaded content legality, and P2P software’s vulnerabilities. Security and preventative measures are a must to protect networks from potential sensitive information leakage and security breaches. Bit Torrent is a popular and scalable P2P file distribution mechanism which successfully distributes large files quickly and efficiently without problems for origin server. Bit Torrent achieved excellent upload utilization according to measurement studies, but it also raised many questions as regards utilization in settings, than those measuring, fairness, and Bit Torrent’s mechanisms choice. This work proposed a block selection technique using Fuzzy ACO with optimal rules selected using ACO.
Keywords: Ant Colony Optimization (ACO), Bit Torrent, Download time, Peer-to-Peer (P2P) network, Performance.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 25874963 Improving Security by Using Secure Servers Communicating via Internet with Standalone Secure Software
Authors: Carlos Gonzalez
Abstract:
This paper describes the use of the Internet as a feature to enhance the security of our software that is going to be distributed/sold to users potentially all over the world. By placing in a secure server some of the features of the secure software, we increase the security of such software. The communication between the protected software and the secure server is done by a double lock algorithm. This paper also includes an analysis of intruders and describes possible responses to detect threats.Keywords: Internet, secure software, threats, cryptography process.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 10454962 Implementation of RC5 Block Cipher Algorithm for Image Cryptosystems
Authors: Hossam El-din H. Ahmed, Hamdy M. Kalash, Osama S. Farag Allah
Abstract:
This paper examines the implementation of RC5 block cipher for digital images along with its detailed security analysis. A complete specification for the method of application of the RC5 block cipher to digital images is given. The security analysis of RC5 block cipher for digital images against entropy attack, bruteforce, statistical, and differential attacks is explored from strict cryptographic viewpoint. Experiments and results verify and prove that RC5 block cipher is highly secure for real-time image encryption from cryptographic viewpoint. Thorough experimental tests are carried out with detailed analysis, demonstrating the high security of RC5 block cipher algorithm.
Keywords: Image encryption, security analysis.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 36754961 An Anonymity-Based Secure On-Demand Routing for Mobile Ad Hoc Networks
Authors: M. Gunasekaran, K. Premalatha
Abstract:
Privacy and Security have emerged as an important research issue in Mobile Ad Hoc Networks (MANET) due to its unique nature such as scarce of resources and absence of centralized authority. There are number of protocols have been proposed to provide privacy and security for data communication in an adverse environment, but those protocols are compromised in many ways by the attackers. The concept of anonymity (in terms of unlinkability and unobservability) and pseudonymity has been introduced in this paper to ensure privacy and security. In this paper, a Secure Onion Throat (SOT) protocol is proposed to provide complete anonymity in an adverse environment. The SOT protocol is designed based on the combination of group signature and onion routing with ID-based encryption for route discovery. The security analysis demonstrates the performance of SOT protocol against all categories of attacks. The simulation results ensure the necessity and importance of the proposed SOT protocol in achieving such anonymity.
Keywords: Routing, anonymity, privacy, security and MANET.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 27404960 New Curriculum Approach in Teaching Network Security Subjects for ICT Courses in Malaysia
Authors: Mohd Fairuz Iskandar Othman, Nazrulazhar Bahaman, Zulkiflee Muslim, Faizal Abdollah
Abstract:
This paper discusses a curriculum approach that will give emphasis on practical portions of teaching network security subjects in information and communication technology courses. As we are well aware, the need to use a practice and application oriented approach in education is paramount. Research on active learning and cooperative groups have shown that students grasps more and have more tendency towards obtaining and realizing soft skills like leadership, communication and team work as opposed to the more traditional theory and exam based teaching and learning. While this teaching and learning paradigm is relatively new in Malaysia, it has been practiced widely in the West. This paper examines a certain approach whereby students learning wireless security are divided into and work in small and manageable groups where there will be 2 teams which consist of black hat and white hat teams. The former will try to find and expose vulnerabilities in a wireless network while the latter will try their best to prevent such attacks on their wireless networks using hardware, software, design and enforcement of security policy and etc. This paper will try to show that the approach taken plus the use of relevant and up to date software and hardware and with suitable environment setting will hopefully expose students to a more fruitful outcome in terms of understanding of concepts, theories and their motivation to learn.Keywords: Curriculum approach, wireless networks, wirelesssecurity.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 17004959 Moving towards Positive Security Model for Web Application Firewall
Authors: Asrul H. Yaacob, Nazrul M. Ahmad, Nurul N. Ahmad, Mardeni Roslee
Abstract:
The proliferation of web application and the pervasiveness of mobile technology make web-based attacks even more attractive and even easier to launch. Web Application Firewall (WAF) is an intermediate tool between web server and users that provides comprehensive protection for web application. WAF is a negative security model where the detection and prevention mechanisms are based on predefined or user-defined attack signatures and patterns. However, WAF alone is not adequate to offer best defensive system against web vulnerabilities that are increasing in number and complexity daily. This paper presents a methodology to automatically design a positive security based model which identifies and allows only legitimate web queries. The paper shows a true positive rate of more than 90% can be achieved.
Keywords: Intrusion Detection System, Positive Security Model, Web application Firewall
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 27364958 A Socio-Technical Approach to Cyber-Risk Assessment
Authors: Kitty Kioskli, Nineta Polemi
Abstract:
Evaluating the levels of cyber-security risks within an enterprise is most important in protecting its information system, services and all its digital assets against security incidents (e.g. accidents, malicious acts, massive cyber-attacks). The existing risk assessment methodologies (e.g. eBIOS, OCTAVE, CRAMM, NIST-800) adopt a technical approach considering as attack factors only the capability, intention and target of the attacker, and not paying attention to the attacker’s psychological profile and personality traits. In this paper, a socio-technical approach is proposed in cyber risk assessment, in order to achieve more realistic risk estimates by considering the personality traits of the attackers. In particular, based upon principles from investigative psychology and behavioural science, a multi-dimensional, extended, quantifiable model for an attacker’s profile is developed, which becomes an additional factor in the cyber risk level calculation.
Keywords: Attacker, behavioural models, cyber risk assessment, cyber-security, human factors, investigative psychology, ISO27001, ISO27005.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 9704957 Towards Improved Public Information on Industrial Emissions in Italy: Concepts and Specific Issues Associated to the Italian Experience in IPPC Permit Licensing
Authors: Mazziotti Gomez de Teran C., Fiore D., Cola B., Fardelli A.
Abstract:
The present paper summarizes the analysis of the request for consultation of information and data on industrial emissions made publicly available on the web site of the Ministry of Environment, Land and Sea on integrated pollution prevention and control from large industrial installations, the so called “AIA Portal”. As a matter of fact, a huge amount of information on national industrial plants is already available on internet, although it is usually proposed as textual documentation or images. Thus, it is not possible to access all the relevant information through interoperability systems and also to retrieval relevant information for decision making purposes as well as rising of awareness on environmental issue. Moreover, since in Italy the number of institutional and private subjects involved in the management of the public information on industrial emissions is substantial, the access to the information is provided on internet web sites according to different criteria; thus, at present it is not structurally homogeneous and comparable. To overcome the mentioned difficulties in the case of the Coordinating Committee for the implementation of the Agreement for the industrial area in Taranto and Statte, operating before the IPPC permit granting procedures of the relevant installation located in the area, a big effort was devoted to elaborate and to validate data and information on characterization of soil, ground water aquifer and coastal sea at disposal of different subjects to derive a global perspective for decision making purposes. Thus, the present paper also focuses on main outcomes matured during such experience.
Keywords: Public information, emissions into atmosphere, IPPC permits, territorial information systems.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 20584956 Smart Grids Cyber Security Issues and Challenges
Authors: Imen Aouini, Lamia Ben Azzouz
Abstract:
The energy need is growing rapidly due to the population growth and the large new usage of power. Several works put considerable efforts to make the electricity grid more intelligent to reduce essentially energy consumption and provide efficiency and reliability of power systems. The Smart Grid is a complex architecture that covers critical devices and systems vulnerable to significant attacks. Hence, security is a crucial factor for the success and the wide deployment of Smart Grids. In this paper, we present security issues of the Smart Grid architecture and we highlight open issues that will make the Smart Grid security a challenging research area in the future.Keywords: Smart grids, smart meters, home area network, neighbor area network.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 39454955 Robust Minutiae Watermarking in Wavelet Domain for Fingerprint Security
Authors: Rajlaxmi Chouhan, Pritee Khanna
Abstract:
In this manuscript, a wavelet-based blind watermarking scheme has been proposed as a means to provide security to authenticity of a fingerprint. The information used for identification or verification of a fingerprint mainly lies in its minutiae. By robust watermarking of the minutiae in the fingerprint image itself, the useful information can be extracted accurately even if the fingerprint is severely degraded. The minutiae are converted in a binary watermark and embedding these watermarks in the detail regions increases the robustness of watermarking, at little to no additional impact on image quality. It has been experimentally shown that when the minutiae is embedded into wavelet detail coefficients of a fingerprint image in spread spectrum fashion using a pseudorandom sequence, the robustness is observed to have a proportional response while perceptual invisibility has an inversely proportional response to amplification factor “K". The DWT-based technique has been found to be very robust against noises, geometrical distortions filtering and JPEG compression attacks and is also found to give remarkably better performance than DCT-based technique in terms of correlation coefficient and number of erroneous minutiae.Keywords: Fingerprint watermarking, minutiae, discrete wavelet transform, PN sequence
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 20194954 Reasoning with Dynamic Domains and Computer Security
Authors: Yun Bai
Abstract:
Representing objects in a dynamic domain is essential in commonsense reasoning under some circumstances. Classical logics and their nonmonotonic consequences, however, are usually not able to deal with reasoning with dynamic domains due to the fact that every constant in the logical language denotes some existing object in the static domain. In this paper, we explore a logical formalization which allows us to represent nonexisting objects in commonsense reasoning. A formal system named N-theory is proposed for this purpose and its possible application in computer security is briefly discussed.Keywords: knowledge representation and reasoning, commonsensereasoning, computer security
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 14424953 A Modified AES Based Algorithm for Image Encryption
Authors: M. Zeghid, M. Machhout, L. Khriji, A. Baganne, R. Tourki
Abstract:
With the fast evolution of digital data exchange, security information becomes much important in data storage and transmission. Due to the increasing use of images in industrial process, it is essential to protect the confidential image data from unauthorized access. In this paper, we analyze the Advanced Encryption Standard (AES), and we add a key stream generator (A5/1, W7) to AES to ensure improving the encryption performance; mainly for images characterised by reduced entropy. The implementation of both techniques has been realized for experimental purposes. Detailed results in terms of security analysis and implementation are given. Comparative study with traditional encryption algorithms is shown the superiority of the modified algorithm.Keywords: Cryptography, Encryption, Advanced EncryptionStandard (AES), ECB mode, statistical analysis, key streamgenerator.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 50564952 Dynamic Adaptability Using Reflexivity for Mobile Agent Protection
Authors: Salima Hacini, Haoua Cheribi, Zizette Boufaïda
Abstract:
The paradigm of mobile agent provides a promising technology for the development of distributed and open applications. However, one of the main obstacles to widespread adoption of the mobile agent paradigm seems to be security. This paper treats the security of the mobile agent against malicious host attacks. It describes generic mobile agent protection architecture. The proposed approach is based on the dynamic adaptability and adopts the reflexivity as a model of conception and implantation. In order to protect it against behaviour analysis attempts, the suggested approach supplies the mobile agent with a flexibility faculty allowing it to present an unexpected behaviour. Furthermore, some classical protective mechanisms are used to reinforce the level of security.
Keywords: Dynamic adaptability, malicious host, mobile agent security, reflexivity.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 11424951 FPGA Implementation of the BB84 Protocol
Authors: Jaouadi Ikram, Machhout Mohsen
Abstract:
The development of a quantum key distribution (QKD) system on a field-programmable gate array (FPGA) platform is the subject of this paper. A quantum cryptographic protocol is designed based on the properties of quantum information and the characteristics of FPGAs. The proposed protocol performs key extraction, reconciliation, error correction, and privacy amplification tasks to generate a perfectly secret final key. We modeled the presence of the spy in our system with a strategy to reveal some of the exchanged information without being noticed. Using an FPGA card with a 100 MHz clock frequency, we have demonstrated the evolution of the error rate as well as the amounts of mutual information (between the two interlocutors and that of the spy) passing from one step to another in the key generation process.
Keywords: QKD, BB84, protocol, cryptography, FPGA, key, security, communication.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 8594950 Proposal of Optimality Evaluation for Quantum Secure Communication Protocols by Taking the Average of the Main Protocol Parameters: Efficiency, Security and Practicality
Authors: Georgi Bebrov, Rozalina Dimova
Abstract:
In the field of quantum secure communication, there is no evaluation that characterizes quantum secure communication (QSC) protocols in a complete, general manner. The current paper addresses the problem concerning the lack of such an evaluation for QSC protocols by introducing an optimality evaluation, which is expressed as the average over the three main parameters of QSC protocols: efficiency, security, and practicality. For the efficiency evaluation, the common expression of this parameter is used, which incorporates all the classical and quantum resources (bits and qubits) utilized for transferring a certain amount of information (bits) in a secure manner. By using criteria approach whether or not certain criteria are met, an expression for the practicality evaluation is presented, which accounts for the complexity of the QSC practical realization. Based on the error rates that the common quantum attacks (Measurement and resend, Intercept and resend, probe attack, and entanglement swapping attack) induce, the security evaluation for a QSC protocol is proposed as the minimum function taken over the error rates of the mentioned quantum attacks. For the sake of clarity, an example is presented in order to show how the optimality is calculated.Keywords: Quantum cryptography, quantum secure communcation, quantum secure direct communcation security, quantum secure direct communcation efficiency, quantum secure direct communcation practicality.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 972