Средства управления и защиты информационных ресурсов автоматизированных систем : учебное пособие

Материалы пособия направлены на развитие компетенций, полученных студентами при изучении дисциплины базы данных в части использования средств управления данными при разработке ERP- и MES-систем. В пособии подробно рассматриваются средства для создания программных модулей серверной компоненты корпоративной информационной системы с использованием как структурного языка запросов, так и алгоритмических языков в Common Language Runtime. Особое внимание уделяется средствам разработки эффективных многопользовательских транзакционных систем. Изложение каждой темы сопровождается примерами использования и контрольными вопросами. На примере MS SQL SERVER излагаются модели и средства защиты данных и программ серверной компоненты от несанкционированного использования

Neyman-Pearson Decision in Traffic Analysis

The increase of encrypted traffic on the Internet may become a problem for network-security applications such as intrusion-detection systems or interfere with forensic investigations. This fact has increased the awareness for traffic analysis, i.e., inferring information from communication patterns instead of its content. Deciding correctly that a known network flow is either the same or part of an observed one can be extremely useful for several network-security applications such as intrusion detection and tracing anonymous connections. In many cases, the flows of interest are relayed through many nodes that reencrypt the flow, making traffic analysis the only possible solution. There exist two well-known techniques to solve this problem: passive traffic analysis and flow watermarking. The former is undetectable but in general has a much worse performance than watermarking, whereas the latter can be detected and modified in such a way that the watermark is destroyed. In the first part of this dissertation we design techniques where the traffic analyst (TA) is one end of an anonymous communication and wants to deanonymize the other host, under this premise that the arrival time of the TA\u27s packets/requests can be predicted with high confidence. This, together with the use of an optimal detector, based on Neyman-Pearson lemma, allow the TA deanonymize the other host with high confidence even with short flows. We start by studying the forensic problem of leaving identifiable traces on the log of a Tor\u27s hidden service, in this case the used predictor comes in the HTTP header. Afterwards, we propose two different methods for locating Tor hidden services, the first one is based on the arrival time of the request cell and the second one uses the number of cells in certain time intervals. In both of these methods, the predictor is based on the round-trip time and in some cases in the position inside its burst, hence this method does not need the TA to have access to the decrypted flow. The second part of this dissertation deals with scenarios where an accurate predictor is not feasible for the TA. This traffic analysis technique is based on correlating the inter-packet delays (IPDs) using a Neyman-Pearson detector. Our method can be used as a passive analysis or as a watermarking technique. This algorithm is first made robust against adversary models that add chaff traffic, split the flows or add random delays. Afterwards, we study this scenario from a game-theoretic point of view, analyzing two different games: the first deals with the identification of independent flows, while the second one decides whether a flow has been watermarked/fingerprinted or not

Povećanje bezbednosti i privatnosti integrisanjem sigurnog blokčejn interfejsa u arhitekturu interneta stvari

Internet stvari i blokčejn se smatraju za dve glavne tehnologije današnjice. Smanjenje kašnjena i povezanost sistema je dovelo do veće fleksibilnosti pri korišćenju aplikacija koje se nalaze na udaljenim uređajima. Najveći problem interneta stvari je to da nemaju dovoljno računarskih resusrsa, nedovoljna količina memorije i slabi procesori koji su optimizovani da troše malo energiije sprečavaju korišćenje robusnih algoritama za šifrovanje. Internet stvari se suočava sa mnogim izazovima, kao što su slaba interoperabilnost, bezbednosne ranjivosti, privatnost i nedostatak standarda. U ovom radu daje se predlog korišćenja softverskog interfejsa kao arhitekture sigurnosnog prolaza za pametne uređaje. Sigurnosni interfejs omogućava korišenje jačih kriptografskih algoritama za udaljenje servise pamethih uređaja. Ovaj pristup pobojšava bezbednost podataka koji šalju pametni uređaji korišćenjem kompitablnih algoritama za šifrovanje podataka pre nego što se proslede na udaljenje servise. Pored interfejsa u ovom radu se koristi i blokčejn tehnologiija. Razlog korišćenja blokčejn tehnolgije je da se u mrežu povezanih pametnih uređaja ubaci decentralizacija i autentifikacija. Samom integracijom blokčejna dobija se toliko potrebna anonimnost i fleksibilnost koju trenutni internet stvari nema. Blokčejn štiti interfejs svojim tehnologijama kojima se izbacuje jedna tačka kontrole, beleže se sve transakcije, proverava njihova validnost i samim tim se pruža poverenje među uređajima u jednoj mreži. Rezultat ovog rada je razvoj interfejsa koji daje podršku pametnim uređajima da koriste bilo koji kriptografski algoritam, daje mogućnost mapiranja IP adresa (engl. Internet Protocol address) i na taj način spreče pristup neautorizovani pristup mreži. Pored razvoja interfejsa, blokčejn tehnologija će biti uključena u kompitablnom režimu tako da je efikasna za rad na pametnim uređajima imajući u obzir limitacije sa resursima

Customer premise service study for 30/20 GHz satellite system

Satellite systems in which the space segment operates in the 30/20 GHz frequency band are defined and compared as to their potential for providing various types of communications services to customer premises and the economic and technical feasibility of doing so. Technical tasks performed include: market postulation, definition of the ground segment, definition of the space segment, definition of the integrated satellite system, service costs for satellite systems, sensitivity analysis, and critical technology. Based on an analysis of market data, a sufficiently large market for services is projected so as to make the system economically viable. A large market, and hence a high capacity satellite system, is found to be necessary to minimize service costs, i.e., economy of scale is found to hold. The wide bandwidth expected to be available in the 30/20 GHz band, along with frequency reuse which further increases the effective system bandwidth, makes possible the high capacity system. Extensive ground networking is required in most systems to both connect users into the system and to interconnect Earth stations to provide spatial diversity. Earth station spatial diversity is found to be a cost effective means of compensating the large fading encountered in the 30/20 GHz operating band

IoT-enabled water distribution systems - a comparative technological review

Water distribution systems are one of the critical infrastructures and major assets of the water utility in a nation. The infrastructure of the distribution systems consists of resources, treatment plants, reservoirs, distribution lines, and consumers. A sustainable water distribution network management has to take care of accessibility, quality, quantity, and reliability of water. As water is becoming a depleting resource for the coming decades, the regulation and accounting of the water in terms of the above four parameters is a critical task. There have been many efforts towards the establishment of a monitoring and controlling framework, capable of automating various stages of the water distribution processes. The current trending technologies such as Information and Communication Technologies (ICT), Internet of Things (IoT), and Artificial Intelligence (AI) have the potential to track this spatially varying network to collect, process, and analyze the water distribution network attributes and events. In this work, we investigate the role and scope of the IoT technologies in different stages of the water distribution systems. Our survey covers the state-of-the-art monitoring and control systems for the water distribution networks, and the status of IoT architectures for water distribution networks. We explore the existing water distribution systems, providing the necessary background information on the current status. This work also presents an IoT Architecture for Intelligent Water Networks - IoTA4IWNet, for real-time monitoring and control of water distribution networks. We believe that to build a robust water distribution network, these components need to be designed and implemented effectively

Ciphertext only attacks against GSM security

Mobile communications play a center role in today's connected society. The security of the cellular networks that connect billions of people is of the utmost importance. However, even though modern third generation and fourth generation cellular networks (3G and 4G) provide an adequate level of security in the radio interface, most networks and mobile handsets can fall back to the old GSM standard designed almost three decades ago, which has several known security weaknesses. In this work we study the security provided by the family of ciphering algoritms known as A5 that protects the radio access network of GSM, with emphasis on A5/1. We review the existing attacks against A5/1 and existing countermeasures, and show that the existing ciphertext only attacks against algorithm A5/1 [9], adapted to use the most recent Time Memory Data Tradeoff, are realistic threats to fielded GSM networks when attacked by a resourceful attacker which uses current state of the art GPUs and CPUs. We also study the existing Time Memory Data Tradeoff algorithms, extending the best known results for the Perfect Fuzzy Rainbow Tradeoff attack to the multi target case. These results allow the practitioner to calculate the parameters and tradeooff constants that best suit his application. We implemented the algorithms using parallel programming on CUDA GPUs and successfully validated the theoretical estimations. The main contributions of this work can be summarized as follows: Extending the existing best results for the Perfect Fuzzy Rainbow Tradeoff attack in the single target scenario to the multi target scenario. Validating the theoretical calculation of the parameters and tradeoff constants of the Perfect Fuzzy Rainbow tradeoff through implementation for several scenarios. Describing one of the possible procedures for the choice of parameters for the Perfect Fuzzy Rainbow tradeoff. Presenting a new ciphertext only attack against A5/1 using the voice channel in GSM communication. Calculating the details of the ciphertext only attack in [9] and showing that the attack is a realistic threat today using a perfect fuzzy rainbow tradeoff attack and modern GPUs

Aeronautics and space report of the President

This report describes the activities and accomplishments of all agencies of the United States in the fields of aeronautics and space science during FY 1994. Activity summaries are presented for the following areas: space launch activities, space science, space flight and space technology, space communications, aeronuatics, and studies of the planet Earth. Several appendices providing data on U.S. launch activities, the Federal budget for space and aeronautics, remote sensing capabilities, and space policy are included