Development of a Security-Focused Multi-Channel Communication Protocol and Associated Quality of Secure Service (QoSS) Metrics

The threat of eavesdropping, and the challenge of recognizing and correcting for corrupted or suppressed information in communication systems is a consistent challenge. Effectively managing protection mechanisms requires an ability to accurately gauge the likelihood or severity of a threat, and adapt the security features available in a system to mitigate the threat. This research focuses on the design and development of a security-focused communication protocol at the session-layer based on a re-prioritized communication architecture model and associated metrics. From a probabilistic model that considers data leakage and data corruption as surrogates for breaches of confidentiality and integrity, a set of metrics allows the direct and repeatable quantification of the security available in single- or multi-channel networks. The quantification of security is based directly upon the probabilities that adversarial listeners and malicious disruptors are able to gain access to or change the original message. Fragmenting data across multiple channels demonstrates potential improvements to confidentiality, while duplication improves the integrity of the data against disruptions. Finally, the model and metrics are exercised in simulation. The ultimate goal is to minimize the information available to adversaries

A Neoclassical Realist’s Analysis Of Sino-U.S. Space Policy

During the Cold War, the United States focused its collective policy acumen on forming a competitive, actor-specific strategy to gain advantage over the Soviet Union. The fragmentation of the Soviet Union resulted in a multi-polar geopolitical environment lacking a near-peer rival for the United States. Overwhelming soft and hard power advantages allowed American policy makers to peruse a general, non-actor specific strategy to maintain its hegemonic position. However, the meteoric rise of China as a near-peer competitor in East Asia has challenged this paradigm. In order to maintain its competitive advantage, or at the very least ensure the safety of its geopolitical objectives through encouraging benign competition, U.S. strategy needs to evolve in both focus and complexity. It is essential for Spacepower, as a key element of national power, to be included in this evolution. In order to do so, this analysis will examine Sino-U.S. space relations using neoclassical realism as a baseline methodology. First, structural elements of the Sino-U.S. relationship will be modeled in a semi-quantitative game theoretical framework, using relative economic and military capabilities as primary independent variables. Second, key assumptions will be tested to ensure that this model accurately represents the current geopolitical environment. Third, the decision making apparatuses of the United States and China will be examined as intervening variables. This will account for imperfect rationality and how it modifies the game theoretical framework. Fourth, this framework will be used to present actionable space policy recommendations for the United States so that space can be incorporated into a competitive strategy for East Asia

Collaborative Caching for efficient and Robust Certificate Authority Services in Mobile Ad-Hoc Networks

Security in Mobile Ad-Hoc Network (MANET) is getting a lot of attention due to its inherent vulnerability to a wide spectrum of attacks. Threats exist in every layer of MANET stack, and different solutions have been adapted for each security problem. Additionally, availability is an important criterion in most MANET solutions, but many security frameworks did not consider it. Public-Key Infrastructure (PKI) is no exception, and its deployment in MANET needs major design and implementation modifications that can fit constraints unique to this environment. Our focus in this dissertation is to adapt and increase the availability of Certificate Authority (CA) services, as a major PKI entity, in MANET. Several attempts have been proposed to deal with the problem of deploying CA in MANET to provide a generic public-key framework, but each either ends up sacrificing system security or availability. Here, the main goal of our work is to provide a solution that addresses performance and security issues of providing MANET-based PKI. Particularly, we would like to maintain the availability of the services provided by CA while keeping the network\u27s packet overhead as low as possible. In this dissertation, we present a MANET-based framework suitable for exchanging public-key certificates by collaborative caching between MANET clients. We show that our system can meet the challenges of providing robust and secure CA services in MANET. Augmented by simulation results, we demonstrate quantitatively the feasibility of our work as we were able to reduce network overhead associated with threshold based CA queries up to 92% as compared to related work in addition to having a very short response time. The dependency on CA servers has been reduced, and the system was able to tolerate as much as two-third inoperative CA servers without noticeable decrease in the service performance

systems-theoretic security model for large scale, complex systems applied to the US air transportation system

Thesis (S.M.)--Massachusetts Institute of Technology, Engineering Systems Division, 2007.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Includes bibliographical references (p. 129-132).Classical risk-based or game-theoretic security models rely on assumptions from reliability theory and rational expectations economics that are not applicable to security threats. Additionally, these models suffer from serious deficiencies when they are applied to software-intensive, socio-technical systems. Recent work by Leveson in the area of system safety engineering has led to the development of a new accident model for system safety that acknowledges the dynamic complexity of accidents. Systems-Theoretic Accident Models and Processes (STAMP) applies principles from control theory to enforce constraints on hazards and thereby prevent accidents. Appreciating the similarities between safety and security while still acknowledging the differences, this thesis extends STAMP to security problems. In particular, it is applied to identify and mitigate the threats that could emerge in critical infrastructures such as the Air Transportation System. Furthermore, recommendations are provided to assist systems engineers and policy makers in securely transitioning to the Next Generation Air Transportation System (NGATS).by Joseph R. Laracy.S.M

Cyber Law and Espionage Law as Communicating Vessels

Professor Lubin\u27s contribution is Cyber Law and Espionage Law as Communicating Vessels, pp. 203-225. Existing legal literature would have us assume that espionage operations and “below-the-threshold” cyber operations are doctrinally distinct. Whereas one is subject to the scant, amorphous, and under-developed legal framework of espionage law, the other is subject to an emerging, ever-evolving body of legal rules, known cumulatively as cyber law. This dichotomy, however, is erroneous and misleading. In practice, espionage and cyber law function as communicating vessels, and so are better conceived as two elements of a complex system, Information Warfare (IW). This paper therefore first draws attention to the similarities between the practices – the fact that the actors, technologies, and targets are interchangeable, as are the knee-jerk legal reactions of the international community. In light of the convergence between peacetime Low-Intensity Cyber Operations (LICOs) and peacetime Espionage Operations (EOs) the two should be subjected to a single regulatory framework, one which recognizes the role intelligence plays in our public world order and which adopts a contextual and consequential method of inquiry. The paper proceeds in the following order: Part 2 provides a descriptive account of the unique symbiotic relationship between espionage and cyber law, and further explains the reasons for this dynamic. Part 3 places the discussion surrounding this relationship within the broader discourse on IW, making the claim that the convergence between EOs and LICOs, as described in Part 2, could further be explained by an even larger convergence across all the various elements of the informational environment. Parts 2 and 3 then serve as the backdrop for Part 4, which details the attempt of the drafters of the Tallinn Manual 2.0 to compartmentalize espionage law and cyber law, and the deficits of their approach. The paper concludes by proposing an alternative holistic understanding of espionage law, grounded in general principles of law, which is more practically transferable to the cyber realmhttps://www.repository.law.indiana.edu/facbooks/1220/thumbnail.jp

The use of electronic narratives records to support the decision-making process in oncology care at private hospitals in Cape Town

Thesis (MTech (Information technology))--Cape Peninsula University of Technology, 2019Electronic narratives are recognised for their significant contribution to healthcare – emphasising that the patient’s narrative should not only be included, but valued. The survival rate of cancer patients in the UK, USA, Italy and Australia are improving, making it necessary to investigate the use of electronic narratives in private oncology centres. This research, conducted in Cape Town, South Africa, started off by critically analysing available scientific information. Subsequently, a gap was identified regarding the use of electronic narratives as a way of acquiring important data from patients – something that is crucial in the treatment process (from the pre-diagnosis to the follow-up), and in decision-making. The lack of narratives in electronic health records (EHRs) could affect the quality of the decision-making process, particularly for chronic non-communicable diseases (NCD); which could result in administering incorrect dosages of medication leading to deterioration of the patient’s health, and in some cases, even death. The purpose of this research was to explore the use of narratives in electronic health records to support the decision-making process by healthcare professionals in private oncology care. The study was qualitative; hence interviews were used for data collection. A purposive sample of eighteen healthcare professionals (oncologists, psychiatrists and general practitioners) was used in this study. The data was then analysed thematically, and the interpretation thereof done subjectively. The key findings of this study indicate that electronic health records are used considerably in private oncology care due to benefits such as real-time access to information and easy back-up. Healthcare professionals acknowledge that narratives are present in oncology care, and mainly used in the diagnosis phase. These narratives are mostly in note format (hand-written on paper). These written notes are then later recorded into the patient’s electronic health record which, in many cases, results in the omission of important information, because not everything the patient said is transcribed into medical jargon. The current system in private oncology care does not support electronic narratives even though healthcare professionals express an interest in using this. The findings further suggest that to successfully implement electronic narratives, there are basic prerequisites such as a computer or tablet, recording devices and software. Furthermore, the findings show that electronic narratives are often not used due to limited knowledge, lack of interest, specific cultural practices, and the fear of change. To alter and positively transform healthcare professionals’ and patients’ views of electronic narratives, the researcher recommends educating healthcare professionals about the value of patients’ narratives. In other words, providing training is crucial as narratives contain values that aid constructive decision-making. Furthermore, since narratives involve patients, extending training to the patients will be beneficial. The findings of this study contribute to the current literature on electronic health records and narratives in private oncology care of South Africa

METAPHORS WE KILL BY: RHETORIC AND CONCEPTUAL STRUCTURE IN U.S. ARMY DOCTRINE

Analogical thought, thinking of one domain of experience in terms of another, helps us understand new ideas in relation to preexisting knowledge. This dissertation examines five parallel examples of analogical thought in United States Army doctrine in which various target domains are conceptualized in terms of traditional warfare. The first chapter examines the way in which "information" is explained in terms of a construct called "the cognitive hierarchy," which is a blend of folk models of thought and the military command structure. Here, "information" is conceived of as a raw material to be refined to a useable state as it is processed by successively higher levels in the hierarchy. The second chapter analyzes the inclusion of "information" into the elements of combat power, a heuristic that staff officers use to plan operations. Unlike the first four elements, firepower, maneuver, leadership, and protection, which have independent but interrelated capabilities, "information" is characterized exclusively in terms of its ability to coordinate the effects of the other four. The third chapter explores the term "information operations," a blend of the domains of cognition and communication, and of combat, that "weaponizes" information. Chapter Four analyzes a startling metaphor that represents persuasion as a form of lethal firepower. Finally, the last chapter examines the difficulty of portraying success in peace operations, which comprise both peace enforcement and peacekeeping. Because the event shape of a successful peace operation involves reducing forces, relinquishing power, and withdrawal by the peacekeepers, it conforms to the event shape of a failed attack. All five chapters share a rich and highly developed source domain, warfare that is used to explain the workings of relatively impoverished target domains, communication and thought. The result is that the target domains are distorted to the point that key elements in them are elided or altered beyond recognition. This dissertation is unique in that it analyzes not only analogical thought, but also the corporate thought of a large institution that uses it to solve problems in the real world. The resulting actions have far-reaching impacts on both international security and countless lives across the world

Stochastic Bayesian Games for the Cybersecurity of Nuclear Power Plants

The goal of this research is to reduce the likelihood of successful attacks on nuclear power plants. Cyber-physical systems such as nuclear power plants consist of interconnected physical processes and computational resources. Because the cyber and physical worlds are integrated, vulnerabilities in both the cyber and physical domains can result in physical damage to the system. Nuclear power plants can be targeted by a variety of adversaries — each with a unique motivation and set of resources. To secure nuclear power plants and other cyber-physical systems, we require an approach to security that also accounts for the interactions of human decision-makers. This research uses a game-theoretic approach to nuclear cybersecurity. The cybersecurity of the plant can be viewed as a non-cooperative game between a defender and an attacker. The field of game theory provides a mathematical framework to analyze the interactions of the defender and attacker as both players seek to accomplish their objectives. In this research, a stochastic Bayesian game is used to optimize cybersecurity decision-making. A stochastic Bayesian game is a combination of a stochastic game and a Bayesian game. The stochastic elements of the game enable the consideration of uncertainty in the interactions of the attacker and defender. The Bayesian elements of the game enable the consideration of the uncertainty regarding the attacker's characteristics. This combination is useful for the analysis of nuclear power plant cybersecurity because it enables plant defenders to optimize their security decisions in the presence of uncertainty

Personal Privacy in the Computer Age: The Challenge of a New Technology in an Information-Oriented Society

The purpose of this Article is to survey the new technology\u27s implications for personal privacy and to evaluate the contemporary common-law and statutory pattern relating to data-handling. In the course of this examination, it will appraise the existing framework\u27s capacity to deal with the problems created by society\u27s growing awareness of the primordial character of information. The Article is intended to be suggestive; any attempt at definitiveness would be premature. Avowedly, it was written with the bias of one who believes that the new information technology has enormous long-range societal implications and who is concerned about the consequences of the notion that man shapes his tools and then they shape him. The assumption throughout is that the computer is not simply a sophisticated indexing machine, a miniaturized library, or an electronic abacus; it is the keystone of a new communications medium that eventually will have global dimensions. Thus, it would be overly simplistic to examine the computer-privacy issue from the perspective of a particular machine or group of machines operating in a federal office building, in the headquarters of one of the nation\u27s major industrial complexes, or in the recesses of a great university. Indeed, the analogy between the forces that gave rise to the multifaceted regulation of the airlines, railroads, radio, and television and the problems that already are generating pressure for the regulation of computer transmissions and facilities seems obvious. It is against the template of the potential need for a comprehensive regulatory scheme embracing some uses of the technology in both the public and private sectors that the question of protecting individual privacy in the computer age must be placed