A Covert Channel Using Named Resources

A network covert channel is created that uses resource names such as addresses to convey information, and that approximates typical user behavior in order to blend in with its environment. The channel correlates available resource names with a user defined code-space, and transmits its covert message by selectively accessing resources associated with the message codes. In this paper we focus on an implementation of the channel using the Hypertext Transfer Protocol (HTTP) with Uniform Resource Locators (URLs) as the message names, though the system can be used in conjunction with a variety of protocols. The covert channel does not modify expected protocol structure as might be detected by simple inspection, and our HTTP implementation emulates transaction level web user behavior in order to avoid detection by statistical or behavioral analysis.Comment: 9 page

Consensus Algorithms and Deep Reinforcement Learning in Energy Market: A Review

Blockchain (BC) and artificial intelligence (AI) are often utilised separately in energy trading systems (ETS). However, these technologies can complement each other and reinforce their capabilities when integrated. This paper provides a comprehensive review of consensus algorithms (CA) of BC and deep reinforcement learning (DRL) in ETS. While the distributed consensus underpins the immutability of transaction records of prosumers, the deluge of data generated paves the way to use AI algorithms for forecasting and address other data analytic related issues. Hence, the motivation to combine BC with AI to realise secure and intelligent ETS. This study explores the principles, potentials, models, active research efforts and unresolved challenges in the CA and DRL. The review shows that despite the current interest in each of these technologies, little effort has been made at jointly exploiting them in ETS due to some open issues. Therefore, new insights are actively required to harness the full potentials of CA and DRL in ETS. We propose a framework and offer some perspectives on effective BC-AI integration in ETS

Information Accountability Framework for a Trusted Health Care System

Trusted health care outcomes are patient centric. Requirements to ensure both the quality and sharing of patients’ health records are a key for better clinical decision making. In the context of maintaining quality health, the sharing of data and information between professionals and patients is paramount. This information sharing is a challenge and costly if patients’ trust and institutional accountability are not established. Establishment of an Information Accountability Framework (IAF) is one of the approaches in this paper. The concept behind the IAF requirements are: transparent responsibilities, relevance of the information being used, and the establishment and evidence of accountability that all lead to the desired outcome of a Trusted Health Care System. Upon completion of this IAF framework the trust component between the public and professionals will be constructed. Preservation of the confidentiality and integrity of patients’ information will lead to trusted health care outcomes

Electronic security - risk mitigation in financial transactions : public policy issues

This paper builds on a previous series of papers (see Claessens, Glaessner, and Klingebiel, 2001, 2002) that identified electronic security as a key component to the delivery of electronic finance benefits. This paper and its technical annexes (available separately at http://www1.worldbank.org/finance/) identify and discuss seven key pillars necessary to fostering a secure electronic environment. Hence, it is intended for those formulating broad policies in the area of electronic security and those working with financial services providers (for example, executives and management). The detailed annexes of this paper are especially relevant for chief information and security officers responsible for establishing layered security. First, this paper provides definitions of electronic finance and electronic security and explains why these issues deserve attention. Next, it presents a picture of the burgeoning global electronic security industry. Then it develops a risk-management framework for understanding the risks and tradeoffs inherent in the electronic security infrastructure. It also provides examples of tradeoffs that may arise with respect to technological innovation, privacy, quality of service, and security in designing an electronic security policy framework. Finally, it outlines issues in seven interrelated areas that often need attention in building an adequate electronic security infrastructure. These are: 1) The legal framework and enforcement. 2) Electronic security of payment systems. 3) Supervision and prevention challenges. 4) The role of private insurance as an essential monitoring mechanism. 5) Certification, standards, and the role of the public and private sectors. 6) Improving the accuracy of information on electronic security incidents and creating better arrangements for sharing this information. 7) Improving overall education on these issues as a key to enhancing prevention.Knowledge Economy,Labor Policies,International Terrorism&Counterterrorism,Payment Systems&Infrastructure,Banks&Banking Reform,Education for the Knowledge Economy,Knowledge Economy,Banks&Banking Reform,International Terrorism&Counterterrorism,Governance Indicators

Conceptualizing Security Measures on Mobile Learning for Malaysian Higher Education Institutions

AbstractThe paper examines the existing researchers view on security measures on mobile learning. In general, it discovers related measure on security which includes reliability, trust, privacy and security itself. Each measure is widely used as determinants in previous studies and its range in some environments and perspectives. Reliability and security determinants are widely adapted to measure in terms of the infrastructure of mobile learning environment, while trust and privacy mostly measure behaviours and perceptions from the user or human towards mobile learning. Furthermore, the study will also investigate the infrastructure and components of mobile learning itself in order to determine the security vulnerabilities that may involve in the mobile learning environment. Other security features that are discussed at glance include the key distribution and management, information confidentiality and privacy, secure routing, intrusion detection, data integrity, entity authentication and secure data aggregation. However, at the end of this study, mapping on the relevent security measures with each component of mobile learning will be formulated for further study