14 research outputs found
Cyber Supply Chain Risk Management: Implications for the SOF Future Operating Environment
The emerging Cyber Supply Chain Risk Management (C-SCRM) concept assists at all levels of the supply chain in managing and mitigating risks, and the authors define C-SCRM as the process of identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of information and operational technology products and service supply chains. As Special Operations Forces increasingly rely on sophisticated hardware and software products, this quick, well-researched monograph provides a detailed accounting of C-SCRM associated laws, regulations, instructions, tools, and strategies meant to mitigate vulnerabilities and risksâand how we might best manage the evolving and ever-changing array of those vulnerabilities and risks
Biometrics for internetâofâthings security: A review
The large number of InternetâofâThings (IoT) devices that need interaction between smart devices and consumers makes security critical to an IoT environment. Biometrics offers an interesting window of opportunity to improve the usability and security of IoT and can play a significant role in securing a wide range of emerging IoT devices to address security challenges. The purpose of this review is to provide a comprehensive survey on the current biometrics research in IoT security, especially focusing on two important aspects, authentication and encryption. Regarding authentication, contemporary biometricâbased authentication systems for IoT are discussed and classified based on different biometric traits and the number of biometric traits employed in the system. As for encryption, biometricâcryptographic systems, which integrate biometrics with cryptography and take advantage of both to provide enhanced security for IoT, are thoroughly reviewed and discussed. Moreover, challenges arising from applying biometrics to IoT and potential solutions are identified and analyzed. With an insight into the stateâofâtheâart research in biometrics for IoT security, this review paper helps advance the study in the field and assists researchers in gaining a good understanding of forwardâlooking issues and future research directions
Utilizing ECG Waveform Features as New Biometric Authentication Method
In this study, we are proposing a practical way for human identification based on a new biometric method. The new method is built on the use of the electrocardiogram (ECG) signal waveform features, which are produced from the process of acquiring electrical activities of the heart by using electrodes placed on the body. This process is launched over a period of time by using a recording device to read and store the ECG signal. On the contrary of other biometrics method like voice, fingerprint and iris scan, ECG signal cannot be copied or manipulated. The first operation for our system is to record a portion of 30 seconds out of whole ECG signal of a certain user in order to register it as user template in the system. Then the system will take 7 to 9 seconds in authenticating the template using template matching techniques. 44 subjectsâ raw ECG data were downloaded from Physionet website repository. We used a template matching technique for the authentication process and Linear SVM algorithm for the classification task. The accuracy rate was 97.2% for the authentication process and 98.6% for the classification task; with false acceptance rate 1.21%
A cancelable iris- and steganography-based user authentication system for the Internet of Things
Remote user authentication for Internet of Things (IoT) devices is critical to IoT security, as it helps prevent unauthorized access to IoT networks. Biometrics is an appealing authentication technique due to its advantages over traditional password-based authentication. However, the protection of biometric data itself is also important, as original biometric data cannot be replaced or reissued if compromised. In this paper, we propose a cancelable iris- and steganography-based user authentication system to provide user authentication and secure the original iris data. Most of the existing cancelable iris biometric systems need a user-specific key to guide feature transformation, e.g., permutation or random projection, which is also known as key-dependent transformation. One issue associated with key-dependent transformations is that if the user-specific key is compromised, some useful information can be leaked and exploited by adversaries to restore the original iris feature data. To mitigate this risk, the proposed scheme enhances system security by integrating an effective information-hiding technique-steganography. By concealing the user-specific key, the threat of key exposure-related attacks, e.g., attacks via record multiplicity, can be defused, thus heightening the overall system security and complementing the protection offered by cancelable biometric techniques
Recommended from our members
Security Framework for Managing Data Security within Point of Care Tests
Point of Care (PoC) devices and systems can be categorized into three broad
classes (CAT 1, CAT 2, and CAT 3) based on the context of operation and
usage. In this paper, the categories are defined to address certain usage models
of the PoC device. PoC devices that are used for PoC testing and diagnostic
applications are defined CAT 1 devices; PoC devices that are used for patient
monitoring are defined as CAT 2 devices (PoCM); PoC devices that are used
for as interfacing with other devices are defined as CAT 3 devices (PoCI). The
PoCI devices provide an interface gateway for collecting and aggregating data
from other medical devices. In all categories, data security is an important aspect.
This paper presents a security framework concept, which is applicable
for all of the classes of PoC operation. It outlines the concepts and security
framework for preventing security challenges in unauthorized access to data,
unintended data flow, and data tampering during communication between
system entities, the user, and the PoC system. The security framework includes
secure layering of basic PoC system architecture, protection of PoC devices
in the context of application and network. Developing the security
framework is taken into account of a thread model of the PoC system. A proposal
for a low-level protocol is discussed. This protocol is independent of
communications technologies, and it is elaborated in relation to providing
security. An algorithm that can be used to overcome the threat challenges has
been shown using the elements in the protocol. The paper further discusses
the vulnerability scanning process for the PoC system interconnected network.
The paper also presents a four-step process of authentication and authorization
framework for providing the security for the PoC system. Finally,
the paper concludes with the machine to machine (M2M) security viewpoint
and discusses the key stakeholders within an actual deployment of the PoC
system and its security challenges