Nuclear Security Education at Pakistan Institute of Engineering and Applied Sciences (PIEAS): Current Status, Future Prospects and the Lessons Learnt

In this paper, the details of nuclear security education at Pakistan Institute of Engineering and Applied Sciences (PIEAS) have been discussed. Nuclear Security education was initiated at PIEAS as a sub-specialty of its MS Nuclear Engineering Program in October 2009. Two courses, Nuclear Security (NE-581) and Physical Protection Systems (NE-582) have been offered on regular basis in the 3rd and 4th semesters. To date, 72 students have been graduated with this sub-specialty. The most important lesson learnt is that introduction of nuclear security related courses in nuclear engineering program has opened up new venues of applications of nuclear engineering principles in the area of nuclear security. It is also helping in the development of nuclear security culture among the nuclear engineering professionals working inside the nuclear facilities. PIEAS has maintained a close collaboration with all stakeholders at national level to facilitate the development of human resource in the area of nuclear security. PIEAS has also extended its full cooperation with International Atomic Energy Agency (IAEA) for the development of nuclear security educational network, such as INSEN (International Nuclear Security Education Network), and NSSC (Nuclear Security Support Centers) Network. PIEAS will continue its long journey of imparting effective nuclear security education by introducing more nuclear security related courses, initiating faculty development programs and developing required nuclear security education related infrastructure in the form of laboratories in the future

Traffic generator for firewall testing

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2009Includes bibliographical references (leaves: 52-56)Text in English; Abstract: Turkish and Englishix, 92 leavesFirewalls lead at the front line of a computer network to restrict unauthorized access. The desired security level is determined by a policy and implemented by a firewall which not only has to be effective but also stable and reliable service is expected. In order to verify the level of security of the system, testing is required. The objective of this thesis is to test a firewall with software testing techniques taking into consideration the nominated policy and the firewall. Iptables software was examined and tested by two different algorithms that were modified according to software testing techniques, and the results were observed. Packets sent through the Firewall Under Test (FUT) are compared to packets passed through the FUT and test results were observed. The security performance of the modified algorithms proved to be successful

Intrusion detection system alert correlation with operating system level logs

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2009Includes bibliographical references (leaves: 63-66)Text in English; Abstract: Turkish and Englishvii, 67 leavesInternet is a global public network. More and more people are getting connected to the Internet every day to take advantage of the Internetwork connectivity. It also brings in a lot of risk on the Internet because there are both harmless and harmful users on the Internet. While an organization makes its information system available to harmless Internet users, at the same time the information is available to the malicious users as well. Most organizations deploy firewalls to protect their private network from the public network. But, no network can be hundred percent secured. This is because; the connectivity requires some kind of access to be granted on the internal systems to Internet users. The firewall provides security by allowing only specific services through it. The firewall implements defined rules to each packet reaching to its network interface. The IDS complements the firewall security by detected if someone tries to break in through the firewall or manages to break in the firewall security and tried to have access on any system in the trusted site and alerted the system administrator in case there is a breach in security. However, at present, IDSs suffer from several limitations. To address these limitations and learn network security threats, it is necessary to perform alert correlation. Alert correlation focuses on discovering various relationships between individual alerts. Intrusion alert correlation techniques correlate alerts into meaningful groups or attack scenarios for ease to understand by human analysts. In order to be sure about the alert correlation working properly, this thesis proposed to use attack scenarios by correlating alerts on the basis of prerequisites and consequences of intrusions. The architecture of the experimental environment based on the prerequisites and consequences of different types of attacks, the proposed approach correlates alerts by matching the consequence of some previous alerts and the prerequisite of some later ones with OS-level logs. As a result, the accuracy of the proposed method and its advantage demonstrated to focus on building IDS alert correlation with OS-level logs in information security systems

Selection on moral hazard in health insurance

We use employee-level panel data from a single rm to explore the possibility that individuals may select insurance coverage in part based on their anticipated behavioral ( moral hazard ) response to insurance, a phenomenon we label selection on moral hazard. Using a model of plan choice and medical utilization, we present evidence of heterogeneous moral hazard as well as selection on it, and explore some of its implica- tions. For example, we show that, at least in our context, abstracting from selection on moral hazard could lead to over-estimates of the spending reduction associated with introducing a high-deductible health insurance option.National Institute on Aging (NIA (R01 AG032449))National Cancer Institute (U.S.) (Grant SES-0643037)United States. Social Security Administration (grant #5 RRC08098400-03-00)Aluminum Company of AmericaAlfred P. Sloan FoundationJohn D. and Catherine T. MacArthur Foundation (Network on Socioeconomic Status and Health

IMPROVING EFFICIENCY OF CITIZENS BROADBAND RADIO SERVICE DUAL CONNECTIVITY AND CITIZENS BROADBAND RADIO SERVICE / WIRELESS LOCAL AREA NETWORK RADIO LEVEL INTEGRATION AND INTERWORKING

Techniques are described herein for using Citizens Broadband Radio Service Dual Connectivity (CBRS-DC) to improve per-user throughput and mobility robustness. With CBRS-DC, a CBRS User Equipment (UE) can exchange data via a Master CBRS Device (CBSD) and a Secondary CBSD simultaneously, but control plane packets for both these CBSDs are sent only via the Master CBSD. In CBRS networks, the Spectrum Access System (SAS) may change the channel bandwidth allocated to a CBSD. The SAS could even remove all the resources allocated to a Master CBSD, which can create problems with DC operation in CBRS networks, particularly for denser deployments. There are similar problems associated with using Long Term Evolution (LTE) – Wireless Local Area Network (WLAN) Aggregation (LWA), LTE and Wi-Fi® radio level integration with IP security tunnel (LWIP), and Radio Access Network (RAN) Controlled LTE-WLAN Interworking (RCLWI) with CBRS and Wi-Fi integration at the radio network level. Moreover, current mechanisms do not operate efficiently with CBRS or some of the newer wireless technologies such as Institute of Electrical and Electronics Engineers (IEEE) 802.11ax, Extreme High Throughput (EHT), etc. Described herein are solutions to improve the efficiency of these operations

Near Real-Time Zigbee Device Discrimination Using CB-DNA Features

Currently, Low-Rate Wireless Personal Area Networks (LR-WPAN) based on the Institute of Electrical and Electronics Engineers (IEEE) 802.15.4 standard are at risk due to open-source tools which allow bad actors to exploit unauthorized network access through various cyberattacks by falsifying bit-level credentials. This research investigates implementing a Radio Frequency (RF) air monitor to perform Near RealTime (NRT) discrimination of Zigbee devices using the IEEE 802.15.4 standard. The air monitor employed a Multiple Discriminant Analysis/Euclidean Distance classifier to discriminate Zigbee devices based upon Constellation-Based Distinct Native Attribute (CB-DNA) fingerprints. Through the use of CB-DNA fingerprints, Physical Layer (PHY) characteristics unique to each Zigbee device strengthen the native bit-level authentication process for LR-WPAN networks. Overall, the developed RF air monitor achieved an Average Cross-Class Percent Correct Classification of %Ctst = 99:24% during the testing of Ncls = 5 like-model BladeRF Software Defined Radios transmitting Zigbee protocol bursts. Additionally, to evaluate the NRT capability of the air monitor, a statistical analysis of Ntiming = 1000 Zigbee bursts determined the worst-case average runtime from burst detection to classification. The analysis concluded that the runtime was truntime fi 269 mSec. Ultimately, this research found that PHY characteristics provide an additional method of authentication NRT to enhance the inherent network security for Zigbee applications from cyberattacks

Hardware Implementations of Scalable and Unified Elliptic Curve Cryptosystem Processors

As the amount of information exchanged through the network grows, so does the demand for increased security over the transmission of this information. As the growth of computers increased in the past few decades, more sophisticated methods of cryptography have been developed. One method of transmitting data securely over the network is by using symmetric-key cryptography. However, a drawback of symmetric-key cryptography is the need to exchange the shared key securely. One of the solutions is to use public-key cryptography. One of the modern public-key cryptography algorithms is called Elliptic Curve Cryptography (ECC). The advantage of ECC over some older algorithms is the smaller number of key sizes to provide a similar level of security. As a result, implementations of ECC are much faster and consume fewer resources. In order to achieve better performance, ECC operations are often offloaded onto hardware to alleviate the workload from the servers' processors. The most important and complex operation in ECC schemes is the elliptic curve point multiplication (ECPM). This thesis explores the implementation of hardware accelerators that offload the ECPM operation to hardware. These processors are referred to as ECC processors, or simply ECPs. This thesis targets the efficient hardware implementation of ECPs specifically for the 15 elliptic curves recommended by the National Institute of Standards and Technology (NIST). The main contribution of this thesis is the implementation of highly efficient hardware for scalable and unified finite field arithmetic units that are used in the design of ECPs. In this thesis, scalability refers to the processor's ability to support multiple key sizes without the need to reconfigure the hardware. By doing so, the hardware does not need to be redesigned for the server to handle different levels of security. Unified refers to the ability of the ECP to handle both prime and binary fields. The resultant designs are valuable to the research community and industry, as a single hardware device is able to handle a wide range of ECC operations efficiently and at high speeds. Thus, improving the ability of network servers to handle secure transaction more quickly and improve productivity at lower costs

Supporting Cyber-Physical Systems with Wireless Sensor Networks: An Outlook of Software and Services

Sensing, communication, computation and control technologies are the essential building blocks of a cyber-physical system (CPS). Wireless sensor networks (WSNs) are a way to support CPS as they provide fine-grained spatial-temporal sensing, communication and computation at a low premium of cost and power. In this article, we explore the fundamental concepts guiding the design and implementation of WSNs. We report the latest developments in WSN software and services for meeting existing requirements and newer demands; particularly in the areas of: operating system, simulator and emulator, programming abstraction, virtualization, IP-based communication and security, time and location, and network monitoring and management. We also reflect on the ongoing efforts in providing dependable assurances for WSN-driven CPS. Finally, we report on its applicability with a case-study on smart buildings

Predicting Network Attacks Using Ontology-Driven Inference

Graph knowledge models and ontologies are very powerful modeling and re asoning tools. We propose an effective approach to model network attacks and attack prediction which plays important roles in security management. The goals of this study are: First we model network attacks, their prerequisites and consequences using knowledge representation methods in order to provide description logic reasoning and inference over attack domain concepts. And secondly, we propose an ontology-based system which predicts potential attacks using inference and observing information which provided by sensory inputs. We generate our ontology and evaluate corresponding methods using CAPEC, CWE, and CVE hierarchical datasets. Results from experiments show significant capability improvements comparing to traditional hierarchical and relational models. Proposed method also reduces false alarms and improves intrusion detection effectiveness.Comment: 9 page

Making a proxy server using HTTP proxy

Today, many organization and person are offering service by way of Internet or other network, and using some security system to save their system from what they don't want. But, almost security system used in today restrict to user to save the system. Usually, it's restrict to service that user usually don't use. But, that service is sometime necessary. Now, I pick up a firewall, that's one of the such security system. Usually, they use proxy server to communicate beyond the firewall. But, they need permission to drive that on firewall host. There is case of limit to give a account or to ban to execute daemon process, to improv security level. Almost administrator offers proxy service for well known service such like WWW. But, They can't communicate using other service. In this paper, I make proxy server drive communicating each other using HTTP proxy running at Aichi Institute of Technology, and examine it