A coding approach for detection of tampering in write-once optical disks

We present coding methods for protecting against tampering of write-once optical disks, which turns them into a secure digital medium for applications where critical information must be stored in a way that prevents or allows detection of an attempt at falsification. Our method involves adding a small amount of redundancy to a modulated sector of data. This extra redundancy is not used for normal operation, but can be used for determining, say, as a testimony in court, that a disk has not been tampered with

Anonymizing cybersecurity data in critical infrastructures: the CIPSEC approach

Cybersecurity logs are permanently generated by network devices to describe security incidents. With modern computing technology, such logs can be exploited to counter threats in real time or before they gain a foothold. To improve these capabilities, logs are usually shared with external entities. However, since cybersecurity logs might contain sensitive data, serious privacy concerns arise, even more when critical infrastructures (CI), handling strategic data, are involved. We propose a tool to protect privacy by anonymizing sensitive data included in cybersecurity logs. We implement anonymization mechanisms grouped through the definition of a privacy policy. We adapt said approach to the context of the EU project CIPSEC that builds a unified security framework to orchestrate security products, thus offering better protection to a group of CIs. Since this framework collects and processes security-related data from multiple devices of CIs, our work is devoted to protecting privacy by integrating our anonymization approach.Peer ReviewedPostprint (published version

Securitisation of Ukrainian Critical Infrastructures: The Case of the Failure of SCADA System in Protecting the Power Grids

Critical infrastructures are the important element to support the social cohesion in a certain area. Therefore, it is necessary to protect critical infrastructures in order to maintain the sustainability of the assets. There are many attempts of states to control the security of their critical infrastructures, one of them is using Supervisory Control and Data Acquisition (SCADA) system, a control system in which to monitor and retrieve data under the supervision of an operator. However, although countries are aware of the preventive action over their critical infrastructures, it is still possible to fail. In this case, Ukraine which has a relatively secure control system was failed in protecting its power grids from multiple hacker attacks which contributed to blackouts in December 2015. The devastating failure of Ukraine’s security system has led public opinion to point a finger to Russia since the relationship of both countries is at stake. In this sense, Ukraine issued a speech act to securitise its critical infrastructures. By exercising securitisation theory, this article would discuss further about the fruitfulness of the speech act after the failure of the security system in protecting Ukraine’s power grids.

Therapeutic potential of co-enzyme Q10 in retinal diseases

Coenzyme Q10 (CoQ10) plays a critical role in mitochondrial oxidative phosphorylation by serving as an electron carrier in the respiratory electron transport chain. CoQ10 also functions as a lipid-soluble antioxidant by protecting lipids, proteins and DNA damaged by oxidative stress. CoQ10 deficiency has been associated with a number of human diseases including mitochondrial diseases, neurodegenerative disorders, cardiovascular diseases, diabetes, cancer, and with the ageing process. In many of these conditions CoQ10 supplementation therapy has been effective in slowing or reversing pathological changes. Oxidative stress is a major contributory factor in the process of retinal degeneration. In this brief review, we summarize the functions of CoQ10 and highlight its use in the treatment of age-related macular degeneration and glaucoma. In light of these data we propose that CoQ10 could have therapeutic potential for other retinal diseases

Research in remote sensing of vegetation

The research topics undertaken were primarily selected to further the understanding of fundamental relationships between electromagnetic energy measured from Earth orbiting satellites and terrestrial features, principally vegetation. Vegetation is an essential component in the soil formation process and the major factor in protecting and holding soil in place. Vegetation plays key roles in hydrological and nutrient cycles. Awareness of improvement or deterioration in the capacity of vegetation and the trends that those changes may indicate are, therefore, critical detections to make. A study of the relationships requires consideration of the various portions of the electromagnetic spectrum; characteristics of detector system; synergism that may be achieved by merging data from two or more detector systems or multiple dates of data; and vegetational characteristics. The vegetation of Oregon is sufficiently diverse as to provide ample opportunity to investigate the relationships suggested above several vegetation types

Sequential Circuit Design for Embedded Cryptographic Applications Resilient to Adversarial Faults

In the relatively young field of fault-tolerant cryptography, the main research effort has focused exclusively on the protection of the data path of cryptographic circuits. To date, however, we have not found any work that aims at protecting the control logic of these circuits against fault attacks, which thus remains the proverbial Achilles’ heel. Motivated by a hypothetical yet realistic fault analysis attack that, in principle, could be mounted against any modular exponentiation engine, even one with appropriate data path protection, we set out to close this remaining gap. In this paper, we present guidelines for the design of multifault-resilient sequential control logic based on standard Error-Detecting Codes (EDCs) with large minimum distance. We introduce a metric that measures the effectiveness of the error detection technique in terms of the effort the attacker has to make in relation to the area overhead spent in implementing the EDC. Our comparison shows that the proposed EDC-based technique provides superior performance when compared against regular N-modular redundancy techniques. Furthermore, our technique scales well and does not affect the critical path delay

Impact Assessment of Hypothesized Cyberattacks on Interconnected Bulk Power Systems

The first-ever Ukraine cyberattack on power grid has proven its devastation by hacking into their critical cyber assets. With administrative privileges accessing substation networks/local control centers, one intelligent way of coordinated cyberattacks is to execute a series of disruptive switching executions on multiple substations using compromised supervisory control and data acquisition (SCADA) systems. These actions can cause significant impacts to an interconnected power grid. Unlike the previous power blackouts, such high-impact initiating events can aggravate operating conditions, initiating instability that may lead to system-wide cascading failure. A systemic evaluation of "nightmare" scenarios is highly desirable for asset owners to manage and prioritize the maintenance and investment in protecting their cyberinfrastructure. This survey paper is a conceptual expansion of real-time monitoring, anomaly detection, impact analyses, and mitigation (RAIM) framework that emphasizes on the resulting impacts, both on steady-state and dynamic aspects of power system stability. Hypothetically, we associate the combinatorial analyses of steady state on substations/components outages and dynamics of the sequential switching orders as part of the permutation. The expanded framework includes (1) critical/noncritical combination verification, (2) cascade confirmation, and (3) combination re-evaluation. This paper ends with a discussion of the open issues for metrics and future design pertaining the impact quantification of cyber-related contingencies

It\u27s my iPad! Protecting Critical Data on Personal Mobile Devices in the Medical Setting

The pervasiveness of mobile devices has forced many organizations to support connectivity of corporate and private devices. Corporate devices are highly configurable regarding authentication, encryption, and remote wiping. BlackBerry devices can be fully deployed and managed using a centralized Blackberry Enterprise Server, however when a user owned device connects to enterprise servers, data security becomes a concern. Introduce a litany of complex legislative rulings and laws concerning protected data across various business domains and now personal mobile devices become security risks. This paper will discuss current issues in securing personal mobile devices in the healthcare environment and present possible solutions