16,964 research outputs found
Protecting Digital Evidence Integrity and Preserving Chain of Custody
Evidence is the key to solve any crime. Evidence integrity needs to be protected in order to make it admissible in the court of law. Digital evidence is more revealing, but it is fragile; it can easily be tampered with or modified. There are different techniques available to protect the integrity of digital evidence. Different automated digital evidence acquisition tools are available in the market. In this paper, we have analyzed two automated tools (EnCase and FTK Imager) that are used for disk imaging. These tools claim to protect the integrity of digital evidence. The techniques used by these tools are analyzed in this paper. Problems with their approaches are discussed and a solution is proposed to address the problems. A prototype of an automated tool is developed with an implementation of the proposed solution
State of Alaska Election Security Project Phase 2 Report
A laskaâs election system is among the most secure in the country,
and it has a number of safeguards other states are now adopting. But
the technology Alaska uses to record and count votes could be improvedâ
and the stateâs huge size, limited road system, and scattered communities
also create special challenges for insuring the integrity of the vote.
In this second phase of an ongoing study of Alaskaâs election
security, we recommend ways of strengthening the systemânot only the
technology but also the election procedures. The lieutenant governor
and the Division of Elections asked the University of Alaska Anchorage to
do this evaluation, which began in September 2007.Lieutenant Governor Sean Parnell.
State of Alaska Division of Elections.List of Appendices / Glossary / Study Team / Acknowledgments / Introduction / Summary of Recommendations / Part 1 Defense in Depth / Part 2 Fortification of Systems / Part 3 Confidence in Outcomes / Conclusions / Proposed Statement of Work for Phase 3: Implementation / Reference
Mobile Identity, Credential, and Access Management Framework
Organizations today gather unprecedented quantities of data from their operations. This data is coming from transactions made by a person or from a connected system/application. From personal devices to industry including government, the internet has become the primary means of modern communication, further increasing the need for a method to track and secure these devices. Protecting the integrity of connected devices collecting data is critical to ensure the trustworthiness of the system. An organization must not only know the identity of the users on their networks and have the capability of tracing the actions performed by a user but they must trust the system providing them with this knowledge. This increase in the pace of usage of personal devices along with a lack of trust in the internet has driven demand for trusted digital identities. As the world becomes increasingly mobile with the number of smart phone users growing annually and the mobile web flourishing, it is critical to implement strong security on mobile devices. To manage the vast number of devices and feel confident that a machineâs identity is verifiable, companies need to deploy digital credentialing systems with a strong root of trust. As passwords are not a secure method of authentication, mobile devices and other forms of IoT require a means of two-factor authentication that meets NIST standards. Traditionally, this has been done with Public Key Infrastructure (PKI) through the use of a smart card. Blockchain technologies combined with PKI can be utilized in such a way as to provide an identity and access management solution for the internet of things (IoT). Improvements to the security of Radio Frequency Identification (RFID) technology and various implementations of blockchain make viable options for managing the identity and access of IoT devices. When PKI first began over two decades ago, it required the use of a smart card with a set of credentials known as the personal identity verification (PIV) card. The PIV card (something you have) along with a personal identification number (PIN) (something you know) were used to implement two-factor authentication. Over time the use of the PIV cards has proven challenging as mobile devices lack the integrated smart card readers found in laptop and desktop computers. Near Field Communication (NFC) capability in most smart phones and mobile devices provides a mechanism to allow a PIV card to be read by a mobile device. In addition, the existing PKI system must be updated to meet the demands of a mobile focused internet. Blockchain technology is the key to modernizing PKI. Together, blockchain-based PKI and NFC will provide an IoT solution that will allow industry, government, and individuals a foundation of trust in the world wide web that is lacking today
AN APPRAISAL OF TRADITIONAL AND MODERN METHODS OF SECURITY OF INFORMATION RESOURCES IN CHUKWUEMEKA ODUMEGWU OJUKWU UNIVERSITY LIBRARY
ABSTRACT
This study carried out an appraisal of traditional and modern methods of security of information resources in Chukwuemeka Odumegwu Ojukwu University Library. The population of the study consists of 51 library staff, and sample size of the study was 44 library staff which was selected randomly using simple random sample techniques. Three research questions were formulated to guide this study. Data was collected using the questionnaire, and was analysed with descriptive statistics such as mean, and simple percentage. The study revealed that the traditional method of security of information resources used in Chukwuemeka Odumegwu Ojukwu University library includes: Security Clearance check at entrance/exit door, Library stamp at certain adopted pages of library books, Single Door Entry-Exit for Staff & User, Library cards as access entry authorization, Security Guards Employed to Patrol, Fire Extinguisher & Security Equipment, and Signature of every user. The study revealed that, the Modern method of security of information resources used in Chukwuemeka Odumegwu Ojukwu University library include: Air conditioner for Humidity control, CCTV camera, Use of password/ access code, and Digital Data Security Systems (like antivirus). The finding of the study revealed that the challenges facing the traditional and modern method of security of information resources use in Chukwuemeka Odumegwu Ojukwu University library include: Inadequate fund, Poor power supply, low policy implementation, inadequate professional librarian, and Inadequate library staff. Based on the finding the study recommended as follows: Library management should market library product and services to the users, and take advantage of fee based library services to generate more fund in addition to that coming from the parent institution; and Library management should take adequate measure to acquire big capacity solar energy, and big generator set for library services, to solve the issue of poor power supply
The Legal Aspects and the Enhanced Role of Cybersecurity in Protecting the Electronic Voting Process in the Context of Jordan Parliament Election Law No. (4) of 2022
This study, entitled: The legal aspects and the enhanced role of cybersecurity in protecting the electronic voting process , dealt with the concept of the electronic voting process, in addition to the most important characteristics of that process, as well as highlighting the pros and cons related to the electronic voting system. Then, the researchers singled out a proposed approach for the electronic voting process in terms of the adopted mechanism and cyber protection in accordance with the provisions of the Jordanian Election Law No. (4) of 2022. At the end of the research, the researchers recommended activating the text of Article 40 of the electoral law by issuing legislation that regulates the electronic voting process and enhances the protection of cyber security, and then updating the technical and legislative system of the Independent Election Commission and the Ministry of Political Development
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components
The semiconductor industry is fully globalized and integrated circuits (ICs)
are commonly defined, designed and fabricated in different premises across the
world. This reduces production costs, but also exposes ICs to supply chain
attacks, where insiders introduce malicious circuitry into the final products.
Additionally, despite extensive post-fabrication testing, it is not uncommon
for ICs with subtle fabrication errors to make it into production systems.
While many systems may be able to tolerate a few byzantine components, this is
not the case for cryptographic hardware, storing and computing on confidential
data. For this reason, many error and backdoor detection techniques have been
proposed over the years. So far all attempts have been either quickly
circumvented, or come with unrealistically high manufacturing costs and
complexity.
This paper proposes Myst, a practical high-assurance architecture, that uses
commercial off-the-shelf (COTS) hardware, and provides strong security
guarantees, even in the presence of multiple malicious or faulty components.
The key idea is to combine protective-redundancy with modern threshold
cryptographic techniques to build a system tolerant to hardware trojans and
errors. To evaluate our design, we build a Hardware Security Module that
provides the highest level of assurance possible with COTS components.
Specifically, we employ more than a hundred COTS secure crypto-coprocessors,
verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to
realize high-confidentiality random number generation, key derivation, public
key decryption and signing. Our experiments show a reasonable computational
overhead (less than 1% for both Decryption and Signing) and an exponential
increase in backdoor-tolerance as more ICs are added
Quantum surveillance and 'shared secrets'. A biometric step too far? CEPS Liberty and Security in Europe, July 2010
It is no longer sensible to regard biometrics as having neutral socio-economic, legal and political impacts. Newer generation biometrics are fluid and include behavioural and emotional data that can be combined with other data. Therefore, a range of issues needs to be reviewed in light of the increasing privatisation of âsecurityâ that escapes effective, democratic parliamentary and regulatory control and oversight at national, international and EU levels, argues Juliet Lodge, Professor and co-Director of the Jean Monnet European Centre of Excellence at the University of Leeds, U
Secure and Trusted Execution:Past, Present, and Future - A Critical Review in the Context of the Internet of Things and Cyber-Physical Systems
International audienc
- âŠ