Model for cryptography protection of confidential information

УДК 004.056 Борсуковський Ю.В., Борсуковська В.Ю. Модель криптографічного захисту конфіденційної інформації В даній статті проведено детальний аналіз вимог щодо формування моделі криптографічного захисту конфіденційної інформації. Розглянуто використання засобів криптографічного захисту інформації з метою реалізації організаційних та технічних заходів по запобіганню витокам конфіденційної інформації на об’єктах критичної інфраструктури. Сформульовані базові вимоги та рекомендації щодо структури та функціональних складових моделі захисту конфіденційної інформації. Формалізовані вимоги щодо створення, впровадження та експлуатації превентивних процедур управління багатоступінчатим захистом конфіденційної інформації. Наведено приклад використання моделі криптографічного захисту інформації для створення захищеної і прозорої в використанні бази аутентифікаційних даних користувача. Запропонована модель захисту дозволяє мати кілька ступенів програмного та апаратного захисту, що із однієї сторони спрощує їх використання при виконанні чинних політик безпеки і зменшує ймовірність дискредитації аутентифікаційних даних, а із іншої сторони підвищує ймовірність виявлення зловмисних дій третьої сторони за рахунок багатоступінчатої системи захисту. Враховано практичний досвід створення типових моделей захисту конфіденційної інформації для розробки, впровадження та управління сучасними політиками інформаційної безпеки щодо питань використання засобів криптографічного захисту конфіденційної інформації на підприємствах різних форми власності.UDC 004.056 Borsukovskyi Y., Borsukovska V. Model for Cryptography Protection of Confidential Information Current article provides the detailed analysis of requirements for creation of model for cryptography protection of confidential information. Article defines the use of information cryptography protection tools in order to ensure the application of organizational and technical actions to prevent leakage of confidential information at critical infrastructure assets. It provides the basic requirements for the structure and functional elements of model for protection of confidential information. Formalize requirements on creation, implementation and exploitation of preventive procedure in management of multi-level protection of confidential information. The article includes example of use of model for cryptography protection of information for creation of secure and transparent in use the authenticating data base of user. The presented model of protection ensures to have a few levels of firewalls, that, on one hand, simplifies its use in execution of acting security policies and decrease the probability of discrediting of authenticating data, and, on other hand, increase the probability to detect the criminal actions of third party by means of multi-level protection system. It considers the practical experience in creation of standard models for protection of confidential information for development, implementation and management of modern policies on information security in part of use of cryptography protection tools for confidential information at enterprises of different forms of incorporation

Vision and Objectives

The purpose of Industry Day is to exchange information with industry to increase understanding of the Government's current vision and objectives for the xEVA Production and Services Contract. The presentation provides industry with the opportunity to provide input into the xEVAPS procurement strategy and encourage offerors to submit questions and comments. A technical overview of the xEVA System serves as the foundation for the content related to draft requirements in the SOW

The Frontiers of Technology in Warhead Verification

How might new technical verification capabilities enhance the prospects of success in future nuclear arms control negotiations? Both theory and evidence suggest that verification technologies can influence the dynamics of arms control negotiations by shaping and constraining the arguments and strategies that are available to the involved stakeholders. In the future, new technologies may help transcend the specific verification challenge of high-security warhead authentication, which is a verification capability needed in future disarmament scenarios that address fewer warheads, limit new categories of warheads, and involve nuclear weapons states other than the United States and Russia. Under these circumstances, the core challenge is maintaining the confidentiality of the classified information related to the warheads under inspection, while providing transparency in the verification process. This analysis focuses on a set of emerging warhead authentication approaches that rely on the cryptographic concept of zero-knowledge proofs and intend to solve the paradox between secrecy and transparency, making deeper reductions in warhead arsenals possible and thus facilitating future nuclear arms control negotiations

Identifying attack surfaces in the evolving space industry using reference architectures

The space environment is currently undergoing a substantial change and many new entrants to the market are deploying devices, satellites and systems in space; this evolution has been termed as NewSpace. The change is complicated by technological developments such as deploying machine learning based autonomous space systems and the Internet of Space Things (IoST). In the IoST, space systems will rely on satellite-to-x communication and interactions with wider aspects of the ground segment to a greater degree than existing systems. Such developments will inevitably lead to a change in the cyber security threat landscape of space systems. Inevitably, there will be a greater number of attack vectors for adversaries to exploit, and previously infeasible threats can be realised, and thus require mitigation. In this paper, we present a reference architecture (RA) that can be used to abstractly model in situ applications of this new space landscape. The RA specifies high-level system components and their interactions. By instantiating the RA for two scenarios we demonstrate how to analyse the attack surface using attack trees

Protecting the infrastructure: 3rd Australian information warfare & security conference 2002

The conference is hosted by the We-B Centre (working with a-business) in the School of Management Information System, the School of Computer & Information Sciences at Edith Cowan University. This year\u27s conference is being held at the Sheraton Perth Hotel in Adelaide Terrace, Perth. Papers for this conference have been written by a wide range of academics and industry specialists. We have attracted participation from both national and international authors and organisations. The papers cover many topics, all within the field of information warfare and its applications, now and into the future. The papers have been grouped into six streams: • Networks • IWAR Strategy • Security • Risk Management • Social/Education • Infrastructur

Implementation and Development of Vehicle Tracking and Immobilization Technologies

Since the mid-1980s, limited use has been made of vehicle tracking using satellite communications to mitigate the security and safety risks created by the highway transportation of certain types of hazardous materials. However, vehicle-tracking technology applied to safety and security is increasingly being researched and piloted, and it has been the subject of several government reports and legislative mandates. At the same time, the motor carrier industry has been investing in and implementing vehicle tracking, for a number of reasons, particularly the increase in efficiency achieved through better management of both personnel (drivers) and assets (trucks or, as they are known, tractors; cargo loads; and trailers). While vehicle tracking and immobilization technologies can play a significant role in preventing truck-borne hazardous materials from being used as weapons against key targets, they are not a & ”silver bullet.” However, the experience of DTTS and the FMCSA and TSA pilot projects indicates that when these technologies are combined with other security measures, and when the information they provide is used in conjunction with information supplied outside of the tracking system, they can provide defensive value to any effort to protect assets from attacks using hazmat as a weapon. This report is a sister publication to MTI Report 09-03, Potential Terrorist Uses of Highway-Borne Hazardous Materials. That publication was created in response to the Department of Homeland Security´s request that the Mineta Transportation Institute´s National Transportation Security Center of Excellence provide research and insights regarding the security risks created by the highway transportation of hazardous materials

SecureSurgiNET:a framework for ensuring security in telesurgery

The notion of surgical robotics is actively being extended to enable telesurgery, where both the surgeon and patient are remotely located and connected via a public network, which leads to many security risks. Being a safety-critical application, it is highly important to make telesurgery robust and secure against active and passive attacks. In this article, we propose the first complete framework, called SecureSurgiNET, for ensuring security in telesurgery environments. SecureSurgiNET is primarily based on a set of well-established protocols to provide a fool-proof telesurgical robotic system. For increasing the efficiency of secured telesurgery environments, the idea of a telesurgical authority is introduced that ensures the integrity, identity management, authentication policy implementation, and postoperative data security. An analysis is provided describing the security and throughput of Advanced Encryption Standard during the intraoperative phase of SecureSurgiNET. Moreover, we have tabulated the possible attacks on SecureSurgiNET along with the devised defensive measures. Finally, we also present a time complexity analysis of the SecureSurgiNET through simulations. © The Author(s) 2019

General guidelines for designing bilingual low cost digital library services suitable for special library users in developing countries and the Arabic speaking world

The World is witnessing a considerable transformation from print based-formats to elec-tronic-based formats thanks to advanced computing technology, which has a profound impact on the dissemination of nearly all previous formats of publications into digital formats on computer networks. Text, still and moving images, sound tracks, music, and almost all known formats can be stored and retrieved on computer magnetic disk. Over the last two decades, a number of special libraries and information centres in the Arab world have introduced electronic resources into their library services. Very few have implemented automated and integrated systems. Despite the im-portance of designing digital libraries not merely for accessing to or retrieval of information but rather for the provision of electronic services, hardly any special library has started the design of digital library services. Managers of special libraries and information centres in developing countries in general and in the Arab world in particular should start building their local digital libraries, as the benefit of establishing such electronic services is considerably massive and well known for expansion of re-search activities and for delivering services that satisfy the needs of targeted end-users. The aim of this paper is to provide general guideline for design of special low cost digital library providing ser-vices that are most frequently required by various categories of special library users in developing countries. This paper also aims at illustrating strategies and method approaches that can be adopted for building such projects. Seeing the importance of designing an inexpensive digital li-brary as basic principle for the design accordingly, the utilisation of today's ICTs and freely avail-able open sources software is the right path for accomplishing such goal. The paper intends to de-scribe the phases and stages required for building such projects from scratch. It also aims at high-lighting the barriers and obstacles facing Arabic content and how could such problems overcome