Abstract: This paper includes a positive analysis to quantitatively grasp the relationship among vulnerability, information security incidents, and the countermeasures by using data based on a 2007 questionnaire survey for Japanese ISPs (Internet Service Providers). To grasp the relationships, logistic regression analysis is used. The results clarify that there are relationships between information security incidents and the countermeasures. Concretely, there is a positive relationship between information security incidents and the number of information security systems introduced as well as a negative relationship between information security incidents and information security education. It is also pointed out that (especially, local) ISPs do not execute efficient information security countermeasures/ investment concerned with systems, and it is suggested that they should positively execute information security education. In addition, to further heighten the information security level of Japanese telecommunication infrastructure, the necessity and importance of the government to implement policy to support the countermeasures of ISPs is insisted.
Abstract: The existing information system (IS) developments
methods are not met the requirements to resolve the security related
IS problems and they fail to provide a successful integration of
security and systems engineering during all development process
stages. Hence, the security should be considered during the whole
software development process and identified with the requirements
specification. This paper aims to propose an integrated security and
IS engineering approach in all software development process stages
by using i* language. This proposed framework categorizes into three
separate parts: modelling business environment part, modelling
information technology system part and modelling IS security part.
The results show that considering security IS goals in the whole
system development process can have a positive influence on system
implementation and better meet business expectations.
Abstract: The development of renewable energies - particularly energy from wind, water, solar power and biomass - is a central aim of the European Commission's energy policy. There are several reasons for this choice: renewable energies are sustainable, nonpolluting, widely available and clean. Increasing the share of renewable energy in the energy balance enhances sustainability. It also helps to improve the security of energy supply by reducing the Community's growing dependence on imported energy sources.In this paper it was studied the possibility to realize three photovoltaic systems in the Italian Natural Park “Gola della Rossa e di Frasassi". The first photovoltaic system is a grid-connected system for Services and Documentation Center of Castelletta with a nominal power of about 6 kWp. The second photovoltaic system is a grid-connected integrated system on the ticket office-s roof with a nominal power of about 4 kWp. The third project is set up by five grid-connected systems integrated on the roofs of the bungalows in Natural Park-s tourist camping with a nominal power of about 10 kWp. The electricity which is generated by all these plants is purchased according to the Italian program called “Conto Energia". Economical analysis and the amount of the avoided CO2 emissions are elaborated for these photovoltaic systems.
Abstract: Access control is a critical security service in Wire- less
Sensor Networks (WSNs). To prevent malicious nodes from joining
the sensor network, access control is required. On one hand, WSN
must be able to authorize and grant users the right to access to the
network. On the other hand, WSN must organize data collected by
sensors in such a way that an unauthorized entity (the adversary)
cannot make arbitrary queries. This restricts the network access only
to eligible users and sensor nodes, while queries from outsiders will
not be answered or forwarded by nodes. In this paper we presentee
different access control schemes so as to ?nd out their objectives,
provision, communication complexity, limits, etc. Using the node
density parameter, we also provide a comparison of these proposed
access control algorithms based on the network topology which can
be flat or hierarchical.
Abstract: Phishing, or stealing of sensitive information on the
web, has dealt a major blow to Internet Security in recent times. Most
of the existing anti-phishing solutions fail to handle the fuzziness
involved in phish detection, thus leading to a large number of false
positives. This fuzziness is attributed to the use of highly flexible and
at the same time, highly ambiguous HTML language. We introduce a
new perspective against phishing, that tries to systematically prove,
whether a given page is phished or not, using the corresponding
original page as the basis of the comparison. It analyzes the layout of
the pages under consideration to determine the percentage distortion
between them, indicative of any form of malicious alteration. The
system design represents an intelligent system, employing dynamic
assessment which accurately identifies brand new phishing attacks
and will prove effective in reducing the number of false positives.
This framework could potentially be used as a knowledge base, in
educating the internet users against phishing.
Abstract: Emergence of smartphones brings to live the concept
of converged devices with the availability of web amenities. Such
trend also challenges the mobile devices manufactures and service
providers in many aspects, such as security on mobile phones,
complex and long time design flow, as well as higher development
cost. Among these aspects, security on mobile phones is getting more
and more attention. Microkernel based virtualization technology will
play a critical role in addressing these challenges and meeting mobile
market needs and preferences, since virtualization provides essential
isolation for security reasons and it allows multiple operating systems
to run on one processor accelerating development and cutting development
cost. However, virtualization benefits do not come for free.
As an additional software layer, it adds some inevitable virtualization
overhead to the system, which may decrease the system performance.
In this paper we evaluate and analyze the virtualization performance
cost of L4 microkernel based virtualization on a competitive mobile
phone by comparing the L4Linux, a para-virtualized Linux on top of
L4 microkernel, with the native Linux performance using lmbench
and a set of typical mobile phone applications.
Abstract: Transaction management is one of the most crucial requirements for enterprise application development which often require concurrent access to distributed data shared amongst multiple application / nodes. Transactions guarantee the consistency of data records when multiple users or processes perform concurrent operations. Existing Fault Tolerance Infrastructure for Mobile Agents (FTIMA) provides a fault tolerant behavior in distributed transactions and uses multi-agent system for distributed transaction and processing. In the existing FTIMA architecture, data flows through the network and contains personal, private or confidential information. In banking transactions a minor change in the transaction can cause a great loss to the user. In this paper we have modified FTIMA architecture to ensure that the user request reaches the destination server securely and without any change. We have used triple DES for encryption/ decryption and MD5 algorithm for validity of message.
Abstract: The aim of this paper is to provide an empirical
evidence about the effects that the management of continuous
training have on employability (or employment stability) in the
Spanish labour market. With this purpose a binary logit model with
interaction effect is been used. The dependent variable includes two
situations of the active workers: continuous and discontinuous
employability. To distinguish between them an Employability Index
Stability (ESI) was calculated taking into account two factors: time
worked and job security. Various aspects of the continuous training
and personal workers data are used as independent variables. The
data obtained from a survey of a sample of 918 employed have
revealed a relationship between the likelihood of continuous
employability and continuous training received. The empirical results
support the positive and significant relationship between various
aspects of the training provided by firms and employability
likelihood of the workers, postulate alike from a theoretical point of
view.
Abstract: Polynomial bases and normal bases are both used for
elliptic curve cryptosystems, but field arithmetic operations such as
multiplication, inversion and doubling for each basis are implemented
by different methods. In general, it is said that normal bases, especially
optimal normal bases (ONB) which are special cases on normal bases,
are efficient for the implementation in hardware in comparison with
polynomial bases. However there seems to be more examined by
implementing and analyzing these systems under similar condition. In
this paper, we designed field arithmetic operators for each basis over
GF(2233), which field has a polynomial basis recommended by SEC2
and a type-II ONB both, and analyzed these implementation results.
And, in addition, we predicted the efficiency of two elliptic curve
cryptosystems using these field arithmetic operators.
Abstract: Few decades ago, electronic and sensor technologies
are merged into vehicles as the Advanced Driver Assistance
System(ADAS). However, sensor-based ADASs have limitations
about weather interference and a line-of-sight nature problem. In our
project, we investigate a Relative Position based ADAS(RP-ADAS).
We divide the RP-ADAS into four main research areas: GNSS,
VANET, Security/Privacy, and Application. In this paper, we research
the GNSS technologies and determine the most appropriate one. With
the performance evaluation, we figure out that the C/A code based
GPS technologies are inappropriate for 'which lane-level' application.
However, they can be used as a 'which road-level' application.
Abstract: Perhaps no single issue has been cited as either the root
cause and / or the greatest challenge to the restructured power system then the lack of adequate reliable transmission. Probabilistic transmission planning has become increasingly necessary and important in recent
years. The transmission planning analysis carried out by the authors,
spans a 10-year horizon, taking into consideration a value of 2 % load
increase / year at each consumer. Taking into consideration this increased
load, a probabilistic power flow was carried out, all the system components
being regarded from probabilistic point of view. Several contingencies
have been generated, for assessing the security of the power system. The results have been analyzed and several important conclusions were pointed. The objective is to achieve a network that works without limit violations for all (or most of) scenario realizations. The case study is represented by the IEEE 14 buses test power system.
Abstract: Authentication of multimedia contents has gained much attention in recent times. In this paper, we propose a secure semi-fragile watermarking, with a choice of two watermarks to be embedded. This technique operates in integer wavelet domain and makes use of semi fragile watermarks for achieving better robustness. A self-recovering algorithm is employed, that hides the image digest into some Wavelet subbands to detect possible malevolent object manipulation undergone by the image (object replacing and/or deletion). The Semi-fragility makes the scheme tolerant for JPEG lossy compression as low as quality of 70%, and locate the tempered area accurately. In addition, the system ensures more security because the embedded watermarks are protected with private keys. The computational complexity is reduced using parameterized integer wavelet transform. Experimental results show that the proposed scheme guarantees the safety of watermark, image recovery and location of the tempered area accurately.
Abstract: This paper proposes a novel architecture for At-
Home medical care which enables senior citizens, patients
with chronic ailments and patients requiring post- operative
care to be remotely monitored in the comfort of their homes.
This architecture is implemented using sensors and wireless
networking for transmitting patient data to the hospitals,
health- care centers for monitoring by medical professionals.
Patients are equipped with sensors to measure their
physiological parameters, like blood pressure, pulse rate etc.
and a Wearable Data Acquisition Unit is used to transmit the
patient sensor data. Medical professionals can be alerted to
any abnormal variations in these values for diagnosis and
suitable treatment. Security threats and challenges inherent to
wireless communication and sensor network have been
discussed and a security mechanism to ensure data
confidentiality and source authentication has been proposed.
Symmetric key algorithm AES has been used for encrypting
the data and a patent-free, two-pass block cipher mode CCFB
has been used for implementing semantic security.
Abstract: Security is an interesting and significance issue for
popular virtual platforms, such as virtualization cluster and cloud
platforms. Virtualization is the powerful technology for cloud
computing services, there are a lot of benefits by using virtual machine
tools which be called hypervisors, such as it can quickly deploy all
kinds of virtual Operating Systems in single platform, able to control
all virtual system resources effectively, cost down for system platform
deployment, ability of customization, high elasticity and high
reliability. However, some important security problems need to take
care and resolved in virtual platforms that include terrible viruses, evil
programs, illegal operations and intrusion behavior. In this paper, we
present useful Intrusion Detection Mechanism (IDM) software that not
only can auto to analyze all system-s operations with the accounting
journal database, but also is able to monitor the system-s state for
virtual platforms.
Abstract: This paper proposes the authentication method using
ESA algorithm instead of using CAVE algorithm in the CDMA
mobile communication systems including IS-95 and CDMA2000 1x.
And, we analyze to apply ESA mechanism on behalf of CAVE
mechanism without the change of message format and air interface in
the existing CDMA systems. If ESA algorithm can be used as the
substitution of CAVE algorithm, security strength of authentication
algorithm is intensified without protocol change. An algorithm
replacement proposed in this paper is not to change an authentication
mechanism, but to configure input of ESA algorithm and to produce
output. Therefore, our proposal can be the compatible to the existing
systems.
Abstract: The purpose of this research is to develop a security model for voice eavesdropping protection over digital networks. The proposed model provides an encryption scheme and a personal secret key exchange between communicating parties, a so-called voice data transformation system, resulting in a real-privacy conversation. The operation of this system comprises two main steps as follows: The first one is the personal secret key exchange for using the keys in the data encryption process during conversation. The key owner could freely make his/her choice in key selection, so it is recommended that one should exchange a different key for a different conversational party, and record the key for each case into the memory provided in the client device. The next step is to set and record another personal option of encryption, either taking all frames or just partial frames, so-called the figure of 1:M. Using different personal secret keys and different sets of 1:M to different parties without the intervention of the service operator, would result in posing quite a big problem for any eavesdroppers who attempt to discover the key used during the conversation, especially in a short period of time. Thus, it is quite safe and effective to protect the case of voice eavesdropping. The results of the implementation indicate that the system can perform its function accurately as designed. In this regard, the proposed system is suitable for effective use in voice eavesdropping protection over digital networks, without any requirements to change presently existing network systems, mobile phone network and VoIP, for instance.
Abstract: Because of the global warming and the rising sea level, residents living in southwestern coastland, Taiwan are faced with the submerged land and may move to higher elevation area. It is desirable to discuss the key consideration factor for selecting the migration location under five dimensions of ಯ security”, “health”, “convenience”, “comfort” and “socio-economic” based on the document reviews. This paper uses the Structural Equation Modeling (SEM) and the questionnaire survey. The analysis results show that the convenience is the most key factor for residents in Taiwan.
Abstract: Recently global concerns for the energy security have
steadily been on the increase and are expected to become a major
issue over the next few decades. Energy security refers to a resilient
energy system. This resilient system would be capable of
withstanding threats through a combination of active, direct security
measures and passive or more indirect measures such as redundancy,
duplication of critical equipment, diversity in fuel, other sources of
energy, and reliance on less vulnerable infrastructure. Threats and
disruptions (disturbances) to one part of the energy system affect
another. The paper presents methodology in theoretical background
about energy system as an interconnected network and energy supply
disturbances impact to the network. The proposed methodology uses
a network flow approach to develop mathematical model of the
energy system network as the system of nodes and arcs with energy
flowing from node to node along paths in the network.
Abstract: The paradigm of mobile agent provides a promising technology for the development of distributed and open applications. However, one of the main obstacles to widespread adoption of the mobile agent paradigm seems to be security. This paper treats the security of the mobile agent against malicious host attacks. It describes generic mobile agent protection architecture. The proposed approach is based on the dynamic adaptability and adopts the reflexivity as a model of conception and implantation. In order to protect it against behaviour analysis attempts, the suggested approach supplies the mobile agent with a flexibility faculty allowing it to present an unexpected behaviour. Furthermore, some classical protective mechanisms are used to reinforce the level of security.
Abstract: The first generation of Mobile Agents based Intrusion
Detection System just had two components namely data collection
and single centralized analyzer. The disadvantage of this type of
intrusion detection is if connection to the analyzer fails, the entire
system will become useless. In this work, we propose novel hybrid
model for Mobile Agent based Distributed Intrusion Detection
System to overcome the current problem. The proposed model has
new features such as robustness, capability of detecting intrusion
against the IDS itself and capability of updating itself to detect new
pattern of intrusions. In addition, our proposed model is also capable
of tackling some of the weaknesses of centralized Intrusion Detection
System models.