Abstract: Recently, the RFID (Radio Frequency
Identification) technology attracts the world market attention as
essential technology for ubiquitous environment. The RFID
market has focused on transponders and reader development.
But that concern has shifted to RFID software like as
high-valued e-business applications, RFID middleware and
related development tools. However, due to the high sensitivity
of data and service transaction within the RFID network,
security consideration must be addressed. In order to guarantee
trusted e-business based on RFID technology, we propose a
security enhanced RFID middleware system. Our proposal is
compliant with EPCglobal ALE (Application Level Events),
which is standard interface for middleware and its clients. We
show how to provide strengthened security and trust by
protecting transported data between middleware and its client,
and stored data in middleware. Moreover, we achieve the
identification and service access control against illegal service
abuse. Our system enables secure RFID middleware service
and trusted e-business service.
Abstract: Encrypted messages sending frequently draws the attention
of third parties, perhaps causing attempts to break and
reveal the original messages. Steganography is introduced to hide
the existence of the communication by concealing a secret message
in an appropriate carrier like text, image, audio or video. Quantum
steganography where the sender (Alice) embeds her steganographic
information into the cover and sends it to the receiver (Bob) over a
communication channel. Alice and Bob share an algorithm and hide
quantum information in the cover. An eavesdropper (Eve) without
access to the algorithm can-t find out the existence of the quantum
message. In this paper, a text quantum steganography technique based
on the use of indefinite articles (a) or (an) in conjunction with the nonspecific
or non-particular nouns in English language and quantum
gate truth table have been proposed. The authors also introduced a
new code representation technique (SSCE - Secret Steganography
Code for Embedding) at both ends in order to achieve high level of
security. Before the embedding operation each character of the secret
message has been converted to SSCE Value and then embeds to cover
text. Finally stego text is formed and transmits to the receiver side.
At the receiver side different reverse operation has been carried out
to get back the original information.
Abstract: The health record in the Electronic Health Record
(EHR) system is more sensitive than demographic. It raises the
important issue for the EHR requirement in privacy, security, audit
trail, patient access, and archiving and data retention. The studies
about the EHR system security are deficient. The aim of this study is to
build a security environment for the EHR system by Integrating the
Healthcare Enterprise (IHE) Audit Trail and Node Authentication
Security (ATNA) profile. The CDAs can be access in a secure EHR
environment.
Abstract: The lack of security obstructs a large scale de- ployment of the multicast communication model. There- fore, a host of research works have been achieved in order to deal with several issues relating to securing the multicast, such as confidentiality, authentication, non-repudiation, in- tegrity and access control. Many applications require au- thenticating the source of the received traffic, such as broadcasting stock quotes and videoconferencing and hence source authentication is a required component in the whole multicast security architecture. In this paper, we propose a new and efficient source au- thentication protocol which guarantees non-repudiation for multicast flows, and tolerates packet loss. We have simu- lated our protocol using NS-2, and the simulation results show that the protocol allows to achieve improvements over protocols fitting into the same category.
Abstract: A virtualized and virtual approach is presented on
academically preparing students to successfully engage at a strategic
perspective to understand those concerns and measures that are both
structured and not structured in the area of cyber security and
information assurance. The Master of Science in Cyber Security and
Information Assurance (MSCSIA) is a professional degree for those
who endeavor through technical and managerial measures to ensure
the security, confidentiality, integrity, authenticity, control,
availability and utility of the world-s computing and information
systems infrastructure. The National University Cyber Security and
Information Assurance program is offered as a Master-s degree. The
emphasis of the MSCSIA program uniquely includes hands-on
academic instruction using virtual computers. This past year, 2011,
the NU facility has become fully operational using system
architecture to provide a Virtual Education Laboratory (VEL)
accessible to both onsite and online students. The first student cohort
completed their MSCSIA training this past March 2, 2012 after
fulfilling 12 courses, for a total of 54 units of college credits. The
rapid pace scheduling of one course per month is immensely
challenging, perpetually changing, and virtually multifaceted. This
paper analyses these descriptive terms in consideration of those
globalization penetration breaches as present in today-s world of
cyber security. In addition, we present current NU practices to
mitigate risks.
Abstract: Until recently it would have been unusual to consider classifying population movements and refugees as security problem. However, efforts at shaping our world to make ourselves secure have paradoxically led to ever greater insecurity. The feeling of uncertainty, pertinent throughout all discourses of security, has led to the creation of security production into seemingly benign routines of everyday life. Yet, the paper argues, neither of security discourses accounted for, disclosed and challenged the fundamental aporias embedded in Western security narratives. In turn, the paper aims to unpick the conventional security wisdom, which is haunted with strong ontologies, embedded in the politics of Orientalism, and (in)security nexus. The paper concludes that current security affair conceals the integral impossibility of fulfilling its very own promise of assured security. The paper also provides suggestions about alternative security discourse based on mutual dialogue.
Abstract: With the rapid development of wireless mobile communication, applications for mobile devices must focus on network security. In 2008, Chang-Chang proposed security improvements on the Lu et al.-s elliptic curve authentication key agreement protocol for wireless mobile networks. However, this paper shows that Chang- Chang-s improved protocol is still vulnerable to off-line password guessing attacks unlike their claims.
Abstract: Due to rapid economic growth, Indonesia's energy needs is rapidly increasing. Indonesia-s primary energy consumption has doubled in 2007 compared to 2003. Indonesia's status change from oil net-exporter to oil net-importer country recently has increased Indonesia's concern over energy security. Due to this, oil import becomes center of attention in the dynamics of Indonesia's energy security. Conventional studies addressing Indonesia's energy security have focused on energy production sector. This study explores Indonesia-s energy security considering energy import sector by modeling and simulating Indonesia-s energy-related policies using system dynamics. Simulation result of Indonesia's energy security in 2020 in Business-As-Usual scenario shows that in term of supply demand ratio, energy security will be very high, but also it poses high dependence on energy import. The Alternative scenario result shows lower energy security in term of supply demand ratio and much lower dependence on energy import. It is also found that the Alternative scenario produce lower GDP growth.
Abstract: IEEE has designed 802.11i protocol to address the
security issues in wireless local area networks. Formal analysis is
important to ensure that the protocols work properly without having
to resort to tedious testing and debugging which can only show the
presence of errors, never their absence. In this paper, we present
the formal verification of an abstract protocol model of 802.11i.
We translate the 802.11i protocol into the Strand Space Model and
then prove the authentication property of the resulting model using
the Strand Space formalism. The intruder in our model is imbued
with powerful capabilities and repercussions to possible attacks are
evaluated. Our analysis proves that the authentication of 802.11i is
not compromised in the presented model. We further demonstrate
how changes in our model will yield a successful man-in-the-middle
attack.
Abstract: Solid waste can be considered as an urban burden or
as a valuable resource depending on how it is managed. To meet the
rising demand for energy and to address environmental concerns, a
conversion from conventional energy systems to renewable resources
is essential. For the sustainability of human civilization, an
environmentally sound and techno-economically feasible waste
treatment method is very important to treat recyclable waste. Several
technologies are available for realizing the potential of solid waste as
an energy source, ranging from very simple systems for disposing of
dry waste to more complex technologies capable of dealing with
large amounts of industrial waste. There are three main pathways for
conversion of waste material to energy: thermo chemical,
biochemical and physicochemical. This paper investigates the thermo
chemical conversion of solid waste for energy recovery. The
processes, advantages and dis-advantages of various thermo chemical
conversion processes are discussed and compared. Special attention
is given to Gasification process as it provides better solutions
regarding public acceptance, feedstock flexibility, near-zero
emissions, efficiency and security. Finally this paper presents
comparative statements of thermo chemical processes and introduces
an integrated waste management system.
Abstract: In this paper, a novel copyright protection scheme for digital images based on Visual Cryptography and Statistics is proposed. In our scheme, the theories and properties of sampling distribution of means and visual cryptography are employed to achieve the requirements of robustness and security. Our method does not need to alter the original image and can identify the ownership without resorting to the original image. Besides, our method allows multiple watermarks to be registered for a single host image without causing any damage to other hidden watermarks. Moreover, it is also possible for our scheme to cast a larger watermark into a smaller host image. Finally, experimental results will show the robustness of our scheme against several common attacks.
Abstract: Efforts to secure supervisory control and data acquisition
(SCADA) systems must be supported under the guidance of
sound security policies and mechanisms to enforce them. Critical
elements of the policy must be systematically translated into a format
that can be used by policy enforcement components. Ideally, the
goal is to ensure that the enforced policy is a close reflection of
the specified policy. However, security controls commonly used to
enforce policies in the IT environment were not designed to satisfy
the specific needs of the SCADA environment. This paper presents
a language, based on the well-known XACML framework, for the
expression of authorization policies for SCADA systems.
Abstract: A great deal of research works in the field information
systems security has been based on a positivist paradigm. Applying
the reductionism concept of the positivist paradigm for information
security means missing the bigger picture and thus, the lack of holism
which could be one of the reasons why security is still overlooked,
comes as an afterthought or perceived from a purely technical
dimension. We need to reshape our thinking and attitudes towards
security especially in a complex and dynamic environment such as e-
Business to develop a holistic understanding of e-Business security in
relation to its context as well as considering all the stakeholders in
the problem area. In this paper we argue the suitability and need for
more inductive interpretive approach and qualitative research method
to investigate e-Business security. Our discussion is based on a
holistic framework of enquiry, nature of the research problem, the
underling theoretical lens and the complexity of e-Business
environment. At the end we present a research strategy for
developing a holistic framework for understanding of e-Business
security problems in the context of developing countries based on an
interdisciplinary inquiry which considers their needs and
requirements.
Abstract: Lossless compression schemes with secure
transmission play a key role in telemedicine applications that helps in
accurate diagnosis and research. Traditional cryptographic algorithms
for data security are not fast enough to process vast amount of data.
Hence a novel Secured lossless compression approach proposed in
this paper is based on reversible integer wavelet transform, EZW
algorithm, new modified runlength coding for character
representation and selective bit scrambling. The use of the lifting
scheme allows generating truly lossless integer-to-integer wavelet
transforms. Images are compressed/decompressed by well-known
EZW algorithm. The proposed modified runlength coding greatly
improves the compression performance and also increases the
security level. This work employs scrambling method which is fast,
simple to implement and it provides security. Lossless compression
ratios and distortion performance of this proposed method are found
to be better than other lossless techniques.
Abstract: The modern world is experiencing fundamental and dynamic changes. The transformation of international relations; the end of confrontation and successive overcoming of the Cold War consequences have expanded possible international cooperation. The global nuclear conflict threat has been minimized, while a tendency to establish a unipolar world structure with the U.S. economic and power domination is growing. The current world system of international relations, apparently is secular. However, the religious beliefs of one or another nations play a certain (sometimes a key) role, both in the domestic affairs of the individual countries and in the development of bilateral ties. Political situation in Central Asia has been characterized by new factors such as international terrorism; religious extremism and radicalism; narcotrafficking and illicit arms trade of a global character immediately threaten to peace and political stability in Central Asia. The role and influence of Islamic fundamentalism is increasing; political ethnocentrism and the associated aggravation of inter-ethnic relations, the ambiguity of national interests and objectives of major geo-political groups in the Central Asian region regarding the division the political influence, emerge. This article approaches the following issues: the role of Islam in Central Asia; destabilizing factors in Central Asia; Islamic movements in Central Asia, Western Europe and the United States; the United States, Western Europe and Central Asia: religion, politics, ideology, and the US-Central Asia antiterrorism and religious extremism cooperation.
Abstract: Low frequency power oscillations may be triggered
by many events in the system. Most oscillations are damped by the
system, but undamped oscillations can lead to system collapse.
Oscillations develop as a result of rotor acceleration/deceleration
following a change in active power transfer from a generator. Like
the operations limits, the monitoring of power system oscillating
modes is a relevant aspect of power system operation and control.
Unprevented low-frequency power swings can be cause of cascading
outages that can rapidly extend effect on wide region. On this regard,
a Wide Area Monitoring, Protection and Control Systems
(WAMPCS) help in detecting such phenomena and assess power
system dynamics security. The monitoring of power system
electromechanical oscillations is very important in the frame of
modern power system management and control. In first part, this
paper compares the different technique for identification of power
system oscillations. Second part analyzes possible identification
some power system dynamics behaviors Using Wide Area
Monitoring Systems (WAMS) based on Phasor Measurement Units
(PMUs) and wavelet technique.
Abstract: In this paper, a novel method for a biometric system based on the ECG signal is proposed, using spectral coefficients computed through linear predictive coding (LPC). ECG biometric systems have traditionally incorporated characteristics of fiducial points of the ECG signal as the feature set. These systems have been shown to contain loopholes and thus a non-fiducial system allows for tighter security. In the proposed system, incorporating non-fiducial features from the LPC spectrum produced a segment and subject recognition rate of 99.52% and 100% respectively. The recognition rates outperformed the biometric system that is based on the wavelet packet decomposition (WPD) algorithm in terms of recognition rates and computation time. This allows for LPC to be used in a practical ECG biometric system that requires fast, stringent and accurate recognition.
Abstract: Distributed denial-of-service (DDoS) attacks pose a
serious threat to network security. There have been a lot of
methodologies and tools devised to detect DDoS attacks and reduce
the damage they cause. Still, most of the methods cannot
simultaneously achieve (1) efficient detection with a small number of
false alarms and (2) real-time transfer of packets. Here, we introduce
a method for proactive detection of DDoS attacks, by classifying the
network status, to be utilized in the detection stage of the proposed
anti-DDoS framework. Initially, we analyse the DDoS architecture
and obtain details of its phases. Then, we investigate the procedures
of DDoS attacks and select variables based on these features. Finally,
we apply the k-nearest neighbour (k-NN) method to classify the
network status into each phase of DDoS attack. The simulation result
showed that each phase of the attack scenario is classified well and
we could detect DDoS attack in the early stage.
Abstract: Over last two decades, due to hostilities of environment
over the internet the concerns about confidentiality of information
have increased at phenomenal rate. Therefore to safeguard the information
from attacks, number of data/information hiding methods have
evolved mostly in spatial and transformation domain.In spatial domain
data hiding techniques,the information is embedded directly on
the image plane itself. In transform domain data hiding techniques the
image is first changed from spatial domain to some other domain and
then the secret information is embedded so that the secret information
remains more secure from any attack. Information hiding algorithms
in time domain or spatial domain have high capacity and relatively
lower robustness. In contrast, the algorithms in transform domain,
such as DCT, DWT have certain robustness against some multimedia
processing.In this work the authors propose a novel steganographic
method for hiding information in the transform domain of the gray
scale image.The proposed approach works by converting the gray
level image in transform domain using discrete integer wavelet
technique through lifting scheme.This approach performs a 2-D
lifting wavelet decomposition through Haar lifted wavelet of the cover
image and computes the approximation coefficients matrix CA and
detail coefficients matrices CH, CV, and CD.Next step is to apply the
PMM technique in those coefficients to form the stego image. The
aim of this paper is to propose a high-capacity image steganography
technique that uses pixel mapping method in integer wavelet domain
with acceptable levels of imperceptibility and distortion in the cover
image and high level of overall security. This solution is independent
of the nature of the data to be hidden and produces a stego image
with minimum degradation.
Abstract: S-boxes (Substitution boxes) are keystones of modern
symmetric cryptosystems (block ciphers, as well as stream ciphers).
S-boxes bring nonlinearity to cryptosystems and strengthen their
cryptographic security. They are used for confusion in data security
An S-box satisfies the strict avalanche criterion (SAC), if and only if
for any single input bit of the S-box, the inversion of it changes each
output bit with probability one half. If a function (cryptographic
transformation) is complete, then each output bit depends on all of
the input bits. Thus, if it were possible to find the simplest Boolean
expression for each output bit in terms of the input bits, each of these
expressions would have to contain all of the input bits if the function
is complete. From some important properties of S-box, the most
interesting property SAC (Strict Avalanche Criterion) is presented
and to analyze this property three analysis methods are proposed.