Abstract: Recent widespread use of information and
communication technology has greatly changed information security
risks that businesses and institutions encounter. Along with this
situation, in order to ensure security and have confidence in electronic
trading, it has become important for organizations to take competent
information security measures to provide international confidence that
sensitive information is secure. Against this backdrop, the approach to
information security checking has come to an important issue, which
is believed to be common to all countries. The purpose of this paper is
to introduce the new system of information security checking program
in Korea and to propose synthetic information security
countermeasures under domestic circumstances in order to protect
physical equipment, security management and technology, and the
operation of security check for securing services on ISP(Internet
Service Provider), IDC(Internet Data Center), and
e-commerce(shopping malls, etc.)
Abstract: Management is required to understand all information security risks within an organization, and to make decisions on which information security risks should be treated in what level by allocating how much amount of cost. However, such decision-making is not usually easy, because various measures for risk treatment must be selected with the suitable application levels. In addition, some measures may have objectives conflicting with each other. It also makes the selection difficult. Therefore, this paper provides a model which supports the selection of measures by applying multi-objective analysis to find an optimal solution. Additionally, a list of measures is also provided to make the selection easier and more effective without any leakage of measures.
Abstract: During recent years, the traditional learning
approaches have undergone fundamental changes due to the
emergence of new technologies such as multimedia, hypermedia and
telecommunication. E-learning is a modern world phenomenon that
has come into existence in the information age and in a knowledgebased
society. E-learning has developed significantly within a short
period of time. Thus it is of a great significant to secure information,
allow a confident access and prevent unauthorized accesses. Making
use of individuals- physiologic or behavioral (biometric) properties is
a confident method to make the information secure. Among the
biometrics, fingerprint is more acceptable and most countries use it as
an efficient methods of identification. This article provides a new
method to compare the fingerprint comparison by pattern recognition
and image processing techniques. To verify fingerprint, the shortest
distance method is used together with perceptronic multilayer neural
network functioning based on minutiae. This method is highly
accurate in the extraction of minutiae and it accelerates comparisons
due to elimination of false minutiae and is more reliable compared
with methods that merely use directional images.
Abstract: In recent years, the development of e-learning is very
rapid. E-learning is an attractive and efficient way for computer
education. Student interaction and collaboration also plays an
important role in e-learning. In this paper, a collaborative web-based
e-learning environment is presented. A wide range of interactive and
collaborative methods are integrated into a web-based environment.
This e-learning environment is designed for information security
curriculum.
Abstract: Information and communication service providers
(ICSP) that are significant in size and provide Internet-based services
take administrative, technical, and physical protection measures via
the information security check service (ISCS). These protection
measures are the minimum action necessary to secure the stability and
continuity of the information and communication services (ICS) that
they provide. Thus, information assets are essential to providing ICS,
and deciding the relative importance of target assets for protection is a
critical procedure. The risk analysis model designed to decide the
relative importance of information assets, which is described in this
study, evaluates information assets from many angles, in order to
choose which ones should be given priority when it comes to
protection. Many-sided risk analysis (MSRS) grades the importance of
information assets, based on evaluation of major security check items,
evaluation of the dependency on the information and communication
facility (ICF) and influence on potential incidents, and evaluation of
major items according to their service classification, in order to
identify the ISCS target. MSRS could be an efficient risk analysis
model to help ICSPs to identify their core information assets and take
information protection measures first, so that stability of the ICS can
be ensured.
Abstract: Internet is largely composed of textual contents and a
huge volume of digital contents gets floated over the Internet daily.
The ease of information sharing and re-production has made it
difficult to preserve author-s copyright. Digital watermarking came
up as a solution for copyright protection of plain text problem after
1993. In this paper, we propose a zero text watermarking algorithm
based on occurrence frequency of non-vowel ASCII characters and
words for copyright protection of plain text. The embedding
algorithm makes use of frequency non-vowel ASCII characters and
words to generate a specialized author key. The extraction algorithm
uses this key to extract watermark, hence identify the original
copyright owner. Experimental results illustrate the effectiveness of
the proposed algorithm on text encountering meaning preserving
attacks performed by five independent attackers.
Abstract: The article touches upon questions of information security in Russian Economy. It covers theoretical bases of information security and causes of its development. The theory is proved by the analysis of business activities and the main tendencies of information security development. Perm region has been chosen as the bases for the analysis, being the fastestdeveloping region that uses methods of information security in managing it economy. As a result of the study the authors of the given article have formulated their own vision of the problem of information security in various branches of economy and stated prospects of information security development and its growing role in Russian economy
Abstract: IEEE has recently incorporated CCMP protocol to provide robust security to IEEE 802.11 wireless LANs. It is found that CCMP has been designed with a weak nonce construction and transmission mechanism, which leads to the exposure of initial counter value. This weak construction of nonce renders the protocol vulnerable to attacks by intruders. This paper presents how the initial counter can be pre-computed by the intruder. This vulnerability of counter block value leads to pre-computation attack on the counter mode encryption of CCMP. The failure of the counter mode will result in the collapse of the whole security mechanism of 802.11 WLAN.
Abstract: Every organization is continually subject to new damages and threats which can be resulted from their operations or their goal accomplishment. Methods of providing the security of space and applied tools have been widely changed with increasing application and development of information technology (IT). From this viewpoint, information security management systems were evolved to construct and prevent reiterating the experienced methods. In general, the correct response in information security management systems requires correct decision making, which in turn requires the comprehensive effort of managers and everyone involved in each plan or decision making. Obviously, all aspects of work or decision are not defined in all decision making conditions; therefore, the possible or certain risks should be considered when making decisions. This is the subject of risk management and it can influence the decisions. Investigation of different approaches in the field of risk management demonstrates their progress from quantitative to qualitative methods with a process approach.
Abstract: This paper introduces a tool that is being developed for the expression of information security policy controls that govern electronic healthcare records. By reference to published findings, the paper introduces the theory behind the use of knowledge management for automatic and consistent security policy assertion using the formalism called the Secutype; the development of the tool and functionality is discussed; some examples of Secutypes generated by the tool are provided; proposed integration with existing medical record systems is described. The paper is concluded with a section on further work and critique of the work achieved to date.
Abstract: This paper applies fuzzy set theory to evaluate the
service quality of online auction. Service quality is a composition of
various criteria. Among them many intangible attributes are difficult
to measure. This characteristic introduces the obstacles for respondent
in replying to the survey. So as to overcome this problem, we
invite fuzzy set theory into the measurement of performance. By
using AHP in obtaining criteria and TOPSIS in ranking, we found
the most concerned dimension of service quality is Transaction
Safety Mechanism and the least is Charge Item. Regarding to the
most concerned attributes are information security, accuracy and
information.
Abstract: This paper presents a novel method for data hiding based on neighborhood pixels information to calculate the number of bits that can be used for substitution and modified Least Significant Bits technique for data embedding. The modified solution is independent of the nature of the data to be hidden and gives correct results along with un-noticeable image degradation. The technique, to find the number of bits that can be used for data hiding, uses the green component of the image as it is less sensitive to human eye and thus it is totally impossible for human eye to predict whether the image is encrypted or not. The application further encrypts the data using a custom designed algorithm before embedding bits into image for further security. The overall process consists of three main modules namely embedding, encryption and extraction cm.
Abstract: This paper presents a new steganography approach suitable for Arabic texts. It can be classified under steganography feature coding methods. The approach hides secret information bits within the letters benefiting from their inherited points. To note the specific letters holding secret bits, the scheme considers the two features, the existence of the points in the letters and the redundant Arabic extension character. We use the pointed letters with extension to hold the secret bit 'one' and the un-pointed letters with extension to hold 'zero'. This steganography technique is found attractive to other languages having similar texts to Arabic such as Persian and Urdu.
Abstract: Recently, information security has become a key issue
in information technology as the number of computer security
breaches are exposed to an increasing number of security threats. A
variety of intrusion detection systems (IDS) have been employed for
protecting computers and networks from malicious network-based or
host-based attacks by using traditional statistical methods to new data
mining approaches in last decades. However, today's commercially
available intrusion detection systems are signature-based that are not
capable of detecting unknown attacks. In this paper, we present a
new learning algorithm for anomaly based network intrusion
detection system using decision tree algorithm that distinguishes
attacks from normal behaviors and identifies different types of
intrusions. Experimental results on the KDD99 benchmark network
intrusion detection dataset demonstrate that the proposed learning
algorithm achieved 98% detection rate (DR) in comparison with
other existing methods.
Abstract: The rapid advance of communication technology is
evolving the network environment into the broadband convergence
network. Likewise, the IT services operated in the individual network
are also being quickly converged in the broadband convergence
network environment. VoIP and IPTV are two examples of such new
services. Efforts are being made to develop the video phone service,
which is an advanced form of the voice-oriented VoIP service.
However, the new IT services will be subject to stability and reliability
vulnerabilities if the relevant security issues are not answered during
the convergence of the existing IT services currently being operated in
individual networks within the wider broadband network
environment. To resolve such problems, this paper attempts to analyze
the possible threats and identify the necessary security measures
before the deployment of the new IT services. Furthermore, it
measures the quality of the encryption algorithm application example
to describe the appropriate algorithm in order to present security
technology that will have no negative impact on the quality of the
video phone service.
Abstract: As the disfunctions of the information society and
social development progress, intrusion problems such as malicious
replies, spam mail, private information leakage, phishing, and
pharming, and side effects such as the spread of unwholesome
information and privacy invasion are becoming serious social
problems. Illegal access to information is also becoming a problem as
the exchange and sharing of information increases on the basis of the
extension of the communication network. On the other hand, as the
communication network has been constructed as an international,
global system, the legal response against invasion and cyber-attack
from abroad is facing its limit. In addition, in an environment where
the important infrastructures are managed and controlled on the basis
of the information communication network, such problems pose a
threat to national security. Countermeasures to such threats are
developed and implemented on a yearly basis to protect the major
infrastructures of information communication. As a part of such
measures, we have developed a methodology for assessing the
information protection level which can be used to establish the
quantitative object setting method required for the improvement of the
information protection level.
Abstract: This paper includes a positive analysis to quantitatively grasp the relationship among vulnerability, information security incidents, and the countermeasures by using data based on a 2007 questionnaire survey for Japanese ISPs (Internet Service Providers). To grasp the relationships, logistic regression analysis is used. The results clarify that there are relationships between information security incidents and the countermeasures. Concretely, there is a positive relationship between information security incidents and the number of information security systems introduced as well as a negative relationship between information security incidents and information security education. It is also pointed out that (especially, local) ISPs do not execute efficient information security countermeasures/ investment concerned with systems, and it is suggested that they should positively execute information security education. In addition, to further heighten the information security level of Japanese telecommunication infrastructure, the necessity and importance of the government to implement policy to support the countermeasures of ISPs is insisted.
Abstract: In today's day and age, one of the important topics in
information security is authentication. There are several alternatives
to text-based authentication of which includes Graphical Password
(GP) or Graphical User Authentication (GUA). These methods stems
from the fact that humans recognized and remembers images better
than alphanumerical text characters. This paper will focus on the
security aspect of GP algorithms and what most researchers have
been working on trying to define these security features and
attributes. The goal of this study is to develop a fuzzy decision model
that allows automatic selection of available GP algorithms by taking
into considerations the subjective judgments of the decision makers
who are more than 50 postgraduate students of computer science. The
approach that is being proposed is based on the Fuzzy Analytic
Hierarchy Process (FAHP) which determines the criteria weight as a
linear formula.
Abstract: This paper applies fuzzy AHP to evaluate the service
quality of online auction. Service quality is a composition of various
criteria. Among them many intangible attributes are difficult to
measure. This characteristic introduces the obstacles for respondents
on reply in the survey. So as to overcome this problem, we invite
fuzzy set theory into the measurement of performance and use AHP in
obtaining criteria. We found the most concerned dimension of service
quality is Transaction Safety Mechanism and the least is Charge Item.
Other criteria such as information security, accuracy and information
are too vital.
Abstract: Advent enhancements in the field of computing have
increased massive use of web based electronic documents. Current
Copyright protection laws are inadequate to prove the ownership for
electronic documents and do not provide strong features against
copying and manipulating information from the web. This has
opened many channels for securing information and significant
evolutions have been made in the area of information security.
Digital Watermarking has developed into a very dynamic area of
research and has addressed challenging issues for digital content.
Watermarking can be visible (logos or signatures) and invisible
(encoding and decoding). Many visible watermarking techniques
have been studied for text documents but there are very few for web
based text. XML files are used to trade information on the internet
and contain important information. In this paper, two invisible
watermarking techniques using Synonyms and Acronyms are
proposed for XML files to prove the intellectual ownership and to
achieve the security. Analysis is made for different attacks and
amount of capacity to be embedded in the XML file is also noticed.
A comparative analysis for capacity is also made for both methods.
The system has been implemented using C# language and all tests are
made practically to get the results.