Trust and Reputation Management for Critical Infrastructure Protection

NASA Astrophysics Data System (ADS)

Caldeira, Filipe; Monteiro, Edmundo; Simões, Paulo

Today's Critical Infrastructures (CI) depend of Information and Communication Technologies (ICT) to deliver their services with the required level of quality and availability. ICT security plays a major role in CI protection and risk prevention for single and also for interconnected CIs were cascading effects might occur because of the interdependencies that exist among different CIs. This paper addresses the problem of ICT security in interconnected CIs. Trust and reputation management using the Policy Based Management paradigm is the proposed solution to be applied at the CI interconnection points for information exchange. The proposed solution is being applied to the Security Mediation Gateway being developed in the European FP7 MICIE project, to allow for information exchange among interconnected CIs.

Strengthening Data Confidentiality and Integrity Protection in the Context of a Multi-Centric Information System Dedicated to Autism Spectrum Disorder.

PubMed

Ben Said, Mohamed; Robel, Laurence; Golse, Bernard; Jais, Jean Philippe

2017-01-01

Autism spectrum disorders (ASD) are complex neuro-developmental disorders affecting children in early age. Diagnosis relies on multidisciplinary investigations, in psychiatry, neurology, genetics, electrophysiology, neuro-imagery, audiology, and ophthalmology. To support clinicians, researchers, and public health decision makers, we developed an information system dedicated to ASD, called TEDIS. It was designed to manage systematic, exhaustive and continuous multi-centric patient data collection via secured internet connections. TEDIS will be deployed in nine ASD expert assessment centers in Ile-DeFrance district. We present security policy and infrastructure developed in context of TEDIS to protect patient privacy and clinical information. TEDIS security policy was organized around governance, ethical and organisational chart-agreement, patients consents, controlled user access, patients' privacy protection, constrained patients' data access. Security infrastructure was enriched by further technical solutions to reinforce ASD patients' privacy protection. Solutions were tested on local secured intranet environment and showed fluid functionality with consistent, transparent and safe encrypting-decrypting results.

Video calls from lay bystanders to dispatch centers - risk assessment of information security.

PubMed

Bolle, Stein R; Hasvold, Per; Henriksen, Eva

2011-09-30

Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

Video calls from lay bystanders to dispatch centers - risk assessment of information security

PubMed Central

2011-01-01

Background Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Methods Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Results Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Conclusions Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers. PMID:21958387

Investigation of Pressure Surges in Aircraft Hydraulic Systems

DTIC Science & Technology

1952-03-01

RESTRICTED Figure 2 TEST APPARATUS FOR CLOSED-END TUBE SYSTEM TESTS , r WADC TR52-37 10 SECURITY INFORMATION-RESTRICTED SECURITY INFORMATION -R ESTR ICTED...simplified circuitto--decrease the labor involved in circuit solutions by manual calculation. The circuit developed for the basic accumulator, valve

77 FR 4815 - Ace Info Solutions, Inc., and Information International Associates; Transfer of Data

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-31

... Confidential Business Information (CBI) by the submitter, will be transferred to Ace Info Solutions, Inc., and... Chemical Libraries and Repository; 4. Information architecture support, consultation on site structure and..., Business and industry, Government contracts, Government property, Security measures. Dated: January 19...

Secure quantum private information retrieval using phase-encoded queries

NASA Astrophysics Data System (ADS)

Olejnik, Lukasz

2011-08-01

We propose a quantum solution to the classical private information retrieval (PIR) problem, which allows one to query a database in a private manner. The protocol offers privacy thresholds and allows the user to obtain information from a database in a way that offers the potential adversary, in this model the database owner, no possibility of deterministically establishing the query contents. This protocol may also be viewed as a solution to the symmetrically private information retrieval problem in that it can offer database security (inability for a querying user to steal its contents). Compared to classical solutions, the protocol offers substantial improvement in terms of communication complexity. In comparison with the recent quantum private queries [Phys. Rev. Lett.PRLTAO0031-900710.1103/PhysRevLett.100.230502 100, 230502 (2008)] protocol, it is more efficient in terms of communication complexity and the number of rounds, while offering a clear privacy parameter. We discuss the security of the protocol and analyze its strengths and conclude that using this technique makes it challenging to obtain the unconditional (in the information-theoretic sense) privacy degree; nevertheless, in addition to being simple, the protocol still offers a privacy level. The oracle used in the protocol is inspired both by the classical computational PIR solutions as well as the Deutsch-Jozsa oracle.

Secure quantum private information retrieval using phase-encoded queries

DOE Office of Scientific and Technical Information (OSTI.GOV)

Olejnik, Lukasz

We propose a quantum solution to the classical private information retrieval (PIR) problem, which allows one to query a database in a private manner. The protocol offers privacy thresholds and allows the user to obtain information from a database in a way that offers the potential adversary, in this model the database owner, no possibility of deterministically establishing the query contents. This protocol may also be viewed as a solution to the symmetrically private information retrieval problem in that it can offer database security (inability for a querying user to steal its contents). Compared to classical solutions, the protocol offersmore » substantial improvement in terms of communication complexity. In comparison with the recent quantum private queries [Phys. Rev. Lett. 100, 230502 (2008)] protocol, it is more efficient in terms of communication complexity and the number of rounds, while offering a clear privacy parameter. We discuss the security of the protocol and analyze its strengths and conclude that using this technique makes it challenging to obtain the unconditional (in the information-theoretic sense) privacy degree; nevertheless, in addition to being simple, the protocol still offers a privacy level. The oracle used in the protocol is inspired both by the classical computational PIR solutions as well as the Deutsch-Jozsa oracle.« less

Security and Dependability Solutions for Web Services and Workflows

NASA Astrophysics Data System (ADS)

Kokolakis, Spyros; Rizomiliotis, Panagiotis; Benameur, Azzedine; Sinha, Smriti Kumar

In this chapter we present an innovative approach towards the design and application of Security and Dependability (S&D) solutions for Web services and service-based workflows. Recently, several standards have been published that prescribe S&D solutions for Web services, e.g. OASIS WS-Security. However,the application of these solutions in specific contexts has been proven problematic. We propose a new framework for the application of such solutions based on the SERENITY S&D Pattern concept. An S&D Pattern comprises all the necessary information for the implementation, verification, deployment, and active monitoring of an S&D Solution. Thus, system developers may rely on proven solutions that are dynamically deployed and monitored by the Serenity Runtime Framework. Finally, we further extend this approach to cover the case of executable workflows which are realised through the orchestration of Web services.

Petri net modeling of encrypted information flow in federated cloud

NASA Astrophysics Data System (ADS)

Khushk, Abdul Rauf; Li, Xiaozhong

2017-08-01

Solutions proposed and developed for the cost-effective cloud systems suffer from a combination of secure private clouds and less secure public clouds. Need to locate applications within different clouds poses a security risk to the information flow of the entire system. This study addresses this by assigning security levels of a given lattice to the entities of a federated cloud system. A dynamic flow sensitive security model featuring Bell-LaPadula procedures is explored that tracks and authenticates the secure information flow in federated clouds. Additionally, a Petri net model is considered as a case study to represent the proposed system and further validate the performance of the said system.

Teleradiology network system and computer-aided diagnosis workstation using the web medical image conference system with a new information security solution

NASA Astrophysics Data System (ADS)

Satoh, Hitoshi; Niki, Noboru; Eguchi, Kenji; Ohmatsu, Hironobu; Kaneko, Masahiro; Kakinuma, Ryutaru; Moriyama, Noriyuki

2011-03-01

We have developed the teleradiology network system with a new information security solution that provided with web medical image conference system. In the teleradiology network system, the security of information network is very important subjects. We are studying the secret sharing scheme as a method safely to store or to transmit the confidential medical information used with the teleradiology network system. The confidential medical information is exposed to the risk of the damage and intercept. Secret sharing scheme is a method of dividing the confidential medical information into two or more tallies. Individual medical information cannot be decoded by using one tally at all. Our method has the function of RAID. With RAID technology, if there is a failure in a single tally, there is redundant data already copied to other tally. Confidential information is preserved at an individual Data Center connected through internet because individual medical information cannot be decoded by using one tally at all. Therefore, even if one of the Data Centers is struck and information is damaged, the confidential medical information can be decoded by using the tallies preserved at the data center to which it escapes damage. We can safely share the screen of workstation to which the medical image of Data Center is displayed from two or more web conference terminals at the same time. Moreover, Real time biometric face authentication system is connected with Data Center. Real time biometric face authentication system analyzes the feature of the face image of which it takes a picture in 20 seconds with the camera and defends the safety of the medical information. We propose a new information transmission method and a new information storage method with a new information security solution.

Computer-aided diagnosis workstation and teleradiology network system for chest diagnosis using the web medical image conference system with a new information security solution

NASA Astrophysics Data System (ADS)

Satoh, Hitoshi; Niki, Noboru; Eguchi, Kenji; Ohmatsu, Hironobu; Kaneko, Masahiro; Kakinuma, Ryutaro; Moriyama, Noriyuki

2010-03-01

Diagnostic MDCT imaging requires a considerable number of images to be read. Moreover, the doctor who diagnoses a medical image is insufficient in Japan. Because of such a background, we have provided diagnostic assistance methods to medical screening specialists by developing a lung cancer screening algorithm that automatically detects suspected lung cancers in helical CT images, a coronary artery calcification screening algorithm that automatically detects suspected coronary artery calcification and a vertebra body analysis algorithm for quantitative evaluation of osteoporosis. We also have developed the teleradiology network system by using web medical image conference system. In the teleradiology network system, the security of information network is very important subjects. Our teleradiology network system can perform Web medical image conference in the medical institutions of a remote place using the web medical image conference system. We completed the basic proof experiment of the web medical image conference system with information security solution. We can share the screen of web medical image conference system from two or more web conference terminals at the same time. An opinion can be exchanged mutually by using a camera and a microphone that are connected with the workstation that builds in some diagnostic assistance methods. Biometric face authentication used on site of teleradiology makes "Encryption of file" and "Success in login" effective. Our Privacy and information security technology of information security solution ensures compliance with Japanese regulations. As a result, patients' private information is protected. Based on these diagnostic assistance methods, we have developed a new computer-aided workstation and a new teleradiology network that can display suspected lesions three-dimensionally in a short time. The results of this study indicate that our radiological information system without film by using computer-aided diagnosis workstation and our teleradiology network system can increase diagnostic speed, diagnostic accuracy and security improvement of medical information.

Experimental Physical Sciences Vitae 2017

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kippen, Karen Elizabeth; Del Mauro, Diana; Patterson, Eileen Frances

Frequently our most basic research experiments stimulate solutions for some of the most intractable national security problems, such as nuclear weapons stewardship, homeland security, intelligence and information analysis, and nuclear and alternative energy. This publication highlights our talented and creative staff who deliver solutions to these complex scientific and technological challenges by conducting cutting-edge multidisciplinary physical science research.

A security mediator for health care information.

PubMed Central

Wiederhold, G.; Bilello, M.; Sarathy, V.; Qian, X.

1996-01-01

The TIHI (Trusted Interoperation of Healthcare Information) project addresses a security issue that arises when some information is being shared among collaborating enterprises, although not all enterprise information is sharable. It assumes that protection exists to prevent intrusion by adversaries through secure transmission and firewalls. The TIHI system design provides a gateway, owned by the enterprise security officer, to mediate queries and responses. The latter are typically transmitted via the Internet. The enterprise policy is determined by rules provided to the mediator. We show examples of typical rules. The problem and our solution, although developed in a healthcare context, is equally valid among collaborating enterprises. PMID:8947640

78 FR 4175 - Eco Global Corporation, Execute Sports, Inc., FacePrint Global Solutions, Inc., FinancialContent...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-18

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Eco Global Corporation, Execute Sports, Inc., FacePrint Global Solutions, Inc., FinancialContent, Inc., and Firstgold Corp.; Order of Suspension of Trading January 16, 2013. It appears to the Securities and Exchange Commission that there is a lack of current and accurate information concerning...

77 FR 58424 - Drucker, Inc., DynaMotive Energy Systems Corp., and Gate to Wire Solutions, Inc., Order of...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-20

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Drucker, Inc., DynaMotive Energy Systems Corp., and Gate to Wire Solutions, Inc., Order of Suspension of Trading September 18, 2012. It appears to the... that there is a lack of current and accurate information concerning the securities of Gate to Wire...

Secure Infrastructure-Less Network (SINET)

DTIC Science & Technology

2017-06-01

Protocol CNSA Commercial National Security Algorithm COMSEC Communications Security COTS Commercial off the Shelf CSfC Commercial Solutions for...ABSTRACT (maximum 200 words) Military leaders and first responders desire the familiarity of commercial -off-the-shelf lightweight mobile devices while...since they lack reliable or secure communication infrastructure. Routine and simple mobile information-sharing tasks become a challenge over the

Managing security risks for inter-organisational information systems: a multiagent collaborative model

NASA Astrophysics Data System (ADS)

Feng, Nan; Wu, Harris; Li, Minqiang; Wu, Desheng; Chen, Fuzan; Tian, Jin

2016-09-01

Information sharing across organisations is critical to effectively managing the security risks of inter-organisational information systems. Nevertheless, few previous studies on information systems security have focused on inter-organisational information sharing, and none have studied the sharing of inferred beliefs versus factual observations. In this article, a multiagent collaborative model (MACM) is proposed as a practical solution to assess the risk level of each allied organisation's information system and support proactive security treatment by sharing beliefs on event probabilities as well as factual observations. In MACM, for each allied organisation's information system, we design four types of agents: inspection agent, analysis agent, control agent, and communication agent. By sharing soft findings (beliefs) in addition to hard findings (factual observations) among the organisations, each organisation's analysis agent is capable of dynamically predicting its security risk level using a Bayesian network. A real-world implementation illustrates how our model can be used to manage security risks in distributed information systems and that sharing soft findings leads to lower expected loss from security risks.

A novel quantum scheme for secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Zhong, Hong; Cui, Jie; Zhang, Shun

2017-12-01

Secure multiparty computational geometry is an essential field of secure multiparty computation, which computes a computation geometric problem without revealing any private information of each party. Secure two-party distance computation is a primitive of secure multiparty computational geometry, which computes the distance between two points without revealing each point's location information (i.e., coordinate). Secure two-party distance computation has potential applications with high secure requirements in military, business, engineering and so on. In this paper, we present a quantum solution to secure two-party distance computation by subtly using quantum private query. Compared to the classical related protocols, our quantum protocol can ensure higher security and better privacy protection because of the physical principle of quantum mechanics.

Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems.

PubMed

Mishra, Dheerendra

2015-03-01

Smart card based authentication and key agreement schemes for telecare medicine information systems (TMIS) enable doctors, nurses, patients and health visitors to use smart cards for secure login to medical information systems. In recent years, several authentication and key agreement schemes have been proposed to present secure and efficient solution for TMIS. Most of the existing authentication schemes for TMIS have either higher computation overhead or are vulnerable to attacks. To reduce the computational overhead and enhance the security, Lee recently proposed an authentication and key agreement scheme using chaotic maps for TMIS. Xu et al. also proposed a password based authentication and key agreement scheme for TMIS using elliptic curve cryptography. Both the schemes provide better efficiency from the conventional public key cryptography based schemes. These schemes are important as they present an efficient solution for TMIS. We analyze the security of both Lee's scheme and Xu et al.'s schemes. Unfortunately, we identify that both the schemes are vulnerable to denial of service attack. To understand the security failures of these cryptographic schemes which are the key of patching existing schemes and designing future schemes, we demonstrate the security loopholes of Lee's scheme and Xu et al.'s scheme in this paper.

Information security for compliance with select agent regulations.

PubMed

Lewis, Nick; Campbell, Mark J; Baskin, Carole R

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

Information Security for Compliance with Select Agent Regulations

PubMed Central

Lewis, Nick; Campbell, Mark J.

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

An enhanced security solution for electronic medical records based on AES hybrid technique with SOAP/XML and SHA-1.

PubMed

Kiah, M L Mat; Nabi, Mohamed S; Zaidan, B B; Zaidan, A A

2013-10-01

This study aims to provide security solutions for implementing electronic medical records (EMRs). E-Health organizations could utilize the proposed method and implement recommended solutions in medical/health systems. Majority of the required security features of EMRs were noted. The methods used were tested against each of these security features. In implementing the system, the combination that satisfied all of the security features of EMRs was selected. Secure implementation and management of EMRs facilitate the safeguarding of the confidentiality, integrity, and availability of e-health organization systems. Health practitioners, patients, and visitors can use the information system facilities safely and with confidence anytime and anywhere. After critically reviewing security and data transmission methods, a new hybrid method was proposed to be implemented on EMR systems. This method will enhance the robustness, security, and integration of EMR systems. The hybrid of simple object access protocol/extensible markup language (XML) with advanced encryption standard and secure hash algorithm version 1 has achieved the security requirements of an EMR system with the capability of integrating with other systems through the design of XML messages.

SHI(EL)DS: A Novel Hardware-Based Security Backplane to Enhance Security with Minimal Impact to System Operation

DTIC Science & Technology

2008-03-01

executables. The current roadblock to detecting Type I Malware consistantly is the practice of legitimate software , such as antivirus programs, using this... Software Security Systems . . 31 3.2.2 Advantages of Hardware . . . . . . . . . . . . . 32 3.2.3 Trustworthiness of Information . . . . . . . . . 33...Towards a Hardware Security Backplane . . . . . . . . . 42 IV. Review of State of the Art Computer Security Solutions . . . . . 46 4.1 Software

Using information technology for an improved pharmaceutical care delivery in developing countries. Study case: Benin.

PubMed

Edoh, Thierry Oscar; Teege, Gunnar

2011-10-01

One of the problems in health care in developing countries is the bad accessibility of medicine in pharmacies for patients. Since this is mainly due to a lack of organization and information, it should be possible to improve the situation by introducing information and communication technology. However, for several reasons, standard solutions are not applicable here. In this paper, we describe a case study in Benin, a West African developing country. We identify the problem and the existing obstacles for applying standard ECommerce solutions. We develop an adapted system approach and describe a practical test which has shown that the approach has the potential of actually improving the pharmaceutical care delivery. Finally, we consider the security aspects of the system and propose an organizational solution for some specific security problems.

Securing Location Services Infrastructures: Practical Criteria for Application Developers and Solutions Architects

ERIC Educational Resources Information Center

Karamanian, Andre

2013-01-01

This qualitative, exploratory, normative study examined the security and privacy of location based services in mobile applications. This study explored risk, and controls to implement privacy and security. This study was addressed using components of the FIPS Risk Management Framework. This study found that risk to location information was…

Ver-i-Fus: an integrated access control and information monitoring and management system

NASA Astrophysics Data System (ADS)

Thomopoulos, Stelios C.; Reisman, James G.; Papelis, Yiannis E.

1997-01-01

This paper describes the Ver-i-Fus Integrated Access Control and Information Monitoring and Management (IAC-I2M) system that INTELNET Inc. has developed. The Ver-i-Fus IAC-I2M system has been designed to meet the most stringent security and information monitoring requirements while allowing two- way communication between the user and the system. The systems offers a flexible interface that permits to integrate practically any sensing device, or combination of sensing devices, including a live-scan fingerprint reader, thus providing biometrics verification for enhanced security. Different configurations of the system provide solutions to different sets of access control problems. The re-configurable hardware interface, tied together with biometrics verification and a flexible interface that allows to integrate Ver-i-Fus with an MIS, provide an integrated solution to security, time and attendance, labor monitoring, production monitoring, and payroll applications.

Compliance with HIPAA security standards in U.S. Hospitals.

PubMed

Davis, Diane; Having, Karen

2006-01-01

With the widespread use of computer networks, the amount of information stored electronically has grown exponentially, resulting in increased concern for privacy and security of information. The healthcare industry has been put to the test with the federally mandated Health Insurance Portability and Accountability Act (HIPAA) of 1996. To assess the compliance status of HIPAA security standards, a random sample of 1,000 U.S. hospitals was surveyed in January 2004, yielding a return rate of 29 percent. One year later, a follow-up survey was sent to all previous respondents, with 50 percent replying. HIPAA officers'perceptions of security compliance in 2004 and 2005 are compared in this article. The security standards achieving the highest level of compliance in both 2004 and 2005 were obtaining required business associate agreements and physical safeguards to limit access to electronic information systems. Respondents indicated least compliance both years in performing periodic evaluation of security practices governed by the Security Rule. Roadblocks, threats, problems and solutions regarding HIPAA compliance are discussed. This information may be applied to current and future strategies toward maintaining security of information systems throughout the healthcare industry.

A Low-Cost and Secure Solution for e-Commerce

NASA Astrophysics Data System (ADS)

Pasquet, Marc; Vacquez, Delphine; Rosenberger, Christophe

We present in this paper a new architecture for remote banking and e-commerce applications. The proposed solution is designed to be low cost and provides some good guarantees of security for a client and his bank issuer. Indeed, the main problem for an issuer is to identify and authenticate one client (a cardholder) using his personal computer through the web when this client wants to access to remote banking services or when he wants to pay on a e-commerce site equipped with 3D-secure payment solution. The proposed solution described in this paper is MasterCard Chip Authentication Program compliant and was experimented in the project called SOPAS. The main contribution of this system consists in the use of a smartcard with a I2C bus that pilots a terminal only equipped with a screen and a keyboard. During the use of services, the user types his PIN code on the keyboard and all the security part of the transaction is performed by the chip of the smartcard. None information of security stays on the personal computer and a dynamic token created by the card is sent to the bank and verified by the front end. We present first the defined methodology and we analyze the main security aspects of the proposed solution.

Security Protection on Trust Delegated Data in Public Mobile Networks

NASA Astrophysics Data System (ADS)

Weerasinghe, Dasun; Rajarajan, Muttukrishnan; Rakocevic, Veselin

This paper provides detailed solutions for trust delegation and security protection for medical records in public mobile communication networks. The solutions presented in this paper enable the development of software for mobile devices that can be used by emergency medical units in urgent need of sensitive personal information about unconscious patients. In today's world, technical improvements in mobile communication systems mean that users can expect to have access to data at any time regardless of their location. This paper presents a token-based procedure for the data security at a mobile device and delegation of trust between a requesting mobile unit and secure medical data storage. The data security at the mobile device is enabled using identity based key generation methodology.

Meeting the security requirements of electronic medical records in the ERA of high-speed computing.

PubMed

Alanazi, H O; Zaidan, A A; Zaidan, B B; Kiah, M L Mat; Al-Bakri, S H

2015-01-01

This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

Security and privacy in molecular communication and networking: opportunities and challenges.

PubMed

Loscrí, Valeria; Marchal, César; Mitton, Nathalie; Fortino, Giancarlo; Vasilakos, Athanasios V

2014-09-01

Molecular Communication (MC) is an emerging and promising communication paradigm for several multi-disciplinary domains like bio-medical, industry and military. Differently to the traditional communication paradigm, the information is encoded on the molecules, that are then used as carriers of information. Novel approaches related to this new communication paradigm have been proposed, mainly focusing on architectural aspects and categorization of potential applications. So far, security and privacy aspects related to the molecular communication systems have not been investigated at all and represent an open question that need to be addressed. The main motivation of this paper lies on providing some first insights about security and privacy aspects of MC systems, by highlighting the open issues and challenges and above all by outlining some specific directions of potential solutions. Existing cryptographic methods and security approaches are not suitable for MC systems since do not consider the pecific issues and challenges, that need ad-hoc solutions. We will discuss directions in terms of potential solutions by trying to highlight the main advantages and potential drawbacks for each direction considered. We will try to answer to the main questions: 1) why this solution can be exploited in the MC field to safeguard the system and its reliability? 2) which are the main issues related to the specific approach?

A security framework for nationwide health information exchange based on telehealth strategy.

PubMed

Zaidan, B B; Haiqi, Ahmed; Zaidan, A A; Abdulnabi, Mohamed; Kiah, M L Mat; Muzamel, Hussaen

2015-05-01

This study focuses on the situation of health information exchange (HIE) in the context of a nationwide network. It aims to create a security framework that can be implemented to ensure the safe transmission of health information across the boundaries of care providers in Malaysia and other countries. First, a critique of the major elements of nationwide health information networks is presented from the perspective of security, along with such topics as the importance of HIE, issues, and main approaches. Second, a systematic evaluation is conducted on the security solutions that can be utilized in the proposed nationwide network. Finally, a secure framework for health information transmission is proposed within a central cloud-based model, which is compatible with the Malaysian telehealth strategy. The outcome of this analysis indicates that a complete security framework for a global structure of HIE is yet to be defined and implemented. Our proposed framework represents such an endeavor and suggests specific techniques to achieve this goal.

Implantable electronics: emerging design issues and an ultra light-weight security solution.

PubMed

Narasimhan, Seetharam; Wang, Xinmu; Bhunia, Swarup

2010-01-01

Implantable systems that monitor biological signals require increasingly complex digital signal processing (DSP) electronics for real-time in-situ analysis and compression of the recorded signals. While it is well-known that such signal processing hardware needs to be implemented under tight area and power constraints, new design requirements emerge with their increasing complexity. Use of nanoscale technology shows tremendous benefits in implementing these advanced circuits due to dramatic improvement in integration density and power dissipation per operation. However, it also brings in new challenges such as reliability and large idle power (due to higher leakage current). Besides, programmability of the device as well as security of the recorded information are rapidly becoming major design considerations of such systems. In this paper, we analyze the emerging issues associated with the design of the DSP unit in an implantable system. Next, we propose a novel ultra light-weight solution to address the information security issue. Unlike the conventional information security approaches like data encryption, which come at large area and power overhead and hence are not amenable for resource-constrained implantable systems, we propose a multilevel key-based scrambling algorithm, which exploits the nature of the biological signal to effectively obfuscate it. Analysis of the proposed algorithm in the context of neural signal processing and its hardware implementation shows that we can achieve high level of security with ∼ 13X lower power and ∼ 5X lower area overhead than conventional cryptographic solutions.

Securing the communication of medical information using local biometric authentication and commercial wireless links.

PubMed

Ivanov, Vladimir I; Yu, Paul L; Baras, John S

2010-09-01

Medical information is extremely sensitive in nature - a compromise, such as eavesdropping or tampering by a malicious third party, may result in identity theft, incorrect diagnosis and treatment, and even death. Therefore, it is important to secure the transfer of medical information from the patient to the recording system. We consider a portable, wireless device transferring medical information to a remote server. We decompose this problem into two sub-problems and propose security solutions to each of them: (1) to secure the link between the patient and the portable device, and (2) to secure the link between the portable device and the network. Thus we push the limits of the network security to the edge by authenticating the user using their biometric information; authenticating the device to the network at the physical layer; and strengthening the security of the wireless link with a key exchange mechanism. The proposed authentication methods can be used for recording the readings of medical data in a central database and for accessing medical records in various settings.

Secure Cloud-Based Solutions for Different eHealth Services in Spanish Rural Health Centers.

PubMed

de la Torre-Díez, Isabel; Lopez-Coronado, Miguel; Garcia-Zapirain Soto, Begonya; Mendez-Zorrilla, Amaia

2015-07-27

The combination of eHealth applications and/or services with cloud technology provides health care staff—with sufficient mobility and accessibility for them—to be able to transparently check any data they may need without having to worry about its physical location. The main aim of this paper is to put forward secure cloud-based solutions for a range of eHealth services such as electronic health records (EHRs), telecardiology, teleconsultation, and telediagnosis. The scenario chosen for introducing the services is a set of four rural health centers located within the same Spanish region. iCanCloud software was used to perform simulations in the proposed scenario. We chose online traffic and the cost per unit in terms of time as the parameters for choosing the secure solution on the most optimum cloud for each service. We suggest that load balancers always be fitted for all solutions in communication together with several Internet service providers and that smartcards be used to maintain identity to an appropriate extent. The solutions offered via private cloud for EHRs, teleconsultation, and telediagnosis services require a volume of online traffic calculated at being able to reach 2 Gbps per consultation. This may entail an average cost of €500/month. The security solutions put forward for each eHealth service constitute an attempt to centralize all information on the cloud, thus offering greater accessibility to medical information in the case of EHRs alongside more reliable diagnoses and treatment for telecardiology, telediagnosis, and teleconsultation services. Therefore, better health care for the rural patient can be obtained at a reasonable cost.

Report to Congress on innovative safety and security technology solutions for alternative transportation facilities

DOT National Transportation Integrated Search

2017-05-01

This research collected information on the frequency and impact of safety and security incidents (threats) at selected facilities and identified priority incidents at each facility. A customized all hazards approach was used to determine the ha...

Protecting Sensitive Information in Directory Services Using Virtual Directories

NASA Astrophysics Data System (ADS)

Claycomb, William; Shin, Dongwan

Directory services are commonly used to store information related to individuals, and often act as a source for security services, such as authentication and access control, in collaborative applications within/across organizations. Hence, there is an urgent need to protect the sensitive information they contain. Existing solutions offer minimal protection against insider attacks, a growing threat to both government and industry data services. In this paper we present a solution for data protection that leverages virtual directories and data encryption to provide a user-centric approach to data protection, delegation, and collaboration. A security architecture is presented, along with the discussion of the benefits and vulnerabilities of our approach. We also discuss a proof-of-concept implementation and performance testing results.

Eavesdropping-aware routing and spectrum allocation based on multi-flow virtual concatenation for confidential information service in elastic optical networks

NASA Astrophysics Data System (ADS)

Bai, Wei; Yang, Hui; Yu, Ao; Xiao, Hongyun; He, Linkuan; Feng, Lei; Zhang, Jie

2018-01-01

The leakage of confidential information is one of important issues in the network security area. Elastic Optical Networks (EON) as a promising technology in the optical transport network is under threat from eavesdropping attacks. It is a great demand to support confidential information service (CIS) and design efficient security strategy against the eavesdropping attacks. In this paper, we propose a solution to cope with the eavesdropping attacks in routing and spectrum allocation. Firstly, we introduce probability theory to describe eavesdropping issue and achieve awareness of eavesdropping attacks. Then we propose an eavesdropping-aware routing and spectrum allocation (ES-RSA) algorithm to guarantee information security. For further improving security and network performance, we employ multi-flow virtual concatenation (MFVC) and propose an eavesdropping-aware MFVC-based secure routing and spectrum allocation (MES-RSA) algorithm. The presented simulation results show that the proposed two RSA algorithms can both achieve greater security against the eavesdropping attacks and MES-RSA can also improve the network performance efficiently.

Effectiveness of Using a Change Management Approach to Convey the Benefits of an Information Security Implementation to Technology Users

ERIC Educational Resources Information Center

Bennett, Jeannine B.

2012-01-01

This study addressed the problems associated with users' understanding, accepting, and complying with requirements of security-oriented solutions. The goal of the research was not to dispute existing theory on IT project implementations, but rather to further the knowledge on the topic of technology user acceptance of security-oriented IT…

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

PubMed

Bernik, Igor; Prislan, Kaja

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

Mobile, portable lightweight wireless video recording solutions for homeland security, defense, and law enforcement applications

NASA Astrophysics Data System (ADS)

Sandy, Matt; Goldburt, Tim; Carapezza, Edward M.

2015-05-01

It is desirable for executive officers of law enforcement agencies and other executive officers in homeland security and defense, as well as first responders, to have some basic information about the latest trend on mobile, portable lightweight wireless video recording solutions available on the market. This paper reviews and discusses a number of studies on the use and effectiveness of wireless video recording solutions. It provides insights into the features of wearable video recording devices that offer excellent applications for the category of security agencies listed in this paper. It also provides answers to key questions such as: how to determine the type of video recording solutions most suitable for the needs of your agency, the essential features to look for when selecting a device for your video needs, and the privacy issues involved with wearable video recording devices.

Do You Lock Your Network Doors? Some Network Management Precautions.

ERIC Educational Resources Information Center

Neray, Phil

1997-01-01

Discusses security problems and solutions for networked organizations with Internet connections. Topics include access to private networks from electronic mail information; computer viruses; computer software; corporate espionage; firewalls, that is computers that stand between a local network and the Internet; passwords; and physical security.…

Security analysis of cyber-physical system

NASA Astrophysics Data System (ADS)

Li, Bo; Zhang, Lichen

2017-05-01

In recent years, Cyber-Physical System (CPS) has become an important research direction of academic circles and scientific and technological circles at home and abroad, is considered to be following the third wave of world information technology after the computer, the Internet. PS is a multi-dimensional, heterogeneous, deep integration of open systems, Involving the computer, communication, control and other disciplines of knowledge. As the various disciplines in the research theory and methods are significantly different, so the application of CPS has brought great challenges. This paper introduces the definition and characteristics of CPS, analyzes the current situation of CPS, analyzes the security threats faced by CPS, and gives the security solution for security threats. It also discusses CPS-specific security technology, to promote the healthy development of CPS in information security.

Problems of collaborative work of the automated process control system (APCS) and the its information security and solutions.

NASA Astrophysics Data System (ADS)

Arakelyan, E. K.; Andryushin, A. V.; Mezin, S. V.; Kosoy, A. A.; Kalinina, Ya V.; Khokhlov, I. S.

2017-11-01

The principle of interaction of the specified systems of technological protections by the Automated process control system (APCS) and information safety in case of incorrect execution of the algorithm of technological protection is offered. - checking the correctness of the operation of technological protection in each specific situation using the functional relationship between the monitored parameters. The methodology for assessing the economic feasibility of developing and implementing an information security system.

Efficient and secure outsourcing of genomic data storage.

PubMed

Sousa, João Sá; Lefebvre, Cédric; Huang, Zhicong; Raisaro, Jean Louis; Aguilar-Melchor, Carlos; Killijian, Marc-Olivier; Hubaux, Jean-Pierre

2017-07-26

Cloud computing is becoming the preferred solution for efficiently dealing with the increasing amount of genomic data. Yet, outsourcing storage and processing sensitive information, such as genomic data, comes with important concerns related to privacy and security. This calls for new sophisticated techniques that ensure data protection from untrusted cloud providers and that still enable researchers to obtain useful information. We present a novel privacy-preserving algorithm for fully outsourcing the storage of large genomic data files to a public cloud and enabling researchers to efficiently search for variants of interest. In order to protect data and query confidentiality from possible leakage, our solution exploits optimal encoding for genomic variants and combines it with homomorphic encryption and private information retrieval. Our proposed algorithm is implemented in C++ and was evaluated on real data as part of the 2016 iDash Genome Privacy-Protection Challenge. Results show that our solution outperforms the state-of-the-art solutions and enables researchers to search over millions of encrypted variants in a few seconds. As opposed to prior beliefs that sophisticated privacy-enhancing technologies (PETs) are unpractical for real operational settings, our solution demonstrates that, in the case of genomic data, PETs are very efficient enablers.

Secure Cloud-Based Solutions for Different eHealth Services in Spanish Rural Health Centers

PubMed Central

2015-01-01

Background The combination of eHealth applications and/or services with cloud technology provides health care staff—with sufficient mobility and accessibility for them—to be able to transparently check any data they may need without having to worry about its physical location. Objective The main aim of this paper is to put forward secure cloud-based solutions for a range of eHealth services such as electronic health records (EHRs), telecardiology, teleconsultation, and telediagnosis. Methods The scenario chosen for introducing the services is a set of four rural health centers located within the same Spanish region. iCanCloud software was used to perform simulations in the proposed scenario. We chose online traffic and the cost per unit in terms of time as the parameters for choosing the secure solution on the most optimum cloud for each service. Results We suggest that load balancers always be fitted for all solutions in communication together with several Internet service providers and that smartcards be used to maintain identity to an appropriate extent. The solutions offered via private cloud for EHRs, teleconsultation, and telediagnosis services require a volume of online traffic calculated at being able to reach 2 Gbps per consultation. This may entail an average cost of €500/month. Conclusions The security solutions put forward for each eHealth service constitute an attempt to centralize all information on the cloud, thus offering greater accessibility to medical information in the case of EHRs alongside more reliable diagnoses and treatment for telecardiology, telediagnosis, and teleconsultation services. Therefore, better health care for the rural patient can be obtained at a reasonable cost. PMID:26215155

Command and Control Concepts and Solutions for Major Events Safety and Security: Lessons Learned from the Canadian Experience with Vancouver 2010 and G8/G20 Events

DTIC Science & Technology

2011-06-01

discuss best practices and the prerogatives of major events C2 solutions. In section 6, we present the conclusion. 2 Complexity of the Command and Control...best practices for sharing information, standard operating procedure (SOPs) and response plans have been investigated through formal studies and an...and contributed to the deployment of an information sharing solution on Command Network. This solution was based on Microsoft SharePoint. The team

Aerial secure display by use of polarization-processing display with retarder film and retro-reflector

NASA Astrophysics Data System (ADS)

Ito, Shusei; Uchida, Keitaro; Mizushina, Haruki; Suyama, Shiro; Yamamoto, Hirotsugu

2017-02-01

Security is one of the big issues in automated teller machine (ATM). In ATM, two types of security have to be maintained. One is to secure displayed information. The other is to secure screen contamination. This paper gives a solution for these two security issues. In order to secure information against peeping at the screen, we utilize visual cryptography for displayed information and limit the viewing zone. Furthermore, an aerial information screen with aerial imaging by retro-reflection, named AIRR enables users to avoid direct touch on the information screen. The purpose of this paper is to propose an aerial secure display technique that ensures security of displayed information as well as security against contamination problem on screen touch. We have developed a polarization-processing display that is composed of a backlight, a polarizer, a background LCD panel, a gap, a half-wave retarder, and a foreground LCD panel. Polarization angle is rotated with the LCD panels. We have constructed a polarization encryption code set. Size of displayed images are designed to limit the viewing position. Furthermore, this polarization-processing display has been introduced into our aerial imaging optics, which employs a reflective polarizer and a retro-reflector covered with a quarter-wave retarder. Polarization-modulated light forms the real image over the reflective polarizer. We have successfully formed aerial information screen that shows the secret image with a limited viewing position. This is the first realization of aerial secure display by use of polarization-processing display with retarder-film and retro-reflector.

Security Attacks and Solutions in Electronic Health (E-health) Systems.

PubMed

Zeadally, Sherali; Isaac, Jesús Téllez; Baig, Zubair

2016-12-01

For centuries, healthcare has been a basic service provided by many governments to their citizens. Over the past few decades, we have witnessed a significant transformation in the quality of healthcare services provided by healthcare organizations and professionals. Recent advances have led to the emergence of Electronic Health (E-health), largely made possible by the massive deployment and adoption of information and communication technologies (ICTs). However, cybercriminals and attackers are exploiting vulnerabilities associated primarily with ICTs, causing data breaches of patients' confidential digital health information records. Here, we review recent security attacks reported for E-healthcare and discuss the solutions proposed to mitigate them. We also identify security challenges that must be addressed by E-health system designers and implementers in the future, to respond to threats that could arise as E-health systems become integrated with technologies such as cloud computing, the Internet of Things, and smart cities.

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation

PubMed Central

2016-01-01

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model—ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it’s recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes. PMID:27655001

Enabling the MLSpOC (Multi-Level Space Operations Center) of the Future

NASA Astrophysics Data System (ADS)

Missal, D.

2012-09-01

The Intelligence Reform and Terrorism Prevention Act, passed by Congress in 2004, established the expectation that the "vast intelligence enterprise" of the United States would become more unified, coordinated, and effective. This law charged the intelligence community and government agencies to integrate foreign intelligence and domestic US intelligence components to reduce gaps in understanding threats to our national security and to improve our reaction. This intelligence strategy — designed to provide more comprehensive and accurate intelligence analysis—substantially increases requirements for secure data sharing capabilities. An information system must be Certified & Accredited (C&A) by the appropriate Accreditation Authority in accordance with each Authority's prescribed compliance requirements and governance. Cross-Domain Solutions (CDSs) can provide the ability to share data between multiple operating domains (e.g. among users on Top Secret and Secret networks). However, sharing sensitive data across security domains and networks has been impeded by both technical and cultural challenges. A viable CDS requires a tremendous investment for initial C&A and many solutions are limited with respect to the integration of an organization's applications. As a result, most of today's highly secured systems have been designed to restrict access to entire user populations rather than implement data sharing on the basis of mandatory access controls and an individual's need-to-know. Most CDSs today are based on one-way replication through data transfer guards that copy data from one network to another. This model inherently builds in additional and extensive Operations and Maintenance (O&M) costs. Oracle's National Security Group challenged its top engineers and security architects to engineer the first Cross-Domain database providing a practical and robust solution to the Cross-Domain security problem. The result is the MLSpOC, which is deployed, fielded, and accredited today at multiple sites both CONUS and OCONUS. It is designed to assist information systems developers achieve DCID 6/3 Protection Level 4 or 5 (PL4 or PL5) or DoD SABI C&A for SECRET-to-UNCLASSIFIED systems (PL3). The product is on the DoD/DNI Unified Cross-domain Management Office's (UCDMO) Baseline of accredited solutions, and is the only solution on the Baseline which the Government considers to be an "All-in-One" approach to the Cross-domain Security challenge. Our solution is also the only PL-4 Cloud in existence and that is deployed and operational in the entire world today (at DIA). The Space marketplace is a very unique cross-domain challenge, as a need exists for Unclassified SSA Data Sharing at a deeper and more fundamental level than anywhere else in the IC or DoD. For instance, certain Agencies and/or Programs have a requirement to share information with Partner Nations that are not considered to be "friendly" (e.g. China). Our Solution is the ONLY solution in the world today that's achieved C&A, and that is uniquely positioned to enable the Multi-level Space Operations Center (MLSpOC) of the Future.

IoT security with one-time pad secure algorithm based on the double memory technique

NASA Astrophysics Data System (ADS)

Wiśniewski, Remigiusz; Grobelny, Michał; Grobelna, Iwona; Bazydło, Grzegorz

2017-11-01

Secure encryption of data in Internet of Things is especially important as many information is exchanged every day and the number of attack vectors on IoT elements still increases. In the paper a novel symmetric encryption method is proposed. The idea bases on the one-time pad technique. The proposed solution applies double memory concept to secure transmitted data. The presented algorithm is considered as a part of communication protocol and it has been initially validated against known security issues.

Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium.

PubMed

Somasundaram, M; Sivakumar, R

2015-01-01

Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security.

Rapid Equipping Force (REF) Analytical Support

DTIC Science & Technology

2007-06-01

document contains color images. 14. ABSTRACT 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT UU 18. NUMBER OF PAGES 44...interface and performs actions via Excel formulae, ActiveX controls, and VBA code. – Plan to provide both simple and complex weighting and scoring methods...Requirements Quad Chart. –Solution Set Information Worksheet: A spreadsheet containing detailed information concerning every potential solution considered

A Goal VPN Protection Profile for Protecting Sensitive Information

DTIC Science & Technology

2000-07-10

security for the systems in which they are used. Nothing could be further from the truth . There are no perfect security solutions, and no...establishment/termination, failures, and errors); • provide for directly connected (local hard -wire connection) and remote (over the network) interfaces... the TOERU is left unattended procedures such as media encryption or secure storage of the hard drive, will be used to insure the protection of stored

Geostationary Orbital Crowding: An Analysis of Problems and Solutions

DTIC Science & Technology

1990-05-16

PAGES 237 16. PRICE CODE 17. SECURITY CLASSIFICATION 18. SECURITY CLASSIFICATION 19. SECURITY CLASSIFICATION 20. LIMITATION OF ABSTRACT OF REPORT OF...later chapters. Those with technical backgrounds may still wish to skim this chapter as kind of a refresher of rarely used information. The purpose of...increased, by economic reason, so must supply. Basically, when prices are high the market will drive the availability of new resources 5 through

Security System Software

NASA Technical Reports Server (NTRS)

1993-01-01

C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.

Secure remote synchronization and secure key distribution in electro-optic networks revealed by symmetries

NASA Astrophysics Data System (ADS)

Xu, Mingfeng; Pan, Wei; Zhang, Liyue

2018-07-01

Despite the intuition that synchronization of different nodes in coupled oscillator networks results from information exchange between them, it has recently been shown that remote nodes could be partially synchronous even when they are separated by intermediately unsynchronized nodes. Here based on electro-optic system, we report on a more stronger form of such synchronization pattern that is termed as secure remote synchronization, in which two remotely separated nodes could have identically synchronized dynamical behaviors while the rest of the network are both statistically and information-theoretically incoherent relative to the two synchronized nodes. The generalized form of mirror symmetry in the network structure is identified to be a key mechanism allowing for secure remote synchronization. Moreover, this synchronization mode is robust against a wild range of system parameters and noise perturbing the intermediary dynamics. The lack of information about the synchronized dynamics in the rest of the network suggests that our results could potentially lead to network-based solutions for secure key distribution and secure communication.

A Game Theory Based Solution for Security Challenges in CRNs

NASA Astrophysics Data System (ADS)

Poonam; Nagpal, Chander Kumar

2018-03-01

Cognitive radio networks (CRNs) are being envisioned to drive the next generation Ad hoc wireless networks due to their ability to provide communications resilience in continuously changing environments through the use of dynamic spectrum access. Conventionally CRNs are dependent upon the information gathered by other secondary users to ensure the accuracy of spectrum sensing making them vulnerable to security attacks leading to the need of security mechanisms like cryptography and trust. However, a typical cryptography based solution is not a viable security solution for CRNs owing to their limited resources. Effectiveness of trust based approaches has always been, in question, due to credibility of secondary trust resources. Game theory with its ability to optimize in an environment of conflicting interests can be quite a suitable tool to manage an ad hoc network in the presence of autonomous selfish/malevolent/malicious and attacker nodes. The literature contains several theoretical proposals for augmenting game theory in the ad hoc networks without explicit/detailed implementation. This paper implements a game theory based solution in MATLAB-2015 to secure the CRN environment and compares the obtained results with the traditional approaches of trust and cryptography. The simulation result indicates that as the time progresses the game theory performs much better with higher throughput, lower jitter and better identification of selfish/malicious nodes.

77 FR 68881 - DIAS Holding, Inc., EarthBlock Technologies, Inc., Ensurapet, Inc., FIIC Holdings, Inc., GeM...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-16

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] DIAS Holding, Inc., EarthBlock Technologies, Inc., Ensurapet, Inc., FIIC Holdings, Inc., GeM Solutions, Inc., Gold Star Tutoring Services Inc., and... accurate information concerning the securities of EarthBlock Technologies, Inc. because it has not filed...

Information Security and Integrity Systems

NASA Technical Reports Server (NTRS)

1990-01-01

Viewgraphs from the Information Security and Integrity Systems seminar held at the University of Houston-Clear Lake on May 15-16, 1990 are presented. A tutorial on computer security is presented. The goals of this tutorial are the following: to review security requirements imposed by government and by common sense; to examine risk analysis methods to help keep sight of forest while in trees; to discuss the current hot topic of viruses (which will stay hot); to examine network security, now and in the next year to 30 years; to give a brief overview of encryption; to review protection methods in operating systems; to review database security problems; to review the Trusted Computer System Evaluation Criteria (Orange Book); to comment on formal verification methods; to consider new approaches (like intrusion detection and biometrics); to review the old, low tech, and still good solutions; and to give pointers to the literature and to where to get help. Other topics covered include security in software applications and development; risk management; trust: formal methods and associated techniques; secure distributed operating system and verification; trusted Ada; a conceptual model for supporting a B3+ dynamic multilevel security and integrity in the Ada runtime environment; and information intelligence sciences.

CLARUS as a Cloud Security Framework: e-Health Use Case.

PubMed

Vidal, David; Iriso, Santiago; Mulero, Rafael

2017-01-01

Maintaining Passive Medical Health Records (PMHR) is an increasing cost and resource consumption problem. Moving to the cloud is the clearest solution to solve the problem as it offers a high amount of space and computation power. But the cloud is not safe enough when dealing with this kind of information because it can be easily accessed by attackers. The European Commission funded research project CLARUS contributes to protect healthcare-sensitive information in a secure way.

In the Face of Cybersecurity: How the Common Information Model Can Be Used

DOE Office of Scientific and Technical Information (OSTI.GOV)

Skare, Paul; Falk, Herbert; Rice, Mark

2016-01-01

Efforts are underway to combine smart grid information, devices, networking, and emergency response information to create messages that are not dependent on specific standards development organizations (SDOs). This supports a future-proof approach of allowing changes in the canonical data models (CDMs) going forward without having to perform forklift replacements of solutions that use the messages. This also allows end users (electric utilities) to upgrade individual components of a larger system while keeping the message payload definitions intact. The goal is to enable public and private information sharing securely in a standards-based approach that can be integrated into existing operations. Wemore » provide an example architecture that could benefit from this multi-SDO, secure message approach. This article also describes how to improve message security« less

Enabling private and public sector organizations as agents of homeland security

NASA Astrophysics Data System (ADS)

Glassco, David H. J.; Glassco, Jordan C.

2006-05-01

Homeland security and defense applications seek to reduce the risk of undesirable eventualities across physical space in real-time. With that functional requirement in mind, our work focused on the development of IP based agent telecommunication solutions for heterogeneous sensor / robotic intelligent "Things" that could be deployed across the internet. This paper explains how multi-organization information and device sharing alliances may be formed to enable organizations to act as agents of homeland security (in addition to other uses). Topics include: (i) using location-aware, agent based, real-time information sharing systems to integrate business systems, mobile devices, sensor and actuator based devices and embedded devices used in physical infrastructure assets, equipment and other man-made "Things"; (ii) organization-centric real-time information sharing spaces using on-demand XML schema formatted networks; (iii) object-oriented XML serialization as a methodology for heterogeneous device glue code; (iv) how complex requirements for inter / intra organization information and device ownership and sharing, security and access control, mobility and remote communication service, tailored solution life cycle management, service QoS, service and geographic scalability and the projection of remote physical presence (through sensing and robotics) and remote informational presence (knowledge of what is going elsewhere) can be more easily supported through feature inheritance with a rapid agent system development methodology; (v) how remote object identification and tracking can be supported across large areas; (vi) how agent synergy may be leveraged with analytics to complement heterogeneous device networks.

Security model for picture archiving and communication systems.

PubMed

Harding, D B; Gac, R J; Reynolds, C T; Romlein, J; Chacko, A K

2000-05-01

The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement comprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both non-performance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model.

Tailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings

NASA Astrophysics Data System (ADS)

Valdevit, Thierry; Mayer, Nicolas; Barafort, Béatrix

While Information Security Management Systems (ISMS) are being adopted by the biggest IT companies, it remains quite difficult for smaller entities to implement and maintain all the requirements of ISO/IEC 27001. In order to increase information security in Luxembourg, the Public Research Centre Henri Tudor has been charged by the Luxembourg Ministry of Economy and Foreign Trade to find solutions to facilitate ISMS deployment for SMEs. After an initial experiment aiming at assisting a SME in getting the first national ISO/IEC 27001 certification for a private company, an implementation guide for deploying an ISMS, validated by local experts and experimented in SMEs, has been released and is presented in this paper.

77 FR 65438 - In the Matter of China Voice Holding Corp., China Yongxin Pharmaceuticals, Inc., Creative...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-26

... Commission that there is a lack of current and accurate information concerning the securities of CSI Computer... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] In the Matter of China Voice Holding Corp... Telecommunications.com , Inc. (n/k/a Fleet Management Solutions, Inc.), CSI Computer Specialists, Inc., and CST...

Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium

PubMed Central

Somasundaram, M.; Sivakumar, R.

2015-01-01

Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security. PMID:26759829

Bio-inspired secure data mules for medical sensor network

NASA Astrophysics Data System (ADS)

Muraleedharan, Rajani; Gao, Weihua; Osadciw, Lisa A.

2010-04-01

Medical sensor network consist of heterogeneous nodes, wireless, mobile and wired with varied functionality. The resources at each sensor require to be exploited minimally while sensitive information is sensed and communicated to its access points using secure data mules. In this paper, we analyze the flat architecture, where different functionality and priority information require varied resources forms a non-deterministic polynomial-time hard problem. Hence, a bio-inspired data mule that helps to obtain dynamic multi-objective solution with minimal resource and secure path is applied. The performance of the proposed approach is based on reduced latency, data delivery rate and resource cost.

Security of medical data transfer and storage in Internet. Cryptography, antiviral security and electronic signature problems, which must be solved in nearest future in practical context.

PubMed

Kasztelowicz, Piotr; Czubenko, Marek; Zieba, Iwona

2003-01-01

The informatical revolution in computer age, which gives significant benefit in transfer of medical information requests to pay still more attention for aspect of network security. All known advantages of network technologies--first of all simplicity of copying, multiplication and sending information to many individuals can be also dangerous, if illegal, not permitted persons get access to medical data bases. Internet is assumed to be as especially "anarchic" medium, therefore in order to use it in professional work any security principles should be bewared. In our presentation we will try to find the optimal security solution in organisational and technological aspects for any medical network. In our opinion the harmonious co-operation between users, medical authorities and network administrators is core of the success.

The role of food-security solutions in the protection of natural resources and environment of developing countries.

PubMed

Lashgarara, Farhad; Mirdamadi, Seyyed Mehdi; Hosseini, Seyyed Jamal Farajollah; Chizari, Mohammad

2008-10-01

The majority of the countries of the world, especially developing countries, face environmental problems. Limitations of basic resources (water and soil) and population growth have been the cause of these environmental problems that countries are confronted with. Developing countries have numerous problems, including destruction of forests, vegetable and animal species, and pollution of the environment. Damage to natural resources and the environment can influence the food-security situation. One of the main millennium development goals (MDGs) is protection of the environment and people's health. This cannot obtained unless there is ensured food security. Food security has been defined as a situation when all people, at all times, have physical and economic access to sufficient, safe, and nutritious food needed to maintain a healthy and active life. At the same time, with ensured food security, we can hope to protect the natural resources and environment. The methodology used is descriptive-analytical, and its main purpose is determining the importance and role of food-security solutions in the reduction of environmental hazards and improvement of natural resources and the environmental situation in developing countries. Therefore, some of the most important food-security solutions that can play an important role in this relation were discussed, including conventional research-based technology, biotechnology, information and communication technologies (ICTs), alternative energy sources, and food irradiation.

7 Key Challenges for Visualization in Cyber Network Defense

DOE Office of Scientific and Technical Information (OSTI.GOV)

Best, Daniel M.; Endert, Alexander; Kidwell, Dan

In this paper we present seven challenges, informed by two user studies, to be considered when developing a visualization for cyber security purposes. Cyber security visualizations must go beyond isolated solutions and “pretty picture” visualizations in order to make impact to users. We provide an example prototype that addresses the challenges with a description of how they are met. Our aim is to assist in increasing utility and adoption rates for visualization capabilities in cyber security.

Smart cards--the key to trustworthy health information systems.

PubMed Central

Neame, R.

1997-01-01

Some 20 years after they were first developed, "smart cards" are set to play a crucial part in healthcare systems. Last year about a billion were supplied, mainly for use in the financial sector, but their special features make them of particular strategic importance for the health sector, where they offer a ready made solution to some key problems of security and confidentiality. This article outlines what smart cards are and why they are so important in managing health information. I discuss some of the unique features of smart cards that are of special importance in the development of secure and trustworthy health information systems. Smart cards would enable individuals' identities to be authenticated and communications to be secured and would provide the mechanisms for implementing strong security, differential access to data, and definitive audit trails. Patient cards can also with complete security carry personal details, data on current health problems and medications, emergency care data, and pointers to where medical records for the patient can be found. Provider cards can in addition carry authorisations and information on computer set up. PMID:9055719

Trust and Privacy Solutions Based on Holistic Service Requirements.

PubMed

Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

2015-12-24

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens' information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing.

Trust and Privacy Solutions Based on Holistic Service Requirements

PubMed Central

Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

2015-01-01

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens’ information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing. PMID:26712752

'Second generation' Internet e-health: the gladiator for HIPAA compliance?

PubMed

Korpman, R A; Rose, J S

2001-01-01

The Health Insurance Portability and Accountability Act (HIPAA) is intended to simplify administrative processes and improve health information security. There are a number of traditional ways to address the expense and complexities of simplification, but none of them are bargains or beauties to behold: (1) Do-it-yourself encryption; (2) new back-end system purchases; (3) legacy system re-programming; or (4) onerous paper documentation. The good news is that 'second generation' e-health solutions are emerging that act as internal "wrappers" for health plan or provider data systems. They provide both an interface for end-users and a layer of security for organizational information and allow detailed patient-related data to remain at the system owner's physical location. These second generation solutions don't just 'connect,' data, they actually 'understand' the information, and can use data elements to invoke necessary rules, processing pathways, or personalization for specific stakeholders as required by HIPAA.

Breaking the cyber-security dilemma: aligning security needs and removing vulnerabilities.

PubMed

Dunn Cavelty, Myriam

2014-09-01

Current approaches to cyber-security are not working. Rather than producing more security, we seem to be facing less and less. The reason for this is a multi-dimensional and multi-faceted security dilemma that extends beyond the state and its interaction with other states. It will be shown how the focus on the state and "its" security crowds out consideration for the security of the individual citizen, with detrimental effects on the security of the whole system. The threat arising from cyberspace to (national) security is presented as possible disruption to a specific way of life, one building on information technologies and critical functions of infrastructures, with relatively little consideration for humans directly. This non-focus on people makes it easier for state actors to militarize cyber-security and (re-)assert their power in cyberspace, thereby overriding the different security needs of human beings in that space. Paradoxically, the use of cyberspace as a tool for national security, both in the dimension of war fighting and the dimension of mass-surveillance, has detrimental effects on the level of cyber-security globally. A solution out of this dilemma is a cyber-security policy that is decidedly anti-vulnerability and at the same time based on strong considerations for privacy and data protection. Such a security would have to be informed by an ethics of the infosphere that is based on the dignity of information related to human beings.

Simplifying Education Management

ERIC Educational Resources Information Center

Wiley, Wayne C.

2004-01-01

Managing district information, web sites, and data security as well as supplying information on-demand are just a few of the tasks causing educational administrators to seek new solutions these days. The answer is to streamline the business of running schools by putting all information in one place so coordinated data and files can be accessed.…

Augmenting Space Technology Program Management with Secure Cloud & Mobile Services

NASA Technical Reports Server (NTRS)

Hodson, Robert F.; Munk, Christopher; Helble, Adelle; Press, Martin T.; George, Cory; Johnson, David

2017-01-01

The National Aeronautics and Space Administration (NASA) Game Changing Development (GCD) program manages technology projects across all NASA centers and reports to NASA headquarters regularly on progress. Program stakeholders expect an up-to-date, accurate status and often have questions about the program's portfolio that requires a timely response. Historically, reporting, data collection, and analysis were done with manual processes that were inefficient and prone to error. To address these issues, GCD set out to develop a new business automation solution. In doing this, the program wanted to leverage the latest information technology platforms and decided to utilize traditional systems along with new cloud-based web services and gaming technology for a novel and interactive user environment. The team also set out to develop a mobile solution for anytime information access. This paper discusses a solution to these challenging goals and how the GCD team succeeded in developing and deploying such a system. The architecture and approach taken has proven to be effective and robust and can serve as a model for others looking to develop secure interactive mobile business solutions for government or enterprise business automation.

Communicating food safety, authenticity and consumer choice. Field experiences.

PubMed

Syntesa, Heiner Lehr

2013-04-01

The paper reviews patented and non-patented technologies, methods and solutions in the area of food traceability. It pays special attention to the communication of food safety, authenticity and consumer choice. Twenty eight recent patents are reviewed in the areas of (secure) identification, product freshness indicators, meat traceability, (secure) transport of information along the supply chain, country/region/place of origin, automated authentication, supply chain management systems, consumer interaction systems. In addition, solutions and pilot projects are described in the areas of Halal traceability, traceability of bird's nests, cold chain management, general food traceability and other areas.

Two RFID standard-based security protocols for healthcare environments.

PubMed

Picazo-Sanchez, Pablo; Bagheri, Nasour; Peris-Lopez, Pedro; Tapiador, Juan E

2013-10-01

Radio Frequency Identification (RFID) systems are widely used in access control, transportation, real-time inventory and asset management, automated payment systems, etc. Nevertheless, the use of this technology is almost unexplored in healthcare environments, where potential applications include patient monitoring, asset traceability and drug administration systems, to mention just a few. RFID technology can offer more intelligent systems and applications, but privacy and security issues have to be addressed before its adoption. This is even more dramatical in healthcare applications where very sensitive information is at stake and patient safety is paramount. In Wu et al. (J. Med. Syst. 37:19, 43) recently proposed a new RFID authentication protocol for healthcare environments. In this paper we show that this protocol puts location privacy of tag holders at risk, which is a matter of gravest concern and ruins the security of this proposal. To facilitate the implementation of secure RFID-based solutions in the medical sector, we suggest two new applications (authentication and secure messaging) and propose solutions that, in contrast to previous proposals in this field, are fully based on ISO Standards and NIST Security Recommendations.

National Computer Security Conference Proceedings (12th): Information Systems Security: Solutions for Today - Concepts for Tomorrow Held in Baltimore, Maryland on 10-13 October 1989

DTIC Science & Technology

1989-10-13

and other non -technical aspects of the system). System-wide Perspective. The systerm that is being designed and engineered must include not just the...specifications and is regarded as the lowest-level (implementation) of detail.-’ Ihis decomposition follows the typical "top down" design methodology ...formal verification process has contributed to the security and correctness of the TCB design and implementation. FORMUL METHODOLOGY DESCRIPTION The

A novel quantum solution to secure two-party distance computation

NASA Astrophysics Data System (ADS)

Peng, Zhen-wan; Shi, Run-hua; Wang, Pan-hong; Zhang, Shun

2018-06-01

Secure Two-Party Distance Computation is an important primitive of Secure Multiparty Computational Geometry that it involves two parties, where each party has a private point, and the two parties want to jointly compute the distance between their points without revealing anything about their respective private information. Secure Two-Party Distance Computation has very important and potential applications in settings of high secure requirements, such as privacy-preserving Determination of Spatial Location-Relation, Determination of Polygons Similarity, and so on. In this paper, we present a quantum protocol for Secure Two-Party Distance Computation by using QKD-based Quantum Private Query. The security of the protocol is based on the physical principles of quantum mechanics, instead of difficulty assumptions, and therefore, it can ensure higher security than the classical related protocols.

Doorstep: A doorbell security system for the prevention of doorstep crime.

PubMed

Ennis, Andrew; Cleland, Ian; Patterson, Timothy; Nugent, Chris D; Cruciani, Federico; Paggetti, Cristiano; Morrison, Gareth; Taylor, Richard

2016-08-01

Safety and security rank highly in the priorities of older people on both an individual and policy level. Older people are commonly targeted as victims of doorstep crime, as they can be perceived as being vulnerable. As a result, this can have a major effect on the victim's health and wellbeing. There have been numerous prevention strategies implemented in an attempt to combat and reduce the number of doorstep crimes. There is, however, little information available detailing the effectiveness of these strategies and how they impact on the fear of crime, particularly with repeat victims. There is therefore clear merit in the creation and piloting of a technology based solution to combat doorstep crime. This paper presents a developed solution to provide increased security for older people within their home.

Regulation of health information processing in an outsourcing environment.

PubMed

2004-06-01

Policy makers must consider the work force, technology, cost, and legal implications of their legislative proposals. AHIMA, AAMT, CHIA, and MTIA urge lawmakers to craft regulatory solutions that enforce HIPAA and support advancements in modern health information processing practices that improve the quality and cost of healthcare. We also urge increased investment in health information work force development and implementation of new technologies to advance critical healthcare outcomes--timely, accurate, accessible, and secure information to support patient care. It is essential that state legislatures reinforce the importance of improving information processing solutions for healthcare and not take actions that will produce unintended and detrimental consequences.

PCASSO: a design for secure communication of personal health information via the internet.

PubMed

Baker, D B; Masys, D R

1999-05-01

The Internet holds both promise and peril for the communications of person-identifiable health information. Because of technical features designed to promote accessibility and interoperability rather than security, Internet addressing conventions and transport protocols are vulnerable to compromise by malicious persons and programs. In addition, most commonly used personal computer (PC) operating systems currently lack the hardware-based system software protection and process isolation that are essential for ensuring the integrity of trusted applications. Security approaches designed for electronic commerce, that trade known security weaknesses for limited financial liability, are not sufficient for personal health data, where the personal damage caused by unintentional disclosure may be far more serious. To overcome these obstacles, we are developing and evaluating an Internet-based communications system called PCASSO (Patient-centered access to secure systems online) that applies state of the art security to health information. PCASSO includes role-based access control, multi-level security, strong device and user authentication, session-specific encryption and audit trails. Unlike Internet-based electronic commerce 'solutions,' PCASSO secures data end-to-end: in the server; in the data repository; across the network; and on the client. PCASSO is designed to give patients as well as providers access to personal health records via the Internet.

Technical Secondary Education in Togo and Cameroon--Research Note.

ERIC Educational Resources Information Center

Paul, Jean-Jacques

1990-01-01

Evaluates technical secondary education in Togo and Cameroon from the market perspective, using tracer study data. To help overcome difficulties in finding employment after training, many individuals secure work in the low-paying informal sector. One solution is to stimulate and enhance the role of informal training through apprentice training…

Infotech. Cyber security. Health care learns to share scares and solutions.

PubMed

Colias, Mike

2004-05-01

Health care information technology leaders and others are coming together to share scary experiences and develop best practices to guard against crippling computer viruses, scheming hackers and other cyber threats.

Mobile health requires mobile security: challenges, solutions, and standardization.

PubMed

Pharow, Peter; Blobel, Bernd

2008-01-01

Extended communication and advanced cooperation in a permanently growing healthcare and welfare domain require a well-defined set of security services provided by an interoperable security infrastructure based on international and European standards. Any communication and collaboration procedure requires a purpose. But such legal purpose-binding is definitely not the only aspect to carefully be observed and investigated. More and more, aspects of security, safety, privacy, ethics, and quality reach importance while discussing about future-proof health information systems and health networks - regardless whether local, regional or even pan-European networks. During the course of the current paradigm change from an organization-centered to a process-related and to a person-centered health system, different new technologies including mobile solutions need to be applied in order to meet challenges arising from both legal and technical circumstances. Beside the typical Information and Communication Technology systems and applications, the extended use of modern technologies includes large medical devices like, e.g., MRI and CT but also small devices like sensors worn by a person or included in clothing. Security and safety are on top of the priority list. The paper addresses the identification of some specific aspects like mobile technology and safety when moving both IT and people towards mobile health aiming at increasing citizens and patients awareness, confidence, and acceptance in future mobile care - a world often still beyond the horizon.

A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

PubMed

Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

2015-08-01

Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency.

Evaluation on Electronic Securities Settlements Systems by AHP Methods

NASA Astrophysics Data System (ADS)

Fukaya, Kiyoyuki; Komoda, Norihisa

Accompanying the spread of Internet and the change of business models, electronic commerce expands buisness areas. Electronic finance commerce becomes popular and especially online security tradings becoome very popular in this area. This online securitiy tradings have some good points such as less mistakes than telephone calls. In order to expand this online security tradings, the transfer of the security paper is one the largest problems to be solved. Because it takes a few days to transfer the security paper from a seller to a buyer. So the dematerialization of security papers is one of the solutions. The demterilization needs the information systems for setteling security. Some countries such as France, German, United Kingdom and U.S.A. have been strating the dematerialization projects. The legacy assesments on these projects focus from the viewpoint of the legal schemes only and there is no assessment from system architectures. This paper focuses on the information system scheme and valuates these dematerlization projects by AHP methods from the viewpoints of “dematerializaion of security papers", “speed of transfer", “usefulness on the system" and “accumulation of risks". This is the first case of valuations on security settlements systems by AHP methods, especially four counties’ systems.

Fuzzy assessment of health information system users' security awareness.

PubMed

Aydın, Özlem Müge; Chouseinoglou, Oumout

2013-12-01

Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.

Privacy, confidentiality, and electronic medical records.

PubMed Central

Barrows, R C; Clayton, P D

1996-01-01

The enhanced availability of health information in an electronic format is strategic for industry-wide efforts to improve the quality and reduce the cost of health care, yet it brings a concomitant concern of greater risk for loss of privacy among health care participants. The authors review the conflicting goals of accessibility and security for electronic medical records and discuss nontechnical and technical aspects that constitute a reasonable security solution. It is argued that with guiding policy and current technology, an electronic medical record may offer better security than a traditional paper record. PMID:8653450

End-to-End Verification of Information-Flow Security for C and Assembly Programs

DTIC Science & Technology

2016-04-01

seL4 security verification [18] avoids this issue in the same way. In that work, the authors frame their solution as a restriction that disallows...identical: (σ, σ′1) ∈ TM ∧ (σ, σ′2) ∈ TM =⇒ Ol(σ′1) = Ol(σ′2) The successful security verifications of both seL4 and mCertiKOS provide reasonable...evidence that this restriction on specifications is not a major hindrance for usability. Unlike the seL4 verification, however, our framework runs into a

LISA, the next generation: from a web-based application to a fat client.

PubMed

Pierlet, Noëlla; Aerts, Werner; Vanautgaerden, Mark; Van den Bosch, Bart; De Deurwaerder, André; Schils, Erik; Noppe, Thomas

2008-01-01

The LISA application, developed by the University Hospitals Leuven, permits referring physicians to consult the electronic medical records of their patients over the internet in a highly secure way. We decided to completely change the way we secured the application, discard the existing web application and build a completely new application, based on the in-house developed hospital information system, used in the University Hospitals Leuven. The result is a fat Java client, running on a Windows Terminal Server, secured by a commercial SSL-VPN solution.

Protecting software agents from malicious hosts using quantum computing

NASA Astrophysics Data System (ADS)

Reisner, John; Donkor, Eric

2000-07-01

We evaluate how quantum computing can be applied to security problems for software agents. Agent-based computing, which merges technological advances in artificial intelligence and mobile computing, is a rapidly growing domain, especially in applications such as electronic commerce, network management, information retrieval, and mission planning. System security is one of the more eminent research areas in agent-based computing, and the specific problem of protecting a mobile agent from a potentially hostile host is one of the most difficult of these challenges. In this work, we describe our agent model, and discuss the capabilities and limitations of classical solutions to the malicious host problem. Quantum computing may be extremely helpful in addressing the limitations of classical solutions to this problem. This paper highlights some of the areas where quantum computing could be applied to agent security.

78 FR 41954 - TA-W-82,634, Prudential Global Business Technology Solutions Central Security Services Dresher...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-12

... Business Technology Solutions Central Security Services Iselin, New Jersey; TA-W-82,634B, Prudential Global Business Technology Solutions Central Security Services Plymouth, Minnesota; TA- W-82,634C, Prudential Global Business Technology Solutions Central Security Services Scottsdale, Arizona; TA-W-82,634D...

Defending against Attribute-Correlation Attacks in Privacy-Aware Information Brokering

NASA Astrophysics Data System (ADS)

Li, Fengjun; Luo, Bo; Liu, Peng; Squicciarini, Anna C.; Lee, Dongwon; Chu, Chao-Hsien

Nowadays, increasing needs for information sharing arise due to extensive collaborations among organizations. Organizations desire to provide data access to their collaborators while preserving full control over the data and comprehensive privacy of their users. A number of information systems have been developed to provide efficient and secure information sharing. However, most of the solutions proposed so far are built atop of conventional data warehousing or distributed database technologies.

Leaving a Print on Safety

NASA Technical Reports Server (NTRS)

2004-01-01

Pattern-recognition technologies developed by NASA to identify spacecraft and other objects in space have helped in the development of new, biometrics-based security solutions on Earth that recognize individuals to grant access to protected facilities, equipment, or information.

Collaborative eHealth Meets Security: Privacy-Enhancing Patient Profile Management.

PubMed

Sanchez-Guerrero, Rosa; Mendoza, Florina Almenarez; Diaz-Sanchez, Daniel; Cabarcos, Patricia Arias; Lopez, Andres Marin

2017-11-01

Collaborative healthcare environments offer potential benefits, including enhancing the healthcare quality delivered to patients and reducing costs. As a direct consequence, sharing of electronic health records (EHRs) among healthcare providers has experienced a noteworthy growth in the last years, since it enables physicians to remotely monitor patients' health and enables individuals to manage their own health data more easily. However, these scenarios face significant challenges regarding security and privacy of the extremely sensitive information contained in EHRs. Thus, a flexible, efficient, and standards-based solution is indispensable to guarantee selective identity information disclosure and preserve patient's privacy. We propose a privacy-aware profile management approach that empowers the patient role, enabling him to bring together various healthcare providers as well as user-generated claims into an unique credential. User profiles are represented through an adaptive Merkle Tree, for which we formalize the underlying mathematical model. Furthermore, performance of the proposed solution is empirically validated through simulation experiments.

Measurement-Device-Independent Quantum Key Distribution over Untrustful Metropolitan Network

NASA Astrophysics Data System (ADS)

Tang, Yan-Lin; Yin, Hua-Lei; Zhao, Qi; Liu, Hui; Sun, Xiang-Xiang; Huang, Ming-Qi; Zhang, Wei-Jun; Chen, Si-Jing; Zhang, Lu; You, Li-Xing; Wang, Zhen; Liu, Yang; Lu, Chao-Yang; Jiang, Xiao; Ma, Xiongfeng; Zhang, Qiang; Chen, Teng-Yun; Pan, Jian-Wei

2016-01-01

Quantum cryptography holds the promise to establish an information-theoretically secure global network. All field tests of metropolitan-scale quantum networks to date are based on trusted relays. The security critically relies on the accountability of the trusted relays, which will break down if the relay is dishonest or compromised. Here, we construct a measurement-device-independent quantum key distribution (MDIQKD) network in a star topology over a 200-square-kilometer metropolitan area, which is secure against untrustful relays and against all detection attacks. In the field test, our system continuously runs through one week with a secure key rate 10 times larger than previous results. Our results demonstrate that the MDIQKD network, combining the best of both worlds—security and practicality, constitutes an appealing solution to secure metropolitan communications.

Total centralisation and optimisation of an oncology management suite via Citrix®

NASA Astrophysics Data System (ADS)

James, C.; Frantzis, J.; Ripps, L.; Fenton, P.

2014-03-01

The management of patient information and treatment planning is traditionally an intra-departmental requirement of a radiation oncology service. Epworth Radiation Oncology systems must support the transient nature of Visiting Medical Officers (VMOs). This unique work practice created challenges when implementing the vision of a completely paperless solution that allows for a responsive and efficient service delivery. ARIA® and EclipseTM (Varian Medical Systems, Palo Alto, CA, USA) have been deployed across four dedicated Citrix® (Citrix Systems, Santa Clara, CA, USA) servers allowing VMOs to access these applications remotely. A range of paperless solutions were developed within ARIA® to facilitate clinical and organisational management whilst optimising efficient work practices. The IT infrastructure and paperless workflow has enabled VMOs to securely access the VarianTM (Varian Medical Systems, Palo Alto, CA, USA) oncology software and experience full functionality from any location on multiple devices. This has enhanced access to patient information and improved the responsiveness of the service. Epworth HealthCare has developed a unique solution to enable remote access to a centralised oncology management suite, while maintaining a secure and paperless working environment.

Token-based information security for commercial and federal information networks

NASA Astrophysics Data System (ADS)

Rohland, William S.

1996-03-01

The planning of cryptographic solutions for messaging and electronic commerce applications in the United States during the past few years has been motivated by a high level of interest in the technology on the part of potential users. It has been marked by a high level of controversy over algorithms, patent rights and escrow policy. The diverse needs of the government and commercial sectors have led to mutually exclusive solutions based on different algorithms and policy; this phenomenon is fairly unique to the United States. Because of the strong requirement to preserve the differences that make these solutions unique for the two environments, the near-term evolution of a single standard appears unlikely. Furthermore, the need on the part of some government agencies and some commercial establishments exists to operate in both environments. This paper deals with the technical definition and design approach to a dual-use cryptographic device and the migration paths to the dual-use device from both environments. Such a device is further considered as a component of a secure cryptographic translation facility.

A Rich Client-Server Based Framework for Convenient Security and Management of Mobile Applications

NASA Astrophysics Data System (ADS)

Badan, Stephen; Probst, Julien; Jaton, Markus; Vionnet, Damien; Wagen, Jean-Frédéric; Litzistorf, Gérald

Contact lists, Emails, SMS or custom applications on a professional smartphone could hold very confidential or sensitive information. What could happen in case of theft or accidental loss of such devices? Such events could be detected by the separation between the smartphone and a Bluetooth companion device. This event should typically block the applications and delete personal and sensitive data. Here, a solution is proposed based on a secured framework application running on the mobile phone as a rich client connected to a security server. The framework offers strong and customizable authentication and secured connectivity. A security server manages all security issues. User applications are then loaded via the framework. User data can be secured, synchronized, pushed or pulled via the framework. This contribution proposes a convenient although secured environment based on a client-server architecture using external authentications. Several features of the proposed system are exposed and a practical demonstrator is described.

SERENITY Aware System Development Process

NASA Astrophysics Data System (ADS)

Serrano, Daniel; Maña, Antonio; Llarena, Rafael; Crespo, Beatriz Gallego-Nicasio; Li, Keqin

Traditionally, security patterns have successfully been used to describe security and dependability. In the SERENITY Project the notion of security and dependability (S&D) pattern has been extended to exact specifications of re-usable security mechanisms for Ambient Intelligence (AmI) systems. These S&D Patterns include information on the security properties satisfied by the solution and on the context conditions to be fulfilled. This chapter presents the development of applications supported by SERENITY. In the context of SERENITY we refer to these applications as Serenity-aware applications. Firstly, this chapter presents the Serenity-aware application design using S&D Artefacts. Secondly, it proposes a Java Application Programming Interface (API) to be used in the application development. And, finally, it introduces the development of an example Serenity-aware application.

Reviews on Security Issues and Challenges in Cloud Computing

NASA Astrophysics Data System (ADS)

An, Y. Z.; Zaaba, Z. F.; Samsudin, N. F.

2016-11-01

Cloud computing is an Internet-based computing service provided by the third party allowing share of resources and data among devices. It is widely used in many organizations nowadays and becoming more popular because it changes the way of how the Information Technology (IT) of an organization is organized and managed. It provides lots of benefits such as simplicity and lower costs, almost unlimited storage, least maintenance, easy utilization, backup and recovery, continuous availability, quality of service, automated software integration, scalability, flexibility and reliability, easy access to information, elasticity, quick deployment and lower barrier to entry. While there is increasing use of cloud computing service in this new era, the security issues of the cloud computing become a challenges. Cloud computing must be safe and secure enough to ensure the privacy of the users. This paper firstly lists out the architecture of the cloud computing, then discuss the most common security issues of using cloud and some solutions to the security issues since security is one of the most critical aspect in cloud computing due to the sensitivity of user's data.

Analysis of Computer Network Information Based on "Big Data"

NASA Astrophysics Data System (ADS)

Li, Tianli

2017-11-01

With the development of the current era, computer network and large data gradually become part of the people's life, people use the computer to provide convenience for their own life, but at the same time there are many network information problems has to pay attention. This paper analyzes the information security of computer network based on "big data" analysis, and puts forward some solutions.

Defense AT&L (Volume 36, Number 5, September-October 2007)

DTIC Science & Technology

2007-10-01

requirements, providing security solutions, and manag- ing the security of information systems. 14 CAD/ PAD Require- ments Determination in the Air Force...be contacted at williams_peter@bah.com and steward_tiffani@bah.com. Defense AT&L: September-October 2007 14 Williams is director of the CAD/ PAD Joint...the U.S. House Science and Technology Subcommittee on Transportation, Aviation and Materials. Blair is the former head of the Air Force CAD/ PAD

Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems

PubMed Central

Fernández, Gonzalo; López-Coronado, Miguel

2013-01-01

Background The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients’ medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. Objective To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. Methods To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Results Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Conclusions Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed. PMID:23965254

Analysis of the security and privacy requirements of cloud-based electronic health records systems.

PubMed

Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

2013-08-21

The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access and data breaches. Patients must be kept informed about how their data are being managed.

America's Homeless Children: New Outcasts. A Public Policy Report from the Better Homes Fund.

ERIC Educational Resources Information Center

Better Homes Fund, Newton, MA.

This report presents information on homeless children in the United States to gain the attention of policymakers and the media. Information comes from years of rigorous scientific research. The report presents both findings and solutions, including concrete steps to secure food, shelter, health care, and schooling to help homeless children and…

Probabilistic Solution of Inverse Problems.

DTIC Science & Technology

1985-09-01

AODRESSIl differentI from Conat.oildun 0111C*) It. SECURITY CLASS (ofll ~e vport) Office of Naval Research UCASFE Information Systems ...report describes research done within the Laboratory for Information and Decision Systems and the Artificial Intelligence Laboratory at the Massachusetts...analysis of systems endowed with perceptual abilities is the construction of internal representations of the physical structures in the external world

A Novel Fast and Secure Approach for Voice Encryption Based on DNA Computing

NASA Astrophysics Data System (ADS)

Kakaei Kate, Hamidreza; Razmara, Jafar; Isazadeh, Ayaz

2018-06-01

Today, in the world of information communication, voice information has a particular importance. One way to preserve voice data from attacks is voice encryption. The encryption algorithms use various techniques such as hashing, chaotic, mixing, and many others. In this paper, an algorithm is proposed for voice encryption based on three different schemes to increase flexibility and strength of the algorithm. The proposed algorithm uses an innovative encoding scheme, the DNA encryption technique and a permutation function to provide a secure and fast solution for voice encryption. The algorithm is evaluated based on various measures including signal to noise ratio, peak signal to noise ratio, correlation coefficient, signal similarity and signal frequency content. The results demonstrate applicability of the proposed method in secure and fast encryption of voice files

Firewall systems: the next generation

NASA Astrophysics Data System (ADS)

McGhie, Lynda L.

1996-01-01

To be competitive in today's globally connected marketplace, a company must ensure that their internal network security methodologies and supporting policies are current and reflect an overall understanding of today's technology and its resultant threats. Further, an integrated approach to information security should ensure that new ways of sharing information and doing business are accommodated; such as electronic commerce, high speed public broadband network services, and the federally sponsored National Information Infrastructure. There are many challenges, and success is determined by the establishment of a solid and firm baseline security architecture that accommodate today's external connectivity requirements, provides transitional solutions that integrate with evolving and dynamic technologies, and ultimately acknowledges both the strategic and tactical goals of an evolving network security architecture and firewall system. This paper explores the evolution of external network connectivity requirements, the associated challenges and the subsequent development and evolution of firewall security systems. It makes the assumption that a firewall is a set of integrated and interoperable components, coming together to form a `SYSTEM' and must be designed, implement and managed as such. A progressive firewall model will be utilized to illustrates the evolution of firewall systems from earlier models utilizing separate physical networks, to today's multi-component firewall systems enabling secure heterogeneous and multi-protocol interfaces.

Digital watermarking in telemedicine applications--towards enhanced data security and accessibility.

PubMed

Giakoumaki, Aggeliki L; Perakis, Konstantinos; Tagaris, Anastassios; Koutsouris, Dimitris

2006-01-01

Implementing telemedical solutions has become a trend amongst the various research teams at an international level. Yet, contemporary information access and distribution technologies raise critical issues that urgently need to be addressed, especially those related to security. The paper suggests the use of watermarking in telemedical applications in order to enhance security of the transmitted sensitive medical data, familiarizes the users with a telemedical system and a watermarking module that have already been developed, and proposes an architecture that will enable the integration of the two systems, taking into account a variety of use cases and application scenarios.

[Application of password manager software in health care].

PubMed

Ködmön, József

2016-12-01

When using multiple IT systems, handling of passwords in a secure manner means a potential source of problem. The most frequent issues are choosing the appropriate length and complexity, and then remembering the strong passwords. Password manager software provides a good solution for this problem, while greatly increasing the security of sensitive medical data. This article introduces a password manager software and provides basic information of the application. It also discusses how to select a really secure password manager software and suggests a practical application to efficient, safe and comfortable use for health care. Orv. Hetil., 2016, 157(52), 2066-2073.

Application of information technology to transportation logistics and security at Northern Kentucky University.

DOT National Transportation Integrated Search

2013-02-28

This research grant provided the opportunity to research and deploy beneficial transportation technologies to support transit needs. Working with the Transit Authority of Northern Kentucky (TANK), solutions were developed that can apply to transit ag...

DNA based random key generation and management for OTP encryption.

PubMed

Zhang, Yunpeng; Liu, Xin; Sun, Manhui

2017-09-01

One-time pad (OTP) is a principle of key generation applied to the stream ciphering method which offers total privacy. The OTP encryption scheme has proved to be unbreakable in theory, but difficult to realize in practical applications. Because OTP encryption specially requires the absolute randomness of the key, its development has suffered from dense constraints. DNA cryptography is a new and promising technology in the field of information security. DNA chromosomes storing capabilities can be used as one-time pad structures with pseudo-random number generation and indexing in order to encrypt the plaintext messages. In this paper, we present a feasible solution to the OTP symmetric key generation and transmission problem with DNA at the molecular level. Through recombinant DNA technology, by using only sender-receiver known restriction enzymes to combine the secure key represented by DNA sequence and the T vector, we generate the DNA bio-hiding secure key and then place the recombinant plasmid in implanted bacteria for secure key transmission. The designed bio experiments and simulation results show that the security of the transmission of the key is further improved and the environmental requirements of key transmission are reduced. Analysis has demonstrated that the proposed DNA-based random key generation and management solutions are marked by high security and usability. Published by Elsevier B.V.

African Security Challenges: Now and Over the Horizon - Voices from the NGO Community

DTIC Science & Technology

2010-11-01

economies will have a tendency to shift back to dependence on unskilled sectors such as mining, black -market or informal trading and international aid...PEPFAR Watch. Pepfarwatch.org. Rice , A. 2007. “An African Solution.” Nation, June 11. Voices from the NGO Community - 5.19 - African Security...oversight role in this area by parliaments, regardless of formal mandates, roles and responsibilities. In order to avoid the risk of cosmetic changes

Efficient Privacy-Aware Record Integration.

PubMed

Kuzu, Mehmet; Kantarcioglu, Murat; Inan, Ali; Bertino, Elisa; Durham, Elizabeth; Malin, Bradley

2013-01-01

The integration of information dispersed among multiple repositories is a crucial step for accurate data analysis in various domains. In support of this goal, it is critical to devise procedures for identifying similar records across distinct data sources. At the same time, to adhere to privacy regulations and policies, such procedures should protect the confidentiality of the individuals to whom the information corresponds. Various private record linkage (PRL) protocols have been proposed to achieve this goal, involving secure multi-party computation (SMC) and similarity preserving data transformation techniques. SMC methods provide secure and accurate solutions to the PRL problem, but are prohibitively expensive in practice, mainly due to excessive computational requirements. Data transformation techniques offer more practical solutions, but incur the cost of information leakage and false matches. In this paper, we introduce a novel model for practical PRL, which 1) affords controlled and limited information leakage, 2) avoids false matches resulting from data transformation. Initially, we partition the data sources into blocks to eliminate comparisons for records that are unlikely to match. Then, to identify matches, we apply an efficient SMC technique between the candidate record pairs. To enable efficiency and privacy, our model leaks a controlled amount of obfuscated data prior to the secure computations. Applied obfuscation relies on differential privacy which provides strong privacy guarantees against adversaries with arbitrary background knowledge. In addition, we illustrate the practical nature of our approach through an empirical analysis with data derived from public voter records.

Security Recommendations for mHealth Apps: Elaboration of a Developer's Guide.

PubMed

Morera, Enrique Pérez; de la Torre Díez, Isabel; Garcia-Zapirain, Begoña; López-Coronado, Miguel; Arambarri, Jon

2016-06-01

Being the third fastest-growing app category behind games and utilities, mHealth apps are changing the healthcare model, as medicine today involves the data they compile and analyse, information known as Big Data. However, the majority of apps are lacking in security when gathering and dealing with the information, which becomes a serious problem. This article presents a guide regarding security solution, intended to be of great use for developers of mHealth apps. In August 2015 current mobile health apps were sought out in virtual stores such as Android Google Play, Apple iTunes App Store etc., in order to classify them in terms of usefulness. After this search, the most widespread weaknesses in the field of security in the development of these mobile apps were examined, based on sources such as the "OWASP Mobile Security Project, the initiative recently launched by the Office of Civil Rights (OCR), and other articles of scientific interest. An informative, elemental guide has been created for the development of mHealth apps. It includes information about elements of security and its implementation on different levels for all types of mobile health apps based on the data that each app manipulates, the associated calculated risk as a result of the likelihood of occurrence and the threat level resulting from its vulnerabilities - high level (apps for monitoring, diagnosis, treatment and care) from 6 ≤ 9, medium level (calculator, localizer and alarm) from 3 ≤ 6 and low level (informative and educational apps) from 0 ≤ 3. The guide aims to guarantee and facilitate security measures in the development of mobile health applications by programmers unconnected to the ITC and professional health areas.

Geospatial cryptography: enabling researchers to access private, spatially referenced, human subjects data for cancer control and prevention.

PubMed

Jacquez, Geoffrey M; Essex, Aleksander; Curtis, Andrew; Kohler, Betsy; Sherman, Recinda; Emam, Khaled El; Shi, Chen; Kaufmann, Andy; Beale, Linda; Cusick, Thomas; Goldberg, Daniel; Goovaerts, Pierre

2017-07-01

As the volume, accuracy and precision of digital geographic information have increased, concerns regarding individual privacy and confidentiality have come to the forefront. Not only do these challenge a basic tenet underlying the advancement of science by posing substantial obstacles to the sharing of data to validate research results, but they are obstacles to conducting certain research projects in the first place. Geospatial cryptography involves the specification, design, implementation and application of cryptographic techniques to address privacy, confidentiality and security concerns for geographically referenced data. This article defines geospatial cryptography and demonstrates its application in cancer control and surveillance. Four use cases are considered: (1) national-level de-duplication among state or province-based cancer registries; (2) sharing of confidential data across cancer registries to support case aggregation across administrative geographies; (3) secure data linkage; and (4) cancer cluster investigation and surveillance. A secure multi-party system for geospatial cryptography is developed. Solutions under geospatial cryptography are presented and computation time is calculated. As services provided by cancer registries to the research community, de-duplication, case aggregation across administrative geographies and secure data linkage are often time-consuming and in some instances precluded by confidentiality and security concerns. Geospatial cryptography provides secure solutions that hold significant promise for addressing these concerns and for accelerating the pace of research with human subjects data residing in our nation's cancer registries. Pursuit of the research directions posed herein conceivably would lead to a geospatially encrypted geographic information system (GEGIS) designed specifically to promote the sharing and spatial analysis of confidential data. Geospatial cryptography holds substantial promise for accelerating the pace of research with spatially referenced human subjects data.

A security architecture for interconnecting health information systems.

PubMed

Gritzalis, Dimitris; Lambrinoudakis, Costas

2004-03-31

Several hereditary and other chronic diseases necessitate continuous and complicated health care procedures, typically offered in different, often distant, health care units. Inevitably, the medical records of patients suffering from such diseases become complex, grow in size very fast and are scattered all over the units involved in the care process, hindering communication of information between health care professionals. Web-based electronic medical records have been recently proposed as the solution to the above problem, facilitating the interconnection of the health care units in the sense that health care professionals can now access the complete medical record of the patient, even if it is distributed in several remote units. However, by allowing users to access information from virtually anywhere, the universe of ineligible people who may attempt to harm the system is dramatically expanded, thus severely complicating the design and implementation of a secure environment. This paper presents a security architecture that has been mainly designed for providing authentication and authorization services in web-based distributed systems. The architecture has been based on a role-based access scheme and on the implementation of an intelligent security agent per site (i.e. health care unit). This intelligent security agent: (a). authenticates the users, local or remote, that can access the local resources; (b). assigns, through temporary certificates, access privileges to the authenticated users in accordance to their role; and (c). communicates to other sites (through the respective security agents) information about the local users that may need to access information stored in other sites, as well as about local resources that can be accessed remotely.

Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education.

PubMed

Henriksen, Eva; Burkow, Tatjana M; Johnsen, Elin; Vognild, Lars K

2013-08-09

Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient's TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO's standard for information security risk management. A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality risks in home are different from in a more controlled environment such as a hospital; and electronic equipment located in private homes and communicating via Internet, is more exposed to unauthorised access. By implementing the proposed measures, it has been possible to design a home-based service which ensures the necessary level of information security and privacy.

Adaptation of interoperability standards for cross domain usage

NASA Astrophysics Data System (ADS)

Essendorfer, B.; Kerth, Christian; Zaschke, Christian

2017-05-01

As globalization affects most aspects of modern life, challenges of quick and flexible data sharing apply to many different domains. To protect a nation's security for example, one has to look well beyond borders and understand economical, ecological, cultural as well as historical influences. Most of the time information is produced and stored digitally and one of the biggest challenges is to receive relevant readable information applicable to a specific problem out of a large data stock at the right time. These challenges to enable data sharing across national, organizational and systems borders are known to other domains (e.g., ecology or medicine) as well. Solutions like specific standards have been worked on for the specific problems. The question is: what can the different domains learn from each other and do we have solutions when we need to interlink the information produced in these domains? A known problem is to make civil security data available to the military domain and vice versa in collaborative operations. But what happens if an environmental crisis leads to the need to quickly cooperate with civil or military security in order to save lives? How can we achieve interoperability in such complex scenarios? The paper introduces an approach to adapt standards from one domain to another and lines out problems that have to be overcome and limitations that may apply.

Critical Infrastructure Protection II, The International Federation for Information Processing, Volume 290.

NASA Astrophysics Data System (ADS)

Papa, Mauricio; Shenoi, Sujeet

The information infrastructure -- comprising computers, embedded devices, networks and software systems -- is vital to day-to-day operations in every sector: information and telecommunications, banking and finance, energy, chemicals and hazardous materials, agriculture, food, water, public health, emergency services, transportation, postal and shipping, government and defense. Global business and industry, governments, indeed society itself, cannot function effectively if major components of the critical information infrastructure are degraded, disabled or destroyed. Critical Infrastructure Protection II describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated, yet practical, solutions that will help secure information, computer and network assets in the various critical infrastructure sectors. Areas of coverage include: - Themes and Issues - Infrastructure Security - Control Systems Security - Security Strategies - Infrastructure Interdependencies - Infrastructure Modeling and Simulation This book is the second volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection. The book contains a selection of twenty edited papers from the Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection held at George Mason University, Arlington, Virginia, USA in the spring of 2008.

Stennis holds Information Technology Expo

NASA Image and Video Library

2010-06-16

Brian Wagner (l to r) with the U.S. Navy, Andrew Hiukenbein with NVision Solutions and Theresa Avoskey with the Naval Oceanographic Office at Stennis Space Center learn about the latest improvements in making flash drives secure during an Information Technology Expo held June 16. Various area companies visited Stennis during the day to offer exhibits for employees on a range of information technology topics. The theme of the daylong expo was 'The Road to Green IT Computing.'

Research on Influence of Cloud Environment on Traditional Network Security

NASA Astrophysics Data System (ADS)

Ming, Xiaobo; Guo, Jinhua

2018-02-01

Cloud computing is a symbol of the progress of modern information network, cloud computing provides a lot of convenience to the Internet users, but it also brings a lot of risk to the Internet users. Second, one of the main reasons for Internet users to choose cloud computing is that the network security performance is great, it also is the cornerstone of cloud computing applications. This paper briefly explores the impact on cloud environment on traditional cybersecurity, and puts forward corresponding solutions.

C-C1-04: Building a Health Services Information Technology Research Environment

PubMed Central

Gehrum, David W; Jones, JB; Romania, Gregory J; Young, David L; Lerch, Virginia R; Bruce, Christa A; Donkochik, Diane; Stewart, Walter F

2010-01-01

Background: The electronic health record (EHR) has opened a new era for health services research (HSR) where information technology (IT) is used to re-engineer care processes. While the EHR provides one means of advancing novel solutions, a promising strategy is to develop tools (e.g., online questionnaires, visual display tools, decision support) distinct from, but which interact with, the EHR. Development of such software tools outside the EHR offers an advantage in flexibility, sophistication, and ultimately in portability to other settings. However, institutional IT departments have an imperative to protect patient data and to standardize IT processes to ensure system-level security and support traditional business needs. Such imperatives usually present formidable process barriers to testing novel software solutions. We describe how, in collaboration with our IT department, we are creating an environment and a process that allows for routine and rapid testing of novel software solutions. Methods: We convened a working group consisting of IT and research personnel with expertise in information security, database design/management, web design, EHR programming, and health services research. The working group was tasked with developing a research IT environment to accomplish two objectives: maintain network/ data security and regulatory compliance; allow researchers working with external vendors to rapidly prototype and, in a clinical setting, test web-based tools. Results: Two parallel solutions, one focused on hardware, the second on oversight and management, were developed. First, we concluded that three separate, staged development environments were required to allow external vendor access for testing software and for transitioning software to be used in a clinic. In parallel, the extant oversight process for approving/managing access to internal/external personnel had to be altered to reflect the scope and scale of discrete research projects, as opposed to an enterpriselevel approach to IT management. Conclusions: Innovation in health services software development requires a flexible, scalable IT environment adapted to the unique objectives of a HSR software development model. In our experience, implementing the hardware solution is less challenging than the cultural change required to implement such a model and the modifications to administrative and oversight processes to sustain an environment for rapid product development and testing.

Secure multiparty computation of a comparison problem.

PubMed

Liu, Xin; Li, Shundong; Liu, Jian; Chen, Xiubo; Xu, Gang

2016-01-01

Private comparison is fundamental to secure multiparty computation. In this study, we propose novel protocols to privately determine [Formula: see text], or [Formula: see text] in one execution. First, a 0-1-vector encoding method is introduced to encode a number into a vector, and the Goldwasser-Micali encryption scheme is used to compare integers privately. Then, we propose a protocol by using a geometric method to compare rational numbers privately, and the protocol is information-theoretical secure. Using the simulation paradigm, we prove the privacy-preserving property of our protocols in the semi-honest model. The complexity analysis shows that our protocols are more efficient than previous solutions.

Security Systems Consideration: A Total Security Approach

NASA Astrophysics Data System (ADS)

Margariti, S. V.; Meletiou, G.; Stergiou, E.; Vasiliadis, D. C.; Rizos, G. E.

2007-12-01

The "safety" problem for protection systems is to determine in a given situation whether a subject can acquire a particular right to an object. Security and audit operation face the process of securing the application on computing and network environment; however, storage security has been somewhat overlooked due to other security solutions. This paper identifies issues for data security, threats and attacks, summarizes security concepts and relationships, and also describes storage security strategies. It concludes with recommended storage security plan for a total security solution.

Web-Enabled Systems for Student Access.

ERIC Educational Resources Information Center

Harris, Chad S.; Herring, Tom

1999-01-01

California State University, Fullerton is developing a suite of server-based, Web-enabled applications that distribute the functionality of its student information system software to external customers without modifying the mainframe applications or databases. The cost-effective, secure, and rapidly deployable business solution involves using the…

a Discussion about Effective Ways of Basic Resident Register on GIS

NASA Astrophysics Data System (ADS)

Oku, Naoya; Nonaka, Yasuaki; Ito, Yutaka

2016-06-01

In Japan, each municipality keeps a database of every resident's name, address, gender and date of birth called the Basic Resident Register. If the address information in the register is converted into coordinates by geocoding, it can be plotted as point data on a map. This would enable prompt evacuation from disaster, analysis of distribution of residents, integrating statistics and so on. Further, it can be used for not only analysis of the current situation but also future planning. However, the geographic information system (GIS) incorporating the Basic Resident Register is not widely used in Japan because of the following problems: - Geocoding In order to plot address point data, it is necessary to match the Basic Resident Register and the address dictionary by using the address as a key. The information in the Basic Resident Register does not always match the actual addresses. As the register is based on applications made by residents, the information is prone to errors, such as incorrect Kanji characters. - Security policy on personal information In the register, the address of a resident is linked with his/her name and date of birth. If the information in the Basic Resident Register were to be leaked, it could be used for malicious purposes. This paper proposes solutions to the above problems. The suitable solutions for the problems depend on the purpose of use, thus it is important that the purpose should be defined and a suitable way of the application for each purpose should be chosen. In this paper, we mainly focus on the specific purpose of use: to analyse the distribution of the residents. We provide two solutions to improve the matching rate in geocoding. First, regarding errors in Kanji characters, a correction list of possible errors should be compiled in advance. Second, some sort of analyses such as distribution of residents may not require exactly correct position for the address point. Therefore we set the matching level in order: prefecture, city, town, city-block, house-code, house, and decided to accept up to city-block level for the matching. Moreover, in terms of security policy on personal information, some part of information may not be needed for the distribution analysis. For example, the personal information like resident's name should be excluded from the attribute of address point in order to secure the safety operation of the system.

User Authentication and Authorization Challenges in a Networked Library Environment.

ERIC Educational Resources Information Center

Machovec, George S.

1997-01-01

Discusses computer user authentication and authorization issues when libraries need to let valid users access databases and information services without making the process too difficult for either party. Common solutions are explained, including filtering, passwords, and kerberos (cryptographic authentication scheme for secure use over public…

IT Data Mining Tool Uses in Aerospace

NASA Technical Reports Server (NTRS)

Monroe, Gilena A.; Freeman, Kenneth; Jones, Kevin L.

2012-01-01

Data mining has a broad spectrum of uses throughout the realms of aerospace and information technology. Each of these areas has useful methods for processing, distributing, and storing its corresponding data. This paper focuses on ways to leverage the data mining tools and resources used in NASA's information technology area to meet the similar data mining needs of aviation and aerospace domains. This paper details the searching, alerting, reporting, and application functionalities of the Splunk system, used by NASA's Security Operations Center (SOC), and their potential shared solutions to address aircraft and spacecraft flight and ground systems data mining requirements. This paper also touches on capacity and security requirements when addressing sizeable amounts of data across a large data infrastructure.

ONCHIT security in distributed environments: a proposed model for implantable devices.

PubMed

Lorence, Daniel; Lee, James; Richards, Michael

2010-08-01

Recent ONCHIT mandates call for increased individual health data collection efforts as well as heightened security measures. To date most healthcare organizations have been reluctant to exchange information, citing confidentiality concerns and unshared costs incurred by specific organizations. Implantable monitoring and treatment devices are rapidly emerging as data collection interface tools in response to such mandates. Proposed here is a translational, device-independent consumer-based solution, which focuses on information controlled by specific patients, and functions within a distributed (organization neutral) environment. While the conceptual applications employed in this technology set are provided by way of illustration, they may also serve as a transformative model for emerging EMR/EHR requirements.

Patient privacy protection using anonymous access control techniques.

PubMed

Weerasinghe, D; Rajarajan, M; Elmufti, K; Rakocevic, V

2008-01-01

The objective of this study is to develop a solution to preserve security and privacy in a healthcare environment where health-sensitive information will be accessed by many parties and stored in various distributed databases. The solution should maintain anonymous medical records and it should be able to link anonymous medical information in distributed databases into a single patient medical record with the patient identity. In this paper we present a protocol that can be used to authenticate and authorize patients to healthcare services without providing the patient identification. Healthcare service can identify the patient using separate temporary identities in each identification session and medical records are linked to these temporary identities. Temporary identities can be used to enable record linkage and reverse track real patient identity in critical medical situations. The proposed protocol provides main security and privacy services such as user anonymity, message privacy, message confidentiality, user authentication, user authorization and message replay attacks. The medical environment validates the patient at the healthcare service as a real and registered patient for the medical services. Using the proposed protocol, the patient anonymous medical records at different healthcare services can be linked into one single report and it is possible to securely reverse track anonymous patient into the real identity. The protocol protects the patient privacy with a secure anonymous authentication to healthcare services and medical record registries according to the European and the UK legislations, where the patient real identity is not disclosed with the distributed patient medical records.

Security under Uncertainty: Adaptive Attackers Are More Challenging to Human Defenders than Random Attackers

PubMed Central

Moisan, Frédéric; Gonzalez, Cleotilde

2017-01-01

Game Theory is a common approach used to understand attacker and defender motives, strategies, and allocation of limited security resources. For example, many defense algorithms are based on game-theoretic solutions that conclude that randomization of defense actions assures unpredictability, creating difficulties for a human attacker. However, many game-theoretic solutions often rely on idealized assumptions of decision making that underplay the role of human cognition and information uncertainty. The consequence is that we know little about how effective these algorithms are against human players. Using a simplified security game, we study the type of attack strategy and the uncertainty about an attacker's strategy in a laboratory experiment where participants play the role of defenders against a simulated attacker. Our goal is to compare a human defender's behavior in three levels of uncertainty (Information Level: Certain, Risky, Uncertain) and three types of attacker's strategy (Attacker's strategy: Minimax, Random, Adaptive) in a between-subjects experimental design. Best defense performance is achieved when defenders play against a minimax and a random attack strategy compared to an adaptive strategy. Furthermore, when payoffs are certain, defenders are as efficient against random attack strategy as they are against an adaptive strategy, but when payoffs are uncertain, defenders have most difficulties defending against an adaptive attacker compared to a random attacker. We conclude that given conditions of uncertainty in many security problems, defense algorithms would be more efficient if they are adaptive to the attacker actions, taking advantage of the attacker's human inefficiencies. PMID:28690557

Surveillance systems for intermodal transportation

NASA Astrophysics Data System (ADS)

Jakovlev, Sergej; Voznak, Miroslav; Andziulis, Arunas

2015-05-01

Intermodal container monitoring is considered a major security issue in many major logistic companies and countries worldwide. Current representation of the problem, we face today, originated in 2002, right after the 9/11 attacks. Then, a new worldwide Container Security Initiative (CSI, 2002) was considered that shaped the perception of the transportation operations. Now more than 80 larger ports all over the world contribute to its further development and integration into everyday transportation operations and improve the regulations for the developing regions. Although, these new improvements allow us to feel safer and secure, constant management of transportation operations has become a very difficult problem for conventional data analysis methods and information systems. The paper deals with a proposal of a whole new concept for the improvement of the Containers Security Initiative (CSI) by virtually connecting safety, security processes and systems. A conceptual middleware approach with deployable intelligent agent modules is proposed to be used with possible scenarios and a testbed is used to test the solution. Middleware examples are visually programmed using National Instruments LabView software packages and Wireless sensor network hardware modules. An experimental software is used to evaluate he solution. This research is a contribution to the intermodal transportation and is intended to be used as a means or the development of intelligent transport systems.

A Secure Architecture to Provide a Medical Emergency Dataset for Patients in Germany and Abroad.

PubMed

Storck, Michael; Wohlmann, Jan; Krudwig, Sarah; Vogel, Alexander; Born, Judith; Weber, Thomas; Dugas, Martin; Juhra, Christian

2017-01-01

The ongoing fragmentation of medical care and mobility of patients severely restrains exchange of lifesaving information about patient's medical history in case of emergencies. Therefore, the objective of this work is to offer a secure technical solution to supply medical professionals with emergency-relevant information concerning the current patient via mobile accessibility. To achieve this goal, the official national emergency data set was extended by additional features to form a patient summary for emergencies, a software architecture was developed and data security and data protection issues were taken into account. The patient has sovereignty over his/her data and can therefore decide who has access to or can change his/her stored data, but the treating physician composes the validated dataset. Building upon the introduced concept, future activities are the development of user-interfaces for the software components of the different user groups as well as functioning prototypes for upcoming field tests.

Security policies and trust in ubiquitous computing.

PubMed

Joshi, Anupam; Finin, Tim; Kagal, Lalana; Parker, Jim; Patwardhan, Anand

2008-10-28

Ubiquitous environments comprise resource-constrained mobile and wearable devices and computational elements embedded in everyday artefacts. These are connected to each other using both infrastructure-based as well as short-range ad hoc networks. Limited Internet connectivity limits the use of conventional security mechanisms such as public key infrastructures and other forms of server-centric authentication. Under these circumstances, peer-to-peer interactions are well suited for not just information interchange, but also managing security and privacy. However, practical solutions for protecting mobile devices, preserving privacy, evaluating trust and determining the reliability and accuracy of peer-provided data in such interactions are still in their infancy. Our research is directed towards providing stronger assurances of the reliability and trustworthiness of information and services, and the use of declarative policy-driven approaches to handle the open and dynamic nature of such systems. This paper provides an overview of some of the challenges and issues, and points out directions for progress.

77 FR 31643 - Siltronic Corporation FAB1 Plant Including On-Site Leased Workers From Express Temporaries...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-29

... Secure Solutions USA, SBM Management Services, LP, ALSCO Portland Industrial, VWR International, Inc... G4S Secure Solutions USA, SBM Management Services, LP, Alsco Portland Industrial, VWR International... workers from Express Temporaries, Aerotek Commercial Staffing, G4S Secure Solutions USA, SBM Management...

Solving Homeland Security’s Wicked Problems: A Design Thinking Approach

DTIC Science & Technology

2015-09-01

spur solutions. This thesis provides a framework for how S&T can incorporate design- thinking principles that are working well in other domains to...to spur solutions. This thesis provides a framework for how S&T can incorporate design-thinking principles that are working well in other domains to...Galbraith’s Star Model was used to analyze how DHS S&T, MindLab, and DARPA apply design-thinking principles to inform the framework to apply and

Risk and Infrastructure Science Center - Global Security Sciences

Science.gov Websites

delivers scientific tools and methodologies to inform decision making regarding the most challenging Sciences ASD Accelerator Systems AES APS Engineering Support XSD X-ray Science Physical Sciences and Leadership Strategic Alliance for Global Energy Solutions Overview Leadership Systems Science Center Overview

Peace (of Mind) in Our Time

ERIC Educational Resources Information Center

Panettieri, Joseph C.

2007-01-01

There's no silver bullet to information security; universities must continue to keep their antivirus, anti-spyware, firewall, and patch management systems in good working order. These days, the largest target for hackers appears to be university databases. Now, universities are searching for new solutions to safeguard those systems. This article…

An end-to-end secure patient information access card system.

PubMed

Alkhateeb, A; Singer, H; Yakami, M; Takahashi, T

2000-03-01

The rapid development of the Internet and the increasing interest in Internet-based solutions has promoted the idea of creating Internet-based health information applications. This will force a change in the role of IC cards in healthcare card systems from a data carrier to an access key medium. At the Medical Informatics Department of Kyoto University Hospital we are developing a smart card patient information project where patient databases are accessed via the Internet. Strong end-to-end data encryption is performed via Secure Socket Layers, transparent to transmit patient information. The smart card is playing the crucial role of access key to the database: user authentication is performed internally without ever revealing the actual key. For easy acceptance by healthcare professionals, the user interface is integrated as a plug-in for two familiar Web browsers, Netscape Navigator and MS Internet Explorer.

A Cluster-Based Framework for the Security of Medical Sensor Environments

NASA Astrophysics Data System (ADS)

Klaoudatou, Eleni; Konstantinou, Elisavet; Kambourakis, Georgios; Gritzalis, Stefanos

The adoption of Wireless Sensor Networks (WSNs) in the healthcare sector poses many security issues, mainly because medical information is considered particularly sensitive. The security mechanisms employed are expected to be more efficient in terms of energy consumption and scalability in order to cope with the constrained capabilities of WSNs and patients’ mobility. Towards this goal, cluster-based medical WSNs can substantially improve efficiency and scalability. In this context, we have proposed a general framework for cluster-based medical environments on top of which security mechanisms can rely. This framework fully covers the varying needs of both in-hospital environments and environments formed ad hoc for medical emergencies. In this paper, we further elaborate on the security of our proposed solution. We specifically focus on key establishment mechanisms and investigate the group key agreement protocols that can best fit in our framework.

Information security threats and an easy-to-implement attack detection framework for wireless sensor network-based smart grid applications

NASA Astrophysics Data System (ADS)

Tuna, G.; Örenbaş, H.; Daş, R.; Kogias, D.; Baykara, M.; K, K.

2016-03-01

Wireless Sensor Networks (WSNs) when combined with various energy harvesting solutions managing to prolong the overall lifetime of the system and enhanced capabilities of the communication protocols used by modern sensor nodes are efficiently used in are efficiently used in Smart Grid (SG), an evolutionary system for the modernization of existing power grids. However, wireless communication technology brings various types of security threats. In this study, firstly the use of WSNs for SG applications is presented. Second, the security related issues and challenges as well as the security threats are presented. In addition, proposed security mechanisms for WSN-based SG applications are discussed. Finally, an easy- to-implement and simple attack detection framework to prevent attacks directed to sink and gateway nodes with web interfaces is proposed and its efficiency is proved using a case study.

Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education

PubMed Central

2013-01-01

Background Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient’s TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Methods Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO’s standard for information security risk management. Results A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Conclusions Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality risks in home are different from in a more controlled environment such as a hospital; and electronic equipment located in private homes and communicating via Internet, is more exposed to unauthorised access. By implementing the proposed measures, it has been possible to design a home-based service which ensures the necessary level of information security and privacy. PMID:23937965

Security and Resilience | Grid Modernization | NREL

Science.gov Websites

Security and Resilience Security and Resilience NREL develops tools and solutions to enable a more Consortium, NREL collaborates with industry, academia, and other research organizations to find solutions to

An HIT Solution for Clinical Care and Disaster Planning: How One health Center in Joplin, MO Survived a Tornado and Avoided a Health Information Disaster.

PubMed

Shin, Peter; Jacobs, Feygele

2012-01-01

Since taking office, President Obama has made substantial investments in promoting the diffusion of health information technology (IT). The objective of the national health IT program is, generally, to enable health care providers to better manage patient care through secure use and sharing of health information. Through the use of technologies including electronic health records, providers can better maintain patient care information and facilitate communication, often improving care outcomes. The recent tornado in Joplin, MO highlights the importance of health information technology in the health center context, and illustrates the importance of secure electronic health information systems as a crucial element of disaster and business continuity planning. This article examines the experience of a community health center in the aftermath of the major tornado that swept through the American Midwest in the spring of 2011, and provides insight into the planning for disaster survival and recovery as it relates to patient records and health center data.

An HIT Solution for Clinical Care and Disaster Planning: How One health Center in Joplin, MO Survived a Tornado and Avoided a Health Information Disaster

PubMed Central

Shin, Peter; Jacobs, Feygele

2012-01-01

Since taking office, President Obama has made substantial investments in promoting the diffusion of health information technology (IT). The objective of the national health IT program is, generally, to enable health care providers to better manage patient care through secure use and sharing of health information. Through the use of technologies including electronic health records, providers can better maintain patient care information and facilitate communication, often improving care outcomes. The recent tornado in Joplin, MO highlights the importance of health information technology in the health center context, and illustrates the importance of secure electronic health information systems as a crucial element of disaster and business continuity planning. This article examines the experience of a community health center in the aftermath of the major tornado that swept through the American Midwest in the spring of 2011, and provides insight into the planning for disaster survival and recovery as it relates to patient records and health center data. PMID:23569622

A broadcast-based key agreement scheme using set reconciliation for wireless body area networks.

PubMed

Ali, Aftab; Khan, Farrukh Aslam

2014-05-01

Information and communication technologies have thrived over the last few years. Healthcare systems have also benefited from this progression. A wireless body area network (WBAN) consists of small, low-power sensors used to monitor human physiological values remotely, which enables physicians to remotely monitor the health of patients. Communication security in WBANs is essential because it involves human physiological data. Key agreement and authentication are the primary issues in the security of WBANs. To agree upon a common key, the nodes exchange information with each other using wireless communication. This information exchange process must be secure enough or the information exchange should be minimized to a certain level so that if information leak occurs, it does not affect the overall system. Most of the existing solutions for this problem exchange too much information for the sake of key agreement; getting this information is sufficient for an attacker to reproduce the key. Set reconciliation is a technique used to reconcile two similar sets held by two different hosts with minimal communication complexity. This paper presents a broadcast-based key agreement scheme using set reconciliation for secure communication in WBANs. The proposed scheme allows the neighboring nodes to agree upon a common key with the personal server (PS), generated from the electrocardiogram (EKG) feature set of the host body. Minimal information is exchanged in a broadcast manner, and even if every node is missing a different subset, by reconciling these feature sets, the whole network will still agree upon a single common key. Because of the limited information exchange, if an attacker gets the information in any way, he/she will not be able to reproduce the key. The proposed scheme mitigates replay, selective forwarding, and denial of service attacks using a challenge-response authentication mechanism. The simulation results show that the proposed scheme has a great deal of adoptability in terms of security, communication overhead, and running time complexity, as compared to the existing EKG-based key agreement scheme.

A Secure Mobile-Based Authentication System for e-Banking

NASA Astrophysics Data System (ADS)

Rifà-Pous, Helena

Financial information is extremely sensitive. Hence, electronic banking must provide a robust system to authenticate its customers and let them access their data remotely. On the other hand, such system must be usable, affordable, and portable. We propose a challenge-response based one-time password (OTP) scheme that uses symmetric cryptography in combination with a hardware security module. The proposed protocol safeguards passwords from keyloggers and phishing attacks. Besides, this solution provides convenient mobility for users who want to bank online anytime and anywhere, not just from their own trusted computers.

Surveillance of ground vehicles for airport security

NASA Astrophysics Data System (ADS)

Blasch, Erik; Wang, Zhonghai; Shen, Dan; Ling, Haibin; Chen, Genshe

2014-06-01

Future surveillance systems will work in complex and cluttered environments which require systems engineering solutions for such applications such as airport ground surface management. In this paper, we highlight the use of a L1 video tracker for monitoring activities at an airport. We present methods of information fusion, entity detection, and activity analysis using airport videos for runway detection and airport terminal events. For coordinated airport security, automated ground surveillance enhances efficient and safe maneuvers for aircraft, unmanned air vehicles (UAVs) and unmanned ground vehicles (UGVs) operating within airport environments.

Processing multilevel secure test and evaluation information

NASA Astrophysics Data System (ADS)

Hurlburt, George; Hildreth, Bradley; Acevedo, Teresa

1994-07-01

The Test and Evaluation Community Network (TECNET) is building a Multilevel Secure (MLS) system. This system features simultaneous access to classified and unclassified information and easy access through widely available communications channels. It provides the necessary separation of classification levels, assured through the use of trusted system design techniques, security assessments and evaluations. This system enables cleared T&E users to view and manipulate classified and unclassified information resources either using a single terminal interface or multiple windows in a graphical user interface. TECNET is in direct partnership with the National Security Agency (NSA) to develop and field the MLS TECNET capability in the near term. The centerpiece of this partnership is a state-of-the-art Concurrent Systems Security Engineering (CSSE) process. In developing the MLS TECNET capability, TECNET and NSA are providing members, with various expertise and diverse backgrounds, to participate in the CSSE process. The CSSE process is founded on the concepts of both Systems Engineering and Concurrent Engineering. Systems Engineering is an interdisciplinary approach to evolve and verify an integrated and life cycle balanced set of system product and process solutions that satisfy customer needs (ASD/ENS-MIL STD 499B 1992). Concurrent Engineering is design and development using the simultaneous, applied talents of a diverse group of people with the appropriate skills. Harnessing diverse talents to support CSSE requires active participation by team members in an environment that both respects and encourages diversity.

COSPO/CENDI Industry Day Conference

NASA Technical Reports Server (NTRS)

1995-01-01

The conference's objective was to provide a forum where government information managers and industry information technology experts could have an open exchange and discuss their respective needs and compare them to the available, or soon to be available, solutions. Technical summaries and points of contact are provided for the following sessions: secure products, protocols, and encryption; information providers; electronic document management and publishing; information indexing, discovery, and retrieval (IIDR); automated language translators; IIDR - natural language capabilities; IIDR - advanced technologies; IIDR - distributed heterogeneous and large database support; and communications - speed, bandwidth, and wireless.

The Solutions Project: Educating the Public and Policy Makers About Solutions to Global Warming, Air Pollution, and Energy Security

NASA Astrophysics Data System (ADS)

Jacobson, M. Z.

2015-12-01

Three major global problems of our times are global warming, air pollution mortality and morbidity, and energy insecurity. Whereas, policy makers with the support of the public must implement solutions to these problems, it is scientists and engineers who are best equipped to evaluate technically sound, optimal, and efficient solutions. Yet, a disconnect exists between information provided by scientists and engineers and policies implemented. Part of the reason is that scientific information provided to policy makers and the public is swamped out by information provided by lobbyists and another part is the difficulty in providing information to the hundreds of millions of people who need it rather than to just a few thousand. What other ways are available, aside from issuing press releases on scientific papers, for scientists to disseminate information? Three growing methods are through social media, creative media, and storytelling. The Solutions Project is a non-profit non-governmental organization whose goal is to bring forth scientific information about 100% clean, renewable energy plans to the public, businesses, and policy makers using these and related tools. Through the use of social media, the development of engaging internet and video content, and storytelling, the group hopes to increase the dissemination of information for social good. This talk discusses the history and impacts to date of this group and its methods. Please see www.thesolutionsproject.org and 100.org for more information.

Analysis of Multiple Data Hiding Combined Coloured Visual Cryptography and LSB

NASA Astrophysics Data System (ADS)

Maulana, Halim; Rahman Syahputra, Edy

2017-12-01

Currently the level of data security becoming a major factor in data transfer. As we know every process of sending data through any medium the risk of that data gets hacked will still be there. Some techniques for securing data such as steganography and cryptography also often used as a solution for securing data. But it does not last long because it has been found out the weaknesses of the algorithm so that the security be assured. So, in need of variety of new algorithms to be able to protect the data so that data security can be guaranteed. In this study tries to combine two visual algorithms that steganography and cryptography. Where in these experiments will try to secure two pieces of data type that is the type of image data and text data where both the data is regarded as a message so to obtain the correct information receiver should get that two types of data.

Security of electronic mental health communication and record-keeping in the digital age.

PubMed

Elhai, Jon D; Frueh, B Christopher

2016-02-01

The mental health field has seen a trend in recent years of the increased use of information technology, including mobile phones, tablets, and laptop computers, to facilitate clinical treatment delivery to individual patients and for record keeping. However, little attention has been paid to ensuring that electronic communication with patients is private and secure. This is despite potentially deleterious consequences of a data breach, which are reported in the news media very frequently in modern times. In this article, we present typical security concerns associated with using technology in clinical services or research. We also discuss enhancing the privacy and security of electronic communication with clinical patients and research participants. We offer practical, easy-to-use software application solutions for clinicians and researchers to secure patient communication and records. We discuss such issues as using encrypted wireless networks, secure e-mail, encrypted messaging and videoconferencing, privacy on social networks, and others. © Copyright 2015 Physicians Postgraduate Press, Inc.

Lemnos interoperable security project.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Halbgewachs, Ronald D.

2010-03-01

With the Lemnos framework, interoperability of control security equipment is straightforward. To obtain interoperability between proprietary security appliance units, one or both vendors must now write cumbersome 'translation code.' If one party changes something, the translation code 'breaks.' The Lemnos project is developing and testing a framework that uses widely available security functions and protocols like IPsec - to form a secure communications channel - and Syslog, to exchange security log messages. Using this model, security appliances from two or more different vendors can clearly and securely exchange information, helping to better protect the total system. Simplify regulatory compliance inmore » a complicated security environment by leveraging the Lemnos framework. As an electric utility, are you struggling to implement the NERC CIP standards and other regulations? Are you weighing the misery of multiple management interfaces against committing to a ubiquitous single-vendor solution? When vendors build their security appliances to interoperate using the Lemnos framework, it becomes practical to match best-of-breed offerings from an assortment of vendors to your specific control systems needs. The Lemnos project is developing and testing a framework that uses widely available open-source security functions and protocols like IPsec and Syslog to create a secure communications channel between appliances in order to exchange security data.« less

Short Message Service (SMS) Security Solution for Mobile Devices

DTIC Science & Technology

2006-12-01

correspondences, all reside on the mobile device . Once the data is compromised, the owner, family members, and friends may be subjected to identity theft ...SERVICE (SMS) SECURITY SOLUTION FOR MOBILE DEVICES by Yu Loon Ng December 2006 Thesis Advisor: Gurminder Singh Co-Advisor: John Gibson...in military settings are also discussed. 15. NUMBER OF PAGES 113 14. SUBJECT TERMS GSM security, SMS security, mobile device security

Big Data, Big Solutions

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pike, Bill

Data—lots of data—generated in seconds and piling up on the internet, streaming and stored in countless databases. Big data is important for commerce, society and our nation’s security. Yet the volume, velocity, variety and veracity of data is simply too great for any single analyst to make sense of alone. It requires advanced, data-intensive computing. Simply put, data-intensive computing is the use of sophisticated computers to sort through mounds of information and present analysts with solutions in the form of graphics, scenarios, formulas, new hypotheses and more. This scientific capability is foundational to PNNL’s energy, environment and security missions. Seniormore » Scientist and Division Director Bill Pike and his team are developing analytic tools that are used to solve important national challenges, including cyber systems defense, power grid control systems, intelligence analysis, climate change and scientific exploration.« less

Development and Operation of a Modern Information Portal for the ISS Medical Groups

NASA Technical Reports Server (NTRS)

Damann, V.; Johnson, MaGee; Sargsyan, Ashot; McDonald, P. Vernon; Armstrong, C.; Scheer, M.; Duncan, J. Michael

2007-01-01

This viewgraph presentation begins with a review of some of the problems inherent in running medical services for the International Space Station. Part of the solution for the problems is the development of the information portal for the ISS medical groups. The presentation shows the tools that have been developed to assist in collaboration for the medical services, the security system and the capabilities of the portal.

Identifying and Eliminating Barriers Faced by Nontraditional Department of Defense Suppliers

DTIC Science & Technology

2014-01-01

organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more...Commands, the Department of the Navy, the Marine Corps, the defense agencies, and the defense Intelligence Community . For more information on the RAND...17 Lack of Access to and Communication

77 FR 19719 - Whirlpool Corporation Including On-Site Leased Workers From Career Solutions TEC Staffing, IBM...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-02

... Including Workers Whose Unemployment Insurance (UI) Wages Are Reported Through U.S. Security Fort Smith, AR... Staffing, Fort Smith, Arkansas. The workers are engaged in the production of refrigerators and trash... information shows that workers leased from Andrews International employed on-site at the Fort Smith, Arkansas...

Common Criteria related security design patterns--validation on the intelligent sensor example designed for mine environment.

PubMed

Bialas, Andrzej

2010-01-01

The paper discusses the security issues of intelligent sensors that are able to measure and process data and communicate with other information technology (IT) devices or systems. Such sensors are often used in high risk applications. To improve their robustness, the sensor systems should be developed in a restricted way to provide them with assurance. One of assurance creation methodologies is Common Criteria (ISO/IEC 15408), used for IT products and systems. The contribution of the paper is a Common Criteria compliant and pattern-based method for the intelligent sensors security development. The paper concisely presents this method and its evaluation for the sensor detecting methane in a mine, focusing on the security problem of the intelligent sensor definition and solution. The aim of the validation is to evaluate and improve the introduced method.

Implementing security in a distributed web-based EHCR.

PubMed

Sucurovic, Snezana

2007-01-01

In many countries there are initiatives for building an integrated patient-centric electronic health record. There are also initiatives for transnational integrations. These growing demands for integration result from the fact that it can provide improving healthcare treatments and reducing the cost of healthcare services. While in European highly developed countries computerisation in healthcare sector began in the 1970s and reached a high level, some developing countries, and Serbia among them, have started computerisation recently. This is why MEDIS (MEDical Information System) is aimed at integration itself from the very beginning instead of integration of heterogeneous information systems on a middle layer or using HL7 protocol. The implementation of a national healthcare information system requires using standards as integrated and widely accepted solutions. Therefore, we have started building MEDIS to meet the requirements of CEN ENV 13606 and CEN ENV 13729 standards. The prototype version has a distributed component-based architecture with modern security solutions applied. MEDIS has been implemented as a federated system where the central server hosts basic EHCR information about a patient, and clinical servers contain their own part of patients' EHCR. At present, there is an initial version of prototype planned to be deployed at first in a small community. In particular, open source API for X.509 authentication and authorisation has been developed. Our project meets the requirements for education in health informatics, including appropriate knowledge and skills on EHCR. The points included in this article have been presented on several national conferences and widely discussed. MEDIS has explored a federated, component-based EHCR architecture and related security aspects. In its initial version it shows acceptable performances and administrative simplicity. It emphasizes the importance of using standards in building EHCR in our country, in order to prepare it for future integrations.

The Effectiveness of Health Care Information Technologies: Evaluation of Trust, Security Beliefs, and Privacy as Determinants of Health Care Outcomes

PubMed Central

2018-01-01

Background The diffusion of health information technologies (HITs) within the health care sector continues to grow. However, there is no theory explaining how success of HITs influences patient care outcomes. With the increase in data breaches, HITs’ success now hinges on the effectiveness of data protection solutions. Still, empirical research has only addressed privacy concerns, with little regard for other factors of information assurance. Objective The objective of this study was to study the effectiveness of HITs using the DeLone and McLean Information Systems Success Model (DMISSM). We examined the role of information assurance constructs (ie, the role of information security beliefs, privacy concerns, and trust in health information) as measures of HIT effectiveness. We also investigated the relationships between information assurance and three aspects of system success: attitude toward health information exchange (HIE), patient access to health records, and perceived patient care quality. Methods Using structural equation modeling, we analyzed the data from a sample of 3677 cancer patients from a public dataset. We used R software (R Project for Statistical Computing) and the Lavaan package to test the hypothesized relationships. Results Our extension of the DMISSM to health care was supported. We found that increased privacy concerns reduce the frequency of patient access to health records use, positive attitudes toward HIE, and perceptions of patient care quality. Also, belief in the effectiveness of information security increases the frequency of patient access to health records and positive attitude toward HIE. Trust in health information had a positive association with attitudes toward HIE and perceived patient care quality. Trust in health information had no direct effect on patient access to health records; however, it had an indirect relationship through privacy concerns. Conclusions Trust in health information and belief in the effectiveness of information security safeguards increases perceptions of patient care quality. Privacy concerns reduce patients’ frequency of accessing health records, patients’ positive attitudes toward HIE exchange, and overall perceived patient care quality. Health care organizations are encouraged to implement security safeguards to increase trust, the frequency of health record use, and reduce privacy concerns, consequently increasing patient care quality. PMID:29643052

MulVAL Extensions for Dynamic Asset Protection

DTIC Science & Technology

2006-04-01

called Skybox Security and an AI-based project called CycSecure were identified as interesting and relatively mature projects, which deserve closer...dynamic asset protection solution. A critique of the Skybox Security and CycSecure solutions, with respect to the requirements of dynamic asset...particulièrement, un produit du commerce appelé Skybox Security et un projet d’IA appelé CycSecure ont été désignés comme étant des projets

TRENCADIS - secure architecture to share and manage DICOM objects in a ontological framework based on OGSA.

PubMed

Blanquer, Ignacio; Hernandez, Vicente; Segrelles, Damià; Torres, Erik

2007-01-01

Today most European healthcare centers use the digital format for their databases of images. TRENCADIS is a software architecture comprising a set of services as a solution for interconnecting, managing and sharing selected parts of medical DICOM data for the development of training and decision support tools. The organization of the distributed information in virtual repositories is based on semantic criteria. Different groups of researchers could organize themselves to propose a Virtual Organization (VO). These VOs will be interested in specific target areas, and will share information concerning each area. Although the private part of the information to be shared will be removed, special considerations will be taken into account to avoid the access by non-authorized users. This paper describes the security model implemented as part of TRENCADIS. The paper is organized as follows. First introduces the problem and presents our motivations. Section 1 defines the objectives. Section 2 presents an overview of the existing proposals per objective. Section 3 outlines the overall architecture. Section 4 describes how TRENCADIS is architected to realize the security goals discussed in the previous sections. The different security services and components of the infrastructure are briefly explained, as well as the exposed interfaces. Finally, Section 5 concludes and gives some remarks on our future work.

Secure medical information sharing in cloud computing.

PubMed

Shao, Zhiyi; Yang, Bo; Zhang, Wenzheng; Zhao, Yi; Wu, Zhenqiang; Miao, Meixia

2015-01-01

Medical information sharing is one of the most attractive applications of cloud computing, where searchable encryption is a fascinating solution for securely and conveniently sharing medical data among different medical organizers. However, almost all previous works are designed in symmetric key encryption environment. The only works in public key encryption do not support keyword trapdoor security, have long ciphertext related to the number of receivers, do not support receiver revocation without re-encrypting, and do not preserve the membership of receivers. In this paper, we propose a searchable encryption supporting multiple receivers for medical information sharing based on bilinear maps in public key encryption environment. In the proposed protocol, data owner stores only one copy of his encrypted file and its corresponding encrypted keywords on cloud for multiple designated receivers. The keyword ciphertext is significantly shorter and its length is constant without relation to the number of designated receivers, i.e., for n receivers the ciphertext length is only twice the element length in the group. Only the owner knows that with whom his data is shared, and the access to his data is still under control after having been put on the cloud. We formally prove the security of keyword ciphertext based on the intractability of Bilinear Diffie-Hellman problem and the keyword trapdoor based on Decisional Diffie-Hellman problem.

Cognitive approaches for patterns analysis and security applications

NASA Astrophysics Data System (ADS)

Ogiela, Marek R.; Ogiela, Lidia

2017-08-01

In this paper will be presented new opportunities for developing innovative solutions for semantic pattern classification and visual cryptography, which will base on cognitive and bio-inspired approaches. Such techniques can be used for evaluation of the meaning of analyzed patterns or encrypted information, and allow to involve such meaning into the classification task or encryption process. It also allows using some crypto-biometric solutions to extend personalized cryptography methodologies based on visual pattern analysis. In particular application of cognitive information systems for semantic analysis of different patterns will be presented, and also a novel application of such systems for visual secret sharing will be described. Visual shares for divided information can be created based on threshold procedure, which may be dependent on personal abilities to recognize some image details visible on divided images.

A Service Architecture Solution for Mobile Enterprise Resources: A Case Study in the Banking Industry

NASA Astrophysics Data System (ADS)

Garcia-Gonzalez, Juan P.; Gacitua-Decar, Geronica; Pahl, Claus

Providing mobility to participants of business processes is an increasing trend in the banking sector. Independence of a physical place to interact with clients, while been able to use the information managed in the banking applications is one, of the benefits of mobile business processes. Challenges arising from this approach include to deal with a scenario of occasionally connected communication; security issues regarding the exposition of internal information on devices-that could be lost-; and restrictions on the capacity of mobile devices. This paper presents our experience in implementing a service-based architecture solution to extend centralised resources from a financial institution to a mobile platform.

Indirection and computer security.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Berg, Michael J.

2011-09-01

The discipline of computer science is built on indirection. David Wheeler famously said, 'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. We propose that every computer security vulnerability is yet another problem created by the indirections in system designs and that focusing on the indirections involved is a better way to design, evaluate, and compare security solutions. We are not proposing that indirection be avoided when solving problems, but that understanding the relationships between indirections and vulnerabilities is key to securing computer systems. Using this perspective, we analyzemore » common vulnerabilities that plague our computer systems, consider the effectiveness of currently available security solutions, and propose several new security solutions.« less

The Cyber Security Crisis

ScienceCinema

Spafford, Eugene

2018-05-11

Despite considerable activity and attention, the overall state of information security continues to get worse. Attacks are increasing, fraud and theft are rising, and losses may exceed $100 billion per year worldwide. Many factors contribute to this, including misplaced incentives for industry, a lack of attention by government, ineffective law enforcement, and an uninformed image of who the perpetrators really are. As a result, many of the intended attempts at solutions are of limited (if any) overall effectiveness. This presentation will illustrate some key aspects of the cyber security problem and its magnitude, as well as provide some insight into causes and enabling factors. The talk will conclude with some observations on how the computing community can help improve the situation, as well as some suggestions for 'cyber self-defense.'

Solutions Network Formulation Report. The Potential Contribution of the Ocean Surface Topography Mission to the General NOAA Oil Monitoring Environment

NASA Technical Reports Server (NTRS)

Hilbert, Kent; Anderson, Daniel; Lewis, David

2007-01-01

Data collected by the OSTM could be used to provide a solution for the GNOME DST. GNOME, developed by NOAA?s Office of Response and Restoration Hazardous Materials Response Division, geospatially models oil spill trajectories using wind, current, river flow, and tidal data. Data collected by the OSTM would supply information about ocean currents and wind speeds. This Candidate Solution is in alignment with the Coastal Management, Water Management, Disaster Management, Public Health, Ecological Forecasting, and Homeland Security National Applications and will benefit society by improving the capabilities of emergency responders who evaluate an oil spill?s probable threat.

Addressing security, collaboration, and usability with tactical edge mobile devices and strategic cloud-based systems

NASA Astrophysics Data System (ADS)

Graham, Christopher J.

2012-05-01

Success in the future battle space is increasingly dependent on rapid access to the right information. Faced with a shrinking budget, the Government has a mandate to improve intelligence productivity, quality, and reliability. To achieve increased ISR effectiveness, leverage of tactical edge mobile devices via integration with strategic cloud-based infrastructure is the single, most likely candidate area for dramatic near-term impact. This paper discusses security, collaboration, and usability components of this evolving space. These three paramount tenets outlined below, embody how mission information is exchanged securely, efficiently, with social media cooperativeness. Tenet 1: Complete security, privacy, and data integrity, must be ensured within the net-centric battle space. This paper discusses data security on a mobile device, data at rest on a cloud-based system, authorization and access control, and securing data transport between entities. Tenet 2: Lack of collaborative information sharing and content reliability jeopardizes mission objectives and limits the end user capability. This paper discusses cooperative pairing of mobile devices and cloud systems, enabling social media style interaction via tagging, meta-data refinement, and sharing of pertinent data. Tenet 3: Fielded mobile solutions must address usability and complexity. Simplicity is a powerful paradigm on mobile platforms, where complex applications are not utilized, and simple, yet powerful, applications flourish. This paper discusses strategies for ensuring mobile applications are streamlined and usable at the tactical edge through focused features sets, leveraging the power of the back-end cloud, minimization of differing HMI concepts, and directed end-user feedback.teInput=

A covert authentication and security solution for GMOs.

PubMed

Mueller, Siguna; Jafari, Farhad; Roth, Don

2016-09-21

Proliferation and expansion of security risks necessitates new measures to ensure authenticity and validation of GMOs. Watermarking and other cryptographic methods are available which conceal and recover the original signature, but in the process reveal the authentication information. In many scenarios watermarking and standard cryptographic methods are necessary but not sufficient and new, more advanced, cryptographic protocols are necessary. Herein, we present a new crypto protocol, that is applicable in broader settings, and embeds the authentication string indistinguishably from a random element in the signature space and the string is verified or denied without disclosing the actual signature. Results show that in a nucleotide string of 1000, the algorithm gives a correlation of 0.98 or higher between the distribution of the codon and that of E. coli, making the signature virtually invisible. This algorithm may be used to securely authenticate and validate GMOs without disclosing the actual signature. While this protocol uses watermarking, its novelty is in use of more complex cryptographic techniques based on zero knowledge proofs to encode information.

Cryptanalysis and Improvements for the Quantum Private Comparison Protocol Using EPR Pairs

NASA Astrophysics Data System (ADS)

Wang, Cong; Xu, Gang; Yang, Yi-Xian

2013-07-01

In this paper, we carry out an in-depth analysis of the quantum private comparison (QPC) protocol with the semi-honest third party (TP). The security of QPC protocol using the EPR pairs is re-examined. Unfortunately, we find that TP can use the fake EPR pairs to steal all the secret information. Furthermore, we give two simple and feasible solutions to improve the original QPC protocol. It is shown that the improved protocol is secure, which can resist various kinds of attacks from both the outside eavesdroppers and the inside participants, even the semi-honest TP.

Improving Cyber-Security of Smart Grid Systems via Anomaly Detection and Linguistic Domain Knowledge

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Milos Manic

The planned large scale deployment of smart grid network devices will generate a large amount of information exchanged over various types of communication networks. The implementation of these critical systems will require appropriate cyber-security measures. A network anomaly detection solution is considered in this work. In common network architectures multiple communications streams are simultaneously present, making it difficult to build an anomaly detection solution for the entire system. In addition, common anomaly detection algorithms require specification of a sensitivity threshold, which inevitably leads to a tradeoff between false positives and false negatives rates. In order to alleviate these issues, thismore » paper proposes a novel anomaly detection architecture. The designed system applies the previously developed network security cyber-sensor method to individual selected communication streams allowing for learning accurate normal network behavior models. Furthermore, the developed system dynamically adjusts the sensitivity threshold of each anomaly detection algorithm based on domain knowledge about the specific network system. It is proposed to model this domain knowledge using Interval Type-2 Fuzzy Logic rules, which linguistically describe the relationship between various features of the network communication and the possibility of a cyber attack. The proposed method was tested on experimental smart grid system demonstrating enhanced cyber-security.« less

Common Criteria Related Security Design Patterns—Validation on the Intelligent Sensor Example Designed for Mine Environment

PubMed Central

Bialas, Andrzej

2010-01-01

The paper discusses the security issues of intelligent sensors that are able to measure and process data and communicate with other information technology (IT) devices or systems. Such sensors are often used in high risk applications. To improve their robustness, the sensor systems should be developed in a restricted way to provide them with assurance. One of assurance creation methodologies is Common Criteria (ISO/IEC 15408), used for IT products and systems. The contribution of the paper is a Common Criteria compliant and pattern-based method for the intelligent sensors security development. The paper concisely presents this method and its evaluation for the sensor detecting methane in a mine, focusing on the security problem of the intelligent sensor definition and solution. The aim of the validation is to evaluate and improve the introduced method. PMID:22399888

Project UNITY: Cross Domain Visualization Collaboration

NASA Astrophysics Data System (ADS)

Moore, J.; Havig, P.

UNITY is an International Cooperative Research and Development (ICR&D) project between the United States and Great Britain under the Research and Development Projects (RDP) Memorandum of Agreement (MOA). UNITYs objectives are to develop and evaluate the operational concepts and requirements for undertaking combined operations: a) pursuant to the interests of mission partners, b) develop, experiment, and demonstrate, transitionable emergent technologies, capabilities, or concepts, which facilitate the sharing of information and products between mission partners, and c) identify and define additional emerging technologies that may need to be developed to support current and future military information sharing. Collaboration between coalition partners is essentially for accurate and timely decision making in the ever increasing nature and tempo of global security. The purpose for this project is to develop engineering solutions in order to further investigate the human factors issues that arise while sharing information in a collaborative environment where security is an issue. The biggest difference between existing available solutions are in the presentation and interaction with the interface on both ends of the collaboration in order to preserve the expressed intent of shared situation awareness while also enabling markups and content on one screen that the other collaborator does not see and vice versa. The UNITY project stresses collaboration differently than all known realtime collaboration software in production, aka groupware, on the market today. The tradition of What You See Is What I See (WYSIWIS) as in typical implementations of shared whiteboards simply do not address the need for local and private information to be displayed in context with shareable data. This paper addresses the concerns, problems, and some solutions for shared 3D visualization and 2D tabular visualizations which are explored and presented within the space situation awareness problem set.

A review of existing and emerging digital technologies to combat the global trade in fake medicines.

PubMed

Mackey, Tim K; Nayyar, Gaurvika

2017-05-01

The globalization of the pharmaceutical supply chain has introduced new challenges, chief among them, fighting the international criminal trade in fake medicines. As the manufacture, supply, and distribution of drugs becomes more complex, so does the need for innovative technology-based solutions to protect patients globally. Areas covered: We conducted a multidisciplinary review of the science/health, information technology, computer science, and general academic literature with the aim of identifying cutting-edge existing and emerging 'digital' solutions to combat fake medicines. Our review identified five distinct categories of technology including mobile, radio frequency identification, advanced computational methods, online verification, and blockchain technology. Expert opinion: Digital fake medicine solutions are unifying platforms that integrate different types of anti-counterfeiting technologies as complementary solutions, improve information sharing and data collection, and are designed to overcome existing barriers of adoption and implementation. Investment in this next generation technology is essential to ensure the future security and integrity of the global drug supply chain.

Evaluation of Traditional Security Solutions in the SCADA Environment

DTIC Science & Technology

2012-03-01

Evaluation of Traditional Security Solutions in the SCADA Environment THESIS Robert D. Larkin, Captain, USAF AFIT/GCO/ENG/12-06 DEPARTMENT OF THE AIR...views expressed in this thesis are those of the author and do not reflect the official policy or position of the United States Air Force, Department...United States. AFIT/GCO/ENG/12-06 Evaluation of Traditional Security Solutions in the SCADA Environment THESIS Presented to the Faculty Department of

Securing SIFT: Privacy-preserving Outsourcing Computation of Feature Extractions Over Encrypted Image Data.

PubMed

Hu, Shengshan; Wang, Qian; Wang, Jingjun; Qin, Zhan; Ren, Kui

2016-05-13

Advances in cloud computing have greatly motivated data owners to outsource their huge amount of personal multimedia data and/or computationally expensive tasks onto the cloud by leveraging its abundant resources for cost saving and flexibility. Despite the tremendous benefits, the outsourced multimedia data and its originated applications may reveal the data owner's private information, such as the personal identity, locations or even financial profiles. This observation has recently aroused new research interest on privacy-preserving computations over outsourced multimedia data. In this paper, we propose an effective and practical privacy-preserving computation outsourcing protocol for the prevailing scale-invariant feature transform (SIFT) over massive encrypted image data. We first show that previous solutions to this problem have either efficiency/security or practicality issues, and none can well preserve the important characteristics of the original SIFT in terms of distinctiveness and robustness. We then present a new scheme design that achieves efficiency and security requirements simultaneously with the preservation of its key characteristics, by randomly splitting the original image data, designing two novel efficient protocols for secure multiplication and comparison, and carefully distributing the feature extraction computations onto two independent cloud servers. We both carefully analyze and extensively evaluate the security and effectiveness of our design. The results show that our solution is practically secure, outperforms the state-of-theart, and performs comparably to the original SIFT in terms of various characteristics, including rotation invariance, image scale invariance, robust matching across affine distortion, addition of noise and change in 3D viewpoint and illumination.

IT solutions for privacy protection in biobanking.

PubMed

Eder, J; Gottweis, H; Zatloukal, K

2012-01-01

Biobanks containing human biological samples and associated data are key resources for the advancement of medical research. Efficient access to samples and data increases competitiveness in medical research, reduces effort and time for achieving scientific results and promotes scientific progress. In order to address upcoming health challenges, there is increasing need for transnational collaboration. This requires innovative solutions improving interoperability of biobanks in fields such as sample and data management as well as governance including ethical and legal frameworks. In this context, rights and expectations of donors to determine the usage of their biological material and data and to ensure their privacy have to be observed. We discuss the benefits of biobanks, the needs to support medical research and the societal demands and regulations, in particular, securing the rights of donors and present IT solutions that allow both to maintain the security of personal data and to increase the efficiency of access to data in biobanks. Disclosure filters are discussed as a strategy to combine European public expectations concerning informed consent with the requirements of biobank research. Copyright © 2012 S. Karger AG, Basel.

DOE Office of Scientific and Technical Information (OSTI.GOV)

No, author

This report summarizes the outcome of U.S. Department of Energy (DOE) contract DE-OE0000543, requesting the design of a Cryptographic Key Management System (CKMS) for the secure management of cryptographic keys for the energy sector infrastructure. Prime contractor Sypris Electronics, in collaboration with Oak Ridge National Laboratories (ORNL), Electric Power Research Institute (EPRI), Valicore Technologies, and Purdue University's Center for Education and Research in Information Assurance and Security (CERIAS) and Smart Meter Integration Laboratory (SMIL), has designed, developed and evaluated the CKMS solution. We provide an overview of the project in Section 3, review the core contributions of all contractors inmore » Section 4, and discuss bene ts to the DOE in Section 5. In Section 6 we describe the technical construction of the CKMS solution, and review its key contributions in Section 6.9. Section 7 describes the evaluation and demonstration of the CKMS solution in different environments. We summarize the key project objectives in Section 8, list publications resulting from the project in Section 9, and conclude with a discussion on commercialization in Section 10 and future work in Section 11.« less

NetWall distributed firewall in the use of campus network

NASA Astrophysics Data System (ADS)

He, Junhua; Zhang, Pengshuai

2011-10-01

Internet provides a modern means of education but also non-mainstream consciousness and poor dissemination of information opens the door, network and moral issues have become prominent, poor dissemination of information and network spread rumors and negative effects of new problems, ideological and political education in schools had a huge impact, poses a severe challenge. This paper presents a distributed firewall will NetWall deployed in a campus network solution. The characteristics of the campus network, using technology to filter out bad information on the means of control, of sensitive information related to the record, establish a complete information security management platform for the campus network.

Home e-health system integration in the Smart Home through a common media server.

PubMed

Pau, I; Seoane, F; Lindecrantz, K; Valero, M A; Carracedo, J

2009-01-01

Home e-health systems and services are revealed as one of the most important challenges to promote Quality of Life related to Health in the Information Society. Leading companies have worked on e-health systems although the majority of them are addressed to hospital or primary care settings. The solution detailed in this paper offers a personal health system to be integrated with Smart Home services platform to support home based e-care. Thus, the home e-health system and architecture detailed in this research work is ready to supply a seamless personal care solution both from the biomedical data analysis, service provision, security guarantee and information management s point of view. The solution is ready to be integrated within the Accessible Digital Home, a living lab managed by Universidad Politécnica de Madrid for R&D activities.

Query-Biased Preview over Outsourced and Encrypted Data

PubMed Central

Luo, Guangchun; Qin, Ke; Chen, Aiguo

2013-01-01

For both convenience and security, more and more users encrypt their sensitive data before outsourcing it to a third party such as cloud storage service. However, searching for the desired documents becomes problematic since it is costly to download and decrypt each possibly needed document to check if it contains the desired content. An informative query-biased preview feature, as applied in modern search engine, could help the users to learn about the content without downloading the entire document. However, when the data are encrypted, securely extracting a keyword-in-context snippet from the data as a preview becomes a challenge. Based on private information retrieval protocol and the core concept of searchable encryption, we propose a single-server and two-round solution to securely obtain a query-biased snippet over the encrypted data from the server. We achieve this novel result by making a document (plaintext) previewable under any cryptosystem and constructing a secure index to support dynamic computation for a best matched snippet when queried by some keywords. For each document, the scheme has O(d) storage complexity and O(log(d/s) + s + d/s) communication complexity, where d is the document size and s is the snippet length. PMID:24078798

Query-biased preview over outsourced and encrypted data.

PubMed

Peng, Ningduo; Luo, Guangchun; Qin, Ke; Chen, Aiguo

2013-01-01

For both convenience and security, more and more users encrypt their sensitive data before outsourcing it to a third party such as cloud storage service. However, searching for the desired documents becomes problematic since it is costly to download and decrypt each possibly needed document to check if it contains the desired content. An informative query-biased preview feature, as applied in modern search engine, could help the users to learn about the content without downloading the entire document. However, when the data are encrypted, securely extracting a keyword-in-context snippet from the data as a preview becomes a challenge. Based on private information retrieval protocol and the core concept of searchable encryption, we propose a single-server and two-round solution to securely obtain a query-biased snippet over the encrypted data from the server. We achieve this novel result by making a document (plaintext) previewable under any cryptosystem and constructing a secure index to support dynamic computation for a best matched snippet when queried by some keywords. For each document, the scheme has O(d) storage complexity and O(log(d/s) + s + d/s) communication complexity, where d is the document size and s is the snippet length.

Multi-agent integrated password management (MIPM) application secured with encryption

NASA Astrophysics Data System (ADS)

Awang, Norkhushaini; Zukri, Nurul Hidayah Ahmad; Rashid, Nor Aimuni Md; Zulkifli, Zuhri Arafah; Nazri, Nor Afifah Mohd

2017-10-01

Users use weak passwords and reuse them on different websites and applications. Password managers are a solution to store login information for websites and help users log in automatically. This project developed a system that acts as an agent managing passwords. Multi-Agent Integrated Password Management (MIPM) is an application using encryption that provides users with secure storage of their login account information such as their username, emails and passwords. This project was developed on an Android platform with an encryption agent using Java Agent Development Environment (JADE). The purpose of the embedded agents is to act as a third-party software to ease the encryption process, and in the future, the developed encryption agents can form part of the security system. This application can be used by the computer and mobile users. Currently, users log into many applications causing them to use unique passwords to prevent password leaking. The crypto agent handles the encryption process using an Advanced Encryption Standard (AES) 128-bit encryption algorithm. As a whole, MIPM is developed on the Android application to provide a secure platform to store passwords and has high potential to be commercialised for public use.

For telehealth to succeed, privacy and security risks must be identified and addressed.

PubMed

Hall, Joseph L; McGraw, Deven

2014-02-01

The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

Practical and secure telemedicine systems for user mobility.

PubMed

Rezaeibagha, Fatemeh; Mu, Yi

2018-02-01

The application of wireless devices has led to a significant improvement in the quality delivery of care in telemedicine systems. Patients who live in a remote area are able to communicate with the healthcare provider and benefit from the doctor consultations. However, it has been a challenge to provide a secure telemedicine system, which captures users (patients and doctors) mobility and patient privacy. In this work, we present several secure protocols for telemedicine systems, which ensure the secure communication between patients and doctors who are located in different geographical locations. Our protocols are the first of this kind featured with confidentiality of patient information, mutual authentication, patient anonymity, data integrity, freshness of communication, and mobility. Our protocols are based on symmetric-key schemes and capture all desirable security requirements in order to better serve our objectives of research for secure telemedicine services; therefore, they are very efficient in implementation. A comparison with related works shows that our work contributes first comprehensive solution to capture user mobility and patient privacy for telemedicine systems. Copyright © 2018 Elsevier Inc. All rights reserved.

RSA Key Development Using Fingerprint Image on Text Message

NASA Astrophysics Data System (ADS)

Rahman, Sayuti; Triana, Indah; Khairani, Sumi; Yasir, Amru; Sundari, Siti

2017-12-01

Along with the development of technology today, humans are very facilitated in accessing information and Communicate with various media, including through the Internet network . Messages are sent by media such as text are not necessarily guaranteed security. it is often found someone that wants to send a secret message to the recipient, but the messages can be known by irresponsible people. So the sender feels dissappointed because the secret message that should be known only to the recipient only becomes known by the irresponsible people . It is necessary to do security the message by using the RSA algorithm, Using fingerprint image to generate RSA key.This is a solution to enrich the security of a message,it is needed to process images firstly before generating RSA keys with feature extraction.

The Cyber Security Crisis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Spafford, Eugene

2006-05-10

Despite considerable activity and attention, the overall state of information security continues to get worse. Attacks are increasing, fraud and theft are rising, and losses may exceed $100 billion per year worldwide. Many factors contribute to this, including misplaced incentives for industry, a lack of attention by government, ineffective law enforcement, and an uninformed image of who the perpetrators really are. As a result, many of the intended attempts at solutions are of limited (if any) overall effectiveness. This presentation will illustrate some key aspects of the cyber security problem and its magnitude, as well as provide some insight intomore » causes and enabling factors. The talk will conclude with some observations on how the computing community can help improve the situation, as well as some suggestions for 'cyber self-defense.'« less

Hydrocomplexity: Addressing water security and emergent environmental risks

NASA Astrophysics Data System (ADS)

Kumar, Praveen

2015-07-01

Water security and emergent environmental risks are among the most significant societal concerns. They are highly interlinked to other global risks such as those related to climate, human health, food, human migration, biodiversity loss, urban sustainability, etc. Emergent risks result from the confluence of unanticipated interactions from evolving interdependencies between complex systems, such as those embedded in the water cycle. They are associated with the novelty of dynamical possibilities that have significant potential consequences to human and ecological systems, and not with probabilities based on historical precedence. To ensure water security we need to be able to anticipate the likelihood of risk possibilities as they present the prospect of the most impact through cascade of vulnerabilities. They arise due to a confluence of nonstationary drivers that include growing population, climate change, demographic shifts, urban growth, and economic expansion, among others, which create novel interdependencies leading to a potential of cascading network effects. Hydrocomplexity aims to address water security and emergent risks through the development of science, methods, and practices with the potential to foster a "Blue Revolution" akin to the Green revolution for food security. It blends both hard infrastructure based solution with soft knowledge driven solutions to increase the range of planning and design, management, mitigation and adaptation strategies. It provides a conceptual and synthetic framework to enable us to integrate discovery science and engineering, observational and information science, computational and communication systems, and social and institutional approaches to address consequential water and environmental challenges.

Quantum solution to a class of two-party private summation problems

NASA Astrophysics Data System (ADS)

Shi, Run-Hua; Zhang, Shun

2017-09-01

In this paper, we define a class of special two-party private summation (S2PPS) problems and present a common quantum solution to S2PPS problems. Compared to related classical solutions, our solution has advantages of higher security and lower communication complexity, and especially it can ensure the fairness of two parties without the help of a third party. Furthermore, we investigate the practical applications of our proposed S2PPS protocol in many privacy-preserving settings with big data sets, including private similarity decision, anonymous authentication, social networks, secure trade negotiation, secure data mining.

Africom’s Dilemma: The Global War on Terrorism, Capacity Building, Humanitarianism, and the Future of U.S. Security Policy in Africa

DTIC Science & Technology

2007-11-01

insurgencies are ameliorated through a radical new calculus of effort: 80 percent political, diplomatic, developmental, and informational; and 20...to Hunt al-Qaeda in Africa,” p. A1. 69 167. Anton Menning, “CJTF HOA: Long Term Solutions to Combating Terrorism,” The Leavenworth Times, August

Exploration of Best-Fit Solution for Harbormaster Security Information Sharing Systems

DTIC Science & Technology

2012-06-01

amongst harbor cargo operators engaged in intermodal shipping. Through interviews conducted of MIST’s federal and local partners, careful examination...harbor cargo operators engaged in intermodal shipping. Through interviews conducted of MIST’s federal and local partners, careful examination of...system amongst harbor operators engaged in intermodal shipping. Through interviews conducted of MIST’s federal and local partners, careful

Solution for Data Security Challenges Faced by Smart Grid Evolution - Video

Science.gov Websites

the same utility - different business units that are dealing with generation, transmission, and smart grid, the consumers now also have access to information about zero utilization and the different alive to sense what's going on. And then there's certainly variety with the various different elements

A Hierarchical Security Architecture for Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Quanyan Zhu; Tamer Basar

2011-08-01

Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.

Implementation of clinical research trials using web-based and mobile devices: challenges and solutions.

PubMed

Eagleson, Roy; Altamirano-Diaz, Luis; McInnis, Alex; Welisch, Eva; De Jesus, Stefanie; Prapavessis, Harry; Rombeek, Meghan; Seabrook, Jamie A; Park, Teresa; Norozi, Kambiz

2017-03-17

With the increasing implementation of web-based, mobile health interventions in clinical trials, it is crucial for researchers to address the security and privacy concerns of patient information according to high ethical standards. The full process of meeting these standards is often made more complicated due to the use of internet-based technology and smartphones for treatment, telecommunication, and data collection; however, this process is not well-documented in the literature. The Smart Heart Trial is a single-arm feasibility study that is currently assessing the effects of a web-based, mobile lifestyle intervention for overweight and obese children and youth with congenital heart disease in Southwestern Ontario. Participants receive telephone counseling regarding nutrition and fitness; and complete goal-setting activities on a web-based application. This paper provides a detailed overview of the challenges the study faced in meeting the high standards of our Research Ethics Board, specifically regarding patient privacy. We outline our solutions, successes, limitations, and lessons learned to inform future similar studies; and model much needed transparency in ensuring high quality security and protection of patient privacy when using web-based and mobile devices for telecommunication and data collection in clinical research.

Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks

PubMed Central

Lin, Zhaowen; Tao, Dan; Wang, Zhenji

2017-01-01

For a Software Defined Network (SDN), security is an important factor affecting its large-scale deployment. The existing security solutions for SDN mainly focus on the controller itself, which has to handle all the security protection tasks by using the programmability of the network. This will undoubtedly involve a heavy burden for the controller. More devastatingly, once the controller itself is attacked, the entire network will be paralyzed. Motivated by this, this paper proposes a novel security protection architecture for SDN. We design a security service orchestration center in the control plane of SDN, and this center physically decouples from the SDN controller and constructs SDN security services. We adopt virtualization technology to construct a security meta-function library, and propose a dynamic security service composition construction algorithm based on web service composition technology. The rule-combining method is used to combine security meta-functions to construct security services which meet the requirements of users. Moreover, the RETE algorithm is introduced to improve the efficiency of the rule-combining method. We evaluate our solutions in a realistic scenario based on OpenStack. Substantial experimental results demonstrate the effectiveness of our solutions that contribute to achieve the effective security protection with a small burden of the SDN controller. PMID:28430155

Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks.

PubMed

Lin, Zhaowen; Tao, Dan; Wang, Zhenji

2017-04-21

For a Software Defined Network (SDN), security is an important factor affecting its large-scale deployment. The existing security solutions for SDN mainly focus on the controller itself, which has to handle all the security protection tasks by using the programmability of the network. This will undoubtedly involve a heavy burden for the controller. More devastatingly, once the controller itself is attacked, the entire network will be paralyzed. Motivated by this, this paper proposes a novel security protection architecture for SDN. We design a security service orchestration center in the control plane of SDN, and this center physically decouples from the SDN controller and constructs SDN security services. We adopt virtualization technology to construct a security meta-function library, and propose a dynamic security service composition construction algorithm based on web service composition technology. The rule-combining method is used to combine security meta-functions to construct security services which meet the requirements of users. Moreover, the RETE algorithm is introduced to improve the efficiency of the rule-combining method. We evaluate our solutions in a realistic scenario based on OpenStack. Substantial experimental results demonstrate the effectiveness of our solutions that contribute to achieve the effective security protection with a small burden of the SDN controller.

Musings on privacy issues in health research involving disaggregate geographic data about individuals.

PubMed

Boulos, Maged N Kamel; Curtis, Andrew J; Abdelmalik, Philip

2009-07-20

This paper offers a state-of-the-art overview of the intertwined privacy, confidentiality, and security issues that are commonly encountered in health research involving disaggregate geographic data about individuals. Key definitions are provided, along with some examples of actual and potential security and confidentiality breaches and related incidents that captured mainstream media and public interest in recent months and years. The paper then goes on to present a brief survey of the research literature on location privacy/confidentiality concerns and on privacy-preserving solutions in conventional health research and beyond, touching on the emerging privacy issues associated with online consumer geoinformatics and location-based services. The 'missing ring' (in many treatments of the topic) of data security is also discussed. Personal information and privacy legislations in two countries, Canada and the UK, are covered, as well as some examples of recent research projects and events about the subject. Select highlights from a June 2009 URISA (Urban and Regional Information Systems Association) workshop entitled 'Protecting Privacy and Confidentiality of Geographic Data in Health Research' are then presented. The paper concludes by briefly charting the complexity of the domain and the many challenges associated with it, and proposing a novel, 'one stop shop' case-based reasoning framework to streamline the provision of clear and individualised guidance for the design and approval of new research projects (involving geographical identifiers about individuals), including crisp recommendations on which specific privacy-preserving solutions and approaches would be suitable in each case.

Musings on privacy issues in health research involving disaggregate geographic data about individuals

PubMed Central

Boulos, Maged N Kamel; Curtis, Andrew J; AbdelMalik, Philip

2009-01-01

This paper offers a state-of-the-art overview of the intertwined privacy, confidentiality, and security issues that are commonly encountered in health research involving disaggregate geographic data about individuals. Key definitions are provided, along with some examples of actual and potential security and confidentiality breaches and related incidents that captured mainstream media and public interest in recent months and years. The paper then goes on to present a brief survey of the research literature on location privacy/confidentiality concerns and on privacy-preserving solutions in conventional health research and beyond, touching on the emerging privacy issues associated with online consumer geoinformatics and location-based services. The 'missing ring' (in many treatments of the topic) of data security is also discussed. Personal information and privacy legislations in two countries, Canada and the UK, are covered, as well as some examples of recent research projects and events about the subject. Select highlights from a June 2009 URISA (Urban and Regional Information Systems Association) workshop entitled 'Protecting Privacy and Confidentiality of Geographic Data in Health Research' are then presented. The paper concludes by briefly charting the complexity of the domain and the many challenges associated with it, and proposing a novel, 'one stop shop' case-based reasoning framework to streamline the provision of clear and individualised guidance for the design and approval of new research projects (involving geographical identifiers about individuals), including crisp recommendations on which specific privacy-preserving solutions and approaches would be suitable in each case. PMID:19619311

A Component-Based Approach for Securing Indoor Home Care Applications

PubMed Central

Estévez, Elisabet

2017-01-01

eHealth systems have adopted recent advances on sensing technologies together with advances in information and communication technologies (ICT) in order to provide people-centered services that improve the quality of life of an increasingly elderly population. As these eHealth services are founded on the acquisition and processing of sensitive data (e.g., personal details, diagnosis, treatments and medical history), any security threat would damage the public’s confidence in them. This paper proposes a solution for the design and runtime management of indoor eHealth applications with security requirements. The proposal allows applications definition customized to patient particularities, including the early detection of health deterioration and suitable reaction (events) as well as security needs. At runtime, security support is twofold. A secured component-based platform supervises applications execution and provides events management, whilst the security of the communications among application components is also guaranteed. Additionally, the proposed event management scheme adopts the fog computing paradigm to enable local event related data storage and processing, thus saving communication bandwidth when communicating with the cloud. As a proof of concept, this proposal has been validated through the monitoring of the health status in diabetic patients at a nursing home. PMID:29278370

A Component-Based Approach for Securing Indoor Home Care Applications.

PubMed

Agirre, Aitor; Armentia, Aintzane; Estévez, Elisabet; Marcos, Marga

2017-12-26

eHealth systems have adopted recent advances on sensing technologies together with advances in information and communication technologies (ICT) in order to provide people-centered services that improve the quality of life of an increasingly elderly population. As these eHealth services are founded on the acquisition and processing of sensitive data (e.g., personal details, diagnosis, treatments and medical history), any security threat would damage the public's confidence in them. This paper proposes a solution for the design and runtime management of indoor eHealth applications with security requirements. The proposal allows applications definition customized to patient particularities, including the early detection of health deterioration and suitable reaction (events) as well as security needs. At runtime, security support is twofold. A secured component-based platform supervises applications execution and provides events management, whilst the security of the communications among application components is also guaranteed. Additionally, the proposed event management scheme adopts the fog computing paradigm to enable local event related data storage and processing, thus saving communication bandwidth when communicating with the cloud. As a proof of concept, this proposal has been validated through the monitoring of the health status in diabetic patients at a nursing home.

The Effectiveness of Health Care Information Technologies: Evaluation of Trust, Security Beliefs, and Privacy as Determinants of Health Care Outcomes.

PubMed

Kisekka, Victoria; Giboney, Justin Scott

2018-04-11

The diffusion of health information technologies (HITs) within the health care sector continues to grow. However, there is no theory explaining how success of HITs influences patient care outcomes. With the increase in data breaches, HITs' success now hinges on the effectiveness of data protection solutions. Still, empirical research has only addressed privacy concerns, with little regard for other factors of information assurance. The objective of this study was to study the effectiveness of HITs using the DeLone and McLean Information Systems Success Model (DMISSM). We examined the role of information assurance constructs (ie, the role of information security beliefs, privacy concerns, and trust in health information) as measures of HIT effectiveness. We also investigated the relationships between information assurance and three aspects of system success: attitude toward health information exchange (HIE), patient access to health records, and perceived patient care quality. Using structural equation modeling, we analyzed the data from a sample of 3677 cancer patients from a public dataset. We used R software (R Project for Statistical Computing) and the Lavaan package to test the hypothesized relationships. Our extension of the DMISSM to health care was supported. We found that increased privacy concerns reduce the frequency of patient access to health records use, positive attitudes toward HIE, and perceptions of patient care quality. Also, belief in the effectiveness of information security increases the frequency of patient access to health records and positive attitude toward HIE. Trust in health information had a positive association with attitudes toward HIE and perceived patient care quality. Trust in health information had no direct effect on patient access to health records; however, it had an indirect relationship through privacy concerns. Trust in health information and belief in the effectiveness of information security safeguards increases perceptions of patient care quality. Privacy concerns reduce patients' frequency of accessing health records, patients' positive attitudes toward HIE exchange, and overall perceived patient care quality. Health care organizations are encouraged to implement security safeguards to increase trust, the frequency of health record use, and reduce privacy concerns, consequently increasing patient care quality. ©Victoria Kisekka, Justin Scott Giboney. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 11.04.2018.

Borrowing to save: a critique of recent proposals to partially privatize Social Security.

PubMed

Dattalo, Patrick

2007-07-01

Concern over Social Security's forecasted long-run deficit is occurring at a time when the program has a short-term surplus. One proposed strategy to address this forecasted deficit is to allow the investment of a portion of payroll taxes into private savings accounts (PSAs). The author analyzes recent proposals for PSAs and concludes that PSAs are more likely to be a problem than a solution. Paradoxically, PSAs require the government to borrow to encourage current workers to save. The author recommends resources to help social workers remain informed about proposed program reforms and prepared to advocate for the concept of social insurance.

Secure annotation for medical images based on reversible watermarking in the Integer Fibonacci-Haar transform domain

NASA Astrophysics Data System (ADS)

Battisti, F.; Carli, M.; Neri, A.

2011-03-01

The increasing use of digital image-based applications is resulting in huge databases that are often difficult to use and prone to misuse and privacy concerns. These issues are especially crucial in medical applications. The most commonly adopted solution is the encryption of both the image and the patient data in separate files that are then linked. This practice results to be inefficient since, in order to retrieve patient data or analysis details, it is necessary to decrypt both files. In this contribution, an alternative solution for secure medical image annotation is presented. The proposed framework is based on the joint use of a key-dependent wavelet transform, the Integer Fibonacci-Haar transform, of a secure cryptographic scheme, and of a reversible watermarking scheme. The system allows: i) the insertion of the patient data into the encrypted image without requiring the knowledge of the original image, ii) the encryption of annotated images without causing loss in the embedded information, and iii) due to the complete reversibility of the process, it allows recovering the original image after the mark removal. Experimental results show the effectiveness of the proposed scheme.

Secure searching of biomarkers through hybrid homomorphic encryption scheme.

PubMed

Kim, Miran; Song, Yongsoo; Cheon, Jung Hee

2017-07-26

As genome sequencing technology develops rapidly, there has lately been an increasing need to keep genomic data secure even when stored in the cloud and still used for research. We are interested in designing a protocol for the secure outsourcing matching problem on encrypted data. We propose an efficient method to securely search a matching position with the query data and extract some information at the position. After decryption, only a small amount of comparisons with the query information should be performed in plaintext state. We apply this method to find a set of biomarkers in encrypted genomes. The important feature of our method is to encode a genomic database as a single element of polynomial ring. Since our method requires a single homomorphic multiplication of hybrid scheme for query computation, it has the advantage over the previous methods in parameter size, computation complexity, and communication cost. In particular, the extraction procedure not only prevents leakage of database information that has not been queried by user but also reduces the communication cost by half. We evaluate the performance of our method and verify that the computation on large-scale personal data can be securely and practically outsourced to a cloud environment during data analysis. It takes about 3.9 s to search-and-extract the reference and alternate sequences at the queried position in a database of size 4M. Our solution for finding a set of biomarkers in DNA sequences shows the progress of cryptographic techniques in terms of their capability can support real-world genome data analysis in a cloud environment.

Secure and interoperable communication infrastructures for PPDR organisations

NASA Astrophysics Data System (ADS)

Müller, Wilmuth; Marques, Hugo; Pereira, Luis; Rodriguez, Jonathan; Brouwer, Frank; Bouwers, Bert; Politis, Ilias; Lykourgiotis, Asimakis; Ladas, Alexandros; Adigun, Olayinka; Jelenc, David

2016-05-01

The growing number of events affecting public safety and security (PS&S) on a regional scale with potential to grow up to large scale cross border disasters puts an increased pressure on agencies and organisation responsible for PS&S. In order to respond timely and in an adequate manner to such events, Public Protection and Disaster Relief (PPDR) organisations need to cooperate, align their procedures and activities, share the needed information and be interoperable. Existing PPDR/PMR technologies such as TETRA, TETRAPOL or P25, do not currently provide broadband capability nor is expected such technologies to be upgraded in the future. This presents a major limitation in supporting new services and information flows. Furthermore, there is no known standard that addresses interoperability of these technologies. In this contribution the design of a next generation communication infrastructure for PPDR organisations which fulfills the requirements of secure and seamless end-to-end communication and interoperable information exchange within the deployed communication networks is presented. Based on Enterprise Architecture of PPDR organisations, a next generation PPDR network that is backward compatible with legacy communication technologies is designed and implemented, capable of providing security, privacy, seamless mobility, QoS and reliability support for mission-critical Private Mobile Radio (PMR) voice and broadband data services. The designed solution provides a robust, reliable, and secure mobile broadband communications system for a wide variety of PMR applications and services on PPDR broadband networks, including the ability of inter-system, interagency and cross-border operations with emphasis on interoperability between users in PMR and LTE.

Securing Secrets and Managing Trust in Modern Computing Applications

ERIC Educational Resources Information Center

Sayler, Andy

2016-01-01

The amount of digital data generated and stored by users increases every day. In order to protect this data, modern computing systems employ numerous cryptographic and access control solutions. Almost all of such solutions, however, require the keeping of certain secrets as the basis of their security models. How best to securely store and control…

Elevating Virtual Machine Introspection for Fine-Grained Process Monitoring: Techniques and Applications

ERIC Educational Resources Information Center

Srinivasan, Deepa

2013-01-01

Recent rapid malware growth has exposed the limitations of traditional in-host malware-defense systems and motivated the development of secure virtualization-based solutions. By running vulnerable systems as virtual machines (VMs) and moving security software from inside VMs to the outside, the out-of-VM solutions securely isolate the anti-malware…

Secure data aggregation in heterogeneous and disparate networks using stand off server architecture

NASA Astrophysics Data System (ADS)

Vimalathithan, S.; Sudarsan, S. D.; Seker, R.; Lenin, R. B.; Ramaswamy, S.

2009-04-01

The emerging global reach of technology presents myriad challenges and intricacies as Information Technology teams aim to provide anywhere, anytime and anyone access, for service providers and customers alike. The world is fraught with stifling inequalities, both from an economic as well as socio-political perspective. The net result has been large capability gaps between various organizational locations that need to work together, which has raised new challenges for information security teams. Similar issues arise, when mergers and acquisitions among and between organizations take place. While integrating remote business locations with mainstream operations, one or more of the issues including the lack of application level support, computational capabilities, communication limitations, and legal requirements cause a serious impediment thereby complicating integration while not violating the organizations' security requirements. Often resorted techniques like IPSec, tunneling, secure socket layer, etc. may not be always techno-economically feasible. This paper addresses such security issues by introducing an intermediate server between corporate central server and remote sites, called stand-off-server. We present techniques such as break-before-make connection, break connection after transfer, multiple virtual machine instances with different operating systems using the concept of a stand-off-server. Our experiments show that the proposed solution provides sufficient isolation for the central server/site from attacks arising out of weak communication and/or computing links and is simple to implement.

Secure Control Systems for the Energy Sector

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smith, Rhett; Campbell, Jack; Hadley, Mark

2012-03-31

Schweitzer Engineering Laboratories (SEL) will conduct the Hallmark Project to address the need to reduce the risk of energy disruptions because of cyber incidents on control systems. The goals is to develop solutions that can be both applied to existing control systems and designed into new control systems to add the security measures needed to mitigate energy network vulnerabilities. The scope of the Hallmark Project contains four primary elements: 1. Technology transfer of the Secure Supervisory Control and Data Acquisition (SCADA) Communications Protocol (SSCP) from Pacific Northwest National Laboratories (PNNL) to Schweitzer Engineering Laboratories (SEL). The project shall use thismore » technology to develop a Federal Information Processing Standard (FIPS) 140-2 compliant original equipment manufacturer (OEM) module to be called a Cryptographic Daughter Card (CDC) with the ability to directly connect to any PC enabling that computer to securely communicate across serial to field devices. Validate the OEM capabilities with another vendor. 2. Development of a Link Authenticator Module (LAM) using the FIPS 140-2 validated Secure SCADA Communications Protocol (SSCP) CDC module with a central management software kit. 3. Validation of the CDC and Link Authenticator modules via laboratory and field tests. 4. Creation of documents that record the impact of the Link Authenticator to the operators of control systems and on the control system itself. The information in the documents can assist others with technology deployment and maintenance.« less

Lightweight CoAP-Based Bootstrapping Service for the Internet of Things.

PubMed

Garcia-Carrillo, Dan; Marin-Lopez, Rafael

2016-03-11

The Internet of Things (IoT) is becoming increasingly important in several fields of industrial applications and personal applications, such as medical e-health, smart cities, etc. The research into protocols and security aspects related to this area is continuously advancing in making these networks more reliable and secure, taking into account these aspects by design. Bootstrapping is a procedure by which a user obtains key material and configuration information, among other parameters, to operate as an authenticated party in a security domain. Until now solutions have focused on re-using security protocols that were not developed for IoT constraints. For this reason, in this work we propose a design and implementation of a lightweight bootstrapping service for IoT networks that leverages one of the application protocols used in IoT : Constrained Application Protocol (CoAP). Additionally, in order to provide flexibility, scalability, support for large scale deployment, accountability and identity federation, our design uses technologies such as the Extensible Authentication Protocol (EAP) and Authentication Authorization and Accounting (AAA). We have named this service CoAP-EAP. First, we review the state of the art in the field of bootstrapping and specifically for IoT. Second, we detail the bootstrapping service: the architecture with entities and interfaces and the flow operation. Third, we obtain performance measurements of CoAP-EAP (bootstrapping time, memory footprint, message processing time, message length and energy consumption) and compare them with PANATIKI. The most significant and constrained representative of the bootstrapping solutions related with CoAP-EAP. As we will show, our solution provides significant improvements, mainly due to an important reduction of the message length.

Lightweight CoAP-Based Bootstrapping Service for the Internet of Things

PubMed Central

Garcia-Carrillo, Dan; Marin-Lopez, Rafael

2016-01-01

The Internet of Things (IoT) is becoming increasingly important in several fields of industrial applications and personal applications, such as medical e-health, smart cities, etc. The research into protocols and security aspects related to this area is continuously advancing in making these networks more reliable and secure, taking into account these aspects by design. Bootstrapping is a procedure by which a user obtains key material and configuration information, among other parameters, to operate as an authenticated party in a security domain. Until now solutions have focused on re-using security protocols that were not developed for IoT constraints. For this reason, in this work we propose a design and implementation of a lightweight bootstrapping service for IoT networks that leverages one of the application protocols used in IoT : Constrained Application Protocol (CoAP). Additionally, in order to provide flexibility, scalability, support for large scale deployment, accountability and identity federation, our design uses technologies such as the Extensible Authentication Protocol (EAP) and Authentication Authorization and Accounting (AAA). We have named this service CoAP-EAP. First, we review the state of the art in the field of bootstrapping and specifically for IoT. Second, we detail the bootstrapping service: the architecture with entities and interfaces and the flow operation. Third, we obtain performance measurements of CoAP-EAP (bootstrapping time, memory footprint, message processing time, message length and energy consumption) and compare them with PANATIKI. The most significant and constrained representative of the bootstrapping solutions related with CoAP-EAP. As we will show, our solution provides significant improvements, mainly due to an important reduction of the message length. PMID:26978362

Telemedicine and security. Confidentiality, integrity, and availability: a Canadian perspective.

PubMed

Jennett, P; Watanabe, M; Igras, E; Premkumar, K; Hall, W

1996-01-01

The health care system is undergoing major reform, characterized by organized delivery systems (regionalization, decentralization, devolution, etc); shifts in care delivery sites; changing health provider roles; increasing consumer responsibilities; and accountability. Rapid advances in information technology and telecommunications have led to a new type of information infrastructure which can play a major role in this reform. Compatible health information systems are now being integrated and connected across institutional, regional, and sectorial boundaries. In the near future, these information systems will readily be accessed and shared by health providers, researchers, policy makers, health consumers, and the public. SECURITY is a critical characteristic of any health information system. This paper will address three fields associated with SECURITY: confidentiality, integrity, and availability. These will be defined and examined as they relate to specific aspects of Telemedicine, such as electronic integrated records and clinical databases; electronic transfer of documents; as well as data storage and disposal. The guiding principles, standards, and safeguards being considered and put in place to ensure that telemedicine information intrastructures can protect and benefit all stakeholders' rights and needs in both primary and secondary uses of information will be reviewed. Implemented, proposed, and tested institutional, System, and Network solutions will be discussed; for example, encryption-decryption methods; data transfer standards; individual and terminal access and entry I.D. and password levels; smart card access and PIN number control; data loss prevention strategies; interference alerts; information access keys; algorithm safeguards; and active marketing to users of standards and principles. Issues such as policy, implementation, and ownership will be addressed.

A systematic approach for watershed ecological restoration strategy making: An application in the Taizi River Basin in northern China.

PubMed

Li, Mengdi; Fan, Juntao; Zhang, Yuan; Guo, Fen; Liu, Lusan; Xia, Rui; Xu, Zongxue; Wu, Fengchang

2018-05-15

Aiming to protect freshwater ecosystems, river ecological restoration has been brought into the research spotlight. However, it is challenging for decision makers to set appropriate objectives and select a combination of rehabilitation acts from numerous possible solutions to meet ecological, economic, and social demands. In this study, we developed a systematic approach to help make an optimal strategy for watershed restoration, which incorporated ecological security assessment and multi-objectives optimization (MOO) into the planning process to enhance restoration efficiency and effectiveness. The river ecological security status was evaluated by using a pressure-state-function-response (PSFR) assessment framework, and MOO was achieved by searching for the Pareto optimal solutions via Non-dominated Sorting Genetic Algorithm II (NSGA-II) to balance tradeoffs between different objectives. Further, we clustered the searched solutions into three types in terms of different optimized objective function values in order to provide insightful information for decision makers. The proposed method was applied in an example rehabilitation project in the Taizi River Basin in northern China. The MOO result in the Taizi River presented a set of Pareto optimal solutions that were classified into three types: I - high ecological improvement, high cost and high benefits solution; II - medial ecological improvement, medial cost and medial economic benefits solution; III - low ecological improvement, low cost and low economic benefits solution. The proposed systematic approach in our study can enhance the effectiveness of riverine ecological restoration project and could provide valuable reference for other ecological restoration planning. Copyright © 2018 Elsevier B.V. All rights reserved.

Information Control: Preserving the Advantage

DTIC Science & Technology

2015-06-01

sanitary laboratory for US forces to exploit technical solutions with minimal resistance, inevitably leading to potent and promising results on the...parity, eventually forcing decision makers to pursue bilateral and multilateral agreements in space law. See McDougall, 272. 21 James Clay Moltz, The...the discussions of human nature, control, and strategy outlined in Chapter 1. 12 James Clay Moltz, The Politics of Space Security: Strategic Restraint

Wireless, amphibious theory for reinforcement learning

NASA Astrophysics Data System (ADS)

Li, Jinci

2013-10-01

Cryptographers agree that heterogeneous information are an interesting new topic in the field of cryptography, and biologists concur. Given the current status of stochastic epistemologies, security experts clearly desire the construction of flip-flop gates [1, 2, 3]. Mungo, our new system for authenticated algorithms, is the solution to all of these challenges. Though such a hypothesis at first glance seems perverse, it has ample historical precedence.

Cyber security evaluation of II&C technologies

DOE Office of Scientific and Technical Information (OSTI.GOV)

Thomas, Ken

The Light Water Reactor Sustainability (LWRS) Program is a research and development program sponsored by the Department of Energy, which is conducted in close collaboration with industry to provide the technical foundations for licensing and managing the long-term, safe and economical operation of current nuclear power plants The LWRS Program serves to help the US nuclear industry adopt new technologies and engineering solutions that facilitate the continued safe operation of the plants and extension of the current operating licenses. Within the LWRS Program, the Advanced Instrumentation, Information, and Control (II&C) Systems Technologies Pathway conducts targeted research and development (R&D) tomore » address aging and reliability concerns with the legacy instrumentation and control and related information systems of the U.S. operating light water reactor (LWR) fleet. The II&C Pathway is conducted by Idaho National Laboratory (INL). Cyber security is a common concern among nuclear utilities and other nuclear industry stakeholders regarding the digital technologies that are being developed under this program. This concern extends to the point of calling into question whether these types of technologies could ever be deployed in nuclear plants given the possibility that the information in them can be compromised and the technologies themselves can potentially be exploited to serve as attack vectors for adversaries. To this end, a cyber security evaluation has been conducted of these technologies to determine whether they constitute a threat beyond what the nuclear plants already manage within their regulatory-required cyber security programs. Specifically, the evaluation is based on NEI 08-09, which is the industry’s template for cyber security programs and evaluations, accepted by the Nuclear Regulatory Commission (NRC) as responsive to the requirements of the nuclear power plant cyber security regulation found in 10 CFR 73.54. The evaluation was conducted by a cyber security team with expertise in nuclear utility cyber security programs and experience in conducting these evaluations. The evaluation has determined that, for the most part, cyber security will not be a limiting factor in the application of these technologies to nuclear power plant applications.« less

Risk to Water Security on Small Islands

NASA Astrophysics Data System (ADS)

Holding, S. T.; Allen, D. M.

2013-12-01

The majority of fresh water available on small islands is shallow groundwater that forms a freshwater lens. Freshwater lenses are generally limited in extent and as such are vulnerable to many stressors that impact water security. These include stressors related to climate change, such as sea level rise, as well as those related to human impacts, such as contamination. Traditionally, water security assessments have focussed on indicators that provide a snapshot of the current condition. However, recent work suggests that in order to effectively manage the water system, it is also important to consider uncertain future impacts to the system by evaluating how different stressors might impact water security. In this study, a framework for assessing risk to water security was developed and tested on Andros Island in The Bahamas. The assessment comprises two main components that characterise the water system: numerical modelling studies and a hazard survey. A baseline numerical model of the freshwater lens throughout Andros Island was developed to simulate the morphology of the freshwater lens and estimate the freshwater resources currently available. The model was prepared using SEAWAT, a density-dependent flow and solute transport code. Various stressors were simulated in the model to evaluate the response of the freshwater lens to predicted future shifts in climate patterns, sea level rise, and changes in water use. A hazard survey was also conducted on the island to collect information related to the storage of contaminants, sanitation infrastructure, waste disposal practices and groundwater abstraction rates. The results of the survey form a geo-spatial database of the location and associated hazards to the freshwater lens. The resulting risk framework provides a ranking of overall risk to water security based on information from the numerical modelling and hazard survey. The risk framework is implemented in a Geographic Information System (GIS) and provides a map of the risk to water security throughout Andros Island. It evaluates risk to water security for current and future scenarios and will enable water resource managers to effectively adapt to future impacts on water security.

Visual communications with side information via distributed printing channels: extended multimedia and security perspectives

NASA Astrophysics Data System (ADS)

Voloshynovskiy, Sviatoslav V.; Koval, Oleksiy; Deguillaume, Frederic; Pun, Thierry

2004-06-01

In this paper we address visual communications via printing channels from an information-theoretic point of view as communications with side information. The solution to this problem addresses important aspects of multimedia data processing, security and management, since printed documents are still the most common form of visual information representation. Two practical approaches to side information communications for printed documents are analyzed in the paper. The first approach represents a layered joint source-channel coding for printed documents. This approach is based on a self-embedding concept where information is first encoded assuming a Wyner-Ziv set-up and then embedded into the original data using a Gel'fand-Pinsker construction and taking into account properties of printing channels. The second approach is based on Wyner-Ziv and Berger-Flynn-Gray set-ups and assumes two separated communications channels where an appropriate distributed coding should be elaborated. The first printing channel is considered to be a direct visual channel for images ("analog" channel with degradations). The second "digital channel" with constrained capacity is considered to be an appropriate auxiliary channel. We demonstrate both theoretically and practically how one can benefit from this sort of "distributed paper communications".

Full-Duplex Bidirectional Secure Communications Under Perfect and Distributionally Ambiguous Eavesdropper's CSI

NASA Astrophysics Data System (ADS)

Li, Qiang; Zhang, Ying; Lin, Jingran; Wu, Sissi Xiaoxiao

2017-09-01

Consider a full-duplex (FD) bidirectional secure communication system, where two communication nodes, named Alice and Bob, simultaneously transmit and receive confidential information from each other, and an eavesdropper, named Eve, overhears the transmissions. Our goal is to maximize the sum secrecy rate (SSR) of the bidirectional transmissions by optimizing the transmit covariance matrices at Alice and Bob. To tackle this SSR maximization (SSRM) problem, we develop an alternating difference-of-concave (ADC) programming approach to alternately optimize the transmit covariance matrices at Alice and Bob. We show that the ADC iteration has a semi-closed-form beamforming solution, and is guaranteed to converge to a stationary solution of the SSRM problem. Besides the SSRM design, this paper also deals with a robust SSRM transmit design under a moment-based random channel state information (CSI) model, where only some roughly estimated first and second-order statistics of Eve's CSI are available, but the exact distribution or other high-order statistics is not known. This moment-based error model is new and different from the widely used bounded-sphere error model and the Gaussian random error model. Under the consider CSI error model, the robust SSRM is formulated as an outage probability-constrained SSRM problem. By leveraging the Lagrangian duality theory and DC programming, a tractable safe solution to the robust SSRM problem is derived. The effectiveness and the robustness of the proposed designs are demonstrated through simulations.

Mobile Virtual Private Networking

NASA Astrophysics Data System (ADS)

Pulkkis, Göran; Grahn, Kaj; Mårtens, Mathias; Mattsson, Jonny

Mobile Virtual Private Networking (VPN) solutions based on the Internet Security Protocol (IPSec), Transport Layer Security/Secure Socket Layer (SSL/TLS), Secure Shell (SSH), 3G/GPRS cellular networks, Mobile IP, and the presently experimental Host Identity Protocol (HIP) are described, compared and evaluated. Mobile VPN solutions based on HIP are recommended for future networking because of superior processing efficiency and network capacity demand features. Mobile VPN implementation issues associated with the IP protocol versions IPv4 and IPv6 are also evaluated. Mobile VPN implementation experiences are presented and discussed.

SecSIFT: Privacy-preserving Outsourcing Computation of Feature Extractions Over Encrypted Image Data.

PubMed

Hu, Shengshan; Wang, Qian; Wang, Jingjun; Qin, Zhan; Ren, Kui

2016-05-13

Advances in cloud computing have greatly motivated data owners to outsource their huge amount of personal multimedia data and/or computationally expensive tasks onto the cloud by leveraging its abundant resources for cost saving and flexibility. Despite the tremendous benefits, the outsourced multimedia data and its originated applications may reveal the data owner's private information, such as the personal identity, locations or even financial profiles. This observation has recently aroused new research interest on privacy-preserving computations over outsourced multimedia data. In this paper, we propose an effective and practical privacy-preserving computation outsourcing protocol for the prevailing scale-invariant feature transform (SIFT) over massive encrypted image data. We first show that previous solutions to this problem have either efficiency/security or practicality issues, and none can well preserve the important characteristics of the original SIFT in terms of distinctiveness and robustness. We then present a new scheme design that achieves efficiency and security requirements simultaneously with the preservation of its key characteristics, by randomly splitting the original image data, designing two novel efficient protocols for secure multiplication and comparison, and carefully distributing the feature extraction computations onto two independent cloud servers. We both carefully analyze and extensively evaluate the security and effectiveness of our design. The results show that our solution is practically secure, outperforms the state-of-theart, and performs comparably to the original SIFT in terms of various characteristics, including rotation invariance, image scale invariance, robust matching across affine distortion, addition of noise and change in 3D viewpoint and illumination.

Study on Cloud Security Based on Trust Spanning Tree Protocol

NASA Astrophysics Data System (ADS)

Lai, Yingxu; Liu, Zenghui; Pan, Qiuyue; Liu, Jing

2015-09-01

Attacks executed on Spanning Tree Protocol (STP) expose the weakness of link layer protocols and put the higher layers in jeopardy. Although the problems have been studied for many years and various solutions have been proposed, many security issues remain. To enhance the security and credibility of layer-2 network, we propose a trust-based spanning tree protocol aiming at achieving a higher credibility of LAN switch with a simple and lightweight authentication mechanism. If correctly implemented in each trusted switch, the authentication of trust-based STP can guarantee the credibility of topology information that is announced to other switch in the LAN. To verify the enforcement of the trusted protocol, we present a new trust evaluation method of the STP using a specification-based state model. We implement a prototype of trust-based STP to investigate its practicality. Experiment shows that the trusted protocol can achieve security goals and effectively avoid STP attacks with a lower computation overhead and good convergence performance.

A resettable and reprogrammable DNA-based security system to identify multiple users with hierarchy.

PubMed

Li, Hailong; Hong, Wei; Dong, Shaojun; Liu, Yaqing; Wang, Erkang

2014-03-25

Molecular-level security devices have raised ever-increasing interest in recent years to protect data and information from illegal invasion. Prior molecular keypad locks have an output signal dependent upon not only the appropriate combination but also the exact sequence of inputs, but it cannot be reset or reprogrammed. Here, a DNA-based security system with reset and never-reported reprogram function is successfully developed in proof-of-principle, with which one can change the password in case that the system is cracked. The previous password becomes invalid in the reprogrammed security system. Interestingly, more than one password is designed to permit multiple users to access. By harnessing the intrinsic merit of the different passwords, the system can distinguish different user who is endowed with prior authority. The intelligent device is addressed on solid support and facilitates electronic processes, avoiding chemical accumulation in the system by simple removal of the electrode from the input solution and indicating a main avenue for its further development.

A privacy preserving protocol for tracking participants in phase I clinical trials.

PubMed

El Emam, Khaled; Farah, Hanna; Samet, Saeed; Essex, Aleksander; Jonker, Elizabeth; Kantarcioglu, Murat; Earle, Craig C

2015-10-01

Some phase 1 clinical trials offer strong financial incentives for healthy individuals to participate in their studies. There is evidence that some individuals enroll in multiple trials concurrently. This creates safety risks and introduces data quality problems into the trials. Our objective was to construct a privacy preserving protocol to track phase 1 participants to detect concurrent enrollment. A protocol using secure probabilistic querying against a database of trial participants that allows for screening during telephone interviews and on-site enrollment was developed. The match variables consisted of demographic information. The accuracy (sensitivity, precision, and negative predictive value) of the matching and its computational performance in seconds were measured under simulated environments. Accuracy was also compared to non-secure matching methods. The protocol performance scales linearly with the database size. At the largest database size of 20,000 participants, a query takes under 20s on a 64 cores machine. Sensitivity, precision, and negative predictive value of the queries were consistently at or above 0.9, and were very similar to non-secure versions of the protocol. The protocol provides a reasonable solution to the concurrent enrollment problems in phase 1 clinical trials, and is able to ensure that personal information about participants is kept secure. Copyright © 2015 The Authors. Published by Elsevier Inc. All rights reserved.

An Analysis of Automated Solutions for the Certification and Accreditation of Navy Medicine Information Assets

DTIC Science & Technology

2005-09-01

discovery of network security threats and vulnerabilities will be done by doing penetration testing during the C&A process. This can be done on a...2.1.1; Appendix E, J COBR -1 Protection of Backup and Restoration Assets Availability 1.3.1; 2.1.3; 2.1.7; 3.1; 4.3; Appendix J, M CODB-2 Data... discovery , inventory, scanning and loading of C&A information in its central database, (2) automatic generation of the SRTM , (3) automatic generation

A Round-Efficient Authenticated Key Agreement Scheme Based on Extended Chaotic Maps for Group Cloud Meeting.

PubMed

Lin, Tsung-Hung; Tsung, Chen-Kun; Lee, Tian-Fu; Wang, Zeng-Bo

2017-12-03

The security is a critical issue for business purposes. For example, the cloud meeting must consider strong security to maintain the communication privacy. Considering the scenario with cloud meeting, we apply extended chaotic map to present passwordless group authentication key agreement, termed as Passwordless Group Authentication Key Agreement (PL-GAKA). PL-GAKA improves the computation efficiency for the simple group password-based authenticated key agreement (SGPAKE) proposed by Lee et al. in terms of computing the session key. Since the extended chaotic map has equivalent security level to the Diffie-Hellman key exchange scheme applied by SGPAKE, the security of PL-GAKA is not sacrificed when improving the computation efficiency. Moreover, PL-GAKA is a passwordless scheme, so the password maintenance is not necessary. Short-term authentication is considered, hence the communication security is stronger than other protocols by dynamically generating session key in each cloud meeting. In our analysis, we first prove that each meeting member can get the correct information during the meeting. We analyze common security issues for the proposed PL-GAKA in terms of session key security, mutual authentication, perfect forward security, and data integrity. Moreover, we also demonstrate that communicating in PL-GAKA is secure when suffering replay attacks, impersonation attacks, privileged insider attacks, and stolen-verifier attacks. Eventually, an overall comparison is given to show the performance between PL-GAKA, SGPAKE and related solutions.

Information System Engineering Supporting Observation, Orientation, Decision, and Compliant Action

NASA Astrophysics Data System (ADS)

Georgakopoulos, Dimitrios

The majority of today's software systems and organizational/business structures have been built on the foundation of solving problems via long-term data collection, analysis, and solution design. This traditional approach of solving problems and building corresponding software systems and business processes, falls short in providing the necessary solutions needed to deal with many problems that require agility as the main ingredient of their solution. For example, such agility is needed in responding to an emergency, in military command control, physical security, price-based competition in business, investing in the stock market, video gaming, network monitoring and self-healing, diagnosis in emergency health care, and many other areas that are too numerous to list here. The concept of Observe, Orient, Decide, and Act (OODA) loops is a guiding principal that captures the fundamental issues and approach for engineering information systems that deal with many of these problem areas. However, there are currently few software systems that are capable of supporting OODA. In this talk, we provide a tour of the research issues and state of the art solutions for supporting OODA. In addition, we provide specific examples of OODA solutions we have developed for the video surveillance and emergency response domains.

Trustworthiness of detectors in quantum key distribution with untrusted detectors

DOE PAGES

Qi, Bing

2015-02-25

Measurement-device-independent quantum key distribution (MDI-QKD) protocol has been demonstrated as a viable solution to detector side-channel attacks. One of the main advantages of MDI-QKD is that the security can be proved without making any assumptions about how the measurement device works. The price to pay is the relatively low secure key rate comparing with conventional quantum key distribution (QKD), such as the decoy-state BB84 protocol. Recently a new QKD protocol, aiming at bridging the strong security of MDI-QKD with the high e ciency of conventional QKD, has been proposed. In this protocol, the legitimate receiver employs a trusted linear opticsmore » network to encode information on photons received from an insecure quantum channel, and then performs a Bell state measurement (BSM) using untrusted detectors. One crucial assumption made in most of these studies is that the untrusted BSM located inside the receiver's laboratory cannot send any unwanted information to the outside. Here in this paper, we show that if the BSM is completely untrusted, a simple scheme would allow the BSM to send information to the outside. Combined with Trojan horse attacks, this scheme could allow Eve to gain information of the quantum key without being detected. Ultimately, to prevent the above attack, either countermeasures to Trojan horse attacks or some trustworthiness to the "untrusted" BSM device is required.« less

Advanced Techniques for Deploying Reliable and Efficient Access Control: Application to E-healthcare.

PubMed

Jaïdi, Faouzi; Labbene-Ayachi, Faten; Bouhoula, Adel

2016-12-01

Nowadays, e-healthcare is a main advancement and upcoming technology in healthcare industry that contributes to setting up automated and efficient healthcare infrastructures. Unfortunately, several security aspects remain as main challenges towards secure and privacy-preserving e-healthcare systems. From the access control perspective, e-healthcare systems face several issues due to the necessity of defining (at the same time) rigorous and flexible access control solutions. This delicate and irregular balance between flexibility and robustness has an immediate impact on the compliance of the deployed access control policy. To address this issue, the paper defines a general framework to organize thinking about verifying, validating and monitoring the compliance of access control policies in the context of e-healthcare databases. We study the problem of the conformity of low level policies within relational databases and we particularly focus on the case of a medical-records management database defined in the context of a Medical Information System. We propose an advanced solution for deploying reliable and efficient access control policies. Our solution extends the traditional lifecycle of an access control policy and allows mainly managing the compliance of the policy. We refer to an example to illustrate the relevance of our proposal.

Application of PKI in health care--needs, ambitions, prospects.

PubMed

Suselj, Marjan; Marcun, Tomaz; Trcek, Denis; Kandus, Gorazd

2003-01-01

Through continual development and considerable investment over the past years, Slovenia has established an information infrastructure providing efficient data links between all the health care actors. This includes furnishing all the citizens and health workers with microprocessor cards--health insurance card and health professional card. These tools have significantly simplified different procedures in the health care and brought services closer to insured persons. The know-how and experiences gathered to day have given rise to vivid discussions of further development steps: introduction of new contents on the infrastructure in place and technological upgrading, in particular progressive incorporation of the PKI concept and thereby integration of card and network solutions to provide an efficient and secure communication environment. This paper outlines key perspectives of the future developments in this segment. With the volume of health care data communications through internet growing steeply, and with the paramount importance of patient--doctor trust and confidence, security tools and solutions in the health care are a critical need.

Federated Tensor Factorization for Computational Phenotyping

PubMed Central

Kim, Yejin; Sun, Jimeng; Yu, Hwanjo; Jiang, Xiaoqian

2017-01-01

Tensor factorization models offer an effective approach to convert massive electronic health records into meaningful clinical concepts (phenotypes) for data analysis. These models need a large amount of diverse samples to avoid population bias. An open challenge is how to derive phenotypes jointly across multiple hospitals, in which direct patient-level data sharing is not possible (e.g., due to institutional policies). In this paper, we developed a novel solution to enable federated tensor factorization for computational phenotyping without sharing patient-level data. We developed secure data harmonization and federated computation procedures based on alternating direction method of multipliers (ADMM). Using this method, the multiple hospitals iteratively update tensors and transfer secure summarized information to a central server, and the server aggregates the information to generate phenotypes. We demonstrated with real medical datasets that our method resembles the centralized training model (based on combined datasets) in terms of accuracy and phenotypes discovery while respecting privacy. PMID:29071165

Quantum key distribution session with 16-dimensional photonic states.

PubMed

Etcheverry, S; Cañas, G; Gómez, E S; Nogueira, W A T; Saavedra, C; Xavier, G B; Lima, G

2013-01-01

The secure transfer of information is an important problem in modern telecommunications. Quantum key distribution (QKD) provides a solution to this problem by using individual quantum systems to generate correlated bits between remote parties, that can be used to extract a secret key. QKD with D-dimensional quantum channels provides security advantages that grow with increasing D. However, the vast majority of QKD implementations has been restricted to two dimensions. Here we demonstrate the feasibility of using higher dimensions for real-world quantum cryptography by performing, for the first time, a fully automated QKD session based on the BB84 protocol with 16-dimensional quantum states. Information is encoded in the single-photon transverse momentum and the required states are dynamically generated with programmable spatial light modulators. Our setup paves the way for future developments in the field of experimental high-dimensional QKD.

Cyber-Security Issues in Healthcare Information Technology.

PubMed

Langer, Steve G

2017-02-01

In 1999-2003, SIIM (then SCAR) sponsored the creation of several special topic Primers, one of which was concerned with computer security. About the same time, a multi-society collaboration authored an ACR Guideline with a similar plot; the latter has recently been updated. The motivation for these efforts was the launch of Health Information Portability and Accountability Act (HIPAA). That legislation directed care providers to enable the portability of patient medical records across authorized medical centers, while simultaneously protecting patient confidentiality among unauthorized agents. These policy requirements resulted in the creation of numerous technical solutions which the above documents described. While the mathematical concepts and algorithms in those papers are as valid today as they were then, recent increases in the complexity of computer criminal applications (and defensive countermeasures) and the pervasiveness of Internet connected devices have raised the bar. This work examines how a medical center can adapt to these evolving threats.

Quantum key distribution session with 16-dimensional photonic states

NASA Astrophysics Data System (ADS)

Etcheverry, S.; Cañas, G.; Gómez, E. S.; Nogueira, W. A. T.; Saavedra, C.; Xavier, G. B.; Lima, G.

2013-07-01

The secure transfer of information is an important problem in modern telecommunications. Quantum key distribution (QKD) provides a solution to this problem by using individual quantum systems to generate correlated bits between remote parties, that can be used to extract a secret key. QKD with D-dimensional quantum channels provides security advantages that grow with increasing D. However, the vast majority of QKD implementations has been restricted to two dimensions. Here we demonstrate the feasibility of using higher dimensions for real-world quantum cryptography by performing, for the first time, a fully automated QKD session based on the BB84 protocol with 16-dimensional quantum states. Information is encoded in the single-photon transverse momentum and the required states are dynamically generated with programmable spatial light modulators. Our setup paves the way for future developments in the field of experimental high-dimensional QKD.

PRINCESS: Privacy-protecting Rare disease International Network Collaboration via Encryption through Software guard extensionS

PubMed Central

Chen, Feng; Wang, Shuang; Jiang, Xiaoqian; Ding, Sijie; Lu, Yao; Kim, Jihoon; Sahinalp, S. Cenk; Shimizu, Chisato; Burns, Jane C.; Wright, Victoria J.; Png, Eileen; Hibberd, Martin L.; Lloyd, David D.; Yang, Hai; Telenti, Amalio; Bloss, Cinnamon S.; Fox, Dov; Lauter, Kristin; Ohno-Machado, Lucila

2017-01-01

Abstract Motivation: We introduce PRINCESS, a privacy-preserving international collaboration framework for analyzing rare disease genetic data that are distributed across different continents. PRINCESS leverages Software Guard Extensions (SGX) and hardware for trustworthy computation. Unlike a traditional international collaboration model, where individual-level patient DNA are physically centralized at a single site, PRINCESS performs a secure and distributed computation over encrypted data, fulfilling institutional policies and regulations for protected health information. Results: To demonstrate PRINCESS’ performance and feasibility, we conducted a family-based allelic association study for Kawasaki Disease, with data hosted in three different continents. The experimental results show that PRINCESS provides secure and accurate analyses much faster than alternative solutions, such as homomorphic encryption and garbled circuits (over 40 000× faster). Availability and Implementation: https://github.com/achenfengb/PRINCESS_opensource Contact: shw070@ucsd.edu Supplementary information: Supplementary data are available at Bioinformatics online. PMID:28065902

Quantum key distribution session with 16-dimensional photonic states

PubMed Central

Etcheverry, S.; Cañas, G.; Gómez, E. S.; Nogueira, W. A. T.; Saavedra, C.; Xavier, G. B.; Lima, G.

2013-01-01

The secure transfer of information is an important problem in modern telecommunications. Quantum key distribution (QKD) provides a solution to this problem by using individual quantum systems to generate correlated bits between remote parties, that can be used to extract a secret key. QKD with D-dimensional quantum channels provides security advantages that grow with increasing D. However, the vast majority of QKD implementations has been restricted to two dimensions. Here we demonstrate the feasibility of using higher dimensions for real-world quantum cryptography by performing, for the first time, a fully automated QKD session based on the BB84 protocol with 16-dimensional quantum states. Information is encoded in the single-photon transverse momentum and the required states are dynamically generated with programmable spatial light modulators. Our setup paves the way for future developments in the field of experimental high-dimensional QKD. PMID:23897033

Health Information System in a Cloud Computing Context.

PubMed

Sadoughi, Farahnaz; Erfannia, Leila

2017-01-01

Healthcare as a worldwide industry is experiencing a period of growth based on health information technology. The capabilities of cloud systems make it as an option to develop eHealth goals. The main objectives of the present study was to evaluate the advantages and limitations of health information systems implementation in a cloud-computing context that was conducted as a systematic review in 2016. Science direct, Scopus, Web of science, IEEE, PubMed and Google scholar were searched according study criteria. Among 308 articles initially found, 21 articles were entered in the final analysis. All the studies had considered cloud computing as a positive tool to help advance health technology, but none had insisted too much on its limitations and threats. Electronic health record systems have been mostly studied in the fields of implementation, designing, and presentation of models and prototypes. According to this research, the main advantages of cloud-based health information systems could be categorized into the following groups: economic benefits and advantages of information management. The main limitations of the implementation of cloud-based health information systems could be categorized into the 4 groups of security, legal, technical, and human restrictions. Compared to earlier studies, the present research had the advantage of dealing with the issue of health information systems in a cloud platform. The high frequency of studies conducted on the implementation of cloud-based health information systems revealed health industry interest in the application of this technology. Security was a subject discussed in most studies due to health information sensitivity. In this investigation, some mechanisms and solutions were discussed concerning the mentioned systems, which would provide a suitable area for future scientific research on this issue. The limitations and solutions discussed in this systematic study would help healthcare managers and decision-makers take better and more efficient advantages of this technology and make better planning to adopt cloud-based health information systems.

Computing Game-Theoretic Solutions for Security in the Medium Term

DTIC Science & Technology

This project concerns the design of algorithms for computing game- theoretic solutions . (Game theory concerns how to act in a strategically optimal...way in environments with other agents who also seek to act optimally but have different , and possibly opposite, interests .) Such algorithms have...recently found application in a number of real-world security applications, including among others airport security, scheduling Federal Air Marshals, and

Telemedicine security: a systematic review.

PubMed

Garg, Vaibhav; Brewer, Jeffrey

2011-05-01

Telemedicine is a technology-based alternative to traditional health care delivery. However, poor security measures in telemedicine services can have an adverse impact on the quality of care provided, regardless of the chronic condition being studied. We undertook a systematic review of 58 journal articles pertaining to telemedicine security. These articles were selected based on a keyword search on 14 relevant journals. The articles were coded to evaluate the methodology and to identify the key areas of research in security that are being reviewed. Seventy-six percent of the articles defined the security problem they were addressing, and only 47% formulated a research question pertaining to security. Sixty-one percent proposed a solution, and 20% of these tested the security solutions that they proposed. Prior research indicates inadequate reporting of methodology in telemedicine research. We found that to be true for security research as well. We also identified other issues such as using outdated security standards. © 2011 Diabetes Technology Society.

Telemedicine Security: A Systematic Review

PubMed Central

Garg, Vaibhav; Brewer, Jeffrey

2011-01-01

Telemedicine is a technology-based alternative to traditional health care delivery. However, poor security measures in telemedicine services can have an adverse impact on the quality of care provided, regardless of the chronic condition being studied. We undertook a systematic review of 58 journal articles pertaining to telemedicine security. These articles were selected based on a keyword search on 14 relevant journals. The articles were coded to evaluate the methodology and to identify the key areas of research in security that are being reviewed. Seventy-six percent of the articles defined the security problem they were addressing, and only 47% formulated a research question pertaining to security. Sixty-one percent proposed a solution, and 20% of these tested the security solutions that they proposed. Prior research indicates inadequate reporting of methodology in telemedicine research. We found that to be true for security research as well. We also identified other issues such as using outdated security standards. PMID:21722592

Audited credential delegation: a usable security solution for the virtual physiological human toolkit.

PubMed

Haidar, Ali N; Zasada, Stefan J; Coveney, Peter V; Abdallah, Ali E; Beckles, Bruce; Jones, Mike A S

2011-06-06

We present applications of audited credential delegation (ACD), a usable security solution for authentication, authorization and auditing in distributed virtual physiological human (VPH) project environments that removes the use of digital certificates from end-users' experience. Current security solutions are based on public key infrastructure (PKI). While PKI offers strong security for VPH projects, it suffers from serious usability shortcomings in terms of end-user acquisition and management of credentials which deter scientists from exploiting distributed VPH environments. By contrast, ACD supports the use of local credentials. Currently, a local ACD username-password combination can be used to access grid-based resources while Shibboleth support is underway. Moreover, ACD provides seamless and secure access to shared patient data, tools and infrastructure, thus supporting the provision of personalized medicine for patients, scientists and clinicians participating in e-health projects from a local to the widest international scale.

Audited credential delegation: a usable security solution for the virtual physiological human toolkit

PubMed Central

Haidar, Ali N.; Zasada, Stefan J.; Coveney, Peter V.; Abdallah, Ali E.; Beckles, Bruce; Jones, Mike A. S.

2011-01-01

We present applications of audited credential delegation (ACD), a usable security solution for authentication, authorization and auditing in distributed virtual physiological human (VPH) project environments that removes the use of digital certificates from end-users' experience. Current security solutions are based on public key infrastructure (PKI). While PKI offers strong security for VPH projects, it suffers from serious usability shortcomings in terms of end-user acquisition and management of credentials which deter scientists from exploiting distributed VPH environments. By contrast, ACD supports the use of local credentials. Currently, a local ACD username–password combination can be used to access grid-based resources while Shibboleth support is underway. Moreover, ACD provides seamless and secure access to shared patient data, tools and infrastructure, thus supporting the provision of personalized medicine for patients, scientists and clinicians participating in e-health projects from a local to the widest international scale. PMID:22670214

Monitoring Malware Activity on the LAN Network

NASA Astrophysics Data System (ADS)

Skrzewski, Mirosław

Many security related organizations periodically publish current network and systems security information, with the lists of top malware programs. These lists raises the question how these threats spreads out, if the worms (the only threat with own communication abilities) are low or missing on these lists. The paper discuss the research on malware network activity, aimed to deliver the answer to the question, what is the main infection channel of modern malware, done with the usage of virtual honeypot systems on dedicated, unprotected network. Systems setup, network and systems monitoring solutions, results of over three months of network traffic and malware monitoring are presented, along with the proposed answer to our research question.

Autonomous Information Unit: Why Making Data Smart Can also Make Data Secured?

NASA Technical Reports Server (NTRS)

Chow, Edward T.

2006-01-01

In this paper, we introduce a new fine-grain distributed information protection mechanism which can self-protect, self-discover, self-organize, and self-manage. In our approach, we decompose data into smaller pieces and provide individualized protection. We also provide a policy control mechanism to allow 'smart' access control and context based re-assembly of the decomposed data. By combining smart policy with individually protected data, we are able to provide better protection of sensitive information and achieve more flexible access during emergency conditions. As a result, this new fine-grain protection mechanism can enable us to achieve better solutions for problems such as distributed information protection and identity theft.

Integrating information technologies as tools for surgical research.

PubMed

Schell, Scott R

2005-10-01

Surgical research is dependent upon information technologies. Selection of the computer, operating system, and software tool that best support the surgical investigator's needs requires careful planning before research commences. This manuscript presents a brief tutorial on how surgical investigators can best select these information technologies, with comparisons and recommendations between existing systems, software, and solutions. Privacy concerns, based upon HIPAA and other regulations, now require careful proactive attention to avoid legal penalties, civil litigation, and financial loss. Security issues are included as part of the discussions related to selection and application of information technology. This material was derived from a segment of the Association for Academic Surgery's Fundamentals of Surgical Research course.

NINJA: a noninvasive framework for internal computer security hardening

NASA Astrophysics Data System (ADS)

Allen, Thomas G.; Thomson, Steve

2004-07-01

Vulnerabilities are a growing problem in both the commercial and government sector. The latest vulnerability information compiled by CERT/CC, for the year ending Dec. 31, 2002 reported 4129 vulnerabilities representing a 100% increase over the 2001 [1] (the 2003 report has not been published at the time of this writing). It doesn"t take long to realize that the growth rate of vulnerabilities greatly exceeds the rate at which the vulnerabilities can be fixed. It also doesn"t take long to realize that our nation"s networks are growing less secure at an accelerating rate. As organizations become aware of vulnerabilities they may initiate efforts to resolve them, but quickly realize that the size of the remediation project is greater than their current resources can handle. In addition, many IT tools that suggest solutions to the problems in reality only address "some" of the vulnerabilities leaving the organization unsecured and back to square one in searching for solutions. This paper proposes an auditing framework called NINJA (acronym for Network Investigation Notification Joint Architecture) for noninvasive daily scanning/auditing based on common security vulnerabilities that repeatedly occur in a network environment. This framework is used for performing regular audits in order to harden an organizations security infrastructure. The framework is based on the results obtained by the Network Security Assessment Team (NSAT) which emulates adversarial computer network operations for US Air Force organizations. Auditing is the most time consuming factor involved in securing an organization's network infrastructure. The framework discussed in this paper uses existing scripting technologies to maintain a security hardened system at a defined level of performance as specified by the computer security audit team. Mobile agents which were under development at the time of this writing are used at a minimum to improve the noninvasiveness of our scans. In general, noninvasive scans with an adequate framework performed on a daily basis reduce the amount of security work load as well as the timeliness in performing remediation, as verified by the NINJA framework. A vulnerability assessment/auditing architecture based on mobile agent technology is proposed and examined at the end of the article as an enhancement to the current NINJA architecture.

Assessing and Evaluating Department of Defense Efforts to Inform, Influence, and Persuade: Worked Example

DTIC Science & Technology

2017-01-01

intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited. Permission is given to...permissions. The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the...world safer and more secure, healthier and more prosperous. RAND is nonprofit, nonpartisan, and committed to the public interest. RAND’s publications do

Do Fewer Resources Mean Less Influence? A Comparative Historical Case Study of Military Influence in a Time of Austerity

DTIC Science & Technology

2015-01-01

including suggestions for reducing this burden, to Washington Headquarters Services , Directorate for Information Operations and Reports, 1215 Jefferson...and DEVELOPMENT The United States Army War College educates and develops leaders for service at the strategic level while advancing knowledge in the...expert knowledge, and provides solutions to strategic Army issues affecting the national security community . The Peacekeeping and Stability Operations

Can You Lead Me Now? Leading in the Complex World of Homeland Security

DTIC Science & Technology

2007-09-01

Theories of Formal Social Systems (Thousand Oaks, California: Sage Publications, 1999), 5. 3 Richard N. Osborn, James G. Hunt, and Lawrence Jauch...midst of an organizational crisis, or when executives and employees use social networks to gather information and initiate solutions for survival...GROUNDED THEORY Grounded theory offers a different way of knowing and understanding social interactions and patterns. The positivistic and deductive

Biometrics for electronic health records.

PubMed

Flores Zuniga, Alejandro Enrique; Win, Khin Than; Susilo, Willy

2010-10-01

Securing electronic health records, in scenarios in which the provision of care services is share among multiple actors, could become a complex and costly activity. Correct identification of patients and physician, protection of privacy and confidentiality, assignment of access permissions for healthcare providers and resolutions of conflicts rise as main points of concern in the development of interconnected health information networks. Biometric technologies have been proposed as a possible technological solution for these issues due to its ability to provide a mechanism for unique verification of an individual identity. This paper presents an analysis of the benefit as well as disadvantages offered by biometric technology. A comparison between this technology and more traditional identification methods is used to determine the key benefits and flaws of the use biometric in health information systems. The comparison as been made considering the viability of the technologies for medical environments, global security needs, the contemplation of a share care environment and the costs involved in the implementation and maintenance of such technologies. This paper also discusses alternative uses for biometrics technologies in health care environments. The outcome of this analysis lays in the fact that even when biometric technologies offer several advantages over traditional method of identification, they are still in the early stages of providing a suitable solution for a health care environment.

Technology Requirements and Selection for Securely Partitioning OBSW

NASA Astrophysics Data System (ADS)

Mendham, Peter; Windsor, James; Eckstein, Knut

2010-08-01

The Securely Partitioning Spacecraft Computing Resources project is a current ESA TRP activity investigating the application of secure time and space partitioning (TSP) technologies to enable multi-use missions from a single platform. Secure TSP technologies are used in a number of application areas outside the space domain and an opportunity exists to 'spin-in' a suitable solution. The selection of a technology for use within space the European space industry relies on an understanding of the requirements for the application of secure TSP, of which this paper presents a summary. Further, the paper outlines the selection process taken by the project and highlights promising solutions for use today.

A protect solution for data security in mobile cloud storage

NASA Astrophysics Data System (ADS)

Yu, Xiaojun; Wen, Qiaoyan

2013-03-01

It is popular to access the cloud storage by mobile devices. However, this application suffer data security risk, especial the data leakage and privacy violate problem. This risk exists not only in cloud storage system, but also in mobile client platform. To reduce the security risk, this paper proposed a new security solution. It makes full use of the searchable encryption and trusted computing technology. Given the performance limit of the mobile devices, it proposes the trusted proxy based protection architecture. The design basic idea, deploy model and key flows are detailed. The analysis from the security and performance shows the advantage.

A Distributed Energy-Aware Trust Management System for Secure Routing in Wireless Sensor Networks

NASA Astrophysics Data System (ADS)

Stelios, Yannis; Papayanoulas, Nikos; Trakadas, Panagiotis; Maniatis, Sotiris; Leligou, Helen C.; Zahariadis, Theodore

Wireless sensor networks are inherently vulnerable to security attacks, due to their wireless operation. The situation is further aggravated because they operate in an infrastructure-less environment, which mandates the cooperation among nodes for all networking tasks, including routing, i.e. all nodes act as “routers”, forwarding the packets generated by their neighbours in their way to the sink node. This implies that malicious nodes (denying their cooperation) can significantly affect the network operation. Trust management schemes provide a powerful tool for the detection of unexpected node behaviours (either faulty or malicious). Once misbehaving nodes are detected, their neighbours can use this information to avoid cooperating with them either for data forwarding, data aggregation or any other cooperative function. We propose a secure routing solution based on a novel distributed trust management system, which allows for fast detection of a wide set of attacks and also incorporates energy awareness.

Climate change, resource use and food security in midcentury under a range of plausible scenarios

NASA Astrophysics Data System (ADS)

Wiebe, K.

2016-12-01

Achieving and maintaining food security at local, national and global scales is challenged by changes in population, income and climate, among other socioeconomic and biophysical drivers. Assessing these challenges and possible solutions over the coming decades requires a systematic and multidisciplinary approach. The Global Futures and Strategic Foresight program, a CGIAR initiative led by the International Food Policy Research Institute in collaboration with the 14 other CGIAR research centers, is working to improve tools and conduct ex ante assessments of promising technologies, investments and policies under alternative global futures to inform decision making in the CGIAR and its partners. Alternative socioeconomic and climate scenarios are explored using an integrated system of climate, water, crop and economic models. This presentation will share findings from recent projections of food production and prices to 2050 at global and regional scales, together with their potential implications for land and water use, food security, nutrition and health.

Realization and optimization of AES algorithm on the TMS320DM6446 based on DaVinci technology

NASA Astrophysics Data System (ADS)

Jia, Wen-bin; Xiao, Fu-hai

2013-03-01

The application of AES algorithm in the digital cinema system avoids video data to be illegal theft or malicious tampering, and solves its security problems. At the same time, in order to meet the requirements of the real-time, scene and transparent encryption of high-speed data streams of audio and video in the information security field, through the in-depth analysis of AES algorithm principle, based on the hardware platform of TMS320DM6446, with the software framework structure of DaVinci, this paper proposes the specific realization methods of AES algorithm in digital video system and its optimization solutions. The test results show digital movies encrypted by AES128 can not play normally, which ensures the security of digital movies. Through the comparison of the performance of AES128 algorithm before optimization and after, the correctness and validity of improved algorithm is verified.

Building a gateway with open source software for secure-DICOM communication over insecure networks

NASA Astrophysics Data System (ADS)

Emmel, Dirk; Ricke, Jens; Stohlmann, Lutz; Haderer, Alexander; Felix, Roland

2002-05-01

For Teleradiology the exchange of DICOM-images is needed for several purposes. Existing solutions often don't consider about the needs for data security and data privacy. Communication is done without any encryption over insecure networks or with encryption using proprietary solutions, which reduces the data communication possibilities to partners with the same equipment. Our goal was to build a gateway, which offers a transparent solution for secure DICOM-communication in a heterogeneous environment We developed a PC-based gateway system with DICOM-communication to the in-house network and secure DICOM communication for the communication over the insecure network. One gateway installed at each location is responsible for encryption/decryption. The sender just transfers the image data over the DICOM protocol to the local gateway. The gateway forwards the data to the gateway on the destination site using the secure DICOM protocol, which is part of the DICOM standard. The receiving gateway forwards the image data to the final destination again using the DICOM-Protocol. The gateway is based on Open Source software and runs under several operating systems. Our experience shows a reliable solution, which solves security issues for DICOM communication of image data and integrates seamless into a heterogeneous DICOM environment.

Importance of biometrics to addressing vulnerabilities of the U.S. infrastructure

NASA Astrophysics Data System (ADS)

Arndt, Craig M.; Hall, Nathaniel A.

2004-08-01

Human identification technologies are important threat countermeasures in minimizing select infrastructure vulnerabilities. Properly targeted countermeasures should be selected and integrated into an overall security solution based on disciplined analysis and modeling. Available data on infrastructure value, threat intelligence, and system vulnerabilities are carefully organized, analyzed and modeled. Prior to design and deployment of an effective countermeasure; the proper role and appropriateness of technology in addressing the overall set of vulnerabilities is established. Deployment of biometrics systems, as with other countermeasures, introduces potentially heightened vulnerabilities into the system. Heightened vulnerabilities may arise from both the newly introduced system complexities and an unfocused understanding of the set of vulnerabilities impacted by the new countermeasure. The countermeasure's own inherent vulnerabilities and those introduced by the system's integration with the existing system are analyzed and modeled to determine the overall vulnerability impact. The United States infrastructure is composed of government and private assets. The infrastructure is valued by their potential impact on several components: human physical safety, physical/information replacement/repair cost, potential contribution to future loss (criticality in weapons production), direct productivity output, national macro-economic output/productivity, and information integrity. These components must be considered in determining the overall impact of an infrastructure security breach. Cost/benefit analysis is then incorporated in the security technology deployment decision process. Overall security risks based on system vulnerabilities and threat intelligence determines areas of potential benefit. Biometric countermeasures are often considered when additional security at intended points of entry would minimize vulnerabilities.

Solutions Network Formulation Report. NASA's Potential Contributions in Remote Quorum Sensing and the Management of Harmful Algal Blooms

NASA Technical Reports Server (NTRS)

Fletcher, Rose; Knowlton, Kelly; Ryan, Robert E.

2007-01-01

This candidate solution proposes to use the night-imaging capabilities of the HSTC from SAC-C and of the HSC from SAC-D/Aquarius to detect bioluminescent events associated with HABs (harmful algal blooms). Once detected, this information could be fed to the NOAA CSCOR (Center for Sponsored Coastal Ocean Research) Harmful Algal Bloom Event Response Program, which acts quickly to fund the mobilization of research teams and to engage local agencies in a response. The HSC/HSTC data can serve as input to the HABSOS decision support system to provide information on location, extent, and duration of HAB events. Society will benefit from improved protection of the health of humans beings, aquatic ecosystems, and coastal economies. This work supports coastal management, public health, and homeland security applications.

Distributed heterogeneous inspecting system and its middleware-based solution.

PubMed

Huang, Li-can; Wu, Zhao-hui; Pan, Yun-he

2003-01-01

There are many cases when an organization needs to monitor the data and operations of its supervised departments, especially those departments which are not owned by this organization and are managed by their own information systems. Distributed Heterogeneous Inspecting System (DHIS) is the system an organization uses to monitor its supervised departments by inspecting their information systems. In DHIS, the inspected systems are generally distributed, heterogeneous, and constructed by different companies. DHIS has three key processes-abstracting core data sets and core operation sets, collecting these sets, and inspecting these collected sets. In this paper, we present the concept and mathematical definition of DHIS, a metadata method for solving the interoperability, a security strategy for data transferring, and a middleware-based solution of DHIS. We also describe an example of the inspecting system at WENZHOU custom.

A Quantitative Study on the Relationship of Information Security Policy Awareness, Enforcement, and Maintenance to Information Security Program Effectiveness

ERIC Educational Resources Information Center

Francois, Michael T.

2016-01-01

Today's organizations rely heavily on information technology to conduct their daily activities. Therefore, their information security systems are an area of heightened security concern. As a result, organizations implement information security programs to address and mitigate that concern. However, even with the emphasis on information security,…

The Shaping of Managers' Security Objectives through Information Security Awareness Training

ERIC Educational Resources Information Center

Harris, Mark A.

2010-01-01

Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition,…

Analysis and solutions of security issues in Ethernet PON

NASA Astrophysics Data System (ADS)

Meng, Yu; Jiang, Tao; Xiao, Dingzhong

2005-02-01

Ethernet Passive Optical Network (EPON), which combines the low cost Ethernet equipment and economic fiber infrastructure, is being considered as a promising solution for Fiber-To-The-Home (FTTH). However, since EPON is an optical shared medium network, some unique features make it more vulnerable to security attacks. In this paper, the key security threats of EPON are firstly analyzed. And then, considering some specific properties which might be utilized for security, such as the safety of transmissions in upstream direction, some novel methods are presented to solve security problems. Firstly, based on some modification about registration, the mechanism of access control is achieved. Secondly, we implement an AES-128 symmetrical encryption and decryption in the EPON system. The AES-128 algorithm can process data blocks of 128 bits, but the length of Ethernet frame is variable. How to deal with the last block, which is not up to 128 bits, is discussed in detail. Finally, key update is accomplished through a vendor specific OAM frame in order to enhance the level of security. The proposed mechanism will remain in conformance with P2MP specification defined by 802.3ah TF, and can supply a complete security solution for EPON.

Design of an Aircrew Scheduling Decision Aid for the 6916th Electronic Security Squadron.

DTIC Science & Technology

1987-06-01

Security Classification) Design of an Aircrew Scheduling Decision Aid for the 6916th Electronic Security Squadron 12. PERSONAL AUTHOR(S) Thomas J. Kopf...Because of the great number of possible scheduling alternatives, it is difficult to find an optimal solution to-the scheduling problem. Additionally...changes to the original schedule make it even more difficult to find an optimal solution. The emergence of capable microcompu- ters, decision support

Distributed generation of shared RSA keys in mobile ad hoc networks

NASA Astrophysics Data System (ADS)

Liu, Yi-Liang; Huang, Qin; Shen, Ying

2005-12-01

Mobile Ad Hoc Networks is a totally new concept in which mobile nodes are able to communicate together over wireless links in an independent manner, independent of fixed physical infrastructure and centralized administrative infrastructure. However, the nature of Ad Hoc Networks makes them very vulnerable to security threats. Generation and distribution of shared keys for CA (Certification Authority) is challenging for security solution based on distributed PKI(Public-Key Infrastructure)/CA. The solutions that have been proposed in the literature and some related issues are discussed in this paper. The solution of a distributed generation of shared threshold RSA keys for CA is proposed in the present paper. During the process of creating an RSA private key share, every CA node only has its own private security. Distributed arithmetic is used to create the CA's private share locally, and that the requirement of centralized management institution is eliminated. Based on fully considering the Mobile Ad Hoc network's characteristic of self-organization, it avoids the security hidden trouble that comes by holding an all private security share of CA, with which the security and robustness of system is enhanced.

A Round-Efficient Authenticated Key Agreement Scheme Based on Extended Chaotic Maps for Group Cloud Meeting

PubMed Central

Lee, Tian-Fu; Wang, Zeng-Bo

2017-01-01

The security is a critical issue for business purposes. For example, the cloud meeting must consider strong security to maintain the communication privacy. Considering the scenario with cloud meeting, we apply extended chaotic map to present passwordless group authentication key agreement, termed as Passwordless Group Authentication Key Agreement (PL-GAKA). PL-GAKA improves the computation efficiency for the simple group password-based authenticated key agreement (SGPAKE) proposed by Lee et al. in terms of computing the session key. Since the extended chaotic map has equivalent security level to the Diffie–Hellman key exchange scheme applied by SGPAKE, the security of PL-GAKA is not sacrificed when improving the computation efficiency. Moreover, PL-GAKA is a passwordless scheme, so the password maintenance is not necessary. Short-term authentication is considered, hence the communication security is stronger than other protocols by dynamically generating session key in each cloud meeting. In our analysis, we first prove that each meeting member can get the correct information during the meeting. We analyze common security issues for the proposed PL-GAKA in terms of session key security, mutual authentication, perfect forward security, and data integrity. Moreover, we also demonstrate that communicating in PL-GAKA is secure when suffering replay attacks, impersonation attacks, privileged insider attacks, and stolen-verifier attacks. Eventually, an overall comparison is given to show the performance between PL-GAKA, SGPAKE and related solutions. PMID:29207509

A layered trust information security architecture.

PubMed

de Oliveira Albuquerque, Robson; Villalba, Luis Javier García; Orozco, Ana Lucila Sandoval; Buiati, Fábio; Kim, Tai-Hoon

2014-12-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

77 FR 12623 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National... Information Security Oversight Office no later than Friday, March 16, 2012. The Information Security Oversight... FURTHER INFORMATION CONTACT: David O. Best, Senior Program Analyst, The Information Security Oversight...

32 CFR 2700.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2700... MICRONESIAN STATUS NEGOTIATIONS SECURITY INFORMATION REGULATIONS Implementation and Review § 2700.51 Information Security Oversight Committee. The OMSN Information Security Oversight Committee shall be chaired...

75 FR 49943 - New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-16

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration New Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY: Transportation... INFORMATION CONTACT: Joanna Johnson, Office of Information Technology, TSA-11, Transportation Security...

Edge-Based Efficient Search over Encrypted Data Mobile Cloud Storage

PubMed Central

Liu, Fang; Cai, Zhiping; Xiao, Nong; Zhao, Ziming

2018-01-01

Smart sensor-equipped mobile devices sense, collect, and process data generated by the edge network to achieve intelligent control, but such mobile devices usually have limited storage and computing resources. Mobile cloud storage provides a promising solution owing to its rich storage resources, great accessibility, and low cost. But it also brings a risk of information leakage. The encryption of sensitive data is the basic step to resist the risk. However, deploying a high complexity encryption and decryption algorithm on mobile devices will greatly increase the burden of terminal operation and the difficulty to implement the necessary privacy protection algorithm. In this paper, we propose ENSURE (EfficieNt and SecURE), an efficient and secure encrypted search architecture over mobile cloud storage. ENSURE is inspired by edge computing. It allows mobile devices to offload the computation intensive task onto the edge server to achieve a high efficiency. Besides, to protect data security, it reduces the information acquisition of untrusted cloud by hiding the relevance between query keyword and search results from the cloud. Experiments on a real data set show that ENSURE reduces the computation time by 15% to 49% and saves the energy consumption by 38% to 69% per query. PMID:29652810

Edge-Based Efficient Search over Encrypted Data Mobile Cloud Storage.

PubMed

Guo, Yeting; Liu, Fang; Cai, Zhiping; Xiao, Nong; Zhao, Ziming

2018-04-13

Smart sensor-equipped mobile devices sense, collect, and process data generated by the edge network to achieve intelligent control, but such mobile devices usually have limited storage and computing resources. Mobile cloud storage provides a promising solution owing to its rich storage resources, great accessibility, and low cost. But it also brings a risk of information leakage. The encryption of sensitive data is the basic step to resist the risk. However, deploying a high complexity encryption and decryption algorithm on mobile devices will greatly increase the burden of terminal operation and the difficulty to implement the necessary privacy protection algorithm. In this paper, we propose ENSURE (EfficieNt and SecURE), an efficient and secure encrypted search architecture over mobile cloud storage. ENSURE is inspired by edge computing. It allows mobile devices to offload the computation intensive task onto the edge server to achieve a high efficiency. Besides, to protect data security, it reduces the information acquisition of untrusted cloud by hiding the relevance between query keyword and search results from the cloud. Experiments on a real data set show that ENSURE reduces the computation time by 15% to 49% and saves the energy consumption by 38% to 69% per query.

Comprehensive security framework for the communication and storage of medical images

NASA Astrophysics Data System (ADS)

Slik, David; Montour, Mike; Altman, Tym

2003-05-01

Confidentiality, integrity verification and access control of medical imagery and associated metadata is critical for the successful deployment of integrated healthcare networks that extend beyond the department level. As medical imagery continues to become widely accessed across multiple administrative domains and geographically distributed locations, image data should be able to travel and be stored on untrusted infrastructure, including public networks and server equipment operated by external entities. Given these challenges associated with protecting large-scale distributed networks, measures must be taken to protect patient identifiable information while guarding against tampering, denial of service attacks, and providing robust audit mechanisms. The proposed framework outlines a series of security practices for the protection of medical images, incorporating Transport Layer Security (TLS), public and secret key cryptography, certificate management and a token based trusted computing base. It outlines measures that can be utilized to protect information stored within databases, online and nearline storage, and during transport over trusted and untrusted networks. In addition, it provides a framework for ensuring end-to-end integrity of image data from acquisition to viewing, and presents a potential solution to the challenges associated with access control across multiple administrative domains and institution user bases.

[Application of classified protection of information security in the information system of air pollution and health impact monitoring].

PubMed

Hao, Shuxin; Lü, Yiran; Liu, Jie; Liu, Yue; Xu, Dongqun

2018-01-01

To study the application of classified protection of information security in the information system of air pollution and health impact monitoring, so as to solve the possible safety risk of the information system. According to the relevant national standards and requirements for the information system security classified protection, and the professional characteristics of the information system, to design and implement the security architecture of information system, also to determine the protection level of information system. Basic security measures for the information system were developed in the technical safety and management safety aspects according to the protection levels, which effectively prevented the security risk of the information system. The information system established relatively complete information security protection measures, to enhanced the security of professional information and system service, and to ensure the safety of air pollution and health impact monitoring project carried out smoothly.

14 CFR 1203.201 - Information security objectives.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

14 CFR 1203.201 - Information security objectives.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Information security objectives. 1203.201 Section 1203.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.201 Information security objectives. The objectives of...

Building a Foreign Military Sales Construction Delivery Strategy Decision Support System

DTIC Science & Technology

1991-09-01

DSS, formulates it into a computer model and produces solutions using information and expert heuristics. Using the Expert Systeic Process to Build a DSS...computer model . There are five stages in the development of an expert system. They are: 1) Identify and characterize the important aspects of the problem...and Steven A. Hidreth. U.S. Security Assistance: The Political Process. Massachusetts: Heath and Company, 1985. 19. Guirguis , Amir A., Program

Security Issues in Cross-Organizational Peer-to-Peer Applications and Some Solutions

NASA Astrophysics Data System (ADS)

Gupta, Ankur; Awasthi, Lalit K.

Peer-to-Peer networks have been widely used for sharing millions of terabytes of content, for large-scale distributed computing and for a variety of other novel applications, due to their scalability and fault-tolerance. However, the scope of P2P networks has somehow been limited to individual computers connected to the internet. P2P networks are also notorious for blatant copyright violations and facilitating several kinds of security attacks. Businesses and large organizations have thus stayed away from deploying P2P applications citing security loopholes in P2P systems as the biggest reason for non-adoption. In theory P2P applications can help fulfill many organizational requirements such as collaboration and joint projects with other organizations, access to specialized computing infrastructure and finally accessing the specialized information/content and expert human knowledge available at other organizations. These potentially beneficial interactions necessitate that the research community attempt to alleviate the security shortcomings in P2P systems and ensure their acceptance and wide deployment. This research paper therefore examines the security issues prevalent in enabling cross-organizational P2P interactions and provides some technical insights into how some of these issues can be resolved.

Systems Security Engineering

DTIC Science & Technology

2010-08-22

Commission (IEC). “Information technology — Security techniques — Code of practice for information security management ( ISO /IEC 27002 ...Information technology — Security techniques — Information security management systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security...was a draft ISO standard on Systems and software engineering, Systems and software assurance [18]. Created by systems engineers for systems

Information storage for health-care providers: it's not as simple as it seems.

PubMed

Hanauer, David

2004-01-01

As medical practices migrate from paper to computers for record keeping, new issues surrounding the safe storage of such data are arising. These range from choosing an electronic storage format to ensuring that any electronic information stored today will be available and readable years into the future. Privacy and security issues also continue to be important, especially since the HIPAA regulations were instituted. With the rapid advances in technology, finding the right solution may be like trying to hit a moving target, yet some basic principles, outlined in this article, should make this difficult task easier.

Health information technology: strategic initiatives, real progress.

PubMed

Kolodner, Robert M; Cohn, Simon P; Friedman, Charles P

2008-01-01

We fully agree with Carol Diamond and Clay Shirky that deployment of health information technology (IT) is necessary but not sufficient for transforming U.S. health care. However, the recent work to advance health IT is far from an exercise in "magical thinking." It has been strategic thinking. To illustrate this, we highlight recent initiatives and progress under four focus areas: adoption, governance, privacy and security, and interoperability. In addition, solutions exist for health IT to advance rapidly without adversely affecting future policy choices. A broad national consensus is emerging in support of advancing health IT to enable the transformation of health and care.

On the implementation of IP protection using biometrics based information hiding and firewall

NASA Astrophysics Data System (ADS)

Basu, Abhishek; Nandy, Kingshuk; Banerjee, Avishek; Giri, Supratick; Sarkar, Souvik; Sarkar, Subir Kumar

2016-02-01

System-on-chip-based design style creates a revolution in very large scale integration industry with design efficiency, operating speed and development time. To support this process, reuse and exchange of components are essential in electronic form called intellectual property (IP). This, however, increases the possibility of encroachment of IP of the design. So copyright protection of IP against piracy is the most important concern for IP vendors. The existing solutions for IP protection are still not secure enough with flexibility, cost, etc. This paper proposes an information-hiding-based solution for IP protection by embedding a biometric copyright information and firewall inside an IP in the form of a finite state machine with unique configuration. The scheme first introduces biometric signature-based copyright as ownership proof. Second, firewall interrupts the normal functionality of IP at the end of the user time period. The experimental outcomes of field-programmable-gate-array implementation illustrate the efficiency of the proposed method.

Design and develop a video conferencing framework for real-time telemedicine applications using secure group-based communication architecture.

PubMed

Mat Kiah, M L; Al-Bakri, S H; Zaidan, A A; Zaidan, B B; Hussain, Muzammil

2014-10-01

One of the applications of modern technology in telemedicine is video conferencing. An alternative to traveling to attend a conference or meeting, video conferencing is becoming increasingly popular among hospitals. By using this technology, doctors can help patients who are unable to physically visit hospitals. Video conferencing particularly benefits patients from rural areas, where good doctors are not always available. Telemedicine has proven to be a blessing to patients who have no access to the best treatment. A telemedicine system consists of customized hardware and software at two locations, namely, at the patient's and the doctor's end. In such cases, the video streams of the conferencing parties may contain highly sensitive information. Thus, real-time data security is one of the most important requirements when designing video conferencing systems. This study proposes a secure framework for video conferencing systems and a complete management solution for secure video conferencing groups. Java Media Framework Application Programming Interface classes are used to design and test the proposed secure framework. Real-time Transport Protocol over User Datagram Protocol is used to transmit the encrypted audio and video streams, and RSA and AES algorithms are used to provide the required security services. Results show that the encryption algorithm insignificantly increases the video conferencing computation time.

Measurement-Device-Independent Quantum Cryptography

NASA Astrophysics Data System (ADS)

Tang, Zhiyuan

Quantum key distribution (QKD) enables two legitimate parties to share a secret key even in the presence of an eavesdropper. The unconditional security of QKD is based on the fundamental laws of quantum physics. Original security proofs of QKD are based on a few assumptions, e.g., perfect single photon sources and perfect single-photon detectors. However, practical implementations of QKD systems do not fully comply with such assumptions due to technical limitations. The gap between theory and implementations leads to security loopholes in most QKD systems, and several attacks have been launched on sophisticated QKD systems. Particularly, the detectors have been found to be the most vulnerable part of QKD. Much effort has been put to build side-channel-free QKD systems. Solutions such as security patches and device-independent QKD have been proposed. However, the former are normally ad-hoc, and cannot close unidentified loopholes. The latter, while having the advantages of removing all assumptions on devices, is impractical to implement today. Measurement-device-independent QKD (MDI-QKD) turns out to be a promising solution to the security problem of QKD. In MDI-QKD, all security loopholes, including those yet-to-be discovered, have been removed from the detectors, the most critical part in QKD. In this thesis, we investigate issues related to the practical implementation and security of MDI-QKD. We first present a demonstration of polarization-encoding MDI-QKD. Taking finite key effect into account, we achieve a secret key rate of 0.005 bit per second (bps) over 10 km spooled telecom fiber, and a 1600-bit key is distributed. This work, together with other demonstrations, shows the practicality of MDI-QKD. Next we investigate a critical assumption of MDI-QKD: perfect state preparation. We apply the loss-tolerant QKD protocol and adapt it to MDI-QKD to quantify information leakage due to imperfect state preparation. We then present an experimental demonstration of MDI-QKD over 10 km and 40 km of spooled fiber, which for the first time considers the impact of inaccurate polarization state preparation on the secret key rate. This would not have been possible under previous security proofs, given the same amount of state preparation flaws.

Cooperative Monitoring Center Occasional Paper/8: Cooperative Border Security for Jordan: Assessment and Options

DOE Office of Scientific and Technical Information (OSTI.GOV)

Qojas, M.

1999-03-01

This document is an analysis of options for unilateral and cooperative action to improve the security of Jordan's borders. Sections describe the current political, economic, and social interactions along Jordan's borders. Next, the document discusses border security strategy for cooperation among neighboring countries and the adoption of confidence-building measures. A practical cooperative monitoring system would consist of hardware for early warning, command and control, communications, and transportation. Technical solutions can expand opportunities for the detection and identification of intruders. Sensors (such as seismic, break-wire, pressure-sensing, etc.) can warn border security forces of intrusion and contribute to the identification of themore » intrusion and help formulate the response. This document describes conceptual options for cooperation, offering three scenarios that relate to three hypothetical levels (low, medium, and high) of cooperation. Potential cooperative efforts under a low cooperation scenario could include information exchanges on military equipment and schedules to prevent misunderstandings and the establishment of protocols for handling emergency situations or unusual circumstances. Measures under a medium cooperation scenario could include establishing joint monitoring groups for better communications, with hot lines and scheduled meetings. The high cooperation scenario describes coordinated responses, joint border patrols, and sharing border intrusion information. Finally, the document lists recommendations for organizational, technical, and operational initiatives that could be applicable to the current situation.« less

76 FR 78009 - Information Collection; Implementation of Information Technology Security Provision

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-15

...] Information Collection; Implementation of Information Technology Security Provision AGENCY: General Services... collection requirement regarding Implementation of Information Technology Security Provision. Public comments... Information Collection 3090- 0294, Implementation of Information Technology Security Provision, by any of the...

Research on mobile electronic commerce security technology based on WPKI

NASA Astrophysics Data System (ADS)

Zhang, Bo

2013-07-01

Through the in-depth study on the existing mobile e-commerce and WAP protocols, this paper presents a security solution of e-commerce system based on WPKI, and describes its implementation process and specific implementation details. This solution uniformly distributes the key used by the various participating entities , to fully ensure the confidentiality, authentication, fairness and integrity of mobile e-commerce payments, therefore has some pract ical value for improving the security of e-commerce system.

Sequential mathematical solution for authentication and authorization technique implementing encryption methodology creating secure transaction using various methods also at quantum level

NASA Astrophysics Data System (ADS)

Gharami, Snigdha; Dinakaran, M.

2017-11-01

We see challenges in authenticating each aspect of electronic usage, starting from transaction to social interaction the authenticity and availability of correct information is guided in various ways. Authentication and authorization follow one another; a process of authentication is calculated on multiple layers of steps. In this paper we discuss various possibilities of modifying and using ways to deal with authentication and authorization mechanism. Idea is to work through authentication with mathematical calculations. We will go through various scenarios and find out the system of information that fits best at the moment of need. We will take account of new approaches of authentication and authorization while working on mathematical paradigm of information. The paper also takes an eye on quantum cryptography and discusses on how it could help one in the present scenario. This paper is divided into sections discussing on various paradigm of authentication and how one can achieve it in secure way, this paper is part of research work where analysis of various constraints are to be followed in the extended research work.

Quantum-secured blockchain

NASA Astrophysics Data System (ADS)

Kiktenko, E. O.; Pozhar, N. O.; Anufriev, M. N.; Trushechkin, A. S.; Yunusov, R. R.; Kurochkin, Y. V.; Lvovsky, A. I.; Fedorov, A. K.

2018-07-01

Blockchain is a distributed database which is cryptographically protected against malicious modifications. While promising for a wide range of applications, current blockchain platforms rely on digital signatures, which are vulnerable to attacks by means of quantum computers. The same, albeit to a lesser extent, applies to cryptographic hash functions that are used in preparing new blocks, so parties with access to quantum computation would have unfair advantage in procuring mining rewards. Here we propose a possible solution to the quantum era blockchain challenge and report an experimental realization of a quantum-safe blockchain platform that utilizes quantum key distribution across an urban fiber network for information-theoretically secure authentication. These results address important questions about realizability and scalability of quantum-safe blockchains for commercial and governmental applications.

44 CFR 8.3 - Senior FEMA official responsible for the information security program.

Code of Federal Regulations, 2011 CFR

2011-10-01

... responsible for the information security program. 8.3 Section 8.3 Emergency Management and Assistance FEDERAL EMERGENCY MANAGEMENT AGENCY, DEPARTMENT OF HOMELAND SECURITY GENERAL NATIONAL SECURITY INFORMATION § 8.3 Senior FEMA official responsible for the information security program. The Director of the Security...

75 FR 44800 - Notice of Meeting of the Homeland Security Information Network Advisory Committee, Tuesday...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-29

... DEPARTMENT OF HOMELAND SECURITY Notice of Meeting of the Homeland Security Information Network... Security. ACTION: Notice of open meeting. SUMMARY: The Homeland Security Information Network Advisory... (Pub. L. 92-463). The mission of the Homeland Security Information Network Advisory Committee is to...

Systems Security Engineering

DTIC Science & Technology

2010-08-22

practice for information security management ( ISO /IEC 27002 ),” “Information technology — Security techniques — Information security management...systems —Requirements ( ISO /IEC 27002 ),”, “Information technology — Security techniques — Information security risk management ( ISO /IEC 27005).” from...associated practice aids. Perhaps the most germane discovery from this effort was a draft ISO standard on Systems and software engineering, Systems and

12 CFR 605.501 - Information Security Officer.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 12 Banks and Banking 6 2011-01-01 2011-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

12 CFR 605.501 - Information Security Officer.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 12 Banks and Banking 6 2010-01-01 2010-01-01 false Information Security Officer. 605.501 Section... Information Security Officer. (a) The Information Security Officer of the Farm Credit Administration shall be responsible for implementation and oversight of the information security program and procedures adopted by the...

Clinical Implementation of Pharmacogenomics for Personalized Precision Medicine: Barriers and Solutions.

PubMed

Klein, Michelle E; Parvez, Md Masud; Shin, Jae-Gook

2017-09-01

Clinical implementation of pharmacogenomics (PGx) leads to personalized medicine, which improves the efficacy, safety, and cost-effectiveness of treatments. Although PGx-based research has been conducted for more than a decade, several barriers have slowed down its widespread implementation in clinical practice. Globally, there is an imbalance in programs and solutions required to empower the clinical implementation of PGx between countries. Therefore, we aimed to review these issues comprehensively, determine the major barriers, and find the best solutions. Through an extensive review of ongoing clinical implementation programs, scientific, educational, ethical, legal, and social issues, information technology, and reimbursement were identified as the key barriers. The pace of global implementation of genomic medicine coincided with the resource limitations of each country. The key solutions identified for the earlier mentioned barriers are as follows: building of secure and suitable information technology infrastructure with integrated clinical decision support systems along with increasing PGx evidence, more regulations, reimbursement strategies for stakeholder's acceptance, incorporation of PGx education in all institutions and clinics, and PGx promotion to all health care professionals and patients. In conclusion, this review will be helpful for the better understanding of common barriers and solutions pertaining to the clinical application of PGx. Copyright © 2017 American Pharmacists Association®. Published by Elsevier Inc. All rights reserved.

Cyber threat model for tactical radio networks

NASA Astrophysics Data System (ADS)

Kurdziel, Michael T.

2014-05-01

The shift to a full information-centric paradigm in the battlefield has allowed ConOps to be developed that are only possible using modern network communications systems. Securing these Tactical Networks without impacting their capabilities has been a challenge. Tactical networks with fixed infrastructure have similar vulnerabilities to their commercial counterparts (although they need to be secure against adversaries with greater capabilities, resources and motivation). However, networks with mobile infrastructure components and Mobile Ad hoc Networks (MANets) have additional unique vulnerabilities that must be considered. It is useful to examine Tactical Network based ConOps and use them to construct a threat model and baseline cyber security requirements for Tactical Networks with fixed infrastructure, mobile infrastructure and/or ad hoc modes of operation. This paper will present an introduction to threat model assessment. A definition and detailed discussion of a Tactical Network threat model is also presented. Finally, the model is used to derive baseline requirements that can be used to design or evaluate a cyber security solution that can be scaled and adapted to the needs of specific deployments.

Authentication techniques for smart cards

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nelson, R.A.

1994-02-01

Smart card systems are most cost efficient when implemented as a distributed system, which is a system without central host interaction or a local database of card numbers for verifying transaction approval. A distributed system, as such, presents special card and user authentication problems. Fortunately, smart cards offer processing capabilities that provide solutions to authentication problems, provided the system is designed with proper data integrity measures. Smart card systems maintain data integrity through a security design that controls data sources and limits data changes. A good security design is usually a result of a system analysis that provides a thoroughmore » understanding of the application needs. Once designers understand the application, they may specify authentication techniques that mitigate the risk of system compromise or failure. Current authentication techniques include cryptography, passwords, challenge/response protocols, and biometrics. The security design includes these techniques to help prevent counterfeit cards, unauthorized use, or information compromise. This paper discusses card authentication and user identity techniques that enhance security for microprocessor card systems. It also describes the analysis process used for determining proper authentication techniques for a system.« less

A Layered Trust Information Security Architecture

PubMed Central

de Oliveira Albuquerque, Robson; García Villalba, Luis Javier; Sandoval Orozco, Ana Lucila; Buiati, Fábio; Kim, Tai-Hoon

2014-01-01

Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed. PMID:25470490

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a... have access to matter revealing Secret or Confidential National Security Information or Restricted Data...

Implementing an Information Security Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to covermore » information security best practices, planning for an information security management system, and implementing security controls for information security.« less

Security Metrics: A Solution in Search of a Problem

ERIC Educational Resources Information Center

Rosenblatt, Joel

2008-01-01

Computer security is one of the most complicated and challenging fields in technology today. A security metrics program provides a major benefit: looking at the metrics on a regular basis offers early clues to changes in attack patterns or environmental factors that may require changes in security strategy. The term "security metrics"…

A Novel Texture-Quantization-Based Reversible Multiple Watermarking Scheme Applied to Health Information System.

PubMed

Turuk, Mousami; Dhande, Ashwin

2018-04-01

The recent innovations in information and communication technologies have appreciably changed the panorama of health information system (HIS). These advances provide new means to process, handle, and share medical images and also augment the medical image security issues in terms of confidentiality, reliability, and integrity. Digital watermarking has emerged as new era that offers acceptable solutions to the security issues in HIS. Texture is a significant feature to detect the embedding sites in an image, which further leads to substantial improvement in the robustness. However, considering the perspective of digital watermarking, this feature has received meager attention in the reported literature. This paper exploits the texture property of an image and presents a novel hybrid texture-quantization-based approach for reversible multiple watermarking. The watermarked image quality has been accessed by peak signal to noise ratio (PSNR), structural similarity measure (SSIM), and universal image quality index (UIQI), and the obtained results are superior to the state-of-the-art methods. The algorithm has been evaluated on a variety of medical imaging modalities (CT, MRA, MRI, US) and robustness has been verified, considering various image processing attacks including JPEG compression. The proposed scheme offers additional security using repetitive embedding of BCH encoded watermarks and ADM encrypted ECG signal. Experimental results achieved a maximum of 22,616 bits hiding capacity with PSNR of 53.64 dB.

The Use of BS7799 Information Security Standard to Construct Mechanisms for the Management of Medical Organization Information Security

NASA Astrophysics Data System (ADS)

Liu, Shu-Fan; Chueh, Hao-En; Liao, Kuo-Hsiung

According to surveys, 80 % of security related events threatening information in medical organizations is due to improper management. Most research on information security has focused on information and security technology, such as network security and access control; rarely addressing issues at the management issues. The main purpose of this study is to construct a BS7799 based mechanism for the management of information with regard to security as it applies to medical organizations. This study analyzes and identifies the most common events related to information security in medical organizations and categorizes these events as high-risk, transferable-risk, and controlled-risk to facilitate the management of such risk.

JPRS Report, Near East & South Asia

DTIC Science & Technology

1990-06-08

Solution ," enumerates prospects of work and the recon- stitution of the national security force as mitigating factors in the current situation. Much hope...massacres of Sumgait and Baku, block a solution , and the security of Armenia is in jeopardy. The report’s discussion of a resolution of this impasse...years has not opened any doors for a solution and has deepened the tense situation. b) Is it possible to establish a dialog between Armenia and

Research on application information system integration platform in medicine manufacturing enterprise.

PubMed

Deng, Wu; Zhao, Huimin; Zou, Li; Li, Yuanyuan; Li, Zhengguang

2012-08-01

Computer and information technology popularizes in the medicine manufacturing enterprise for its potentials in working efficiency and service quality. In allusion to the explosive data and information of application system in current medicine manufacturing enterprise, we desire to propose a novel application information system integration platform in medicine manufacturing enterprise, which based on a combination of RFID technology and SOA, to implement information sharing and alternation. This method exploits the application integration platform across service interface layer to invoke the RFID middleware. The loose coupling in integration solution is realized by Web services. The key techniques in RFID event components and expanded role-based security access mechanism are studied in detail. Finally, a case study is implemented and tested to evidence our understanding on application system integration platform in medicine manufacturing enterprise.

Global Security Sciences Home - Global Security Sciences

Science.gov Websites

Us About Our Research Global Security Sciences Leadership Strategic Initiatives Research Centers Center for Strategic Security Overview Leadership Risk and Infrastructure Science Center Overview Leadership Strategic Alliance for Global Energy Solutions Overview Leadership Systems Science Center Overview

Access and privacy rights using web security standards to increase patient empowerment.

PubMed

Falcão-Reis, Filipa; Costa-Pereira, Altamiro; Correia, Manuel E

2008-01-01

Electronic Health Record (EHR) systems are becoming more and more sophisticated and include nowadays numerous applications, which are not only accessed by medical professionals, but also by accounting and administrative personnel. This could represent a problem concerning basic rights such as privacy and confidentiality. The principles, guidelines and recommendations compiled by the OECD protection of privacy and trans-border flow of personal data are described and considered within health information system development. Granting access to an EHR should be dependent upon the owner of the record; the patient: he must be entitled to define who is allowed to access his EHRs, besides the access control scheme each health organization may have implemented. In this way, it's not only up to health professionals to decide who have access to what, but the patient himself. Implementing such a policy is walking towards patient empowerment which society should encourage and governments should promote. The paper then introduces a technical solution based on web security standards. This would give patients the ability to monitor and control which entities have access to their personal EHRs, thus empowering them with the knowledge of how much of his medical history is known and by whom. It is necessary to create standard data access protocols, mechanisms and policies to protect the privacy rights and furthermore, to enable patients, to automatically track the movement (flow) of their personal data and information in the context of health information systems. This solution must be functional and, above all, user-friendly and the interface should take in consideration some heuristics of usability in order to provide the user with the best tools. The current official standards on confidentiality and privacy in health care, currently being developed within the EU, are explained, in order to achieve a consensual idea of the guidelines that all member states should follow to transfer such principles into national laws. A perspective is given on the state of the art concerning web security standards, which can be used to easily engineer health information systems complying with the patient empowering goals. In conclusion health systems with the characteristics thus described are technically feasible and should be generally implemented and deployed.

Is Seeing Believing? Training Users on Information Security: Evidence from Java Applets

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Figueroa, Norilyz

2017-01-01

Information Security issues are one of the top concerns of CEOs. Accordingly, information systems education and research have addressed security issues. One of the main areas of research is the behavioral issues in Information Security, primarily focusing on users' compliance to information security policies. We contribute to this literature by…

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Establishing Information Security Standards Table of Contents I. Introduction A. Scope B. Preservation of... Security Program B. Objectives III. Development and Implementation of Customer Information Security Program.... Introduction The Interagency Guidelines Establishing Information Security Standards (Guidelines) set forth...

76 FR 67750 - Homeland Security Information Network Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0107] Homeland Security Information Network... Information Network Advisory Committee. SUMMARY: The Secretary of Homeland Security has determined that the renewal of the Homeland Security Information Network Advisory Committee (HSINAC) is necessary and in the...

78 FR 7797 - Homeland Security Information Network Advisory Committee (HSINAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-04

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2013-0005] Homeland Security Information Network... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSIN AC) will meet... received by the (Homeland Security Information Network Advisory Committee), go to http://www.regulations...

78 FR 34665 - Homeland Security Information Network Advisory Committee (HSINAC); Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-06-10

... DEPARTMENT OF HOMELAND SECURITY [DHS-2013-0037] Homeland Security Information Network Advisory... Committee Meeting. SUMMARY: The Homeland Security Information Network Advisory Committee (HSINAC) will meet... posted beforehand at this link: http://www.dhs.gov/homeland-security-information-network-advisory...

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

32 CFR 2103.51 - Information Security Oversight Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Information Security Oversight Committee. 2103... BE DECLASSIFIED Implementation and Review § 2103.51 Information Security Oversight Committee. The NCS Information Security Oversight Committee shall be chaired by the Staff Counsel of the National Security...

AGU, Science and Engagement with the Energy Industry

NASA Astrophysics Data System (ADS)

Leinen, M.; Davidson, E. A.

2016-12-01

The relationship between science and society evolves over time and the social, political, and economic factors shaping this relationship are complex. When problems facing society become more challenging, the public, NGOs, and policy makers call for science to more directly inform solutions, to assure accountability for the use of funds and to address conflicts of interest. But when policy solutions for such challenges require significant economic and societal tradeoffs, discussion of the science can become polarized and politicized. When this occurs, AGU's policies that uphold the highest standards of scientific integrity, address conflicts of interests and promote independence for members are even more important. These policies are implemented through processes for: a) control of science presented at meeting and in publications; b) requirements for data cited in publications to be publicly accessible, and c) an organizational support policy that prohibits sponsors from influencing science presented in AGU programs. The private sector wields vast influence on human behavior and governmental policy through commerce and lobbying. These actions can be controversial when the profit motive appears incongruent with other societal opinions of what is in the public interest. Climate change is an example of this tension, where the economic exploitation of fossil fuels has complex effects on food and energy security as well as on the environment. Nonetheless, the AGU Board unanimously agreed that given our mission to advance science to create a more sustainable earth, engagement of the private sector rather than disengagement is the best way to influence decision makers on all sides because we believe that the private sector needs to be part of any solutions. We plan to use our convening power and scientific authority to bring together diverse views on climate change solutions from the private, NGO, policy, decision-maker and scientific sectors to begin a substantial, responsible and on-going dialogue. We want this dialogue to inform issues of energy, environment, security and the associated economic and societal benefits and tradeoffs in addressing climate change. AGU will share our initial ideas for convening such engagement and in the future will inform our membership on the successes and the on-going challenges.

Advanced Secure Optical Image Processing for Communications

NASA Astrophysics Data System (ADS)

Al Falou, Ayman

2018-04-01

New image processing tools and data-processing network systems have considerably increased the volume of transmitted information such as 2D and 3D images with high resolution. Thus, more complex networks and long processing times become necessary, and high image quality and transmission speeds are requested for an increasing number of applications. To satisfy these two requests, several either numerical or optical solutions were offered separately. This book explores both alternatives and describes research works that are converging towards optical/numerical hybrid solutions for high volume signal and image processing and transmission. Without being limited to hybrid approaches, the latter are particularly investigated in this book in the purpose of combining the advantages of both techniques. Additionally, pure numerical or optical solutions are also considered since they emphasize the advantages of one of the two approaches separately.

Survey of business process management: challenges and solutions

NASA Astrophysics Data System (ADS)

Alotaibi, Youseef; Liu, Fei

2017-09-01

The current literature shows that creating a good framework on business process model (PM) is not an easy task. A successful business PM should have the ability to ensure accurate alignment between business processes (BPs) and information technology (IT) designs, provide security protection, manage the rapidly changing business environment and BPs, manage customer power, be flexible for reengineering and ensure that IT goals can be easily derived from business goals and hence an information system (IS) can be easily implemented. This article presents an overview of research in the business PM domain. We have presented a review of the challenges facing business PMs, such as misalignment between business and IT, difficulty of deriving IT goals from business goals, creating secured business PM, reengineering BPs, managing the rapidly changing BP and business environment and managing customer power. Also, it presents the limitations of existing business PM frameworks. Finally, we outline several guidelines to create good business PM and the possible further research directions in the business PM domain.

Examining the Return on Investment of a Security Information and Event Management Solution in a Notional Department of Defense Network Environment

DTIC Science & Technology

2013-06-01

collection are the facts that devices the lack encryption or compression methods and that the log file must be saved on the host system prior to transfer...time. Statistical correlation utilizes numerical algorithms to detect deviations from normal event levels and other routine activities (Chuvakin...can also assist in detecting low volume threats. Although easy and logical to implement, the implementation of statistical correlation algorithms

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

PubMed

Kraemer, Sara; Carayon, Pascale

2007-03-01

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

Security Shift in Future Network Architectures

DTIC Science & Technology

2010-11-01

RTO-MP-IST-091 2 - 1 Security Shift in Future Network Architectures Tim Hartog, M.Sc Information Security Dept. TNO Information and...current practice military communication infrastructures are deployed as stand-alone networked information systems. Network -Enabled Capabilities (NEC) and...information architects and security specialists about the separation of network and information security, the consequences of this shift and our view

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 4 2011-10-01 2011-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 4 2014-10-01 2014-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 4 2012-10-01 2012-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

48 CFR 552.239-70 - Information Technology Security Plan and Security Authorization.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 4 2013-10-01 2013-10-01 false Information Technology... Text of Provisions and Clauses 552.239-70 Information Technology Security Plan and Security Authorization. As prescribed in 539.7002(a), insert the following provision: Information Technology Security...

75 FR 57904 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-23

... Office, --Update of NIST Computer Security Division, and --Information Security and Privacy Advisory... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

Interpreting international governance standards for health IT use within general medical practice.

PubMed

Mahncke, Rachel J; Williams, Patricia A H

2014-01-01

General practices in Australia recognise the importance of comprehensive protective security measures. Some elements of information security governance are incorporated into recommended standards, however the governance component of information security is still insufficiently addressed in practice. The International Organistion for Standardisation (ISO) released a new global standard in May 2013 entitled, ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security. This standard, applicable to organisations of all sizes, offers a framework against which to assess and implement the governance components of information security. The standard demonstrates the relationship between governance and the management of information security, provides strategic principles and processes, and forms the basis for establishing a positive information security culture. An analysis interpretation of this standard for use in Australian general practice was performed. This work is unique as such interpretation for the Australian healthcare environment has not been undertaken before. It demonstrates an application of the standard at a strategic level to inform existing development of an information security governance framework.

The Design of Data Disaster Recovery of National Fundamental Geographic Information System

NASA Astrophysics Data System (ADS)

Zhai, Y.; Chen, J.; Liu, L.; Liu, J.

2014-04-01

With the development of information technology, data security of information system is facing more and more challenges. The geographic information of surveying and mapping is fundamental and strategic resource, which is applied in all areas of national economic, defence and social development. It is especially vital to national and social interests when such classified geographic information is directly concerning Chinese sovereignty. Several urgent problems that needs to be resolved for surveying and mapping are how to do well in mass data storage and backup, establishing and improving the disaster backup system especially after sudden natural calamity accident, and ensuring all sectors rapidly restored on information system will operate correctly. For overcoming various disaster risks, protect the security of data and reduce the impact of the disaster, it's no doubt the effective way is to analysis and research on the features of storage and management and security requirements, as well as to ensure that the design of data disaster recovery system suitable for the surveying and mapping. This article analyses the features of fundamental geographic information data and the requirements of storage management, three site disaster recovery system of DBMS plan based on the popular network, storage and backup, data replication and remote switch of application technologies. In LAN that synchronous replication between database management servers and the local storage of backup management systems, simultaneously, remote asynchronous data replication between local storage backup management systems and remote database management servers. The core of the system is resolving local disaster in the remote site, ensuring data security and business continuity of local site. This article focuses on the following points: background, the necessity of disaster recovery system, the analysis of the data achievements and data disaster recovery plan. Features of this program is to use a hardware-based data hot backup, and remote online disaster recovery support for Oracle database system. The achievement of this paper is in summarizing and analysing the common characteristics of disaster of surveying and mapping business system requirements, while based on the actual situation of the industry, designed the basic GIS disaster recovery solutions, and we also give the conclusions about key technologies of RTO and RPO.

Information Security: Computer Hacker Information Available on the Internet

DTIC Science & Technology

1996-06-05

INFORMATION SECURITY Computer Hacker Information Available on the Internet Statement for the Record of...Report Type N/A Dates Covered (from... to) - Title and Subtitle INFORMATION SECURITY Computer Hacker Information Available on the Internet Contract...1996 4. TITLE AND SUBTITLE Information Security: Computer Hacker Information Available on the Internet 5. FUNDING NUMBERS 6. AUTHOR(S) Jack L.

Teleradiology mobile internet system with a new information security solution

NASA Astrophysics Data System (ADS)

Satoh, Hitoshi; Niki, Noboru; Eguchi, Kenji; Ohmatsu, Hironobu; Kusumoto, Masahiko; Kaneko, Masahiro; Moriyama, Noriyuki

2014-03-01

We have developed an external storage system by using secret sharing scheme and tokenization for regional medical cooperation, PHR service and information preservation. The use of mobile devices such as smart phones and tablets will be accelerated for a PHR service, and the confidential medical information is exposed to the risk of damage and intercept. We verified the transfer rate of the sending and receiving of data to and from the external storage system that connected it with PACS by the Internet this time. External storage systems are the data centers that exist in Okinawa, in Osaka, in Sapporo and in Tokyo by using secret sharing scheme. PACS continuously transmitted 382 CT images to the external data centers. Total capacity of the CT images is about 200MB. The total time that had been required to transmit was about 250 seconds. Because the preservation method to use secret sharing scheme is applied, security is strong. But, it also takes the information transfer time of this system too much. Therefore, DICOM data is masked to the header information part because it is made to anonymity in our method. The DICOM data made anonymous is preserved in the data base in the hospital. Header information including individual information is divided into two or more tallies by secret sharing scheme, and preserved at two or more external data centers. The token to relate the DICOM data anonymity made to header information preserved outside is strictly preserved in the token server. The capacity of header information that contains patient's individual information is only about 2% of the entire DICOM data. This total time that had been required to transmit was about 5 seconds. Other, common solutions that can protect computer communication networks from attacks are classified as cryptographic techniques or authentication techniques. Individual number IC card is connected with electronic certification authority of web medical image conference system. Individual number IC card is given only to the person to whom the authority to operate web medical image conference system was given.

A review of security of electronic health records.

PubMed

Win, Khin Than

The objective of this study is to answer the research question, "Are current information security technologies adequate for electronic health records (EHRs)?" In order to achieve this, the following matters have been addressed in this article: (i) What is information security in the context of EHRs? (ii) Why is information security important for EHRs? and (iii) What are the current technologies for information security available to EHRs? It is concluded that current EHR security technologies are inadequate and urgently require improvement. Further study regarding information security of EHRs is indicated.

49 CFR 1548.19 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an Information... security measures are necessary to respond to a threat assessment, or to a specific threat against civil...

Security Aspects of an Enterprise-Wide Network Architecture.

ERIC Educational Resources Information Center

Loew, Robert; Stengel, Ingo; Bleimann, Udo; McDonald, Aidan

1999-01-01

Presents an overview of two projects that concern local area networks and the common point between networks as they relate to network security. Discusses security architectures based on firewall components, packet filters, application gateways, security-management components, an intranet solution, user registration by Web form, and requests for…

77 FR 34436 - Self-Regulatory Organizations; International Securities Exchange, LLC; Notice of Filing of...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-11

... Organizations; International Securities Exchange, LLC; Notice of Filing of Proposed Rule Change To Temporarily... International Securities Exchange, LLC (the ``Exchange'' or the ``ISE'') filed with the Securities and Exchange... Clearing and Outsourcing Solutions, Inc. (``Apex Clearing'') as an ISE member organization, subject to Apex...

A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

ERIC Educational Resources Information Center

Waddell, Stanie Adolphus

2013-01-01

Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and…

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 5 2014-10-01 2014-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 5 2011-10-01 2011-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

49 CFR 8.9 - Information Security Review Committee.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 1 2011-10-01 2011-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... Clause 1352.239-73, Security Requirements for Information Technology Resources, is needed, contracting... 48 Federal Acquisition Regulations System 5 2010-10-01 2010-10-01 false Information security. 1339...

49 CFR 8.9 - Information Security Review Committee.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 1 2010-10-01 2010-10-01 false Information Security Review Committee. 8.9 Section.../DECLASSIFICATION/ACCESS Classification/Declassification of Information § 8.9 Information Security Review Committee. (a) There is hereby established a Department of Transportation Information Security Review Committee...

48 CFR 1339.107-70 - Information security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 5 2013-10-01 2013-10-01 false Information security. 1339... CATEGORIES OF CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 1339.107-70 Information security. (a... coordinate with the designated Contracting Officer Representative (COR) to complete the Information Security...

Defining Information Security.

PubMed

Lundgren, Björn; Möller, Niklas

2017-11-15

This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

PubMed

Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

2000-05-01

The US Army Great Plains Regional Medical Command (GPRMC) has a requirement to conform to Department of Defense (DoD) and Army security policies for the Virtual Radiology Environment (VRE) Project. Within the DoD, security policy is defined as the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security policy in the DoD is described by the Trusted Computer System Evaluation Criteria (TCSEC), Army Regulation (AR) 380-19, Defense Information Infrastructure Common Operating Environment (DII COE), Military Health Services System Automated Information Systems Security Policy Manual, and National Computer Security Center-TG-005, "Trusted Network Interpretation." These documents were used to develop a security policy that defines information protection requirements that are made with respect to those laws, rules, and practices that are required to protect the information stored and processed in the VRE Project. The goal of the security policy is to provide for a C2-level of information protection while also satisfying the functional needs of the GPRMC's user community. This report summarizes the security policy for the VRE and defines the CORBA security services that satisfy the policy. In the VRE, the information to be protected is embedded into three major information components: (1) Patient information consists of Digital Imaging and Communications in Medicine (DICOM)-formatted fields. The patient information resides in the digital imaging network picture archiving and communication system (DIN-PACS) networks in the database archive systems and includes (a) patient demographics; (b) patient images from x-ray, computed tomography (CT), magnetic resonance imaging (MRI), and ultrasound (US); and (c) prior patient images and related patient history. (2) Meta-Manager information to be protected consists of several data objects. This information is distributed to the Meta-Manager nodes and includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.

Multiobjective optimization of urban water resources: Moving toward more practical solutions

NASA Astrophysics Data System (ADS)

Mortazavi, Mohammad; Kuczera, George; Cui, Lijie

2012-03-01

The issue of drought security is of paramount importance for cities located in regions subject to severe prolonged droughts. The prospect of "running out of water" for an extended period would threaten the very existence of the city. Managing drought security for an urban water supply is a complex task involving trade-offs between conflicting objectives. In this paper a multiobjective optimization approach for urban water resource planning and operation is developed to overcome practically significant shortcomings identified in previous work. A case study based on the headworks system for Sydney (Australia) demonstrates the approach and highlights the potentially serious shortcomings of Pareto optimal solutions conditioned on short climate records, incomplete decision spaces, and constraints to which system response is sensitive. Where high levels of drought security are required, optimal solutions conditioned on short climate records are flawed. Our approach addresses drought security explicitly by identifying approximate optimal solutions in which the system does not "run dry" in severe droughts with expected return periods up to a nominated (typically large) value. In addition, it is shown that failure to optimize the full mix of interacting operational and infrastructure decisions and to explore the trade-offs associated with sensitive constraints can lead to significantly more costly solutions.

MAC layer security issues in wireless mesh networks

NASA Astrophysics Data System (ADS)

Reddy, K. Ganesh; Thilagam, P. Santhi

2016-03-01

Wireless Mesh Networks (WMNs) have emerged as a promising technology for a broad range of applications due to their self-organizing, self-configuring and self-healing capability, in addition to their low cost and easy maintenance. Securing WMNs is more challenging and complex issue due to their inherent characteristics such as shared wireless medium, multi-hop and inter-network communication, highly dynamic network topology and decentralized architecture. These vulnerable features expose the WMNs to several types of attacks in MAC layer. The existing MAC layer standards and implementations are inadequate to secure these features and fail to provide comprehensive security solutions to protect both backbone and client mesh. Hence, there is a need for developing efficient, scalable and integrated security solutions for WMNs. In this paper, we classify the MAC layer attacks and analyze the existing countermeasures. Based on attacks classification and countermeasures analysis, we derive the research directions to enhance the MAC layer security for WMNs.

6 CFR 27.200 - Information regarding security risk for a chemical facility.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Information regarding security risk for a chemical facility. 27.200 Section 27.200 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information...

Pragmatic prevention, permanent solution: Women's experiences with hysterectomy in rural India.

PubMed

Desai, Sapna

2016-02-01

Hysterectomy appears to be on the rise amongst low-income, rural women in India as routine treatment for gynaecological ailments. This paper explores the individual, household, socio-economic and health system factors that influenced women's decisions to undergo hysterectomy in rural Gujarat, with a focus on women's perspectives. Interviews were conducted with 35 rural, low-income women who had undergone hysterectomy, local gynaecologists and other key informants, alongside observation of daily life and health-related activities. Inductive, open coding was conducted within a framework analysis to identify thematic influences on the decision to undergo hysterectomy. Women underwent hysterectomy at an average age of 36, as treatment for typically severe gynaecological ailments. I argue that women, faced with embedded social inequality in the form of gender biases, lack of labour security and a maternal-centric health system, demonstrated pragmatic agency in their decision to remove the uterus. When they experienced gynaecological ailments, most sought two to three opinions and negotiated financial and logistical concerns. The health system offered few non-invasive services for non-maternal health issues. Moreover, women and health care providers believed there is limited utility of the uterus beyond childbearing. Women's responsibilities as caretakers, workers and producers drove them to seek permanent solutions that would secure their long-term work and health security. Thus, hysterectomy emerged as a normalised treatment for gynaecological ailments, particularly for low-income women with limited resources or awareness of potential side effects. In this setting, hysterectomy reflects the power structures and social inequalities in which women negotiated medical treatment--and the need to reverse a culture of permanent solutions for low-income women. Copyright © 2016 Elsevier Ltd. All rights reserved.

78 FR 55134 - Anhui Taiyang Poultry Co., Inc.; a/k/a The Parkview Group, Inc.; Business Development Solutions...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-09

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Anhui Taiyang Poultry Co., Inc.; a/k/a The Parkview Group, Inc.; Business Development Solutions, Inc., and Tsingyuan Brewery Ltd.; Order of Suspension of Trading September 5, 2013. It appears to the Securities and Exchange Commission that there is a...

Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

ERIC Educational Resources Information Center

Imam, Abbas H.

2013-01-01

Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

14 CFR 1203.202 - Responsibilities.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.202 Responsibilities. (a) The Chairperson, NASA Information Security...) Ensuring effective compliance with and implementation of “the Order” and the Information Security Oversight...

14 CFR 1203.202 - Responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program § 1203.202 Responsibilities. (a) The Chairperson, NASA Information Security...) Ensuring effective compliance with and implementation of “the Order” and the Information Security Oversight...

Integrating legacy medical data sensors in a wireless network infrastucture.

PubMed

Dembeyiotis, S; Konnis, G; Koutsouris, D

2005-01-01

In the process of developing a wireless networking solution to provide effective field-deployable communications and telemetry support for rescuers during major natural disasters, we are faced with the task of interfacing the multitude of medical and other legacy data collection sensors to the network grid. In this paper, we detail a number of solutions, with particular attention given to the issue of data security. The chosen implementation allows for sensor control and management from remote network locations, while the sensors can wirelessly transmit their data to nearby network nodes securely, utilizing the latest commercially available cryptography solutions. Initial testing validates the design choices, while the network-enabled sensors are being integrated in the overall wireless network security framework.

Healthcare information system approaches based on middleware concepts.

PubMed

Holena, M; Blobel, B

1997-01-01

To meet the challenges for efficient and high-level quality, health care systems must implement the "Shared Care" paradigm of distributed co-operating systems. To this end, both the newly developed and legacy applications must be fully integrated into the care process. These requirements can be fulfilled by information systems based on middleware concepts. In the paper, the middleware approaches HL7, DHE, and CORBA are described. The relevance of those approaches to the healthcare domain is documented. The description presented here is complemented through two other papers in this volume, concentrating on the evaluation of the approaches, and on their security threats and solutions.

Fingerprint verification on medical image reporting system.

PubMed

Chen, Yen-Cheng; Chen, Liang-Kuang; Tsai, Ming-Dar; Chiu, Hou-Chang; Chiu, Jainn-Shiun; Chong, Chee-Fah

2008-03-01

The healthcare industry is recently going through extensive changes, through adoption of robust, interoperable healthcare information technology by means of electronic medical records (EMR). However, a major concern of EMR is adequate confidentiality of the individual records being managed electronically. Multiple access points over an open network like the Internet increases possible patient data interception. The obligation is on healthcare providers to procure information security solutions that do not hamper patient care while still providing the confidentiality of patient information. Medical images are also part of the EMR which need to be protected from unauthorized users. This study integrates the techniques of fingerprint verification, DICOM object, digital signature and digital envelope in order to ensure that access to the hospital Picture Archiving and Communication System (PACS) or radiology information system (RIS) is only by certified parties.

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Part 364—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

75 FR 63499 - Extension of Agency Information Collection Activity Under OMB Review: Sensitive Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-15

... Information Collection Activity Under OMB Review: Sensitive Security Information Threat Assessments AGENCY... Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of... of a party seeking access to sensitive security information (SSI) in a civil proceeding in Federal...

Economic Evaluation of the Information Security Levels Achieved by Electric Energy Providers in North Arctic Region

NASA Astrophysics Data System (ADS)

Sushko, O. P.; Kaznin, A. A.; Babkin, A. V.; Bogdanov, D. A.

2017-10-01

The study we are conducting involves the analysis of information security levels achieved by energy providers operating in the North Arctic Region. We look into whether the energy providers’ current information security levels meet reliability standards and determine what further actions may be needed for upgrading information security in the context of the digital transformation that the world community is undergoing. When developing the information security systems for electric energy providers or selecting the protection means for them, we are governed by the fact that the assets to be protected are process technologies. While information security risk can be assessed using different methods, the evaluation of the economic damage from these risks appears to be a difficult task. The most probable and harmful risks we have identified when evaluating the electric energy providers’ information security will be used by us as variables. To provide the evaluation, it is necessary to calculate the costs relating to elimination of the risks identified. The final stage of the study will involve the development of an operation algorithm for the North Arctic Region’s energy provider’s business information protection security system - a set of information security services, and security software and hardware.

Common Capabilities for Trust and Security in Service Oriented Infrastructures

NASA Astrophysics Data System (ADS)

Brossard, David; Colombo, Maurizio

In order to achieve agility of the enterprise and shorter concept-to-market timescales for new services, IT and communication providers and their customers increasingly use technologies and concepts which come together under the banner of the Service Oriented Infrastructure (SOI) approach. In this paper we focus on the challenges relating to SOI security. The solutions presented cover the following areas: i) identity federation, ii) distributed usage & access management, and iii) context-aware secure messaging, routing & transformation. We use a scenario from the collaborative engineering space to illustrate the challenges and the solutions.

Applying New Network Security Technologies to SCADA Systems.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hurd, Steven A; Stamp, Jason Edwin; Duggan, David P

2006-11-01

Supervisory Control and Data Acquisition (SCADA) systems for automation are very important for critical infrastructure and manufacturing operations. They have been implemented to work in a number of physical environments using a variety of hardware, software, networking protocols, and communications technologies, often before security issues became of paramount concern. To offer solutions to security shortcomings in the short/medium term, this project was to identify technologies used to secure "traditional" IT networks and systems, and then assess their efficacy with respect to SCADA systems. These proposed solutions must be relatively simple to implement, reliable, and acceptable to SCADA owners and operators.more » 4This page intentionally left blank.« less

75 FR 65526 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-25

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 6636 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-07

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later than...

76 FR 67484 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-01

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... must be submitted to the Information Security Oversight Office (ISOO) no later than Friday, November 11...

76 FR 28099 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-13

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

75 FR 39582 - National Industrial Security Program Policy Advisory Committee (NISPPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-09

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: Information Security Oversight Office... telephone number of individuals planning to attend must be submitted to the Information Security Oversight...

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 1 2010-01-01 2010-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 1 2011-01-01 2011-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

Digital Photograph Security: What Plastic Surgeons Need to Know.

PubMed

Thomas, Virginia A; Rugeley, Patricia B; Lau, Frank H

2015-11-01

Sharing and storing digital patient photographs occur daily in plastic surgery. Two major risks associated with the practice, data theft and Health Insurance Portability and Accountability Act (HIPAA) violations, have been dramatically amplified by high-speed data connections and digital camera ubiquity. The authors review what plastic surgeons need to know to mitigate those risks and provide recommendations for implementing an ideal, HIPAA-compliant solution for plastic surgeons' digital photography needs: smartphones and cloud storage. Through informal discussions with plastic surgeons, the authors identified the most common photograph sharing and storage methods. For each method, a literature search was performed to identify the risks of data theft and HIPAA violations. HIPAA violation risks were confirmed by the second author (P.B.R.), a compliance liaison and privacy officer. A comprehensive review of HIPAA-compliant cloud storage services was performed. When possible, informal interviews with cloud storage services representatives were conducted. The most common sharing and storage methods are not HIPAA compliant, and several are prone to data theft. The authors' review of cloud storage services identified six HIPAA-compliant vendors that have strong to excellent security protocols and policies. These options are reasonably priced. Digital photography and technological advances offer major benefits to plastic surgeons but are not without risks. A proper understanding of data security and HIPAA regulations needs to be applied to these technologies to safely capture their benefits. Cloud storage services offer efficient photograph sharing and storage with layers of security to ensure HIPAA compliance and mitigate data theft risk.

Examining Cybersecurity of Cyberphysical Systems for Critical Infrastructures Through Work Domain Analysis.

PubMed

Wang, Hao; Lau, Nathan; Gerdes, Ryan M

2018-04-01

The aim of this study was to apply work domain analysis for cybersecurity assessment and design of supervisory control and data acquisition (SCADA) systems. Adoption of information and communication technology in cyberphysical systems (CPSs) for critical infrastructures enables automated and distributed control but introduces cybersecurity risk. Many CPSs employ SCADA industrial control systems that have become the target of cyberattacks, which inflict physical damage without use of force. Given that absolute security is not feasible for complex systems, cyberintrusions that introduce unanticipated events will occur; a proper response will in turn require human adaptive ability. Therefore, analysis techniques that can support security assessment and human factors engineering are invaluable for defending CPSs. We conducted work domain analysis using the abstraction hierarchy (AH) to model a generic SCADA implementation to identify the functional structures and means-ends relations. We then adopted a case study approach examining the Stuxnet cyberattack by developing and integrating AHs for the uranium enrichment process, SCADA implementation, and malware to investigate the interactions between the three aspects of cybersecurity in CPSs. The AHs for modeling a generic SCADA implementation and studying the Stuxnet cyberattack are useful for mapping attack vectors, identifying deficiencies in security processes and features, and evaluating proposed security solutions with respect to system objectives. Work domain analysis is an effective analytical method for studying cybersecurity of CPSs for critical infrastructures in a psychologically relevant manner. Work domain analysis should be applied to assess cybersecurity risk and inform engineering and user interface design.

10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Information and Restricted Data. 95.35 Section 95.35 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a...

Approach to estimation of level of information security at enterprise based on genetic algorithm

NASA Astrophysics Data System (ADS)

V, Stepanov L.; V, Parinov A.; P, Korotkikh L.; S, Koltsov A.

2018-05-01

In the article, the way of formalization of different types of threats of information security and vulnerabilities of an information system of the enterprise and establishment is considered. In a type of complexity of ensuring information security of application of any new organized system, the concept and decisions in the sphere of information security are expedient. One of such approaches is the method of a genetic algorithm. For the enterprises of any fields of activity, the question of complex estimation of the level of security of information systems taking into account the quantitative and qualitative factors characterizing components of information security is relevant.

17 CFR 249.1001 - Form SIP, for application for registration as a securities information processor or to amend such...

Code of Federal Regulations, 2011 CFR

2011-04-01

... registration as a securities information processor or to amend such an application or registration. 249.1001..., SECURITIES EXCHANGE ACT OF 1934 Form for Registration of, and Reporting by Securities Information Processors § 249.1001 Form SIP, for application for registration as a securities information processor or to amend...

17 CFR 249.1001 - Form SIP, for application for registration as a securities information processor or to amend such...

Code of Federal Regulations, 2010 CFR

2010-04-01

... registration as a securities information processor or to amend such an application or registration. 249.1001..., SECURITIES EXCHANGE ACT OF 1934 Form for Registration of, and Reporting by Securities Information Processors § 249.1001 Form SIP, for application for registration as a securities information processor or to amend...

Assessing Children's Emotional Security in the Interparental Relationship: The Security in the Interparental Subsystem Scales.

ERIC Educational Resources Information Center

Davies, Patrick T.; Forman, Evan M.; Rasi, Jennifer A.; Stevens, Kristopher I.

2002-01-01

Evaluated new self-report measure assessing children's strategies for preserving emotional security in context of interparental conflict. Factor analyses of the Security in the Interparental Subsystem (SIS) Scale supported a 7-factor solution. The SIS demonstrated satisfactory internal consistency and test-retest reliability. Support for test…

Hypervisors as a Foothold for Personal Computer Security: An Agenda for the Research Community

DTIC Science & Technology

2012-01-13

unintrusive solutions that boost security. For example, gamers are even buying hardware tokens to protect their World of Warcraft accounts [5]. Build...security technology. http://www. vmware.com/technology/security/vmsafe.html. [4] VNC. http://en.wikipedia.org/wiki/VNC. [5] World of warcraft to sell

Securing medical research: a cybersecurity point of view.

PubMed

Schneier, Bruce

2012-06-22

The problem of securing biological research data is a difficult and complicated one. Our ability to secure data on computers is not robust enough to ensure the security of existing data sets. Lessons from cryptography illustrate that neither secrecy measures, such as deleting technical details, nor national solutions, such as export controls, will work.

46 CFR 503.52 - Senior agency official.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 46 Shipping 9 2011-10-01 2011-10-01 false Senior agency official. 503.52 Section 503.52 Shipping FEDERAL MARITIME COMMISSION GENERAL AND ADMINISTRATIVE PROVISIONS PUBLIC INFORMATION Information Security...'s information security program, which includes oversight (self-inspection) and security information...

The national e-medication approaches in Germany, Switzerland and Austria: A structured comparison.

PubMed

Gall, Walter; Aly, Amin-Farid; Sojer, Reinhold; Spahni, Stéphane; Ammenwerth, Elske

2016-09-01

Recent studies show that many patients are harmed due to missing or erroneous information on prescribed and taken medication. Many countries are thus introducing eHealth solutions to improve the availability of this medication information on a national scale (often called "e-medication"). The objective of this study is to analyse and compare the national e-medication solutions just being introduced in Germany, Switzerland and Austria. Information on the situation in the three countries was collected within an expert group and complemented by an analysis of recent literature and legislation in each country. All three countries formulate comparable goals for the national eHealth solutions, focusing on improving medication safety. All three countries do not have a national e-prescription system. In all three countries, the implementation process was slower than expected and e-medication is not yet fully available. Differences of the three countries exist regarding chosen architectures, used standards, offered functionalities, and degree of voluntariness of participation. Nationwide e-medication systems and cross-border harmonization are acknowledged as important goals towards medication safety, but they develop slowly mainly due to privacy and security requirements, the need for law amendments and last but not least political interests. Copyright © 2016 Elsevier Ireland Ltd. All rights reserved.

75 FR 10507 - Information Security Oversight Office; National Industrial Security Program Policy Advisory...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-08

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office; National Industrial Security Program Policy Advisory Committee (NISPPAC) AGENCY: National Archives and Records... individuals planning to attend must be submitted to the Information Security Oversight Office (ISOO) no later...

The design of the automated control system for warehouse equipment under radio-electronic manufacturing

NASA Astrophysics Data System (ADS)

Kapulin, D. V.; Chemidov, I. V.; Kazantsev, M. A.

2017-01-01

In the paper, the aspects of design, development and implementation of the automated control system for warehousing under the manufacturing process of the radio-electronic enterprise JSC «Radiosvyaz» are discussed. The architecture of the automated control system for warehousing proposed in the paper consists of a server which is connected to the physically separated information networks: the network with a database server, which stores information about the orders for picking, and the network with the automated storage and retrieval system. This principle allows implementing the requirements for differentiation of access, ensuring the information safety and security requirements. Also, the efficiency of the developed automated solutions in terms of optimizing the warehouse’s logistic characteristics is researched.

KSC-2014-3508

NASA Image and Video Library

2014-08-13

CAPE CANAVERAL, Fla. – A lightning strike sparks a brush fire near Headquarters Building in the Industrial Area of NASA’s Kennedy Space Center in Florida. The space center is nestled on the Merritt Island National Wildlife Refuge, which is managed by the U.S. Fish and Wildlife Service. Chenega Security & Support Solutions is responsible for Kennedy's Fire Rescue Department. For information on the refuge, visit http://www.fws.gov/merrittisland/Index.html. For more on Kennedy Space Center, visit http://www.nasa.gov/kennedy. Photo credit: NASA/Ben Smegelsky

Semantically Enriched Data Access Policies in eHealth.

PubMed

Drozdowicz, Michał; Ganzha, Maria; Paprzycki, Marcin

2016-11-01

Internet of Things (IoT) requires novel solutions to facilitate autonomous, though controlled, resource access. Access policies have to facilitate interactions between heterogeneous entities (devices and humans). Here, we focus our attention on access control in eHealth. We propose an approach based on enriching policies, based on well-known and widely-used eXtensible Access Control Markup Language, with semantics. In the paper we describe an implementation of a Policy Information Point integrated with the HL7 Security and Privacy Ontology.

Data privacy preservation in telemedicine: the PAIRSE project.

PubMed

Nageba, Ebrahim; Defude, Bruno; Morvan, Franck; Ghedira, Chirine; Fayn, Jocelyne

2011-01-01

The preservation of medical data privacy and confidentiality is a major challenge in eHealth systems and applications. A technological solution based on advanced information and communication systems architectures is needed in order to retrieve and exchange the patient's data in a secure and reliable manner. In this paper, we introduce the project PAIRSE, Preserving Privacy in Peer to Peer (P2P) environments, which proposes an original web service oriented framework preserving the privacy and confidentiality of shared or exchanged medical data.

Secure E-Mail Communication across Company Boundaries Experiences and Architectures

NASA Astrophysics Data System (ADS)

Wichmann, Markus; von der Heidt, Guido; Hille, Carsten; Jacobson, Gunnar

The important role of e-mail in business communication demands a protection of the transmitted information, not only within one company, but in particular across company borders. E-mail encryption using digital certificates provides means to fulfill this demand. The article discusses the obstacles organizations are faced with during the set up and operation of e-mail encryption between companies. Based on the case study of Siemens, experiences made as well as organizational and infrastructural solutions are outlined.

PASSIM--an open source software system for managing information in biomedical studies.

PubMed

Viksna, Juris; Celms, Edgars; Opmanis, Martins; Podnieks, Karlis; Rucevskis, Peteris; Zarins, Andris; Barrett, Amy; Neogi, Sudeshna Guha; Krestyaninova, Maria; McCarthy, Mark I; Brazma, Alvis; Sarkans, Ugis

2007-02-09

One of the crucial aspects of day-to-day laboratory information management is collection, storage and retrieval of information about research subjects and biomedical samples. An efficient link between sample data and experiment results is absolutely imperative for a successful outcome of a biomedical study. Currently available software solutions are largely limited to large-scale, expensive commercial Laboratory Information Management Systems (LIMS). Acquiring such LIMS indeed can bring laboratory information management to a higher level, but often implies sufficient investment of time, effort and funds, which are not always available. There is a clear need for lightweight open source systems for patient and sample information management. We present a web-based tool for submission, management and retrieval of sample and research subject data. The system secures confidentiality by separating anonymized sample information from individuals' records. It is simple and generic, and can be customised for various biomedical studies. Information can be both entered and accessed using the same web interface. User groups and their privileges can be defined. The system is open-source and is supplied with an on-line tutorial and necessary documentation. It has proven to be successful in a large international collaborative project. The presented system closes the gap between the need and the availability of lightweight software solutions for managing information in biomedical studies involving human research subjects.

Nanotechnology and MEMS-based systems for civil infrastructure safety and security: Opportunities and challenges

NASA Astrophysics Data System (ADS)

Robinson, Nidia; Saafi, Mohamed

2006-03-01

Critical civil infrastructure systems such as bridges, high rises, dams, nuclear power plants and pipelines present a major investment and the health of the United States' economy and the lifestyle of its citizens both depend on their safety and security. The challenge for engineers is to maintain the safety and security of these large structures in the face of terrorism threats, natural disasters and long-term deterioration, as well as to meet the demands of emergency response times. With the significant negative impact that these threats can have on the structural environment, health monitoring of civil infrastructure holds promise as a way to provide information for near real-time condition assessment of the structure's safety and security. This information can be used to assess the integrity of the structure for post-earthquake and terrorist attacks rescue and recovery, and to safely and rapidly remove the debris and to temporary shore specific structural elements. This information can also be used for identification of incipient damage in structures experiencing long-term deterioration. However, one of the major obstacles preventing sensor-based monitoring is the lack of reliable, easy-to-install, cost-effective and harsh environment resistant sensors that can be densely embedded into large-scale civil infrastructure systems. Nanotechnology and MEMS-based systems which have matured in recent years represent an innovative solution to current damage detection systems, leading to wireless, inexpensive, durable, compact, and high-density information collection. In this paper, ongoing research activities at Alabama A&M University (AAMU) Center for Transportation Infrastructure Safety and Security on the application of nanotechnology and MEMS to Civil Infrastructure for health monitoring will presented. To date, research showed that nanotechnology and MEMS-based systems can be used to wirelessly detect and monitor different damage mechanisms in concrete structures as well as monitor critical structures' stability during floods and barge impact. However, some technical issues that needs to be addressed before full implementation of these new systems and will also be discussed in this paper.

6 CFR 7.27 - Declassification and downgrading.

Code of Federal Regulations, 2010 CFR

2010-01-01

... SECURITY INFORMATION Classified Information § 7.27 Declassification and downgrading. (a) Classified... Security Officer. (b) Information shall be declassified or downgraded by the official who authorized the... Secretary of Homeland Security or the Chief Security Officer. (c) It is presumed that information that...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2013 CFR

2013-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2013-01-01 2013-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

5 CFR 930.301 - Information systems security awareness training program.

Code of Federal Regulations, 2014 CFR

2014-01-01

....g., system and network administrators, and system/application security officers) must receive... 5 Administrative Personnel 2 2014-01-01 2014-01-01 false Information systems security awareness... (MISCELLANEOUS) Information Security Responsibilities for Employees who Manage or Use Federal Information Systems...

78 FR 26057 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline Corporate Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-03

... Information Collection Activity Under OMB Review: Pipeline Corporate Security Review AGENCY: Transportation.... Information Collection Requirement Title: Pipeline Corporate Security Review (PCSR). Type of Request... current industry security practices through its Pipeline Corporate Security Review (PCSR) program. The...

Information Security Management (ISM)

NASA Astrophysics Data System (ADS)

Šalgovičová, Jarmila; Prajová, Vanessa

2012-12-01

Currently, all organizations have to tackle the issue of information security. The paper deals with various aspects of Information Security Management (ISM), including procedures, processes, organizational structures, policies and control processes. Introduction of Information Security Management should be a strategic decision. The concept and implementation of Information Security Management in an organization are determined by the corporate needs and objectives, security requirements, the processes deployed as well as the size and structure of the organization. The implementation of ISM should be carried out to the extent consistent with the needs of the organization.

Information security of power enterprises of North-Arctic region

NASA Astrophysics Data System (ADS)

Sushko, O. P.

2018-05-01

The role of information technologies in providing technological security for energy enterprises is a component of the economic security for the northern Arctic region in general. Applying instruments and methods of information protection modelling of the energy enterprises' business process in the northern Arctic region (such as Arkhenergo and Komienergo), the authors analysed and identified most frequent risks of information security. With the analytic hierarchy process based on weighting factor estimations, information risks of energy enterprises' technological processes were ranked. The economic estimation of the information security within an energy enterprise considers weighting factor-adjusted variables (risks). Investments in information security systems of energy enterprises in the northern Arctic region are related to necessary security elements installation; current operating expenses on business process protection systems become materialized economic damage.

Implementing Security Sector Reform

DTIC Science & Technology

2008-12-04

ownership and genuine reform. His experience in Diyala Province indicated that the most effective means of pursuing transition and transformation among...that I have no solution to the security situation in Afghanistan, or to the questions of violence, crime, insurrection, or militias vs . army vs ...than to merge those interests into a greater whole. Franchising of problems or solutions is often the result. In Afghanistan, problems and

Sustainable Development--Education, Business and Management--Architecture and Building Construction--Agriculture and Food Security

ERIC Educational Resources Information Center

Ghenai, Chaouki, Ed.

2012-01-01

Securing the future of the human race will require an improved understanding of the environment as well as of technological solutions, mindsets and behaviors in line with modes of development that the ecosphere of our planet can support. Some experts see the only solution in a global deflation of the currently unsustainable exploitation of…

Climate Change and Poor Water Resource Management Will Have Serious Security Implications in the Balkan Peninsula

DTIC Science & Technology

2015-06-12

develop in the following order: Water Security, Rivers, Agreements, Population, Water Resource Management, Deforestation, History , Threats , and Climate...and political stability. To achieve peace , solutions can be developed through the use of international institutions, signing agreements...influences population, economy, energy, peace , and political stability. Achieveing peaceful solutions must come through the use of international

Disaster at a University: A Case Study in Information Security

ERIC Educational Resources Information Center

Ayyagari, Ramakrishna; Tyks, Jonathan

2012-01-01

Security and disaster training is identified as a top Information Technology (IT) required skill that needs to be taught in Information Systems (IS) curriculums. Accordingly, information security and privacy have become core concepts in information system education. Providing IT security on a shoestring budget is always difficult and many small…

Using Swarming Agents for Scalable Security in Large Network Environments

DOE Office of Scientific and Technical Information (OSTI.GOV)

Crouse, Michael; White, Jacob L.; Fulp, Errin W.

2011-09-23

The difficulty of securing computer infrastructures increases as they grow in size and complexity. Network-based security solutions such as IDS and firewalls cannot scale because of exponentially increasing computational costs inherent in detecting the rapidly growing number of threat signatures. Hostbased solutions like virus scanners and IDS suffer similar issues, and these are compounded when enterprises try to monitor these in a centralized manner. Swarm-based autonomous agent systems like digital ants and artificial immune systems can provide a scalable security solution for large network environments. The digital ants approach offers a biologically inspired design where each ant in the virtualmore » colony can detect atoms of evidence that may help identify a possible threat. By assembling the atomic evidences from different ant types the colony may detect the threat. This decentralized approach can require, on average, fewer computational resources than traditional centralized solutions; however there are limits to its scalability. This paper describes how dividing a large infrastructure into smaller managed enclaves allows the digital ant framework to effectively operate in larger environments. Experimental results will show that using smaller enclaves allows for more consistent distribution of agents and results in faster response times.« less

A study of IEEE 802.15.4 security framework for wireless body area networks.

PubMed

Saleem, Shahnaz; Ullah, Sana; Kwak, Kyung Sup

2011-01-01

A Wireless Body Area Network (WBAN) is a collection of low-power and lightweight wireless sensor nodes that are used to monitor the human body functions and the surrounding environment. It supports a number of innovative and interesting applications, including ubiquitous healthcare and Consumer Electronics (CE) applications. Since WBAN nodes are used to collect sensitive (life-critical) information and may operate in hostile environments, they require strict security mechanisms to prevent malicious interaction with the system. In this paper, we first highlight major security requirements and Denial of Service (DoS) attacks in WBAN at Physical, Medium Access Control (MAC), Network, and Transport layers. Then we discuss the IEEE 802.15.4 security framework and identify the security vulnerabilities and major attacks in the context of WBAN. Different types of attacks on the Contention Access Period (CAP) and Contention Free Period (CFP) parts of the superframe are analyzed and discussed. It is observed that a smart attacker can successfully corrupt an increasing number of GTS slots in the CFP period and can considerably affect the Quality of Service (QoS) in WBAN (since most of the data is carried in CFP period). As we increase the number of smart attackers the corrupted GTS slots are eventually increased, which prevents the legitimate nodes to utilize the bandwidth efficiently. This means that the direct adaptation of IEEE 802.15.4 security framework for WBAN is not totally secure for certain WBAN applications. New solutions are required to integrate high level security in WBAN.

A Study of IEEE 802.15.4 Security Framework for Wireless Body Area Networks

PubMed Central

Saleem, Shahnaz; Ullah, Sana; Kwak, Kyung Sup

2011-01-01

A Wireless Body Area Network (WBAN) is a collection of low-power and lightweight wireless sensor nodes that are used to monitor the human body functions and the surrounding environment. It supports a number of innovative and interesting applications, including ubiquitous healthcare and Consumer Electronics (CE) applications. Since WBAN nodes are used to collect sensitive (life-critical) information and may operate in hostile environments, they require strict security mechanisms to prevent malicious interaction with the system. In this paper, we first highlight major security requirements and Denial of Service (DoS) attacks in WBAN at Physical, Medium Access Control (MAC), Network, and Transport layers. Then we discuss the IEEE 802.15.4 security framework and identify the security vulnerabilities and major attacks in the context of WBAN. Different types of attacks on the Contention Access Period (CAP) and Contention Free Period (CFP) parts of the superframe are analyzed and discussed. It is observed that a smart attacker can successfully corrupt an increasing number of GTS slots in the CFP period and can considerably affect the Quality of Service (QoS) in WBAN (since most of the data is carried in CFP period). As we increase the number of smart attackers the corrupted GTS slots are eventually increased, which prevents the legitimate nodes to utilize the bandwidth efficiently. This means that the direct adaptation of IEEE 802.15.4 security framework for WBAN is not totally secure for certain WBAN applications. New solutions are required to integrate high level security in WBAN. PMID:22319358

European security framework for healthcare.

PubMed

Ruotsalainen, Pekka; Pohjonen, Hanna

2003-01-01

eHealth and telemedicine services are promising business areas in Europe. It is clear that eHealth products and services will be sold and ordered from a distance and over national borderlines in the future. However, there are many barriers to overcome. For both national and pan-European eHealth and telemedicine applications a common security framework is needed. These frameworks set security requirements needed for cross-border eHealth services. The next step is to build a security infrastructure which is independent of technical platforms. Most of the European eHealth platforms are regional or territorial. Some countries are looking for a Public Key Infrastructure, but no large scale solutions do exist in healthcare. There is no clear candidate solution for European-wide interoperable eHealth platform. Gross-platform integration seems to be the most practical integration method at a European level in the short run. The use of Internet as a European integration platform is a promising solution in the long run.

6 CFR 7.12 - Violations of classified information requirements.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Violations of classified information requirements. 7.12 Section 7.12 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED NATIONAL SECURITY INFORMATION Administration § 7.12 Violations of classified information...

78 FR 77484 - Extension of Agency Information Collection Activity Under OMB Review: Pipeline System Operator...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-23

... Federal agency for pipeline security, it is important for TSA to have contact information for company... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Extension of Agency Information Collection Activity Under OMB Review: Pipeline System Operator Security Information AGENCY...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 1 2011-07-01 2011-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

32 CFR 154.42 - Evaluation of personnel security information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 1 2010-07-01 2010-07-01 false Evaluation of personnel security information... SECURITY DEPARTMENT OF DEFENSE PERSONNEL SECURITY PROGRAM REGULATION Adjudication § 154.42 Evaluation of personnel security information. (a) The criteria and adjudicative policy to be used in applying the...

75 FR 38595 - Guidance to States Regarding Driver History Record Information Security, Continuity of Operation...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-02

... Standards and Technology's (NIST) Computer Security Division maintains a Computer Security Resource Center... Regarding Driver History Record Information Security, Continuity of Operation Planning, and Disaster... (SDLAs) to support their efforts at maintaining the security of information contained in the driver...

14 CFR 1203.409 - Exceptional cases.

Code of Federal Regulations, 2010 CFR

2010-01-01

....409 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM... Information Security Program Committee, Security Division, Washington, DC 20546 for a classification..., to the Director, Information Security Oversight Office, GSA, for a determination. ...

The ISACA Business Model for Information Security: An Integrative and Innovative Approach

NASA Astrophysics Data System (ADS)

von Roessing, Rolf

In recent years, information security management has matured into a professional discipline that covers both technical and managerial aspects in an organisational environment. Information security is increasingly dependent on business-driven parameters and interfaces to a variety of organisational units and departments. In contrast, common security models and frameworks have remained largely technical. A review of extant models ranging from [LaBe73] to more recent models shows that technical aspects are covered in great detail, while the managerial aspects of security are often neglected.Likewise, the business view on organisational security is frequently at odds with the demands of information security personnel or information technology management. In practice, senior and executive level management remain comparatively distant from technical requirements. As a result, information security is generally regarded as a cost factor rather than a benefit to the organisation.

Advancing the science of forensic data management

NASA Astrophysics Data System (ADS)

Naughton, Timothy S.

2002-07-01

Many individual elements comprise a typical forensics process. Collecting evidence, analyzing it, and using results to draw conclusions are all mutually distinct endeavors. Different physical locations and personnel are involved, juxtaposed against an acute need for security and data integrity. Using digital technologies and the Internet's ubiquity, these diverse elements can be conjoined using digital data as the common element. This result is a new data management process that can be applied to serve all elements of the community. The first step is recognition of a forensics lifecycle. Evidence gathering, analysis, storage, and use in legal proceedings are actually just distinct parts of a single end-to-end process, and thus, it is hypothesized that a single data system that can also accommodate each constituent phase using common network and security protocols. This paper introduces the idea of web-based Central Data Repository. Its cornerstone is anywhere, anytime Internet upload, viewing, and report distribution. Archives exist indefinitely after being created, and high-strength security and encryption protect data and ensure subsequent case file additions do not violate chain-of-custody or other handling provisions. Several legal precedents have been established for using digital information in courts of law, and in fact, effective prosecution of cyber crimes absolutely relies on its use. An example is a US Department of Agriculture division's use of digital images to back up its inspection process, with pictures and information retained on secure servers to enforce the Perishable Agricultural Commodities Act. Forensics is a cumulative process. Secure, web-based data management solutions, such as the Central Data Repository postulated here, can support each process step. Logically marrying digital technologies with Internet accessibility should help nurture a thought process to explore alternatives that make forensics data accessible to authorized individuals, whenever and wherever they need it.

Secure data sharing in public cloud

NASA Astrophysics Data System (ADS)

Venkataramana, Kanaparti; Naveen Kumar, R.; Tatekalva, Sandhya; Padmavathamma, M.

2012-04-01

Secure multi-party protocols have been proposed for entities (organizations or individuals) that don't fully trust each other to share sensitive information. Many types of entities need to collect, analyze, and disseminate data rapidly and accurately, without exposing sensitive information to unauthorized or untrusted parties. Solutions based on secure multiparty computation guarantee privacy and correctness, at an extra communication (too costly in communication to be practical) and computation cost. The high overhead motivates us to extend this SMC to cloud environment which provides large computation and communication capacity which makes SMC to be used between multiple clouds (i.e., it may between private or public or hybrid clouds).Cloud may encompass many high capacity servers which acts as a hosts which participate in computation (IaaS and PaaS) for final result, which is controlled by Cloud Trusted Authority (CTA) for secret sharing within the cloud. The communication between two clouds is controlled by High Level Trusted Authority (HLTA) which is one of the hosts in a cloud which provides MgaaS (Management as a Service). Due to high risk for security in clouds, HLTA generates and distributes public keys and private keys by using Carmichael-R-Prime- RSA algorithm for exchange of private data in SMC between itself and clouds. In cloud, CTA creates Group key for Secure communication between the hosts in cloud based on keys sent by HLTA for exchange of Intermediate values and shares for computation of final result. Since this scheme is extended to be used in clouds( due to high availability and scalability to increase computation power) it is possible to implement SMC practically for privacy preserving in data mining at low cost for the clients.

Integrating Fingerprint Verification into the Smart Card-Based Healthcare Information System

NASA Astrophysics Data System (ADS)

Moon, Daesung; Chung, Yongwha; Pan, Sung Bum; Park, Jin-Won

2009-12-01

As VLSI technology has been improved, a smart card employing 32-bit processors has been released, and more personal information such as medical, financial data can be stored in the card. Thus, it becomes important to protect personal information stored in the card. Verification of the card holder's identity using a fingerprint has advantages over the present practices of Personal Identification Numbers (PINs) and passwords. However, the computational workload of fingerprint verification is much heavier than that of the typical PIN-based solution. In this paper, we consider three strategies to implement fingerprint verification in a smart card environment and how to distribute the modules of fingerprint verification between the smart card and the card reader. We first evaluate the number of instructions of each step of a typical fingerprint verification algorithm, and estimate the execution time of several cryptographic algorithms to guarantee the security/privacy of the fingerprint data transmitted in the smart card with the client-server environment. Based on the evaluation results, we analyze each scenario with respect to the security level and the real-time execution requirements in order to implement fingerprint verification in the smart card with the client-server environment.

Secure quantum signatures: a practical quantum technology (Conference Presentation)

NASA Astrophysics Data System (ADS)

Andersson, Erika

2016-10-01

Modern cryptography encompasses much more than encryption of secret messages. Signature schemes are widely used to guarantee that messages cannot be forged or tampered with, for example in e-mail, software updates and electronic commerce. Messages are also transferrable, which distinguishes digital signatures from message authentication. Transferability means that messages can be forwarded; in other words, that a sender is unlikely to be able to make one recipient accept a message which is subsequently rejected by another recipient if the message is forwarded. Similar to public-key encryption, the security of commonly used signature schemes relies on the assumed computational difficulty of problems such as finding discrete logarithms or factoring large primes. With quantum computers, such assumptions would no longer be valid. Partly for this reason, it is desirable to develop signature schemes with unconditional or information-theoretic security. Quantum signature schemes are one possible solution. Similar to quantum key distribution (QKD), their unconditional security relies only on the laws of quantum mechanics. Quantum signatures can be realized with the same system components as QKD, but are so far less investigated. This talk aims to provide an introduction to quantum signatures and to review theoretical and experimental progress so far.

Analysis of using interpulse intervals to generate 128-bit biometric random binary sequences for securing wireless body sensor networks.

PubMed

Zhang, Guang-He; Poon, Carmen C Y; Zhang, Yuan-Ting

2012-01-01

Wireless body sensor network (WBSN), a key building block for m-Health, demands extremely stringent resource constraints and thus lightweight security methods are preferred. To minimize resource consumption, utilizing information already available to a WBSN, particularly common to different sensor nodes of a WBSN, for security purposes becomes an attractive solution. In this paper, we tested the randomness and distinctiveness of the 128-bit biometric binary sequences (BSs) generated from interpulse intervals (IPIs) of 20 healthy subjects as well as 30 patients suffered from myocardial infarction and 34 subjects with other cardiovascular diseases. The encoding time of a biometric BS on a WBSN node is on average 23 ms and memory occupation is 204 bytes for any given IPI sequence. The results from five U.S. National Institute of Standards and Technology statistical tests suggest that random biometric BSs can be generated from both healthy subjects and cardiovascular patients and can potentially be used as authentication identifiers for securing WBSNs. Ultimately, it is preferred that these biometric BSs can be used as encryption keys such that key distribution over the WBSN can be avoided.

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2014 CFR

2014-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2011 CFR

2011-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2012 CFR

2012-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1542.303 - Security Directives and Information Circulars.

Code of Federal Regulations, 2013 CFR

2013-10-01

...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY... Information Circular to notify airport operators of security concerns. When TSA determines that additional... aviation, TSA issues a Security Directive setting forth mandatory measures. (b) Each airport operator must...

49 CFR 1549.109 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SCREENING PROGRAM Operations § 1549.109 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify certified cargo screening facilities of security concerns. (b) When TSA...

49 CFR 1544.305 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SECURITY: AIR CARRIERS AND COMMERCIAL OPERATORS Threat and Threat Response § 1544.305 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify aircraft operators of...

36 CFR 1256.70 - What controls access to national security-classified information?

Code of Federal Regulations, 2010 CFR

2010-07-01

... national security-classified information? 1256.70 Section 1256.70 Parks, Forests, and Public Property... HISTORICAL MATERIALS Access to Materials Containing National Security-Classified Information § 1256.70 What controls access to national security-classified information? (a) The declassification of and public access...

Hazardous material transportation safety and security field operational test final detailed test plans : executive summary

DOT National Transportation Integrated Search

2003-09-16

The objective of this Hazardous Material (HazMat) Transportation Safety and Security Field Operational Test (FOT) Final Detailed Test Plans evaluation is to measure the impact of technology solutions on the safety, security, and operational efficienc...

Finland’s Security Solution in the Future

DTIC Science & Technology

2013-03-01

important for foreign and security policies. This part of the world is becoming increasingly important for transport, natural resources and tourism . The...julkaisu/fi.jsp?oid=373066 (accessed December 22, 2012, only in Finnish). 6 Finnish Goverment Communication Department, “Government Security and

School Security Technologies

ERIC Educational Resources Information Center

Schneider, Tod

2010-01-01

Over the past decade electronic security technology has evolved from an exotic possibility into an essential safety consideration. Before resorting to high-tech security solutions, school officials should think carefully about the potential for unintended consequences. Technological fixes may be mismatched to the problems being addressed. They can…

Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hadley, Mark D.; Clements, Samuel L.

2009-01-01

Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets aremore » considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.« less

A Low Cost Key Agreement Protocol Based on Binary Tree for EPCglobal Class 1 Generation 2 RFID Protocol

NASA Astrophysics Data System (ADS)

Jeng, Albert; Chang, Li-Chung; Chen, Sheng-Hui

There are many protocols proposed for protecting Radio Frequency Identification (RFID) system privacy and security. A number of these protocols are designed for protecting long-term security of RFID system using symmetric key or public key cryptosystem. Others are designed for protecting user anonymity and privacy. In practice, the use of RFID technology often has a short lifespan, such as commodity check out, supply chain management and so on. Furthermore, we know that designing a long-term security architecture to protect the security and privacy of RFID tags information requires a thorough consideration from many different aspects. However, any security enhancement on RFID technology will jack up its cost which may be detrimental to its widespread deployment. Due to the severe constraints of RFID tag resources (e. g., power source, computing power, communication bandwidth) and open air communication nature of RFID usage, it is a great challenge to secure a typical RFID system. For example, computational heavy public key and symmetric key cryptography algorithms (e. g., RSA and AES) may not be suitable or over-killed to protect RFID security or privacy. These factors motivate us to research an efficient and cost effective solution for RFID security and privacy protection. In this paper, we propose a new effective generic binary tree based key agreement protocol (called BKAP) and its variations, and show how it can be applied to secure the low cost and resource constraint RFID system. This BKAP is not a general purpose key agreement protocol rather it is a special purpose protocol to protect privacy, un-traceability and anonymity in a single RFID closed system domain.

Obfuscatable multi-recipient re-encryption for secure privacy-preserving personal health record services.

PubMed

Shi, Yang; Fan, Hongfei; Xiong, Guoyue

2015-01-01

With the rapid development of cloud computing techniques, it is attractive for personal health record (PHR) service providers to deploy their PHR applications and store the personal health data in the cloud. However, there could be a serious privacy leakage if the cloud-based system is intruded by attackers, which makes it necessary for the PHR service provider to encrypt all patients' health data on cloud servers. Existing techniques are insufficiently secure under circumstances where advanced threats are considered, or being inefficient when many recipients are involved. Therefore, the objectives of our solution are (1) providing a secure implementation of re-encryption in white-box attack contexts and (2) assuring the efficiency of the implementation even in multi-recipient cases. We designed the multi-recipient re-encryption functionality by randomness-reusing and protecting the implementation by obfuscation. The proposed solution is secure even in white-box attack contexts. Furthermore, a comparison with other related work shows that the computational cost of the proposed solution is lower. The proposed technique can serve as a building block for supporting secure, efficient and privacy-preserving personal health record service systems.

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.911 Admissibility of restricted data or other national security information. A presiding officer shall not receive any Restricted Data...

10 CFR 2.903 - Protection of restricted data and national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Restricted Data and/or National Security Information § 2.903 Protection of restricted data and national security information. Nothing in this subpart shall relieve any person from safeguarding Restricted Data or National Security Information in accordance with the applicable provisions of laws of the United States and...

Examining the Relationship between Organization Systems and Information Security Awareness

ERIC Educational Resources Information Center

Tintamusik, Yanarong

2010-01-01

The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets,…

Information Sharing for IT Security Professionals

ERIC Educational Resources Information Center

Petersen, Rodney J.

2008-01-01

Information sharing is a core value for information technology (IT) security professionals. It is also a familiar concept for those who work at institutions of higher education because of their long history of collaboration and openness. Information sharing has become part of the national fabric as IT security professionals attempt to secure cyber…

10 CFR 2.911 - Admissibility of restricted data or other national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... security information. 2.911 Section 2.911 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.911 Admissibility of restricted data or other national security information. A presiding officer shall not receive any Restricted Data...

12 CFR Appendix B to Part 170 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2014 CFR

2014-01-01

... Security Standards B Appendix B to Part 170 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF... Part 170—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of...

12 CFR Appendix B to Part 170 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2013 CFR

2013-01-01

... Security Standards B Appendix B to Part 170 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF... Part 170—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of...

[How to establish the hospital information system security policies].

PubMed

Gong, Qing-Yue; Shi, Cheng

2008-03-01

It is important to establish the hospital information system security policies. While these security policies are being established, a comprehensive consideration should be given to the acceptable levels of users, IT supporters and hospital managers. We should have a formal policy designing process that is consistently followed by all security policies. Reasons for establishing the security policies and their coverage and applicable objects should be stated clearly. Besides, each policy should define user's responsibilities and penalties of violation. Every organization will need some key policies, such as of information sources usage, remote access, information protection, perimeter security, and baseline host/device security. Security managing procedures are the mechanisms to enforce the policies. An incident-handling procedure is the most important security managing procedure for all organizations.

46 CFR 503.59 - Safeguarding classified information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... Information Security Program § 503.59 Safeguarding classified information. (a) All classified information... security; (2) Takes appropriate steps to protect classified information from unauthorized disclosure or... security check; (2) To protect the classified information in accordance with the provisions of Executive...

78 FR 73819 - Information Collection; Financial Information Security Request Form

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-09

... DEPARTMENT OF AGRICULTURE Forest Service Information Collection; Financial Information Security... individuals and organizations on the extension with revision of a currently approved information collection, Financial Information Security Request Form. DATES: Comments must be received in writing on or before...

How ISO/IEC 17799 can be used for base lining information assurance among entities using data mining for defense, homeland security, commercial, and other civilian/commercial domains

NASA Astrophysics Data System (ADS)

Perry, William G.

2006-04-01

One goal of database mining is to draw unique and valid perspectives from multiple data sources. Insights that are fashioned from closely-held data stores are likely to possess a high degree of reliability. The degree of information assurance comes into question, however, when external databases are accessed, combined and analyzed to form new perspectives. ISO/IEC 17799, Information technology-Security techniques-Code of practice for information security management, can be used to establish a higher level of information assurance among disparate entities using data mining in the defense, homeland security, commercial and other civilian/commercial domains. Organizations that meet ISO/IEC information security standards have identified and assessed risks, threats and vulnerabilities and have taken significant proactive steps to meet their unique security requirements. The ISO standards address twelve domains: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management and business continuity management and compliance. Analysts can be relatively confident that if organizations are ISO 17799 compliant, a high degree of information assurance is likely to be a characteristic of the data sets being used. The reverse may be true. Extracting, fusing and drawing conclusions based upon databases with a low degree of information assurance may be wrought with all of the hazards that come from knowingly using bad data to make decisions. Using ISO/IEC 17799 as a baseline for information assurance can help mitigate these risks.

78 FR 30319 - Intent to Request Renewal From OMB of One Current Public Collection of Information: Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-22

... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration [Docket No. TSA-2002-11602] Intent to Request Renewal From OMB of One Current Public Collection of Information: Security Programs for..., Transportation Security Administration, 601 South 12th Street, Arlington, VA 20598-6011. FOR FURTHER INFORMATION...

Information Security Awareness On-Line Materials Design with Knowledge Maps

ERIC Educational Resources Information Center

Shaw, Ruey-Shiang; Keh, Huan-Chao; Huang, Nan-Ching; Huang, Tien-Chuan

2011-01-01

Information Security Awareness, though known as a primary and important issue in the domain of Information Security, CSI computer crime and security survey showed poor security awareness training in public and private sectors. In many studies, the authors have found that the usage of knowledge maps helps the process of learning and conception…

Performance evaluation of secured DICOM image communication with next generation internet protocol IPv6

NASA Astrophysics Data System (ADS)

Yu, Fenghai; Zhang, Jianguo; Chen, Xiaomeng; Huang, H. K.

2005-04-01

Next Generation Internet (NGI) technology with new communication protocol IPv6 emerges as a potential solution for low-cost and high-speed networks for image data transmission. IPv6 is designed to solve many of the problems of the current version of IP (known as IPv4) with regard to address depletion, security, autoconfiguration, extensibility, and more. We choose CTN (Central Test Node) DICOM software developed by The Mallinckrodt Institute of Radiology to implement IPv6/IPv4 enabled DICOM communication software on different operating systems (Windows/Linux), and used this DICOM software to evaluate the performance of the IPv6/IPv4 enabled DICOM image communication with different security setting and environments. We compared the security communications of IPsec with SSL/TLS on different TCP/IP protocols (IPv6/IPv4), and find that there are some trade-offs to choose security solution between IPsec and SSL/TLS in the security implementation of IPv6/IPv4 communication networks.

48 CFR 339.7102 - Applicability.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7102 Applicability. Contracting Officers are responsible for ensuring that all information technology acquisitions comply with the Federal Information Security Management Act (FISMA), the HHS-OCIO Information Systems Security and Privacy...

A new security solution to JPEG using hyper-chaotic system and modified zigzag scan coding

NASA Astrophysics Data System (ADS)

Ji, Xiao-yong; Bai, Sen; Guo, Yu; Guo, Hui

2015-05-01

Though JPEG is an excellent compression standard of images, it does not provide any security performance. Thus, a security solution to JPEG was proposed in Zhang et al. (2014). But there are some flaws in Zhang's scheme and in this paper we propose a new scheme based on discrete hyper-chaotic system and modified zigzag scan coding. By shuffling the identifiers of zigzag scan encoded sequence with hyper-chaotic sequence and accurately encrypting the certain coefficients which have little relationship with the correlation of the plain image in zigzag scan encoded domain, we achieve high compression performance and robust security simultaneously. Meanwhile we present and analyze the flaws in Zhang's scheme through theoretical analysis and experimental verification, and give the comparisons between our scheme and Zhang's. Simulation results verify that our method has better performance in security and efficiency.

10 CFR 2.906 - Obligation of parties to avoid introduction of restricted data or national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... data or national security information. 2.906 Section 2.906 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.906 Obligation of parties to avoid introduction of restricted data or national security information. It is the...

22 CFR 9a.1 - Security of certain information and material related to the International Energy Program.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 22 Foreign Relations 1 2011-04-01 2011-04-01 false Security of certain information and material... GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL ENERGY PROGRAMS; RELATED MATERIAL § 9a.1 Security of certain information and material related to the International Energy Program...

10 CFR 2.913 - Review of Restricted Data or other National Security Information received in evidence.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.913 Review of Restricted Data or other National Security Information received in evidence. At the close of the reception of... National Security Information be expunged from the record where such expunction would not prejudice the...

10 CFR 2.907 - Notice of intent to introduce restricted data or national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... security information. 2.907 Section 2.907 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.907 Notice of intent to introduce restricted data or national security information. (a) If, at the time of publication of a notice...

17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

Code of Federal Regulations, 2011 CFR

2011-04-01

... information processors: form of application and amendments. 242.609 Section 242.609 Commodity and Securities....609 Registration of securities information processors: form of application and amendments. (a) An application for the registration of a securities information processor shall be filed on Form SIP (§ 249.1001...

17 CFR 140.20 - Designation of senior official to oversee Commission use of national security information.

Code of Federal Regulations, 2011 CFR

2011-04-01

... to oversee Commission use of national security information. 140.20 Section 140.20 Commodity and... safeguarding of national security information received by the Commission from other agencies, to chair a... suggestions and complaints with respect to the Commission administration of its information security program...

10 CFR 2.908 - Contents of notice of intent to introduce restricted data or other national security information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... or other national security information. 2.908 Section 2.908 Energy NUCLEAR REGULATORY COMMISSION... Applicable to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.908 Contents of notice of intent to introduce restricted data or other national security information. (a) A...

Key Factors in the Success of an Organization's Information Security Culture: A Quantitative Study and Analysis

ERIC Educational Resources Information Center

Pierce, Robert E.

2012-01-01

This research study reviewed relative literature on information security and information security culture within organizations to determine what factors potentially assist an organization in implementing, integrating, and maintaining a successful organizational information security culture. Based on this review of literature, five key factors were…

Incorporating Global Information Security and Assurance in I.S. Education

ERIC Educational Resources Information Center

White, Garry L.; Hewitt, Barbara; Kruck, S. E.

2013-01-01

Over the years, the news media has reported numerous information security incidents. Because of identity theft, terrorism, and other criminal activities, President Obama has made information security a national priority. Not only is information security and assurance an American priority, it is also a global issue. This paper discusses the…

10 CFR 2.908 - Contents of notice of intent to introduce restricted data or other national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... or other national security information. 2.908 Section 2.908 Energy NUCLEAR REGULATORY COMMISSION... Applicable to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.908 Contents of notice of intent to introduce restricted data or other national security information. (a) A...

22 CFR 9a.1 - Security of certain information and material related to the International Energy Program.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 22 Foreign Relations 1 2010-04-01 2010-04-01 false Security of certain information and material... GENERAL SECURITY INFORMATION REGULATIONS APPLICABLE TO CERTAIN INTERNATIONAL ENERGY PROGRAMS; RELATED MATERIAL § 9a.1 Security of certain information and material related to the International Energy Program...

10 CFR 2.913 - Review of Restricted Data or other National Security Information received in evidence.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.913 Review of Restricted Data or other National Security Information received in evidence. At the close of the reception of... National Security Information be expunged from the record where such expunction would not prejudice the...

10 CFR 2.906 - Obligation of parties to avoid introduction of restricted data or national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... data or national security information. 2.906 Section 2.906 Energy NUCLEAR REGULATORY COMMISSION RULES... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.906 Obligation of parties to avoid introduction of restricted data or national security information. It is the...

10 CFR 2.907 - Notice of intent to introduce restricted data or national security information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... security information. 2.907 Section 2.907 Energy NUCLEAR REGULATORY COMMISSION RULES OF PRACTICE FOR... Proceedings Involving Restricted Data and/or National Security Information § 2.907 Notice of intent to introduce restricted data or national security information. (a) If, at the time of publication of a notice...

17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

Code of Federal Regulations, 2010 CFR

2010-04-01

... information processors: form of application and amendments. 242.609 Section 242.609 Commodity and Securities....609 Registration of securities information processors: form of application and amendments. (a) An application for the registration of a securities information processor shall be filed on Form SIP (§ 249.1001...

Exploring Factors that Influence Students' Behaviors in Information Security

ERIC Educational Resources Information Center

Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary

2012-01-01

Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept of…

Access Control of Web- and Java-Based Applications

NASA Technical Reports Server (NTRS)

Tso, Kam S.; Pajevski, Michael J.

2013-01-01

Cybersecurity has become a great concern as threats of service interruption, unauthorized access, stealing and altering of information, and spreading of viruses have become more prevalent and serious. Application layer access control of applications is a critical component in the overall security solution that also includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. An access control solution, based on an open-source access manager augmented with custom software components, was developed to provide protection to both Web-based and Javabased client and server applications. The DISA Security Service (DISA-SS) provides common access control capabilities for AMMOS software applications through a set of application programming interfaces (APIs) and network- accessible security services for authentication, single sign-on, authorization checking, and authorization policy management. The OpenAM access management technology designed for Web applications can be extended to meet the needs of Java thick clients and stand alone servers that are commonly used in the JPL AMMOS environment. The DISA-SS reusable components have greatly reduced the effort for each AMMOS subsystem to develop its own access control strategy. The novelty of this work is that it leverages an open-source access management product that was designed for Webbased applications to provide access control for Java thick clients and Java standalone servers. Thick clients and standalone servers are still commonly used in businesses and government, especially for applications that require rich graphical user interfaces and high-performance visualization that cannot be met by thin clients running on Web browsers

48 CFR 339.7101 - Policy.

Code of Federal Regulations, 2010 CFR

2010-10-01

... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY Information Security Management 339.7101 Policy. HHS is responsible for implementing an information security program to ensure that its information systems and... information contained in those systems. Each system's level of security shall protect the integrity...

75 FR 1566 - National Industrial Security Program Directive No. 1

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-12

... NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office 32 CFR Part...: Information Security Oversight Office, NARA. ACTION: Proposed rule; correction. SUMMARY: This document... Management System (FDMS) number to the proposed rule for Information Security Oversight Office (ISOO...

6 CFR 7.11 - Components' responsibilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... INFORMATION Administration § 7.11 Components' responsibilities. Each DHS component shall appoint a security... security information; (b) Report violations of the provisions of this regulation to the Chief Security... component acquire adequate security education and training, as required by the DHS classified information...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2014 CFR

2014-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2013 CFR

2013-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

32 CFR 2001.50 - Telecommunications automated information systems and network security.

Code of Federal Regulations, 2012 CFR

2012-07-01

... and network security. 2001.50 Section 2001.50 National Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED... network security. Each agency head shall ensure that classified information electronically accessed...

Network security system for health and medical information using smart IC card

NASA Astrophysics Data System (ADS)

Kanai, Yoichi; Yachida, Masuyoshi; Yoshikawa, Hiroharu; Yamaguchi, Masahiro; Ohyama, Nagaaki

1998-07-01

A new network security protocol that uses smart IC cards has been designed to assure the integrity and privacy of medical information in communication over a non-secure network. Secure communication software has been implemented as a library based on this protocol, which is called the Integrated Secure Communication Layer (ISCL), and has been incorporated into information systems of the National Cancer Center Hospitals and the Health Service Center of the Tokyo Institute of Technology. Both systems have succeeded in communicating digital medical information securely.

The MANPAD Threat to Civilian Airliners

DTIC Science & Technology

2006-03-03

PAGES: 19 KEY TERMS: Homeland Security; Non-Proliferation; Airport Security CLASSIFICATION: Unclassified This paper investigates strategic approaches...technological solutions and law enforcement operations to provide a competent airport security perimeter.”18 To combat this ominous threat of MANPADS...sites for phone and computer tips should be established with access for airport security , local and federal law enforcement, as well as intelligence

Evaluating Library Security Problems and Solutions.

ERIC Educational Resources Information Center

Nicely, Chris

1993-01-01

Discusses different types of security systems for libraries and explains the differences between electromagnetic, radio-frequency, and microwave technologies. A list of questions to assist in system evaluation is provided; and preventive measures used to curtail theft and protocol for handling situations that trigger security alarms are included.…

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 7 Agriculture 14 2013-01-01 2013-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 7 Agriculture 14 2014-01-01 2014-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 7 Agriculture 14 2011-01-01 2011-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...

7 CFR 1962.14 - Account and security information in UCC cases.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 7 Agriculture 14 2012-01-01 2012-01-01 false Account and security information in UCC cases. 1962... Liquidation of Chattel Security § 1962.14 Account and security information in UCC cases. Within 2 weeks after... States, other parties, and also may lose some of its security rights. The UCC provides that the borrower...